DON XIAODONG DON | DAVID WAGNER | XUQUING TIAN
TIME ANALYSIS OF KEYSTROKES AND TIMING ATTACKS ON SSH
(Summary by CHINMAYA TRIPATHI)
*RESEARCH AT A GLANCE: *
SSH provides a secure channel between two hosts. Despite its protective mechanisms, it is open to a lot of security mechanisms. For suppose, the transmitted data packets are padded only by 8-byte boundary, which can reveal the size of data and second the data being sent to the receiver with the user tapping each button on the keyboard. These small minor mistakes could lead to some serious security vulnerability. This paper covers some of the important aspects of transmission of data over SSH. The authors further develop mechanisms, which try to monitor and learn user data by monitoring SSH sessions.
*INTRODUCTION (Problem statement): *
Following the vulnerability of rlogin, ftp and telnet, which transfer the data over the network openly be it wireless or ethernet, creating an opportunity to an attacker to access all the data without much hustle. SSH was introduced, which came widely into practise because of its secure data transfer and reliability over any network.
Although SSH provides good encryption and secure data transfer, this paper highlights some of the techniques which can result in finding some substantial data being transferred over SSH, even though it is called out to be a secure transfer.
RESEARCH STUDY: The paper begins with studying the user's keyboard dynamics, which does reveal the information typed in the set of intervals. Looking more into detail, it revealed 1 bit of information about the content per keystroke of the keyboard. When this sequence was used in a hidden Markov Model named Herbivore (an attacker system), which records the information of a user entering the password over the network, resulted in the conclusion that passwords were chosen into a randomly uniform length of 7-8 chars. This reduced the cost of password cracking by 50 and then they focused on to include some countermeasures to eliminate this vulnerability.
It was also brought into account that this vulnerability does not limit to SSH, instead it can result in any encrypted data transfer protocol.
EAVESDROPPING SSH:
The experiment involves listening to the conversation between the client and the server which involves the data sent the client and server simultaneously, reading the packet size, monitoring the intervals the message was being sent and the pattern in bits with which the data would be sent from and to client-server. The way eavesdropping works is the attacker can learn 1-bit of data sent over the server and apply the model trained to determine the data possibility.
There are some significant attacks implemented to measure the scarcity of the attack and measure upto what extent it can affect and exploit the system. The attacks are based on the Hidden Markov Model and the ‘n’ Viterbi algorithm which help to determine the patterns and the data which can be transmitted over the network.
Traffic-signature attack: This attack involves an attacker trying to know the password paradigm with the SU linux command to the server. When the server asks for the password from the user by reading the command (SU). The attacker tries to identify the pattern of bytes returned when this certain command is being typed i.e. SU. The amount of back and forth transfer of data between the server and the client and the time to authentication, and when the user enters the password, there is no transfer of packets to the client results in recognition of password bits transferred to the server. Hence it can be traced.
Multi-user attack: In this attack, the attacker tries to examine the ‘ls’ command by the user which prints all the contents of the system present directory and helps him examine the status of authenticity of that particular user. Now, when the user tries to login, or for any other command which requires the user for root level access, the server requires a password, and this could be monitored by the attacker.
Nested SSH attack: This attack involves attacker monitoring for a connection which is made through the remote system the user is already connected to. While logging into the third system, the user transfers the password twice, that is from his own system to second and from there to third. The attacker gets a chance to verify the pattern of password by reading both the data transfer between A -> B and then B -> C, which results in even quicker pattern recognition, especially when using the designed model to detect the pattern for specific input type.
The data collected by the attacker is the interval between the two keystrokes. Hence, we focus only on key-press events. The time difference between two key presses is called the latency between the keystrokes and we can use this term inter-keystroke timing to refer to the latency between two keystrokes.
Further the patterns are read with certain constraints like, auth repetition, bit repetition, latency measurement and other, which lead to a certain prediction about the data the user is transferring/exchanging to the server frequently. This could consist of some valuable data when connecting dots. The calculation depends upon simple timing characteristics, which consist of a user typing two letters with alternative hands, matching combinations like alpha-numeric, only alpha or only numeric. This information when put into the derived models like Gaussian Modeling, can result in some valuable data the attacker can take advantage of.
In conclusion, when tried on different methods like password inference on a single user and multiple user, they give some substantial information. Organizing the long sequential patterns in the input helps the model to analyze the data.
COUNTER MEASURES: Although the attacker can figure out the pattern of keystrokes, if the echo for empty packets is turned off on server end and for each keystroke, the server returns the dummy packets which will be ignored by the client will reduce the effectiveness of the traffic signature attack, as it prevents enter-keystroke timing information.
We can also modify the SSH to receive the packet by a random amount of ‘n’ milliseconds between every keystroke. This could eliminate constant monitoring for passwords. Another way is to set a response and client request at a rate of 50 milliseconds. Since the rate is constant, in general the transmission of data will be the same for every exchange of data which will result in original data as well as dummy traffic data sent by the server at a constant rate. Although this packet doesn't help in preventing the size of packets sent for-through client-server, it diminishes the password or sensitive data between the client and server because of the same packet size.
CONCLUSION:
The paper concludes with the fact that the weaknesses reveal a surprising amount of information on passwords and other text typed over SSH sessions. The timing information opens up some of the new set of risks, which the authors recommend that developers take care when designing these types of protocols.
The transmitted packets which are sent over the network are padded only to an 8-byte boundary, which reveals the approximate size of the original data. And, in interactive mode, every individual’s keystroke typed is sent to the remote machine in a separate IP packet, which is immediately after the key is pressed, which leaks the inter keystroke timings of what the user is typing, i.e the precise inter-keystroke timings of users’ typing from the arrival times of packets.
REFERENCES:
https://people.eecs.berkeley.edu/~daw/papers/ssh-use01.pdf
https://sites.cs.ucsb.edu/~bultan/courses/595-F16/Week2.PDF
Top comments (0)