{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,9]],"date-time":"2024-09-09T18:27:10Z","timestamp":1725906430042},"publisher-location":"Cham","reference-count":33,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319647005"},{"type":"electronic","value":"9783319647012"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-64701-2_22","type":"book-chapter","created":{"date-parts":[[2017,7,25]],"date-time":"2017-07-25T04:56:55Z","timestamp":1500958615000},"page":"301-314","source":"Crossref","is-referenced-by-count":3,"title":["The Time Will Tell on You: Exploring Information Leaks in SSH Public Key Authentication"],"prefix":"10.1007","author":[{"given":"Joona","family":"Kannisto","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jarmo","family":"Harju","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,7,26]]},"reference":[{"key":"22_CR1","doi-asserted-by":"crossref","unstructured":"Yl\u00f6nen, T., Lonvick, C.: The secure shell (SSH) authentication protocol. RFC 4252, RFC Editor, January 2006","DOI":"10.17487\/rfc4252"},{"key":"22_CR2","unstructured":"Wilson, B.: Debian OpenSSL predictable PRNG (2013). https:\/\/github.com\/g0tmi1k\/debian-ssh"},{"issue":"2","key":"22_CR3","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1109\/MSP.2013.28","volume":"11","author":"FB Schneider","year":"2013","unstructured":"Schneider, F.B.: Breaking-in research. IEEE Secur. Priv. 11(2), 3\u20134 (2013)","journal-title":"IEEE Secur. Priv."},{"issue":"2","key":"22_CR4","first-page":"99","volume":"15","author":"C Herley","year":"2017","unstructured":"Herley, C., van Oorschot, P.C.: SoK: Science, security, and the elusive goal of security as a scientific pursuit. IEEE Secur. Priv. 15(2), 99\u2013120 (2017)","journal-title":"IEEE Secur. Priv."},{"key":"22_CR5","unstructured":"Kannisto, J.: SSH public key timing attack tool (2017). https:\/\/github.com\/joonakannisto\/PubTime"},{"issue":"5","key":"22_CR6","doi-asserted-by":"crossref","first-page":"701","DOI":"10.1016\/j.comnet.2005.01.010","volume":"48","author":"D Brumley","year":"2005","unstructured":"Brumley, D., Boneh, D.: Remote timing attacks are practical. Comput. Netw. 48(5), 701\u2013716 (2005)","journal-title":"Comput. Netw."},{"issue":"3","key":"22_CR7","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1145\/1455526.1455530","volume":"12","author":"SA Crosby","year":"2009","unstructured":"Crosby, S.A., Wallach, D.S., Riedi, R.H.: Opportunities and limits of remote timing attacks. ACM Trans. Inf. Syst. Secur. (TISSEC) 12(3), 17 (2009)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"22_CR8","unstructured":"Lawson, N., Nelson, T.: Exploiting remote timing attacks Presented at Blackhat 2010. https:\/\/www.youtube.com\/watch?v=hVXP8git7A4"},{"key":"22_CR9","unstructured":"Mayer, D.A., Sandin, J.: Time trial: racing towards practical remote timing attacks, Presented at Blackhat (2014). https:\/\/www.nccgroup.trust\/globalassets\/our-research\/us\/whitepapers\/TimeTrial.pdf"},{"key":"22_CR10","unstructured":"Morgan, T.D., Morgan, J.W.: Web timing attacks made practical, Presented at Blackhat (2015). https:\/\/www.blackhat.com\/docs\/us-15\/materials\/us-15-Morgan-Web-Timing-Attacks-Made-Practical-wp.pdf"},{"key":"22_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"355","DOI":"10.1007\/978-3-642-23822-2_20","volume-title":"Computer Security \u2013 ESORICS 2011","author":"BB Brumley","year":"2011","unstructured":"Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 355\u2013371. Springer, Heidelberg (2011). doi: 10.1007\/978-3-642-23822-2_20"},{"key":"22_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"75","DOI":"10.1007\/978-3-662-44709-3_5","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2014","author":"N Benger","year":"2014","unstructured":"Benger, N., Pol, J., Smart, N.P., Yarom, Y.: \u201cOoh Aah.. Just a Little Bit\u201d: a small amount of side channel can go a long way. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 75\u201392. Springer, Heidelberg (2014). doi: 10.1007\/978-3-662-44709-3_5"},{"key":"22_CR13","doi-asserted-by":"crossref","unstructured":"Pereida Garc\u00eda, C., Brumley, B.B., Yarom, Y.: Make sure DSA signing exponentiations really are constant-time. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1639\u20131650. ACM (2016)","DOI":"10.1145\/2976749.2978420"},{"key":"22_CR14","doi-asserted-by":"crossref","unstructured":"Allan, T., Brumley, B.B., Falkner, K., van de Pol, J., Yarom, Y.: Amplifying side channels through performance degradation. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 422\u2013435. ACM (2016)","DOI":"10.1145\/2991079.2991084"},{"key":"22_CR15","unstructured":"Song, D.X., Wagner, D., Tian, X.: Timing analysis of keystrokes and timing attacks on SSH. In: USENIX Security Symposium, vol. 2001 (2001)"},{"key":"22_CR16","unstructured":"Edge, J.: OpenSSH and keystroke timings (2008). https:\/\/lwn.net\/Articles\/298833\/"},{"key":"22_CR17","unstructured":"CureSec Security Research: OpenSSH user enumeration time-based attack (2013). https:\/\/www.curesec.com\/blog\/article\/blog\/OpenSSH-User-Enumeration-Time-Based-Attack-20.html"},{"key":"22_CR18","unstructured":"Harari, E.: OpenSSHD - user enumeration (2016). http:\/\/seclists.org\/fulldisclosure\/2016\/Jul\/51"},{"key":"22_CR19","unstructured":"Bello, L., Bertacchini, M., Hat, B.: Predictable PRNG in the vulnerable debian openssl package: the what and the how. In: the 2nd DEF CON Hacking Conference (2008)"},{"key":"22_CR20","unstructured":"Heninger, N., Durumeric, Z., Wustrow, E., Halderman, J.A.: Mining your Ps and Qs: detection of widespread weak keys in network devices. In: USENIX Security Symposium, vol. 8. (2012)"},{"key":"22_CR21","unstructured":"Alkan, G.: Crowbar - brute forcing tool (2016). https:\/\/github.com\/galkan\/crowbar"},{"key":"22_CR22","unstructured":"Cox, B.: Auditing github users\u015bsh key quality (2015). https:\/\/blog.benjojo.co.uk\/post\/auditing-github-users-keys"},{"key":"22_CR23","unstructured":"Valsorda, F.: A SSH server that knows who you are (2015). https:\/\/github.com\/FiloSottile\/whosthere"},{"key":"22_CR24","unstructured":"Oosterhof, M.: Kippo modifications (2015). http:\/\/www.micheloosterhof.com\/kippo-modifications\/"},{"key":"22_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1007\/978-3-540-27809-2_25","volume-title":"Financial Cryptography","author":"BN Levine","year":"2004","unstructured":"Levine, B.N., Reiter, M.K., Wang, C., Wright, M.: Timing attacks in low-latency mix systems. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 251\u2013265. Springer, Heidelberg (2004). doi: 10.1007\/978-3-540-27809-2_25"},{"key":"22_CR26","doi-asserted-by":"crossref","unstructured":"Overlier, L., Syverson, P.: Locating hidden servers. In: 2006 IEEE Symposium on Security and Privacy, 15 pp. IEEE (2006)","DOI":"10.1109\/SP.2006.24"},{"key":"22_CR27","unstructured":"Lewis, S.J.: Onionscan report - snapshots of the dark web (2016). https:\/\/mascherari.press\/onionscan-report-june-2016\/"},{"key":"22_CR28","doi-asserted-by":"crossref","unstructured":"Schlyter, J., Griffin, W.: Using DNS to securely publish secure shell (SSH) key fingerprints. RFC 4255, RFC Editor, January 2006","DOI":"10.17487\/rfc4255"},{"key":"22_CR29","first-page":"4","volume":"36","author":"P Gutmann","year":"2011","unstructured":"Gutmann, P.: Do users verify SSH keys? USENIX; Login 36, 4 (2011)","journal-title":"USENIX; Login"},{"key":"22_CR30","unstructured":"Dingledine, R., Mathewson, N., Lewman, A., Loesing, K., Hahn, S., Ransom, R., Bobbio, J., Goulet, D., Johnson, D.: Tor rendezvous specification. Technical report (2006)"},{"key":"22_CR31","unstructured":"Swartz, A., Griffith, V.: Tor2web: Browse the tor onion services (2008). https:\/\/tor2web.org"},{"key":"22_CR32","unstructured":"National Institute of Advanced Industrial Science and Technology (AIST): Delegate official site. http:\/\/delegate.hpcc.jp\/delegate\/"},{"key":"22_CR33","unstructured":"Ferrara, A.: It\u2019s all about time (2014). http:\/\/blog.ircmaxell.com\/2014\/11\/its-all-about-time.html"}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-64701-2_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,1]],"date-time":"2019-10-01T11:13:44Z","timestamp":1569928424000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-64701-2_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319647005","9783319647012"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-64701-2_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]}}}