Improving PKCS#11 Vulnerability Analysis

Graham Steel
June 20, 2019

As well as treating applications in Java and .NET, Cryptosense Analyzer can also check the cryptographic security of PKCS#11 implementations in HSMs and elsewhere. We recently added a few of improvements requested by our users.

Detecting Multiple-Step Vulnerabilities

It's well known that if PKCS#11 libraries follow the standard blindly, they can be vulnerable to a number of nasty key-extraction attacks. Cryptosense Analyzer already detected most of these, but some of the more subtle ones only apply if a particular combination of messages is available. The latest update to the Analyzer adds the ability to detect these.  

Trace Summaries

Our web interface now gives a quick summary of the capabilities on the PKCS#11 library detected by our fuzzer, like which mechanisms were available. This speeds up workflows, since you don't need to wait for the analysis of the trace to get a high level understanding of the trace.

Detecting Memory Corruption in the HSM

When dealing with a new device, PKCS#11 fuzzer often triggers some kind of buffer overflow or similar error inside the HSM. These errors can sometimes be exploitable with catastrophic consequences, so we added a capability to aid their detection. If the fuzzer detects a response from the HSM inconsistent with a result from earlier in the run, it will report this in the Analyzer, and if you set an option at the command line, it will halt the fuzzing.To find our more about the PKCS11 capabilities of Analyzer ask us for a demo.