- Abstract:
-
Key conjuring is the process by which an attacker obtains an unknown, encrypted key by repeatedly calling a cryptographic API function with random values in place of keys. We propose a formalism for detecting computationally feasible key conjuring operations, incorporated into a Dolev-Yao style model of the security API. We show that security in the presence of key conjuring operations is decidable for a particular class of APIs, which includes the key management API of IBM's Common Cryptographic Architecture (CCA).
- Links To Paper
- Author's webpage
- LSV research report
- Bibtex format
- @InProceedings{EDI-INF-RR-1004,
- author = {
Veronique Cortier
and Stephanie Delaune
and Graham Steel
},
- title = {A Formal Theory of Key Conjuring},
- book title = {20th IEEE Computer Security Foundations Symposium},
- publisher = {IEEE},
- year = 2007,
- month = {Jul},
- pages = {79-96},
- doi = {10.1109/CSF.2007.5},
- url = {http://homepages.inf.ed.ac.uk/gsteel/papers/csf20.pdf},
- }
|