Dr Peter McLaren P.McLaren@napier.ac.uk
Associate
Decrypting Live SSH Traffic in Virtual Environments
Mclaren, Peter; Russell, Gordon; Buchanan, William J; Tan, Zhiyuan
Authors
Dr Gordon Russell G.Russell@napier.ac.uk
Associate Professor
Prof Bill Buchanan B.Buchanan@napier.ac.uk
Professor
Dr Thomas Tan Z.Tan@napier.ac.uk
Associate Professor
Abstract
Decrypting and inspecting encrypted malicious communications may assist crime detection and prevention. Access to client or server memory enables the discovery of artefacts required for decrypting secure communications. This paper develops the MemDe-crypt framework to investigate they discovery of encrypted artefacts in memory and applies the methodology to decrypting the secure communications of virtual machines. For Secure Shell, used for secure remote server management, file transfer, and tunnelling inter alia, MemDecrypt experiments rapidly yield AES-encrypted details for a live secure file transfer including remote user credentials, transmitted file name and file contents. Thus, MemDecrypt discovers cryptographic artefacts and quickly decrypts live SSH malicious communications including detection and interception of data exfiltration of confidential data.
Citation
Mclaren, P., Russell, G., Buchanan, W. J., & Tan, Z. (2019). Decrypting Live SSH Traffic in Virtual Environments. Digital Investigation, 29, 109-117. https://doi.org/10.1016/j.diin.2019.03.010
| Journal Article Type | Article |
|---|---|
| Acceptance Date | Mar 26, 2019 |
| Online Publication Date | Mar 29, 2019 |
| Publication Date | Jun 1, 2019 |
| Deposit Date | Mar 26, 2019 |
| Publicly Available Date | Mar 30, 2020 |
| Journal | Digital Investigation |
| Print ISSN | 1742-2876 |
| Publisher | Elsevier |
| Peer Reviewed | Peer Reviewed |
| Volume | 29 |
| Pages | 109-117 |
| DOI | https://doi.org/10.1016/j.diin.2019.03.010 |
| Keywords | network traffic; decryption; memory analysis; IoT; Android; VMI; Secure Shell; SSH; AES; Secure File Transfer; data exfiltration; insider attacks |
| Public URL | http://researchrepository.napier.ac.uk/Output/1689113 |
Files
Decrypting Live SSH Traffic in Virtual Environments
(650 Kb)
PDF
Publisher Licence URL
http://creativecommons.org/licenses/by-nc-nd/4.0/
Copyright Statement
©. This manuscript version is made available under the CC-BY-NC-ND 4.0 license http://creativecommons.org/licenses/by-nc-nd/4.0/
You might also like
Mining malware command and control traces
(2018)
Conference Proceeding
Deriving ChaCha20 Key Streams From Targeted Memory Analysis
(2019)
Journal Article
Enhancing Mac OS Malware Detection through Machine Learning and Mach-O File Analysis
(2023)
Conference Proceeding
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search