conducting large scale active and passive measurements of
play

Conducting large-scale active and passive measurements of SSH - PowerPoint PPT Presentation

Conducting large-scale active and passive measurements of SSH deployments Oliver Gasser Master Thesis Advisor: Ralph Holz Chair for Network Architectures and Services Faculty of Computer Science Technische Universit at M unchen June


  1. Conducting large-scale active and passive measurements of SSH deployments Oliver Gasser Master Thesis Advisor: Ralph Holz Chair for Network Architectures and Services Faculty of Computer Science Technische Universit¨ at M¨ unchen June 27, 2012 Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 1

  2. Outline SSH 101 1 Motivation 2 Goals 3 Scanning SSH deployments 4 Schedule 5 Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 2

  3. Outline SSH 101 1 Motivation 2 Goals 3 Scanning SSH deployments 4 Schedule 5 Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 3

  4. SSH Secure Shell Network protocol for secure communication Common applications: Remote shell, command execution, file transfer Two major versions: SSH-1 and SSH-2 Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 4

  5. SSH Connection Client – Server model Mutual authentication Server with host key (fingerprint) Client with password, public key, host based, . . . Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 5

  6. Outline SSH 101 1 Motivation 2 Goals 3 Scanning SSH deployments 4 Schedule 5 Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 6

  7. Motivation Previous scans showed Weak host keys Same host key used on multiple hosts Host based authentication Vulnerable servers Insecure ciphers Examine typo domain exploitation Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 7

  8. Outline SSH 101 1 Motivation 2 Goals 3 Scanning SSH deployments 4 Schedule 5 Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 8

  9. Goals of the Thesis General overview of SSH deployments → topology Identify SSH properties in different locations and ASs Interesting correlations? Known weaknesses SSH-1 Weak host keys (Debian OpenSSL bug) Host keys with bad entropy, short keys Reuse of host keys on multiple hosts Unpatched servers Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 9

  10. Goals of the Thesis Typo domains Known phenomenon: Registration of typo domains like tu-munchen.de Use Levensthein distance to create some based on important (university) domains Use University of Luxembourg’s tool SDBF to create plausible (sub-)domains DNS lookup and SSH scan to prove existence (and warn) Comparison of results: SSH vs. SSL (‘SSL landscape’) Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 10

  11. Optional Work Two choices Build up host key database → notary service Patch Bro to analyze SSH protocol Notaries: Promised by Perspectives, never reality Exists for SSL (Perspectives, Convergence, Crossbear) Implement PoC for OpenSSH Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 11

  12. Outline SSH 101 1 Motivation 2 Goals 3 Scanning SSH deployments 4 Schedule 5 Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 12

  13. Methods Accumulate host names and IP addresses (e.g. zone files) Generate plausible domains and subdomains (e.g. SDBF) Write tool for scanning ssh-keyscan libssh Save and evaluate scanning results Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 13

  14. Related Work IPv4 scans: Lenstra et al.: ‘Ron was wrong, Whit is right’ IPv4 scans: Nadia Henninger et al.: unpublished Yilek et al., IMC 2007: ‘When private keys are public’ Perspectives: First notary concept, includes SSH, not implemented Crossbear (for SSL) Conclusion No comprehensive understanding of SSH deployments and problems Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 14

  15. Outline SSH 101 1 Motivation 2 Goals 3 Scanning SSH deployments 4 Schedule 5 Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 15

  16. Schedule Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 16

  17. The End... Thank you for your attention! Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 17

Recommend


More recommend