17-07-2012, 02:06 PM
SSH Timing Attacks
ssh-timing.ppt (Size: 205.5 KB / Downloads: 46)
The Dark Ages
Before SSH, before the age of enlightenment – the world was shrouded in darkness
Telnet and ftp were used everywhere, and thus passwords were sent over the wire.
Reasons to use SSH.
Designed to be a secure replacement for rsh, rlogin, rcp, rdist, and telnet.
Strong authentication. Closes several security holes (e.g., IP, routing, and DNS spoofing).
Improved privacy. All communications are automatically and transparently encrypted.
Secure X11 sessions. The program automatically sets DISPLAY on the server machine, and forwards any X11 connections over the secure channel.
Keystroke Timing Theory
Identification of users are based on the statistical comparison of known keystroke latencies to unknown keystroke latencies.
If there is no statistical difference between the known latency to the unknown latency, then you cannot say that the keystroke pairs were typed by different individuals.
Timing Research: Gaines/Shapiro
Research in keystroke and keyboard dynamics dates back to 1924.
Sporadic bursts of research through the 1970's.
1980 Rand research directed by S. Gaines and N. Shapiro attempted to establish whether a user could be identified by the statistical characteristics of their typing behaviour.
Goal was to provide a basis for a computer authentication system.
SSH Timing: Gaussian Modelling
The data look normal (Gaussian).
The investigators derive and plot Gaussian graphs for each keystroke pair (142 total graphs) per user.
A lot of overlap between mean digraph latencies.
So how does one tell the difference between a digraph peak at 75 ms and 80 ms?