Packet Timing and Data Leaks

Chris Rapier rapier at psc.edu
Tue Aug 8 01:18:28 AEST 2023 

Nico,

This isn't steganography but a timing attack. However, the timing attack 
isn't focused on the cipher but the user. Basically, let's assume that 
you are an attacker. All you have are the timing sequences of packets 
between a client and a host. The question is if you can take the timing 
between each packet to tell you anything about the data being sent.

You can make some assumptions -
1) It's an interactive session.
2) The person behind the interactive session is trained in touch typing 
(this won't work as well with self taught/hunk and peck/whatever typists 
as well because the "fist" (if we want to go back the old Morse code 
terminology is going be much more idiosyncratic and harder to model).

What you know is that it takes a certain amount of time for a finger to 
travel from the home row to a specific key and from that key to another 
key in a well known language. You also know that SSH doesn't delay 
sending packets and that each individual character is represented by a 
new packet. As such the pause between each individual packet roughly 
corresponds to the time between each key press.

Since you can model the time between key presses (given that person is 
trained in touch typing) for pairs of letters you may be able to use 
that to gain some entry into what the person is actually typing during 
the session.

If you can figure out even a relatively small percentage of letters you 
can possibly recreate large portions of the text and, from that, maybe 
even figure out the encryption key being used.

The Soviets did something similar to this when they bugged the American 
embassy in Moscow. However, in this case they did timing attack on the 
movement of the type ball in IBM Selectrics which might have made it 
easier. 
https://arstechnica.com/information-technology/2015/10/how-soviets-used-ibm-selectric-keyloggers-to-spy-on-us-diplomats/ 


Chris

On 8/5/23 3:07 PM, Nico Kadel-Garcia wrote:
> On Thu, Aug 3, 2023 at 2:35 PM Chris Rapier <rapier at psc.edu> wrote:
>>
>> Howdy all,
>>
>> So, one night over beers I was telling a friend how you could use the
>> timing between key presses on a type writer to extract information.
>> Basically, you make some assumptions about the person typing (touch
>> typing at so many words per second and then fuzzing the parameters until
>> words come out).
>>
>> The I found a paper written back in 2001 talked about using the
>> interpacket timing in interactive sessions to leak information.
>> https://people.eecs.berkeley.edu/~dawnsong/papers/ssh-timing.pdf
>>
>> I'm sure this has been addressed (or dismissed) but I'm looking for the
>> specific section of code that might deal with this. Any pointers?
>>
>> Thanks,
>>
>> Chris
> 
> Why would any code "deal with this"? What you're describing is a form
> of steganography, embedding another subtler, more dangerous message
> inside the larger, safer, apparent message. Because there are so many
> ways to hide such data, it's not even theoretically possible to avoid
> altogether. OpenSSH would be the wrong layer of the stack to
> manipulate this, especially given the attempts to improve interactive
> behavior by improving responsiveness and reducing latency. If you're
> making a system as swift and responsive as possible, it becomes very
> difficult to regulate the timing of what may be human driven
> interactions. And if you're going to manipulate packet delays.....
> that's at the network layer or data layer, layer 2 or layer 3 of the
> OSI stack. OpenSSH is more at the transport layer.
> 
> I don't see how OpenSSH could be written to avoid this.without
> sacrificing responsive of interactive sessions.

More information about the openssh-unix-dev mailing list