Abstract:
IoT and embedded devices enter many areas of our daily life at home or work. Additionally, the industry has started connecting their machines to networks and the internet. The SSH protocol can be and is utilized for remote access to these systems. The typical usage is to connect to servers in a data center remotely. However, as with every software, the implementations can have flaws, which can be exploited.
The two relevant areas for this thesis are the security of SSH and IoT. The research on SSH security showed problems in the implementations of different algorithms and the usage of entropy vs. performance. Much research is also spent exploring the usage of SSH on the internet, mainly from the victim’s perspective. For IoT misconfiguration, resource shortages on the device and in the development process dominate the know problems.
This thesis developed probes to test SSH-Servers if they show potentially vulnerable behavior. These probes test general handshake parameters to check availability. Also, entropy was a problem on embedded devices, for which unique probes were implemented to check it. Furthermore, the last two probe types are for the DiffieHellman key exchange and the implementation of known CVEs. The implemented probes are then tested against a Docker setup with some server implementations and two Cisco devices. The last scan is performed on the whole IPv4 Addressspace, with a toolchain to speed up the scanning process. From the two initial scans, some problems could be identified, which were also visible in the internet scan, such as short moduli in the Diffie-Hellman key exchange or acceptance of unsafe parameters. However, also in the internet wide-scan, a new problem with the entropy in the cookie of the handshake could be identified. The extended tool then enables users to check their server for vulnerabilities in the software and the respective configuration. Furthermore, it gives the user advice on how to fix these problems.