Showing papers by "Tadayoshi Kohno published in 2002"

Authenticated encryption in SSH: provably fixing the SSH binary packet protocol

Abstract: The Secure Shell (SSH) protocol is one of the most popular cryptographic protocols on the Internet. Unfortunately, the current SSH authenticated encryption mechanism is insecure. In this paper we propose several fixes to the SSH protocol and, using techniques from modern cryptography, we prove that our modified versions of SSH meet strong new chosen-ciphertext privacy and integrity requirements. Furthermore, our proposed fixes will require relatively little modification to the SSH protocol or to SSH implementations. We believe that our new notions of privacy and integrity for encryption schemes with stateful decryption algorithms will be of independent interest.

Token-based scanning of source code for security problems

Abstract: We describe ITS4, a tool for statically scanning C and C++ source code for security vulnerabilities. Compared to other approaches, our scanning technique stakes out a new middle ground between accuracy and efficiency. This method is efficient enough to offer real-time feedback to developers during coding while producing few false negatives. Unlike other techniques, our method is also simple enough to scan C++ code despite the complexities inherent in the language. Using ITS4, we found new remotely exploitable vulnerabilities in a widely distributed software package as well as in a major piece of e-commerce software.We also describe functionality in more recent tools modeled after ITS4, and discuss algorithms that could easily be used to augment these kinds of tools. Particularly, we describe a solution we have prototyped that allows for more rigorous analysis of C and C++ source code, without failing to analyze parts of the program due to preprocessor conditionals.

Related-Key and Key-Collision Attacks Against RMAC

Abstract: In (JJV02) Jaulmes, Joux, and Valette propose a new ran­ domized message authentication scheme, called RMAC, which NIST is currently in the process of standardizing (NIS02). In this work we present several attacks against RMAC. The attacks are based on a new protocol- level related-key attack against RMAC and can be considered variants of Biham's key-collision attack (Bih02). These attacks provide insights into the RMAC design. We believe that the protocol-level related-key attack is of independent interest.

Provably Fixing the SSH Binary Packet Protocol

Abstract: The Secure Shell (SSH) protocol is one of the most popular cryptographic protocols on the Internet. Unfortunately, the current SSH authenticated encryption mechanism is insecure. In this paper we propose several fixes to the SSH protocol and, using techniques from modern cryptography, we prove that our modified versions of SSH meet strong new chosen-ciphertext privacy and integrity requirements. Furthermore, our proposed fixes will require relatively little modification to the SSH protocol (or to SSH implementations). We believe that our new notions of privacy and integrity for encryption schemes with stateful decryption algorithms will be of independent interest.

On the Global Content PMI: Improved Copy-Protected Internet Content Distribution

Abstract: This article addresses a problem with copy-protecting a large collection of electronic content. The notion and severity of a generic attack are raised in the context of Adams and Zuccherato's Privilege Management Infrastructure. A solution is then proposed that reduces a content distributor's risk of piracy.

Breaking and Provably Repairing the SSH Authenticated Encryption Scheme: A Case Study of the Encode-then-Encrypt-and-MAC Paradigm.

Abstract: The Secure Shell (SSH) protocol is one of the most popular cryptographic protocols on the Internet. Unfortunately, the current SSH authenticated encryption mechanism is insecure. In this paper, we propose several fixes to the SSH protocol and, using techniques from modern cryptography, we prove that our modified versions of SSH meet strong new chosen-ciphertext privacy and integrity requirements. Furthermore, our proposed fixes will require relatively little modification to the SSH protocol and to SSH implementations. We believe that our new notions of privacy and integrity for encryption schemes with stateful decryption algorithms will be of independent interest.