Secure Shell – SSH - PowerPoint PPT Presentation

Secure shell ssh l.jpg
1 / 16

  • Updated On :
  • Presentation posted in: General

Secure Shell – SSH. Tam Ngo Steve Licking cs265. Overview. Introduction Brief History and Background of SSH Differences between SSH-1 and SSH-2 Brief Overview of how SSH works Attack on SSH Key-Stroke Timing Attack Conclusion. History and Background. Password-sniffing attack

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Secure Shell – SSH

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Secure shell ssh l.jpg

Secure Shell – SSH

Tam Ngo

Steve Licking


Overview l.jpg


  • Introduction

    • Brief History and Background of SSH

    • Differences between SSH-1 and SSH-2

    • Brief Overview of how SSH works

  • Attack on SSH

    • Key-Stroke Timing Attack

  • Conclusion

History and background l.jpg

History and Background

  • Password-sniffing attack

  • SSH-1 was developed, Finland, 1995

  • SSH Communications Security Ltd.

  • Replacement for telnet and r-commands

  • Version 2, SSH-2 released in 1998

Ssh 1 vs ssh 2 l.jpg

All in one protocol

CRC-32 integrity check

One session per connection

No password change

No public-key certificate authentication

Separate protocols

Strong integrity check

Multiple sessions per connection

Password change

provide public-key certificate authentication

SSH-1 vs. SSH-2

How ssh works l.jpg

How SSH Works

  • (1) Client contacts server

  • (2) If SSH protocol versions do not agree, no connection

  • (3) Server identifies itself. Server sends host key, server key, check bytes, list of methods. Client looks in its DB for hosts.

  • (4) Client sends a secret key, encrypted using server’s public key

  • Both begins encryption. Server authentication is completed

  • Client authentication on the server side. Example, password and public-key authentication

Ssh 2 protocol l.jpg

SSH-2 Protocol

Ssh2 s secure channel l.jpg

What SSH does:

Packets are padded up to the first 8 byte multiple

Input is sent as each key-down is read

Not all input is echoed by the server

What it means:

Data size can be estimated

Keystroke timing is feasible

Password sessions are identifiable

SSH2’s “Secure” Channel

Identifying password transfers l.jpg

Identifying Password Transfers

  • Doesn’t SSH transfer passwords all at once? Yes, but…

  • Only when logging into the server

    • Not when running any applications (e.g. su)

    • Not when chaining logins

Is this useful l.jpg

Is this Useful?

  • Everything is encrypted, more information is required than just a password

  • What good is a password if you don’t know the host/user/application it is for

  • Attackers can sniff traffic to determine the host it is destined for

  • With access to the ps command attackers can narrow it down to a user running a specific application

Keystroke timing l.jpg

Keystroke Timing

Various key pairs have different delays

Keystroke timing11 l.jpg

Keystroke Timing

Keystroke pair probabilities l.jpg

Keystroke Pair Probabilities

Hidden markov model l.jpg

Hidden Markov Model

  • State machine

  • The current state cannot be observed, only the output

  • Transition to next state depends only on current state

  • The likely state path can be deduced from observed output

  • Let each state be a key pair and the output be the delay between the two key presses

Does it work l.jpg

Does It Work

  • The HMM can be solved using known algorithms to find a likely solution

  • The large amount of guesswork involved means the most likely solution isn’t always the correct one

  • Instead look at the n most likely solutions

Does it work15 l.jpg

Does It Work

  • Given a subset of all possible 8 character random passwords

  • This method can reduce work by a factor of 50

  • Translates to roughly 1 bit per character entered

Does it work16 l.jpg

Does It Work

  • Can timing information be collected?

    • Yes

  • Are the timing metrics useful if the user creating them isn’t pre-tested?

    • Yes

  • Is it feasible to use a HMM to crack passwords?

    • Depends on who you ask

  • Login