TABLE OF CONTENTS The majority of current crypto implementations run under general-purpose operating systems with a relatively low level of security, alongside which exist a limited number of smart-card assisted implementations that store a private key in, and perform private-key operations with, a smart card. Complementing these are an even smaller number of implementations that perform further operations in dedicated (and generally very expensive) hardware.
The advantage of software-only implementations is that they are inexpensive and easy to deploy. The disadvantage of these implementations is that they provide a very low level of protection for cryptovariables, and that this low level of security is unlikely to change in the future. For example Windows NT provides a function ReadProcessMemory() that allows a process to read the memory of (almost) any other process in the system. This was originally intended to allow debuggers to establish breakpoints and maintain instance data for other processes [1], but in practice it allows both passive attacks such as scanning memory for high-entropy areas that constitute keys [2] and active attacks in which a target process' code or data is modified to provide supplemental functionality of benefit to a hostile process.
This type of modification would typically be performed by obtaining the target process' handle, using SuspendThread () to halt it, VirtualProtectEx() to make the code pages writeable, WriteProcessMemory () to modify the code, and ResumeThread() to restart the process' execution (these are ali standard Windows...
