linux, säkerhet

6955018 2001-08-22 08:53 -0600  /41 rader/  <aleph1@securityfocus.com>
Sänt av: secpapers-return-61-9616=lyskom.lysator.liu.se@securityfocus.com
Importerad: 2001-08-22  17:06  av Brevbäraren
Extern mottagare: secpapers@securityfocus.com
Extern kopiemottagare: secureshell@securityfocus.com
Mottagare: SECPAPERS (import) <69>
Extra kopia: Cracking erfarenhetsutbyte <12097>
    Sänt:     2001-08-23 19:30
    Sänt av Pontus Sköld ("give me all your pancakes")
Ärende: Timing Analysis of Keystrokes and Timing Attacks on SSH
------------------------------------------------------------
Timing Analysis of Keystrokes and Timing Attacks on SSH
Dawn Xiaodong Song, David Wagner, Xuqing Tian
University of California, Berkeley

SSH is designed to provide a security channel between two
hosts. Despite the  encryption and authentication mechanisms it uses,
SSH has two weakness:  First, the transmitted packets are padded only
to an eight-byte boundary (if a block cipher is in use), which
reveals the approximate size of the  original data. Second, in
interactive mode, every individual keystroke that  a user types is
sent to the remote machine in a separate IP packet  immediately after
the key is pressed, which leaks the interkeystroke timing
information of users' typing. In this paper, we show how these
seemingly  minor weaknesses result in serious security risks.

First we show that even very simply statistical techniques suffice to
reveal sensitive information such as the length of users' passwords
or even  root passwords. More importantly, we further show that using
more advanced  statistical techniques on timing information collected
from the network,  the eavesdropped can learn significant information
about what users type in  SSH sessions. In particular, we perform a
statistical study of users'  typing patterns and show that these
patterns reveal information about the  keys typed. By developing a
Hidden Markov Model and our key sequence  prediction algorithm, we
can predict key sequences from the interkeystroke  timings. We
further develop and attacker system, Herbivore, which tried to  learn
users' passwords by monitoring SSH sessions. By collecting timing
information on the network, Herbivore can speed up exhaustive search
for  passwords by a factor of 50. We also propose some
countermeasures.

In general our results apply not only to SSH, but also to general
class of  protocols for encrypting interactive traffic. We show that
timing leaks  open a new set of security risks, and hence caution
must be taken when  designing this type of protocol.

http://paris.cs.berkeley.edu/~dawnsong/papers/ssh-timing.pdf     

-- 
Elias Levy
SecurityFocus
http://www.securityfocus.com/
Si vis pacem, para bellum
(6955018) / <aleph1@securityfocus.com>/---(Ombruten)