OpenSSH code gets an update to protect against side-channel attacks

2 min read

Last week, Damien Miller, a Google security researcher, and one of the popular OpenSSH and OpenBSD developers announced an update to the existing OpenSSH code that can help protect against the side-channel attacks that leak sensitive data from computer’s memory. This protection, Miller says, will protect the private keys residing in the RAM against Spectre, Meltdown, Rowhammer, and the latest RAMBleed attack.

SSH private keys can be used by malicious threat actors to connect to remote servers without the need of a password. According to CSO, “The approach used by OpenSSH could be copied by other software projects to protect their own keys and secrets in memory”.

However, if the attacker is successful in extracting the data from a computer or server’s RAM, they will only obtain an encrypted version of an SSH private key, rather than the cleartext version.

In an email to OpenBSD, Miller writes, “this change encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large ‘prekey’ consisting of random data (currently 16KB).”

He further adds, “Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely”.

“Implementation-wise, keys are encrypted ‘shielded’ when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised,” Miller said.

The OpenSSH dev hope they’ll be able to remove this special protection against side-channel attacks “in a few years time when computer architecture has become less unsafe”, Miller said at the end of the patch.

To know more about this announcement in detail, visit Damien Miller’s email.