Computer Laboratory

Technical reports

Unwrapping the Chrysalis

Mike Bond, Daniel Cvrček, Steven J. Murdoch

June 2004, 15 pages

Abstract

We describe our experiences reverse engineering the Chrysalis-ITS Luna CA³ – a PKCS#11 compliant cryptographic token. Emissions analysis and security API attacks are viewed by many to be simpler and more efficient than a direct attack on an HSM. But how difficult is it to actually “go in the front door”? We describe how we unpicked the CA³ internal architecture and abused its low-level API to impersonate a CA³ token in its cloning protocol – and extract PKCS#11 private keys in the clear. We quantify the effort involved in developing and applying the skills necessary for such a reverse-engineering attack. In the process, we discover that the Luna CA³ has far more undocumented code and functionality than is revealed to the end-user.

Full text

PDF (0.4 MB)

BibTeX record

@TechReport{UCAM-CL-TR-592,
  author =	 {Bond, Mike and Cvr{\v c}ek, Daniel and Murdoch, Steven J.},
  title = 	 {{Unwrapping the Chrysalis}},
  year = 	 2004,
  month = 	 jun,
  url = 	 {http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-592.pdf},
  institution =  {University of Cambridge, Computer Laboratory},
  number = 	 {UCAM-CL-TR-592}
}