The Dark Side of "Black-Box" Cryptography, or: Should We Trust Capstone?
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Bandwidth-Optimal Kleptographic Attacks
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Secret-Ballot Receipts: True Voter-Verifiable Elections
IEEE Security and Privacy
Kleptography: using cryptography against cryptography
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Kleptographic attacks on e-voting schemes
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Malicious cryptography: kleptographic aspects
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Space-efficient kleptography without random oracles
IH'07 Proceedings of the 9th international conference on Information hiding
Lagrangian e-voting: verifiability on demand and strong privacy
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Kleptography from standard assumptions and applications
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Hi-index | 0.00 |
We present very simple kleptographic attacks on SSL/TLS and SSH protocols. They enable a party, which has slightly manipulated the code of a cryptographic library, to steal secrets of the user. According to the scenario of the kleptographic attacks the secrets can be stolen only by a party having a secret key not included in the manipulated code. The attacker needs only to record transmissions. The messages transmitted are indistinguishable from the not manipulated ones (even for somebody that knows the kleptocode inserted). Therefore, detection of infected nodes based on communication analysis is much harder than in the case of classical subliminal channels. The problems are caused by certain design features of SSL/TLS and SSH protocols that make them vulnerable for a kleptographic attack. We propose changes of these protocols that make them immune against this threat while all previous security features remain preserved.