In this paper we describe attacks on PKCS#11 devices that we successfully mounted by interacting with the low-level APDU protocol, used to communicate with the device. They exploit proprietary implementation weaknesses which allow attackers to bypass the security enforced at the PKCS#11 level. Some of the attacks leak, as cleartext, sensitive cryptographic keys in devices that were previously considered secure.We present a new threat model for the PKCS#11 middleware and we discuss the new attacks with respect to various attackers and application configurations. All the attacks presented in this paper have been timely reported to manufacturers following a responsible disclosure process.
CITATION STYLE
Bozzato, C., Focardi, R., Palmarini, F., & Steel, G. (2016). APDU-level attacks in PKCS#11 devices. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9854 LNCS, pp. 97–117). Springer Verlag. https://doi.org/10.1007/978-3-319-45719-2_5
Mendeley helps you to discover research relevant for your work.