Presentation 2003/7/10
The Secure SHell's Vulnerability against Rollback Attacks
Toshiyuki KITO, Takamichi SAITO,
PDF Download Page PDF download Page Link
Abstract(in Japanese) (See Japanese page)
Abstract(in English) SSH (Secure SHell) is widely used as a software which can realize secure communication over insecure networks. SSH provides the usage of various encryption algorithms and the ways of user authentications for the harmony with the system of the past version. Also SSH1 and SSH2 are often used as one system for compatibility. In the case, we show that even if a user utilizes SSH2, she/he is forced to utilize the SSH1, the most weekest encryption algorithm and the password authentication. Moreover, as a more serious defect, even if SSH client tries to use public key for authentication in SSH1 and SSH2, the intruder can force to use password for authentication, when the intruder does Rollback attack in the case that he masquerades as the mirror server of the authorized one, she/he is connected by SSH client and does MITM (man in the middle) attack deceiving the authorized one. And it is newly found that the intruder can illegally deprive of user's password. In this paper, two kinds, five Rollback attacks are shown.
Keyword(in Japanese) (See Japanese page)
Keyword(in English) Security Protocol / Authentication Protocol / Rollback Attack / SSH / Vulnerability
Paper # ISEC2003-25
Date of Issue

Conference Information
Committee ISEC
Conference Date 2003/7/10(1days)
Place (in Japanese) (See Japanese page)
Place (in English)
Topics (in Japanese) (See Japanese page)
Topics (in English)
Chair
Vice Chair
Secretary
Assistant

Paper Information
Registration To Information Security (ISEC)
Language JPN
Title (in Japanese) (See Japanese page)
Sub Title (in Japanese) (See Japanese page)
Title (in English) The Secure SHell's Vulnerability against Rollback Attacks
Sub Title (in English)
Keyword(1) Security Protocol
Keyword(2) Authentication Protocol
Keyword(3) Rollback Attack
Keyword(4) SSH
Keyword(5) Vulnerability
1st Author's Name Toshiyuki KITO
1st Author's Affiliation TOSHIBA Corporation()
2nd Author's Name Takamichi SAITO
2nd Author's Affiliation Tokyo University of Technology
Date 2003/7/10
Paper # ISEC2003-25
Volume (vol) vol.103
Number (no) 195
Page pp.pp.-
#Pages 8
Date of Issue