Section: New Results
Formal Analysis of Security APIs
Participants : Stéphanie Delaune, Steve Kremer, Graham Steel.
Security APIs allow untrusted code to access sensitive resources in a secure way. The idea is to design an interface between a trusted component, such as a smart card or cryptographic security module, and the untrusted outside world such that no matter what sequence of commands in the interface are called, and no matter what the parameters, certain good' properties will continue to hold, e.g. the secret long term keys on the smartcard are never revealed. Designing such interfaces is very tricky, and several vulnerabilities in APIs in common use have come to light in recent years.
APIs can be analysed formally in a similar way to protocols, by defining an abstract cryptographic model and exploring reachable states in the model. Recent work in the SECSI team involved designing a formal model for APIs that follow the widely used RSA PKCS#11 standard. In a journal paper  , Delaune, Kremer and Steel show security results on various proprietary extensions to the standard, obtained using the NuSMv model checker. In a conference paper with Sibylle Fröschle (University of Oldenburg)  , Steel showed how to extend these results to an unbounded model (i.e. arbitrary numbers of fresh cryptographic keys generated by the device). In joint work with Matteo Bortolozzo, Giovanni Marchetto and Riccardo Focardi at the University of Venice, Steel showed that many of the attacks discovered in theoretical models do indeed work on real deployed devices. A conference paper describing this work is currently under review. In joint work with Keighren and Aspinall at the Univeristy of Edinburgh, Steel showed how information flow technqiues may be adapted to the analysis of key management APIs  . In a paper with Véronique Cortier (LORIA), Steel proposed a new key management API with proven security properties  .
A major application area for security APIs is the cash machine network, where tamper-resistant hardware security modules protect customer PINs. In join work with Matteo Centenaro, Riccardo Focardi and Flaminia Luccio (University of Venice), Steel showed how PIN processing APIs can be analysed by information flow technqiues  . A follow-up paper describes a practical scheme for improving PIN processing security without making wholesale changes to the current infrstucture  .