{"id":"https://openalex.org/W2533081245","doi":"https://doi.org/10.1145/2976749.2978364","title":"A Surfeit of SSH Cipher Suites","display_name":"A Surfeit of SSH Cipher Suites","publication_year":2016,"publication_date":"2016-10-24","ids":{"openalex":"https://openalex.org/W2533081245","doi":"https://doi.org/10.1145/2976749.2978364","mag":"2533081245"},"language":"en","primary_location":{"id":"doi:10.1145/2976749.2978364","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2976749.2978364","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5066696423","display_name":"M. Albrecht","orcid":"https://orcid.org/0000-0003-1835-052X"},"institutions":[{"id":"https://openalex.org/I184558857","display_name":"Royal Holloway University of London","ror":"https://ror.org/04g2vpn86","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I184558857"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Martin R. Albrecht","raw_affiliation_strings":["Royal Holloway, University of London, Egham, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Royal Holloway, University of London, Egham, United Kingdom","institution_ids":["https://openalex.org/I184558857"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035000097","display_name":"Jean Paul Degabriele","orcid":null},"institutions":[{"id":"https://openalex.org/I184558857","display_name":"Royal Holloway University of London","ror":"https://ror.org/04g2vpn86","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I184558857"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Jean Paul Degabriele","raw_affiliation_strings":["Royal Holloway, University of London, Egham, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Royal Holloway, University of London, Egham, United Kingdom","institution_ids":["https://openalex.org/I184558857"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5036448914","display_name":"Torben Brandt Hansen","orcid":null},"institutions":[{"id":"https://openalex.org/I184558857","display_name":"Royal Holloway University of London","ror":"https://ror.org/04g2vpn86","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I184558857"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Torben Brandt Hansen","raw_affiliation_strings":["Royal Holloway, University of London, Egham, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Royal Holloway, University of London, Egham, United Kingdom","institution_ids":["https://openalex.org/I184558857"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072987600","display_name":"Kenneth G. Paterson","orcid":"https://orcid.org/0000-0002-5145-4489"},"institutions":[{"id":"https://openalex.org/I184558857","display_name":"Royal Holloway University of London","ror":"https://ror.org/04g2vpn86","country_code":"GB","type":"education","lineage":["https://openalex.org/I124357947","https://openalex.org/I184558857"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Kenneth G. Paterson","raw_affiliation_strings":["Royal Holloway, University of London, Egham, United Kingdom"],"affiliations":[{"raw_affiliation_string":"Royal Holloway, University of London, Egham, United Kingdom","institution_ids":["https://openalex.org/I184558857"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5066696423"],"corresponding_institution_ids":["https://openalex.org/I184558857"],"apc_list":null,"apc_paid":null,"fwci":5.1417,"has_fulltext":false,"cited_by_count":26,"citation_normalized_percentile":{"value":0.95816592,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1480","last_page":"1491"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10951","display_name":"Cryptographic Implementations and Security","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10237","display_name":"Cryptography and Data Security","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11181","display_name":"Advanced Data Storage Technologies","score":0.9962000250816345,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7081969976425171},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.6773268580436707},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.632509171962738},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5632151365280151},{"id":"https://openalex.org/keywords/authenticated-encryption","display_name":"Authenticated encryption","score":0.44242948293685913},{"id":"https://openalex.org/keywords/cryptography","display_name":"Cryptography","score":0.43833550810813904},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.4367062747478485},{"id":"https://openalex.org/keywords/mathematical-proof","display_name":"Mathematical proof","score":0.43473124504089355},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.3738084137439728},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.2652064561843872},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.20373046398162842},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.16449537873268127}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7081969976425171},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.6773268580436707},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.632509171962738},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5632151365280151},{"id":"https://openalex.org/C128619300","wikidata":"https://www.wikidata.org/wiki/Q15263584","display_name":"Authenticated encryption","level":3,"score":0.44242948293685913},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.43833550810813904},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.4367062747478485},{"id":"https://openalex.org/C108710211","wikidata":"https://www.wikidata.org/wiki/Q11538","display_name":"Mathematical proof","level":2,"score":0.43473124504089355},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.3738084137439728},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.2652064561843872},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.20373046398162842},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.16449537873268127},{"id":"https://openalex.org/C2524010","wikidata":"https://www.wikidata.org/wiki/Q8087","display_name":"Geometry","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2976749.2978364","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2976749.2978364","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.7300000190734863,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G2505040309","display_name":null,"funder_award_id":"EP/M013472/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"}],"funders":[{"id":"https://openalex.org/F4320314707","display_name":"Government of the United Kingdom","ror":"https://ror.org/05wnh3t63"},{"id":"https://openalex.org/F4320334627","display_name":"Engineering and Physical Sciences Research Council","ror":"https://ror.org/0439y7842"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W13103650","https://openalex.org/W1514489116","https://openalex.org/W1576185228","https://openalex.org/W1656028867","https://openalex.org/W1656385624","https://openalex.org/W1763079358","https://openalex.org/W1855109561","https://openalex.org/W2096218735","https://openalex.org/W2106847401","https://openalex.org/W2108855216","https://openalex.org/W2114398364","https://openalex.org/W2122144036","https://openalex.org/W2122650430","https://openalex.org/W2138779530","https://openalex.org/W2156819075","https://openalex.org/W2163005041","https://openalex.org/W2170822045","https://openalex.org/W2186223146","https://openalex.org/W2254524800","https://openalex.org/W2784431073","https://openalex.org/W2894206380","https://openalex.org/W6600519307","https://openalex.org/W6680516727","https://openalex.org/W6692900590"],"related_works":["https://openalex.org/W2808944898","https://openalex.org/W3196207352","https://openalex.org/W2951724202","https://openalex.org/W3084261076","https://openalex.org/W1996614773","https://openalex.org/W4387820098","https://openalex.org/W2576399385","https://openalex.org/W2963408011","https://openalex.org/W4236324517","https://openalex.org/W1586813864"],"abstract_inverted_index":{"This":[0],"work":[1],"presents":[2],"a":[3,85,94,129,174],"systematic":[4],"analysis":[5],"of":[6,40,75,111,131,164,179,228],"symmetric":[7],"encryption":[8,149,212],"modes":[9],"for":[10,27,145,160,189,207],"SSH":[11,41,148,191],"that":[12,67,90,99,185,219,239],"are":[13,68,91,126],"in":[14,44,55,104,122,169,213],"use":[15,173],"on":[16,36,97],"the":[17,72,101,109,116,132,137,180,190],"Internet,":[18],"providing":[19],"deployment":[20,33],"statistics,":[21],"new":[22,95],"attacks,":[23,235],"and":[24,47,51,155,176,204,233,236],"security":[25,143,183,229],"proofs":[26,158,172,200],"widely":[28],"used":[29],"modes.":[30],"We":[31],"report":[32],"statistics":[34],"based":[35],"two":[37],"Internet-wide":[38],"scans":[39],"servers":[42,66,89,121],"conducted":[43],"late":[45],"2015":[46],"early":[48],"2016.":[49],"Dropbear":[50,120],"OpenSSH":[52,65,88,105],"implementations":[53],"dominate":[54],"our":[56,59,123],"scans.":[57],"From":[58],"first":[60,124],"scan,":[61],"we":[62,83,140,216],"found":[63,84],"130,980":[64],"still":[69],"vulnerable":[70,92,127],"to":[71,93,107,128,210],"CBC-mode-specific":[73],"attack":[74,96,110],"Albrecht":[76,112],"et":[77,113,195,244],"al.":[78,114,196,245],"(IEEE":[79],"S&P":[80],"2009),":[81],"while":[82],"further":[86],"20,000":[87],"CBC-mode":[98,134,211],"bypasses":[100],"counter-measures":[102],"introduced":[103],"5.2":[106],"defeat":[108],"At":[115],"same":[117],"time,":[118],"886,449":[119],"scan":[125],"variant":[130],"original":[133],"attack.":[135],"On":[136],"positive":[138],"side,":[139],"provide":[141,201],"formal":[142],"analyses":[144],"other":[146],"popular":[147],"modes,":[150],"namely":[151],"ChaCha20-Poly1305,":[152],"generic":[153],"Encrypt-then-MAC,":[154],"AES-GCM.":[156],"Our":[157,171],"hold":[159],"detailed":[161],"pseudo-code":[162],"descriptions":[163],"these":[165,208,220],"algorithms":[166],"as":[167],"implemented":[168],"OpenSSH.":[170],"corrected":[175],"extended":[177],"version":[178],"\"fragmented":[181],"decryption\"":[182],"model":[184],"was":[186],"specifically":[187],"developed":[188],"setting":[192],"by":[193,242],"Boldyreva":[194,243],"(Eurocrypt":[197],"2012).":[198],"These":[199],"strong":[202],"confidentiality":[203],"integrity":[205],"guarantees":[206],"alternatives":[209,221],"SSH.":[214],"However,":[215],"also":[217],"show":[218],"do":[222],"not":[223],"meet":[224],"additional,":[225],"desirable":[226],"notions":[227],"(boundary-hiding":[230],"under":[231],"passive":[232],"active":[234],"denial-of-service":[237],"resistance)":[238],"were":[240],"formalised":[241]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2020,"cited_by_count":5},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":6},{"year":2017,"cited_by_count":4}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}