The Secure Shell (SSH) public key authentication protocol represents one of the most popularly used authentication methods that rely on public key cryptography. Apart from its massive popularity, the SSH protocol hasn't been massively studied and even the most advanced users often misconceive its functionality. Version 2 of the SSH protocol is presently being used by millions of internet connected machines for remote shell communications. It is utilized in important tasks including management and is appreciated as a secure solution for this important task.
Attacks against the SSH protocol commonly target password authentication. Passwords are targeted mainly via two attack forms; server side attacks where user credentials are phished via a man in the middle adversary, and brute force attacks. Public key authentication is less vulnerable to attacks. For example, a man in the middle adversary cannot simply gain access via replaying a signature. However, attacks targeting weak keys are occasionally applicable. Practically speaking, brute force attacks against the SSH protocol usually target systems with weak keys and/or passwords, as well as known usernames. If the adversary can enter authentic usernames, the brute force attack will be more effective. The adversary can relinquish hosts lacking known accounts, and can launch attacks, using a bigger group of possible user credentials, to target valid accounts.
SSH Public Key Authentication Over Tor Hidden Services (HS) & Timing Attacks:
A recently published paper closely examined the SSH public key authentication procedure and its OpenSSH implementation as means for enumeration of user accounts on targeted servers. The paper delved into the privacy of SSH public keys, which permits the correlation of users within targeted systems, opening the door to compromise of targets with weak or short keys (<768 bytes). Even more, user enumeration by itself can yield issues across highly sensitive environments. For example, Tor Location Hidden Services (HS) can occasionally include a user's credentials that leak sensitive information.
The authors of the paper studied the extent of vulnerability of the services, that run over Tor HS, to various forms of timing attacks. As such, they contributed to timing an attack field, rather than repeatedly examining well known methods on a new group of targets. The main contributions of this study are represented by the attack framework for Tor HS, as well as the implemented filtering methods. The literature doesn't include any previous studies focusing on the feasibility of timing attacks targeting services that run on top of Tor HS frameworks.
The paper presented a synopsis of the SSH public key authentication protocol, along with its deployment in the server daemon of the OpenSSH. From the deployment details, the authors of the paper built a timing attack tool to target the server. They used the tool to validate authentic usernames on the targeted server via utilizing the query timing of the public key authentication procedure. They measured the effectiveness of timing attacks targeting LAN, Localhost (loopback interface), WAN, as well as Tor HS networks. Following presentation of the results of their experiments, the paper discussed possible solutions and their possible flaws.
The study revealed privacy flaws within the key query protocol. Even though the researchers suggested a group of protocol improvements, they acknowledged the simplicity and versatility of the presently available protocol. The research analysis of the OpenSSH deployment details showcased a timing leak that could be exploited to enumerate users of OpenSSH with relatively high levels of accuracy. They showed that the reliability of the timing channel can be estimated using a single SSH handshake. Moreover, information regarding the types of keys was prominently discoverable. On the other hand, public key bytes were not discoverable, nor could a bigger difference be identified with reliability.
The researchers deployed the first ever timing attack mechanism to target applications relying on Tor HSs. Attacks conducted over the Tor network are rather slow, yet yield results contrary to previous intuitions. They also proved that simple filtering can often be implemented to boost the accuracy of timing attacks targeting Tor HSs. These results dictate that the developers of Tor HS applications have to be meticulous on branching that relies on sensitive inputs.
