O’Reilly Network: Time and Tide Wait for No Protocol: The SSH Keystroke Timing Attack

“At the 10th Usenix Security Symposium (Washington
D.C., August 2001), U.C. Berkeley researchers Dawn Song, David
Wagner, and Xuqing Tian presented a paper titled, Timing Analysis
of Keystrokes and Timing Attacks on SSH . The paper describes their
research into applying traffic-analysis techniques to interactive
SSH connections in order to infer information about the encrypted
connection contents. The paper concludes that the keystroke timing
data observable from today’s SSH implementations reveals a
dangerously significant amount of information about user terminal
sessions–enough to locate typed passwords in the session data
stream and reduce the computational work involved in guessing those
passwords by a factor of 50.

Not surprisingly, this paper initiated a great deal of
discussion among SSH users, developers, and the security community
in general, especially in public forums such as Slashdot. In this
article, I will summarize the issues involved, discuss the paper’s
methods and conclusions, and dispel some of the often-repeated
misconceptions in the public’s reaction to this research.

The paper revolves around the notion of traffic analysis, and
while it uses SSH as a concrete example, the techniques involved
are not specific to SSH, but rather apply to most interactive
remote-terminal protocols as they are implemented today. The
principle of traffic analysis is that there is a lot of useful
information to be gleaned from the amount, timing, and direction of
network traffic, even if you can’t actually read the traffic
content itself. Suppose I’m monitoring the network port leading to
a system administrator’s office.”

Complete Story