Welcome to Journal of University of Chinese Academy of Sciences,Today is

›› 2013, Vol. 30 ›› Issue (5): 699-705.DOI: 10.7523/j.issn.2095-6134.2013.05.020

Previous Articles     Next Articles

A security analysis algorithm for cryptographic module API using term rewriting system

LIU Bo1,2, CHEN Hua1   

  1. 1. Institute of Software, Chinese Academy of Sciences, Beijing 100080, China;
    2. University of Chinese Academy of Sciences, Beijing 100049, China
  • Received:2012-11-01 Revised:2012-12-24 Online:2013-09-15
  • Contact: 刘波,E-mail:liubo@is.iscas.ac.cn

Abstract: For the formal verification of the cryptographic module API, a security analysis algorithm using term rewriting system was proposed. The term rewriting rules were used to extend the intruder's knowledge with breadth-first search and symbolic method. The search will stop until an attack path has been found or all the finite state space has been searched. The algorithm was applied to PKCS#11 which is an API standard for the cryptographic module, and five experiments were performed to complete the formal verification of the symmetric key management API commands of PKCS#11. The experimental results showed that the algorithm detected the attacks against PKCS#11 precisely and effectively, and also a new API attack sequence was discovered.

Key words: PKCS#11, model checking, term rewriting, breadth-first search

CLC Number: