New SSH attack weakens passwords

posted onAugust 21, 2001
by hitbsecnews

A team of researchers from the
University of California at Berkeley revealed two
weaknesses in Secure Shell (SSH) implementations
Friday that allow an eavesdropper to learn the exact
length of a user's password by observing the rhythm
of their keystrokes.

By using advanced statistical techniques on timing
information collected over the network, researchers
also found that the eavesdropper can learn significant
information about what users type in SSH sessions.

SSH is designed to provide a secure channel
between two hosts, and strong authentication of both
the remote host and user. But a paper entitled
"Timing Analysis of Keystrokes and Timing Attacks on SSH," presented at the
Usenix Security Symposium here, shows that the commonly used system has
serious weaknesses, and may give users a false sense of security.

The research group, which includes Dawn Xiaodong Song, David Wagner and
Xuqing Tian, showed that the transmitted packets are padded only to an
eight-byte boundary if a block cipher is used.

Their second weakness is that in an interactive mode, each keystroke that a
user types is sent to a remote machine in separate IP packets immediately after
the key is pressed. According to the researchers, this leaks the inter-keystroke
timing information of the users' typing.

"Unfortunately, SSH is not as bullet proof as one would hope," said Song.
"Our attack shows that an eavesdropper can learn sensitive information about
the users' data, such as passwords, over SSH."

Song, who presented the paper, said the researchers performed a statistical
study of users' typing patterns and showed that these patterns revealed
information about the keys typed. She said that by developing a Hidden
Markov Model and a key sequence prediction algorithm, the team could
predict key sequences from inter-keystroke timings.

The researchers studied user dynamics and determined that the timing
information of the keystrokes leak information about the key sequences typed
at about 1 bit of information about the content per keystroke pair. Because the
entropy of passwords is only 4-8 bits per character, this 1 bit per keystroke
pair information can reveal significant information about the content typed.

The researchers further verified that the time it takes the operating system to
send out the packet after the key is pressed is generally negligible compared to
the inter-keystroke timing. An eavesdropper can therefore learn the precise
inter-stroke timing of users' typing based on the arrival time of the packets.

'Herbivore' password cracker Based on their findings, the researchers
developed an attack system, called Herbivore, which attempts to learn users'
passwords by monitoring SSH sessions. Song noted that by collecting timing
information on the network, Herbivore can increase the speed of an exhaustive
password search by a factor of fifty.

These results apply not only to SSH, said Song, but also to a general class of
protocols for encrypting interactive traffic. She warned that because timing
leaks open up a new set of security risks, caution must be taken when
designing this type of protocol.

The paper presented at Usenix also proposes some countermeasures that can
be taken to guard against this type of attack. Song says countermeasures must
hide inter-keystroke timings and send dummy packets when the user is typing
slowly. When the user is typing more quickly, they can combine the packets of
several keystrokes so that attackers cannot read individual keystroke packets
and determine the timing of the keys or how many characters are typed.

"It's a classical application of traffic analysis where information can be gained
just from the pattern of the communication rather than the data itself," said
cryptographer Greg Rose, principal engineer with Qualcomm. "In practice, it's
a small result, because a best practice site will still not be vulnerable in a
meaningful way.

"It exposes partial information about passwords, but the whole point of using
SSH is that you don't need to authenticate through the firewall with passwords,
so attackers have no launch point," adds Rose.

"This demonstrates that tools are important, but without the context of a good
security policy your risk is unmanaged, said Tom Limoncelli of security auditing
firm Lumeta Corp., and coauthor of The Practice of System and Network
Administration. "I think the countermeasures will come soon. I am never
worried about a security risk being announced, we are worried about a
security risk being kept secret."

This is not the first SSH attack published by researchers. In March, an
advisory with the SSHOW traffic analysis tool, entitled "Passive Analysis of
SSH (Secure Shell) Traffic," was posted to the BUGTRAQ security mailing
list. The authors, Solar Designer and Dug Song, also included unofficial SSH
1.2.x patch. This advisory demonstrated several weakness in implementations
of SSH protocols which let attacks obtain sensitive information by passively
monitoring encrypted SSH sessions. This information could be used to
speed-up brute-force attacks on passwords.

BusinessWeek

Source

Tags

Networking

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs