How to withstand mobile virus attacks (extended abstract)
PODC '91 Proceedings of the tenth annual ACM symposium on Principles of distributed computing
Software protection and simulation on oblivious RAMs
Journal of the ACM (JACM)
A Forward-Secure Digital Signature Scheme
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
On the (Im)possibility of Obfuscating Programs
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Key-Insulated Public Key Cryptosystems
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
An Attack on RSA Given a Small Fraction of the Private Key Bits
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Playing "Hide and Seek" with Stored Keys
FC '99 Proceedings of the Third International Conference on Financial Cryptography
SiBIR: Signer-Base Intrusion-Resilient Signatures
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Fast New DES Implementation in Software
FSE '97 Proceedings of the 4th International Workshop on Fast Software Encryption
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Scrash: a system for generating secure crash information
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Shredding your garbage: reducing data lifetime through secure deallocation
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Protecting Cryptographic Keys from Memory Disclosure Attacks
DSN '07 Proceedings of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Lest we remember: cold boot attacks on encryption keys
SS'08 Proceedings of the 17th conference on Security symposium
Simultaneous Hardcore Bits and Cryptography against Memory Attacks
TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Exposure-resilient functions and all-or-nothing transforms
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Forward-security in private-key cryptography
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
TreVisor: OS-independent software-based full disk encryption secure against main memory attacks
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
PRIME: private RSA infrastructure for memory-less encryption
Proceedings of the 29th Annual Computer Security Applications Conference
Hi-index | 0.00 |
Security of cryptographic mechanisms is ultimately based on the assumption that cryptographic keys are kept (absolutely) secret. This assumption is very difficult to accommodate in real-world systems without special hardware. In this paper, we consider memory disclosure attacks that disclose RAM content and then compromise a cryptographic key appearing in it. Our experience shows that such attacks, if successful, will expose the whole cryptographic key in question (rather than a portion of it). Previously it was shown how to mitigate the damage by ensuring only one copy of a key appears in RAM. However, this leaves attack success probability roughly proportional to the amount of memory disclosed. Motivated by this observation, here we show how to ensure that “zero” copies of a key appear in RAM while allowing efficient cryptographic computations. As demonstrated in our prototype system, this can be achieved by exploiting the x86 SSE XMM registers so that an RSA key appears in its entirety only when loaded into these registers for cryptographic computations.