無線LANシステムへのRAMBleedの適用：秘密鍵の導出

DRAM(Dynamic Random Access Memory) に繰り返しアクセスするとビット値が変更してしまう現象をRowhammerと呼ぶ．また，Rowhammerを応用したRAMBleed攻撃はメモリ内のアクセス権限のない秘密情報を読み取るサイドチャネル攻撃であり，OpenSSHやOpenSSLに対する攻撃が報告されている．OpenSSHやOpenSSLを対象としたRAMBleed 攻撃では攻撃対象が1台のみであったため秘密情報の回復に時間を要した．その一方で無線LANに対するRAMBleed の適用はクライアントの数だけ攻撃対象が増えるためその分攻撃を短時間で行える．本稿では，無線LANに接続したクライアントに対してRAMBleedを実行し，無線LAN通信の暗号化に用いる秘密情報を回復を試みる．まず，無線LAN接続時の挙動を解析し，接続の際にメモリ内の特定の位置に暗号化に用いられる鍵が格納されることがわかった．この鍵をRAMBleed に用いるメモリ領域に誘導させ攻撃を実行することで，秘密情報を取得できることを示す．

When repeatedly accessing DRAM (Dynamic Random Access Memory), there's a phenomenon where the bit values change, known as Rowhammer. Furthermore, the RAMBleed attack that utilizes Rowhammer is a side-channel attack that reads secret information from memory without access permissions. Attacks on OpenSSH and OpenSSL using RAMBleed have been reported. In the RAMBleed attacks targeting OpenSSH and OpenSSL, the attack was time-consuming because only one target was attacked. On the other hand, applying RAMBleed to a wireless LAN means the number of attack targets increases with the number of clients, allowing the attack to be executed in a shorter time. In this paper, we attempt to recover secret information used for encrypting wireless LAN communication by executing RAMBleed against clients connected to the wireless LAN. First, we analyze the behavior during wireless LAN connection and found that the key used for encryption is stored in a specific location in memory during the connection. By inducing this key to the memory area used by RAMBleed and launching the attack, we demonstrate that it is possible to obtain the secret information.