Abstract
We show how to add key recovery to existing security protocols such as SSL/TLS and SSH without changing the protocol. Our key recovery designs possess the following novel features: (1) The Key recovery channels are “unfilterable” — the key recovery channels cannot be removed without also breaking correct operation of the protocol. (2) Protocol implementations containing our key recovery designs can inter-operate with standard (uncompromised) protocol implementations — the network traffic produced is indistinguishable from that produced by legitimate protocol implementations. (3) Keys are recovered in real time, hence most or all application data is recovered. (4) The key recovery channels exploit protocol features, rather than covert channels in encryption or signature algorithms.
Using these designs, we present practical key recovery attacks on the SSL/TLS and SSH 2 protocols. We implemented the attack on SSL/TLS using the OpenSSL library, a web browser, and a network sniffer. These tools allow us to eavesdrop on SSL/TLS connections from the browser to any server.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)
Blaze, M.: Protocol failure in the escrowed encryption standard. In: Proceedings of the 2nd ACM Conference on Computer and Communications Security, Nov. 1994, pp. 59–67. ACM Press, New York (1994)
Canetti, R., Ostrovsky, R.: Secure computation with honest-looking parties: What if nobody is truly honest? In: Proceedings of the 31st Symposium on Theory of Computing, May 1999, pp. 255–264. ACM Press, New York (1999)
Denning, D.: Descriptions of key escrow systems. Technical report, Georgetown University (February 1997), http://www.cs.georgetown.edu/~denning/
Denning, D., Smid, M.: Key escrowing today. IEEE Communications 32(9), 58–68 (1994)
Desmedt, Y.: Abuses in cryptography and how to fight them. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 375–389. Springer, Heidelberg (1988)
Desmedt, Y., Goutier, C., Bengio, S.: Special uses and abuses of the Fiat- Shamir passport protocol. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1987)
Dierks, T., Allen, C.: The TLS protocol. RFC 2246 (January 1999)
FBI. Carnivore diagnostic tool. http://www.fbi.gov/hq/lab/carnivore/carnivore.htm
Freier, A., Karlton, P., Kocher, P.: The SSL protocol version 3.0 (November 1996), http://www.netscape.com/eng/ssl3/draft302.txt
Ito, A.: w3m: text based browser, http://w3m.sourceforge.net/
Kilian, J., Leighton, T.: Fair cryptosystems, revisited: A rigorous approach to key-escrow. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 208–221. Springer, Heidelberg (1995)
Kim, G.H., Spafford, E.H.: The design and implementation of Tripwire: A file system integrity checker. In: Proceedings of the 2nd ACM Conference on Computer and Communications Security, pp. 18–29. ACM Press, New York (1994)
Lampson, B.: A note on the confinement problem. Communications of the ACM 16(10), 613–615 (1973)
Menezes, A.J., Vanstone, S.A.: Elliptic curve cryptosystems and their implementations. Journal of Cryptology 6(4), 209–224 (1993)
National Institute of Standards and Technology. Security requirements for cryptographic modules. FIPS 140-2, NIST (June 2001), http://csrc.nist.gov/publications/fips/
OpenSSL Project, http://www.openssl.org/
Rescorla, E.: ssldump version 0.9b2, http://www.rtfm.com/ssldump/
Scott, M.: MIRACL - Multiprecision Integer and Rational Arithmetic C/C++ Library v. 4.6, http://indigo.ie/~mscott/
secsh IETF Working Group, http://www.ietf.org/html.charters/secshcharter.html
Simmons, G.J.: The prisoners’ problem and the subliminal channel. In: Chaum, D. (ed.) Proceedings of Crypto 1983, August 1983, pp. 51–67. Plenum Press, New York (1983)
Simmons, G.J.: The subliminal channel and digital signatures. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) EUROCRYPT 1984. LNCS, vol. 209, pp. 364–378. Springer, Heidelberg (1984)
Young, A., Yung, M.: The dark side of “black-box” cryptography, or: Should we trust Capstone. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996)
Young, A., Yung, M.: Kleptography: Using cryptography against cryptography. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 62–74. Springer, Heidelberg (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Goh, EJ., Boneh, D., Pinkas, B., Golle, P. (2003). The Design and Implementation of Protocol-Based Hidden Key Recovery. In: Boyd, C., Mao, W. (eds) Information Security. ISC 2003. Lecture Notes in Computer Science, vol 2851. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10958513_13
Download citation
DOI: https://doi.org/10.1007/10958513_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20176-2
Online ISBN: 978-3-540-39981-0
eBook Packages: Springer Book Archive