[Security] keystroke and timing attacks against IM traffic?

Peter Saint-Andre stpeter at stpeter.im
Mon Aug 4 17:32:50 CDT 2008


During an IM session earlier today, Jonathan Schleifer mentioned to me 
that he thinks the work of Song, Wagner, and Tian on SSH might apply 
equally to instant messaging traffic:

http://www.cs.berkeley.edu/~daw/papers/ssh-use01.pdf

For an opposing view see:

http://www.cs.virginia.edu/~evans/cs588-fall2001/projects/reports/team4.pdf

It seems to me quite possible that IM traffic is more susceptible to 
attacks of this kind than SSH is, especially given the existence of 
things like chat state notifications:

http://www.xmpp.org/extensions/xep-0085.html

Thoughts?

/psa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 7338 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.jabber.org/pipermail/security/attachments/20080804/833a73a4/attachment.bin 


More information about the Security mailing list