Deriving ChaCha20 Key Streams From Targeted Memory Analysis

Research Output

There can be performance and vulnerability concerns with block ciphers, thus stream ciphers can used as an alternative. Although many symmetric key stream ciphers are fairly resistant to side-channel attacks, cryptographic artefacts may exist in memory. This paper identifies a significant vulnerability within OpenSSH and OpenSSL and which involves the discovery of cryptographic artefacts used within the ChaCha20 cipher. This can allow for the cracking of tunneled data using a single targeted memory extraction. With this, law enforcement agencies and/or malicious agents could use the vulnerability to take copies of the encryption keys used for each tunnelled connection. The user of a virtual machine would not be alerted to the capturing of the encryption key, as the method runs from an extraction of the running memory. Methods of mitigation include making cryptographic artefacts difficult to discover and limiting memory access.

Type:

Article
Date:

10 August 2019
Publication Status:

Published
DOI:

10.1016/j.jisa.2019.102372
Library of Congress:

QA75 Electronic computers. Computer science
Dewey Decimal Classification:

004 Data processing & computer science
Funders:

Edinburgh Napier Funded

http://researchrepository.napier.ac.uk/output/2032207 McLaren, P., Buchanan, W. J., Russell, G., & Tan, Z. (2019). Deriving ChaCha20 Key Streams From Targeted Memory Analysis. Journal of Information Security and Applications, 48, https://doi.org/10.1016/j.jisa.2019.102372

Citation

McLaren, P., Buchanan, W. J., Russell, G., & Tan, Z. (2019). Deriving ChaCha20 Key Streams From Targeted Memory Analysis. Journal of Information Security and Applications, 48, https://doi.org/10.1016/j.jisa.2019.102372