PKCS#11 Device Audit
Test the security of your PKCS11 implementations.
Cryptosense Analyzer software ensures the ongoing security of your PKCS#11 deployments with comprehensive testing and monitoring tools.
Hardware-based cryptography is a core technology for controlling risk in potentially hostile environments such as mobile, cloud and Internet of things. However, choosing, configuring, deploying and securely using a cryptographic device like a Hardware Security Module (HSM) is far from simple. A small mistake in the details can lead to a complete loss of security. Cryptosense offers a comprehensive suite of tools for black-box testing the security of HSMs (including CloudHSMs), and auditing the way applications use them to make sure your most precious keys are always secure.
Smart Fuzzing of HSMs
Cryptosense PKCS#11 Fuzzer is the only commercially available fuzzing tool for PKCS#11 HSMs, allowing you to test their security without needing access to source code. Our adaptative mutation-based fuzzing engine explores the corner-cases of the PKCS#11 standard as implemented in the device under test. The results are passed through more than 140 compliance and vulnerability filters to detect memory management errors, anomalies and weaknesses, including a number of issues that can compromise private keys like CVE-2015-5464 and CVE-2015-6924. This facilitates security testing of vendor equipment before procurement, automated audits, and evaluation of firmware updates and configuration changes.
Our PKCS#11 fuzzer can either be run in full auto mode, or configured at the command-line to go deeper on certain configurations of commands. If a crash in the HSM driver is discovered, the fuzzer returns the call required to reproduce the issue. Automated inconsistency detection allows memory management flaws within the HSM to be discovered. Fuzzing can also be resumed from existing traces to save analysis time. For HSM suppliers, Cryptosense PKCS#11 Fuzzer and Analyzer can be incorporated into CI thanks to the Analyzer’s Web API.
Vulnerability Types found by Cryptosense Analyzer in PKCS#11 deployments
In HSM Firmware
Despite their FIPS and CC certifications, HSMs contain programming errors just like any other complex system. In 2015, two independent vulnerabilities were found that compromised private keys of certified HSMs (CVE-2015-5464 and CVE-2015-6924). Cryptosense’s smart fuzzing tools detect instances of known vulnerabilities including these and others from the academic literature, as well as performing a PKCS#11 compliance test that can indicate the presence of previously unknown weaknesses. The mutation-based fuzzing detects memory-management errors in both the driver and firmware.
In PKCS#11 Configuration
If implemented “as is”, it is well-known that the PKCS#11 API does not adequately protect sensitive keys. Typically, real-world deployments involve restricting the operations available in the API to mitigate key-extraction attacks. Cryptosense Analyzer can test a given configuration and determine whether any combination of commands may leak a key, making secure configuration straightforward.
In PKCS#11 Applications
Even if the HSM is bug-free and correctly set up, applications that use the device still have to use cryptography securely. Mistakes like poor algorithm choice, IV mismanagement, absence of key role separation etc. can create vulnerabilities. Cryptosense App Tracer detects these flaws.
Good preparatory work can be undone if in practice HSMs are incorrectly configured after firmware updates, or if key-management operations leave keys incorrectly set up. Cryptosense Analyzer provides ongoing visibility on HSM security and alerts in the case of out-of-standard configuration. Fuzzing and analysis can be automatically scheduled to give alerts in case of out of standard results.