SSH: private keys at risk of theft due to a calculation error

SSH (Secure Shell) is a network protocol that allows you to establish a secure, encrypted connection between two devices, allowing access to a remote system and its remote management. Using SSH is critical for safety of communications on insecure networks, such as the Internet. When you connect to a server using SSH, the communication between the client and the server (and vice versa) is encrypted, preventing third parties from intercepting the traffic.

The use of the SSH protocol is essential, for example, for the administration of Linux servers as well as for accessing systems cloudal file system of a wide range of network devices such as routers, access points, NAS, Internet of Things (IoT) devices and so on.

How an SSH connection works

Each SSH connection bases its operation on an exchange process cryptographic keys, authentication and encryption. The “signing” process at the time of establishing a SSH connection it is a fundamental step that involves the use of public and private.

The client and server must each have a pair of cryptographic keys: the client keeps its secret private key, while the public key is shared with the server. The approach is exactly what asymmetric cryptography is based on. The server, in turn, has a list of public keys authorized for valid users. If the public key is valid, the server accepts the connection request.

Once the initial connection is established, the client and server must mutually confirm theirs identity to prevent “type” attacksman-in-the-middle“. To do this, the client generates a business using its private key and sends it to the server.

The server uses the client’s public key, already in its possession, to check with the company sent. If the verification is successful, the server can be sure that the request comes from the authentic client that has the private key corresponding to the provided public key.

SSH private keys can be stolen when a calculation error occurs

A group of researchers has discovered a critical vulnerability in the management of cryptographic keys used to protect SSH connections. A significant portion of private keys can be compromised due to computational errors while setting up the connection.

As explained in the technical document entitled Passive SSH Key Compromise via Lattices, the researchers managed to derive private keys used to access publicly exposed resources on the Internet via SSH. The vulnerability in question only affects keys that use the RSA cryptographic algorithm.

About a third of SSH companies examined by scholars, and collected over approximately 7 years of activity, they use RSA: 1 billion signatures out of a total of 3.2 billion. Of these, approximately one million expose the private key of the host authorized to establish a connection.

Sure, it’s a small number. However, it cannot help but ring a bell. Previously, in fact, it was thought that signature errors exposed only the RSA keys used with the TLS protocol (Transport Layer Security), used to encrypt web and email traffic. Instead, it was believed that the SSH traffic was immune to such attacks, since passive attackers could not see some essential information.

The researchers instead highlighted that it is in fact possible to passively recover an RSA key from a faulty signature even with the SSH and IPsec protocols. Yes, even VPN-based connections IPsec they may therefore be vulnerable. In all cases, an attacker can impersonate another user and establish connections in his stead.

What are the solutions to the described problem

The exact causes of the issues that can lead to computational errors, which in turn are responsible for the exposure of private keys, are not well understood. However, they appear to be linked to flaws in cryptographic accelerators and hardware problems. There resolution of these problems appears rather complex and any countermeasures are limited to the most recent firmware versions of the various devices and applications.

Researchers highlight the importance of multiple defenses in cryptographic implementations and the need to design more robust protocols against computational errors. The article also highlights that similar attacks could target secret keys used in post-quantum algorithms.

However, it is important to always install and use the latest firmware as well as most updated versions of software that supports SSH. It is also good to use monitoring tools of SSH traffic to identify any faulty signatures and suspicious activity. Close monitoring of access logs helps you respond promptly to any red flags.

The limitation of privileges it then plays an essential role: the rights of the accounts linked to the various SSH keys should be reduced to a minimum in order to reduce the potential attack surface.

The IT security It’s an ongoing process: Threat awareness and the adoption of improved security practices are critical to maintaining a secure environment.

Opening image credit:


Please enter your comment!
Please enter your name here