A commit for the OpenSSH project adds protection for private keys in memory when they are not in use, making it more difficult for an adversary to extract them through side-channel attacks leveraging hardware vulnerabilities.

OpenSSH is the most popular implementation of the SSH (Secure Shell) protocol, being the default solution in many Linux distributions for encrypting connections to a remote system.

The modification comes from Damien Miller, OpenBSD developer and security researcher at Google. The protection provided through his change consists in applying symmetric encryption to the OpenSSH private keys stored in RAM.

Keeping private keys encrypted

Miller says that his commit makes attacks like Spectre, Meltdown, Rowhammer and the more recent RAMBleed, which researchers demonstrated by stealing an OpenSSH key from RAM.

The symmetric key safeguarding the private keys in the memory “is derived from a relatively large ‘prekey’ consisting of random data (currently 16KB),” Miller explains in the commit note.

The way this works is that the keys are encrypted when they are loaded in the memory and decrypted whenever they are needed for signing or have to be saved.

While this precaution is not a complete solution against hardware attacks, it does make it harder for an attacker to achieve success.

“Attackers must recover the entire prekey with high accuracy before they can attempt to decrypt the shielded private key, but the current generation of attacks have bit error rates that, when applied cumulatively to the entire prekey, make this unlikely.”

New developments in existing attacks may emerge, which could work around this protection.

This change in OpenSSH is intended for the long term but the goal is not to become permanent; Miller hopes that his commit could be pulled when hardware becomes more secure.

“Hopefully we can remove this in a few years time when computer architecture has become less unsafe,” the developer wrote.