Timing analysis of keystrokes and timing attacks on SSH

Proceedings of the 10th USENIX Security Symposium

Volumn , Issue , 2001, Pages

  Song, Dawn Xiaodong ^a   Wagner, David ^a   Tian, Xuqing ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

HIDDEN MARKOV MODELS; INTERNET PROTOCOLS; PUBLIC KEY CRYPTOGRAPHY; SIDE CHANNEL ATTACK; TIMING CIRCUITS;

AUTHENTICATION MECHANISMS; INTERACTIVE MODE; INTERACTIVE TRAFFICS; SENSITIVE INFORMATIONS; SEQUENCE PREDICTION; STATISTICAL STUDY; STATISTICAL TECHNIQUES; TIMING INFORMATION;

AUTHENTICATION;

EID: 85084161110     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (26)

1. Steven M. Bellovin. Packets found on an internet. Computer Communications Review, 23(3):26-31, July 1993.
2. S. Bleha, C. Slivinksy, and B. Hussein. Computer-access security systems using keystrokes dynamics. In IEEE Transactions on Pattern Analysis and Machine Intelligence PAMI-12, Volume 12, December 1990.
3. William R. Cheswick and Steven M. Bellovin. Firewalls and Internet Security - Repelling the Wily Hacker. Professional Computing Series. Addison-Wesley, 1994. ISBN 0-201-63357-4.
4. Solar Designer and Dug Song. Passive analysis of SSH (secure shell) traffic. Openwall advisory OW-003, March 2001.
5. R. Gaines, W. Lisowski, S. Press, and N. Shapiro. Authentication by keystroke timing: Some preliminary results. Technical Report Rand report R-256-NSF, Rand corporation, 1980.
6. Simson Garfinkel and Gene Spafford. Practical UNIX & Internet Security. O'Reilly & Associates, 1996.
7. Rick Joyce and Gopal Gupta. Identity authentication based on keystroke latencies. Communications of the ACM, 33(2):168-176, February 1990.
8. P. Kocher. Cryptanalysis of Diffie-Hellman, RSA, DSS, and other cryptosystems using timing attacks. In Advances in cryptology, CRYPTO '95, pages 171-183. Springer-Verlag, 1995.
9. G. Leggett and J. Williams. Verifying identity via keystroke characteristics. International Journal of Man-Machine Studies, 28(1):67-76, 1988.
10. G. Leggett, J. Williams, and D. Umphress. Verification of user identity via keystroke characteristics. Human Factors in Management Information Systems, 1989.
11. Fabian Monrose and Avi Rubin. Authentication via keystroke dynamics. In Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 48-56, April 1997.
12. F. Monrose, M. K. Reiter, and S. Wetzel. Password hardening based on keystroke dynamics. In Proceedings of the 6th ACM Conference on Computer and Communications Security, November 1999.
13. National Bureau of Standards. Specification for the Data Encryption Standard. Federal Information Processing Standards Publication 46 (FIPS PUB 46), January 1977.
14. U. S. National Institute of Standards and Technology (NIST). Data Encryption Standard (DES). Draft Federal Information Processing Standards Publication 46-3 (FIPS PUB 46-3), January 1999.
15. J. A. Robinson, V. M. Liang, J. A. Chambers, and C. L. MacKenzie. Computer user verification using login string keystroke dynamics. IEEE Transactions on System, Man, and Cybernetics, 28(2), 1998.
16. Stuart Russell and Peter Norvig. Artificial Intelligence, A modern approach. Prentice Hall, 1995.
17. Claude E. Shannon. Prediction and Entropy of Printed English. Bell Sys. Tech. J (3), 1950.
18. IETF Secure Shell Working Group (SECSH). http://www.ietf.org/html.charters/secsh-charter.html, 2001.
19. Jonathan Trostle. Timing attacks against trusted path. In IEEE Symposium on Security and Privacy, 1998.
20. D. Umphress and J. Williams. Identity verification through keyboard characteristics. International Journal of Man-Machine Studies, 23(3):263-273, 1985.
21. T. Ylönen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen. SSH authentication protocol. Internet Draft, Internet Engineering Task Force, May 2000. Work in progress.
22. T. Ylönen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen. SSH protocol architecture. Internet Draft, Internet Engineering Task Force, May 2000. Work in progress.
23. Tatu Ylönen. SSH - Secure Login Connections over the Internet. In Sixth USENIX Security Symposium, San Jose, California, July 1996.
24. Philip R. Zimmermann. The Official PGP User's Guide. MIT Press, Cambridge, MA, USA, 1995. ISBN 0-262-74017-6.
25. Yin Zhang and Vern Paxson. Detecting backdoors. In Proc. of 9th USENIX Security Symposium, August 2000.
26. Yin Zhang and Vern Paxson. Detecting stepping stones. In Proc. of 9th USENIX Security Symposium, August 2000.