Skip to main content
SpringerLink
Log in
Book cover

IMA International Conference on Cryptography and Coding

IMACC 2011: Cryptography and Coding pp 356–374Cite as

Analysis of the SSH Key Exchange Protocol

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7089))

Abstract

We provide an analysis of the widely deployed SSH protocol’s key exchange mechanism. We exploit the design of the SSH key exchange to perform our analysis in a modular manner. First, a shared secret key is obtained via a Diffie-Hellman key exchange. Next, a transform is applied to obtain the application keys used by later stages of SSH. We define models, following well-established paradigms, that clarify the security provided by each type of key. Previously, there has been no formal analysis of the SSH key exchange protocol. We provide a modular proof of security for the SSH shared secret and application keys. We show that although the shared secret key exchanged by SSH is not indistinguishable, the transformation then applied yields indistinguishable application keys. Our proofs use random oracles to model the hash function used within SSH.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abdalla, M., Chevassut, O., Pointcheval, D.: One-Time Verifier-Based Encrypted Key Exchange. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 47–64. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  2. Albrecht, M., Paterson, K., Watson, G.: Plaintext recovery attacks against SSH. In: IEEE Symposium on Security and Privacy, pp. 16–26. IEEE Computer Society (2009)

    Google Scholar 

  3. Bellare, M., Canetti, R., Krawczyk, H.: A modular approach to the design and analysis of authentication and key exchange protocols. In: Proceedings of the 13th Annual ACM Symposium on Theory of Computing, pp. 419–428. ACM (1998)

    Google Scholar 

  4. Bellare, M., Kohno, T., Namprempre, C.: Breaking and provably repairing the SSH authenticated encryption scheme: A case study of the encode-then-encrypt-and-MAC paradigm. ACM Transactions on Information and Systems Security 7(2), 206–241 (2004)

    Article  MATH  Google Scholar 

  5. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated Key Exchange Secure against Dictionary Attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  6. Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  7. Bellare, M., Rogaway, P.: Provably secure session key distribution: The three party case. In: 27th Symposium on Theory of Computing – STOC 1995, pp. 57–66. ACM (1995)

    Google Scholar 

  8. Blake-Wilson, S., Johnson, D., Menezes, A.: Key Agreement Protocols and their Security Analysis. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997)

    Google Scholar 

  9. Blake-Wilson, S., Menezes, A.: Entity Authentication and Authenticated Key Transport Protocols Employing Asymmetric Techniques. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 137–158. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  10. Bresson, E., Chevassut, O., Pointcheval, D.: Provably Authenticated Group Diffie–Hellman Key Exchange - the Dynamic Case. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 290–309. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  11. Canetti, R., Krawczyk, H.: Analysis of Key Exchange Protocols and their use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  12. Canetti, R., Krawczyk, H.: Universally Composable Notions of Key Exchange and Secure Channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  13. Choo, K.-K.R., Boyd, C., Hitchcock, Y.: Examining Indistinguishability-Based Proof Models for Key Establishment Protocols. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 585–604. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  14. Dai, W.: An attack against SSH2 protocol E-mail to the SECSH Working Group (February 6, 2002), ftp://ftp.ietf.org/ietf-mail-archive/secsh/2002-02.mail

  15. Diffie, W., Oorschot, P.V., Wiener, M.: Authentication and authenticated key exchanges. Designs, Codes and Cryptography 2(2), 107–125 (1992)

    Article  MathSciNet  Google Scholar 

  16. Kudla, C.: Special signature schemes and key agreement protocols, PhD Thesis, Royal Holloway University of London (2006)

    Google Scholar 

  17. Kudla, C., Paterson, K.G.: Modular Security Proofs for Key Agreement Protocols. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 549–565. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  18. Morrissey, P., Smart, N., Warinschi, B.: The TLS handshake protocol: A modular analysis. Journal of Cryptology 23(2), 187–223 (2010)

    Article  MATH  MathSciNet  Google Scholar 

  19. Paterson, K.G., Stebila, D.: One-Time-Password-Authenticated Key Exchange. In: Steinfeld, R., Hawkes, P. (eds.) ACISP 2010. LNCS, vol. 6168, pp. 264–281. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  20. Paterson, K., Watson, G.: Plaintext-Dependent Decryption: A Formal Security Treatment of SSH-CTR. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 345–361. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  21. Shoup, V.: On formal models for secure key exchange (version 4) (1999) (preprint)

    Google Scholar 

  22. Ylonen, T., Lonvick, C.: The secure shell (SSH) protocol architecture (2006) RFC 4251

    Google Scholar 

  23. Ylonen, T., Lonvick, C.: The secure shell (SSH) authentication protocol (2006) RFC 4252

    Google Scholar 

  24. Ylonen, T., Lonvick, C.: The secure shell (SSH) transport layer protocol (2006) RFC 4253

    Google Scholar 

  25. Ylonen, T., Lonvick, C.: The secure shell (SSH) connection protocol (2006) RFC 4254

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. BAE Systems Detica, Gloucester Business Park, Gloucester, GL3 4AB, United Kingdom

    Stephen C. Williams

Authors
  1. Stephen C. Williams
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hewlett-Packard Laboratories, UK

    Liqun Chen

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Williams, S.C. (2011). Analysis of the SSH Key Exchange Protocol. In: Chen, L. (eds) Cryptography and Coding. IMACC 2011. Lecture Notes in Computer Science, vol 7089. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25516-8_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-25516-8_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-25515-1

  • Online ISBN: 978-3-642-25516-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation