Das Paper „On the Security of SSH Client Signatures” von Fabian Bäumer, Marcus Brinkmann, Maximilian Radoy (Uni Paderborn), Jörg Schwenk, Juraj Somorovsky (Uni Paderborn) hat auf der ACM CCS 2025 einen Distinguished Paper Award gewonnen. Die renommierte Konferenz fand vom 13-17 Oktober 2025 in Taipei, Taiwan statt. In ihrer Arbeit „On the Security of SSH Client Signatures“ analysieren die Forscher die Sicherheit von SSH-Client-Schlüsseln und -Signaturen und legen eine spezifische Schwachstelle in PuTTY (CVE-2024-31497) offen.
On the Security of SSH Client Signatures Fabian Bäumer (Ruhr University Bochum), Marcus Brinkmann (Ruhr University Bochum), Maximilian Radoy (Paderborn University), Jörg Schwenk (Ruhr University Bochum), Juraj Somorovsky (Paderborn University)
Abstract: Administrators and developers use SSH client keys and signatures for authentication, for example, to access internet backbone servers or to commit new code on platforms like GitHub. However, unlike servers, SSH clients cannot be measured through internet scans. We close this gap in two steps. First, we collect SSH client public keys. Such keys are regularly published by their owners on open development platforms like GitHub and GitLab. We systematize previous non-academic work by subjecting these keys to various security tests in a longitudinal study. Second, in a series of black-box lab experiments, we analyze the implementations of algorithms for SSH client signatures in 24 popular SSH clients for Linux, Windows, and macOS. We extracted 31,622,338 keys from three public sources in two scans. Compared to previous work, we see a clear tendency to abandon RSA signatures in favor of EdDSA signatures. Still, in January 2025, we found 98 broken short keys, 139 keys generated from weak randomness, and 149 keys with common or small factors—the large majority of the retrieved keys exposed no weakness. Weak randomness can not only compromise a secret key through its public key, but also through signatures. It is well-known that a bias in random nonces in ECDSA can reveal the secret key through public signatures. For the first time, we show that the use of deterministic nonces in ECDSA can also be dangerous: The private signing key of a PuTTY client can be recovered from just 58 valid signatures if ECDSA with NIST curve P-521 is used. PuTTY acknowledged our finding in CVE-2024-31497, and they subsequently replaced the nonce generation algorithm.
Folgende Paper von HGI/CASA-Wissenschaftler*innen wurden ebenfalls auf der Konferenz vorgestellt:
Noise and Stress Don’t Help With Learning: A Qualitative Study to Inform Design of Effective Cybersecurity Awareness in Manufacturing Environments Lina Brunken (Ruhr University Bochum), Markus Schöps (Ruhr University Bochum), Annalina Buckmann (Ruhr University Bochum), Florian Meißner (Macromedia University of Applied Sciences), M. Angela Sasse (Ruhr University Bochum)
Finding SSH Strict Key Exchange Violations by State Learning Fabian Bäumer (Ruhr University Bochum), Marcel Maehren (Ruhr University Bochum), Marcus Brinkmann (Ruhr University Bochum), Jörg Schwenk (Ruhr University Bochum)
On Hyperparameters and Backdoor-Resistance in Horizontal Federated Learning Simon Lachnit (Ruhr University Bochum), Ghassan Karame (Ruhr University Bochum)
Allgemeiner Hinweis: Mit einer möglichen Nennung von geschlechtszuweisenden Attributen implizieren wir alle, die sich diesem Geschlecht zugehörig fühlen, unabhängig vom biologischen Geschlecht.