Measuring the Prevalence of the Password Authentication Vulnerability in SSH

ICC 2020 - 2020 IEEE International Conference on Communications (ICC) Pub Date : 2020-06-01 DOI:10.1109/ICC40277.2020.9148912

Ron Andrews, Dalton A. Hahn, Alexandru G. Bardas

{"title":"Measuring the Prevalence of the Password Authentication Vulnerability in SSH","authors":"Ron Andrews, Dalton A. Hahn, Alexandru G. Bardas","doi":"10.1109/ICC40277.2020.9148912","DOIUrl":null,"url":null,"abstract":"Securing and hardening network protocols and services is a resource-consuming and continuous effort. Thus, it is important to question how prolific known, mitigable features of those protocols are. The Secure Shell (SSH) protocol is a good example due to its known vulnerability in using password based authentication. We take a closer look at these configurations to identify how prevalent the use of password authentication is at an internet scale. We show that current scanning tools and services provide a starting point in evaluating prevalence, but need to be validated for specific implementations. We also demonstrate that it is possible to augment some of these tools and services to determine the prevalence of password authentication in SSH specifically. As part of our evaluation, we propose a novel method for probing an SSH service to establish if password authentication is allowed, without being intrusive or causing harm to the host. Finally, we show that our analysis has resulted in determining that more than 65% of the over 20 million SSH servers on the public internet allow password authentication.","PeriodicalId":106560,"journal":{"name":"ICC 2020 - 2020 IEEE International Conference on Communications (ICC)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ICC 2020 - 2020 IEEE International Conference on Communications (ICC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICC40277.2020.9148912","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Securing and hardening network protocols and services is a resource-consuming and continuous effort. Thus, it is important to question how prolific known, mitigable features of those protocols are. The Secure Shell (SSH) protocol is a good example due to its known vulnerability in using password based authentication. We take a closer look at these configurations to identify how prevalent the use of password authentication is at an internet scale. We show that current scanning tools and services provide a starting point in evaluating prevalence, but need to be validated for specific implementations. We also demonstrate that it is possible to augment some of these tools and services to determine the prevalence of password authentication in SSH specifically. As part of our evaluation, we propose a novel method for probing an SSH service to establish if password authentication is allowed, without being intrusive or causing harm to the host. Finally, we show that our analysis has resulted in determining that more than 65% of the over 20 million SSH servers on the public internet allow password authentication.

查看原文本刊更多论文

测量SSH密码认证漏洞的普遍程度

保护和加固网络协议和服务是一项耗费资源的持续工作。因此，重要的是要质疑这些协议的已知的、可缓解的特性有多少。Secure Shell (SSH)协议就是一个很好的例子，因为它在使用基于密码的身份验证时存在已知的漏洞。我们将仔细研究这些配置，以确定密码身份验证在互联网规模上的使用有多普遍。我们表明，当前的扫描工具和服务提供了评估流行程度的起点，但需要针对特定的实现进行验证。我们还演示了可以增强其中一些工具和服务，以确定SSH中密码身份验证的流行程度。作为我们评估的一部分，我们提出了一种新的方法来探测SSH服务，以确定是否允许密码身份验证，而不会侵入或对主机造成伤害。最后，我们表明，我们的分析已经确定，在公共互联网上超过2000万个SSH服务器中，超过65%的服务器允许密码验证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ICC 2020 - 2020 IEEE International Conference on Communications (ICC)

自引率

0.00%

发文量