Keeping information secret is one of the crucial tasks in information security. This applies to commercial confidential documents and especially private keys in cryptographic use. Unauthorized exposure of personal private key compromised the authorization of signed documents and safety of computer systems.
Unfortunately, system attack is a common approach in breaking into computer systems. Attackers are able to examine the memory content of the victim's computer random access memory. If the keys are plainly stored in memory by programs written by programmers with no expertise in information hiding, the attackers will be able to extract the keys directly from the memory content.
To provide an easy way to hide the details of protecting keys for general programmers, we programmed a module. We called this Management module (MMM). This technique had been used in one of the basic modules in Strong Cryptographic Library (SCL). Programmers who want to keep the keys secret may allocate and use memory through the API of this module. It encapsulated the details of information hiding from users.
Back to top
A memory handle will be returned to the caller upon memory allocation. This handle is the actual start address of the data block. However, the data block size will be greater than the size of the actual data (key) to be stored. The extra memory cells in the block are used to store some random noise data for confusion. Moreover, several predefined permutation tables will be set up and used to transpose the content stored in the memory block. The transposition provides a way to rearrange the data in non-consecutively manner. Several distinct permutation tables are applied to avoid cryptanalysis. The permutation can be applied at byte levels or word levels, depending on the storage requirement from the caller.
Actually, the data block allocated contained both the actual data and header information. The header store the actual key size, the memory allocation unit (this includes byte, short integer and integer.) and the random value for determining the permutation table for the key.
The random value stored in the data block header is used as a random seed to a pseudo-random number generator (we used linear congruential generator (LCG) which is a good pseudo-random number generator). The random values deterministically generated by the generator with the random seed are used to determine the actual location of the data within the memory block.
Efficient memory allocation and deallocation - similar to normal memory management schemes, the allocation and deallocation of memory must be efficient enough. It is especially important in the case of the frequently used session-based cryptographic keys.
Efficient memory read/ write - the new memory management scheme should not greatly degrade the performance of the encryption and decryption processes.
Effective memory usage - extra memory overhead should be reduced as much as possible.
Initialization
|
Function name |
void mmm_randheap_init() |
|
|
Macro name |
RandheapInit() |
|
|
Parameters |
NIL |
|
|
Description |
|
Initialize the randomize heap |
|
Function name |
MMM_Block_Handle_Entry * mmm_randheap_malloc (long size) |
|
|
Macro name |
RandheapMalloc(S) |
|
|
Return value |
Pointer to data object MMM_Block_Handle_Entry |
|
|
Parameters |
long size |
Number of words (short) required |
|
Description |
|
Requested size no. of words from the randomized heap |
|
Function name |
void mmm_randheap_free (MMM_Block_Handle_Entry *handle) |
|
|
Macro name |
RandheapFree(H) |
|
|
Return value |
NIL |
|
|
Parameters |
MMM_Block_Handle_Entry *handle |
Pointer to block handle entry |
|
Description |
|
Free the data object pointed to by handle back to the randomized heap |
|
Function name |
Word mmm_randheap_setword (MMM_Block_Handle_Entry *handle, long offset, short value) |
|
|
Macro name |
RandheapSetword(H,O,V) |
|
|
Return value |
Word |
Return value V |
|
Parameters |
MMM_Block_Handle_Entry *handle |
Pointer to block handle entry |
|
|
long offset |
The index of data element within the object |
|
|
short value |
The value to be stored |
|
Description |
|
Set the content stored in the randomized heap pointed to by handle with offset to value |
|
Function name |
Word mmm_randheap_getword (MMM_Block_Handle_Entry *handle, long offset) |
|
|
Macro name |
RandheapSetword(H,O) |
|
|
Return value |
Word |
Return value |
|
Parameters |
MMM_Block_Handle_Entry *handle |
Pointer to block handle entry |
|
|
long offset |
The index of data element within the object |
|
Description |
|
Get the content stored in the randomized heap pointed to by handle with offset and return it |
|
Function name |
void mmm_randheap_dump() |
|
|
Macro name |
RandheapDump() |
|
|
Return value |
NIL |
|
|
Parameters |
NIL |
|
|
Description |
|
Dump the current content of the randomized heap |