Stealing Secrets with SSL/TLS and SSH – Kleptographic Attacks

Zbigniew Gołȩbiewski, Mirosław Kutyłowski and Filip Zagórski

View Related Documents

Book Chapter
Bandwidth-Optimal Kleptographic Attacks
Adam Young and Moti Yung
Lecture Notes in Computer Science, 2001, Volume 2162, Cryptographic Hardware and Embedded Systems — CHES 2001, Pages 235-250
- Download PDF (173.5 KB)
Book Chapter
Kleptographic Attacks on E-Voting Schemes
Marcin Gogolewski, Marek Klonowski, Przemysław Kubiak, Mirosław Kutyłowski and Anna Lauks, et al.
Lecture Notes in Computer Science, 2006, Volume 3995, Emerging Trends in Information and Communication Security, Pages 494-508
- Download PDF (441.3 KB)
Book Chapter
The prevalence of kleptographic attacks on discrete-log based cryptosystems
Adam Young and Moti Yung
Lecture Notes in Computer Science, 1997, Volume 1294, Advances in Cryptology — CRYPTO '97, Pages 264-276
- Download PDF (711.1 KB)
Book Chapter
Practical Uses of Virtual Machines for Protection of Sensitive User Data
Peter C. S. Kwan and Glenn Durfee
Lecture Notes in Computer Science, 2007, Volume 4464, Information Security Practice and Experience, Pages 145-161
- Download PDF (303.5 KB)
Book Chapter
Password-Authenticated Key Exchange Based on RSA
Philip MacKenzie, Sarvar Patel and Ram Swaminathan
Lecture Notes in Computer Science, 2000, Volume 1976, Advances in Cryptology — ASIACRYPT 2000, Pages 599-613
- Download PDF (228.0 KB)
Book Chapter
Anti-counterfeiting Using Memory Spots
Helen Balinsky, Edward McDonnell, Liqun Chen and Keith Harrison
Lecture Notes in Computer Science, 2009, Volume 5746, Information Security Theory and Practice. Smart Devices, Pervasive Systems, and Ubiquitous Networks, Pages 52-67
- Download PDF (250.7 KB)
Book Chapter
Hardware Security Features for Secure Embedded Devices
Helena Handschuh and Elena Trichina
2006, ISSE 2006 — Securing Electronic Busines Processes, Part 1, Pages 38-44
- Download PDF (461.7 KB)
Book Chapter
On the Cryptographic Key Secrecy of the Strengthened Yahalom Protocol
Michael Backes and Birgit Pfitzmann
IFIP International Federation for Information Processing, 2006, Volume 201, Security and Privacy in Dynamic Environments, Pages 233-245
- Download PDF (823.4 KB)
Book Chapter
A Cryptographically Sound Dolev-Yao Style Security Proof of the Otway-Rees Protocol
Michael Backes
Lecture Notes in Computer Science, 2004, Volume 3193, Computer Security – ESORICS 2004, Pages 89-108
- Download PDF (330.1 KB)
Book Chapter
Game-Based Criterion Partition Applied to Computational Soundness of Adaptive Security
M. Daubignard, R. Janvier, Y. Lakhnech and L. Mazaré
Lecture Notes in Computer Science, 2007, Volume 4691, Formal Aspects in Security and Trust, Pages 47-64
- Download PDF (564.5 KB)

Abstract

We present very simple kleptographic attacks on SSL/TLS and SSH protocols. They enable a party, which has slightly manipulated the code of a cryptographic library, to steal secrets of the user. According to the scenario of the kleptographic attacks the secrets can be stolen only by a party having a secret key not included in the manipulated code. The attacker needs only to record transmissions. The messages transmitted are indistinguishable from the not manipulated ones (even for somebody that knows the kleptocode inserted). Therefore, detection of infected nodes based on communication analysis is much harder than in the case of classical subliminal channels.

The problems are caused by certain design features of SSL/TLS and SSH protocols that make them vulnerable for a kleptographic attack. We propose changes of these protocols that make them immune against this threat while all previous security features remain preserved.

Keywords kleptography - SSL - TLS - SSH

Partially supported by Polish Committee for Scientific Research grant 3 T11C 011 26.

Fulltext Preview

Image of the first page of the fulltext document

Frequently asked questions General info on journals and books Send us your feedback Impressum Contact us

SpringerLink

Stealing Secrets with SSL/TLS and SSH – Kleptographic Attacks

View Related Documents

Abstract

Fulltext Preview