Dr Peter McLaren P.McLaren@napier.ac.uk
Associate
Deriving ChaCha20 Key Streams From Targeted Memory Analysis
McLaren, Peter; Buchanan, William J.; Russell, Gordon; Tan, Zhiyuan
Authors
Prof Bill Buchanan B.Buchanan@napier.ac.uk
Professor
Dr Gordon Russell G.Russell@napier.ac.uk
Associate Professor
Dr Thomas Tan Z.Tan@napier.ac.uk
Associate Professor
Abstract
There can be performance and vulnerability concerns with block ciphers, thus stream ciphers can used as an alternative. Although many symmetric key stream ciphers are fairly resistant to side-channel attacks, cryptographic artefacts may exist in memory. This paper identifies a significant vulnerability within OpenSSH and OpenSSL and which involves the discovery of cryptographic artefacts used within the ChaCha20 cipher. This can allow for the cracking of tunneled data using a single targeted memory extraction. With this, law enforcement agencies and/or malicious agents could use the vulnerability to take copies of the encryption keys used for each tunnelled connection. The user of a virtual machine would not be alerted to the capturing of the encryption key, as the method runs from an extraction of the running memory. Methods of mitigation include making cryptographic artefacts difficult to discover and limiting memory access.
Citation
McLaren, P., Buchanan, W. J., Russell, G., & Tan, Z. (2019). Deriving ChaCha20 Key Streams From Targeted Memory Analysis. Journal of Information Security and Applications, 48, Article 102372. https://doi.org/10.1016/j.jisa.2019.102372
| Journal Article Type | Article |
|---|---|
| Acceptance Date | Aug 5, 2019 |
| Online Publication Date | Aug 10, 2019 |
| Publication Date | 2019-10 |
| Deposit Date | Aug 10, 2019 |
| Publicly Available Date | Aug 13, 2019 |
| Journal | Journal of Information Security and Applications |
| Electronic ISSN | 2214-2126 |
| Publisher | Elsevier |
| Peer Reviewed | Peer Reviewed |
| Volume | 48 |
| Article Number | 102372 |
| DOI | https://doi.org/10.1016/j.jisa.2019.102372 |
| Keywords | network traffic; decryption; memory analysis; Virtual machine introspection; Secure Shell; Transport Layer Security; stream ciphers; ChaCha20 |
| Public URL | http://researchrepository.napier.ac.uk/Output/2032207 |
Files
Deriving ChaCha20 Key Streams From Targeted Memory Analysis
(1.1 Mb)
PDF
Licence
http://creativecommons.org/licenses/by-nc-nd/4.0/
Copyright Statement
Creative Commons Attribution Non-Commercial No Derivatives License
You might also like
Decrypting Live SSH Traffic in Virtual Environments
(2019)
Journal Article
Mining malware command and control traces
(2018)
Conference Proceeding
Enhancing Mac OS Malware Detection through Machine Learning and Mach-O File Analysis
(2023)
Conference Proceeding
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search