Passive network attackers can exploit vulnerabilities in SSH servers to obtain private RSA host keys. By observing computational faults during connection establishment [1] [2] [3], these attackers can masquerade as compromised hosts and intercept sensitive data [2] [3]. This lattice-based key recovery fault attack has been successful in retrieving private keys for 189 unique RSA public keys associated with devices manufactured by Cisco, Hillstone Networks [2] [3], Mocana [2] [3], and Zyxel [2] [3]. To enhance security, TLS version 1.3 encrypts the handshake to prevent eavesdroppers from accessing signatures [2]. This article emphasizes the importance of encrypting protocol handshakes, binding authentication to a session [2], and separating authentication from encryption keys [2]. Additionally, there is another attack known as the Marvin Attack, which is a variant of the ROBOT Attack [2]. It exploits security weaknesses in PKCS #1 v1.5 to decrypt RSA ciphertexts and forge signatures [2].
Description
Passive network attackers can obtain private RSA host keys from a vulnerable SSH server by observing computational faults during connection establishment [1] [2] [3]. This lattice-based key recovery fault attack allows them to masquerade as the compromised host and intercept sensitive data. The attack has been used to retrieve private keys for 189 unique RSA public keys associated with devices manufactured by Cisco, Hillstone Networks [2] [3], Mocana [2] [3], and Zyxel [2] [3]. To prevent eavesdroppers from accessing signatures [2], TLS version 1.3 encrypts the handshake [2]. The researchers emphasize the importance of encrypting protocol handshakes [2], binding authentication to a session [2], and separating authentication from encryption keys [2]. Additionally, there is another attack called the Marvin Attack, which is a variant of the ROBOT Attack [2]. It exploits security weaknesses in PKCS #1 v1.5 to decrypt RSA ciphertexts and forge signatures [2].
Conclusion
This attack has significant implications for network security, as it demonstrates the vulnerability of SSH servers and the potential for private key compromise. To mitigate the risk, it is crucial to encrypt protocol handshakes, bind authentication to a session [2], and separate authentication from encryption keys [2]. Additionally, the Marvin Attack highlights the need to address security weaknesses in PKCS #1 v1.5 to prevent RSA ciphertext decryption and signature forgery. Moving forward, it is essential for organizations to prioritize these security measures to protect sensitive data and maintain the integrity of their networks.
References
[1] https://ciso2ciso.com/experts-uncover-passive-method-to-extract-private-rsa-keys-from-ssh-connections-sourcethehackernews-com/
[2] https://thehackernews.com/2023/11/experts-uncover-passive-method-to.html
[3] https://vulners.com/thn/THN:E165B7937733852FA7B51AD6A93264E4
