Researchers extract RSA keys from SSH server signing errors

A team of academic researchers from universities in California and Massachusetts demonstrated that it's possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH connection attempts. SSH is a cryptographic network protocol for secure communication, widely employed in remote system access, file transfers, and system administration tasks. RSA is a public-key cryptosystem used in SSH for user authentication. It uses a private, secret key to decrypt communication that is encrypted with a public, shareable key. A paper published by university researchers Keegan Ryan, Kaiwen He, Nadia Heninger, and George Arnold Sullivan, shows that it's possible for a passive network attacker to obtain a private RSA key from SSH servers experiencing faults during signature computation. "If a signing implementation using CRT-RSA has a fault during signature computation, an attacker who observes this signature may be able to compute the signer's private key," the researchers say in the technical paper. The Chinese Remainder Theorem is used with the RSA algorithm to lower the bit size for the public key and speed up the decryption time. "These attacks exploit the fact that if an error is made while computing modulo one prime, say q, then the resulting invalid signature"s" is equivalent to the correct signature modulo one prime factor p, but not q," the researchers further explain. Given a large enough pool of data, an attacker can find and leverage many opportunities for exploitation. It was addressed in TLS 1.3 by encrypting the handshake that establishes the connection, thus preventing passive eavesdroppers from reading the signatures. SSH was previously assumed to be safe from this attack but the researchers proved that it is possible to retrieve RSA secrets using lattice-based attacks that recover the private key from partially known nonces. The researchers note that their tests do not include results "For RSA-1024,SHA512 because the number of unknown bits in the hash is well beyond what we can brute force or solve with lattices." Using their lattice attack, the researchers managed to find 4,962 invalid signatures that revealed the factorization of the corresponding RSA public key, thus allowing the retrieval of private keys corresponding to 189 unique RSA public keys. Many of the retrieved secrets came from devices with vulnerable implementations, the largest number of signatures coming from Zyxel devices. The researchers disclosed the issue to Cisco and Zyxel earlier this year and the vendors investigated for the cause. The company told the researchers that it was looking into mitigations in Cisco IOS and IOS XE Software. Zyxel found that the ZLD firmware version the researchers used in the experiment had switched to using OpenSSL, which eliminates the risk. The researchers warn that if signing implementations using the Chinese Remainder Theorem algorithm with RSA have a fault when computing the signature, an attacker observing the signature may be able to computer the signer's private key. To counter an attacker's ability to retrieve the secret key, the researchers recommend implementations that validate signatures before sending them, such as the OpenSSH suite that relies on OpenSSL to generate signatures. New Marvin attack revives 25-year-old decryption flaw in RSA. Bounty offered for secret NSA seeds behind NIST elliptic curves algo.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Researchers extract RSA keys from SSH server signing errors

Beware of Expired or Compromised Code Signing Certificates - One of the vital security measures taken in this direction is the use of code signing certificates to prove software authenticity, integrity and security. Code signing certificates, used for digitally signing applications and software, are an ...
10 months ago Securityboulevard.com
Researchers extract RSA keys from SSH server signing errors - A team of academic researchers from universities in California and Massachusetts demonstrated that it's possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH ...
10 months ago Bleepingcomputer.com
In a first, cryptographic keys protecting SSH connections stolen in new attack - For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the ...
10 months ago Arstechnica.com
RSA Keys Security: Insights from SSH Server Signing Errors - In the realm of secure communication protocols, RSA keys play a pivotal role in safeguarding sensitive information. Recently, a group of researchers from prominent universities in California and Massachusetts uncovered a vulnerability in the SSH ...
10 months ago Securityboulevard.com
New SSH-Snake Malware Abuses SSH Credentials - Threat actors abuse SSH credentials to gain unauthorized access to systems and networks. SSH credential abuse provides a stealthy entry point for threat actors to compromise and control the targeted systems. On January 4th, 2024, the Sysdig Threat ...
7 months ago Cybersecuritynews.com
CVE-2022-20866 - A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. This ...
2 years ago
Microsoft announces deprecation of 1024-bit RSA keys in Windows - Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security to provide increased security. Rivest-Shamir-Adleman is an asymmetric cryptography system that uses pairs of public and private ...
6 months ago Bleepingcomputer.com
Signing Executables With Azure DevOps - This signing tool is compatible with all major executable files and works impeccably with all OV and EV code signing certificates. It's mostly used with Azure DevOps due to the benefit of Azure Key Vault. Here, you will undergo the complete procedure ...
9 months ago Feeds.dzone.com
Researchers Uncover Simple Technique to Extract ChatGPT Training Data - Can getting ChatGPT to repeat the same word over and over again cause it to regurgitate large amounts of its training data, including personally identifiable information and other data scraped from the Web? The answer is an emphatic yes, according to ...
10 months ago Darkreading.com
CVE-2023-38291 - An issue was discovered in a third-party component related to ro.boot.wifimacaddr, shipped on devices from multiple device manufacturers. Various software builds for the following TCL devices (30Z and 10L) and Motorola devices (Moto G Pure and Moto G ...
5 months ago
Nearly 11 million SSH servers vulnerable to new Terrapin attacks - Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections. The Terrapin attack targets the SSH protocol, affecting both clients and servers, and was developed by academic ...
9 months ago Bleepingcomputer.com
CVE-2023-38298 - Various software builds for the following TCL devices (30Z, A3X, 20XE, 10L) leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party ...
5 months ago
CVE-2023-38301 - An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola ...
5 months ago
CVE-2023-38297 - An issue was discovered in a third-party com.factory.mmigroup component, shipped on devices from multiple device manufacturers. Certain software builds for various Android devices contain a vulnerable pre-installed app with a package name of ...
5 months ago
Millions still haven't patched Terrapin SSH protocol vulnerability - Roughly 11 million Internet-exposed servers remain susceptible to a recently discovered vulnerability that allows attackers with a foothold inside affected networks. Once they're in, attackers compromise the integrity of SSH sessions that form the ...
9 months ago Packetstormsecurity.com
​​Strengthening identity protection in the face of highly sophisticated attacks​​ - We continuously work to improve the built-in security of our products and platforms. It's a multi-year commitment to advance the way we design, build, test, and operate our technology to ensure we deliver solutions that meet the highest possible ...
9 months ago Techcommunity.microsoft.com
CVE-2023-38296 - Various software builds for the following TCL 30Z and TCL A3X devices leak the ICCID to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from ...
5 months ago
Hackers Attacking Linux SSH Servers to Deploy Scanner Malware - Hackers often target Linux SSH servers due to their widespread use in hosting critical services, and the following loopholes make them vulnerable, providing opportunities to hackers for unauthorized access and potential exploitation:-. Cybersecurity ...
9 months ago Gbhackers.com
CVE-2023-48795 - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client ...
5 months ago
A Cost-Effective Encryption Strategy Starts With Key Management - Companies have a problem with encryption: While many businesses duly encrypt sensitive data, there is no standard strategy for deploying and managing an key-management infrastructure. Every organization needs to make a large number of decisions in ...
4 months ago Darkreading.com
Debian and Ubuntu Fixed OpenSSH Vulnerabilities - Debian and Ubuntu have released security updates for their respective OS versions, addressing five flaws discovered in the openssh package. In this article, we will delve into the intricacies of these vulnerabilities, shedding light on their nature ...
9 months ago Securityboulevard.com
Google Researchers' Attack Prompts ChatGPT to Reveal Its Training Data - A team of researchers primarily from Google's DeepMind systematically convinced ChatGPT to reveal snippets of the data it was trained on using a new type of attack prompt which asked a production model of the chatbot to repeat specific words forever. ...
10 months ago 404media.co
CVE-2023-6237 - Issue summary: Checking excessively long invalid RSA public keys may take ...
5 months ago
New BLUFFS attack lets attackers hijack Bluetooth connections - Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle attacks. Daniele Antonioli, who discovered the attacks, ...
10 months ago Bleepingcomputer.com
Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk - Google is disputing a security vendor's report this week about an apparent design weakness in Google Workspace that puts users at risk of data theft and other potential security issues. According to Hunters Security, a flaw in Google Workspace's ...
10 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)