Paper 2002/078
Breaking and Provably Repairing the SSH Authenticated Encryption Scheme: A Case Study of the Encode-then-Encrypt-and-MAC Paradigm
Mihir Bellare, Tadayoshi Kohno, and Chanathip Namprempre
Abstract
The Secure Shell (SSH) protocol is one of the most popular cryptographic protocols on the Internet. Unfortunately, the current SSH authenticated encryption mechanism is insecure. In this paper, we propose several fixes to the SSH protocol and, using techniques from modern cryptography, we prove that our modified versions of SSH meet strong new chosen-ciphertext privacy and integrity requirements. Furthermore, our proposed fixes will require relatively little modification to the SSH protocol and to SSH implementations. We believe that our new notions of privacy and integrity for encryption schemes with stateful decryption algorithms will be of independent interest.
Metadata
- Available format(s)
-
PDF
PS
- Category
- Cryptographic protocols
- Publication info
- Published elsewhere. To appear in ACM Transactions on Information and System Security, ACM, 2004. An extended abstract of this paper appeared in Ninth ACM Conference on Computer and Communications Security, ACM, 2002.
- Keywords
- Authenticated EncryptionSecure ShellSSHStateful DecryptionSecurity Proofs.
- Contact author(s)
- tkohno @ cs ucsd edu
- History
- 2004-03-30: last of 9 revisions
- 2002-06-18: received
- See all versions
- Short URL
- https://ia.cr/2002/078
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2002/078,
author = {Mihir Bellare and Tadayoshi Kohno and Chanathip Namprempre},
title = {Breaking and Provably Repairing the {SSH} Authenticated Encryption Scheme: A Case Study of the Encode-then-Encrypt-and-{MAC} Paradigm},
howpublished = {Cryptology {ePrint} Archive, Paper 2002/078},
year = {2002},
url = {https://eprint.iacr.org/2002/078}
}
