Secure Shell

1
Secure Shell SSH

• Tam Ngo
• Steve Licking
• cs265

2
Overview

• Introduction
• Brief History and Background of SSH
• Differences between SSH-1 and SSH-2
• Brief Overview of how SSH works
• Attack on SSH
• Key-Stroke Timing Attack
• Conclusion

3
History and Background

• Password-sniffing attack
• SSH-1 was developed, Finland, 1995
• SSH Communications Security Ltd.
• Replacement for telnet and r-commands
• Version 2, SSH-2 released in 1998

4
SSH-1 vs. SSH-2

• All in one protocol
• CRC-32 integrity check
• One session per connection
• No password change
• No public-key certificate authentication

• Separate protocols
• Strong integrity check
• Multiple sessions per connection
• Password change
• provide public-key certificate authentication

5
How SSH Works

• (1) Client contacts server
• (2) If SSH protocol versions do not agree, no
  connection
• (3) Server identifies itself. Server sends host
  key, server key, check bytes, list of methods.
  Client looks in its DB for hosts.
• (4) Client sends a secret key, encrypted using
  servers public key
• Both begins encryption. Server authentication is
  completed
• Client authentication on the server side.
  Example, password and public-key authentication

6
SSH-2 Protocol
7
SSH2s Secure Channel

• What SSH does
• Packets are padded up to the first 8 byte
  multiple
• Input is sent as each key-down is read
• Not all input is echoed by the server

• What it means
• Data size can be estimated
• Keystroke timing is feasible
• Password sessions are identifiable

8
Identifying Password Transfers

• Doesnt SSH transfer passwords all at once? Yes,
  but
• Only when logging into the server
• Not when running any applications (e.g. su)
• Not when chaining logins

9
Is this Useful?

• Everything is encrypted, more information is
  required than just a password
• What good is a password if you dont know the
  host/user/application it is for
• Attackers can sniff traffic to determine the host
  it is destined for
• With access to the ps command attackers can
  narrow it down to a user running a specific
  application

10
Keystroke Timing

• Various key pairs have different delays

11
Keystroke Timing
12
Keystroke Pair Probabilities
13
Hidden Markov Model

• State machine
• The current state cannot be observed, only the
  output
• Transition to next state depends only on current
  state
• The likely state path can be deduced from
  observed output
• Let each state be a key pair and the output be
  the delay between the two key presses

14
Does It Work

• The HMM can be solved using known algorithms to
  find a likely solution
• The large amount of guesswork involved means the
  most likely solution isnt always the correct one
• Instead look at the n most likely solutions

15
Does It Work

• Given a subset of all possible 8 character random
  passwords
• This method can reduce work by a factor of 50
• Translates to roughly 1 bit per character entered

16
Does It Work

• Can timing information be collected?
• Yes
• Are the timing metrics useful if the user
  creating them isnt pre-tested?
• Yes
• Is it feasible to use a HMM to crack passwords?
• Depends on who you ask