Multi-ciphersuite security of the Secure Shell (SSH) protocol

Bergsma, Florian, Dowling, Benjamin, Kohlar, Florian, Schwenk, Jörg, & Stebila, Douglas (2014) Multi-ciphersuite security of the Secure Shell (SSH) protocol. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, ACM, Scottsdale, Arizona, pp. 369-381.

View at publisher


The Secure Shell (SSH) protocol is widely used to provide secure remote access to servers, making it among the most important security protocols on the Internet. We show that the signed-Diffie--Hellman SSH ciphersuites of the SSH protocol are secure: each is a secure authenticated and confidential channel establishment (ACCE) protocol, the same security definition now used to describe the security of Transport Layer Security (TLS) ciphersuites. While the ACCE definition suffices to describe the security of individual ciphersuites, it does not cover the case where parties use the same long-term key with many different ciphersuites: it is common in practice for the server to use the same signing key with both finite field and elliptic curve Diffie--Hellman, for example. While TLS is vulnerable to attack in this case, we show that SSH is secure even when the same signing key is used across multiple ciphersuites. We introduce a new generic multi-ciphersuite composition framework to achieve this result in a black-box way.

Impact and interest:

9 citations in Scopus
Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

103 since deposited on 17 Nov 2014
31 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 78683
Item Type: Conference Paper
Refereed: Yes
Additional URLs:
Keywords: Secure Shell (SSH), key agility, cross-protocol security, multi-ciphersuite, authenticated and confidential channel establishment
DOI: 10.1145/2660267.2660286
ISBN: 9781450329576
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > DATA FORMAT (080400) > Data Encryption (080402)
Divisions: Current > Institutes > Institute for Future Environments
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Copyright Owner: Copyright 2014 ACM
Deposited On: 17 Nov 2014 00:35
Last Modified: 25 Jun 2017 12:16

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page