[Security] keystroke and timing attacks against IM traffic?
Peter Saint-Andre
stpeter at stpeter.im
Mon Aug 4 17:32:50 CDT 2008
During an IM session earlier today, Jonathan Schleifer mentioned to me
that he thinks the work of Song, Wagner, and Tian on SSH might apply
equally to instant messaging traffic:
http://www.cs.berkeley.edu/~daw/papers/ssh-use01.pdf
For an opposing view see:
http://www.cs.virginia.edu/~evans/cs588-fall2001/projects/reports/team4.pdf
It seems to me quite possible that IM traffic is more susceptible to
attacks of this kind than SSH is, especially given the existence of
things like chat state notifications:
http://www.xmpp.org/extensions/xep-0085.html
Thoughts?
/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080804/833a73a4/attachment.bin
More information about the Security
mailing list