Type-Based Analysis of PIN Processing APIs

Abstract: Abstract. We examine some known attacks on the PIN verification framework, based on weaknesses of the security API for the tamperresistant Hardware Security Modules used in the network. We specify this API in an imperative language with cryptographic primitives, and show how its flaws are captured by a notion of robustness that extends the one of Myers, Sabelfeld and Zdancewic to our cryptographic setting. We propose an improved API, give an extended type system for assuring integrity and for preserving confid… Show more

“…In a recent work [5], we prove integrity of low-integrity data using Message Authentication Codes (MACs). The secrecy of the MAC key ensures the integrity of the exchanged data: once the MAC is recomputed and checked, we are guaranteed that no one has manipulated the received data.…”

“…The same idea has recently been applied in the information flow security [7,8] to prove that randomized cyphertexts could be leaked without breaking noninterference. Deterministic encryption has been modeled in a symbolic setting for information flow by Centenaro, Focardi, Luccio and Steel [5] extending the idea of pattern. That work anyway does not account for hash functions.…”

“…A recent work on the type checking of PIN processing security APIs [5] already implements an integrity test by means of Message Authentication Codes (MACs). It might appear that this was possible thanks to the usage of a secret key in the computation of the MAC.…”

“…Equality tests to enforce data integrity have been introduced: this idea is a generalization of the integrity proof performed using Message Authentication Codes (MACs) in [5]. The equality of a tainted variable with a trusted one is regarded as an evidence of the fact that the value stored in the untrusted variable is indeed untainted.…”

Match It or Die: Proving Integrity by Equality

“…In a recent work [5], we prove integrity of low-integrity data using Message Authentication Codes (MACs). The secrecy of the MAC key ensures the integrity of the exchanged data: once the MAC is recomputed and checked, we are guaranteed that no one has manipulated the received data.…”

“…The same idea has recently been applied in the information flow security [7,8] to prove that randomized cyphertexts could be leaked without breaking noninterference. Deterministic encryption has been modeled in a symbolic setting for information flow by Centenaro, Focardi, Luccio and Steel [5] extending the idea of pattern. That work anyway does not account for hash functions.…”

“…A recent work on the type checking of PIN processing security APIs [5] already implements an integrity test by means of Message Authentication Codes (MACs). It might appear that this was possible thanks to the usage of a secret key in the computation of the MAC.…”

“…Equality tests to enforce data integrity have been introduced: this idea is a generalization of the integrity proof performed using Message Authentication Codes (MACs) in [5]. The equality of a tainted variable with a trusted one is regarded as an evidence of the fact that the value stored in the untrusted variable is indeed untainted.…”

Match It or Die: Proving Integrity by Equality

“…The attack goes on using another public parameter, the offset, to reconstruct the whole PIN code. The interested reader is referred to, e.g., [8,9,12,20], for more detail.…”

Secure Upgrade of Hardware Security Modules in Bank Networks

Analysis of Potential Vulnerabilities in Payment Terminals