Authenticated encryption in SSH

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Authenticated encryption in SSH: provably fixing the SSH binary packet protocol

Full text

Pdf (287 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 9th ACM conference on Computer and communications security table of contents

Washington, DC, USA

SESSION: Cryptographic protocols table of contents

Pages: 1 - 11

Year of Publication: 2002

ISBN:1-58113-612-9

Authors

Mihir Bellare	UC San Diego
Tadayoshi Kohno	UC San Diego
Chanathip Namprempre	Thammasat University, Thailand

Sponsors

ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 12, Downloads (12 Months): 88, Citation Count: 3

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/586110.586112 What is a DOI?

ABSTRACT

The Secure Shell (SSH) protocol is one of the most popular cryptographic protocols on the Internet. Unfortunately, the current SSH authenticated encryption mechanism is insecure. In this paper we propose several fixes to the SSH protocol and, using techniques from modern cryptography, we prove that our modified versions of SSH meet strong new chosen-ciphertext privacy and integrity requirements. Furthermore, our proposed fixes will require relatively little modification to the SSH protocol or to SSH implementations. We believe that our new notions of privacy and integrity for encryption schemes with stateful decryption algorithms will be of independent interest.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Jee Hea An , Yevgeniy Dodis , Tal Rabin, On the Security of Joint Signature and Encryption, Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology, p.83-107, May 02, 2002
	2	Mihir Bellare , Anand Desai , Eron Jokipii , Phillip Rogaway, A Concrete Security Treatment of Symmetric Encryption, Proceedings of the 38th Annual Symposium on Foundations of Computer Science (FOCS '97), p.394, October 19-22, 1997
	3	Mihir Bellare , Joe Kilian , Phillip Rogaway, The Security of Cipher Block Chaining, Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology, p.341-358, August 21-25, 1994
	4	M. Bellare, T. Kohno, and C. Namprempre. Authenticated encryption in SSH: Provably fixing the SSH Binary Packet Protocol. Cryptology ePrint Archive, Report 2002/078, 2002. http://eprint.iacr.org/.
	5	Mihir Bellare , Chanathip Namprempre, Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm, Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, p.531-545, December 03-07, 2000
	6	Mihir Bellare , Phillip Rogaway, Encode-Then-Encipher Encryption: How to Exploit Nonces or Redundancy in Plaintexts for Efficient Cryptography, Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology, p.317-330, December 03-07, 2000
	7	S. Bellovin. Problem areas for the IP security protocols. In Proceedings of the 6th USENIX Security Symposium, San Jose, California, July 1996.
	8	S. Bellovin and M. Blaze. Cryptographic modes of operation for the internet. In Second NIST Workshop on Modes of Operation, 2001.
	9	Ran Canetti , Hugo Krawczyk, Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels, Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, p.453-474, May 06-10, 2001
	10	W. Dai. An attack against SSH2 protocol, Feb. 2002. Email to the ietf-ssh@netbsd.org email list.
	11	DES modes of operation. National Institute of Standards and Technology, NIST FIPS PUB 81, U.S. Department of Commerce, Dec. 1980.
	12	W. Diffie and M. E. Hellman. Privacy and authentication: An introduction to cryptography. Proceedings of the IEEE, 67(3):397--427, Mar. 1979.
	13	Virgil D. Gligor , Pompiliu Donescu, Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes, Revised Papers from the 8th International Workshop on Fast Software Encryption, p.92-108, April 02-04, 2001
	14	Oded Goldreich , Shafi Goldwasser , Silvio Micali, On the cryptographic applications of random functions, Proceedings of CRYPTO 84 on Advances in cryptology, p.276-288, August 1985, Santa Barbara, California, United States
	15	S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Science, 28:270--299, 1984.
	16	Chris Hall , Ian Goldberg , Bruce Schneider, Reaction Attacks against several Public-Key Cryptosystems, Proceedings of the Second International Conference on Information and Communication Security, p.2-12, November 09-11, 1999
	17	Internet Engineering Task Force. Secure Shell (secsh) charter, 2002. http://www.ietf.org/html.charters/secsh-charter.html.
	18	Charanjit S. Jutla, Encryption Modes with Almost Free Message Integrity, Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology, p.529-544, May 06-10, 2001
	19	Jonathan Katz , Moti Yung, Unforgeable Encryption and Chosen Ciphertext Secure Modes of Operation, Proceedings of the 7th International Workshop on Fast Software Encryption, p.284-299, April 10-12, 2000
	20	Hugo Krawczyk, The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?), Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, p.310-331, August 19-23, 2001
	21	H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-hashing for message authenticationa. IETF Internet Request for Comments 2104, Feb. 1997.
	22	H. Lipmaa, P. Rogaway, and D. Wagner. CTR-mode encryption. In First NIST Workshop on Modes of Operation, 2000.
	23	P. Rogaway. Problems with proposed IP cryptography, 1995. Available at http://www.cs.ucdavis.edu/ rogaway/papers/draft-rogaway-ipsec-comments-00.txt.
	24	Phillip Rogaway , Mihir Bellare , John Black , Ted Krovetz, OCB: a block-cipher mode of operation for efficient authenticated encryption, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA [doi>10.1145/501983.502011]
	25	D. X. Song, D. Wagner, and X. Tian. Timing analysis of keystrokes and timing attacks on SSH. In Tenth USENIX Security Symposium, 2001.
	26	S. Vaudenay. Security flaws induced by CBC padding -- applications to SSL, IPSEC, WTLS ....
	27	T. Ylonen. SSH --- Secure login connections over the Internet. In Sixth USENIX Security Symposium, 1996.
	28	T. Ylonen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen. SSH transport layer protocol, 2002. Draft 12, available at {17}.

CITED BY 3

	Emmanuel Bresson , Olivier Chevassut , David Pointcheval, Security proofs for an efficient password-based key exchange, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA
	Mihir Bellare , Tadayoshi Kohno , Chanathip Namprempre, Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the Encode-then-Encrypt-and-MAC paradigm, ACM Transactions on Information and System Security (TISSEC), v.7 n.2, p.206-241, May 2004
	Michael Backes , Birgit Pfitzmann , Michael Waidner, A composable cryptographic library with nested operations, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA