In this first set of experiments, we examine key separation attacks, similar to those in Jolyon Clulow's 2003 CHES paper. We constrain our PKCS#11 API by repeatedly banning certain combinations of key attributes, each time obtaining a new (longer) attack. Finally we investigate some solutions involving for example the "trusted keys" mechanism, which requires that certain keys, for example wrapping and unwrapping keys, are marked as trusted by the Security Officer.
Here we analysed for the first time extensions to the standard API made by nCipher and Eracom (now SafeNet) in their HSMs. In summary, we found that both permitted secure configurations to be found, but both require careful attention to other details in order to avoid vulnerabilities. However, we were only able to examine small bounded models.
Here we analysed the Eracom version of the API using our theoretical results to draw conclusions about security for the unbounded case given model checking results for certain carefully designed bounded models. In particular, we show that the Eracom key wrapping mechanism can be used to create an API which preserves security of sensitive keys for an arbitrary number of keys, handles and command invocations. We also show that this property is not robust to the loss of a session key, and suggest a revision in order to obtain this property.
This model accounts for the fact that keys on a device are usually identified by their label. An attacker with momentary access to the key can replace a user's key with one of his own.