Browse Prior Art Database

Secret value protection using Stack Trace Hash Disclosure Number: IPCOM000030166D
Original Publication Date: 2004-Jul-30
Included in the Prior Art Database: 2004-Jul-30
Document File: 8 page(s) / 151K

Publishing Venue



This article describes how it is possible to encrypt/decrypt data using the hash value (SHA-1 or MD5) of the caller stack trace. The approach is mainly based on the calculation of a polynomial that acts as encryption key generator: only those stack traces that are granted will generate the correct encryption/decryption key; any other stack trace will conduct the calculus to a wrong encryption key.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 26% of the total text.

Page 1 of 8

Secret value protection using Stack Trace Hash

Secret value protection using Stack Trace Hash


  Batch applications that need to communicate with external entities, such as a database, usually handle some secret information (e.g. passwords), which is, in most cases, necessary to talk with the external entity. As they do not often interact with users, that secret information, once obtained, has to be stored somewhere on local in a file, a registry or a database. Although secrecy of that information seems to be guaranteed by the security associated to the storage location it is however good practice to encrypt the data before storing it.

  Many applications use known algorithms to encrypt data. The key advocated for the encryption is usually hard-coded into the application code making the transformation a typical encoding process rather than a real encryption: once the fixed key is discovered (by reverse engineering the code or adopting other exploits), whatever has been encrypted with such key can be easily decrypted and used by whoever.

  As widely documented in literature, if the Kerckhoffs's law (Auguste Kerckhoffs, La cryptographie militaire, Journal des sciences militaires, vol. IX,) is not met actually no real encryption occurs: "a well-designed cryptographic system, only the key needs to be secret; there should be no secrecy in the algorithm".

  This memo describes an approach that aims to confine and hide the key behind the stack traces of the application.

  A stack trace basically consists of the sequence of function calls that make up an application's execution flow and any other additional run-time content elements that intrinsically characterize that specific application build.

  The approach mainly foresees building a polynomial based on the known application's flows that are being authorized to use the information over time. Such polynomial acts as an encryption key generator: only the stack traces of the granted flows valorizing the polynomial will re-build the right key to decrypt the secret information once it is retrieved from the storage location. Any other stack traces will conduct the calculus to a wrong encryption key.

  Application developers who know the functions of their code that uses the secret information may take advantage of this approach to dynamically calculate the encryption key rather than hard-coding it within their code.


Page 2 of 8

The approach

  The goal of the approach is to confine the key that is going to be used for data encryption behind the functions of the application code authorized to decrypt secret information. The methodology described hereafter leverages the application stack traces for building a polynomial that acts as the intentional representation of the encryption key. The Figure 1 shows the interaction occurring between the main modules of the application.

Figure 1

  The user provides the application with the secret information at either installation time or configuration time. T...