Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Experts find a method of network eavesdropping to extract private keys from SSH connections

2024-04-25 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Share

Shulou(Shulou.com)12/24 Report--

CTOnews.com November 28, researchers at the University of California San Diego and Massachusetts Institute of Technology have jointly discovered that there is a high-risk vulnerability in the Secure Shell Protocol (SSH). Attackers use network eavesdropping technology to steal private RSA host keys from SSH servers by exploiting computational errors during connection establishment.

CTOnews.com Note: Secure Shell Protocol (SSH) is an encrypted network transport protocol that provides a secure transport environment for network services over insecure networks. SSH enables connections between SSH clients and servers by establishing secure tunnels in the network.

The vulnerability resides in the host key used to authenticate computers in SSH protocol, which is typically generated using a public key cryptosystem such as RSA and used as an encryption credential.

The researchers say that using a specific signature implementation of CRT-RSA, errors are encountered during signature computation, and attackers can observe these erroneous signatures to compute the signer's private key.

The researchers called this approach a lattice-based key recovery failure attack and successfully retrieved the private keys associated with 189 different RSA public keys. These keys are linked to devices manufactured by Cisco, Hillstone Networks, Mocana, and Zyxel.

Although Huawei has serious security issues with this vulnerability, TLS version 1.3 released in 2018 provides countermeasures. TLS 1.3 encrypts the handshake process, preventing passive eavesdroppers from accessing the signature and reducing the risk of private key disclosure.

The researchers stressed the importance of design principles in cryptography. They emphasize the importance of encrypting the protocol handshake immediately after session key agreement, and of binding authentication to the session and separating authentication from the encryption key.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

IT Information

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report