Stealing Secrets with SSL/TLS and SSH – Kleptographic Attacks

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4301)


We present very simple kleptographic attacks on SSL/TLS and SSH protocols. They enable a party, which has slightly manipulated the code of a cryptographic library, to steal secrets of the user. According to the scenario of the kleptographic attacks the secrets can be stolen only by a party having a secret key not included in the manipulated code. The attacker needs only to record transmissions. The messages transmitted are indistinguishable from the not manipulated ones (even for somebody that knows the kleptocode inserted). Therefore, detection of infected nodes based on communication analysis is much harder than in the case of classical subliminal channels.

The problems are caused by certain design features of SSL/TLS and SSH protocols that make them vulnerable for a kleptographic attack. We propose changes of these protocols that make them immune against this threat while all previous security features remain preserved.


kleptography SSL TLS SSH 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Allen, C., Dierks, T.: The TLS Protocol. Version 1.0. Informational RFC 2246, IETF, Network Working Group (1999)Google Scholar
  2. 2.
    Chaum, D.: Secret-ballot receipts: True voter-verifiable elections. IEEE Security and Privacy Magazine 2(1), 38–47 (2004)CrossRefGoogle Scholar
  3. 3.
    Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol. Version 1.1. Informational RFC 4346, IETF, Network Working Group (2006)Google Scholar
  4. 4.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976), zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Gogolewski, M., Klonowski, M., Kubiak, P., Kutyłowski, M., Lauks, A., Zagórski, F.: Kleptographic attacks on e-voting schemes. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 494–508. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Gogolewski, M., Klonowski, M., Kubiak, P., Kutyłowski, M., Lauks, A., Zagórski, F.: Kleptographic attacks on e-voting schemes. In: Proc. of the Workshop on Electronic Voting and e-Government in the UK, February 27-28, pp. 49–57. e-Science Institute, Edinburgh (2006)Google Scholar
  7. 7.
    Goh, E.-J., Boneh, D., Pinkas, B., Golle, P.: The design and implementation of protocol-based hidden key recovery. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 165–179. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Kucner, D., Kutyłowski, M.: Stochastic kleptography detection. In: Proceedings of the International Conference. Stefan Banach International Mathematical Center, 2000, pp. 137–149. Walter de Gruyter & Co., Berlin (2001)Google Scholar
  9. 9.
    Kucner, D., Kutyłowski, M.: How to use un-trusty cryptographic devices. Tatra Mountains Mathematical Publications 29, 57–67 (2004)zbMATHMathSciNetGoogle Scholar
  10. 10.
    Ylonen, T.: The Secure Shell (SSH) Transport Layer Protocol. Informational RFC 4253, IETF, Network Working Group (2006)Google Scholar
  11. 11.
    Young, A., Yung, M.: The dark side of ”black-box” cryptography, or: Should we trust capstone? In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 89–103. Springer, Heidelberg (1996)Google Scholar
  12. 12.
    Young, A., Yung, M.: Kleptography: Using cryptography against cryptography. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 62–74. Springer, Heidelberg (1997)Google Scholar
  13. 13.
    Young, A., Yung, M.: Bandwidth-optimal kleptographic attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 235–250. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Young, A., Yung, M.: Malicious cryptography: Kleptographic aspects. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 7–18. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  1. 1.Institute of Mathematics and Computer ScienceWrocław University of Technology 

Personalised recommendations