{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T07:36:58Z","timestamp":1767339418303},"publisher-location":"Cham","reference-count":20,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319457185"},{"type":"electronic","value":"9783319457192"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-45719-2_5","type":"book-chapter","created":{"date-parts":[[2016,9,6]],"date-time":"2016-09-06T02:11:24Z","timestamp":1473127884000},"page":"97-117","source":"Crossref","is-referenced-by-count":3,"title":["APDU-Level Attacks in PKCS#11 Devices"],"prefix":"10.1007","author":[{"given":"Claudio","family":"Bozzato","sequence":"first","affiliation":[]},{"given":"Riccardo","family":"Focardi","sequence":"additional","affiliation":[]},{"given":"Francesco","family":"Palmarini","sequence":"additional","affiliation":[]},{"given":"Graham","family":"Steel","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,9,7]]},"reference":[{"key":"5_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"128","DOI":"10.1007\/3-540-44810-1_18","volume-title":"Security Protocols","author":"R Anderson","year":"2001","unstructured":"Anderson, R.: The correctness of crypto transaction sets. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 128\u2013141. Springer, Heidelberg (2001)"},{"key":"5_CR2","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1007\/978-3-642-30436-1_4","volume-title":"Information Security and Privacy Research","author":"G Barbu","year":"2012","unstructured":"Barbu, G., Giraud, C., Guerin, V.: Embedded eavesdropping on Java card. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IFIP AICT, vol. 376, pp. 37\u201348. Springer, Heidelberg (2012)"},{"key":"5_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"220","DOI":"10.1007\/3-540-44709-1_19","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2001","author":"M Bond","year":"2001","unstructured":"Bond, M.: Attacks on cryptoprocessor transaction sets. In: Ko\u00e7, \u00c7.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 220\u2013234. Springer, Heidelberg (2001)"},{"issue":"10","key":"5_CR4","doi-asserted-by":"crossref","first-page":"67","DOI":"10.1109\/2.955101","volume":"34","author":"M Bond","year":"2001","unstructured":"Bond, M., Anderson, R.: API level attacks on embedded systems. IEEE Comput. Mag. 34(10), 67\u201375 (2001)","journal-title":"IEEE Comput. Mag."},{"key":"5_CR5","doi-asserted-by":"crossref","unstructured":"Bortolozzo, M., Centenaro, M., Focardi, R., Steel, G.: Attacking and fixing PKCS#11 security tokens. In: Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010), pp. 260\u2013269. ACM (2010)","DOI":"10.1145\/1866307.1866337"},{"key":"5_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"411","DOI":"10.1007\/978-3-540-45238-6_32","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2003","author":"J Clulow","year":"2003","unstructured":"Clulow, J.: On the Security of PKCS #11. In: Walter, C.D., Ko\u00e7, \u00c7.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 411\u2013425. Springer, Heidelberg (2003)"},{"key":"5_CR7","doi-asserted-by":"crossref","first-page":"183","DOI":"10.1007\/0-387-24486-7_14","volume-title":"Communications and Multimedia Security","author":"D Cock De","year":"2005","unstructured":"De Cock, D., Wouters, K., Schellekens, D., Singelee, D., Preneel, B.: Threat modelling for security tokens in web applications. In: Chadwick, D., Preneel, B. (eds.) Communications and Multimedia Security, pp. 183\u2013193. Springer, Cham (2005)"},{"key":"5_CR8","doi-asserted-by":"crossref","unstructured":"de Koning, G., Gans, J., de Ruiter.: The smartlogic tool: analysing and testing smart card protocols. In: Fifth IEEE International Conference on Software Testing, Verification and Validation, ICST 2012, pp. 864\u2013871 (2012)","DOI":"10.1109\/ICST.2012.189"},{"issue":"6","key":"5_CR9","doi-asserted-by":"crossref","first-page":"1211","DOI":"10.3233\/JCS-2009-0394","volume":"18","author":"S Delaune","year":"2010","unstructured":"Delaune, S., Kremer, S., Steel, G.: Formal analysis of PKCS#11 and proprietary extensions. J. Comput. Secur. 18(6), 1211\u20131245 (2010)","journal-title":"J. Comput. Secur."},{"key":"5_CR10","doi-asserted-by":"crossref","unstructured":"Gkaniatsou, A., McNeill, F., Bundy, A., Steel, G., Focardi, R., Bozzato, C.: Getting to know your card: reverse-engineering the smart-card application protocol data unit. In: Proceedings of the 31st Annual Computer Security Applications Conference, ACSAC 2015, pp. 441\u2013450. ACM (2015)","DOI":"10.1145\/2818000.2818020"},{"key":"5_CR11","unstructured":"ISO, IEC 7816\u20134.: Identification cards - Integrated circuit cards - Part 4: Organization, security and commands for interchange (2013)"},{"issue":"1","key":"5_CR12","doi-asserted-by":"crossref","first-page":"75","DOI":"10.1016\/0167-4048(92)90222-D","volume":"11","author":"D Longley","year":"1992","unstructured":"Longley, D., Rigby, S.: An automatic search for security flaws in key management schemes. Comput. Secur. 11(1), 75\u201389 (1992)","journal-title":"Comput. Secur."},{"key":"5_CR13","doi-asserted-by":"crossref","unstructured":"Murdoch, S.J., Drimer, S., Anderson, R.J., Bond, M.: Chip and PIN is broken. In: 31st IEEE Symposium on Security and Privacy (S&P 2010), 16\u201319 May 2010, Berleley\/Oakland, California, USA, pp. 433\u2013446 (2010)","DOI":"10.1109\/SP.2010.33"},{"key":"5_CR14","unstructured":"OASIS Standard: PKCS #11 Cryptographic Token Interface Base Specification Version 2.40. http:\/\/docs.oasis-open.org\/pkcs11\/pkcs11-base\/v2.40\/pkcs11-base-v2.40.html"},{"key":"5_CR15","unstructured":"RSA Laboratories: PKCS #11 v2.30: Cryptographic Token Interface Standard. http:\/\/www.emc.com\/emc-plus\/rsa-labs\/standards-initiatives\/pkcs-11-cryptographic-token-interface-standard.htm"},{"key":"5_CR16","unstructured":"Schneier, B., Shostack, A., et al.: Breaking up is hard to do: modeling security threats for smart cards. In: USENIX Workshop on Smart Card Technology, Chicago, Illinois, USA (1999). http:\/\/www.counterpane.com\/smart-card-threats.html"},{"key":"5_CR17","unstructured":"Shostack, A.: Experiences threat modeling at microsoft. In: Modeling Security Workshop. Department of Computing, Lancaster University, UK (2008)"},{"key":"5_CR18","volume-title":"Threat Modeling","author":"F Swiderski","year":"2004","unstructured":"Swiderski, F., Snyder, W.: Threat Modeling. Microsoft Press, Redmond (2004)"},{"key":"5_CR19","doi-asserted-by":"crossref","unstructured":"Wang, L., Wong, E., Dianxiang, X.: A threat model driven approach for security testing. In: Proceedings of the Third International Workshop on Software Engineering for Secure Systems, SESS 2007, p. 10, Washington, D.C, USA. IEEE Computer Society (2007)","DOI":"10.1109\/SESS.2007.2"},{"key":"5_CR20","unstructured":"Youn, P., Adida, B., Bond, M., Clulow, J., Herzog, J., Lin, A., Rivest, R., Anderson, R.: Robbing the bank with a theorem prover. Technical Report UCAM-CL-TR-644, University of Cambridge, August 2005"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-45719-2_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,6,24]],"date-time":"2017-06-24T22:03:01Z","timestamp":1498341781000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-45719-2_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319457185","9783319457192"],"references-count":20,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-45719-2_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]}}}