In this paper we describe attacks on PKCS#11 devices that we successfully mounted by interacting with the low-level APDU protocol, used to communicate with the device. They exploit proprietary implementation weaknesses which allow attackers to bypass the security enforced at the PKCS#11 level. Some of the attacks leak, as cleartext, sensitive cryptographic keys in devices that were previously considered secure. We present a new threat model for the PKCS#11 middleware and we discuss the new attacks with respect to various attackers and application configurations. All the attacks presented in this paper have been timely reported to manufacturers following a responsible disclosure process.
|Data di pubblicazione:||2016|
|Titolo:||APDU-Level Attacks in PKCS#11 Devices|
|Titolo del libro:||19th International Symposium on Research in Attacks, Intrusions, and Defenses|
|Digital Object Identifier (DOI):||http://dx.doi.org/10.1007/978-3-319-45719-2_5|
|Appare nelle tipologie:||4.1 Articolo in Atti di convegno|
File in questo prodotto:
|root.pdf||Documento in Pre-print||Accesso chiuso-personale||Riservato|