Prevent Memory Side Channel Attacks (Core Dumps and Swapping) #24
Labels
development
Standard development
r&d:polykey:core activity 1
Secret Vault Sharing and Secret History Management
r&d:polykey:core activity 2
Cross Platform Cryptography for JavaScript Platforms
Specification
As the PK CLI/Agent is running, we should be protecting our in-memory keys and passwords. Given the lack of "encrypted memory", we need to protect certain buffers from core dumps or swapping.
We have already done a bit of this by using
mlock
on key buffers in PK's keys domain. However that seems quite limited and doesn't prevent the memory from being dumped during a core dump.Note that
mlock
only works on Linux atm. Different operating systems require different strategies.There are similar syscalls that can prevent buffers from being part of a core dump.
However this won't always work, because what about all our TLS libraries? MatrixAI/Polykey#526 There might be many places that the key data get copied to that may be leaked, such as copying key memory from PK to js-encryptedfs.
One way to get around this is to basically prevent core-dump wholesale on the entire process, rather than trying to lock in specific pieces of memory, this is done with ssh-agent:
But again that could be OS-specific.
What we can do is apply some principles:
mlock
on key materialMADV_DONTDUMP
on key materialjs-encryptedfs
, always call-by-referenceAdditional context
Compromise of key material from core dumps and swap memory is actually a real thing. See https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/
Tasks
The text was updated successfully, but these errors were encountered: