For my security concentration last semester I took an interesting course on the principles of Cryptography. My proffesor, Dr. Shouhuai Xu is a huge crypto enthusiast and has published many articles and papers on his experiments that I have found very interesting. This particular paper discusses memory disclosure attacks and how easy it is to aquire private keys from
allocated as well as unallocated space in memory. Cryptography is based on the assumption that the key should be kept secret and in this paper he explains how the "secret" keys of OpenSSH and Apache servers are easily compromised through data recovery in memory. Really cool stuff, a worthy read.
Cryptography has become an indispensable mechanism for securing systems, communications and applications. While offering strong protection, cryptography makes the assumption that cryptographic keys are kept absolutely secret. In general this assumption is very difficult to guarantee in real life because computers may be compromised relatively easily. In this paper we investigate a class of attacks, which exploit memory disclosure vulnerabilities to expose cryptographic keys. We demonstrate that the threat is real by formulating an attack that exposed the private key of an OpenSSH server within 1 minute, and exposed the private key of an Apache HTTP server within 5 minutes. We propose a set of techniques to address such attacks. Experimental results show that our techniques are efficient (i.e., imposing no
performance penalty) and effective — unless a large portion of allocated memory is disclosed.Protecting Cryptographic Keys From Memory Disclosure Attacks