Protecting cryptographic keys from memory disclosure attacks
Cryptography has become an indispensable mechanism for securing systems, communications, and applications. While offering strong protection, cryptography makes the assumption that cryptographic keys are kept secret. This assumption is very difficult to guarantee in real life because computers, on which cryptographic keys are stored and utilized, may be compromised relatively easily. Moreover, compromise of cryptographic keys may not be detected (and therefore the compromised keys being revoked) until after a long period of time. In this paper we investigate memory disclosure attacks, which exploit memory disclosure vulnerabilities to expose some amount of computer memory (RAM) and thus cryptographic keys. We demonstrate that the threat is real by formulating attacks that exposed the private keys of an OpenSSH server and an Apache server in their entirety. The attack experiments demonstrate that the private keys are somewhat flooding in RAM. We explain this phenomenon by showing that private keys are not carefully dealt with in the software stack, which motivates us to propose a set of software-based countermeasures that can effectively mitigate the damage of memory disclosure attacks at essentially no performance penalty. We also report lessons learned through this study, which should be taken into consideration in the design and development of future systems that have cryptographic components.