Skip to main content
SpringerLink
Log in

A Method for Safekeeping Cryptographic Keys from Memory Disclosure Attacks

  • Conference paper
Trusted Systems (INTRUST 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6163))

Included in the following conference series:

Abstract

Security of cryptographic mechanisms is ultimately based on the assumption that cryptographic keys are kept (absolutely) secret. This assumption is very difficult to accommodate in real-world systems without special hardware. In this paper, we consider memory disclosure attacks that disclose RAM content and then compromise a cryptographic key appearing in it. Our experience shows that such attacks, if successful, will expose the whole cryptographic key in question (rather than a portion of it). Previously it was shown how to mitigate the damage by ensuring only one copy of a key appears in RAM. However, this leaves attack success probability roughly proportional to the amount of memory disclosed. Motivated by this observation, here we show how to ensure that “zero” copies of a key appear in RAM while allowing efficient cryptographic computations. As demonstrated in our prototype system, this can be achieved by exploiting the x86 SSE XMM registers so that an RSA key appears in its entirety only when loaded into these registers for cryptographic computations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous hardcore bits and cryptography against memory attacks. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 474–495. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  2. Anderson, R.: On the forward security of digital signatures. Technical report, University of Cambridge (1997)

    Google Scholar 

  3. Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (im)possibility of obfuscating programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  4. Bellare, M., Miner, S.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999)

    Google Scholar 

  5. Bellare, M., Yee, B.: Forward-security in private-key cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 1–18. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Biham, E.: A fast new des implementation in software. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 260–272. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  7. Boneh, D., Durfee, G., Frankel, Y.: An attack on RSA given a small fraction of the private key bits. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 25–34. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  8. Broadwell, P., Harren, M., Sastry, N.: Scrash: A system for generating secure crash information. In: Proceedings of Usenix Security Symposium 2003, pp. 273–284 (2004)

    Google Scholar 

  9. Canetti, R., Dodis, Y., Halevi, S., Kushilevitz, E., Sahai, A.: Exposure-resilient functions and all-or-nothing transforms. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 453–469. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  10. Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding data lifetime via whole system simulation. In: Proceedings of Usenix Security Symposium 2004, pp. 321–336 (2004)

    Google Scholar 

  11. Chow, J., Pfaff, B., Garfinkel, T., Rosenblum, M.: Shredding your garbage: Reducing data lifetime. In: Proc. 14th USENIX Security Symposium (August 2005)

    Google Scholar 

  12. Intel Corporation. Intel 64 and IA-32 Architectures Software Developer’s Manual Volume 1: Basic Architecture. Intel Corporation (2007)

    Google Scholar 

  13. Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, Heidelberg (1990)

    Google Scholar 

  14. Dodis, Y., Katz, J., Xu, S., Yung, M.: Key-insulated public key cryptosystems. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 65–82. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  15. Goldreich, O., Ostrovsky, R.: Software protection and simulation on oblivious rams. J. ACM 43(3), 431–473 (1996)

    Article  MATH  MathSciNet  Google Scholar 

  16. Trusted Computing Group, https://www.trustedcomputinggroup.org/

  17. Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: Cold boot attacks on encryption keys. In: Proc. 17th USENIX Security Symposium, San Jose, CA (August 2008)

    Google Scholar 

  18. Harrison, K., Xu, S.: Protecting cryptographic keys from memory disclosure attacks. In: IEEE DSN 2007, pp. 137–143 (2007)

    Google Scholar 

  19. Hoover, D., Kausik, B.: Software smart cards via cryptographic camouflage. In: IEEE Symposium on Security and Privacy, pp. 208–215 (1999)

    Google Scholar 

  20. Itkis, G., Reyzin, L.: Sibir: Signer-base intrusion-resilient signatures. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 499–514. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  21. Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  22. Ostrovsky, R., Yung, M.: How to withstand mobile virus attacks (extended abstract). In: PODC 1991: Proceedings of the tenth annual ACM symposium on Principles of distributed computing, pp. 51–59. ACM Press, New York (1991)

    Chapter  Google Scholar 

  23. Parker, T.P.: Safekeeping your keys: Keep them out of ram. In: DSN 2007 Student Forum, June 25-28 (2007)

    Google Scholar 

  24. Piegdon, D., Pimenidis, L.: Hacking in physically adressable memory. In: Proc. 4th International Conference on Detection of Intrusions & Malware, and Vulnerability Assessment, DIMVA 2007 (2007)

    Google Scholar 

  25. Provos, N.: Encrypting virtual memory. In: Proceedings of Usenix Security Symposium 2000 (2000)

    Google Scholar 

  26. Shamir, A., van Someren, N.: Playing ‘hide and seek’ with stored keys. In: Franklin, M.K. (ed.) FC 1999. LNCS, vol. 1648, p. 118. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  27. Viega, J.: Protecting sensitive data in memory (2001), http://www.cgisecurity.com/lib/protecting-sensitive-data.html

  28. Viega, J., McGraw, G.: Building Secure Software. Addison-Wesley, Reading (2002)

    Google Scholar 

  29. Yee, B.: Using secure coprocessors. PhD thesis, Carnegie Mellon University, CMU-CS-94-149 (May 1994)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Texas at San Antonio,  

    T. Paul Parker & Shouhuai Xu

Authors
  1. T. Paul Parker
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shouhuai Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hewlett Packard Labs, Long Down Avenue, Stoke Gifford, BS34 8QZ, Bristol, UK

    Liqun Chen

  2. Computer Science Department, Google Inc. and Columbia University, Room 464, S.W. Mudd Building, 10027, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Parker, T.P., Xu, S. (2010). A Method for Safekeeping Cryptographic Keys from Memory Disclosure Attacks. In: Chen, L., Yung, M. (eds) Trusted Systems. INTRUST 2009. Lecture Notes in Computer Science, vol 6163. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14597-1_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14597-1_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14596-4

  • Online ISBN: 978-3-642-14597-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation