Title :
Keeping secret keys secret in open systems
Author :
Azhar, I. ; Ahmed, N. ; Abbasi, A.G. ; Kiani, A. ; Shibli, A.
Author_Institution :
Dept. of Comput., Nat. Univ. of Sci. & Technol., Islamabad, Pakistan
Abstract :
Security of cryptographic keys stored on an untrusted host is a challenging task. Casual storage of keys could lead to an unauthorized access using physical means. If an adversary can access the binary code, the key material can be easily extracted using well-known key-finding techniques. This paper proposes a new technique for securing keys within software. In our proposed technique, we transform keys (randomly generated bit-strings) to a set of randomized functions, which are then compiled and obfuscated together to form a secure application. When the keys are required at the run-time, an inverse transform is computed by the application dynamically to yield the original bit-strings. We demonstrate that our technique resists attacks by many entropy based key finding algorithms that scan the host´s RAM at run-time.
Keywords :
computer network security; cryptography; inverse transforms; open systems; RAM; binary code; cryptographic key security; entropy-based key finding algorithm; inverse transform; key material; key-finding technique; open systems; randomized functions; randomly-generated bit-strings; secret keys; Availability; Cryptography; Heuristic algorithms; Lead; Open systems; Software; Key Hiding; Open System Security; White-Box Model;
Conference_Titel :
Open Source Systems and Technologies (ICOSST), 2014 International Conference on
Conference_Location :
Lahore
Print_ISBN :
978-1-4799-2053-2
DOI :
10.1109/ICOSST.2014.7029328
