1 / 19

SSH Keystroke Timing Attacks

SSH Keystroke Timing Attacks. Mike Hogye Thad Hughes Josh Sarfaty Joe Wolf. SSH. The S ecure SH ell protocol was created by Tatu Ylönen and others to provide encrypted data transfers between remote machines. Mmmm…SSH. SSH Weaknesses. SSH can leak information about passwords

donoma
Download Presentation

SSH Keystroke Timing Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSH Keystroke Timing Attacks Mike Hogye Thad Hughes Josh Sarfaty Joe Wolf

  2. SSH The Secure SHell protocol was created by Tatu Ylönen and others to provide encrypted data transfers between remote machines Mmmm…SSH

  3. SSH Weaknesses • SSH can leak information about passwords • Approximate length of password can be inferred by examining number of packets. • Keystroke Timing Analysis can reduce the search space for brute force attacks.

  4. Password Keystroke Timing • Users type passwords often • Password keystrokes develop consistent rhythm due to optimized hand motion • This rhythm can be used to determine characteristics about the password

  5. SSH Immediate Mode • Each keystroke is sent IMMEDIATELY from client to server, one character per packet • Allows interactive user experience

  6. Passwords & SSH • SSH login does NOT used immediate mode • Password (and username) packets are padded to fixed lengths • No problems, right? WRONG !! Maybe?

  7. su • UNIX “Switch User” command (used to get root access) • Executed in IMMEDIATE mode SSH1 su command

  8. Nested SSH • Start new SSH session from within a running SSH session • Username and password sent to server B in immediate mode

  9. So What? • Password lengths can be determined • Reveals timing information of password keystrokes • Academically speaking, this is a lot of information

  10. Is This Practical? • How to detect an “su” command? • How to detect a nested SSH session? • Network latency

  11. “I am a su” Server ack ack ack ack ack ack ack ack ack 40 40 40 40 40 40 48 48 40 40 40 40 40 40 56 64 56 ack ack ack ack Client “s” “u” Return “a” “b” “c” “d” Return Server Response Detecting the “su” • Look for the ‘su’ signature • Not as easy as it sounds SSH2 su command

  12. SSH! (nested) • Theoretically similar to detecting ‘su’ • In practice, much harder to detect • No definite packet signature for calling ‘ssh’

  13. How late(ncy) is your network • Random network delay influences observed packet times • Song’s paper considered latency statistics • Determined that latency is not an issue • Used eight year old statistics • Song’s estimated network latency: 10 ms • Modern latency easily reaches 170 ms

  14. Internet Latency

  15. Conclusions • Song: Timing analysis can reduce brute-force password search by a factor of 50 • In practice, this is unlikely • Use SSH2 • PuTTY defaults to SSH1

More Related