Concomitant with the increasing density of semiconductors, various attacks that threaten the integrity and security of dynamic random access memory (DRAM) have been devised. Among these, a side-channel attack called RAMBleed is a prolific one that utilizes a general user-level account without special rights to read secret information. Studies have reported that it can be used to obtain OpenSSH secret keys. However, a technique for deriving the Rivest-Shamir-Adleman (RSA) secret keys used in OpenSSL under realistic parameters and environments has not been reported. We propose a method that uses RAMBleed to obtain OpenSSL secret keys and demonstrate its efficacy using the example of an Apache server. The proposed method exploits the fact that, in the operation of an Apache server that uses OpenSSL, the RSA private keys are deployed on DRAM at a set time. Although the result of reading this secret information contains a few errors, error-free secret information is obtainable when it is used with RSA cryptanalysis techniques. We performed a series of attacks incorporating RAMBleed and eventually retrieved the OpenSSL RSA private key, indicating that secret information is obtainable with high probability. The proposed method can easily and externally be executed without administrator privileges on a server using DRAM that is vulnerable to RAMBleed, showing that RAMBleed is also a major threat to OpenSSL.
Keywords: Apache server; OpenSSL; RAMBleed; RSA; key recovery attack; rowhammer; side-channel attack.