A new study has demonstrated that it’s possible for passive network attackers to obtain private RSA host keys from a vulnerable SSH server by observing when naturally occurring computational faults that occur while the connection is being established.
The Secure Shell (SSH) protocol is a method for securely transmitting commands and logging in to a computer over an unsecured network. Based on a client-server architecture, SSH uses cryptography to authenticate and encrypt connections between devices.
In other words, a passive adversary can quietly keep track of legitimate connections without risking detection until they observe a faulty signature that exposes the private key. The bad actor can then masquerade as the compromised host to intercept sensitive data and stage adversary-in-the-middle (AitM) attacks.
“These attacks provide a concrete illustration of the value of several design principles in cryptography: encrypting protocol handshakes as soon as a session key is negotiated to protect metadata, binding authentication to a session, and separating authentication from encryption keys,” the researchers said.
The findings come two months after the disclosure of Marvin Attack, a variant of the ROBOT (short for “Return Of Bleichenbacher’s Oracle Threat”) Attack which allows a threat actor to decrypt RSA ciphertexts and forge signatures by exploiting security weaknesses in PKCS #1 v1.5.
Source: https://thehackernews.com/