ABSTRACT
While extensive research addresses the problem of establishing session keys through cryptographic protocols, relatively little work has appeared addressing the problem of revocation and update of long term keys. We present an API for symmetric key management on embedded devices that supports key establishment and revocation, and prove security properties of our design in the symbolic model of cryptography. Our API supports two modes of revocation: a passive mode where keys have an expiration time, and an active mode where revocation messages are sent to devices. For the first we show that once enough time has elapsed after the compromise of a key, the system returns to a secure state, i.e. the API is robust against attempts by the attacker to use a compromised key to compromise other keys or to keep the compromised key alive past its validity time. For the second we show that once revocation messages have been received the system immediately returns to a secure state. Notable features of our designs are that all secret values on the device are revocable, and the device returns to a functionally equivalent state after revocation is complete.
- M. Abadi, B. Blanchet, and C. Fournet. Just fast keying in the pi calculus. ACM Transactions on Information and System Security (TISSEC), 10(3):1--59, July 2007. Google ScholarDigital Library
- B. Blanchet and A. Chaudhuri. Automated formal analysis of a protocol for secure file sharing on untrusted storage. In Proceedings of the 29th IEEE Symposium on Security and Privacy (S&P'08), pages 417--431, Oakland, CA, 2008. IEEE. Google ScholarDigital Library
- C. Cachin and N. Chandran. A secure cryptographic token interface. In Computer Security Foundations (CSF-22), pages 141--153, Long Island, New York, 2009. IEEE Computer Society Press. Google ScholarDigital Library
- V. Cortier and G. Steel. A generic security API for symmetric key management on cryptographic devices. In Proceedings of the 14th European Symposium on Research in Computer Security (ESORICS'09), volume 5789 of Lecture Notes in Computer Science, pages 605--620, Saint Malo, France, September 2009. Springer. Google ScholarDigital Library
- V. Cortier, G. Steel, and C. Wiedling. Revoke and let live: A secure key revocation api for cryptographic devices. Research Report RR-7949, INRIA, 2012.Google ScholarDigital Library
- J. Courant and J.-F. Monin. Defending the bank with a proof assistant. In Proceedings of the 6th International Workshop on Issues in the Theory of Security (WITS'06), pages 87 -- 98, Vienna, Austria, March 2006.Google Scholar
- L. Eschenauer and V. D. Gligor. A key management scheme for distributed sensor networks. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), pages 41--47, 2002. Google ScholarDigital Library
- S. Fröschle and G. Steel. Analysing PKCS\#11 key management APIs with unbounded fresh data. In Joint Workshop on Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security (ARSPA-WITS'09), volume 5511 of Lecture Notes in Computer Science, pages 92--106, York, UK, 2009. Springer. Google ScholarDigital Library
- F. E. Kargl. Sevecom baseline architecture. Deliverable D2.1-App.A for EU Project Sevecom, 2009.Google Scholar
- F. Levy. SAM and key management functional presentation. Available from http://www.calypsostandard.net/, December 2010.Google Scholar
- G. Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Tools and Algorithms for the Construction and Analysis of Systems (TACAS'96), volume 1055 of LNCS, pages 147--166. Springer-Verlag, march 1996. Google ScholarDigital Library
- S. Mödersheim and P. Modesti. Verifying sevecom using set-based abstraction. In IWCMC, pages 1164--1169. IEEE, 2011.Google ScholarCross Ref
- C. Neuman, T. Yu, S. Hartman, and K. Raeburn. The kerberos network authentication service - rfc 4120. Available at http://tools.ietf.org/html/rfc4120.Google Scholar
- G. Steel and A. Bundy. Attacking group protocols by refuting incorrect inductive conjectures. Journal of Automated Reasoning, 46(1--2):149--176, January 2006. Special Issue on Automated Reasoning for Security Protocol Analysis. Google ScholarDigital Library
- Trusted Computing Group. TPM Main Part 3 Commands., level 2 revision 116 edition, March 2011. Specification Version 1.2.Google Scholar
- B. Weyl. Secure on-board architecture specification. Deliverable D3.2 for EU Project EVITA, http://evita-project.org/Deliverables/EVITAD3.2.pdf, August 2011.Google Scholar
- X. Z. Yong Wan, Byrav Ramamurthy. Keyrev: An effifcient key revocation scheme for wireless sensor networks. In IEEE International Conference on Communications (ICC), pages 1260 -- 1265, 2007.Google Scholar
Index Terms
- Revoke and let live: a secure key revocation api for cryptographic devices
Recommendations
A Fully Secure Revocable ID-Based Encryption in the Standard Model
Revocation problem is a critical issue for key management of public key systems. Any certificate-based or identity (ID)-based public key systems must provide a revocation method to revoke misbehaving/compromised users from the public key systems. In the ...
Two birds one stone: signcryption using RSA
CT-RSA'03: Proceedings of the 2003 RSA conference on The cryptographers' trackIdentity-based public key encryption facilitates easy introduction of public key cryptography by allowing an entitys public key to be derived from an arbitrary identification value, such as name or email address.Th e main practical benefit of identity-...
Adaptive-ID Secure Revocable Identity-Based Encryption
CT-RSA '09: Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in CryptologyIdentity-Based Encryption (IBE) offers an interesting alternative to PKI-enabled encryption as it eliminates the need for digital certificates. While revocation has been thoroughly studied in PKIs, few revocation mechanisms are known in the IBE setting. ...
Comments