信息网络安全 ›› 2018, Vol. 18 ›› Issue (1): 45-51.doi: 10.3969/j.issn.1671-1122.2018.01.007

• • 上一篇    下一篇

基于SSH的可信信道建立方法研究

范博1(), 杨润垲2, 黎琳2   

  1. 1. 中国电子技术标准化研究院,北京 100007
    2北京交通大学计算机与信息技术学院,北京 100044
  • 收稿日期:2017-12-01 出版日期:2018-01-20 发布日期:2020-05-11
  • 作者简介:

    作者简介:范博(1978—),女,吉林,硕士,主要研究方向为网络安全标准化;杨润垲(1993—),男,山东,硕士研究生,主要研究方向为云计算中心;黎琳(1978—),女,山东,副教授,博士,主要研究方向为密码学。

  • 基金资助:
    国家自然科学基金[61402035]

Research on Establish SSH-based Trusted Channels

Bo FAN1(), Runkai YANG2, Lin LI2   

  1. 1.China Electronics Standardization Institute, Beijing 100007, China
    2.Beijing Jiaotong University, Beijing 100044, China
  • Received:2017-12-01 Online:2018-01-20 Published:2020-05-11

摘要:

现有安全信道技术与TCG远程证明技术集成后,其安全性得到提高。文章提出了一种构建基于SSH的可信信道的方法,称为“可信SSH”。可信SSH从安全的角度出发,不仅实现了平台状态信息与SSH安全信道的真实绑定,而且保护了平台状态信息的隐私。从功能角度看,可信SSH具有以下特点:证明灵活性、向后兼容、可扩展性,这些特性体现在SSH中使用的任何会话密钥交换算法都可以在可信 SSH中无缝使用。文章提供了可信SSH在open ssh的实现及其他功能评估。

关键词: SSH, 可信计算, 远程证明, 可信信道

Abstract:

The security of existing secure channel technologies can be improved when being integrated with TCG remote attestation techniques. This paper proposes a practical approach to establish SSH-based trusted channels, denoted as trusted SSH. From the security point of view, trusted SSH not only achieves the authentic binding of the platform state information to the SSH secure channel, but also retains the privacy of the platform state information. From the functionality point of view, trusted SSH has the following features: attestation flexibility, backward compatibility and scalability. It is reflected in the aspect that any session key exchange algorithm used in SSH can be seamlessly used in Trusted SSH. These characteristics of security, functionalities and scalability are achieved in an efficient way. We also implement trusted SSH based on open SSH for evaluating its other features.

Key words: SSH, trusted computing, remote attestation, trusted channel

中图分类号: