可信SSH协议的设计与实现

发布时间：2019-04-13 09:02

【摘要】：随着计算机网络技术特别是Internet技术的发展,网络安全问题日益受到人们的重视,网络安全协议的设计与分析成为当前人们研究的热点,网络安全协议如SSH、IPSec、TLS在保证数据传输安全性方面起到的关键作用越来越受到关注。SSH作为一种通用且可扩展的安全协议,加密网络中传输的数据,一定程度上降低了窃听等部分网络攻击的成功概率与危害。然而,恶意用户的攻击手段越来越复杂,现有的计算机系统很容易遭受到恶意攻击。由于传统的SSH协议面临着一些安全威胁,恶意用户可以利用SSH对远程的服务器进行攻击。可信计算技术可以通过提高平台安全性来提高网络安全协议的安全强度,远程证明技术保证远程不可信计算平台上的代码未被篡改,但如果直接应用到传统的SSH协议中会带来高延迟、低效等缺点。为达到增强协议通信终端安全性的目的并尽量减少对通信的影响,本文提出了一种基于第三方平台进行可信证明的SSH协议,旨在将传统SSH协议结合可信计算平台的远程证明技术,增强通信双方的可信与安全特性的同时,不会降低传统SSH协议的机密性、完整性和可用性。本文首先研究了网络安全协议与可信计算的发展;然后详细论述SSH协议与可信计算的研究基础;重点分析SSH协议面临的安全风险。为达到设计目标,本文在传统SSH协议之上,结合第三方平台对终端进行可信证明,形成可信SSH协议,并在OpenSSH基础上实现了此协议。为了证明本可信协议的安全特性,本文随后研究了安全协议的验证方法;对本可信协议部分进行了形式化分析;并对不同类型的攻击下的防范能力进行了论述分析和攻击实验验证。经过总结分析,相较于传统SSH协议,此协议的安全性和可信性有所提高,且没有明显降低连接效率。此协议对可信协议的发展有着积极的意义。
[Abstract]:With the development of computer network technology, especially Internet technology, the problem of network security has been paid more and more attention by people. The design and analysis of network security protocol has become the focus of research, such as network security protocol such as SSH,IPSec,. As a universal and extensible security protocol, TLS encrypts the data transmitted in the network. To a certain extent, the successful probability and harm of some network attacks such as eavesdropping are reduced. However, the attack methods of malicious users become more and more complex, and the existing computer systems are vulnerable to malicious attacks. Because the traditional SSH protocol faces some security threats, malicious users can use SSH to attack remote servers. Trusted computing technology can improve the security intensity of network security protocol by improving platform security. Remote proof technology ensures that the code on remote untrusted computing platform is not tampered with. However, if directly applied to the traditional SSH protocol, it will bring high latency, low efficiency and other shortcomings. In order to enhance the security of protocol communication terminals and minimize the impact on communication, this paper proposes a SSH protocol based on third-party platform for trusted authentication. The purpose of this paper is to combine the traditional SSH protocol with the trusted computing platform to enhance the trusted and secure characteristics of both sides of the communication, without reducing the confidentiality, integrity and availability of the traditional SSH protocol. This paper first studies the development of network security protocol and trusted computing, then discusses the research foundation of SSH protocol and trusted computing in detail, and emphatically analyzes the security risk of SSH protocol. In order to achieve the design goal, this paper based on the traditional SSH protocol, combined with the third-party platform to carry on the trusted proof to the terminal, forms the trusted SSH protocol, and realizes this protocol on the basis of OpenSSH. In order to prove the security characteristics of the trusted protocol, the verification method of the security protocol is studied, and the formal analysis of the trusted protocol is carried out. At the same time, the defensive ability of different types of attacks is analyzed and verified by experiments. Compared with the traditional SSH protocol, the security and credibility of this protocol are improved, and the connection efficiency is not significantly reduced. This agreement has positive significance to the development of trusted protocol.
【学位授予单位】：北京交通大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP393.08

【参考文献】