iMyFone LockWiper

iMyFone LockWiper

Helps you bypass the iPhone passcode in case you forgot it and the device became unusable or you have to wait for a long time before attempting to unlock it again

FULL VERSION + CRACK
Voicemod

Voicemod

Real-time voice changer that works with any application and comes equipped with an extensive collection of voices and ambient effects

FULL VERSION + CRACK
Flvto Youtube Downloader

Flvto Youtube Downloader

With this simple and intuitive application, you can swiftly download all your favorite online videos to your computer, in just a couple of moves

FULL VERSION + CRACK
Logic Pro X

Logic Pro X

A fully-featured recoding studio that provides a complete set of tools for musicians who need to write, record, edit and mix music

FULL VERSION + CRACK
Internet Download Manager (IDM)

Internet Download Manager (IDM)

Push your Internet connection to the limits and cleverly organize or synchronize download processes with this powerful application

FULL VERSION + CRACK

IT News

Nov 15
The newly discovered Pipka script can delete itself from a website after execution, making it very difficult to detect.
Nov 15
Jamf has built a unique event that digs deep into the community it serves and echoes the big shows Apple used to put on.
Nov 15
Enterprises will soon have access to Azure Arc and Azure Synapse Analytics, two new services that bolster Microsoft's cloud offerings.
Nov 15
The latest version of Windows 10 is little more than a rerun of the May version of the operating system, though it does offer a few new features.
Nov 14
On the same day it unveiled its newest laptop, the company also announced that the new Mac Pro will ship in December.
Nov 13
The software, initially designed to help IT teams track and resolve service requests, can now be configured for use in non-tech areas such as HR and legal.
Nov 13
IBM, which has embraced Apple hardware in a big way, says the employees who use Macs are more likely to stay at the company - and are more productive. The insights came at this weeks Jamf Nation User Conference.

Categories

OpenSSH to protect keys in memory against side-channel attacks

The OpenSSH project has received a patch that prevents private keys from being stolen through hardware vulnerabilities that allow hackers to access restricted memory regions from unprivileged processes. The same approach could be used by other software application to protect their secrets in RAM until the issues are fixed in future generations of SDRAM chips and CPUs.

The patch comes after a team of researchers recently presented an attack dubbed RAMBleed that exploits the design of modern memory modules in to extract information from memory regions allocated to privileged processes and the kernel.

RAMBleed uses a software technique called Rowhammer to trigger bit flips inside physical memory cells and then recover sensitive information through a side channel. The researchers demonstrated their attack by recovering an RSA 2048-bit signing key from an OpenSSH server using code running with user-level privileges.

Modern operating systems isolate the virtual memory allocated to the kernel from that of user-space applications. This is done because kernel memory contains sensitive data, including encryption keys and passwords, that should not be directly accessible to unprivileged applications.

Any violation of this fundamental principle is a critical security flaw, because of the many ways in which attackers can gain code execution permissions on computer systems, including through malware infections or vulnerabilities in various user-space applications. The attack surface of all the unprivileged applications running on a computer is much greater than that of the kernel itself.

OpenSSH patch encrypts private keys

The new OpenSSH patch, submitted by OpenBSD developer Damien Miller, is meant to "add protection for private keys at rest in RAM against speculation and memory sidechannel attacks like Spectre, Meltdown, Rowhammer and Rambleed."

Spectre, Meltdown and, more recently, Microarchitectural Data Sampling (MDS) are side-channel attacks that take advantage of the speculative execution functionality in modern CPUs -- a feature designed to improve performance. Some of these attacks can be used to read protected kernel memory.

The new OpenSSH patch encrypts private keys when they reside in memory and are not being actively used with another symmetric key that is derived from 16KB of random data. "Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit-error rates that, when applied cumulatively to the entire prekey, make this unlikely," Miller explained in the patch comments. "Implementation-wise, keys are encrypted 'shielded' when loaded and then automatically and transparently unshielded when used for signatures or when being saved/serialised."

Patch could see wide use or be copied for other software

OpenSSH is the most popular implementation of the SSH (Secure Shell) protocol, which is used to remotely access and manage computer systems and servers, but also for automated machine-to-machine communications. It was originally designed for OpenBSD, but it's also used by default in most Linux distributions today and is supported in Windows 10.

The approach used by OpenSSH could be copied by other software projects to protect their own keys and secrets in memory. However, as the patch notes imply, the technique makes successful side-channel attacks less likely, not impossible.

Attacks are always being improved so it's possible that some RAMBleed or Meltdown/Spectre variations discovered in the future could defeat this mitigation. The underlying design flaws will be fixed in future hardware, but replacing the CPUs and SDRAM chips in use today will take many years.

It's reasonable to assume that these hardware attacks, and any future ones, will have a long-term impact on enterprise IT, so anything that developers can do in software to partially mitigate the flaws and make attacks harder to pull off, is extremely useful. "Hopefully we can remove this in a few years' time when computer architecture has become less unsafe," Miller added at the end of his patch.

This story, "OpenSSH to protect keys in memory against side-channel attacks" was originally published by CSO.