Filters








86 Hits in 6.0 sec

Authenticated encryption in SSH

Mihir Bellare, Tadayoshi Kohno, Chanathip Namprempre
2002 Proceedings of the 9th ACM conference on Computer and communications security - CCS '02  
The Secure Shell (SSH) protocol is one of the most popular cryptographic protocols on the Internet. Unfortunately, the current SSH authenticated encryption mechanism is insecure.  ...  In this paper we propose several fixes to the SSH protocol and, using techniques from modern cryptography, we prove that our modified versions of SSH meet strong new chosen-ciphertext privacy and integrity  ...  The second author thanks the USENIX Association for a Student Grant supporting his earlier work with SSH.  ... 
doi:10.1145/586111.586112 fatcat:4nndki2vibav7no6v26vym3x24

Authenticated encryption in SSH

Mihir Bellare, Tadayoshi Kohno, Chanathip Namprempre
2002 Proceedings of the 9th ACM conference on Computer and communications security - CCS '02  
The Secure Shell (SSH) protocol is one of the most popular cryptographic protocols on the Internet. Unfortunately, the current SSH authenticated encryption mechanism is insecure.  ...  In this paper we propose several fixes to the SSH protocol and, using techniques from modern cryptography, we prove that our modified versions of SSH meet strong new chosen-ciphertext privacy and integrity  ...  The second author thanks the USENIX Association for a Student Grant supporting his earlier work with SSH.  ... 
doi:10.1145/586110.586112 dblp:conf/ccs/BellareKN02 fatcat:44fxpb2jmbeydai74tdi5xfcta

Breaking and provably repairing the SSH authenticated encryption scheme

Mihir Bellare, Tadayoshi Kohno, Chanathip Namprempre
2004 ACM Transactions on Privacy and Security  
The Secure Shell (SSH) protocol is one of the most popular cryptographic protocols on the Internet. Unfortunately, the current SSH authenticated encryption mechanism is insecure.  ...  In this paper, we propose several fixes to the SSH protocol and, using techniques from modern cryptography, we prove that our modified versions of SSH meet strong new chosen-ciphertext privacy and integrity  ...  Kohno thanks the USENIX Association for a Student Grant supporting his earlier work with SSH.  ... 
doi:10.1145/996943.996945 fatcat:zzsfk3tvgvf35lb2a4qdte7axi

Plaintext Recovery Attacks against SSH

Martin R. Albrecht, Kenneth G. Paterson, Gaven J. Watson
2009 2009 30th IEEE Symposium on Security and Privacy  
The paper explains why a combination of flaws in the basic design of SSH leads implementations such as OpenSSH to be open to our attacks, why current provable security results for SSH do not cover our  ...  attacks, and how the attacks can be prevented in practice.  ...  We thank the anonymous referees for their many constructive comments on the paper.  ... 
doi:10.1109/sp.2009.5 dblp:conf/sp/AlbrechtPW09 fatcat:nbha7b57vvef3paxnpwbgxlxw4

Plaintext-Dependent Decryption: A Formal Security Treatment of SSH-CTR [chapter]

Kenneth G. Paterson, Gaven J. Watson
2010 Lecture Notes in Computer Science  
Under reasonable assumptions on the block cipher and MAC algorithms used to construct the SSH Binary Packet Protocol (BPP), we are able to show that the SSH BPP meets a strong and appropriate notion of  ...  This paper presents a formal security analysis of SSH in counter mode in a security model that accurately captures the capabilities of real-world attackers, as well as security-relevant features of the  ...  SSH Binary Packet Protocol The SSH Binary Packet Protocol (BPP) is defined in RFC 4253 [13] .  ... 
doi:10.1007/978-3-642-13190-5_18 fatcat:uvyorpf4ozg2dl2hi2praeschm

Analysis of the SSH Key Exchange Protocol [chapter]

Stephen C. Williams
2011 Lecture Notes in Computer Science  
We provide an analysis of the widely deployed SSH protocol's key exchange mechanism. We exploit the design of the SSH key exchange to perform our analysis in a modular manner.  ...  We define models, following well-established paradigms, that clarify the security provided by each type of key. Previously, there has been no formal analysis of the SSH key exchange protocol.  ...  Their work focused on the Binary Packet Protocol (BPP) of SSH and assumed keys had already been securely established.  ... 
doi:10.1007/978-3-642-25516-8_22 fatcat:aqhb422tzvhjbmaotjbfzgltse

Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH [article]

Eric Crockett, Christian Paquin, Douglas Stebila
2019 IACR Cryptology ePrint Archive  
In this paper, we explore how two major Internet security protocols, the Transport Layer Security (TLS) and Secure Shell (SSH) protocols, can be adapted to use post-quantum cryptography.  ...  First, we examine various design considerations for integrating post-quantum and hybrid key exchange and authentication into communications protocols generally, and in TLS and SSH specifically.  ...  The PQ algorithm implementations used in the experiments are directly or indirectly from the original NIST submission teams.  ... 
dblp:journals/iacr/CrockettPS19 fatcat:imdatrvccbe5jgkfd4jq56znmm

Security of Symmetric Encryption in the Presence of Ciphertext Fragmentation [chapter]

Alexandra Boldyreva, Jean Paul Degabriele, Kenneth G. Paterson, Martijn Stam
2012 Lecture Notes in Computer Science  
In recent years, a number of standardized symmetric encryption schemes have fallen foul of attacks exploiting the fact that in some real world scenarios ciphertexts can be delivered in a fragmented fashion  ...  We extend the SSH-specific work of Paterson and Watson (Eurocrypt 2010) to develop security models for the fragmented setting.  ...  The SSH Binary Packet Protocol and the TLS Record Protocol both adopt this approach. This mechanism has recently received attention from differing perspectives [16, 18] .  ... 
doi:10.1007/978-3-642-29011-4_40 fatcat:d47cn3cazjfkdmhxvd4cfnagea

Protocol misidentification made easy with format-transforming encryption

Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, Thomas Shrimpton
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
protocol based on packet contents.  ...  In this paper, we provide the first comprehensive evaluation of a large set of DPI systems from the point of view of protocol misidentification attacks, in which adversaries on the network attempt to force  ...  DPI systems work by inspecting the contents of packets to find indicators of the protocol being used, such as fixed header values.  ... 
doi:10.1145/2508859.2516657 dblp:conf/ccs/DyerCRS13 fatcat:zb26htdownes5fccucydz5qlx4

A Performance Analysis of Authentication Using Covert Timing Channels [chapter]

Reed Newman, Raheem Beyah
2008 Lecture Notes in Computer Science  
Authentication over a network is an important and difficult problem. Accurately determining the authenticity of a node or user is critical in maintaining the security of a network.  ...  While our technique increases the time required for data to be transferred, we show that the throughput of the link during the brief authentication window is decreased by no more than 8% in a switched  ...  In [11] , provable upper bounds are set on the number of packets required to confidently detect encrypted stepping stone streams with proven guarantees of a low false positive rate.  ... 
doi:10.1007/978-3-540-79549-0_13 fatcat:kmkfc2itffbelj4s3b3p5bx7ja

RSA, DH, and DSA in the Wild [article]

Nadia Heninger
2022 IACR Cryptology ePrint Archive  
Martijn Stam for organizing and kitten-herding the editing of this wonderful book.  ...  Acknowledgements I am grateful to Shaanan Cohney, Matthew Green, Paul Kocher, Daniel Moghimi, Keegan Ryan and the anonymous reviewers for helpful suggestions, anecdotes and feedback, and to Joppe Bos and  ...  Unfortunately, the protocol was insecure against chosen ciphertext attacks because it did not authenticate the symmetric encryption properly [GGK + 16].  ... 
dblp:journals/iacr/Heninger22 fatcat:g24spdzscbdn7ojc3fvx7it7cy

Security of Symmetric Encryption against Mass Surveillance [chapter]

Mihir Bellare, Kenneth G. Paterson, Phillip Rogaway
2014 Lecture Notes in Computer Science  
In the second category we show how to design symmetric encryption schemes that avoid such attacks and meet our notion of security.  ...  In the first category we show that successful (from the point of view of big brother) ASAs may be mounted on a large class of common symmetric encryption schemes.  ...  The specification requires this 8-byte value to be unique for each TLS record encrypted under a fixed key, and suggests that the TLS Record Protocol sequence number may be used.  ... 
doi:10.1007/978-3-662-44371-2_1 fatcat:k7wqqsx3mffyvkooo7ttgoairy

A survey of covert channels and countermeasures in computer network protocols

Sebastian Zander, Grenville Armitage, Philip Branch
2007 IEEE Communications Surveys and Tutorials  
The huge amount of data and vast number of different protocols in the Internet seems ideal as a high-bandwidth vehicle for covert communication.  ...  This article is a survey of the existing techniques for creating covert channels in widely deployed network and application protocols.  ...  ACKNOWLEDGMENTS We thank Nigel Williams and the anonymous reviewers for their valuable comments, which greatly helped improve the article.  ... 
doi:10.1109/comst.2007.4317620 fatcat:vw2ow6ehrbcf3f3ry65xntriha

FPGA-based Digital Quantum Coprocessor

Valerii Hlukhov, Lviv Polytechnic National University, Computer Engineering Department, Bohdan Havano
2018 Advances in Cyber-Physical Systems  
Perfect Forward Secrecy: An attribute of a security protocol that means that temporary/ephemeral cryptographic keys are used in the protocol so that if an adversary breaks the keys and can listen to traffic  ...  Message Authentication Code: A short code that is computed on some information using a key. The code can be used to check the integrity and authenticity of the information.  ...  the protocol-specification documents for SSH. 4.5.3 Technical concerns for SSH There also exists a possibility, even with a quantum-safe suite of algorithms in the SSH protocol, that via SSH proxy forwarding  ... 
doi:10.23939/acps2018.02.067 fatcat:7txboogyr5f5vgc5c5zzbovv34

Combining message encryption and authentication

Wojciech Oszywa, Rafał Gliwa
2011 Annales UMCS Informatica  
Finally we mention the importance of provable security theory in the security of authenticated encryption modes  ...  We analyze what are the advantages and disadvantages of different AE constructions. In the third part of the paper we focus on nonce § based authenticated encryption modes.  ...  The WEP protocol uses an integrity checksum field to ensure that packets do not get modified in transit.  ... 
doi:10.2478/v10065-011-0010-y fatcat:77kbsjuq2rfv3lpi3be5ha2h64
« Previous Showing results 1 — 15 out of 86 results