加密：内存中键的最佳实践？ [英] Cryptography: best practices for keys in memory?

问题描述

背景：
我在数据库中使用AES（即对称加密）加密了一些数据。在（假定的）安全和隔离的Linux机器上运行的服务器端应用程序使用这些数据。它从DB读取加密数据，并回写加密数据，仅处理内存中未加密的数据。
因此，为了做到这一点，应用程序需要将密钥存储在内存中。

Background: I got some data encrypted with AES (ie symmetric crypto) in a database. A server side application, running on a (assumed) secure and isolated Linux box, uses this data. It reads the encrypted data from the DB, and writes back encrypted data, only dealing with the unencrypted data in memory. So, in order to do this, the app is required to have the key stored in memory.

问题是，是否有任何良好的最佳做法这个？

The question is, is there any good best practices for this? Securing the key in memory.

几个想法：

1. 保存不可用的内存（对于linux： SHM_LOCK with shmctl（2）？）


2. 将键分割到多个存储位置。


3. 加密键。


4. 每次从文件加载密钥（缓慢，如果恶意者可以读取我们的内存，他可以可能还读了我们的文件）

1. Keeping it in unswappable memory (for linux: setting SHM_LOCK with shmctl(2) ?)
2. Splitting the key over multiple memory locations.
3. Encrypting the key. With what, and how to keep the...key key.. secure?
4. Loading the key from file each time its required (slow and if the evildoer can read our memory, he can probably read our files too)

一些场景为什么密钥可能泄漏：evildoer获取mem dump / core dump;坏边界检查代码导致信息泄露;

Some scenarios on why the key might leak: evildoer getting hold of mem dump/core dump; bad bounds checking in code leading to information leakage;

第一个似乎是一个很好而且很简单的事情，但其余的呢？其他想法？任何标准规格/最佳实践？

The first one seems like a good and pretty simple thing to do, but how about the rest? Other ideas? Any standard specifications/best practices?

感谢您的任何输入！

推荐答案

p>所有取决于你的偏执的水平和密钥/数据的敏感性。在极端情况下，只要内存中有未加密的密钥，就可以使用 coldboot 技术。 frozencache 有一个有趣的发展，试图打败它。

All depends on the level of your paranoia and the sensitivity of the key/data. In the extreme cases, as soon as you have an unencrypted key in memory, one can retrieve it using coldboot techniques. There is an interesting development at frozencache to try to defeat that. I merely casually read it, did not try it in practice, but it seems like an interesting approach to try.

在锡箔帽关闭的情况下，虽然 - （1），但是我们只是随便阅读它，没有在实践中尝试， （2），（3）看似合理。 （4）不会因为你提到的原因而精确地切割。 （不仅缓慢，但假设你读入堆栈，使用不同的堆栈深度，密钥可能会变为可见多次）。

With the tinfoil hat off, though - (1), (2), (3) do seem reasonable. (4) won't cut it precisely for the reason you mentioned. (Not only it is slow, but assuming you read into the stack, with different stack depths the key might become visible more than once).

假设解密的数据是值得的它，它将在可交换内存，你绝对应该加密交换本身以及。此外，根/ tmp分区也应加密。这是一个相当标准的设置，在操作系统的大多数指南中都可以找到。

Assuming the decrypted data is worth it, and it would be in the swappable memory, you definitely should encrypt the swap itself as well. Also, the root, /tmp partitions should also be encrypted. This is a fairly standard setup which is readily available in most guides for the OSes.

然后，当然，你想确保高级别的物理安全机器本身和最小化它执行的功能 - 代码运行越少，曝光越少。您还可能希望看到如何绝对最小化远程访问此计算机的可能性 - 即使用基于RSA密钥的ssh，这将被另一个主机控制的另一个ACL阻止。在能够登录之前， portknocking 可以用作其他验证向量之一第二主机。为了确保如果主机受到攻击，则更难以获取数据，确保此主机没有到互联网的直接可路由连接。
一般来说，你得到敏感数据的痛苦越大，某人将要去那里的机会越少，但是这也会使普通用户的生活变得痛苦 - 所以需要保持平衡。

And then, of course, you want to ensure the high level of physical security for the machine itself and minimize the functions that it performs - the less code runs, the less the exposure is. You also might want to see how you can absolutely minimize the possibilities for the remote access to this machine as well - i.e. use the RSA-keys based ssh, which would be blocked by another ACL controlled from another host. portknocking can be used as one of the additional vectors of authentications before being able to log in to that second host. To ensure that if the host is compromised, it is more difficult to get the data out, ensure this host does not have the direct routable connection to the internet. In general, the more painful you make it to get to the sensitive data, the less chance someone is going to going to get there, however there this is also going to make the life painful for the regular users - so there needs to be a balance.

如果应用程序是严重的，并且涉及的事物数量很多，最好构建更明确的整体威胁模型，什么是可以预见的可能的攻击向量，并验证您的设置有效地处理它们。 （并且不要忘记包含人为因素： - ）

In case the application is serious and the amount of things at stake is high, it is best to build the more explicit overall threat model and see what are the possible attack vectors that you can foresee, and verify that your setup effectively handles them. (and don't forget to include the human factor :-)

更新：的确，您可以使用专门的硬件来处理加密/解密。然后你不必处理钥匙的存储 - 见Hamish的回答。

Update: and indeed, you might use the specialized hardware to deal with the encryption/decryption. Then you don't have to deal with the storage of the keys - See Hamish' answer.

这篇关于加密：内存中键的最佳实践？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！