Type-Based Analysis of PIN Processing APIs

15 years 1 days ago

Download www.lsv.ens-cachan.fr

We examine some known attacks on the PIN verification framework, based on weaknesses of the security API for the tamperresistant Hardware Security Modules used in the network. We specify this API in an imperative language with cryptographic primitives, and show how its flaws are captured by a notion of robustness that extends the one of Myers, Sabelfeld and Zdancewic to our cryptographic setting. We propose an improved API, give an extended type system for assuring integrity and for preserving confidentiality via randomized and nonrandomized encryptions, and show our new API to be type-checkable.

Matteo Centenaro, Riccardo Focardi, Flaminia L. Lu

Real-time Traffic

ESORICS 2009 | Improved Api | PIN Verification Framework | Security Api | Security Privacy |

claim paper

Post Info
More Details (n/a)

Added	23 Nov 2009
Updated	23 Nov 2009
Type	Conference
Year	2009
Where	ESORICS
Authors	Matteo Centenaro, Riccardo Focardi, Flaminia L. Luccio, Graham Steel

Comments (0)

Sciweavers

Type-Based Analysis of PIN Processing APIs

ESORICS 2009 | Improved Api | PIN Verification Framework | Security Api | Security Privacy |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers