Title :
Protecting Cryptographic Keys from Memory Disclosure Attacks
Author :
Harrison, Keith ; Xu, Shouhuai
Author_Institution :
Univ. of Texas at San Antonio, San Antonio
Abstract :
Cryptography has become an indispensable mechanism for securing systems, communications and applications. While offering strong protection, cryptography makes the assumption that cryptographic keys are kept absolutely secret. In general this assumption is very difficult to guarantee in real life because computers may be compromised relatively easily. In this paper we investigate a class of attacks, which exploit memory disclosure vulnerabilities to expose cryptographic keys. We demonstrate that the threat is real by formulating an attack that exposed the private key of an OpenSSH server within 1 minute, and exposed the private key of an Apache HTTP server within 5 minutes. We propose a set of techniques to address such attacks. Experimental results show that our techniques are efficient (i.e., imposing no performance penalty) and effective - unless a large portion of allocated memory is disclosed.
Keywords :
private key cryptography; OpenSSH server; cryptographic keys; cryptography; memory disclosure attacks; private key; Application software; Computer science; Concrete; Cryptography; Hardware; Memory management; Operating systems; Protection; Software tools; Web server; cryptographic key security; memory disclosure.;
Conference_Titel :
Dependable Systems and Networks, 2007. DSN '07. 37th Annual IEEE/IFIP International Conference on
Conference_Location :
Edinburgh
Print_ISBN :
0-7695-2855-4
DOI :
10.1109/DSN.2007.77
