Chapter

Plaintext-Dependent Decryption: A Formal Security Treatment of SSH-CTR

05/2010; DOI:10.1007/978-3-642-13190-5_18 pp.345-361

ABSTRACT This paper presents a formal security analysis of SSH in counter mode in a security model that accurately captures the capabilities
of real-world attackers, as well as security-relevant features of the SSH specifications and the OpenSSH implementation of
SSH. Under reasonable assumptions on the block cipher and MAC algorithms used to construct the SSH Binary Packet Protocol
(BPP), we are able to show that the SSH BPP meets a strong and appropriate notion of security: indistinguishability under
buffered, stateful chosen-ciphertext attacks. This result helps to bridge the gap between the existing security analysis of
the SSH BPP by Bellare et al. and the recently discovered attacks against the SSH BPP by Albrecht et al. which partially invalidate that analysis.

KeywordsSSH-counter mode-security proof

0 0
 · 
0 Bookmarks
 · 
31 Views
Data provided are for informational purposes only. Although carefully collected, accuracy cannot be guaranteed. The impact factor represents a rough estimation of the journal's impact factor and does not reflect the actual current impact factor. Publisher conditions are provided by RoMEO. Differing provisions from the publisher's actual policy or licence agreement may be applicable.

Full-text

View
0 Downloads
Available from

Keywords

al
 
Albrecht
 
appropriate notion
 
block cipher
 
counter mode
 
existing security analysis
 
formal security analysis
 
invalidate
 
KeywordsSSH-counter mode-security proof
 
MAC algorithms
 
OpenSSH implementation
 
paper presents
 
real-world attackers
 
reasonable assumptions
 
security model
 
security-relevant features
 
SSH
 
SSH BPP
 
SSH specifications
 
stateful chosen-ciphertext attacks