In this paper we describe attacks on PKCS#11 devices that we successfully mounted by interacting with the low-level APDU protocol, used to communicate with the device. They exploit proprietary implementation weaknesses which allow attackers to bypass the security enforced at the PKCS#11 level. Some of the attacks leak, as cleartext, sensitive cryptographic keys in devices that were previously considered secure.We present a new threat model for the PKCS#11 middleware and we discuss the new attacks with respect to various attackers and application configurations. All the attacks presented in this paper have been timely reported to manufacturers following a responsible disclosure process.
|Titolo:||APDU-level attacks in PKCS#11 devices|
|Autori interni:||Bozzato, Claudio|
|Data di pubblicazione:||2016|
|Serie:||LECTURE NOTES IN COMPUTER SCIENCE|
|Appare nelle tipologie:||4.1 Articolo in Atti di convegno|
File in questo prodotto:
|root.pdf||571.12 kB||Adobe PDF||Documento in Pre-print||Riservato|