Packet Timing and Data Leaks
Chris Rapier
rapier at psc.edu
Tue Aug 8 01:18:28 AEST 2023
Nico,
This isn't steganography but a timing attack. However, the timing attack
isn't focused on the cipher but the user. Basically, let's assume that
you are an attacker. All you have are the timing sequences of packets
between a client and a host. The question is if you can take the timing
between each packet to tell you anything about the data being sent.
You can make some assumptions -
1) It's an interactive session.
2) The person behind the interactive session is trained in touch typing
(this won't work as well with self taught/hunk and peck/whatever typists
as well because the "fist" (if we want to go back the old Morse code
terminology is going be much more idiosyncratic and harder to model).
What you know is that it takes a certain amount of time for a finger to
travel from the home row to a specific key and from that key to another
key in a well known language. You also know that SSH doesn't delay
sending packets and that each individual character is represented by a
new packet. As such the pause between each individual packet roughly
corresponds to the time between each key press.
Since you can model the time between key presses (given that person is
trained in touch typing) for pairs of letters you may be able to use
that to gain some entry into what the person is actually typing during
the session.
If you can figure out even a relatively small percentage of letters you
can possibly recreate large portions of the text and, from that, maybe
even figure out the encryption key being used.
The Soviets did something similar to this when they bugged the American
embassy in Moscow. However, in this case they did timing attack on the
movement of the type ball in IBM Selectrics which might have made it
easier.
https://arstechnica.com/information-technology/2015/10/how-soviets-used-ibm-selectric-keyloggers-to-spy-on-us-diplomats/
Chris
On 8/5/23 3:07 PM, Nico Kadel-Garcia wrote:
> On Thu, Aug 3, 2023 at 2:35 PM Chris Rapier <rapier at psc.edu> wrote:
>>
>> Howdy all,
>>
>> So, one night over beers I was telling a friend how you could use the
>> timing between key presses on a type writer to extract information.
>> Basically, you make some assumptions about the person typing (touch
>> typing at so many words per second and then fuzzing the parameters until
>> words come out).
>>
>> The I found a paper written back in 2001 talked about using the
>> interpacket timing in interactive sessions to leak information.
>> https://people.eecs.berkeley.edu/~dawnsong/papers/ssh-timing.pdf
>>
>> I'm sure this has been addressed (or dismissed) but I'm looking for the
>> specific section of code that might deal with this. Any pointers?
>>
>> Thanks,
>>
>> Chris
>
> Why would any code "deal with this"? What you're describing is a form
> of steganography, embedding another subtler, more dangerous message
> inside the larger, safer, apparent message. Because there are so many
> ways to hide such data, it's not even theoretically possible to avoid
> altogether. OpenSSH would be the wrong layer of the stack to
> manipulate this, especially given the attempts to improve interactive
> behavior by improving responsiveness and reducing latency. If you're
> making a system as swift and responsive as possible, it becomes very
> difficult to regulate the timing of what may be human driven
> interactions. And if you're going to manipulate packet delays.....
> that's at the network layer or data layer, layer 2 or layer 3 of the
> OSI stack. OpenSSH is more at the transport layer.
>
> I don't see how OpenSSH could be written to avoid this.without
> sacrificing responsive of interactive sessions.
More information about the openssh-unix-dev
mailing list