The mkP11 tool
Participant : Graham STEEL [ in charge ] .
mkP11 is a tool that generates a formal model in a multiset rewriting logic of an RSA PKCS#11 compatible key management API. Such APIs are found on smartcards and USB security tokens, for example. Each device is configured slightly differently in terms of possible operations. A tool called `APITool', developed at the University of Venice, extracts configuration information from such a device by a pre-defined reverse-engineering process. The mkP11 tool compiles a formal model based on this information. The model constructed is suitable for the SAT based security protocol model checker, SATMC. If SATMC finds an attack, mkP11 converts the output back into a form suitable for APITool to execute it directly on the token.
mkP11 is described in a paper currently under review for an international conference. Commercial entities including a major international bank have expressed interest in purchasing the software, in combination with the APITool. An NDA has been signed covering continuation of development in collaboration with the University of Venice.