SSH Implementations: State Machine Learning and Analysis

Abstract

Analyzing large cryptographic protocol implementations can be challenging since their implementations do not perfectly match the standard [6]. The popular, highly configurable remote login method, Secure Shell (SSH) is such an example. In this thesis, we researched the fuzzing methodologies for SSH implementations. Three tools (Backfuzz, Paramiko-sshfuzz and Protocol state fuzzing) were implemented to explore their capabilities and to determine the most effective one. The protocol state fuzzing technique resulted to be the most promising approach since it is well-developed and has recently revealed a few abnormal behaviours of SSH [6], moreover it is also actively used in several cryptographic protocol implementations (i.e. TLS). Consequently, we applied this method on an real SSH implementation, the OpenSSH library (OpenSSH6.7-p1). The results are analyzed against the source code and RFC standards. To solve the readability problem of the results caused by the complex architecture of the SSH protocol, we combined the obtained SSH state machine with D3.js data visualization technique. As a result, we developed a tool for debugging SSH implementations based on the protocol state fuzzing, code review and D3.js. Lastly, the utility tool is evaluated in a survey and future works are presented.