A method for safekeeping cryptographic keys from memory disclosure attacks

Abstract

Security of cryptographic mechanisms is ultimately based on the assumption that cryptographic keys are kept (absolutely) secret. This assumption is very difficult to accommodate in real-world systems without special hardware. In this paper, we consider memory disclosure attacks that disclose RAM content and then compromise a cryptographic key appearing in it. Our experience shows that such attacks, if successful, will expose the whole cryptographic key in question (rather than a portion of it). Previously it was shown how to mitigate the damage by ensuring only one copy of a key appears in RAM. However, this leaves attack success probability roughly proportional to the amount of memory disclosed. Motivated by this observation, here we show how to ensure that "zero" copies of a key appear in RAM while allowing efficient cryptographic computations. As demonstrated in our prototype system, this can be achieved by exploiting the x86 SSE XMM registers so that an RSA key appears in its entirety only when loaded into these registers for cryptographic computations. © 2010 Springer-Verlag.