Stealing secrets with SSL/TLS and SSH – kleptographic attacks

Authors:
Zbigniew Gołȩbiewski;Mirosław Kutyłowski;Filip Zagórski
Affiliations:
Institute of Mathematics and Computer Science, Wrocław University of Technology;Institute of Mathematics and Computer Science, Wrocław University of Technology;Institute of Mathematics and Computer Science, Wrocław University of Technology
Venue:
CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security
Year:
2006

Citing 6
Cited 3

The Dark Side of "Black-Box" Cryptography, or: Should We Trust Capstone?

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Bandwidth-Optimal Kleptographic Attacks

CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Secret-Ballot Receipts: True Voter-Verifiable Elections

IEEE Security and Privacy
Kleptography: using cryptography against cryptography

EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Kleptographic attacks on e-voting schemes

ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Malicious cryptography: kleptographic aspects

CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology

Space-efficient kleptography without random oracles

IH'07 Proceedings of the 9th international conference on Information hiding
Lagrangian e-voting: verifiability on demand and strong privacy

TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Kleptography from standard assumptions and applications

SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present very simple kleptographic attacks on SSL/TLS and SSH protocols. They enable a party, which has slightly manipulated the code of a cryptographic library, to steal secrets of the user. According to the scenario of the kleptographic attacks the secrets can be stolen only by a party having a secret key not included in the manipulated code. The attacker needs only to record transmissions. The messages transmitted are indistinguishable from the not manipulated ones (even for somebody that knows the kleptocode inserted). Therefore, detection of infected nodes based on communication analysis is much harder than in the case of classical subliminal channels. The problems are caused by certain design features of SSL/TLS and SSH protocols that make them vulnerable for a kleptographic attack. We propose changes of these protocols that make them immune against this threat while all previous security features remain preserved.