Proceedings of the 10 th USENIX Security Symposium

Transcription

1 USENIX Associatio Proceedigs of the 0 th USENIX Security Symposium Washigto, DC, USA August 3 7, 00 THE ADVANCED COMPUTING SYSTEMS ASSOCIATION 00 by The USENIX Associatio All Rights Reserved For more iformatio about the USENIX Associatio: Phoe: FAX: office@useixorg WWW: Rights to idividual papers remai with the author or the author's employer Permissio is grated for ocommercial reproductio of the work for educatioal or research purposes This copyright otice must be icluded i the reproduced paper USENIX ackowledges all trademarks herei

2 Timig Aalysis of Keystrokes ad Timig Attacks o SSH Daw Xiaodog Sog David Wager Xuqig Tia Uiversity of Califoria, Berkeley Abstract Itroductio SSH is desiged to provide a secure chael betwee two hosts Despite the ecryptio ad autheticatio mechaisms it uses, SSH has two weakess: First, the trasmitted packets are padded oly to a eight-byte boudary (if a block cipher is i use), which reveals the approximate size of the origial data Secod, i iteractive mode, every idividual keystroke that a user types is set to the remote machie i a separate IP packet immediately after the key is pressed, which leaks the iterkeystroke timig iformatio of users typig I this paper, we show how these seemigly mior weakesses result i serious security risks First we show that eve very simple statistical techiques suffice to reveal sesitive iformatio such as the legth of users passwords or eve root passwords More importatly, we further show that by usig more advaced statistical techiques o timig iformatio collected from the etwork, the eavesdropper ca lear sigificat iformatio about what users type i SSH sessios I particular, we perform a statistical study of users typig patters ad show that these patters reveal iformatio about the keys typed By developig a Hidde Markov Model ad our key sequece predictio algorithm, we ca predict key sequeces from the iterkeystroke timigs We further develop a attacker system, Herbivore, which tries to lear users passwords by moitorig SSH sessios By collectig timig iformatio o the etwork, Herbivore ca speed up exhaustive search for passwords by a factor of 50 We also propose some coutermeasures I geeral our results apply ot oly to SSH, but also to a geeral class of protocols for ecryptig iteractive traffic We show that timig leaks ope a ew set of security risks, ad hece cautio must be take whe desigig this type of protocol This research was supported i part by the Defese Advaced Research Projects Agecy uder DARPA cotract N (uder supervisio of the Space ad Naval Warfare Systems Ceter Sa Diego) ad by the Natioal Sciece foudatio uder grats FD ad CCR Just a few years ago, people commoly used astoishigly isecure etworkig applicatios such as telet, rlogi, or ftp, which simply pass all cofidetial iformatio, icludig users passwords, i the clear over the etwork This situatio was aggravated through broadcast-based etworks that were commoly used (eg, Etheret) which allowed a malicious user to eavesdrop o the etwork ad to collect all commuicated iformatio [CB94, GS96] Fortuately, may users ad system admiistrators have become aware of this issue ad have take coutermeasures To curb eavesdroppers, security researchers desiged the Secure Shell (SSH), which offers a ecrypted chael betwee the two hosts ad strog autheticatio of both the remote host ad the user [Ylö96, SSL0, YKS 00b] Today, SSH is quite popular, ad it has largely replaced telet ad rlogi May users believe that they are secure agaist eavesdroppers if they use SSH Ufortuately, i this paper we show that despite state-of-the-art ecryptio techiques ad advaced password autheticatio protocols [YKS 00a], SSH coectios ca still leak sigificat iformatio about sesitive data such as users passwords This problem is particularly serious because it meas users may have a false cofidece of security whe they use SSH I particular we idetify that two seemigly mior weakesses of SSH lead to serious security risks First, the trasmitted packets are padded oly to a eight-byte boudary (if a block cipher is i use) Therefore a eavesdropper ca easily lear the approximate legth of the origial data Secod, i iteractive mode, every idividual keystroke that a user types is set to the remote machie i a separate IP packet immediately after the key is pressed (except for some meta keys such Shift or Ctrl) We show i the paper that this property ca eable the eavesdropper to lear the exact legth of users passwords More importatly, as we have verified, the time it takes the operatig system to sed out the packet after the key press is i geeral egligible comparig to the iter-keystroke timig Hece a eaves-

3 dropper ca lear the precise iter-keystroke timigs of users typig from the arrival times of packets Experiece shows that users typig follows stable patters May researchers have proposed to use the duratio of key strokes ad latecies betwee key strokes as a biometric for user autheticatio [GLPS80, UW85, LW88, LWU89, JG90, BSH90, MR97, RLCM98, MRW99] A more challegig questio which has ot yet bee addressed i the literature is whether we ca use timig iformatio about key strokes to ifer the key sequeces beig typed If we ca, ca we estimate quatitatively how may bits of iformatio are revealed by the timig iformatio? Experiece seems to idicate that the timig iformatio of keystrokes reveals some iformatio about the key sequeces beig typed For example, we might have all experieced that the elapsed time betwee typig the two letters er ca be much smaller tha betwee typig qz This observatio is particularly relevat to security Sice as we show the attacker ca get precise iter-keystroke timigs of users typig i a SSH sessio by recordig the packet arrival times, if the attacker ca ifer what users type from the iter-keystroke timigs, the he could lear what users type i a SSH sessio from the packet arrival times I this paper we study users keyboard dyamics ad show that the timig iformatio of keystrokes does leak iformatio about the key sequeces typed Through more detailed aalysis we show that the timig iformatio leaks about bit of iformatio about the cotet per keystroke pair Because the etropy of passwords is oly 4 8 bits per character, this bit per keystroke pair iformatio ca reveal sigificat iformatio about the cotet typed I order to use iter-keystroke timigs to ifer keystroke sequeces, we build a Hidde Markov Model ad develop a -Viterbi algorithm for the keystroke sequece iferece To evaluate the effectiveess of the attack, we further build a attacker system, Herbivore, which moitors the etwork ad collects timig iformatio about keystrokes of users passwords Herbivore the uses our key sequece predictio algorithm for password predictio Our experimets show that, for passwords that are chose uiformly at radom with legth of 7 to 8 characters, Herbivore ca reduce the cost of password crackig by a factor of 50 ad hece speed up exhaustive search dramatically We also propose some coutermeasures to mitigate the problem We emphasize that the attacks described i this paper are a geeral issue for ay protocol that ecrypts iteractive traffic For cocreteess, we study primarily SSH, but these issues affect ot oly SSH ad SSH, but also I this paper we oly cosider users who are familiar with keyboard typig ad use touch typig ay other protocol for ecryptig typed data The outlie of this paper is as follows I Sectio we discuss i more details about the vulerabilities of SSH ad various simple techiques a attacker ca use to lear sesitive iformatio such as the legth of users passwords ad the iter-keystroke timigs of users passwords typed I Sectio 3 we preset our statistical study o users typig patters ad show that iter-keystroke timigs reveal about bit of iformatio per keystroke pair I Sectio 4 we describe how we ca ifer key sequeces usig a Hidde Markov Model ad a -Viterbi algorithm I Sectio 5 we describe the desig, developmet ad evaluatio of a attacker system, Herbivore, which lears users passwords by moitorig SSH sessios We propose coutermeasures to prevet these attacks i Sectio 7, ad coclude i Sectio 8 Eavesdroppig SSH The Secure Shell SSH [SSL0, YKS 00b] is used to ecrypt the commuicatio lik betwee a local host ad a remote machie Despite the use of strog cryptographic algorithms, SSH still leaks iformatio i two ways: First, the trasmitted packets are padded oly to a eight-byte boudary (if a block cipher is i use), which leaks the approximate size of the origial data Secod, i iteractive mode, every idividual keystroke that a user types is set to the remote machie i a separate IP packet immediately after the key is pressed (except for some meta keys such Shift or Ctrl) Because the time it takes the operatig system to sed out the packet after the key press is i geeral egligible comparig to the iterkeystroke timig (as we have verified), this also eables a eavesdropper to lear the precise iterkeystroke timigs of users typig from the arrival times of packets The first weakess poses some obvious security risks For example, whe oe logs ito a remote site R i SSH, all the characters of the iitial logi password are batched up, padded to a eight-byte boudary if a block cipher is i use, ecrypted, ad trasmitted to R Due to the way paddig is doe, a eavesdropper ca lear oe bit of iformatio o the iitial logi password, amely, whether it is at least 7 characters log or ot The secod weakess ca lead to some potetial aoymity risks sice, as may researchers have foud previously, iter-keystroke timigs ca reveal the ide-

4 SSH Server B 0 0 "Password: " 8 Prompt N time Cliet Host A 0 "s" 0 "u" 0 Retur "J""u""l" 0 "i" "a" Retur Figure : The traffic sigature associated with ruig SU i a SSH sessio The umbers i the figure are the size (i bytes) of the correspodig packet payloads time tity of the user [GLPS80, UW85, LW88, LWU89, JG90, BSH90, MR97, RLCM98, MRW99] I this sectio, we show that several simple ad practical attacks exploitig these two weakesses I particular, a attacker ca idetify which trasmitted packets correspod to keystrokes of sesitive data such as passwords i a SSH sessio Usig this iformatio, the attacker ca easily fid out the exact legth of users passwords ad eve the precise iter-keystroke timigs of the typed passwords Learig the exact legth of users passwords allows eavesdroppers to target users with short passwords Learig the iter-keystroke timig iformatio of the typed passwords allows eavesdroppers to ifer the cotet of the passwords as we will show i Sectio 3 ad 4 Traffic Sigature Attack We ca ofte exploit properties of applicatios to idetify which packets correspod to the typig of a password Cosider, for istace, the SU commad Assume the user has already established a SSH coectio from local host A to remote host B Whe the user types the commad SU i the established SSH coectio A B, we obtai a peculiar traffic sigature as show i Figure If the SSH sessio uses SSH x ad a block cipher such as DES for the ecryptio [NBS77, NIS99], as is commo, the the local host A seds three 0-byte packets: s, u, Retur The remote host B echoes the s ad u i two 0-byte packets ad seds a 8-byte packet for the Password: prompt The A seds 0- byte packets, oe for each of the password characters, without receivig ay echo data packets B the seds some fial packets cotaiig the root prompt if SU succeeds, otherwise some failure messages Thus by checkig the traffic agaist this su sigature, the attacker ca idetify whe the user issues the SU commad ad The attack also works whe ssh x is i use Oly the packet sizes are slightly differet hece lear which packets correspod to the password keystrokes Note that similar techiques ca be used to idetify whe users type passwords to autheticate to other applicatios such as PGP [Zim95] i a SSH sessio Multi-User Attack Eve more powerful attacks exist whe the attacker also has a accout o the remote machie where the user is loggig ito through SSH For example, the process status commad ps ca list all the processes ruig o a system This allows the attacker to observe each commad that ay user is ruig Agai, if the user is ruig ay commad that requires a password iput (such as su or pgp) the attacker ca idetify the packets correspodig to the password keystrokes Nested SSH Attack Assume the user has already established a SSH sessio betwee the local host A ad remote host B The the user wats to ope aother SSH sessio from B to aother remote host C as show i Figure I this case, the user s password for C is trasmitted, oe keystroke at a time, across the SSH-ecrypted lik A B from the user to B, eve though the SSH cliet o machie B patietly waits for all characters of the password before it seds them all i oe packet to host C for autheticatio (as desiged i the SSH protocol [YKS 00a]) It is easy to idetify such a ested SSH coectio usig techiques developed by Zhag ad Paxso [ZP00b, ZP00a] Hece i this case the eavesdropper ca easily idetify the packets correspodig to the user s password o lik A B, ad from this lear the legth ad the iter-keystroke timigs of the users password o host C

5 SSH password A B SSH password eavesdrop C Adversary Our focus o passwords creates may challeges Passwords are etered very differetly from other text: passwords are typed frequetly eough that, for may users, the keystroke patter is memorized ad ofte typed almost without coscious thought Furthermore, wellchose passwords should be radom ad have little or o structure (for istace, they should ot be based o dictioary words) As a cosequece, aive measuremets of keystroke timigs will ot be represetative of how users type passwords uless great care is take i the desig of the experimetal methodology Figure : The ested SSH attack 3 Statistical Aalysis of Iter-keystroke Timigs As a first study towards iferrig key sequeces from timig iformatio, we develop techiques for statistical aalysis of the iter-keystroke timigs I this sectio, we first describe how we collect traiig data ad show some simple timig characteristics of character pairs We the show how we model the iter-keystroke timig of a give character pair as a Gaussia distributio We the describe how to estimate quatitatively the amout of iformatio about the character pair that oe ca lear usig the iter-keystroke timig iformatio Deote the set of character pairs of iterest as Q, ad let Q deote the cardiality of the set Q 3 Data Collectio The two keystrokes of a pair of characters k a k b geerates four evets: the press of k a, the release of k a, the press of k b, ad the release of k b However, because oly key presses (ot key releases) trigger packet trasmissio, a eavesdropper ca oly lear timig iformatio about the key-press evets Sice the mai focus of our study is i the sceario where a adversary lears timig iformatio o keystrokes by simply moitorig the etwork, we focus oly o key-press evets The time differece betwee two key presses is called the latecy betwee the two keystrokes We also use the term iter-keystroke timig to refer to the latecy betwee two keystrokes I order to characterize how much iformatio is leaked by iter-keystroke timigs, we have performed a umber of empirical tests to measure the typig patters of real users Because passwords are probably the most sesitive data that a user will ever type, we focus oly o iformatio revealed about passwords (rather tha other forms of iteractive traffic) Our experimetal methodology is carefully desiged to address these issues Due to security ad privacy cosideratios, we chose ot to gather data o real passwords; therefore, we have chose a data collectio procedure iteded to mimic how users type real passwords A coservative method is to pick a radom password for the user (where each character of the password is chose uiformly at radom from a set of 0 letter keys ad 5 umber keys, idepedetly of all other characters i the password), have the user practice typig this password may times without collectig ay measuremets, ad the measure iter-keystroke timig iformatio o this password oce the user has had a chace to practice it at legth However, we foud that, whe the goal is to try to idetify potetially relevat timig properties (rather tha verify cojectured properties), this coservative approach is iefficiet I particular, users typically type passwords i groups of 3 4 characters, with fairly log pauses betwee each group This distorts the digraph statistics for the pair of characters that spas the group boudary ad artificially iflates the variace of our measuremets As a result we would eed to collect a great deal of data for may radom passwords before this effect would average out I additio, it takes quite a while for users to become familiar with log radom passwords This makes the coservative approach a rather blut tool for uderstadig iter-keystroke statistics Fortuately, there is a less costly way to gather iterkeystroke timig statistics: we gather traiig data o each pair of characters k a k b as typed i isolatio We pick a character pair ad ask the user to type this pair times, returig to the home row each time betwee repetitios For each user, we repeat this for may possible pairs (4 pairs, i our experimets) ad we gather data o iter-keystroke timigs for each such pair We collected the latecy of each character pair measuremet ad computed the mea value ad the stadard deviatio I our experiece, this gives better results

6 Frequecy Frequecy Iter keystroke Timig for v o (millisecods) Iter keystroke Timig for v b (millisecods) Figure 3: The distributio of iter-keystroke timigs for two sample character pairs As a example, Figure 3 shows the latecy histogram of two sample character pairs The left model correspods to the latecy betwee the pair v, o, ad the right model correspods to v, b We ca see that the latecy betwee v, o is clearly shorter tha the latecy betwee v, b, ad the latecy distributios of these two sample character pairs are almost etirely ooverlappig The optimized data collectio approach gives us a more efficiet way to study fie-graied details of iterkeystroke statistics without requirig collectig a eormous amout of data We used data collected i this way to quickly idetify plausible cojectures, develop potetial attacks, ad to trai our attack models As far as we are aware, collectig data o keystroke pairs i isolatio does ot seem to bias the data i ay obvious way Noetheless, we also validate all our results usig the coservative measuremet method (see Sectio 5) 3 Simple Timig Characteristics Next, we divide the test character pairs ito five categories, based o whether they are typed usig the same had, the same figer, ad whether they ivolve a umber key: Two letter keys typed with alteratig hads, ie, oe with left had ad oe with right had; Two characters cotaiig oe letter key ad oe umber key typed with alteratig hads; Two letter keys, both typed with the same had but with two differet figers; Two letter keys typed with the same figer of the same had; Two characters cotaiig oe letter key ad oe umber key, both typed with the same had Figure 4 shows the histogram of latecy distributio of character pairs for each category We split the whole latecy rage ito six bis as show i the x-axis Withi each category, we put each character pair ito the correspodig bi if its mea latecy value is withi the rage of the bi Each bar i the histogram of a category represets the ratio of the umber of character pairs i the associated bi over the total umber of character pairs i the category 3 We ca see that all the character pairs that are typed usig two differet hads take less tha 50 millisecods, while pairs typed usig the same had ad particularly the same figer take substatially loger Character pairs that alterate betwee oe letter key ad oe umber key, but are typed usig the same 3 Hece the sum of all bars withi oe category is

7 Histogram of the latecy of character pairs Ratio of character pairs Two letter keys, alteratig hads A letter ad a umber, alteratig hads Two letters, same had, differet figers Two letters, same figer A letter ad a umber, same had < > 300 Latecy (millisecods) Figure 4: Iter-keystroke timigs for character pairs i five differet categories Note that some bars at some positios disappear because the correspodig height is zero had, take the logest time to type This is simply because two hads offer a certai amout of parallelism, while character pairs typed with oe had require a certai degree of sequetial movemets ad hece ted to take loger This is especially obvious i the case of oe letter ad oe umber pairs typed usig oe had They i geeral require more had movemet ad hece the logest time 4 So, if the attacker observes a character pair typed with latecy more tha 50 millisecods, he ca guess with high probability of success that the character pair is ot typed usig two differet hads ad hece ca ifer about bit of iformatio about the cotet of the character pair Because the 4 character pairs are formed from radomly selected letter keys ad umber keys, they seem likely to form a represetative sample of the whole keyboard Hece this simple classificatio exteds to the whole keyboard, ad already idicates that the iter-keystroke timig leaks substatial iformatio about what is typed The properties described above are ulikely to be exhaustive For istace, earlier work o timig attacks o multi-user machies suggested that iter-keystroke timigs may additioally reveal which characters i the 4 Note that here we oly cosider users that use touch typig password are upper-case [Tro98] 33 Gaussia Modelig From the plot of the latecy distributio of a give character pair, such as the oes show i Figure 3, we ca see that the latecy betwee the two key strokes of a give character pair forms a Gaussia-like uimodal distributio Hece a atural assumptio (which is cofirmed by our empirical observatios) is that the probability of the latecy y betwee two keystrokes of a character pair q Q, Pr y q, forms a uivariate Gaussia distributio µ q σ q, meaig Pr y q e πσ q y µ q where µ q is the mea value of the latecy for character pair q ad σ q is the stadard deviatio Give a set of traiig data q i y i i N, where q i is the i-th character pair ad y i is the correspodig latecy i the data collectio, we ca derive the parameters µ q σ q q Q based o maximum likelihood estimatio, ie, we compute the mea ad the stadard deviatio for each character pair Figure 5 shows the estimated Gaussia models of the latecies of the 4 character pairs Our empirical result σ q

8 Probability shows that most of the latecies of the character pairs lie betwee 50 ad 50 millisecods The average of the stadard deviatio of the 4 character pairs is about 30 millisecods The graph also idicates that the latecy distributios of the character pairs severely overlap, which meas the iferece of character pairs usig just latecy iformatio is a challegig task Iformatio Gai Estimatio Latecy (millisecod) Figure 5: Estimated Gaussia distributios of all 4 character pairs collected from a user Etropy (bits) Iformatio Gai (bits) Latecy (millisecods) (a) Etropy of character pairs give a latecy observatio Latecy (millisecods) (b) Iformatio gai iduced by a latecy observatio Figure 6: Etropy ad iformatio gai as a fuctio of the iter-keystroke latecy We would like to estimate quatitatively how much iformatio the latecy iformatio reveals about the character pairs typed This will be a upper boud of how much iformatio a attacker ca extract from the timig iformatio usig ay particular method We estimate it by computig the iformatio gai iduced by the latecy iformatio If we select a character pair uiformly at radom from the characterpair space, ad if the attacker does ot get ay additioal iformatio, the etropy of the probability distributio of character pairs to the attacker is H 0 q q Q Pr q log Pr q log Q If the attacker lears the latecy y 0 betwee the two keystrokes of the character pair, the estimated etropy of the probability distributio of character pairs to the attacker is H q y y 0 q Q Pr q y 0 log Pr q y 0 where Pr q y 0 Pr! y 0" q#%$ Pr! q# q& Pr! Q y 0" q#%$ Pr! q# ad Pr y 0 q is computed usig the Gaussia distributio obtaied i the parameter estimatio phase i the previous subsectio The iformatio gai iduced by the observatio of latecy y 0 is the differece betwee the two etropies, H 0 q H q y y 0 Usig the parameter estimatio of the 4 character pairs obtaied i the previous sectio, we ca compute H q y y 0 ad H 0 q H q y y 0 as show i Figure 6(a) ad Figure 6(b) The estimated iformatio gai, also called mutual iformatio, is I q;y' H 0 q H q y( H 0 q Pr y 0 *) H q y y 0 dy 0 where Pr y 0 + q Q Pr y 0 q Pr q From the umerical computatio we obtai I q;y, This meas the estimated iformatio gai available from latecy iformatio is about bits per character pair whe the character pair has uiform distributio Hece the attacker could potetially extract bits of iformatio per character pair by usig the latecy iformatio i this case Because the character pairs i our experimets are selected uiformly at radom from all letter ad umber keys, we expect that they will be represetative of the whole keyboard Ituitively, Figure 5 is a sufficietly-large radom samplig of a much deser graph cotaiig the latecy distributios of all possible character pairs More detailed aalysis shows that the estimated iformatio gai computed usig 4 sample character pairs is a good estimate of the ifor-

9 matio gai whe the character-pair space icludes all letter ad umber character pairs This estimate is comparable to the back-of-the-evelope calculatio i Sectio 3 based o our classificatio ito five categories of keystroke pairs Because the etropy of writte Eglish is so low (about 06 3 bits per character [Sha50]), the -bit iformatio gai per character pair leaked through the latecy iformatio seems to be sigificat 5 For example, we ca expect that users PGP passphrases will ofte cotai oly bit of etropy per character Hece the latecy iformatio may reveal sigificat iformatio about PGP passphrases The iformatio gai curve i Figure 6(b) shows a covex shape Note that latecies greater tha 75 millisecods are relatively rare; however, wheever we see such a log time betwee keystrokes, we lear a lot of iformatio about what was typed, because there are ot may possibilities that would lead to such a large latecy The character pairs that take loger tha 75 millisecods to type are mostly pairs cotaiig umber keys or pairs typed with oe figer Hece this aalysis suggests that passwords cotaiig umber keys or character pairs that are typed with oe figer are particularly vulerable to such timig attacks Aother iterestig observatio is that the mea of the stadard deviatios of the character pairs is oly about 30 millisecods as show i our experimets, while the stadard deviatio of roud-trip time o the Iteret i may cases is less tha 0 millisecods [Bel93] Therefore eve whe the attacker is far from the SSH cliet host, he ca still get sufficietly-precise iter-keystroke timig iformatio This makes the timig attack eve more severe 4 Iferrig Character Sequeces From Iter-Keystroke Timig Iformatio I this sectio, we describe how we ca ifer character sequeces usig the latecy iformatio I particular, we model the relatioship of latecies ad character sequeces as a Hidde Markov Model [RN95] We exted the stadard Viterbi algorithm to a -Viterbi algorithm that outputs the most likely cadidate character sequeces We further estimate how may bits of iformatio about the real character sequece this algo- 5 Note that the - -bit iformatio gai is estimated for the case of radomly selected passwords where the sequece of characters have a uiform distributio However, this is ot the case for texts More careful calculatio is eeded to estimate the iformatio gai i the case of atual text rithm extracts from the latecy iformatio ad show it is early optimal 4 Hidde Markov Model I geeral, a Markov Model is a way of describig a fiite-state stochastic process with the property that the probability of trasitioig from the curret state to aother state depeds oly o the curret state, ot o ay prior state of the process [RN95] I a Hidde Markov Model (HMM), the curret state of the process caot be directly observed Istead, some outputs from the state are observed, ad the probability distributio of possible outputs give the state is depedet oly o the state Usig a HMM, oe ca ifer iformatio about the prior path the process has take from the sequece of observed outputs of the states, ad efficiet algorithms are kow for workig with HMM s Because of this, HMM s have bee widely used i areas such as speech recogitio ad text modelig I our settig, we cosider each character pair of iterest as a hidde (o-observable) state, ad the latecy betwee the two keystrokes of the character pair as the output observatio from the character-pair state Each state correspods to a pair of characters, so that the typig of a character sequece K 0 K T, is a process that goes through T states, q q T, where q t / t / T represets the t-th character pair K t K t typed Let y t / t / T deote the observed latecy of state q t The we model the typig of a character sequece as a HMM This meas we make two assumptios First, the probability of trasitio from the curret state to aother state is oly depedet o the curret state, ot o the prior path of the process If the character sequece is a password chose uiformly at radom, this assumptio obviously holds I the case of text, this assumptio does ot hold strictly but experiece i speech recogitio ad text modelig shows that some extesios to HMM still work well [RN95] Secod, the probability distributio of the latecy observatio is oly depedet o the curret character pair ad ot o ay previous characters i the sequece This assumptio might hold for some cases ad ot for other cases where the typig of previous characters chages the positio of the had ad iflueces the typig of later character pairs However, makig this assumptio makes our aalysis ad iferece algorithm much simpler ad still gives good results as show from the experimets Hece, we use a HMM to model the typig of character sequeces as show i Figure 7 As i the previous sectio, we assume the set of possible character pairs is Q, hece the set of possible states i the HMM is Q We assume that the probability of

10 t= t= t=3 t=t q q q q T y y y 3 y T Figure 7: A represetatio of a trace of a HMM Each vertical slice represets a time step I each time slice, the top ode q t is a variable represetig a character pair, ad the bottom ode y t is the observable variable deotig the latecy betwee the two keystrokes the latecy y of a character pair q, Pr y q (q Q), is a Gaussia distributio µ q σ q, where the parameters µ q σ q 4 q Q are obtaied usig the maximum likelihood estimatio 4 The -Viterbi Algorithm for Character Sequece Iferece Give a observatio 5y y y y T, a sequece of latecies of some character sequece from a user s typig, we would like to ifer the real character sequece that the user has typed For each possible character sequece 5q q q q T, we ca compute how likely the character sequece is give the observatio, amely Pr 5q 5y The probability Pr 5q 5y essetially gives a rakig for the cadidate character sequece 5q: the higher Pr 5q 5y is, the more likely 5q is the real character sequece We use 5q 6 to deote the most-likely sequece, which is the sequece that correspods to the highest value of Pr75q 5y for all possible 5q with regard to a give 5y The Viterbi algorithm is widely used i solvig the most likely sequece of states give a sequece of observatio i HMM problems [RN95] A aive way of computig 5q 6 would compute Pr75q 5y for all possible 5q, ad hece requires O Q T ruig time The Viterbi algorithm uses dyamic programmig for a ruig time complexity O Q T I our settig, because the latecy distributios of differet character pairs highly overlap, the probability that the most likely sequece is the right sequece will be very low Hece, istead of just computig the most likely sequece, we eed to compute the most likely sequeces ad hope the real sequece will be i the most likely sequeces with high probability for greater tha a certai threshold Hece we exted the stadard Viterbi algorithm to -Viterbi algorithm to output the most-likely sequeces with ruig time complexity O Q T We give a detailed descriptio of the - Viterbi algorithm i Appedix A 43 How to Estimate the Effectiveess of the - Viterbi Algorithm We would like to estimate how big the threshold has to be such that the real character sequece will be amog the most-likely sequeces with sufficietly high probability I a experimet if the real character sequece appears i the most-likely sequeces, we say the experimet is a success with regard to the threshold, otherwise, a failure The probability of such defied success is a fuctio of It is easy to see that the fuctio is mootoically icreasig with regard to If for a small, the success probability is already high, this meas the algorithm is very effective because it filters out most of the sequeces ad hece oe oly eeds to try a small set of cadidates before fidig the real sequece O the other had, if we eed a high threshold of to get a sufficietly high success probability, the the algorithm is less effective: oe would eed to try may more cadidates before fidig the real sequece Note that from Sectio 34 we see that the timig iformatio reveals about bits of iformatio per character pair For the case of a radom password of legth T 8, which forms T cosecutive character pairs, the latecy iformatio could reveal approximately T bits of iformatio about the real password sequece Hece this is a upper boud o the effectiveess of the algorithm to ifer character sequeces usig latecy iformatio We would like to estimate how close our algorithm is compared to the upper boud First, we look at the simple case whe T Give a latecy observatio y of a character pair q, we compute the probability Pr q9 y q9: Q ad select the mostlikely character pairs Φ ; q j q j We would like to compute the probability that the real character pair q is i the set Φ over all possible values of y To simplify

11 09 Probability of Success vs Threshold sd = 5 sd = 30 sd =35 password B SSH password Probability of Success SSH A eavesdrop Herbivore HMM Viterbi C Threshold Figure 8: The probability that the -Viterbi algorithm outputs the correct password before the first guesses, graphed as a fuctio of the umerical computatio, we approximate the result by assumig that all the Gaussia distributios have the same stadard deviatio σ This is a good approximatio of the real experimet: as we see i the Figure 5, most keypairs have a stadard deviatio betwee 5 35 millisecods Figure 8 graphs the probability that the real character pair appears withi the most-likely character pairs agaist the threshold The top curve is whe σ 5, the middle curve is whe σ 30, ad the bottom curve is whe σ 35 Usig the middle curve, we get that whe 70 the probability of success is 90%, meaig that with 90% probability, the real character pair appears i the 70 most-likely sequeces output by the -Viterbi algorithm Let s deote such a threshold correspodig to the 90% success probability as 6 Thus log Q =< 6 is the approximate umber of bits of iformatio per character pair the algorithm extracts Note that from the previous sectio we see that the latecy iformatio reveals about bits of iformatio per character pair Hece our -Viterbi algorithm is earoptimal I the case of uiformly radomly chose passwords of legth T 8, the umber of bits of iformatio the algorithm ca extract is approximately T ) log Q =< 6?> T, which is close to the optimal value T bits 5 Buildig Herbivore ad Timig Attacks o SSH To evaluate the effectiveess of our timig attacks to SSH, we build a attacker program that we call Herbivore I this sectio, we describe the experimet results Cadidate Passwords Figure 9: The Herbivore architecture of usig Herbivore to lear users passwords 5 Herbivore Preyig for Passwords We built a attacker egie Herbivore as show i Figure 9 It moitors the etwork ad collects the arrival times of packets Usig the techique described i Sectio, Herbivore ifers which packets correspod to the user s SSH passwords whe the user opes a SSH sessio to aother host withi a established SSH coectio Herbivore the measures the iter-arrival times betwee packets cotaiig the password characters ad uses our -Viterbi algorithm to geerate a list of cadidate passwords The cadidate passwords are sorted i decreasig order of the probability Pr75q y, ad i our experimets we record the positio of the real password i the cadidate list We report the positio of the password as a percetage, so with m possible passwords i total, if the real password appears at positio u i the ordered cadidate list, we say the real password appears at the top 00u m % This gives a atural way to quatify the effectiveess of our approach 5 Optimizatio for Log Character Sequeces The complexity of the -Viterbi algorithm is liear i the umber of cadidates it outputs As the legth of the password grows, the space of possible passwords grows expoetially If the -Viterbi algorithm ca oly rule out a costat fractio of the password space, would also grow expoetially as the password legth grows Hece the algorithm might be iefficiet whe the password is log I particular, we observed that memory usage ca grow substatially for loger passwords Also, ad more importatly, we observed i the experimets that users ted to type log passwords i segmets of 3 to 5 letters ad pause betwee the segmets If we

12 6 400 Rakig Percetage of the correct aswer i output list (%) Elapsed Time (millisecod) Test Number Key Pair Figure 0: The percetage of the password space tried by Herbivore i 0 tests before fidig the right password use the timig betwee the segmets for the predictio, it might bias our predictios sice typically such pauses are oticeably loger tha most other iter-keystroke latecies Fortuately, this large differece meas that pauses betwee groups of password characters ca be clearly idetified before we apply the -Viterbi algorithm Hece to reduce the bias ad to reduce the memory requiremets of the algorithm, we break the timig iformatio of the password ito segmets cotaiig 3 or 4 latecy itervals We use each segmet to form a HMM ad the at the ed combie the result from differet segmets to form the cadidate password orderig 53 Experimetal Results for Password Iferece for a Sigle User We measure the effectiveess of our -Viterbi algorithm at crackig passwords through empirical measuremets I our experimet, we use traiig data compiled from isolated keypairs to trai the HMM The, we pick a radom password for the user We have the user use this password to autheticate to aother SSH sessio withi a established SSH sessio as show i Figure 9, ad we apply our -Viterbi algorithm to simulate a attack o this password Note that we have the test user type the password may times before the test to esure familiarity with the password, ad we try to deduce the user s password usig traiig data from the same user All passwords are selected uiformly at radom from the character space as i the experimet i Sectio 3, so they cotai o structure Recoverig such passwords is the hardest case for the attacker, so if timig aalysis ca recover iformatio i such a sceario, we ca expect that Figure : A compariso of two users typig patters The diamod symbols show the mea values of the latecies of oe user, with a error-bar idicatig oe stadard deviatio The x symbol idicates the mea values of the latecies of aother user timig aalysis will be a eve greater threat i settigs where passwords are chose less carefully We performed tests for 0 differet passwords, each of legth 8 Figure 0 shows the percetage of the positios of the real password i the ordered cadidate lists output by the -Viterbi algorithm For example, 0 3% meas that the real password appeared at the top 0 3% positio i the output cadidate list These experimets idicate that o average the real password is located withi the top 7% of the cadidate rakig list The media positio is about %, so about half the time the password will be i the top % of the list of cadidates produced by our -Viterbi algorithm Therefore, i order to crack the password, Herbivore oly eeds to test < 50 times as may passwords as brute-force search, o average The reductio i workfactor compared to exhaustive search correspods to a total of 5 7 bits of iformatio leared per password usig the latecy iformatio This is close to the iformatio gai aalysis i Sectios 3 ad 4, which predicted a gai of about bit per keystroke pair: recall that the passwords i this test are of legth 8, so each password cotais 7 keystroke pairs We attribute the differece to mior variatio betwee the distributios of iter-keystroke timigs i radom passwords ad the distributio of timigs for character pairs typed i isolatio For ease of testig, our experimets were o passwords with a reduced set of possible characters However, we ca expect these results to carry over to passwords chose from the full set of possible characters Assumig that the iformatio gai available from iter-keystroke timig iformatio is about bit per character pair eve

13 Traiig Test Test Cases Set Set Password Password Password 3 Password 4 Password 5 User User 5 6% 0 7% 0% 3% 6% User User 6 3% 5 % 7 0% 4 8% 0 3% User User 3 6 4% N/A 8% 3 % 4 % User User 4 9% 3 4% % 0 % 8 8% User User 4 9% 3% 6% 3% 3 % User User 30 8% 5 0% 8% 3 7% 9% User User 3 4 7% N/A 5 3% 6 7% 38 4% User User 4 0 7% 6 8% 3 9% 0 6% 5 4% Table : Success rates for password iferece with multiple users The umbers are the percetage of the search space the attacker has to search before he fids the right password whe we exted to the whole keyboard, we expect to see this 50 times reductio i workfactor for passwords of legth 7 8 eve whe the passwords are chose radomly from all letter ad umber keys This reductio ca make password crackig more practical For example, for a password cotaiig radomly-selected lower-case letter keys ad umber keys, without timig iformatio, the attacker would eed to try 36 8< cadidate passwords o average before he fids the right oe Bechmarks idicate that a 840 MHz Petium III ca check about cadidate passwords per secod i a off-lie dictioary attack Thus, exhaustive search would take about 65 PC-days to crack a password composed of radomly-selected lower-case letter keys ad umber keys If the attacker uses the timig iformatio, the computatio ca be doe i 3 days, which makes the crack more practical 54 Experimetal Results for Password Iferece for Multiple Users Oe potetial weakess i our simulatios is that realworld attackers might ot be able to get as much traiig data from the victim for the statistical aalysis as we had available i our experimets However, we argue ext that this is ulikely to pose a effective defese agaist timig attacks: there are other ways that attackers ca obtai the traiig data required for the attack Oe simple observatio is that the attacker ca easily get his ow typig statistics, or the typig statistics of a cocospirator Hece it is importat to evaluate how well the password iferece techiques perform whe usig oe perso s typig statistics to ifer passwords typed by aother perso I this experimet, we collected the typig statistics of two users, User ad User A iterestig result is that 75% of the character pairs take about the same latecy to type for both two users: i other words, the differece betwee the average latecies of the two users for such character pairs is smaller tha oe stadard deviatio Similarly, the simple timig characteristics reported i Sectio 3 eg, keypairs typed with alterate pairs ted to have much lower iter-keystroke latecy tha keypairs typed with the same had were observed to be essetially user-idepedet This suggests that typig statistics have a large compoet that is commo across a broad user populatio ad which thus ca be exploited by attackers eve i the absece of ay traiig data from the victim To test this hypothesis further, we had four users (icludig User ad, from our previous experimets) type the same set of five radomly-selected passwords Passwords ad have legth 8 Passwords 3 ad 4 have legth 7, ad password 5 has legth 6 Herbivore the rus the -Viterbi algorithm usig the typig statistics from User ad to ifer passwords typed by the four test users separately Table shows the percetage positio of the real passwords occurred i the output cadidate rakig list, which is the percetage of the password space the attacker has to search before he fids the right password User 3 did ot type Password so the etry is ot available This experimet shows several iterestig results: Usurprisigly, iferrig a user s password ca i geeral be doe somewhat more effectively if oe uses traiig data from the same user rather tha traiig data from other users The distace betwee the typig statistics of two users ca vary sigificatly accordig to how oe chooses the pair of users A user U a s typig patter might be more similar to user U b s tha to user U c s Thus it ca give better results to use U b s traiig data tha U c s traiig data to ifer passwords typed by U a I this experimet, it shows

14 that i geeral usig User s traiig data gives a better result to ifer passwords typed by User 3 tha usig User s traiig data Ad User s traiig data gives a better iferece for passwords typed by User 4 tha User s traiig data Most importatly, this experimet shows that traiig data from oe user ca be successfully applied to ifer passwords typed by aother user Hece the attack ca be effective eve whe the attacker does ot have typig statistics from the victim 55 Extesios We expect that Herbivore could also be used to ifer iformatio about text or commads that users type The etropy of writte Eglish is very low (about 06 3 bits per character [Sha50]) i compariso to the amout of iformatio leaked by iter-keystroke timigs (about bit of iformatio per key pair; see Sectio 3) However, moutig such a attack would appear to require better models of writte text [RN95] I ay case, we have ot studied such a sceario i our experimets, ad we leave this for future work 6 Related Work Timig aalysis has previously bee used by Kocher to attack cryptosystems [Koc95] Trostle exploited a similar idea, showig how a malicious user o a multiuser workstatio ca gai iformatio about other users passwords usig CPU timigs [Tro98] We expect our Hidde Markov Model techiques might fid applicatios i Trostle s threat model as well Most recetly, other researchers have idepedetly poited out the possibility of timig attacks o SSH [DS0] Some of their observatios reveal additioal weakesses i SSH: For istace, they oted that the SSH x protocol reveals the exact legth of passwords, because ciphertexts cotai a legth field set i the clear (SSH does ot have this problem); they discussed how to deal with the presece of backspace characters; ad, they iitiated a ivestigatio of the impact of timig attacks o other sessio data (such as shell commads typed i the SSH sessio) 7 Coutermeasures Although SSH provides a ecrypted ad autheticated lik betwee the local host ad the remote machie, a eavesdropper ca still lear iformatio about typed keystrokes due to two weakesses of SSH First, every idividual keystroke that a user types is set to the remote machie i a idividual IP packet (except for meta keys such as Shift ad Ctrl); secod, as soo as commad output is available o the remote machie, it is set to the local host i oe or multiple IP packets, leakig iformatio o the approximate size of the output We have show i this paper how these seemigly mior weakesses lead to severe real-world attacks Note that i our traffic sigature attack, the attacker ca tell that the user is typig passwords because there are o echo packets So oe way to fix this problem is that whe the server detects that the echo mode is tured off, the server ca retur dummy packets that will be igored by the cliet whe it receives keystroke packets from the cliet This fix ca reduce the effectiveess of the traffic sigature attack but could fail i other attacks such as our ested SSH attack where the attacker ca guess whe the user is typig his password by simply moitorig the etwork coectios This fix does ot prevet iterkeystroke timig iformatio, though To prevet the attacks, we eed to prevet the leakage of the timig iformatio of the keystrokes Oe aive approach might be to modify SSH so that upo receivig a keystroke with latecy less tha η millisecods from the previous keystroke, the program will delay the packet by a radom amout of up to η millisecods Because our experimet idicates that the spectrum of the latecy betwee two keystrokes of cotiuous typig is betwee millisecods, we could set η 500 for example, ad such a radom delay would radomize the timig iformatio of the keystrokes Such a radom delay imposes a overhead of about 50 millisecods o average Ufortuately, if the attacker ca moitor the same user logi may times ad compute the average of the latecies of the password sequeces, he ca reduce the effectiveess of the radomized oise For example, if the attacker ca get the timig iformatio of a user s SSH autheticatio for 50 times, the oise cotributed by the radom delay is oly about 0 40 millisecods So we should ot use this method A better way to prevet leakage of iter-keystroke timig iformatio is to sed traffic at a costat rate of λ packets per secod whe the lik is active Choosig λ presets a tradeoff betwee usability ad overhead: Icreasig λ reduces the dummy traffic but cause loger latecy for the user Assume, for example, that we set λ 50 millisecods Sice the latecy betwee two keystrokes is usually greater tha 50 millisecods ad the etwork delay is already at least i the tes of millisecods, this may be a reasoable tradeoff betwee commuicatio overhead ad additioal delay I such a sceario, the SSH cliet would always sed a