• Title/Summary/Keyword: Cryptographic Service Provider(CSP)

Search Result 3, Processing Time 0.028 seconds

An Experimental Study of Private Key and Secret Key Disclosure Vulnerability in Cryptographic Service Provider(CSP) Module (Cryptographic Service Provider(CSP) 모듈의 개인키/비밀키 노출 취약점에 대한 실험적 연구)

  • Park, Jin-Ho;Cho, Jae-Ik;Im, Eul-Gyu
    • Convergence Security Journal
    • /
    • v.7 no.3
    • /
    • pp.61-70
    • /
    • 2007
  • In Windows operating system, CSPs(Cryptographic Service Providers) are provided for offering a easy and convenient way of using an various cryptographic algorithms to applications. The applications selectively communicate with various CSPs through a set of functions known as the Crypto API(Cryptographic Application Program Interface). During this process, a secure method, accessing data using a handle, is used in order to prevent analysis of the passing parameters to function between CryptoAPI and CSPs. In this paper, our experiment which is using a novel memory traceback method proves that still there is a vulnerability of private key and secret key disclosure in spite of the secure method above-mentioned.

  • PDF

A Study for Implementation of Cryptographic Service Provider(CSP) (CryptoAPI 지원 암호 모듈(CSP) 구현에 관한 연구)

  • Hong, Soon-Jwa;Park, Joong-Gil;Kim, Young-Jin
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • 2000.10a
    • /
    • pp.797-800
    • /
    • 2000
  • 최근 정보 보안에 대한 연구 및 개발이 활발하게 이루어지고 있으며, 그 중 보안 API 는 보안 서비스를 제공하는 인터페이스 규격으로서 중요성이 증대되고 있다. 대표적인 보안 API 로는 MS의 CryptoAPI, Intel 보안 구조인 CDSA 의 CSSM API, IETF의 GSS-API/IDUP-GSS-API, X/Open 그룹의 GCS-API 등이 있다. 보안 API 는 응용 개발자와 보안 장비 개발자의 편리성 및 독립성을 최대한 보장할 수 있어야 하지만, 실제 구현 환경에서 부딪치는 문제는 OS 플랫폼이 기반이 되지 못한 경우 시스템 보안 구조의 계층화가 어렵고, 실제 구현 환경에서 호환성을 보장할 수 없다는 것이다. 이러한 관점에서 MS의 CryptoAPI는 응용 및 보안 장비의 개발 규격 및 절차를 제안하고 있으며, 두 분야의 개발자 사이의 연동은 시스템 OS인 Windows가 담당하고 있다.

  • PDF

An Overview of Data Security Algorithms in Cloud Computing

  • D. I. George Amalarethinam;S. Edel Josephine Rajakumari
    • International Journal of Computer Science & Network Security
    • /
    • v.23 no.5
    • /
    • pp.65-72
    • /
    • 2023
  • Cloud Computing is one of the current research areas in computer science. Recently, Cloud is the buzz word used everywhere in IT industries; It introduced the notion of 'pay as you use' and revolutionized developments in IT. The rapid growth of modernized cloud computing leads to 24×7 accessing of e-resources from anywhere at any time. It offers storage as a service where users' data can be stored on a cloud which is managed by a third party who is called Cloud Service Provider (CSP). Since users' data are managed by a third party, it must be encrypted ensuring confidentiality and privacy of the data. There are different types of cryptographic algorithms used for cloud security; in this article, the algorithms and their security measures are discussed.