Stealing secrets with SSL/TLS and SSH -: Kleptographic attacks

被引:0
|
作者
Golobiewski, Zbigniew [1 ]
Kutylowski, Miroslaw [1 ]
Zagorski, Filip [1 ]
机构
[1] Wroclaw Univ Technol, Inst Math & Comp Sci, Wroclaw, Poland
来源
CRYPTOLOGY AND NETWORK SECURITY, PROCEEDINGS | 2006年 / 4301卷
关键词
kleptography; SSL; TLS; SSH;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
We present very simple kleptographic attacks on SSL/TLS and SSH protocols. They enable a party, which has slightly manipulated the code of a cryptographic library, to steal secrets of the user. According to the scenario of the kleptographic attacks the secrets can be stolen only by a party having a secret key not included in the manipulated code. The attacker needs only to record transmissions. The messages transmitted are indistinguishable from the not manipulated ones (even for somebody that knows the kleptocode inserted). Therefore, detection of infected nodes based on communication analysis is much harder than in the case of classical subliminal channels. The problems are caused by certain design features of SSL/TLS and SSH protocols that make them vulnerable for a kleptographic attack. We propose changes of these protocols that make them immune against this threat while all previous security features remain preserved.
引用
收藏
页码:191 / +
页数:3
相关论文
共 50 条
  • [1] SSL/TLS Attacks: Analysis and Evaluation
    Eldewahi, Abeer E. W.
    Sharfi, Tasneem M. H.
    Mansor, Abdelhamid A.
    Mohamed, Nashwa A. F.
    Alwahbani, Samah M. H.
    [J]. 2015 INTERNATIONAL CONFERENCE ON COMPUTING, CONTROL, NETWORKING, ELECTRONICS AND EMBEDDED SYSTEMS ENGINEERING (ICCNEEE), 2015, : 203 - 208
  • [2] SoK: Lessons Learned from SSL/TLS Attacks
    Meyer, Christopher
    Schwenk, Joerg
    [J]. INFORMATION SECURITY APPLICATIONS, WISA 2013, 2014, 8267 : 189 - 209
  • [3] A comprehensive study on security attacks on SSL/TLS Protocol
    Sirohi, Preeti
    Agarwal, Amit
    Tyagi, Sapna
    [J]. PROCEEDINGS ON 2016 2ND INTERNATIONAL CONFERENCE ON NEXT GENERATION COMPUTING TECHNOLOGIES (NGCT), 2016, : 893 - 897
  • [4] Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH
    Bhargavan, Karthikeyan
    Leurent, Gaetan
    [J]. 23RD ANNUAL NETWORK AND DISTRIBUTED SYSTEM SECURITY SYMPOSIUM (NDSS 2016), 2016,
  • [5] Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks
    Meyer, Christopher
    Somorovsky, Juraj
    Weiss, Eugen
    Schwenk, Joerg
    Schinzel, Sebastian
    Tews, Erik
    [J]. PROCEEDINGS OF THE 23RD USENIX SECURITY SYMPOSIUM, 2014, : 733 - 748
  • [6] Unifying Kleptographic Attacks
    Teseleanu, George
    [J]. SECURE IT SYSTEMS, 2018, 11252 : 73 - 87
  • [7] Cliptography: Clipping the Power of Kleptographic Attacks
    Russell, Alexander
    Tang, Qiang
    Yung, Moti
    Zhou, Hong-Sheng
    [J]. ADVANCES IN CRYPTOLOGY - ASIACRYPT 2016, PT II, 2016, 10032 : 34 - 64
  • [8] Data Mining Approach for Detection of DDoS Attacks Utilizing SSL/TLS Protocol
    Zolotukhin, Mikhail
    Hamalainen, Timo
    Kokkonen, Tero
    Niemela, Antti
    Siltanen, Jarmo
    [J]. INTERNET OF THINGS, SMART SPACES, AND NEXT GENERATION NETWORKS AND SYSTEMS, 2015, 9247 : 274 - 285
  • [9] Resilient connections for SSH and TLS
    Koponen, Teemu
    Eronen, Pasi
    Sarela, Mikko
    [J]. USENIX ASSOCIATION PROCEEDINGS OF THE 2006 USENIX ANNUAL TECHNICAL CONFERENCE, 2006, : 329 - +
  • [10] Kleptographic Attacks on Elliptic Curve Cryptosystems
    Mohamed, Elsayed
    Elkamchouchi, Hassan
    [J]. INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2010, 10 (06): : 213 - 215
12345