6.5 C
New York
Thursday, October 21, 2021

RAMBleed: OpenSSH develops protection against sidechannel attacks

Must Read

US CDC Alert: Fresh whole onions linked to Salmonella outbreak

US CDC warned, adding, people who have unlabeled whole red, white, or yellow onions at home to...

A new infectious disease is spreading in New York – experts warn

The city of New York has recorded an upsurge in human cases of leptospirosis, a bacterial disease...

People with this blood group are more exposed to COVID-19 – says research

Recent research adds more evidence that blood type may influence a person's risk for COVID-19 infection and...
Kamal Saini
Kamal S. has been Journalist and Writer for Business, Hardware and Gadgets at Revyuh.com since 2018. He deals with B2b, Funding, Blockchain, Law, IT security, privacy, surveillance, digital self-defense and network policy. As part of his studies of political science, sociology and law, he researched the impact of technology on human coexistence. Email: kamal (at) revyuh (dot) com

In-memory keys are better protected by OpenSSH in the future. This should make sidechannel attacks on the main memory such as Specter, Meltdown, Rowhammer and RAMBleed more difficult. For this purpose, the private SSH keys are encrypted in memory with a symmetric key. This “is derived from a relatively large ‘prekey’ consisting of random data (currently 16 KB),” writes OpenSSH developer Damien Miller.

Attackers would have to restore the entire symmetric key with high accuracy before they could recover the private SSH key, writes Miller. “The current generation of attacks, however, has bit error rates that make it unlikely when applied cumulatively to the entire key.”

Only recently, a variant of the Rowhammer attack was introduced, with which the memory can be read out. To demonstrate the practical implications of this attack called RAMBleed, the explorers read an RSA key of an OpenSSH server on a Linux system. At the same time, it eased the attack that RSA already knows only a fragment of a private key. The rest can be calculated from it. The symmetric encryption of the OpenSSH keys in the work memory is intended to protect against such attack scenarios or at least make them much more difficult.

For eternity, however, securing the keys should not be. “Hopefully we can remove this in a few years, when the computer architecture has become less uncertain,” writes Miller.

- Advertisement -


Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

- Advertisement -

More Articles Like This

- Advertisement -