secure shell ssh l.
Skip this Video
Loading SlideShow in 5 Seconds..
Secure Shell – SSH PowerPoint Presentation
Download Presentation
Secure Shell – SSH

Loading in 2 Seconds...

play fullscreen
1 / 16

Secure Shell – SSH - PowerPoint PPT Presentation

  • Uploaded on

Secure Shell – SSH. Tam Ngo Steve Licking cs265. Overview. Introduction Brief History and Background of SSH Differences between SSH-1 and SSH-2 Brief Overview of how SSH works Attack on SSH Key-Stroke Timing Attack Conclusion. History and Background. Password-sniffing attack

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Secure Shell – SSH' - stacey

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
secure shell ssh

Secure Shell – SSH

Tam Ngo

Steve Licking


  • Introduction
    • Brief History and Background of SSH
    • Differences between SSH-1 and SSH-2
    • Brief Overview of how SSH works
  • Attack on SSH
    • Key-Stroke Timing Attack
  • Conclusion
history and background
History and Background
  • Password-sniffing attack
  • SSH-1 was developed, Finland, 1995
  • SSH Communications Security Ltd.
  • Replacement for telnet and r-commands
  • Version 2, SSH-2 released in 1998
ssh 1 vs ssh 2
All in one protocol

CRC-32 integrity check

One session per connection

No password change

No public-key certificate authentication

Separate protocols

Strong integrity check

Multiple sessions per connection

Password change

provide public-key certificate authentication

SSH-1 vs. SSH-2
how ssh works
How SSH Works
  • (1) Client contacts server
  • (2) If SSH protocol versions do not agree, no connection
  • (3) Server identifies itself. Server sends host key, server key, check bytes, list of methods. Client looks in its DB for hosts.
  • (4) Client sends a secret key, encrypted using server’s public key
  • Both begins encryption. Server authentication is completed
  • Client authentication on the server side. Example, password and public-key authentication
ssh2 s secure channel
What SSH does:

Packets are padded up to the first 8 byte multiple

Input is sent as each key-down is read

Not all input is echoed by the server

What it means:

Data size can be estimated

Keystroke timing is feasible

Password sessions are identifiable

SSH2’s “Secure” Channel
identifying password transfers
Identifying Password Transfers
  • Doesn’t SSH transfer passwords all at once? Yes, but…
  • Only when logging into the server
    • Not when running any applications (e.g. su)
    • Not when chaining logins
is this useful
Is this Useful?
  • Everything is encrypted, more information is required than just a password
  • What good is a password if you don’t know the host/user/application it is for
  • Attackers can sniff traffic to determine the host it is destined for
  • With access to the ps command attackers can narrow it down to a user running a specific application
keystroke timing
Keystroke Timing

Various key pairs have different delays

hidden markov model
Hidden Markov Model
  • State machine
  • The current state cannot be observed, only the output
  • Transition to next state depends only on current state
  • The likely state path can be deduced from observed output
  • Let each state be a key pair and the output be the delay between the two key presses
does it work
Does It Work
  • The HMM can be solved using known algorithms to find a likely solution
  • The large amount of guesswork involved means the most likely solution isn’t always the correct one
  • Instead look at the n most likely solutions
does it work15
Does It Work
  • Given a subset of all possible 8 character random passwords
  • This method can reduce work by a factor of 50
  • Translates to roughly 1 bit per character entered
does it work16
Does It Work
  • Can timing information be collected?
    • Yes
  • Are the timing metrics useful if the user creating them isn’t pre-tested?
    • Yes
  • Is it feasible to use a HMM to crack passwords?
    • Depends on who you ask