A Preliminary Look at the Privacy of SSH Tunnels

2008 Proceedings of 17th International Conference on Computer Communications and Networks Pub Date : 2008-11-17 DOI:10.1109/ICCCN.2008.ECP.122

M. Dusi, F. Gringoli, L. Salgarelli

{"title":"A Preliminary Look at the Privacy of SSH Tunnels","authors":"M. Dusi, F. Gringoli, L. Salgarelli","doi":"10.1109/ICCCN.2008.ECP.122","DOIUrl":null,"url":null,"abstract":"Secure Shell (SSH) tunnels are commonly used to provide two types of privacy protection to clear-text application protocols. First and foremost, they aim at protecting the privacy of the data being exchanged between two peers, such as passwords, details of monetary transactions and so on. Second, they are supposed to protect the privacy of the behavior of end-users, by preventing an unauthorized observer from detecting which application protocol is being transported by an SSH tunnel. In this paper we introduce a GMM-based (Gaussian Mixture Model) technique that, under a set of reasonable assumptions, can be used to identify which application is being tunneled inside an SSH session by simply observing the stream of encrypted packets. This technique can therefore break the presumption of privacy in its second incarnation as described above. Although still preliminary, experimental results show that the technique can be quite effective, and that the standard bodies might need to take this approach under consideration when designing new obfuscation techniques for SSH.","PeriodicalId":314071,"journal":{"name":"2008 Proceedings of 17th International Conference on Computer Communications and Networks","volume":"76 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 Proceedings of 17th International Conference on Computer Communications and Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCCN.2008.ECP.122","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 23

Abstract

Secure Shell (SSH) tunnels are commonly used to provide two types of privacy protection to clear-text application protocols. First and foremost, they aim at protecting the privacy of the data being exchanged between two peers, such as passwords, details of monetary transactions and so on. Second, they are supposed to protect the privacy of the behavior of end-users, by preventing an unauthorized observer from detecting which application protocol is being transported by an SSH tunnel. In this paper we introduce a GMM-based (Gaussian Mixture Model) technique that, under a set of reasonable assumptions, can be used to identify which application is being tunneled inside an SSH session by simply observing the stream of encrypted packets. This technique can therefore break the presumption of privacy in its second incarnation as described above. Although still preliminary, experimental results show that the technique can be quite effective, and that the standard bodies might need to take this approach under consideration when designing new obfuscation techniques for SSH.

查看原文本刊更多论文

浅谈SSH隧道的隐私性

SSH (Secure Shell)隧道通常用于为明文应用协议提供两种类型的隐私保护。首先，它们旨在保护两个对等体之间交换的数据的隐私，例如密码、货币交易细节等。其次，它们应该通过防止未经授权的观察者检测SSH隧道正在传输哪个应用程序协议来保护最终用户行为的隐私。在本文中，我们介绍了一种基于gmm(高斯混合模型)的技术，在一组合理的假设下，可以通过简单地观察加密数据包流来识别在SSH会话中隧道化的应用程序。因此，如上所述，该技术可以在其第二次化身中打破对隐私的假定。虽然还处于初步阶段，但实验结果表明该技术可以非常有效，并且标准机构在为SSH设计新的混淆技术时可能需要考虑这种方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2008 Proceedings of 17th International Conference on Computer Communications and Networks

自引率

0.00%

发文量