Researchers Expose Passive Methods Allowing RSA Keys Extraction From SSH Connections
In a recent study, researchers from the University of California, San Diego, and the Massachusetts Institute of Technology have shed light on a concerning vulnerability in Secure Shell (SSH) protocols. This vulnerability allows passive network attackers to obtain private RSA host keys during the connection establishment phase by exploiting computational faults.
SSH serves as a secure method for transmitting commands and logging into computers over unsecured networks, employing cryptography to ensure secure connections between devices in a client-server architecture. The host key, a cryptographic key used for authenticating computers in SSH, is a crucial element of this security process.
The researchers discovered that if a signing implementation using CRT-RSA encounters a fault during signature computation, a passive adversary can exploit this fault to compute the signer’s private key. Essentially, the attacker can quietly observe legitimate connections, remaining undetected until a faulty signature exposes the private key. This discovery unveils a lattice-based key recovery fault attack.
SALE: Benefit from discounted prices on our Courses from 24/11 to 06/12.
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
In their investigation, the researchers successfully retrieved private keys corresponding to 189 unique RSA public keys, linked to devices from manufacturers such as Cisco, Hillstone Networks, Mocana, and Zyxel.
It’s important to note that the release of TLS version 1.3 in 2018 provides a countermeasure to this type of attack. TLS 1.3 encrypts the handshake phase, preventing passive eavesdroppers from accessing signatures.
The significance of these findings is underscored by the demonstration of the value of certain cryptographic design principles. Encrypting protocol handshakes as soon as a session key is negotiated, binding authentication to a session, and separating authentication from encryption keys are identified as crucial measures in preventing such vulnerabilities.
This revelation follows the disclosure of the Marvin Attack, a variant of the ROBOT Attack, emphasizing the ongoing efforts to understand and address evolving threats in cryptographic systems.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: thehackernews.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
