Filters








50 Hits in 3.1 sec

Multi-Ciphersuite Security of the Secure Shell (SSH) Protocol

Florian Bergsma, Benjamin Dowling, Florian Kohlar, Jörg Schwenk, Douglas Stebila
2014 Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security - CCS '14  
We show that the signed-Diffie-Hellman SSH ciphersuites of the SSH protocol are secure: each is a secure authenticated and confidential channel establishment (ACCE) protocol, the same security definition  ...  The Secure Shell (SSH) protocol is widely used to provide secure remote access to servers, making it among the most important security protocols on the Internet.  ...  Acknowledgements The authors gratefully acknowledge helpful discussions with Tibor Jager. The research leading to these results has received funding from the European Community (  ... 
doi:10.1145/2660267.2660286 dblp:conf/ccs/BergsmaDKSS14 fatcat:rmycihwfobh5fmlqc3f46zrqwm

Modelling Ciphersuite and Version Negotiation in the TLS Protocol [chapter]

Benjamin Dowling, Douglas Stebila
2015 Lecture Notes in Computer Science  
In this paper we extend the ACCE model to cover protocols with many different sub-protocols, capturing both multiple ciphersuites and multiple versions, and define a security notion for secure negotiation  ...  Real-world cryptographic protocols such as the widely used Transport Layer Security (TLS) protocol support many different combinations of cryptographic algorithms (called ciphersuites) and simultaneously  ...  [20] developed an ACCE-based model for multi-ciphersuite security and showed that the Secure Shell (SSH) protocol is multi-ciphersuite security, though the Mavrogiannopolous et al. attack rules out  ... 
doi:10.1007/978-3-319-19962-7_16 fatcat:y26fm2arrrcu5mtnt2hxdkl4ye

Downgrade Resilience in Key-Exchange Protocols

Karthikeyan Bhargavan, Christina Brzuska, Cedric Fournet, Matthew Green, Markulf Kohlweiss, Santiago Zanella-Beguelin
2016 2016 IEEE Symposium on Security and Privacy (SP)  
Key-exchange protocols such as TLS, SSH, IPsec, and ZRTP are highly congurable, with typical deployments supporting multiple protocol versions, cryptographic algorithms and parameters.  ...  Third, we combine these ndings to dene downgrade security, and analyze the conditions under which several protocols achieve it.  ...  The TLS 1.3 downgrade countermeasures were formulated in collaboration with Eric Rescorla, Martin Thomson, and the TLS working group. Bhargavan is funded by the ERC grants CRYSP and CIRCUS.  ... 
doi:10.1109/sp.2016.37 dblp:conf/sp/BhargavanBF0KB16 fatcat:r6en3klrojbuxkc7aekyehmk6m

Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem

Joppe W. Bos, Craig Costello, Michael Naehrig, Douglas Stebila
2015 2015 IEEE Symposium on Security and Privacy  
But Bergsma et al. do show that signed-Diffie-Hellman ciphersuites in SSH are multi-ciphersuite secure.  ...  It is safe to reuse the same long-term signing with other compatible multi-ciphersuite secure ACCE protocols, including signed-Diffie-Hellman ciphersuites in SSH and a hypothetical future version of signed-DH  ... 
doi:10.1109/sp.2015.40 dblp:conf/sp/BosCNS15 fatcat:b4tg74fd6vbppdq7d23j77kipq

On the security of TLS renegotiation

Florian Giesen, Florian Kohlar, Douglas Stebila
2013 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security - CCS '13  
The Transport Layer Security (TLS) protocol is the most widely used security protocol on the Internet.  ...  Despite its widespread use, only recently has the full TLS protocol been proven secure, and only the core cryptographic protocol with no additional features.  ...  Acknowledgements The authors gratefully acknowledge discussions with Colin Boyd, Cas Cremers, Kenny Paterson, Jörg Schwenk, and the authors of the SCSV/RIE countermeasure [31] , and the advice of anonymous  ... 
doi:10.1145/2508859.2516694 dblp:conf/ccs/GiesenKS13 fatcat:caqi4zpmwfhdjf2mnq5xuxlrom

A messy state of the union

Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub, Jean Karim Zinzindohoue
2017 Communications of the ACM  
Implementations of the Transport Layer Security (TLS) protocol must handle a variety of protocol versions and extensions, authentication modes, and key exchange methods.  ...  We present the first verified implementation of a composite TLS state machine in C that can be embedded into OpenSSL and accounts for all its supported ciphersuites.  ...  ACKNOWLEDGMENT The authors would like to thank Matthew Green, Nadia Heninger, Santiago Zanella-Béguelin, the ZMap team, and the CADO-NFS team for their help with evaluating and exploiting 3 http://trust-in-soft.com  ... 
doi:10.1145/3023357 fatcat:626sx5odgzhm5cr7ocyito6zfe

A Messy State of the Union: Taming the Composite State Machines of TLS

Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cedric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub, Jean Karim Zinzindohoue
2015 2015 IEEE Symposium on Security and Privacy  
Implementations of the Transport Layer Security (TLS) protocol must handle a variety of protocol versions and extensions, authentication modes, and key exchange methods.  ...  We present the first verified implementation of a composite TLS state machine in C that can be embedded into OpenSSL and accounts for all its supported ciphersuites.  ...  ACKNOWLEDGMENT The authors would like to thank Matthew Green, Nadia Heninger, Santiago Zanella-Béguelin, the ZMap team, and the CADO-NFS team for their help with evaluating and exploiting FREAK.  ... 
doi:10.1109/sp.2015.39 dblp:conf/sp/BeurdoucheBDFKP15 fatcat:fwc4pnr2kvf2pd6g6w7ds3k4m4

Circuit-extension handshakes for Tor achieving forward secrecy in a quantum world

John M. Schanck, William Whyte, Zhenfei Zhang
2016 Proceedings on Privacy Enhancing Technologies  
In doing so, we refine the notion of an authenticated and confidential channel establishment (ACCE) protocol and define pre-quantum, transitional, and post-quantum ACCE security.  ...  Finally, we instantiate our protocol with NTRU-Encrypt and provide a performance comparison between ntor, our proposal, and the recent design of Ghosh and Kate.  ...  Acknowledgements We are very grateful to Nick Mathewson and other members of the Tor community for their input on Tor proposal #263.  ... 
doi:10.1515/popets-2016-0037 dblp:journals/popets/SchanckWZ16 fatcat:eylhs2de3nbbhguptw5te376he

FPGA-based Digital Quantum Coprocessor

Valerii Hlukhov, Lviv Polytechnic National University, Computer Engineering Department, Bohdan Havano
2018 Advances in Cyber-Physical Systems  
Perfect Forward Secrecy: An attribute of a security protocol that means that temporary/ephemeral cryptographic keys are used in the protocol so that if an adversary breaks the keys and can listen to traffic  ...  Network Infrastructure: The software and hardware that makes up a network, allowing multi-user communication, and distributed processes, applications and services.  ...  Its security/integrity properties are dependent upon those defined within the initial algorithm negotiation of the Transport Layer Protocol. 4.5.2 Recommendations for quantum-safe SSH The SSH protocol  ... 
doi:10.23939/acps2018.02.067 fatcat:7txboogyr5f5vgc5c5zzbovv34

Multibyte microarchitectural data sampling and its application to session key extraction attacks

Youngjoo Shin
2021 IEEE Access  
The  ...  Recently developed versions of secure protocols, such as TLS 1.3 and SSH-2, support AES-GCM (Galois Counter Mode) as authenticated encryption in their ciphersuite.  ...  EXTRACTING SESSION KEYS OF NETWORK PROTOCOLS Secure network protocols such as TLS and SSH allow remote entities (e.g., clients and servers) to communicate securely with each other over insecure networks  ... 
doi:10.1109/access.2021.3085395 fatcat:m2igpcy7pncq5de7ey62hkgbaa

Cryptographic vulnerabilities in real-life web servers

Eman Salem Alashwali
2013 2013 Third International Conference on Communications and Information Technology (ICCIT)  
This paper examines the security of real-life Internet servers using the most popular Secure Socket Layer (SSL) protocol to ensure secure connections.  ...  This allowed us to see how different key sizes are adopted, how many servers are using weak keys and which countries are quicker to adopt secure keys.  ...  The SSL Handshake Protocol is responsible for negotiating the ciphersuite (cryptographic algorithms and key lengths) options between the client and the server and allows one or both parties to authenticate  ... 
doi:10.1109/iccitechnology.2013.6579513 fatcat:z2ujprekdjdm3ienpfgcq24vga

Clusters of Re-used Keys [article]

Stephen Farrell
2018 IACR Cryptology ePrint Archive  
We survey the long-term cryptographic public keys, (for SSH, e-mail and HTTP protocols), on hosts that run the SMTP protocol in ten countries.  ...  Clearly, such key re-use can create undesirable security and privacy dependencies between cluster members.  ...  Thanks to: David Malone for help with understanding some clusters; Mike Bishop for the point about HSMs remote from the rack; Richard Clayton and Alexander Vetterl for the honeynets point and data.  ... 
dblp:journals/iacr/Farrell18 fatcat:ngeofrvdejdspo6cssuyd4kqtu

Secure Modular Password Authentication for the Web Using Channel Bindings [chapter]

Mark Manulis, Douglas Stebila, Nick Denham
2014 Lecture Notes in Computer Science  
, where the two protocols are bound together using the transcript of the secure channel's handshake, the server's certificate, or the server's domain name, results in a secure PACCE protocol.  ...  Such protocols are useful in practice for a variety of reasons: security no longer relies on users' ability to validate server certificates and can potentially be implemented with no modifications to the  ...  ACCE seems to be the most suitable for describing the security requirements of real-world secure channel protocols such as TLS [23, [29] [30] [31] and SSH [12] , and so it is natural to adapt it to  ... 
doi:10.1007/978-3-319-14054-4_11 fatcat:kmxlimojqncvnecamwtm46akye

Secure modular password authentication for the web using channel bindings

Mark Manulis, Douglas Stebila, Franziskus Kiefer, Nick Denham
2016 International Journal of Information Security  
, where the two protocols are bound together using the transcript of the secure channel's handshake, the server's certificate, or the server's domain name, results in a secure PACCE protocol.  ...  Such protocols are useful in practice for a variety of reasons: security no longer relies on users' ability to validate server certificates and can potentially be implemented with no modifications to the  ...  ACCE seems to be the most suitable for describing the security requirements of real-world secure channel protocols such as TLS [23, [29] [30] [31] and SSH [12] , and so it is natural to adapt it to  ... 
doi:10.1007/s10207-016-0348-7 fatcat:qrmhnpop2ze2fkzznmpl3jnmcu

The Dangers of Key Reuse: Practical Attacks on IPsec IKE

Dennis Felsch, Martin Grothe, Jörg Schwenk, Adam Czubak, Marcin Szymanek
2018 USENIX Security Symposium  
For key establishment, the IKE (Internet Key Exchange) protocol is used.  ...  We found Bleichenbacher oracles in the IKEv1 implementations of Cisco (CVE-2018-0131), Huawei (CVE-2017-17305), Clavister (CVE-2018-8753), and ZyXEL (CVE-2018-9129).  ...  This paper is based in part upon work in the research projects SyncEnc and VERTRAG, which are funded by the German Federal Ministry of Education and Research (BMBF, FKZ: 16KIS0412K and 13N13097), as well  ... 
dblp:conf/uss/FelschGSCS18 fatcat:rkvgz5cpojbzbohyjii6azz5mq
« Previous Showing results 1 — 15 out of 50 results