2016
DOI: 10.1007/978-3-662-53018-4_11
|View full text |Cite
|
Sign up to set email alerts
|

A Modular Treatment of Cryptographic APIs: The Symmetric-Key Case

Abstract: Abstract. Application Programming Interfaces (APIs) to cryptographic tokens like smartcards and Hardware Security Modules (HSMs) provide users with commands to manage and use cryptographic keys stored on trusted hardware. Their design is mainly guided by industrial standards with only informal security promises. In this paper we propose cryptographic models for the security of such APIs. The key feature of our approach is that it enables modular analysis. Specifically, we show that a secure cryptographic API c… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
6
0

Year Published

2017
2017
2019
2019

Publication Types

Select...
2
2

Relationship

1
3

Authors

Journals

citations
Cited by 4 publications
(6 citation statements)
references
References 23 publications
0
6
0
Order By: Relevance
“…• We formalize a notion of key secrecy for KMS DMP in the style of cryptographic APIs [23] and extend prior work in this area by i. addressing a substantially more complex (distributed) API; and ii. making explicit which assumptions on the behaviour of human operators are necessary (as otherwise trivial breaks would be possible), whilst excluding all non-trivial breaks as in prior work by reducing to standard cryptographic assumptions.…”
Section: Introductionmentioning
confidence: 92%
See 4 more Smart Citations
“…• We formalize a notion of key secrecy for KMS DMP in the style of cryptographic APIs [23] and extend prior work in this area by i. addressing a substantially more complex (distributed) API; and ii. making explicit which assumptions on the behaviour of human operators are necessary (as otherwise trivial breaks would be possible), whilst excluding all non-trivial breaks as in prior work by reducing to standard cryptographic assumptions.…”
Section: Introductionmentioning
confidence: 92%
“…The second layer of results proves that the protocol hides all information about domain keys from the adversary' view. This is formalized as a cryptographic API [23] that guarantees domain key secrecy. The model captures the actions of a malicious insider adversary by allowing the domain management operations to consist of multiple adversarially orchestrated steps.…”
Section: Overviewmentioning
confidence: 99%
See 3 more Smart Citations