[Security] keystroke and timing attacks against IM traffic?

Mon, 04 Aug 2008 15:33:46 -0700

During an IM session earlier today, Jonathan Schleifer mentioned to me that he thinks the work of Song, Wagner, and Tian on SSH might apply equally to instant messaging traffic: 

http://www.cs.berkeley.edu/~daw/papers/ssh-use01.pdf

For an opposing view see:

http://www.cs.virginia.edu/~evans/cs588-fall2001/projects/reports/team4.pdf
It seems to me quite possible that IM traffic is more susceptible to attacks of this kind than SSH is, especially given the existence of things like chat state notifications: 

http://www.xmpp.org/extensions/xep-0085.html

Thoughts?

/psa

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to