[Resource Topic] 2002/078: Breaking and Provably Repairing the SSH Authenticated Encryption Scheme: A Case Study of the Encode-then-Encrypt-and-MAC Paradigm

Welcome to the resource topic for 2002/078

Title:
Breaking and Provably Repairing the SSH Authenticated Encryption Scheme: A Case Study of the Encode-then-Encrypt-and-MAC Paradigm

Authors: Mihir Bellare, Tadayoshi Kohno, Chanathip Namprempre

Abstract:

The Secure Shell (SSH) protocol is one of the most popular
cryptographic protocols on the Internet. Unfortunately, the current
SSH authenticated encryption mechanism is insecure. In this paper, we
propose several fixes to the SSH protocol and, using techniques from
modern cryptography, we prove that our modified versions of SSH meet
strong new chosen-ciphertext privacy and integrity requirements.
Furthermore, our proposed fixes will require relatively little
modification to the SSH protocol and to SSH implementations. We
believe that our new notions of privacy and integrity for encryption
schemes with stateful decryption algorithms will be of independent
interest.

ePrint: https://eprint.iacr.org/2002/078

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .