Princeton ELE 572 - Protecting Cryptographic Keys

Unformatted text preview:

Protecting Cryptographic Keys and Computationsvia Virtual Secure Coprocessing(John P. McGregor and Ruby B. LeeAbstractAcknowledgementsReferencesProtecting Cryptographic Keys and Computations via Virtual Secure Coprocessing John P. McGregor and Ruby B. Lee Princeton Architecture Laboratory for Multimedia and Security (PALMS) Department of Electrical Engineering Princeton University {mcgregor, rblee}@princeton.edu This work was supported in part by NSF CCR-0208946. Abstract Cryptographic processing is a critical component of secure networked computing systems. The protection offered by cryptographic processing, however, greatly depends on the methods employed to manage, store, and exercise a user’s cryptographic keys. In general, software-only key management schemes contain numerous security weaknesses. Thus, many systems protect keys with distributed protocols or supplementary hardware devices, such as smart cards and cryptographic coprocessors. However, these key protection mechanisms suffer from combinations of user inconvenience, inflexibility, performance penalties, and high cost. In this paper, we propose architectural enhancements for general-purpose processors that protect core secrets by facilitating virtual secure coprocessing (VSCoP). We describe modest hardware modifications and a trusted software library that allow common computing devices to perform flexible, high-performance, and protected cryptographic computation. The hardware additions include a small key store in the processor, encryption engines at the cache-memory interface, a few new instructions, and minor hardware platform modifications. With these enhancements, users can store, transport, and employ their secret keys to safely complete cryptographic operations in the presence of insecure software. In addition, we provide a foundation with which users can more securely access their secret keys on any Internet-connected computing device (that supports VSCoP) without requiring auxiliary hardware such as smart cards. 1. Introduction Security systems generally employ cryptographic algorithms to provide many critical security functions such as confidentiality, integrity, authentication, and privacy. For example, various implementations of secure electronic voting, distributed data storage, and virtual private networks use encryption and related tools to achieve essential security goals. The utility provided by most cryptographic operations is generally based upon the secrecy and integrity of small pieces of data known as cryptographic keys. For the purposes of this paper, cryptographic keys may consist of any secret information used to perform a security service, such as AES keys [26], decryption exponents, passphrases, PINs, biometric data, and even credit card numbers. We refer to a user’s collection of cryptographic keys as the user’s key ring. In common platforms such as personal computers, users often perform cryptographic operations in the clear. This means that the users temporarily or permanently store their secret keys and associated sensitive information in unprotected system RAM or other storage devices. When a user exercises secret keys in the clear, an unauthorized party may inspect the contents of memory to obtain the secret key material. Such system penetration can be realized by exploiting one of the numerous security vulnerabilities that occur in operating systems and application software [11, 30]. In addition, since the secret key is often a small quantity of information – perhaps only 16 bytes in size – an attacker may expose and make use of the secret key faster than the user can react to an intrusion. Following secret key compromise, the user must initiate the painful process of revoking certificates, resetting PINs, changing passwords, etc. If the user is unaware of such exposure or the user requires considerable time to complete the key revocation process, a malicious party can inflict significant damage. Such damage may include irreversible disclosure of medical records, theft of private correspondence, and unauthorized access to copyrighted audio and video. If cryptographic keys protect valuable assets such as online banking accounts, the results of key compromise can be truly devastating. The management and protection of cryptographic keys is therefore a critical component of secure computing systems. Due to the numerous security vulnerabilities that continue to plague software, local software-only key protection techniques are unsatisfactory. A software intrusion that exploits a common vulnerability may enable an attacker to remotely penetrate a network-connected device and expose keys that provide access to all of a user’s secrets and information. Therefore, the most secure key management schemes involve a set of distributed hosts or a protected hardware device. However, existing hardware-based key protection mechanisms suffer from a variety of disadvantages, including high cost, inflexibility, and inconvenience to users.1.1. Our Proposal Master Key In this paper, we describe new architectural and software enhancements for general-purpose processors and platforms that protect users’ secrets. With processor transistor counts approaching 1 billion, we believe that a small percentage of the transistor budget should be applied to improve security. Our enhancements effectively enable the general-purpose processor to operate as a virtual secure coprocessor (VSCoP) when needed [23]. We identify a minimal set of protected registers, system states, and algorithms to enable secure and efficient key utilization and storage in the presence of insecure networks, application software, and operating systems. We define a Concealed Execution Mode (CEM) for general-purpose processors that protects computations involving users’ keys. In addition, we describe a special trusted software library, the Cryptographic Operations Library (COL), which is used in the CEM to safely perform computation using secret keys. To further improve the security offered by virtual secure coprocessing, we propose methods for securely transporting keys to protected storage within the processor for future use in the CEM. The performance and implementation costs of our enhancements are modest. Users can employ concealed execution while simultaneously running non-secured threads on a system. Also, we only require low cost changes to the general-purpose


View Full Document
Download Protecting Cryptographic Keys
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Protecting Cryptographic Keys and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Protecting Cryptographic Keys 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?