views:

77

answers:

4

We are adding AES 256 bit encryption to our server and client applications for encrypting the TCP/IP traffic containing sensitive information. We will be rotating the keys daily. Because of that, the keys will be stored in memory with the applications.

Key distribution process:

  1. Each server and client will have a list of initial Key Encryption Key's (KEK) by day

  2. If the client has just started up or the server has just started up, the client will request the daily key from the server using the initial key. The server will respond with the daily key, encrypted with the initial key. The daily key is a randomly generated set of alphanumeric characters. We are using AES 256 bit encryption.

  3. All subsequent communications will be encrypted using that daily key.

  4. Nightly, the client will request the new daily key from the server using the current daily key as the current KEK. After the client gets the new key, the new daily key will replace the old daily key.

Is it possible for another bad application to gain access to this memory illegally or is this protected in Windows? The key will not be written to a file, only stored in a variable in memory.

If an application can access the memory illegally, how can you protect the memory from tampering?

We are using C++ and XP (Vista/7 may be an option in the future so I don't know if that changes the answer).

+3  A: 

I think that you may have a more fundamental problem on your hands.

If there is even the faintest chance that this machine might catch a rootkit, then your all of your keys are ours, as it were.

On Windows, Process A can read the memory of Process B if any of the below are true:

  1. it has privileges to open the memory device.
  2. it has privileges to open the virtual memory of process B.
  3. it has a friend in the kernel.

If you have complete control over what's running on the machine, and complete confidence that no one can introduce any surprises, you're golden.

This is, of course, not unique to Windows. What is unique to Windows is the volume of rootkit malware.

bmargulies
so even if I were to store the keys using Windows DPAPI and then bring them into my application's memory space, I am still screwed? This is not very encouraging :) I guess thats why you need anti-virus and latest updates as mitigating factors
0A0D
That just narrows the window. If the keys make even a fleeting appearance in memory, they are vunerable. Some people would tell you that using Windows is too high a risk if the information to be protected is of very high value.
bmargulies
Its credit card information and the requirements are somewhat stringent now. I guess the only way is to program in other mitigating factors to help prevent the rootkit scenarios.
0A0D
+4  A: 

Your key distribution process isn't secure: if someone gets that initial key set, it's all over.

Yes, other applications can get access to the process memory on Windows using the debugger hooks, and there's pretty much no way of preventing that. Essentially, if the box is compromised in any way, there's very little you can do about it.

Andrew McGregor
+2  A: 

One more bit of information as well is that even if you don't write the key to disk yourself it might very well end up there anyway. All that is needed is for the virtual memory system to page out the memory holding the key.

As others have pointed out if you cannot trust the box you are on you are screwed anyway. There are ways of making this sort of thing more secure using some extra hardware, basically moving the encryption task onto a daughter card that you can better control. That is the technique used by some financial institutions and some government entities. It might be out of your budget spect though.

Ukko
Really just looking for a way to make it easy and convenient for key rotation and securely transmitting sensitive information since our customers are too lazy to change keys. SSL is even out of the question...
0A0D
It could be argued that you are supplying the customer with a sand pit into which to stick their feather-covered heads. However, without knowing the business context, it's hard to be sure.
bmargulies
+1  A: 

There's really no way to prevent other processes from reading the memory of your process.

To make things a little more resistant to an unmotivated attacked, you could consider using a randomly generated key to encrypt the real key while it is not in use. You could generate a new random KEK every time the program is run, perhaps even changing while the program is running every few seconds. Only decrypt the "real" key when you actually need to use it, and then immediately zero out the memory where the key is when you are done.

Of course, this won't really work if you're in constant communication. But if your communication is idle most of the time and only sees occasional spikes in traffic, this approach might work.

SoapBox
Interesting approach. I think I may look into this.
0A0D