The contents of this legacy page are no longer maintained nor supported, and are made available only for historical purposes.

Bibliography Details

M. Dusi, F. Gringoli, and L. Salgarelli, "A Preliminary Look at the Privacy of SSH Tunnels", in IEEE International Conference on Communications (ICC) 2008, May 2008.

A Preliminary Look at the Privacy of SSH Tunnels
Authors: M. Dusi
F. Gringoli
L. Salgarelli
Published: IEEE International Conference on Communications (ICC), 2008
URL: http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=4674282
Entry Dates: 2009-02-11
Abstract: Secure Shell (SSH) tunnels are commonly used to provide two types of privacy protection to clear-text application protocols. First and foremost, they aim at protecting the privacy of the data being exchanged between two peers, such as passwords, details of monetary transactions and so on. Second, they are supposed to protect the privacy of the behavior of end-users, by preventing an unauthorized observer from detecting which application protocol is being transported by an SSH tunnel. In this paper we introduce a GMM-based (Gaussian Mixture Model) technique that, under a set of reasonable assumptions, can be used to identify which application is being tunneled inside an SSH session by simply observing the stream of encrypted packets. This technique can therefore break the presumption of privacy in its second incarnation as described above. Although still preliminary, experimental results show that the technique can be quite effective, and that the standard bodies might need to take this approach under consideration when designing new obfuscation techniques for SSH.
Results:
  • datasets: full payload, campus, Edge/Border, 0.25 hour each hour for three weeks,50Gbytes;
  • GMM-based
  • identify which application is being tunneled inside an SSH session by simply observing the stream of encrypted packets;