Conducting large-scale active and passive measurements of SSH - - PowerPoint PPT Presentation
Conducting large-scale active and passive measurements of SSH deployments Oliver Gasser Master Thesis Advisor: Ralph Holz Chair for Network Architectures and Services Faculty of Computer Science Technische Universit at M unchen June
Oliver Gasser
Master Thesis Advisor: Ralph Holz Chair for Network Architectures and Services Faculty of Computer Science Technische Universit¨ at M¨ unchen
June 27, 2012
Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 1
Outline
1
SSH 101
2
Motivation
3
Goals
4
Scanning SSH deployments
5
Schedule
Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 2
Outline
1
SSH 101
2
Motivation
3
Goals
4
Scanning SSH deployments
5
Schedule
Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 3
SSH
Secure Shell Network protocol for secure communication Common applications: Remote shell, command execution, file transfer Two major versions: SSH-1 and SSH-2
Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 4
SSH Connection
Client – Server model Mutual authentication
Server with host key (fingerprint) Client with password, public key, host based, . . .
Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 5
Outline
1
SSH 101
2
Motivation
3
Goals
4
Scanning SSH deployments
5
Schedule
Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 6
Motivation
Previous scans showed Weak host keys Same host key used on multiple hosts
Host based authentication
Vulnerable servers Insecure ciphers Examine typo domain exploitation
Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 7
Outline
1
SSH 101
2
Motivation
3
Goals
4
Scanning SSH deployments
5
Schedule
Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 8
Goals of the Thesis
General overview of SSH deployments → topology Identify SSH properties in different locations and ASs Interesting correlations? Known weaknesses SSH-1 Weak host keys (Debian OpenSSL bug) Host keys with bad entropy, short keys Reuse of host keys on multiple hosts Unpatched servers
Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 9
Goals of the Thesis
Typo domains Known phenomenon: Registration of typo domains like tu-munchen.de Use Levensthein distance to create some based on important (university) domains Use University of Luxembourg’s tool SDBF to create plausible (sub-)domains DNS lookup and SSH scan to prove existence (and warn) Comparison of results: SSH vs. SSL (‘SSL landscape’)
Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 10
Optional Work
Two choices Build up host key database → notary service Patch Bro to analyze SSH protocol Notaries: Promised by Perspectives, never reality Exists for SSL (Perspectives, Convergence, Crossbear) Implement PoC for OpenSSH
Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 11
Outline
1
SSH 101
2
Motivation
3
Goals
4
Scanning SSH deployments
5
Schedule
Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 12
Methods
Accumulate host names and IP addresses (e.g. zone files) Generate plausible domains and subdomains (e.g. SDBF) Write tool for scanning
ssh-keyscan libssh
Save and evaluate scanning results
Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 13
Related Work
IPv4 scans: Lenstra et al.: ‘Ron was wrong, Whit is right’ IPv4 scans: Nadia Henninger et al.: unpublished Yilek et al., IMC 2007: ‘When private keys are public’ Perspectives: First notary concept, includes SSH, not implemented Crossbear (for SSL) Conclusion No comprehensive understanding of SSH deployments and problems
Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 14
Outline
1
SSH 101
2
Motivation
3
Goals
4
Scanning SSH deployments
5
Schedule
Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 15
Schedule
Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 16
The End...
Oliver Gasser (TU M¨ unchen) Conducting large-scale active and passive measurements of SSH deployments 17