Secure shell ssh
1 / 16

- PowerPoint PPT Presentation

  • Updated On :

Secure Shell – SSH. Tam Ngo Steve Licking cs265. Overview. Introduction Brief History and Background of SSH Differences between SSH-1 and SSH-2 Brief Overview of how SSH works Attack on SSH Key-Stroke Timing Attack Conclusion. History and Background. Password-sniffing attack

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about '' - stacey

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Secure shell ssh l.jpg

Secure Shell – SSH

Tam Ngo

Steve Licking


Overview l.jpg

  • Introduction

    • Brief History and Background of SSH

    • Differences between SSH-1 and SSH-2

    • Brief Overview of how SSH works

  • Attack on SSH

    • Key-Stroke Timing Attack

  • Conclusion

History and background l.jpg
History and Background

  • Password-sniffing attack

  • SSH-1 was developed, Finland, 1995

  • SSH Communications Security Ltd.

  • Replacement for telnet and r-commands

  • Version 2, SSH-2 released in 1998

Ssh 1 vs ssh 2 l.jpg

All in one protocol

CRC-32 integrity check

One session per connection

No password change

No public-key certificate authentication

Separate protocols

Strong integrity check

Multiple sessions per connection

Password change

provide public-key certificate authentication

SSH-1 vs. SSH-2

How ssh works l.jpg
How SSH Works

  • (1) Client contacts server

  • (2) If SSH protocol versions do not agree, no connection

  • (3) Server identifies itself. Server sends host key, server key, check bytes, list of methods. Client looks in its DB for hosts.

  • (4) Client sends a secret key, encrypted using server’s public key

  • Both begins encryption. Server authentication is completed

  • Client authentication on the server side. Example, password and public-key authentication

Ssh2 s secure channel l.jpg

What SSH does:

Packets are padded up to the first 8 byte multiple

Input is sent as each key-down is read

Not all input is echoed by the server

What it means:

Data size can be estimated

Keystroke timing is feasible

Password sessions are identifiable

SSH2’s “Secure” Channel

Identifying password transfers l.jpg
Identifying Password Transfers

  • Doesn’t SSH transfer passwords all at once? Yes, but…

  • Only when logging into the server

    • Not when running any applications (e.g. su)

    • Not when chaining logins

Is this useful l.jpg
Is this Useful?

  • Everything is encrypted, more information is required than just a password

  • What good is a password if you don’t know the host/user/application it is for

  • Attackers can sniff traffic to determine the host it is destined for

  • With access to the ps command attackers can narrow it down to a user running a specific application

Keystroke timing l.jpg
Keystroke Timing

Various key pairs have different delays

Hidden markov model l.jpg
Hidden Markov Model

  • State machine

  • The current state cannot be observed, only the output

  • Transition to next state depends only on current state

  • The likely state path can be deduced from observed output

  • Let each state be a key pair and the output be the delay between the two key presses

Does it work l.jpg
Does It Work

  • The HMM can be solved using known algorithms to find a likely solution

  • The large amount of guesswork involved means the most likely solution isn’t always the correct one

  • Instead look at the n most likely solutions

Does it work15 l.jpg
Does It Work

  • Given a subset of all possible 8 character random passwords

  • This method can reduce work by a factor of 50

  • Translates to roughly 1 bit per character entered

Does it work16 l.jpg
Does It Work

  • Can timing information be collected?

    • Yes

  • Are the timing metrics useful if the user creating them isn’t pre-tested?

    • Yes

  • Is it feasible to use a HMM to crack passwords?

    • Depends on who you ask