• Title/Summary/Keyword: Cryptographic Application Program Interface(CryptoAPI)

Search Result 1, Processing Time 0.014 seconds

An Experimental Study of Private Key and Secret Key Disclosure Vulnerability in Cryptographic Service Provider(CSP) Module (Cryptographic Service Provider(CSP) 모듈의 개인키/비밀키 노출 취약점에 대한 실험적 연구)

  • Park, Jin-Ho;Cho, Jae-Ik;Im, Eul-Gyu
    • Convergence Security Journal
    • /
    • v.7 no.3
    • /
    • pp.61-70
    • /
    • 2007

  • In Windows operating system, CSPs(Cryptographic Service Providers) are provided for offering a easy and convenient way of using an various cryptographic algorithms to applications. The applications selectively communicate with various CSPs through a set of functions known as the Crypto API(Cryptographic Application Program Interface). During this process, a secure method, accessing data using a handle, is used in order to prevent analysis of the passing parameters to function between CryptoAPI and CSPs. In this paper, our experiment which is using a novel memory traceback method proves that still there is a vulnerability of private key and secret key disclosure in spite of the secure method above-mentioned.

  • PDF