{"created":"2025-01-19T01:27:50.932680+00:00","updated":"2025-01-19T11:45:15.288367+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00228708","sets":["6164:6165:6462:11379"]},"path":["11379"],"owner":"44499","recid":"228708","title":["無線LANシステムへのRAMBleedの適用：秘密鍵の導出"],"pubdate":{"attribute_name":"公開日","attribute_value":"2023-10-23"},"_buckets":{"deposit":"de045dea-5024-4c8c-9f12-35a22902345d"},"_deposit":{"id":"228708","pid":{"type":"depid","value":"228708","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"無線LANシステムへのRAMBleedの適用：秘密鍵の導出","author_link":["613420","613413","613417","613412","613415","613419","613418","613416","613411","613414"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"無線LANシステムへのRAMBleedの適用：秘密鍵の導出"},{"subitem_title":"Wireless LAN systems are not secure against RAMBleed!","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"RAMBleed，無線LAN，Rowhammer，サイドチャネル攻撃","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2023-10-23","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"神戸大学大学院工学研究科"},{"subitem_text_value":"株式会社KDDI 総合研究所情報セキュリティグループ"},{"subitem_text_value":"株式会社KDDI 総合研究所情報セキュリティグループ"},{"subitem_text_value":"神戸大学大学院工学研究科"},{"subitem_text_value":"神戸大学大学院工学研究科"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Engineering, Kobe University","subitem_text_language":"en"},{"subitem_text_value":"KDDI Research, Inc. Information Security Laboratory","subitem_text_language":"en"},{"subitem_text_value":"KDDI Research, Inc. Information Security Laboratory","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Engineering, Kobe University","subitem_text_language":"en"},{"subitem_text_value":"Graduate School of Engineering, Kobe University","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/228708/files/IPSJ-CSS2023095.pdf","label":"IPSJ-CSS2023095.pdf"},"date":[{"dateType":"Available","dateValue":"2025-10-23"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSS2023095.pdf","filesize":[{"value":"475.0 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"00788297-8098-4cc9-9e13-19058b1ef58c","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2023 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"奥田, 悠"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"福島, 和英"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"仲野, 有登"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"白石, 善明"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"森井, 昌克"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Haruka, Ouda","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kazuhide, Fukushima","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yuto, Nakano","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Yoshiaki, Shibashi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masakatu, Morii","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"DRAM(Dynamic Random Access Memory) に繰り返しアクセスするとビット値が変更してしまう現象をRowhammerと呼ぶ．また，Rowhammerを応用したRAMBleed攻撃はメモリ内のアクセス権限のない秘密情報を読み取るサイドチャネル攻撃であり，OpenSSHやOpenSSLに対する攻撃が報告されている．OpenSSHやOpenSSLを対象としたRAMBleed 攻撃では攻撃対象が1台のみであったため秘密情報の回復に時間を要した．その一方で無線LANに対するRAMBleed の適用はクライアントの数だけ攻撃対象が増えるためその分攻撃を短時間で行える．本稿では，無線LANに接続したクライアントに対してRAMBleedを実行し，無線LAN通信の暗号化に用いる秘密情報を回復を試みる．まず，無線LAN接続時の挙動を解析し，接続の際にメモリ内の特定の位置に暗号化に用いられる鍵が格納されることがわかった．この鍵をRAMBleed に用いるメモリ領域に誘導させ攻撃を実行することで，秘密情報を取得できることを示す．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"When repeatedly accessing DRAM (Dynamic Random Access Memory), there's a phenomenon where the bit values change, known as Rowhammer. Furthermore, the RAMBleed attack that utilizes Rowhammer is a side-channel attack that reads secret information from memory without access permissions. Attacks on OpenSSH and OpenSSL using RAMBleed have been reported. In the RAMBleed attacks targeting OpenSSH and OpenSSL, the attack was time-consuming because only one target was attacked. On the other hand, applying RAMBleed to a wireless LAN means the number of attack targets increases with the number of clients, allowing the attack to be executed in a shorter time. In this paper, we attempt to recover secret information used for encrypting wireless LAN communication by executing RAMBleed against clients connected to the wireless LAN. First, we analyze the behavior during wireless LAN connection and found that the key used for encryption is stored in a specific location in memory during the connection. By inducing this key to the memory area used by RAMBleed and launching the attack, we demonstrate that it is possible to obtain the secret information.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"703","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2023論文集"}],"bibliographicPageStart":"698","bibliographicIssueDates":{"bibliographicIssueDate":"2023-10-23","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":228708,"links":{}}