Defeating Timing Attacks
C. Jason Coit
jasonc at silicondefense.com
Sat Oct 6 11:21:58 EST 2001
Hello,
In response to the timing analysis attacks presented by Dawn Song et.
al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html
we
at Silicon Defense developed a patch for openssh to avoid such
measures.
Timing Analysis Evasion changes were developed by C. Jason Coit and Roel
Jonkman of Silicon Defense.
These changes cause SSH to send packets unless request not to, exactly
every 50 ms. IF no data is ready to be sent, SSH will send a bogus
packet with 16 bytes of data (which is the same size as most
keystrokes). Thus someone performing timing analysis cannot determine
the inter keystroke timing of a user. SSH will send bogus data for
about 1 second after the last keystroke. This both increases the
difficulty of determining exact password lengths and conserves bandwidth
when a user is idle (e.g. taking a coffee break). Both the Server and
the Client exhibit this behavior and yet our code places no limit on the
data rate(i.e. if the server needs to respond with large amounts of data
it will be able to do so with large packets and without the 50 ms timing
constraint).
The patch is currently for openssh 2.9.2 only (should not be hard to
port) and is available below as well as on the Silicon Defense web site
http://www.silicondefense.com/software/ssh/ssh-2.9.2-diffs
There is also a tarbal version of the the patched 2.9.2 openssh code
available for download.
http://www.silicondefense.com/software/ssh/opens3h-2.9p2.tar.gz
--
+-- --+
| C. Jason Coit Programmer/Analyst |
| *Silicon Defense - Technical Support for Snort* |
| http://www.silicondefense.com/ |
+-- -+
More information about the openssh-unix-dev
mailing list