Académique Documents
Professionnel Documents
Culture Documents
Times between keystrokes are different Exact measurement leaks information about typed keys examples (...) inter-keystroke timings lie between 40 and 220 msec. More efficient than a pure Bruteforce/Dictionary attack only possible password candidates tested
Enabled after initial login, special scenarios are needed: Nested attack su command
Network sniffer (e.g. wireshark) exact time measurement, packet size Information analysis filter out password keystrokes n-Viterbi algorithm calculates possible password candidates Keystroke timing characteristics of a special user general timing characteristics
9
OpenSSH (4.4p1) sends blanks in non-echo mode non-echo mode is activated, when the user types a password
10
t qn yn
: time step : character pair (e.g., abc -> q1=ab, q2=bc) : latency between keystrokes
12
Typing seqence:
yiq
Typing seqence:
aiq
13
Disadvantages
Build second degree HMM statistic: more timing data required
14
15
Demonstration
16
17
Questions?
18
19