Can Keys be Hidden Inside the CPU on Modern Windows Host

摘要

The "Truly-Protect" trusted computing environment by Averbuch et al (2011) relies on encryption keys being hidden from external software and crackers. "Truly-Protect" saves the keys in internal registers inside the CPU. Such external keys should not be accessible by any software that runs on the machine prior to "Truly-Protect" validation or even after "Truly-Protect" validation. The assumption is that the hackers cannot reverse engineer the CPU and discover the content of these registers. But is it really possible to hide keys in such places? Internal CPU memory is indeed not available for user processes. However, the CPU memory and registers are accessible from the running operating system kernel. Truly protect uses a validation protocol that also verifies the Operating system kernel does not include malicious additions. These tests should ensure a cracker has not modified the OS. But Modern Windows operating system support loading new kernel code segments (drivers) even during the operating system runtime. Can we prevent modifying the kernel (loading drivers) after "Truly-protect" has verified the kernel? In this work we examine modern Intel CPUs available on desktop PCs and the latest releases of Microsoft Windows (windows 7,8) for existence of good hiding places for the encryption keys.