Department of Computer Science and Technology

Technical reports

Unwrapping the Chrysalis

Mike Bond, Daniel Cvrček, Steven J. Murdoch

June 2004, 15 pages

Abstract

We describe our experiences reverse engineering the Chrysalis-ITS Luna CA³ – a PKCS#11 compliant cryptographic token. Emissions analysis and security API attacks are viewed by many to be simpler and more efficient than a direct attack on an HSM. But how difficult is it to actually “go in the front door”? We describe how we unpicked the CA³ internal architecture and abused its low-level API to impersonate a CA³ token in its cloning protocol – and extract PKCS#11 private keys in the clear. We quantify the effort involved in developing and applying the skills necessary for such a reverse-engineering attack. In the process, we discover that the Luna CA³ has far more undocumented code and functionality than is revealed to the end-user.

Full text

PDF (0.4 MB)

BibTeX record

@TechReport{UCAM-CL-TR-592,
  author =	 {Bond, Mike and Cvr{\v c}ek, Daniel and Murdoch, Steven J.},
  title = 	 {{Unwrapping the Chrysalis}},
  year = 	 2004,
  month = 	 jun,
  url = 	 {https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-592.pdf},
  institution =  {University of Cambridge, Computer Laboratory},
  number = 	 {UCAM-CL-TR-592}
}