Skip to main content
SpringerLink
Log in

The Design and Implementation of Protocol-Based Hidden Key Recovery

  • Conference paper
Book cover Information Security (ISC 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2851))

Included in the following conference series:

Abstract

We show how to add key recovery to existing security protocols such as SSL/TLS and SSH without changing the protocol. Our key recovery designs possess the following novel features: (1) The Key recovery channels are “unfilterable” — the key recovery channels cannot be removed without also breaking correct operation of the protocol. (2) Protocol implementations containing our key recovery designs can inter-operate with standard (uncompromised) protocol implementations — the network traffic produced is indistinguishable from that produced by legitimate protocol implementations. (3) Keys are recovered in real time, hence most or all application data is recovered. (4) The key recovery channels exploit protocol features, rather than covert channels in encryption or signature algorithms.

Using these designs, we present practical key recovery attacks on the SSL/TLS and SSH 2 protocols. We implemented the attack on SSL/TLS using the OpenSSL library, a web browser, and a network sniffer. These tools allow us to eavesdrop on SSL/TLS connections from the browser to any server.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–45. Springer, Heidelberg (1998)

    Google Scholar 

  2. Blaze, M.: Protocol failure in the escrowed encryption standard. In: Proceedings of the 2nd ACM Conference on Computer and Communications Security, Nov. 1994, pp. 59–67. ACM Press, New York (1994)

    Chapter  Google Scholar 

  3. Canetti, R., Ostrovsky, R.: Secure computation with honest-looking parties: What if nobody is truly honest? In: Proceedings of the 31st Symposium on Theory of Computing, May 1999, pp. 255–264. ACM Press, New York (1999)

    Google Scholar 

  4. Denning, D.: Descriptions of key escrow systems. Technical report, Georgetown University (February 1997), http://www.cs.georgetown.edu/~denning/

  5. Denning, D., Smid, M.: Key escrowing today. IEEE Communications 32(9), 58–68 (1994)

    Article  Google Scholar 

  6. Desmedt, Y.: Abuses in cryptography and how to fight them. In: Goldwasser, S. (ed.) CRYPTO 1988. LNCS, vol. 403, pp. 375–389. Springer, Heidelberg (1988)

    Google Scholar 

  7. Desmedt, Y., Goutier, C., Bengio, S.: Special uses and abuses of the Fiat- Shamir passport protocol. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 21–39. Springer, Heidelberg (1987)

    Google Scholar 

  8. Dierks, T., Allen, C.: The TLS protocol. RFC 2246 (January 1999)

    Google Scholar 

  9. FBI. Carnivore diagnostic tool. http://www.fbi.gov/hq/lab/carnivore/carnivore.htm

  10. Freier, A., Karlton, P., Kocher, P.: The SSL protocol version 3.0 (November 1996), http://www.netscape.com/eng/ssl3/draft302.txt

  11. Ito, A.: w3m: text based browser, http://w3m.sourceforge.net/

  12. Kilian, J., Leighton, T.: Fair cryptosystems, revisited: A rigorous approach to key-escrow. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 208–221. Springer, Heidelberg (1995)

    Google Scholar 

  13. Kim, G.H., Spafford, E.H.: The design and implementation of Tripwire: A file system integrity checker. In: Proceedings of the 2nd ACM Conference on Computer and Communications Security, pp. 18–29. ACM Press, New York (1994)

    Chapter  Google Scholar 

  14. Lampson, B.: A note on the confinement problem. Communications of the ACM 16(10), 613–615 (1973)

    Article  Google Scholar 

  15. Menezes, A.J., Vanstone, S.A.: Elliptic curve cryptosystems and their implementations. Journal of Cryptology 6(4), 209–224 (1993)

    Article  MATH  MathSciNet  Google Scholar 

  16. National Institute of Standards and Technology. Security requirements for cryptographic modules. FIPS 140-2, NIST (June 2001), http://csrc.nist.gov/publications/fips/

  17. OpenSSL Project, http://www.openssl.org/

  18. Rescorla, E.: ssldump version 0.9b2, http://www.rtfm.com/ssldump/

  19. Scott, M.: MIRACL - Multiprecision Integer and Rational Arithmetic C/C++ Library v. 4.6, http://indigo.ie/~mscott/

  20. secsh IETF Working Group, http://www.ietf.org/html.charters/secshcharter.html

  21. Simmons, G.J.: The prisoners’ problem and the subliminal channel. In: Chaum, D. (ed.) Proceedings of Crypto 1983, August 1983, pp. 51–67. Plenum Press, New York (1983)

    Google Scholar 

  22. Simmons, G.J.: The subliminal channel and digital signatures. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) EUROCRYPT 1984. LNCS, vol. 209, pp. 364–378. Springer, Heidelberg (1984)

    Chapter  Google Scholar 

  23. Young, A., Yung, M.: The dark side of “black-box” cryptography, or: Should we trust Capstone. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996)

    Google Scholar 

  24. Young, A., Yung, M.: Kleptography: Using cryptography against cryptography. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 62–74. Springer, Heidelberg (1997)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Stanford University, USA

    Eu-Jin Goh, Dan Boneh & Philippe Golle

  2. HP Labs, USA

    Benny Pinkas

Authors
  1. Eu-Jin Goh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dan Boneh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Benny Pinkas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Philippe Golle
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Information Security Institute, Queensland University of Technology, GPO Box 2434, Qld 4001, Brisbane, Australia

    Colin Boyd

  2. Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, BS34 8QZ, Bristol, UK

    Wenbo Mao

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Goh, EJ., Boneh, D., Pinkas, B., Golle, P. (2003). The Design and Implementation of Protocol-Based Hidden Key Recovery. In: Boyd, C., Mao, W. (eds) Information Security. ISC 2003. Lecture Notes in Computer Science, vol 2851. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10958513_13

Download citation

  • DOI: https://doi.org/10.1007/10958513_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20176-2

  • Online ISBN: 978-3-540-39981-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation