[ad_1]
The Rowhammer exploit, which allows unprivileged attackers to corrupt or modify data stored in vulnerable memory chips, has evolved over the last four years to take various malicious actions, including elevating system privileges and exiting security sandboxes, rooting of Android phones, and taking control of virtual machines that are supposedly impregnable. Now researchers unveil a new attack using Rowhammer to extract cryptographic keys or other secrets stored in vulnerable DRAM modules.
Like previous Rowhammer-based attacks, the new RAMBleed data stealing technique exploits the increasingly smaller dimensions of DRAM chips that store the data a computer needs to perform various tasks. Rowhammer's attacks work by quickly accessing or hammering physical lines inside vulnerable chips to flip bits into neighboring lines, meaning that the 1s become 0s and vice versa. Attacks work because, as the capacitors get closer, they leak more quickly the electrical charges that store the bits. At one point, these twists were only a little more than an exotic crash phenomenon that we knew was only triggered by cosmic rays. However, when it is induced with surgical precision, as researchers have shown over the past four years, Rowhammer can have potentially serious effects on the safety of devices using vulnerable chips.
A new side channel
RAMBleed takes Rowhammer in a new direction. Rather than using bit reversals to modify sensitive data, the new technique exploits the hardware bug to extract sensitive data stored in areas of memory forbidden to attackers. Attacks only require the exploit to hammer memory locations to which the exploit code already has permission to access. In addition, the data extraction can work even when the DRAM protected by error correction code detects and reverses a malicious bit reversal.
In addition to opening a previously unknown side channel allowing attackers to derive sensitive data, the attack also introduces new ways for an unprivileged exploit code to load cryptographic keys or other covert data into the lines. selected DRAMs that can be retrieved. By combining memory massage techniques with this new side-channel attack, researchers (from the University of Michigan, Graz University of Technology, University of Adelaide and Data61) were able to extract a 2048-bit RSA signing key from an OpenSSH. server using only user-level permissions. In a research article published Tuesday, the researchers wrote:
Previous research has primarily considered Rowhammer as a threat to data integrity, allowing an unprivileged attacker to modify data without access. However, with RAMBleed, we show that Rowhammer effects also have implications for data privacy, allowing an unprivileged attacker to take advantage of Rowhammer-induced bit reversals to: Lily the value of the neighboring bits. In addition, because not all bits in DRAM can be inverted via Rowhammer, we are also introducing new memory massage techniques to locate and exploit Rowhammer compression bits later. This allows the attacker to read inaccessible information, such as secret key bits. Finally, because our techniques require the attacker to allocate and free memory and measure the timing of instructions, RAMBleed allows an unprivileged attacker to read secret data using the default configuration of many systems (for example, Ubuntu Linux ), without the need for a special configuration (for example: access to a pagemap, huge pages, or deduplication of memory).
Although RAMBleed represents a new threat against which hardware and software engineers will be forced to protect themselves, it seems unlikely that any exploits will be carried out in the near future by real-world attacks. This is because, like most other Rowhammer-based attacks, RAMBleed requires a lot of overhead and at least some luck. For determined attackers on the ground today, there may be more reliable attacks that achieve the same goal. Although ordinary users should not panic, RAMBleed and the previous attacks it relies on are a long-term threat, especially for low-cost basic hardware users.
How it works
Key extraction requires attackers to first locate bits that can be returned to the memory of a target computer. This phase required 34 hours of research by researchers to locate the 84,000 bits of inversion needed to extract the SSH key. The non-trivial investment in time and resources required to model memory is partly offset by the fact that it can be done in advance, with only user permissions and without the need to interact with the SSH application , its secrets or with any other targeted application or its secrets. After the researchers filtered out bits that were useless for extracting the key, they got about 4,200 bits.
RAMBleed then uses a special memory volume technique to load the SSH key into memory locations that might expose their contents. The goal was to get a layout similar to the one shown in the figure below, corresponding to the 8 KB pages required for two Rowhammer variants. The first uses double-sided access and the second single-sided access. Although RAMBleed works best in the double-sided version, because of the noise coming from another system activity, the memory configuration sometimes results in only one case (correct version in the illustration below ).
Kwong et al.
RAMBleed then hammers the activation pages A0 and A2 shown in the figure. The attack recovered 68% of the targeted SSH key, about 4,200 bits of key, at a rate of 0.31 bits per second and with a precision rate of 82%. In an email, Andrew Kwong, one of the researchers at the University of Michigan who drafted the paper, explained:
It takes us almost four hours to finish reading. In fact, we do not need the key to stay in memory long; OpenSSH will allocate a new page containing the key each time the attacker establishes an SSH connection with the victim. If we make two connections in parallel, then there are two copies of the key in memory, which we then use to hammer and read a single bit. We then close these SSH connections, so that there are no copies of the key in memory. We repeat this process to read each bit. Thus, the key is in memory only for about 3 seconds at a time and we can force the victim to put it back into memory by establishing an SSH connection. We launched our attack on an Ubuntu installation with default settings, without special configuration.
The researchers then executed the recovered bits according to the Heninger-Shacham algorithm, which retrieves RSA keys from partial information. The result: the researchers managed to recover the complete key
The Rowhammer-enabled side channel exploits a physical phenomenon in DRAM chips in which the probability of bit inversion depends on the values of the next higher and lower bits. That is, bits tend to switch to the same value as bits in adjacent lines.
"The main observation behind RAMBleed is that bit reversals do not just depend on the resolution of the bit. orientationthat is, it switches from 1 to 0 or from 0 to 1, but also to the values of neighboring bits, "the researchers reported in their article. "Specifically, true bits tend to switch from 1 to 0 when the upper and lower bits are 0, but not when the upper and lower bits are 1. Likewise, the anti bits tend to switch from 0 to 1 when the upper bits below them are 1, but not when the bits above and below them are 0. "
RAMBleed acts by hammering the memory rows of activation (A0 and A2 in the figure above) with carefully arranged memory contents. The resulting bit reversals allow the researchers to deduce the values of the secret bits. Repeating this procedure with bit reversals at different offsets in the page allows researchers to retrieve enough bits to build the complete key.
CEC is not an absolute defense
The researchers said RAMBleed was able to bypass the ECC protections, or patch code, built into some types of DRAM chips. When corrections are made, they occur predictably, correcting the error first and then passing the corrected value back to the software. This opens a synchronization-side channel that allows researchers to determine if a one-bit error has occurred. The researchers then adjusted RAMBleed to account for CPE.
"With ECC, we can not observe reversals directly," the researchers wrote. "We use the time channel instead and look for long reading latency. Since these latencies occur only because of Rowhammer-induced reversals, they can be used to reveal the value of the secret bit. "
RAMBleed was able to read bits stored in ECC memory with an accuracy of 73% at a rate of 0.64 bit per second.
The key recovery made possible by RAMBleed is fundamentally different from the Rowhammer technique unveiled two years ago, which allowed a virtual machine to compromise RSA keys stored on a second virtual machine. During the 2016 attack, the researchers used Rowhammer-induced bit reversals to further weaken the public key than before. The searches then factorized the key to obtain the corresponding private key. RAMBleed, on the other hand, reads the key into memory.
In a notice, Intel officials confirmed that the vulnerability, part of which is monitored under the number CVE-2019-0174, "may allow partial disclosure of information through a local access ". The notice assigned a common vulnerability score system of 3.8 to the vulnerability on a maximum of 10.
"The partial information on the physical address potentially disclosed by exploiting this vulnerability does not contain any user secrets, but could possibly be used to enhance unrelated attack methods" , says the notice. He then recommended that users follow established practices for side channel resistance and mitigation of side channel synchronization issues for cryptographic implementations.
The statement also recommends the use of DRAM resistant to Rowhammer attacks. This usually includes using DDR4 chips with ECC or a feature called targeted regeneration of lines. This advice is useful, but it is not the last word for two reasons. First, RAMBleed can bypass ECC protections. The second target line update is not an automatic defense against Rowhammer.
"Thanks to TRR, it's harder to find bit reversals," wrote Kwong, a researcher at the University of Michigan. "All DDR4s are not compatible with the TRR, and the implementations vary greatly from one provider to the other. It is therefore difficult to determine exactly how secure the TRR is compared to Rowhammer. The susceptibility of TRR to RAMBleed is an open research question. "
Kwong also clarified Intel's statement that CVE-2019-0174 "could allow partial disclosure of information through local access." Because CVE only follows the technique of discovering the 21 bits of a physical address, the statement only refers to that, not to the general effect of RAMBleed, the researcher explained to Ars.
As stated earlier, the actual real threat that RAMBleed and most other Rowhammer attacks pose to most end users is relatively small. This is because attackers use a variety of less complicated and proven methods that could possibly achieve the same results. That said, Rowhammer-based attacks, including RAMBleed, could in the coming years become a more serious risk, especially for less expensive devices, if engineers do not study the underlying bug and do not design effective way to repair or at least mitigate it.
"By discovering another Rowhammer-based operating channel," the researchers wrote, "we have emphasized the need to further explore and understand the full functionality of Rowhammer."
[ad_2]
Source link