Presentation | 2003/7/10 The Secure SHell's Vulnerability against Rollback Attacks Toshiyuki KITO, Takamichi SAITO, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | SSH (Secure SHell) is widely used as a software which can realize secure communication over insecure networks. SSH provides the usage of various encryption algorithms and the ways of user authentications for the harmony with the system of the past version. Also SSH1 and SSH2 are often used as one system for compatibility. In the case, we show that even if a user utilizes SSH2, she/he is forced to utilize the SSH1, the most weekest encryption algorithm and the password authentication. Moreover, as a more serious defect, even if SSH client tries to use public key for authentication in SSH1 and SSH2, the intruder can force to use password for authentication, when the intruder does Rollback attack in the case that he masquerades as the mirror server of the authorized one, she/he is connected by SSH client and does MITM (man in the middle) attack deceiving the authorized one. And it is newly found that the intruder can illegally deprive of user's password. In this paper, two kinds, five Rollback attacks are shown. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | Security Protocol / Authentication Protocol / Rollback Attack / SSH / Vulnerability |
Paper # | ISEC2003-25 |
Date of Issue |
Conference Information | |
Committee | ISEC |
---|---|
Conference Date | 2003/7/10(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Information Security (ISEC) |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | The Secure SHell's Vulnerability against Rollback Attacks |
Sub Title (in English) | |
Keyword(1) | Security Protocol |
Keyword(2) | Authentication Protocol |
Keyword(3) | Rollback Attack |
Keyword(4) | SSH |
Keyword(5) | Vulnerability |
1st Author's Name | Toshiyuki KITO |
1st Author's Affiliation | TOSHIBA Corporation() |
2nd Author's Name | Takamichi SAITO |
2nd Author's Affiliation | Tokyo University of Technology |
Date | 2003/7/10 |
Paper # | ISEC2003-25 |
Volume (vol) | vol.103 |
Number (no) | 195 |
Page | pp.pp.- |
#Pages | 8 |
Date of Issue |