Research on Establish SSH-based Trusted Channels

doi:10.3969/j.issn.1671-1122.2018.01.007

Abstract

Abstract:

The security of existing secure channel technologies can be improved when being integrated with TCG remote attestation techniques. This paper proposes a practical approach to establish SSH-based trusted channels, denoted as trusted SSH. From the security point of view, trusted SSH not only achieves the authentic binding of the platform state information to the SSH secure channel, but also retains the privacy of the platform state information. From the functionality point of view, trusted SSH has the following features: attestation flexibility, backward compatibility and scalability. It is reflected in the aspect that any session key exchange algorithm used in SSH can be seamlessly used in Trusted SSH. These characteristics of security, functionalities and scalability are achieved in an efficient way. We also implement trusted SSH based on open SSH for evaluating its other features.

Key words: SSH, trusted computing, remote attestation, trusted channel

CLC Number:

TP309

Bo FAN, Runkai YANG, Lin LI. Research on Establish SSH-based Trusted Channels[J]. Netinfo Security, 2018, 18(1): 45-51.

Figures/Tables 3

References 16

[1]	ARMKNECHT F, GASMI Y, SADEGHI A R, et al.An Efficient Implementation of Trusted Channels Based on Openssl[C]// ACM. STC '08 Proceedings of the 3rd ACM workshop on Scalable trusted computing,October 31, 2008,Alexandria, Virginia, USA. New York:ACM, 2008:41-50.
[2]	SADEGHI A R, SCHULZ S.Extending IPsec for Efficient Remote Attestation[C]// Springer. Financial Cryptography and Data Security, FC 2010 Workshops, RLCPS, WECSR, and WLC 2010, January 25-28, 2010,Tenerife, Canary Islands, Spain.Berlin:Springer, 2010:150-165.
[3]	GOLDMAN K, PEREZ R, SAILER R.Linking Remote Attestation to Secure Tunnel End Points[C]// ACM. STC '06 Proceedings of the first ACM workshop on Scalable trusted computing, November 3, 2006,Alexandria, Virginia, USA. New York:ACM, 2006:21-24.
[4]	STUMPF F, TAFRESCHI O, RODER P, et al.A Robust Integrity Reporting Protocol for Remote Attestation[J]. Journal of Radioanalytical & Nuclear Chemistry, 2006, 134(s1):869-875.
[5]	黄强,孔志印,常乐,等. 可信基线及其管理机制[J]. 信息网络安全,2016(9):145-148.
[6]	YLONEN T. The Secure Shell (SSH) Transport Layer Protocol [EB/OL]. ,2017-6-15.
[7]	DIERKS T,RESCORLA E. The Transport Layer Security (TLS) Protocol Version 1.2[EB/OL]. ,2017-6-15.
[8]	KENT S, SEO K. Security Architecture for the Internet Protocol [EB/OL]. ,2017-6-15.
[9]	GODDARD T.Using the NETCONF Configuration Protocol over Secure SHell (SSH) [EB/OL]. ,2017-6-15.
[10]	HARRINGTON D, SCHONWALDER J. Transport Subsystem for the Simple Network Management Protocol (SNMP) [EB/OL].,2017-6-15.
[11]	CHARBONNEAU A, TERSKIKH V.Spectro Grid: Providing Simple Secure Remote Access to Scientific Instruments[C]// IEEE. HPCS '08 Proceedings of the 2008 22nd International Symposium on High Performance Computing Systems and Applications,June 9 - 11, 2008,Washington. New York:IEEE, 2008:76-82.
[12]	KAUFMAN E C. Internet Key Exchange (IKEv2) Protocol[EB/OL]. ,2017-6-15.
[13]	王冠,袁华浩. 基于可信根服务器的虚拟TCM密钥管理功能研究[J]. 信息网络安全,2016(4):17-22.
[14]	NAGARAJAN A, VAARADHARAJAN V, HITCHENS M, et al.Property Based Attestation and Trusted Computing: Analysis and Challenges[C]// IEEE. NSS '09 Proceedings of the 2009 Third International Conference on Network and System Security,October 19-21, 2009 ,Gold Coast, Queensland, Australia. New York:IEEE, 2009:278-285.
[15]	DOLEV D, YAO A.On the Security of Public Key Protocols[J]. Information Theory IEEE Transactions on, 1983, 29(2):198-208.
	DOLEV D, YAO A.On the Security of Public Key Protocols[J]. Information Theory IEEE Transactions on, 1983, 29(2):198-208.
[16]	张亚奇,何永忠,于爱民. 一种基于第三方平台可信证明的SSH协议[J]. 信息网络安全,2016(12):34-45.