[Fwd: Re: Defeating Timing Attacks Patch for OpenSSH 2.9.9p2 and 2.9p2]

C. Jason Coit jasonc at silicondefense.com
Wed Oct 17 09:36:15 EST 2001


The timing attack described in the paper by Dawn Song et al. works by
examining the timing of keystrokes.  Currently OpenSSH sends a packet
every time you press a key, thus it is possible to capture the
approximate inter-keystroke timing of a user (they found minimal
in time from a key press to packet sent).  Our patch causes a packet to
be sent every 50 ms regardless of whether you type a key or not (sends
an ignore message aka nop).  Thus an attacker cannot be exactly sure of
your inter-keystroke timing.  

It doesn't matter if you are an average user or a fast touch-typing
secretary, your inter-keystroke timing is obscured.  In addition to this
our patch conserves bandwidth by shutting off after about a second after
the last key press.  If you don't stop typing for more than a second, it
appears as if you are constantly send packets to the server every 50
Adding random noise would be less effective than what we are doing. 
Random noise would dilute the signal of inter-keystroke timing, we are
eliminating the signal altogether.  By pacing the inter-packet timing we
completely remove the inter-keystroke timing information.


-Jason Coit

-------- Original Message --------
Subject: Re: Defeating Timing Attacks Patch for OpenSSH 2.9.9p2 and
Date: Tue, 16 Oct 2001 17:36:18 -0400
From: Nicolas Williams <Nicolas.Williams at ubsw.com>
To: "C. Jason Coit" <jasonc at silicondefense.com>
CC: openssh-unix-dev at mindrot.org
References: <3BCC889C.AA5C57F0 at silicondefense.com>

Let's see. The timing attack has to do with predictable timing. The
solution would seem to be to add randomness to the packet timing. Your
patch does not do this -- it adds more predictable traffic.

I would think that to defeat the timing attack SSH would have to send
random-sized no-op packets at random intervals, or perhaps just adding
random delays before sending packets. And, of course, we're not talking
IP packets here, but SSH "packets."

But I could be wrong, I'm not an expert on this subject.


More information about the openssh-unix-dev mailing list