Plaintext Recovery Attacks against SSH
- 1 May 2009
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- No. 10816011,p. 16-26
- https://doi.org/10.1109/sp.2009.5
Abstract
This paper presents a variety of plaintext-recovering attacks against SSH. We implemented a proof of concept of our attacks against OpenSSH, where we can verifiably recover 14 bits of plaintext from an arbitrary block of ciphertext with probability 2-14 and 32 bits of plaintext from an arbitrary block of ciphertext with probability 2-18. These attacks assume the default configuration of a 128-bit block cipher operating in CBC mode. The paper explains why a combination of flaws in the basic design of SSH leads implementations such as OpenSSH to be open to our attacks, why current provable security results for SSH do not cover our attacks, and how the attacks can be prevented in practice.Keywords
This publication has 13 references indexed in Scilit:
- Immunising CBC Mode Against Padding Oracle Attacks: A Formal Security TreatmentPublished by Springer Nature ,2008
- Attacking the IPsec Standards in Encryption-only ConfigurationsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2007
- The Transport Layer Security (TLS) Protocol Version 1.1Published by RFC Editor ,2006
- Cryptography in Theory and Practice: The Case of Encryption in IPsecPublished by Springer Nature ,2006
- The Secure Shell (SSH) Connection ProtocolPublished by RFC Editor ,2006
- The Secure Shell (SSH) Protocol ArchitecturePublished by RFC Editor ,2006
- Breaking and provably repairing the SSH authenticated encryption schemeACM Transactions on Information and System Security, 2004
- Password Interception in a SSL/TLS ChannelPublished by Springer Nature ,2003
- Security Flaws Induced by CBC Padding — Applications to SSL, IPSEC, WTLS...Published by Springer Nature ,2002
- Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition ParadigmPublished by Springer Nature ,2000