The new OpenSSH patch makes it harder to execute attacks such as Spectre, Meltdown, Rowhammer and Rambleed. Credit: 13threephotography / Getty Images The OpenSSH project has received a patch that prevents private keys from being stolen through hardware vulnerabilities that allow hackers to access restricted memory regions from unprivileged processes. The same approach could be used by other software application to protect their secrets in RAM until the issues are fixed in future generations of SDRAM chips and CPUs.The patch comes after a team of researchers recently presented an attack dubbed RAMBleed that exploits the design of modern memory modules in to extract information from memory regions allocated to privileged processes and the kernel.RAMBleed uses a software technique called Rowhammer to trigger bit flips inside physical memory cells and then recover sensitive information through a side channel. The researchers demonstrated their attack by recovering an RSA 2048-bit signing key from an OpenSSH server using code running with user-level privileges.Modern operating systems isolate the virtual memory allocated to the kernel from that of user-space applications. This is done because kernel memory contains sensitive data, including encryption keys and passwords, that should not be directly accessible to unprivileged applications. Any violation of this fundamental principle is a critical security flaw, because of the many ways in which attackers can gain code execution permissions on computer systems, including through malware infections or vulnerabilities in various user-space applications. The attack surface of all the unprivileged applications running on a computer is much greater than that of the kernel itself.OpenSSH patch encrypts private keysThe new OpenSSH patch, submitted by OpenBSD developer Damien Miller, is meant to “add protection for private keys at rest in RAM against speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed.” Spectre, Meltdown and, more recently, Microarchitectural Data Sampling (MDS) are side-channel attacks that take advantage of the speculative execution functionality in modern CPUs — a feature designed to improve performance. Some of these attacks can be used to read protected kernel memory.The new OpenSSH patch encrypts private keys when they reside in memory and are not being actively used with another symmetric key that is derived from 16KB of random data. “Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit-error rates that, when applied cumulatively to the entire prekey, make this unlikely,” Miller explained in the patch comments. “Implementation-wise, keys are encrypted ‘shielded’ when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised.”Patch could see wide use or be copied for other softwareOpenSSH is the most popular implementation of the SSH (Secure Shell) protocol, which is used to remotely access and manage computer systems and servers, but also for automated machine-to-machine communications. It was originally designed for OpenBSD, but it’s also used by default in most Linux distributions today and is supported in Windows 10.The approach used by OpenSSH could be copied by other software projects to protect their own keys and secrets in memory. However, as the patch notes imply, the technique makes successful side-channel attacks less likely, not impossible.Attacks are always being improved so it’s possible that some RAMBleed or Meltdown/Spectre variations discovered in the future could defeat this mitigation. The underlying design flaws will be fixed in future hardware, but replacing the CPUs and SDRAM chips in use today will take many years.It’s reasonable to assume that these hardware attacks, and any future ones, will have a long-term impact on enterprise IT, so anything that developers can do in software to partially mitigate the flaws and make attacks harder to pull off, is extremely useful. “Hopefully we can remove this in a few years’ time when computer architecture has become less unsafe,” Miller added at the end of his patch. Related content news analysis Attackers breach US government agencies through ColdFusion flaw Both incidents targeted outdated and unpatched ColdFusion servers and exploited a known vulnerability. By Lucian Constantin Dec 06, 2023 5 mins Advanced Persistent Threats Advanced Persistent Threats Advanced Persistent Threats news BSIMM 14 finds rapid growth in automated security technology Embrace of a "shift everywhere" philosophy is driving a demand for automated, event-driven software security testing. By John P. Mello Jr. Dec 06, 2023 4 mins Application Security Network Security news Almost 50% of organizations plan to reduce cybersecurity headcounts: Survey While organizations are realizing the need for knowledgeable teams to address unknown threats, they are also looking to reduce their security headcount and infrastructure spending. By Gagandeep Kaur Dec 06, 2023 4 mins IT Jobs Security Practices feature 20 years of Patch Tuesday: it’s time to look outside the Windows when fixing vulnerabilities After two decades of regular and indispensable updates, it’s clear that security teams need take a more holistic approach to applying fixes far beyond the Microsoft ecosystem. By Susan Bradley Dec 06, 2023 6 mins Patch Management Software Threat and Vulnerability Management Windows Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe