OpenSSH to protect keys in memory against side-channel attacks

The OpenSSH project has received a patch that prevents private keys from being stolen through hardware vulnerabilities that allow hackers to access restricted memory regions from unprivileged processes. The same approach could be used by other software application to protect their secrets in RAM until the issues are fixed in future generations of SDRAM chips and CPUs.

The patch comes after a team of researchers recently presented an attack dubbed RAMBleed that exploits the design of modern memory modules in to extract information from memory regions allocated to privileged processes and the kernel.

RAMBleed uses a software technique called Rowhammer to trigger bit flips inside physical memory cells and then recover sensitive information through a side channel. The researchers demonstrated their attack by recovering an RSA 2048-bit signing key from an OpenSSH server using code running with user-level privileges.

Modern operating systems isolate the virtual memory allocated to the kernel from that of user-space applications. This is done because kernel memory contains sensitive data, including encryption keys and passwords, that should not be directly accessible to unprivileged applications.

Any violation of this fundamental principle is a critical security flaw, because of the many ways in which attackers can gain code execution permissions on computer systems, including through malware infections or vulnerabilities in various user-space applications. The attack surface of all the unprivileged applications running on a computer is much greater than that of the kernel itself.

OpenSSH patch encrypts private keys

The new OpenSSH patch, submitted by OpenBSD developer Damien Miller, is meant to “add protection for private keys at rest in RAM against speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed.”

Spectre, Meltdown and, more recently, Microarchitectural Data Sampling (MDS) are side-channel attacks that take advantage of the speculative execution functionality in modern CPUs — a feature designed to improve performance. Some of these attacks can be used to read protected kernel memory.

The new OpenSSH patch encrypts private keys when they reside in memory and are not being actively used with another symmetric key that is derived from 16KB of random data. “Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit-error rates that, when applied cumulatively to the entire prekey, make this unlikely,” Miller explained in the patch comments. “Implementation-wise, keys are encrypted ‘shielded’ when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised.”

Patch could see wide use or be copied for other software

OpenSSH is the most popular implementation of the SSH (Secure Shell) protocol, which is used to remotely access and manage computer systems and servers, but also for automated machine-to-machine communications. It was originally designed for OpenBSD, but it’s also used by default in most Linux distributions today and is supported in Windows 10.

The approach used by OpenSSH could be copied by other software projects to protect their own keys and secrets in memory. However, as the patch notes imply, the technique makes successful side-channel attacks less likely, not impossible.

Attacks are always being improved so it’s possible that some RAMBleed or Meltdown/Spectre variations discovered in the future could defeat this mitigation. The underlying design flaws will be fixed in future hardware, but replacing the CPUs and SDRAM chips in use today will take many years.

It’s reasonable to assume that these hardware attacks, and any future ones, will have a long-term impact on enterprise IT, so anything that developers can do in software to partially mitigate the flaws and make attacks harder to pull off, is extremely useful. “Hopefully we can remove this in a few years’ time when computer architecture has become less unsafe,” Miller added at the end of his patch.