openssh and keystroke timing attacks (again)
clausen at econ.upenn.edu
Tue Dec 28 06:11:42 EST 2010
Over the past 10 years, there has been some discussion and several
patches concerning keystroke timing being revealed by the timing of
openssh packet network transmission. The issue is that keystroke
timing is correlated with the plaintext, and openssh users expect
their communications to be kept entirely secret.
Despite some excellent ideas and patches, such as Jason Coit's
there has been little done to address this problem. As far as I can
tell, the only countermeasure implemented in OpenSSH is that the
server will echo back dummy messages (rather than nothing) when users
enter passwords. But users expect all of their communication to be
secret... not just their passwords! (There is no project called
I think Jason's approach is spot on:
* keystrokes should be only sent at predetermined intervals (eg:
every 50ms, or 20 times a second)
* cover traffic at these fixed transmission times should be sent even
if no keystroke is pressed. This can be turned off whenever a user is
idle for 3 seconds.
The security of Jason's proposal is clear: no information is leaked,
except the timing of when the user starts and stops a typing spurt.
This is because the same traffic pattern is created, regardless of the
timing of the keystrokes.
Why is this feature not available in OpenSSH? Jason's patch is almost
10 years old and doesn't apply to modern OpenSSH. If I cleaned it up,
would it be seriously considered for inclusion in a future release?
More information about the openssh-unix-dev