Extracting the Secrets of OpenSSL with RAMBleed
Concomitant with the increasing density of semiconductors, various attacks that threaten the integrity and security of dynamic random access memory (DRAM) have been devised. Among these, a side-channel attack called RAMBleed is a prolific one that utilizes a general user-level account without specia...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2022-05-01
|
| Series: | Sensors |
| Subjects: | |
| Online Access: | https://www.mdpi.com/1424-8220/22/9/3586 |
| _version_ | 1797502691258138624 |
|---|---|
| author | Chihiro Tomita Makoto Takita Kazuhide Fukushima Yuto Nakano Yoshiaki Shiraishi Masakatu Morii |
| author_facet | Chihiro Tomita Makoto Takita Kazuhide Fukushima Yuto Nakano Yoshiaki Shiraishi Masakatu Morii |
| author_sort | Chihiro Tomita |
| collection | DOAJ |
| description | Concomitant with the increasing density of semiconductors, various attacks that threaten the integrity and security of dynamic random access memory (DRAM) have been devised. Among these, a side-channel attack called RAMBleed is a prolific one that utilizes a general user-level account without special rights to read secret information. Studies have reported that it can be used to obtain OpenSSH secret keys. However, a technique for deriving the Rivest–Shamir–Adleman (RSA) secret keys used in OpenSSL under realistic parameters and environments has not been reported. We propose a method that uses RAMBleed to obtain OpenSSL secret keys and demonstrate its efficacy using the example of an Apache server. The proposed method exploits the fact that, in the operation of an Apache server that uses OpenSSL, the RSA private keys are deployed on DRAM at a set time. Although the result of reading this secret information contains a few errors, error-free secret information is obtainable when it is used with RSA cryptanalysis techniques. We performed a series of attacks incorporating RAMBleed and eventually retrieved the OpenSSL RSA private key, indicating that secret information is obtainable with high probability. The proposed method can easily and externally be executed without administrator privileges on a server using DRAM that is vulnerable to RAMBleed, showing that RAMBleed is also a major threat to OpenSSL. |
| first_indexed | 2024-03-10T03:39:41Z |
| format | Article |
| id | doaj.art-073fc9d866ab4c33a095dbd64b686cf6 |
| institution | Directory Open Access Journal |
| issn | 1424-8220 |
| language | English |
| last_indexed | 2024-03-10T03:39:41Z |
| publishDate | 2022-05-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Sensors |
| spelling | doaj.art-073fc9d866ab4c33a095dbd64b686cf62023-11-23T09:20:38ZengMDPI AGSensors1424-82202022-05-01229358610.3390/s22093586Extracting the Secrets of OpenSSL with RAMBleedChihiro Tomita0Makoto Takita1Kazuhide Fukushima2Yuto Nakano3Yoshiaki Shiraishi4Masakatu Morii5Graduate School of Engineering, Kobe University, Kobe 657-8501, JapanGraduate School of Information Science, University of Hyogo, Kobe 651-2197, JapanInformation Security Laboratory, KDDI Research, Inc., Saitama 356-8502, JapanInformation Security Laboratory, KDDI Research, Inc., Saitama 356-8502, JapanGraduate School of Engineering, Kobe University, Kobe 657-8501, JapanGraduate School of Engineering, Kobe University, Kobe 657-8501, JapanConcomitant with the increasing density of semiconductors, various attacks that threaten the integrity and security of dynamic random access memory (DRAM) have been devised. Among these, a side-channel attack called RAMBleed is a prolific one that utilizes a general user-level account without special rights to read secret information. Studies have reported that it can be used to obtain OpenSSH secret keys. However, a technique for deriving the Rivest–Shamir–Adleman (RSA) secret keys used in OpenSSL under realistic parameters and environments has not been reported. We propose a method that uses RAMBleed to obtain OpenSSL secret keys and demonstrate its efficacy using the example of an Apache server. The proposed method exploits the fact that, in the operation of an Apache server that uses OpenSSL, the RSA private keys are deployed on DRAM at a set time. Although the result of reading this secret information contains a few errors, error-free secret information is obtainable when it is used with RSA cryptanalysis techniques. We performed a series of attacks incorporating RAMBleed and eventually retrieved the OpenSSL RSA private key, indicating that secret information is obtainable with high probability. The proposed method can easily and externally be executed without administrator privileges on a server using DRAM that is vulnerable to RAMBleed, showing that RAMBleed is also a major threat to OpenSSL.https://www.mdpi.com/1424-8220/22/9/3586rowhammerRAMBleedOpenSSLside-channel attackkey recovery attackRSA |
| spellingShingle | Chihiro Tomita Makoto Takita Kazuhide Fukushima Yuto Nakano Yoshiaki Shiraishi Masakatu Morii Extracting the Secrets of OpenSSL with RAMBleed Sensors rowhammer RAMBleed OpenSSL side-channel attack key recovery attack RSA |
| title | Extracting the Secrets of OpenSSL with RAMBleed |
| title_full | Extracting the Secrets of OpenSSL with RAMBleed |
| title_fullStr | Extracting the Secrets of OpenSSL with RAMBleed |
| title_full_unstemmed | Extracting the Secrets of OpenSSL with RAMBleed |
| title_short | Extracting the Secrets of OpenSSL with RAMBleed |
| title_sort | extracting the secrets of openssl with rambleed |
| topic | rowhammer RAMBleed OpenSSL side-channel attack key recovery attack RSA |
| url | https://www.mdpi.com/1424-8220/22/9/3586 |
| work_keys_str_mv | AT chihirotomita extractingthesecretsofopensslwithrambleed AT makototakita extractingthesecretsofopensslwithrambleed AT kazuhidefukushima extractingthesecretsofopensslwithrambleed AT yutonakano extractingthesecretsofopensslwithrambleed AT yoshiakishiraishi extractingthesecretsofopensslwithrambleed AT masakatumorii extractingthesecretsofopensslwithrambleed |