Multi-ciphersuite security of the secure shell (SSH) protocol

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2014, Pages 369-381

  Bergsma, Florian ^a   Dowling, Benjamin ^b   Kohlar, Florian ^a   Schwenk, Jörg ^a   Stebila, Douglas ^b  

^a RUHR UNIVERSITY BOCHUM   (Germany)

^b QUEENSLAND UNIVERSITY OF TECHNOLOGY   (Australia)

Author keywords

Authenticated and confidential channel establishment; Cross protocol security; Key agility; Multiciphersuite; Secure Shell (SSH)

Indexed keywords

NETWORK SECURITY;

AUTHENTICATED AND CONFIDENTIAL CHANNEL ESTABLISHMENT; KEY AGILITY; MULTICIPHERSUITE; PROTOCOL SECURITY; SECURE SHELL; CIPHERSUITE;

INTERNET PROTOCOLS;

EID: 84910641096     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2660267.2660286     Document Type: Conference Paper

References (40)

1. M. R. Albrecht, K. G. Paterson, and G. J. Watson. Plaintext recovery attacks against SSH. In 2009 IEEE Symposium on Security and Privacy, pages 16-26. IEEE Computer Society Press, May 2009.
2. J. Alves-Foss. Multi-protocol attacks and the public key infrastructure. In Proc. 21st National Information Systems Security Conference, pages 566-576, October 1998.
3. R. J. Anderson and R. M. Needham. Robustness principles for public key protocols. In D. Coppersmith, editor, CRYPTO'95, volume 963 of LNCS, pages 236-247. Springer, Aug. 1995.
4. S. Andova, C. Cremers, K. Gjøsteen, S. Mauw, S. F. Mjølsnes, and S. Radomirović. A framework for compositional verification of security protocols. Information and Computation, 206:425-459, 2008.
5. G. Bela and I. Ignat. Verifying the independence of security protocols. In Proc. 2007 IEEE International Conference on Intelligent Computer Communication and Processing, pages 155-162. IEEE, 2007.
6. M. Bellare, T. Kohno, and C. Namprempre. Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the encode-then-encrypt-and-MAC paradigm. ACM Transactions on Information and System Security, 7(2):206-241, May 2004. Extended abstract published in ACM CCS 2002.
7. M. Bellare and P. Rogaway. Entity authentication and key distribution. In D. R. Stinson, editor, CRYPTO'93, volume 773 of LNCS, pages 232-249. Springer, Aug. 1993.
8. F. Bergsma, B. Dowling, F. Kohlar, J. Schwenk, and D. Stebila. Multi-ciphersuite security of the Secure Shell (SSH) protocol (full version). Cryptology ePrint Archive, Report 2013/813, 2014. http://eprint.iacr.org/.
9. K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti, and P.-Y. Strub. Implementing TLS with verified cryptographic security. In 2013 IEEE Symposium on Security and Privacy, pages 445-459. IEEE Computer Society Press, May 2013.
10. K. Bhargavan, C. Fournet, M. Kohlweiss, A. Pironti, P.-Y. Strub, and S. Zanella-Béguelin. Proving the TLS handshake secure (as it is). In J. A. Garay and R. Gennaro, editors, CRYPTO 2014, volume 8617 of LNCS, pages 235-255. Springer, 2014.
11. C. Brzuska, M. Fischlin, N. P. Smart, B. Warinschi, and S. C. Williams. Less is more: Relaxed yet composable security notions for key exchange. International Journal of Information Security, 12(4):267-297, August 2013.
12. R. Canetti. Universally composable security: A new paradigm for cryptographic protocols. In 42nd FOCS, pages 136-145. IEEE Computer Society Press, Oct. 2001.
13. R. Canetti and H. Krawczyk. Analysis of key-exchange protocols and their use for building secure channels. In B. Pfitzmann, editor, EUROCRYPT 2001, volume 2045 of LNCS, pages 453-474. Springer, May 2001.
14. R. Canetti, C. Meadows, and P. Syverson. Environmental requirements for authentication protocols. In M. Okada, B. C. Pierce, A. Scedrov, H. Tokuda, and A. Yonezawa, editors, Proc. Mext-NSF-JSPS Internaional Symposium on Software Security (ISSS)-Theories and Systems, Part 9, volume 2609 of LNCS, pages 339-355. Springer, 2002.
15. C. J. F. Cremers. Feasibility of multi-protocol attacks. In Proc. 1st International Conference on Availability, Reliability, and Security (ARES) 2006, pages 287-294. IEEE, 2006.
16. A. Datta, A. Derek, J. C. Mitchell, and D. Pavlovic. Secure protocol composition. Electronic Notes in Theoretical Computer Science, 83(15), 2004.
17. F. Giesen, F. Kohlar, and D. Stebila. On the security of TLS renegotiation. In A.-R. Sadeghi, V. D. Gligor, and M. Yung, editors, ACM CCS 13, pages 387-398. ACM Press, Nov. 2013.
18. J. D. Guttman and F. J. Thayer Fabrega. Protocol independence through disjoint encryption. In Proceedings 13th IEEE Computer Security Foundations Workshop (CSFW-13), pages 24-34. IEEE, 2000.
19. B. Harris. RSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol. RFC 4432 (Proposed Standard), Mar. 2006.
20. T. Jager, F. Kohlar, S. Schäge, and J. Schwenk. On the security of TLS-DHE in the standard model. In R. Safavi-Naini and R. Canetti, editors, CRYPTO 2012, volume 7417 of LNCS, pages 273-293. Springer, Aug. 2012.
21. T. Jager, K. G. Paterson, and J. Somorovsky. One bad apple: Backwards compatibility attacks on state-of-the-art cryptography. In Proc. Internet Society Network and Distributed System Security Symposium (NDSS) 2013, 2013.
22. J. Jonsson and B. S. Kaliski Jr. On the security of RSA encryption in TLS. In M. Yung, editor, CRYPTO 2002, volume 2442 of LNCS, pages 127-142. Springer, Aug. 2002.
23. J. Kelsey, B. Schneier, and D. Wagner. Protocol interactions and the chosen protocol attack. In B. Christianson, B. Crispo, M. Lomas, and M. Roe, editors, Proc. 5th International Workshop on Security Protocols, volume 1361 of LNCS, pages 91-104. Springer, 1997.
24. F. Kohlar, S. Schäge, and J. Schwenk. On the security of TLS-DH and TLS-RSA in the standard model. Cryptology ePrint Archive, Report 2013/367, 2013. http://eprint.iacr.org/2013/367.
25. H. Krawczyk. Cryptographic extraction and key derivation: The HKDF scheme. In T. Rabin, editor, CRYPTO 2010, volume 6223 of LNCS, pages 631-648. Springer, Aug. 2010.
26. H. Krawczyk, K. G. Paterson, and H. Wee. On the security of the TLS protocol: A systematic analysis. In R. Canetti and J. A. Garay, editors, CRYPTO 2013, Part I, volume 8042 of LNCS, pages 429-448. Springer, Aug. 2013.
27. B. A. LaMacchia, K. Lauter, and A. Mityagin. Stronger security of authenticated key exchange. In W. Susilo, J. K. Liu, and Y. Mu, editors, ProvSec 2007, volume 4784 of LNCS, pages 1-16. Springer, Nov. 2007.
28. N. Mavrogiannopoulos, F. Vercauteren, V. Velichkov, and B. Preneel. A cross-protocol attack on the TLS protocol. In T. Yu, G. Danezis, and V. D. Gligor, editors, ACM CCS 12, pages 62-72. ACM Press, Oct. 2012.
29. P. Morrissey, N. P. Smart, and B. Warinschi. A modular security analysis of the TLS handshake protocol. In J. Pieprzyk, editor, ASIACRYPT 2008, volume 5350 of LNCS, pages 55-73. Springer, Dec. 2008.
30. K. G. Paterson and G. J. Watson. Plaintext-dependent decryption: A formal security treatment of SSH-CTR. In H. Gilbert, editor, EUROCRYPT 2010, volume 6110 of LNCS, pages 345-361. Springer, May 2010.
31. P. Rogaway. Formalizing human ignorance. In P. Q. Nguyen, editor, Progress in Cryptology-VIETCRYPT 06, volume 4341 of LNCS, pages 211-228. Springer, Sept. 2006.
32. D. Stebila and J. Green. Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer. RFC 5656 (Proposed Standard), Dec. 2009.
33. F. J. Thayer Fabrega, J. Herzog, and J. D. Guttman. Mixed strand spaces. In Proceedings 12th IEEE Computer Security Foundations Workshop (CSFW-12), pages 72-82, 1999.
34. W.-G. Tzeng and C.-M. Hu. Inter-protocol interleaving attacks on some authentication and key distribution protocols. Information Processing Letters, 69(6):297-302, March 1999.
35. D. Wagner and B. Schneier. Analysis of the SSL 3.0 protocol. In Proc. 2nd USENIX Workshop on Electronic Commerce, 1996.
36. S. C. Williams. Analysis of the SSH key exchange protocol. Cryptology ePrint Archive, Report 2011/276, 2011. http://eprint.iacr.org/2011/276.
37. T. Ylonen and C. Lonvick. The Secure Shell (SSH) Authentication Protocol. RFC 4252 (Proposed Standard), Jan. 2006.
38. T. Ylonen and C. Lonvick. The Secure Shell (SSH) Connection Protocol. RFC 4254 (Proposed Standard), Jan. 2006.
39. T. Ylonen and C. Lonvick. The Secure Shell (SSH) Protocol Architecture. RFC 4251 (Proposed Standard), Jan. 2006.
40. T. Ylonen and C. Lonvick. The Secure Shell (SSH) Transport Layer Protocol. RFC 4253 (Proposed Standard), Jan. 2006. Updated by RFC 6668.