Traffic Analysis

To: ietf-ssh%NetBSD.org@localhost
Subject: Traffic Analysis
From: Chris Lonvick <clonvick%cisco.com@localhost>
Date: Sun, 16 Jan 2005 15:14:10 -0800 (PST)

Hi,

I was reminded a few weeks ago that traffic analysis has been a sore spot
for SSH (both v1 and v2) in the past.  SSH_MSG_IGNORE is actually called
out to thwart "advanced traffic analysis" in [TRANS].  However, there is
no reference to it in the Security Considerations section in [ARCH].  To
rectify that, I've added the following text and reference to [ARCH].

9.2.9  Traffic Analysis

   Passive monitoring of any protocol may give an attacker some
   information about the session, the user, or protocol specific
   information that they would otherwise not be able to garner.  For
   example, it has been shown that traffic analysis of an SSH session
   can yield information about the length of the password.  [Openwall]
   Implementors should use the SSH_MSG_IGNORE packet as described in
   [SSH-TRANS] along with any other methods they may find to prevent
   traffic analysis.


   [Openwall]
              Solar Designer and D. Song, "SSH Traffic Analysis
              Attacks", Presentation given at HAL2001 and NordU2002
              Conferences, Sept 2001.


Please let me know if this is acceptable.  Does anyone have any better
reference?

Thanks,
Chris

Follow-Ups:
- Re: Traffic Analysis
  - From: Niels Möller
- Re: Traffic Analysis
  - From: Peter Gutmann
- Re: Traffic Analysis
  - From: Ben Harris

Prev by Date: Re: Open Issues from Recent Comments
Next by Date: Consenus on UTF8
Previous by Thread: Any contacts for an F-Secure client bug
Next by Thread: Re: Traffic Analysis
Indexes:

Home | Main Index | Thread Index | Old Index