The time will tell on you: Exploring information leaks in SSH public key authentication

Abstract

SSH client public key authentication method is one of the most used public key client authentication methods. Despite its popularity, the precise protocol is not very well known, and even advanced users may have misconceptions of its functionality. We describe the SSH public key authentication protocol, and identify potential weak points for client privacy. We further review parts of the OpenSSH implementation of the protocol, and identify possible timing attack information leaks. To evaluate the severity of these leaks we built a modified SSH-library that can be used to query the authentication method with arbitary public key blobs and measure the response time. We then use the resulting query timing differences to enumerate valid users and their key types. Furthermore, to advance the knowledge on remote timing attacks, we study the timing signal exploitability over a Tor Hidden Service (HS) connection and present filtering methods that make the attack twice as effective in the HS setting.