1 / 24

SSH Secure Login Connections over the Internet

SSH Secure Login Connections over the Internet. Tatu Yloenen SSH Communications Security. MOTIVATION. Connecting through the Internet Cheap and convenient Risky Internet does not protect transmitted data. Threats from the Internet. Network monitoring

lyndon
Télécharger la présentation

SSH Secure Login Connections over the Internet

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SSHSecure Login Connectionsover the Internet Tatu Yloenen SSH Communications Security

  2. MOTIVATION • Connecting through the Internet • Cheap and convenient • Risky • Internet does not protect transmitted data

  3. Threats from the Internet • Network monitoring • Connection hijacking:connections can be hijacked without either party noticing • Routing spoofing • DNS (domain name server) spoofing • Denial of service attacks

  4. How to protect ourselves • An acceptable solution must guarantee • Authentication of both ends of the connection • Secrecy of transmitted information • Integrity of transmitted data • Secrecy of transmitted information is crucial

  5. SSH • Allows • Secure login connections • Secure file transfer over the Internet or other untrusted networks

  6. SSH • Uses cryptographic algorithms to • Authenticate both ends of the connection • Encrypt all transmitted data • Protect data integrity • Validate values returned by services such as DNS or network protocols (such as TCP)

  7. Transport-level encryption • Every transmitted packet starts with random padding, followed by (optionally compressed) header and data • The entire packet is encrypted using a suitable algorithm • Packet type and data fields can be compressed with gzip before encryption • 1/3 of original size

  8. Integrity protection • Originally provided by including CRC32 of the packet under encryption • Found to be insufficient • Was replaced by HMAC-SHA

  9. What is HMAC-SHA? (I) • HMAC: • Hash-based Message Authentication Code • Uses a cryptographic hash function • Any change to the hashed data will (with very high probability) change the hash value

  10. What is HMAC-SHA? (II) • SHA: • Secure Hash Algorithm • Four different algorithms:SHA-0, SHA-1, SHA-2, and SHA-3 • SHA-1 • Most widely used • Fixes a flaw in SHA-0 • Produces a 160-bit "digest"

  11. SSH login protocol • Works on top of the packet-level protocol • Step 1:The client opens a connection to the server

  12. SSH login protocol • Step 2:Server sends • Its public RSA host key • Another public RSA key (``server key'') that changes every hour

  13. SSH login protocol The client compares the received host key against its own database of known host keys, Can decide to • Reject keys coming from unknown hosts • Accept them and store them in its database

  14. SSH login protocol • Step 3:The client • Generates a 256 bit random number using a cryptographically strong RNG (session key) • Picks an encryption algorithm among those supported by the server • Encrypts the session key with RSA using both the host key and the server key • Sends the encrypted key to the server

  15. The server key • Changed every hour • Used to make decrypting recorded historic traffic impossible after the server key has been changed when the host key becomes compromised • Normally a 768 bit RSA key • Host key is 1024 bits

  16. SSH login protocol • Step 4:Server • Recovers the session key • Sends an encrypted confirmation to the client • Shows client that it holds the proper private keys Client and server can start using transport-level encryption and integrity protection

  17. SSH login protocol • Step 5:User starts authentication procedure • First request includes the user login name • Server replies with either • successno further authentication is needed • failurefurther authentication is required

  18. Authentication methods • Traditional password authentication • Combination of .rhosts or hosts.equiv authentication and RSA-based host authentication • Pure RSA authentication: • Server maintains a list of users' public keys. • User requests authentication for a given key • Server responds with a challenge

  19. X11 and TCP/IP Forwarding • SSH can automatically forward the connection to the user's X server over the secure channel • SSH also automatically stores Xauthority data on the server • TCP/IP forwarding works similarly (Not covered in detail)

  20. Authentication Agent • SSH supports using an authentication agent • Program that runs in the user's local machine (or on a smartcard connected to it) • Agent holds the user's private RSA keys • In the Unix environment, the agent • Starts as a parent of the user's shell • Communicates with SSH using a file descriptor it shares with its children

  21. 1996 Changes • New transport layer protocol: • Better integrity checks • HMAC-MD5 and HMAC-SHA • More complete encryption of packet contents • New authentication protocol (Not covered)

  22. CONCLUSION • Strong cryptography • Solves Internet security issues • At negligible cost

  23. OPEN DISCUSSION • How does SSH compares with Kerberos?

  24. Performance • Startup time: • a few seconds • Data encryption rate: • Quite good on 1995 Pentium computers

More Related