Plaintext Recovery Attacks against SSH

13 years 11 months ago

Download www.isg.rhul.ac.uk

This paper presents a variety of plaintext-recovering attacks against SSH. We implemented a proof of concept of our attacks against OpenSSH, where we can veriﬁably recover 14 bits of plaintext from an arbitrary block of ciphertext with probability 2−14 and 32 bits of plaintext from an arbitrary block of ciphertext with probability 2−18 . These attacks assume the default conﬁguration of a 128-bit block cipher operating in CBC mode. The paper explains why a combination of ﬂaws in the basic design of SSH leads implementations such as OpenSSH to be open to our attacks, why current provable security results for SSH do not cover our attacks, and how the attacks can be prevented in practice.

Martin R. Albrecht, Kenneth G. Paterson, Gaven J.

Real-time Traffic

128-bit Block Cipher | Arbitrary Block | Plaintext-recovering Attacks | Security Privacy | SP 2009 |

claim paper

» DifferentialLinear Attacks Against the Stream Cipher Phelix

» Statistical Attack on RC4 Distinguishing WPA

Post Info
More Details (n/a)

Added	21 May 2010
Updated	21 May 2010
Type	Conference
Year	2009
Where	SP
Authors	Martin R. Albrecht, Kenneth G. Paterson, Gaven J. Watson

Comments (0)

Sciweavers

Plaintext Recovery Attacks against SSH

128-bit Block Cipher | Arbitrary Block | Plaintext-recovering Attacks | Security Privacy | SP 2009 |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers