Presentation is loading. Please wait.

Presentation is loading. Please wait.

Timing Analysis of Keystrokes and Timing Attacks on SSH

Published byFanny Beck Modified over 6 years ago

Similar presentations

Presentation on theme: "Timing Analysis of Keystrokes and Timing Attacks on SSH"— Presentation transcript:

1 Timing Analysis of Keystrokes and Timing Attacks on SSH
D. Song, D. Wagner, and X. Tian 10th USENIX Security Symposium, 2001 Presented by: Rui Peng

2 Outline Secure Shell (SSH) weaknesses
Analysis of user keystroke patterns Attack using inter-keystroke timing Performance evaluation Countermeasures Comments and conclusion

3 Secure Shell (SSH) Offers an encrypted channel and strong authentication. Replaces telnet, rlogin. Two seemingly minor weaknesses: Padding: 1-8 bytes Reveals approximate data size Separate packet for each keystroke Leaks timing information of user’s typing

4 Traffic Signature Attack

5 What is the central idea ?
Exploit SSH Weaknesses => Obtain Inter-Keystroke Timing (Latency) Infer User Password Collect user typing statistics Build a Hidden Markov Model and train it using the data Recommend passwords based on latency data

6 How Are Training Data Collected?
Pick a pair of characters, e.g. (“v”, “o”) Ask users to type the pair for times Collect latency information Repeat for every different pair of characters

7

8

9 Estimated Gaussian Distributions of All Character Pairs

10 Entropy and Information Gain

11 Hidden Markov Model (HMM)
Latency distributions severely overlap Hard to infer characters just based on latency Solution: Use Hidden Markov Model (HMM) HMM: describes finite-state stochastic process Transition probability only depends on the current state

12 Inference Algorithm y = (y1, y2, …, yT): sequence of latencies
q = (q1, q2, …, qT): sequence of character pairs Calculate Pr(q|y): likelihood of the two Pr(q|y) essentially gives a ranking for each possible character sequence q

13 Performance results 10 tests all with length 8
On average the real password is located within top 2.7% of the list. Half of the time the password will be in the top 1% of the list.

14 Difference in user typing patterns
75% of the time the latencies are the same. Typing statistics have a large component in common. Attack does NOT need typing statistics from the victim !

15 Countermeasures Let the server return dummy packets when it receives keystroke packets from the client. Let the client randomly delay sending keystroke packets. Let the client send keystroke packets at a constant rate.

16 Strengths Novel idea Nice technique Good performance
Interesting findings Countermeasures given

17 Limitations No mention of how to deal with backspace
No discussion of how different keyboard layouts affect the results Laptop vs desktop Different keyboard layouts in different regions

18 Thank you! Questions?

Download ppt "Timing Analysis of Keystrokes and Timing Attacks on SSH"

Similar presentations

Cipher Techniques to Protect Anonymized Mobility Traces from Privacy Attacks Chris Y. T. Ma, David K. Y. Yau, Nung Kwan Yip and Nageswara S. V. Rao.

Cipher Techniques to Protect Anonymized Mobility Traces from Privacy Attacks Chris Y. T. Ma, David K. Y. Yau, Nung Kwan Yip and Nageswara S. V. Rao.
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Dynamic Bayesian Networks (DBNs)

Dynamic Bayesian Networks (DBNs)
Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.
CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)

CMPE208 Presentation Terminal Access Controller Access Control System Plus (TACACS+) By MARVEL (Libing, Bhavana, Ramya, Maggie, Nitin)
Language Model based Information Retrieval: University of Saarland 1 A Hidden Markov Model Information Retrieval System Mahboob Alam Khalid.

Language Model based Information Retrieval: University of Saarland 1 A Hidden Markov Model Information Retrieval System Mahboob Alam Khalid.
Prof. K.J.Blow, Dr. Marc Eberhard and Dr. Scott Fowler Adaptive Communications Networks Research Group Electronic Engineering Aston University Significance.

Prof. K.J.Blow, Dr. Marc Eberhard and Dr. Scott Fowler Adaptive Communications Networks Research Group Electronic Engineering Aston University Significance.
Hidden Markov Model Cryptanalysis Chris Karlof and David Wagner.

Hidden Markov Model Cryptanalysis Chris Karlof and David Wagner.
Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis Presented by Yang Gao 11/2/2011 Charles V. Wright MIT Lincoln Laboratory Scott.

Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis Presented by Yang Gao 11/2/2011 Charles V. Wright MIT Lincoln Laboratory Scott.
Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.
HMM-BASED PATTERN DETECTION. Outline  Markov Process  Hidden Markov Models Elements Basic Problems Evaluation Optimization Training Implementation 2-D.

HMM-BASED PATTERN DETECTION. Outline  Markov Process  Hidden Markov Models Elements Basic Problems Evaluation Optimization Training Implementation 2-D.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Toward a Framework for Preventing Side-Channel Attacks in Wireless Networks Jeff Pang.

Toward a Framework for Preventing Side-Channel Attacks in Wireless Networks Jeff Pang.
A Data-Driven Approach to Quantifying Natural Human Motion SIGGRAPH ’ 05 Liu Ren, Alton Patrick, Alexei A. Efros, Jassica K. Hodgins, and James M. Rehg.

A Data-Driven Approach to Quantifying Natural Human Motion SIGGRAPH ’ 05 Liu Ren, Alton Patrick, Alexei A. Efros, Jassica K. Hodgins, and James M. Rehg.
Lecture 5: Learning models using EM

Lecture 5: Learning models using EM
Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.

Mitigating Bandwidth- Exhaustion Attacks using Congestion Puzzles XiaoFeng Wang Michael K. Reiter.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Statistical based IDS background introduction. Statistical IDS background Why do we do this project Attack introduction IDS architecture Data description.

Statistical based IDS background introduction. Statistical IDS background Why do we do this project Attack introduction IDS architecture Data description.
1 Analysis of the Linux Random Number Generator Zvi Gutterman, Benny Pinkas, and Tzachy Reinman.

1 Analysis of the Linux Random Number Generator Zvi Gutterman, Benny Pinkas, and Tzachy Reinman.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

Similar presentations

Ads by Google