信息网络安全 ›› 2016, Vol. 16 ›› Issue (12): 34-45.doi: 10.3969/j.issn.1671-1122.2016.12.006

• • 上一篇    下一篇

一种基于第三方平台可信证明的SSH协议

张亚奇1(), 何永忠1, 于爱民2   

  1. 1.北京交通大学计算机与信息技术学院,北京100044
    2.中国科学院信息工程研究所,北京100090
  • 收稿日期:2016-09-01 出版日期:2016-12-20 发布日期:2020-05-13
  • 作者简介:

    作者简介:张亚奇(1992—),男,河北,硕士研究生,主要研究方向为云计算安全;何永忠(1969—),男,重庆,副教授,博士,主要研究方向为系统安全;于爱民(1971—),男,山西,副研究员,博士,主要研究方向为行为分析与建模、安全大数据分析与情报协同、可信计算。

  • 基金资助:
    国家自然科学基金[61402035]

A SSH Protocol Based on the Trusted Attestation of a Third Party Platform

Yaqi ZHANG1(), Yongzhong HE1, Aimin YU2   

  1. 1. School of Computer and Information Technology of Beijing Jiaotong University, Beijing 100044, China
    2. Institute of Information Engineering, CAS, Beijing 100090, China
  • Received:2016-09-01 Online:2016-12-20 Published:2020-05-13

摘要:

SSH(Secure Shell)作为使用最广泛的网络安全协议之一,面临着多种安全问题。在现有条件下,攻击者可以利用SSH的安全弱点实施攻击。可信计算远程证明技术为我们提供了防范这种攻击的思路。SSH协议可以与远程证明结合来增强安全性。文章首先分析SSH面临的安全问题,然后提出一种基于第三方平台可信证明的SSH协议即TDSSH协议,并给出代码层面的主体实现。最后对该协议进行安全性分析和评估。文章提出的TDSSH协议对其他网络安全协议的可信增强研究有积极意义。

关键词: SSH, 远程证明技术, 可信计算, 可信增强

Abstract:

TSSH (Shell Secure), as one of the most widely used network security protocols, faces many kinds of security problems. Under the existing conditions, the attacker can use the security vulnerability of SSH to implement the attack. Trusted computing remote attestation technology provides a way for us to prevent such attacks. SSH protocol can be combined with remote attestation to enhance security. There are many deficiencies in the existing research about the trusted security protocol.This paper firstly analyzes the security problems faced by SSH, then proposes aSSH protocolbased on trustedattestationof third party platform, namely TDSSH protocol and gives the main implementation on code level. Finally we conduct the safety analysis and evaluation of the protocol. TDSSH protocol proposed in this paper has positive significance for research about trusted enhancement ofother network security protocols.

Key words: SSH, remote attestation technology, trusted computing, trust enhancement

中图分类号: