A Formal Theory of Key Conjuring

V. Cortier; Stéphanie Delaune; G. Steel

doi:10.1109/CSF.2007.5

A Formal Theory of Key Conjuring

V. Cortier, Stéphanie Delaune, G. Steel

School of Informatics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Key conjuring is the process by which an attacker obtains an unknown, encrypted key by repeatedly calling a cryptographic API function with random values in place of keys. We propose a formalism for detecting computationally feasible key conjuring operations, incorporated into a Dolev-Yao style model of the security API. We show that security in the presence of key conjuring operations is decidable for a particular class of APIs, which includes the key management API of IBM's common cryptographic architecture (CCA).

Original language	English
Title of host publication	Computer Security Foundations Symposium, 2007. CSF '07. 20th IEEE
Publisher	Institute of Electrical and Electronics Engineers
Pages	79-96
Number of pages	18
ISBN (Print)	0-7695-2819-8
DOIs	https://doi.org/10.1109/CSF.2007.5
Publication status	Published - 2007

Access to Document

10.1109/CSF.2007.5

1 CDS csf07Submitted manuscript, 189 KB

AUTOMATED ANALYSIS OF SECURITY CRITICAL SYSTEMS
Bundy, A. & Fleuriot, J.
EPSRC
1/10/04 → 30/09/07
Project: Research

Cite this

@inproceedings{60ee2ecf1a214ecbb91840dc4aa6c1bd,

title = "A Formal Theory of Key Conjuring",

abstract = "Key conjuring is the process by which an attacker obtains an unknown, encrypted key by repeatedly calling a cryptographic API function with random values in place of keys. We propose a formalism for detecting computationally feasible key conjuring operations, incorporated into a Dolev-Yao style model of the security API. We show that security in the presence of key conjuring operations is decidable for a particular class of APIs, which includes the key management API of IBM's common cryptographic architecture (CCA).",

author = "V. Cortier and St{\'e}phanie Delaune and G. Steel",

year = "2007",

doi = "10.1109/CSF.2007.5",

language = "English",

isbn = "0-7695-2819-8",

pages = "79--96",

booktitle = "Computer Security Foundations Symposium, 2007. CSF '07. 20th IEEE",

publisher = "Institute of Electrical and Electronics Engineers",

address = "United States",

}

TY - GEN

T1 - A Formal Theory of Key Conjuring

AU - Cortier, V.

AU - Delaune, Stéphanie

AU - Steel, G.

PY - 2007

Y1 - 2007

N2 - Key conjuring is the process by which an attacker obtains an unknown, encrypted key by repeatedly calling a cryptographic API function with random values in place of keys. We propose a formalism for detecting computationally feasible key conjuring operations, incorporated into a Dolev-Yao style model of the security API. We show that security in the presence of key conjuring operations is decidable for a particular class of APIs, which includes the key management API of IBM's common cryptographic architecture (CCA).

AB - Key conjuring is the process by which an attacker obtains an unknown, encrypted key by repeatedly calling a cryptographic API function with random values in place of keys. We propose a formalism for detecting computationally feasible key conjuring operations, incorporated into a Dolev-Yao style model of the security API. We show that security in the presence of key conjuring operations is decidable for a particular class of APIs, which includes the key management API of IBM's common cryptographic architecture (CCA).

U2 - 10.1109/CSF.2007.5

DO - 10.1109/CSF.2007.5

M3 - Conference contribution

SN - 0-7695-2819-8

SP - 79

EP - 96

BT - Computer Security Foundations Symposium, 2007. CSF '07. 20th IEEE

PB - Institute of Electrical and Electronics Engineers

ER -

A Formal Theory of Key Conjuring

Abstract

Access to Document

Fingerprint

Projects

AUTOMATED ANALYSIS OF SECURITY CRITICAL SYSTEMS

Cite this