OpenSSH gets protection against attacks like Spectre, Meltdown, Rowhammer, and Rambleed

[The AchieVer]

OpenSSH gets protection against attacks like Spectre, Meltdown, Rowhammer, and Rambleed

OpenSSH to encrypt SSH private keys while at rest in a computer's RAM.

 

 

 

 

The OpenSSH project is getting protection against side-channel attacks that are known to leak data from a computer's memory, and allow malicious threat actors to steal sensitive information.

 

The protections were added to the OpenSSH code yesterday, June 20, by Damien Miller, a Google security researcher, and one of the top OpenSSH and OpenBSD developers.

OPENSSH TO ENCRYPT PRIVATE KEYS IN RAM

According to Miller, OpenSSH will encrypt SSH (Secure SHell) private keys while they are at rest inside a computer's RAM. SSH private keys can be used by malicious threat actors to connect to remote servers without the need of a password.

 

If an attacker manages to extract data from a computer or server's RAM, they will only obtain an encrypted version of a SSH private key, rather than the cleartext version.

 

Per Miller, this protection will be able to stop side-channel attacks like Spectre, Meltdown, Rowhammer, and Rambleed, dead in their tracks.

 

These attacks have come to light in recent years. They are the work of academic research, which found hardware design faults in CPUs and RAM components. These faults can be exploited to leak data being processed inside the CPU or RAM.

ENCRYPTION ENOUGH TO STOP SOME ATTACKS

 

According to Miller's code commit, "this change encrypts private keys when they are not in use with a symmetic key that is derived from a relatively large 'prekey' consisting of random data (currently 16KB)."

 

"Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely," he added.

 

"Implementation-wise, keys are encrypted 'shielded' when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised," Miller said.

 

The OpenSSH dev hopes they'll be able to remove this special protection against side-channel attacks "in a few years time when computer architecture has become less unsafe."

 

OpenSSH is the default SSH client in most operating systems, from OpenBSD (for which it was initially developed for) to Windows 10 (the latest OS to support it).

 

 

 

Source

[steven36]

A commit for the OpenSSH project adds protection for private keys in memory when they are not in use, making it more difficult for an adversary to extract them through side-channel attacks leveraging hardware vulnerabilities.

 

 

OpenSSH is the most popular implementation of the SSH (Secure Shell) protocol, being the default solution in many Linux distributions for encrypting connections to a remote system.

 

The modification comes from Damien Miller, OpenBSD developer and security researcher at Google. The protection provided through his change consists in applying symmetric encryption to the OpenSSH private keys stored in RAM.

Keeping private keys encrypted

Miller says that his commit makes attacks like Spectre, Meltdown, Rowhammer and the more recent RAMBleed, which researchers demonstrated by stealing an OpenSSH key from RAM.

 

The symmetric key safeguarding the private keys in the memory “is derived from a relatively large ‘prekey’ consisting of random data (currently 16KB),” Miller explains in the commit note.

 

The way this works is that the keys are encrypted when they are loaded in the memory and decrypted whenever they are needed for signing or have to be saved.

 

While this precaution is not a complete solution against hardware attacks, it does make it harder for an attacker to achieve success.

 

“Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely.”

 

New developments in existing attacks may emerge, which could work around this protection.

 

This change in OpenSSH is intended for the long term but the goal is not to become permanent; Miller hopes that his commit could be pulled when hardware becomes more secure.

 

“Hopefully we can remove this in a few years time when computer architecture has become less unsafe,” the developer wrote.

 

Source

[Karlston]

Similar topics merged.