A deeper understanding of SSH: Results from Internet-wide scans

Oliver Gasser, Ralph Holz, Georg Carle

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

15 Zitate (Scopus)

Abstract

Until recently, relatively little was known about the characteristics of the SSH protocol on the Internet, until two larger studies analysed the cryptographic properties of SSH host keys and identified weaknesses in a number of SSH devices. However, there is no succinct comprehensive image yet how the SSH landscape looks like from the point of view of deployment practices, especially with respect to key management. In this paper, we present the results of Internet-wide SSH scans that we carried out over a period of 7 months, which resulted in the largest data set to date. We enriched our data set with large-scale mappings obtained from DNS scans, AS and WHOIS lookups, and a geo-IP database. We analysed the distribution of server and protocol versions, and found that while SSH 2 has displaced SSH 1, the rate of software updates seems to be slow. We analysed the mentioned cryptographic weaknesses and found they have become fewer, but continue to persist one year after the disclosure. Finally, we investigated the reasons for duplicate yet cryptographically strong keys. We found these are used in very different setups at varying degrees of security. Some are indeed dangerous weaknesses, others are the result of a careful and centralised setup. By example of the ten most common keys, we show the circumstances in which they occur and assess the security of each deployment. Finally, we analysed the deployment of ciphers and associated key lengths and found good results in terms of security. As our scans are of a sensitive nature, we also document the ethical considerations that guided us.

OriginalspracheEnglisch
TitelIEEE/IFIP NOMS 2014 - IEEE/IFIP Network Operations and Management Symposium
UntertitelManagement in a Software Defined World
Herausgeber (Verlag)IEEE Computer Society
ISBN (Print)9781479909131
DOIs
PublikationsstatusVeröffentlicht - 2014
VeranstaltungIEEE/IFIP Network Operations and Management Symposium: Management in a Software Defined World, NOMS 2014 - Krakow, Polen
Dauer: 5 Mai 20149 Mai 2014

Publikationsreihe

NameIEEE/IFIP NOMS 2014 - IEEE/IFIP Network Operations and Management Symposium: Management in a Software Defined World

Konferenz

KonferenzIEEE/IFIP Network Operations and Management Symposium: Management in a Software Defined World, NOMS 2014
Land/GebietPolen
OrtKrakow
Zeitraum5/05/149/05/14

Fingerprint

Untersuchen Sie die Forschungsthemen von „A deeper understanding of SSH: Results from Internet-wide scans“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren