Encryption Keys: Randomness Is Key to Their Undoing

Abstract The problem of efficiently locating cryptographic keys in large amounts of data is quite a challenge to many enterprises. As a motivating example, consider a financial institution that uses the manager's PC to digitally sign wire transfers. In alunchtime attackscenario, the attacker (who could be a secretary, technician, or customer) can sneak into the manager's office for a few minutes while he or she is away for lunch. Assume that the PC is off-line, and cannot be directly used to sign unauthorized wire transfers. The goal of the attacker is to quickly scan the gigabytes of data on the hard disk in order to find the secret signature key. This key may be kept as a separate data file on the PC (as a result of overconfidence), or permanently embedded in the cryptographic application itself (as a result of poor design). Even worse, the key may be stored on the PC unintentionally and without the knowledge of its security-conscious user. For example, the key may appear in a Windows swap file that contains the intermediate state of a previous signing session; or it may appear in a backup file created automatically by the operating system at fixed intervals; or it may appear on the disk in a damaged sector that is not considered part of the file system. Assume also that the attacker can use a diskette to bring in a short program and to bring out the discovered key, but he or she does not have enough storage to copy the whole contents of the hard disk and does not have enough time to try each subsequence of bits from the hard disk as a possible signature generation key. (If this is the case, the attacker may wish to locate cryptographic keys in large files or in authenticode type applications that have enough storage space.)