AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
Every individual keystroke that a user types is sent to the remote machine in a separate IP packet immediately after the key is pressed

Timing analysis of keystrokes and timing attacks on SSH

USENIX Security Symposium, pp.25-25, (2001)

Cited by: 632|Views1468
EI
Full Text
Bibtex
Weibo

Abstract

SSH is designed to provide a secure channel between two hosts. Despite the encryption and authentication mechanisms it uses, SSH has two weakness: First, the transmitted packets are padded only to an eight-byte boundary (if a block cipher is in use), which reveals the approximate size of the original data. Second, in interactive mode, eve...More

Code:

Data:

Introduction
  • SSH is designed to provide a secure channel between two hosts. Despite the encryption and authentication mechanisms it uses, SSH has two weakness: First, the transmitted packets are padded only to an eight-byte boundary (if a block cipher is in use), which reveals the approximate size of the original data.
  • In interactive mode, every individual keystroke that a user types is sent to the remote machine in a separate IP packet immediately after the key is pressed, which leaks the interkeystroke timing information of users’ typing.
  • The authors further show that by using more advanced statistical techniques on timing information collected from the network, the eavesdropper can learn significant information about what users type in SSH sessions.
  • The authors further develop an attacker system, Herbivore , which tries to learn users’ passwords by monitoring SSH sessions.
Highlights
  • Secure Shell is designed to provide a secure channel between two hosts
  • In interactive mode, every individual keystroke that a user types is sent to the remote machine in a separate IP packet immediately after the key is pressed
  • We identified several serious security risks in Secure Shell due to two weaknesses of Secure Shell: First, the transmitted packets are padded only to an eight-byte boundary, which reveals the approximate size of the original data
  • In interactive mode, every individual keystroke that a user types is sent to the remote machine in a separate IP packet immediately after the key is pressed, which leaks the interkeystroke timings of users’ typing
  • We showed that these two weaknesses reveal a surprising amount of information on passwords and other text typed over Secure Shell sessions
  • The lessons we learned and the techniques we developed in this paper apply to a general class of protocols that aim to provide secure channels between machines
Results
  • Experimental Results for Password Inference for a

    Single User

    The authors measure the effectiveness of the n-Viterbi algorithm at cracking passwords through empirical measurements.
  • The simple timing characteristics reported in Section 3.2—e.g., keypairs typed with alternate pairs tend to have much lower inter-keystroke latency than keypairs typed with the same hand—were observed to be essentially user-independent
  • This suggests that typing statistics have a large component that is common across a broad user population and which can be exploited by attackers even in the absence of any training data from the victim
Conclusion
  • The authors identified several serious security risks in SSH due to two weaknesses of SSH: First, the transmitted packets are padded only to an eight-byte boundary, which reveals the approximate size of the original data.
  • In interactive mode, every individual keystroke that a user types is sent to the remote machine in a separate IP packet immediately after the key is pressed, which leaks the interkeystroke timings of users’ typing.
  • The authors showed that these two weaknesses reveal a surprising amount of information on passwords and other text typed over SSH sessions.
  • The authors show that timing information opens a new set of risks, and the authors recommend that developers take care when designing these types of protocols
Tables
  • Table1: Success rates for password inference with multiple users. The numbers are the percentage of the search space the attacker has to search before he finds the right password
Download tables as Excel
Related work
  • Timing analysis has previously been used by Kocher to attack cryptosystems [Koc95]. Trostle exploited a similar idea, showing how a malicious user on a multiuser workstation can gain information about other users’ passwords using CPU timings [Tro98]. We expect our Hidden Markov Model techniques might find applications in Trostle’s threat model as well.

    Most recently, other researchers have independently pointed out the possibility of timing attacks on SSH [DS01]. Some of their observations reveal additional weaknesses in SSH: For instance, they noted that the SSH 1.x protocol reveals the exact length of passwords, because ciphertexts contain a length field sent in the clear (SSH 2 does not have this problem); they discussed how to deal with the presence of backspace characters; and, they initiated an investigation of the impact of timing attacks on other session data (such as shell commands typed in the SSH session).

    Although SSH provides an encrypted and authenticated link between the local host and the remote machine, an eavesdropper can still learn information about typed keystrokes due to two weaknesses of SSH. First, every individual keystroke that a user types is sent to the remote machine in an individual IP packet (except for meta keys such as Shift and Ctrl); second, as soon as command output is available on the remote machine, it is sent to the local host in one or multiple IP packets, leaking information on the approximate size of the output. We have shown in this paper how these seemingly minor weaknesses lead to severe real-world attacks.
Funding
  • This research was supported in part by the Defense Advanced Research Projects Agency under DARPA contract N6601-99-28913 (under supervision of the Space and Naval Warfare Systems Center San Diego) and by the National Science foundation under grants FD9979852 and CCR-0093337
Reference
  • Steven M. Bellovin. Packets found on an internet. Computer Communications Review, 23(3):26– 31, July 1993.
    Google ScholarLocate open access versionFindings
  • S. Bleha, C. Slivinksy, and B. Hussein. Computer-access security systems using keystrokes dynamics. In IEEE Transactions on Pattern Analysis and Machine Intelligence PAMI-12, volume 12, December 1990.
    Google ScholarLocate open access versionFindings
  • William R. Cheswick and Steven M. Bellovin. Firewalls and Internet Security – Repelling the Wily Hacker. Professional Computing Series. Addison-Wesley, 1994. ISBN 0-201-63357-4.
    Google ScholarFindings
  • Solar Designer and Dug Song. Passive analysis of SSH (secure shell) traffic. Openwall advisory OW-003, March 2001.
    Google ScholarLocate open access versionFindings
  • R. Gaines, W. Lisowski, S. Press, and N. Shapiro. Authentication by keystroke timing: Some preliminary results. Technical Report Rand report R-256-NSF, Rand corporation, 1980.
    Google ScholarFindings
  • Simson Garfinkel and Gene Spafford. Practical UNIX & Internet Security. O’Reilly & Associates, 1996.
    Google ScholarFindings
  • Rick Joyce and Gopal Gupta. Identity authentication based on keystroke latencies. Communications of the ACM, 33(2):168 – 176, February 1990.
    Google ScholarLocate open access versionFindings
  • P. Kocher. Cryptanalysis of Diffie-Hellman, RSA, DSS, and other cryptosystems using timing attacks. In Advances in cryptology, CRYPTO ’95, pages 171–183. Springer-Verlag, 1995.
    Google ScholarLocate open access versionFindings
  • G. Leggett and J. Williams. Verifying identity via keystroke characteristics. International Journal of Man-Machine Studies, 28(1):67–76, 1988.
    Google ScholarLocate open access versionFindings
  • G. Leggett, J. Williams, and D. Umphress. Verification of user identity via keystroke characteristics. Human Factors in Management Information Systems, 1989.
    Google ScholarLocate open access versionFindings
  • Fabian Monrose and Avi Rubin. Authentication via keystroke dynamics. In Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 48–56, April 1997.
    Google ScholarLocate open access versionFindings
  • F. Monrose, M. K. Reiter, and S. Wetzel. Password hardening based on keystroke dynamics. In Proceedings of the 6th ACM Conference on Computer and Communications Security, November 1999.
    Google ScholarLocate open access versionFindings
  • National Bureau of Standards. Specification for the Data Encryption Standard. Federal Information Processing Standards Publication 46 (FIPS PUB 46), January 1977.
    Google ScholarFindings
  • U. S. National Institute of Standards and Technology (NIST). Data Encryption Standard (DES). Draft Federal Information Processing Standards Publication 46-3 (FIPS PUB 46-3), January 1999.
    Google ScholarFindings
  • J. A. Robinson, V. M. Liang, J. A. Chambers, and C. L. MacKenzie. Computer user verification using login string keystroke dynamics. IEEE Transactions on System, Man, and Cybernetics, 28(2), 1998.
    Google ScholarLocate open access versionFindings
  • Stuart Russell and Peter Norvig. Artificial Intelligence, A modern approach. Prentice Hall, 1995.
    Google ScholarFindings
  • Claude E. Shannon. Prediction and Entropy of Printed English. Bell Sys. Tech. J (3), 1950.
    Google ScholarLocate open access versionFindings
  • IETF Secure Shell Working Group (SECSH). http://www.ietf.org/html.charters/secsh-charter.html, 2001.
    Findings
  • Jonathan Trostle. Timing attacks against trusted path. In IEEE Symposium on Security and Privacy, 1998.
    Google ScholarLocate open access versionFindings
  • D. Umphress and J. Williams. Identity verification through keyboard characteristics. International Journal of Man-Machine Studies, 23(3):263–273, 1985.
    Google ScholarLocate open access versionFindings
  • [YKS 00a] T. Ylonen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen. SSH authentication protocol. Internet Draft, Internet Engineering Task Force, May 2000. Work in progress.
    Google ScholarFindings
  • [YKS 00b] T. Ylonen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen. SSH protocol architecture. Internet Draft, Internet Engineering Task Force, May 2000. Work in progress.
    Google ScholarFindings
  • Tatu Ylonen. SSH – Secure Login Connections over the Internet. In Sixth USENIX Security Symposium, San Jose, California, July 1996.
    Google ScholarFindings
  • Philip R. Zimmermann. The Official PGP User’s Guide. MIT Press, Cambridge, MA, USA, 1995. ISBN 0-262-74017-6.
    Google ScholarFindings
  • Yin Zhang and Vern Paxson. Detecting backdoors. In Proc. of 9th USENIX Security Symposium, August 2000.
    Google ScholarLocate open access versionFindings
  • Yin Zhang and Vern Paxson. Detecting stepping stones. In Proc. of 9th USENIX Security Symposium, August 2000.
    Google ScholarLocate open access versionFindings
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科