Timing Analysis of Keystrokes and Timing Attacks on SSH

Slides:

Advertisements

Similar presentations

Cipher Techniques to Protect Anonymized Mobility Traces from Privacy Attacks Chris Y. T. Ma, David K. Y. Yau, Nung Kwan Yip and Nageswara S. V. Rao.

Advertisements

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Dynamic Bayesian Networks (DBNs)

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

Language Model based Information Retrieval: University of Saarland 1 A Hidden Markov Model Information Retrieval System Mahboob Alam Khalid.

Prof. K.J.Blow, Dr. Marc Eberhard and Dr. Scott Fowler Adaptive Communications Networks Research Group Electronic Engineering Aston University Significance.

Hidden Markov Model Cryptanalysis Chris Karlof and David Wagner.

Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis Presented by Yang Gao 11/2/2011 Charles V. Wright MIT Lincoln Laboratory Scott.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

HMM-BASED PATTERN DETECTION. Outline  Markov Process  Hidden Markov Models Elements Basic Problems Evaluation Optimization Training Implementation 2-D.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Toward a Framework for Preventing Side-Channel Attacks in Wireless Networks Jeff Pang.

A Data-Driven Approach to Quantifying Natural Human Motion SIGGRAPH ’ 05 Liu Ren, Alton Patrick, Alexei A. Efros, Jassica K. Hodgins, and James M. Rehg.

Lecture 5: Learning models using EM

Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Statistical based IDS background introduction. Statistical IDS background Why do we do this project Attack introduction IDS architecture Data description.

1 Analysis of the Linux Random Number Generator Zvi Gutterman, Benny Pinkas, and Tzachy Reinman.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

Hidden Markov Models.

1 Security problems of your keyboard –Authentication based on key strokes –Compromising emanations consist of electrical, mechanical, or acoustical –Supply.

Paper Presentation April 10, 2006 Rui Min Topic in Bioinformatics, Dr. Charles Yan - Training HMM structure with genetic algorithm for biological sequence.

Georgy Melamed Eran Stiller

COS 420 DAY 24. Agenda Assignment 5 posted Chap Due May 4 Final exam will be take home and handed out May 4 and Due May 10 Student evaluations Latest.

Keystroke Dynamics Jarmo Ilonen. Structure of presentation Introduction Keystroke dynamics for Verification Identification Commercial system: BioPassword.

Key-Stroke Timing and Timing Attack on SSH Yonit Shabtai and Michael Lustig supervisor: Yoram Yihyie Technion - Israel Institute of Technology Computer.

SSH Secure Login Connections over the Internet

On the Anonymity of Anonymity Systems Andrei Serjantov (anonymous)

Online Chinese Character Handwriting Recognition for Linux

Protecting Web 2.0 Services from Botnet Exploitations Cybercrime and Trustworthy Computing Workshop (CTC), 2010 Second Nguyen H Vo, Josef Pieprzyk Department.

Graphical models for part of speech tagging

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,

Brute Force Password Cracking and its Role in Penetration Testing Andrew Keener and Uche Iheadindu.

ALIP: Automatic Linguistic Indexing of Pictures Jia Li The Pennsylvania State University.

CSCE 815 Network Security Lecture 26 SSH and SSH Implementation April 24, 2003.

Using Inactivity to Detect Unusual behavior Presenter : Siang Wang Advisor : Dr. Yen - Ting Chen Date : Motion and video Computing, WMVC.

Peeping Tom in the Neighborhood Keystroke Eavesdropping on Multi-User Systems USENIX 2009 Kehuan Zhang, Indiana University, Bloomington XiaoFeng Wang,

I can be You: Questioning the use of Keystroke Dynamics as Biometrics —Paper by Tey Chee Meng, Payas Gupta, Debin Gao Presented by: Kai Li Department of.

DDoS Attack on GENI Ilker Ozcelik and Richard Brooks* Clemson University Detecting a DDoS Attack is not the solution for Internet security. After gaining.

Exploiting Cache-Timing in AES: Attacks and Countermeasures Ivo Pooters March 17, 2008 Seminar Information Security Technology.

Variational Bayesian Methods for Audio Indexing

Maintaining a Cache of Previously Queried Prefixes “Telepathwords: Preventing weak passwords by reading users’ minds.” Saranga Komanduri, Richard Shay,

Seeing-Is-Believing: Using Camera Phones for Human-Verifiable Authentication McCune, J.M., Perrig, A., Reiter, M.K IEEE Symposium on Security and.

ECE 8443 – Pattern Recognition ECE 8527 – Introduction to Machine Learning and Pattern Recognition Objectives: Elements of a Discrete Model Evaluation.

Presentation for CDA6938 Network Security, Spring 2006 Timing Analysis of Keystrokes and Timing Attacks on SSH Authors: Dawn Xiaodong Song, David Wagner,

1 Chapter 8: Model Inference and Averaging Presented by Hui Fang.

Discriminative Training and Machine Learning Approaches Machine Learning Lab, Dept. of CSIE, NCKU Chih-Pin Liao.

ECE 8443 – Pattern Recognition ECE 8527 – Introduction to Machine Learning and Pattern Recognition Objectives: Reestimation Equations Continuous Distributions.

Hidden Markov Models. A Hidden Markov Model consists of 1.A sequence of states {X t |t  T } = {X 1, X 2,..., X T }, and 2.A sequence of observations.

HOW CAN ATTACKERS READ YOUR MIND? Telepathwords: Preventing Weak Passwords By Reading Users’ Minds Saranga, K., Richard, S., lorrie, F.C., Cormac, H. and.

All Your Queries are Belong to Us: The Power of File-Injection Attacks on Searchable Encryption Yupeng Zhang, Jonathan Katz, Charalampos Papamanthou University.

Sanmit Narvekar Department of Computer Science California State University, Los Angeles Advisor: Prof. Valentino Crespi.

GRAPH AND LINK MINING 1. Graphs - Basics 2 Undirected Graphs Undirected Graph: The edges are undirected pairs – they can be traversed in any direction.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

Language Modeling Again So are we smooth now? Courtesy of Chris Jordan.

Cryptographic Insecurity of the Test&Repeat Paradigm Tomáš Rosa, eBanka, a.s., Charles University, Prague, Czech Technical University in.

Constrained Hidden Markov Models for Population-based Haplotyping

Statistical Identification of Encrypted Web-Browsing Traffic

Module 4 Remote Login.

Statistical Models for Automatic Speech Recognition

Bayesian Models in Machine Learning

Timing Analysis of Keystrokes And Timing Attacks on SSH

Statistical Models for Automatic Speech Recognition

SSH – the practical solution

of the IEEE Distributed Coordination Function

Some slides from Shuo Chen

Statistical based IDS background introduction

Anonymity – Generalizing Mixes

Presentation transcript:

Timing Analysis of Keystrokes and Timing Attacks on SSH D. Song, D. Wagner, and X. Tian 10th USENIX Security Symposium, 2001 Presented by: Rui Peng

Outline Secure Shell (SSH) weaknesses Analysis of user keystroke patterns Attack using inter-keystroke timing Performance evaluation Countermeasures Comments and conclusion

Secure Shell (SSH) Offers an encrypted channel and strong authentication. Replaces telnet, rlogin. Two seemingly minor weaknesses: Padding: 1-8 bytes Reveals approximate data size Separate packet for each keystroke Leaks timing information of user’s typing

Traffic Signature Attack

What is the central idea ? Exploit SSH Weaknesses => Obtain Inter-Keystroke Timing (Latency) Infer User Password Collect user typing statistics Build a Hidden Markov Model and train it using the data Recommend passwords based on latency data

How Are Training Data Collected? Pick a pair of characters, e.g. (“v”, “o”) Ask users to type the pair for 30-40 times Collect latency information Repeat for every different pair of characters

Estimated Gaussian Distributions of All Character Pairs

Entropy and Information Gain

Hidden Markov Model (HMM) Latency distributions severely overlap Hard to infer characters just based on latency Solution: Use Hidden Markov Model (HMM) HMM: describes finite-state stochastic process Transition probability only depends on the current state

Inference Algorithm y = (y1, y2, …, yT): sequence of latencies q = (q1, q2, …, qT): sequence of character pairs Calculate Pr(q|y): likelihood of the two Pr(q|y) essentially gives a ranking for each possible character sequence q

Performance results 10 tests all with length 8 On average the real password is located within top 2.7% of the list. Half of the time the password will be in the top 1% of the list.

Difference in user typing patterns 75% of the time the latencies are the same. Typing statistics have a large component in common. Attack does NOT need typing statistics from the victim !

Countermeasures Let the server return dummy packets when it receives keystroke packets from the client. Let the client randomly delay sending keystroke packets. Let the client send keystroke packets at a constant rate.

Strengths Novel idea Nice technique Good performance Interesting findings Countermeasures given

Limitations No mention of how to deal with backspace No discussion of how different keyboard layouts affect the results Laptop vs desktop Different keyboard layouts in different regions

Thank you! Questions?