RAMBleed extracts signing key from OpenSSH server

Researchers found a new vulnerability that impacts the confidentiality of data stored in a computer’s memory. Using it, they were successfully able to extract a signing key from an OpenSSH server using normal user privileges.

Stealing an OpenSSH key

Demonstrating the effect of this attack, the researchers were able to read an RSA-2048 key from a server running OpenSSH 7.9, which was the latest release at the time of the test. The current version is 8.0, available since April 18.

The success measured a rate of 0.3 bits per second and an accuracy of 82%. To obtain the full data, the researchers used a variant of the Heninger-Shacham algorithm that can recover RSA keys from partial information.

To get to the secret information, the researchers developed a method they call Frame Feng Shui that allows them to place the pages containing the coveted data to a desired location in an attacker-chosen the physical memory frame.

RAMBleed received the tracking number CVE-2019-0174 (base score of 3.8 out of 10) and was tested on an HP Prodesk 600 machine powered by an i5-4570 CPU and two Axiom DDR3 4 GiB 1333 MHz non-ECC DIMMs (51264Y3D3N13811), running Ubuntu 18.04.

Although the system uses DDR3 RAM, the researchers say that they “do not suspect DDR4 to be a fundamental limitation, assuming that DDR4 memory retains the property that Rowhammer-induced bit flips are data-dependent.” This conclusion is supported by the fact that Rowhammer-based bit flips on DDR4 memory have been demonstrated in the past.

However, Intel told BleepingComputer that their advice to stay safe against this attack is to use “DRAM modules resistant to Rowhammer style attacks. This includes the majority of DDR4 DRAM modules.” More info is available in an advisory on the issue the company released today.

Defense possibilities

Preventing a RAMBleed attack is possible on systems where memory encryption is active. This can be achieved when the trusted execution environment (TEEs) feature is enabled on the processor.

TEEs like Software Guard Extensions (SGX) from Intel, TrustZone from ARM, or the Secure Encrypted Virtualization (SEV) from AMD, are secure enclaves that apply encryption on the memory they work with.

A method to reduce the risk of this type of read-side attack is to flush encryption keys from memory immediately after using them. This lowers the chances of learning the secret data because RAMBleed needs it to stay in memory for at least one refresh interval, which is 64ms by default.

The new Rowhammer-based attack is thoroughly explained in the paper called “RAMBleed: Reading Bits in Memory Without Accessing Them” available here.