Context: cryptographic keys are usually stored in memory, but that has lots of issues: you can read the keys via a Firewire port (or any other peripheral with Direct Memory Access), or you can time the CPU cache to figure out access patterns, or you can just rip the memory out of the system and read it ("cold-boot attack").
The proposed hack: store the AES key in the debugging registers of an x64 chip, and use the recently introduced AES-NI instructions. This obviously renders the debugging registers unusable (which makes gdb slow), and can only hold a single key, but may well work - I don't know of any attemps to extract data from registers, but recent CPUs are very finely-built devices.
This doesn't necessarily solve every side-channel attack, and, again, can only hold a single key; but it is a cool hack.
Note: the above is based only on a quick reading of this paper; the DBLP paper database has no hits for DBLP, which suggests that this scheme hasn't exactly been carefully vetted - indeed, the paper will be presented at Usenix, held in a week or two.
It's really interesting to see this, as I've had concerns for a while now about keys getting read from memory (while helpful in incident response). Though I wonder if sufficiently privileged processes might not be able to read those registers?
Context: cryptographic keys are usually stored in memory, but that has lots of issues: you can read the keys via a Firewire port (or any other peripheral with Direct Memory Access), or you can time the CPU cache to figure out access patterns, or you can just rip the memory out of the system and read it ("cold-boot attack").
The proposed hack: store the AES key in the debugging registers of an x64 chip, and use the recently introduced AES-NI instructions. This obviously renders the debugging registers unusable (which makes gdb slow), and can only hold a single key, but may well work - I don't know of any attemps to extract data from registers, but recent CPUs are very finely-built devices.
This doesn't necessarily solve every side-channel attack, and, again, can only hold a single key; but it is a cool hack.
Note: the above is based only on a quick reading of this paper; the DBLP paper database has no hits for DBLP, which suggests that this scheme hasn't exactly been carefully vetted - indeed, the paper will be presented at Usenix, held in a week or two.