Skip to main content
Conference ProceedingsOPEN ACCESS

Plaintext-dependent decryption: A formal security treatment of SSH-CTR

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2010) 6110 LNCS 345-361
DOI: 10.1007/978-3-642-13190-5_18
21Citations
Citations of this article
37Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

This paper presents a formal security analysis of SSH in counter mode in a security model that accurately captures the capabilities of real-world attackers, as well as security-relevant features of the SSH specifications and the OpenSSH implementation of SSH. Under reasonable assumptions on the block cipher and MAC algorithms used to construct the SSH Binary Packet Protocol (BPP), we are able to show that the SSH BPP meets a strong and appropriate notion of security: indistinguishability under buffered, stateful chosen-ciphertext attacks. This result helps to bridge the gap between the existing security analysis of the SSH BPP by Bellare et al. and the recently discovered attacks against the SSH BPP by Albrecht et al. which partially invalidate that analysis. © 2010 Springer-Verlag.

Author supplied keywords

Cite

CITATION STYLE

APA

Paterson, K. G., & Watson, G. J. (2010). Plaintext-dependent decryption: A formal security treatment of SSH-CTR. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6110 LNCS, pp. 345–361). https://doi.org/10.1007/978-3-642-13190-5_18

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free