Protecting Cryptographic Keys on Client Platforms Using Virtualization and Raw Disk Image Access
Software cryptosystems face the challenge of secure key management. Recent trends in breaking cryptosystems suggest that it is easier to steal the cryptographic keys from unsecure systems than to break the algorithm itself, a prominent example of such an attack is the cracking of the HD-DVD encryption. This paper presents two methods to hide cryptographic keys in an unsecure machine. The first method uses virtualization to isolate the sections of memory that contain cryptographic keys from an untrusted guest Operating System (OS). Virtualization is an effective method to provide isolation between trusted and un-trusted components of a system.