Platform Perils of Crypto

The heaviest use of crypto these days is on personal computers. (Cell phones can hardly be said to use crypto.) I will consider here protection of the private key of the public key technology. Most packages that use private keys keep them encrypted under a password except for the brief times they are actually needed. A virus could, however, patch such packages to add function to make a copy of the private key while it is not encrypted. Then, or later, the private key could be exported from the machine, ‘exfiltrated’, thru any of a variety of channels.

Some technologies keep the private key on external hardware such as a PCI card. This may prevent theft but not abuse of the private key. Watch a virus exploit this plan: The virus patches the code that legitimately operates the card. When it is time to sign some documents, the patched code causes them to be signed as expected, but also submits several other alien packets to be signed as well. These packets have been imported into the machine by colleagues of the virus and the signed packets are then exported as before. The same trick can be done for decryption that requires the private key.

The PCI card makes abuse of the private key less convenient because the intruder must wait for those times when the legitimate user is using his key. If the computer is not always attached to the net, further delays occur.

The virus may be able to steal the password when it is used so as to be able thereafter to use the private key whenever the card is installed.

The only solution to these problems that I am aware of requires a trusted communications path between the holder of the private key and the user. The content of the signed document must also be displayed to the user thru this trusted mechanism.