基于抗量子密钥交换协议的SSH协议的研究与实现

发布时间：2018-05-22 17:54

本文选题：SSH协议 + 密钥交换算法　；参考：《北京交通大学》2017年硕士论文

【摘要】：随着互联网技术的发展和网络规模的扩大,人们对远程登录的需求也变得十分迫切,很多企业、组织对网络设备以及服务器的管理都需要使用远程登录服务。因此远程登录技术成为了非常热门的一个研究课题。早期提供远程服务的Telnet、FTP等均以明文的方式传送数据,给用户安全带来了巨大的威胁。而SSH协议能够对传输的数据进行加密,因此它成为了目前应用最广泛的网络安全协议之一。目前,SSH协议对传输数据加密使用的算法都是对称加密算法,因此在数据加密之前通信双方需要安全地协商出一个共享密钥,现阶段此共享密钥由DH算法生成。换句话说,DH算法生成的共享密钥是SSH能够提供安全传输的重中之重。众所周知,DH算法的安全性依赖于计算离散对数的困难性。但是由于近年来量子理论的迅猛发展,已经有学者找到了在多项式时间内就能计算离散对数的量子算法,这导致基于离散对数的DH算法不再那么安全,SSH协议也面临着巨大的挑战与威胁。本文以解决量子算法给SSH协议带来的威胁为目的,深入研究了 SSH协议的相关内容,利用抗量子密钥交换、RSA等算法设计了两种对SSH的改进方案,并对两种方案进行了源码级的实现。具体的研究内容与创新点如下:(1)深入研究SSH协议的组织架构和工作原理以及SSH能够提供的安全服务类型,并详细分析量子领域密钥交换的研究现状以及未来量子时代给SSH协议带来的威胁。(2)为有效解决SSH面临的威胁,设计了两种对SSH协议的改进方案。第一种方案基于R-LWE认证密钥交换算法,此方案密钥交换速度快,且不需要其他密码算法支撑。第二种改进方案在第一种方案的基础上,又结合了 SHA256算法和RSA算法,设计一个抗量子密钥交换的协议簇,利用此协议簇对SSH进行改进。第二种改进方法为密钥交换阶段提供了数据完整性校验功能。(3)对以上两种改进方案进行系统设计和实现,并对开发完成的系统进行了大量的连接测试实验以及安全性验证工作。实验结果表明,两种改进方案均能够在不降低原有SSH性能和安全的条件下,提供抵抗量子攻击的功能,其中第二种改进方案具有更高的安全性能。
[Abstract]:With the development of Internet technology and the expansion of network scale, the demand for remote login becomes very urgent. Many enterprises and organizations need to use remote login service for the management of network equipment and servers. Therefore, remote login technology has become a very popular research topic. Telnetn FTP, which provided remote service in the early years, all transmit data in clear text, which brings great threat to user security. SSH protocol can encrypt the transmitted data, so it becomes one of the most widely used network security protocols. At present, all the algorithms used in SSH protocol are symmetric encryption algorithms for transmission data encryption. Therefore, before data encryption, both parties need to negotiate a shared key safely, which is generated by DH algorithm at this stage. In other words, the shared key generated by the DH algorithm is the top priority for SSH to provide secure transmission. It is well known that the security of DH algorithm depends on the difficulty of computing discrete logarithms. However, due to the rapid development of quantum theory in recent years, some scholars have found a quantum algorithm that can calculate discrete logarithms in polynomial time. As a result, DH algorithm based on discrete logarithm is less secure than SSH protocol. In order to solve the threat posed by quantum algorithm to SSH protocol, this paper deeply studies the related contents of SSH protocol, and designs two improved schemes for SSH by using anti-quantum key exchange algorithm. And the two schemes are implemented at source level. The specific research contents and innovations are as follows: 1) deeply studying the organizational structure and working principle of the SSH protocol and the types of security services that SSH can provide. The present situation of key exchange in quantum field and the threat to SSH in the future quantum age are analyzed in detail. In order to effectively solve the threat faced by SSH, two schemes to improve the SSH protocol are designed. The first scheme is based on R-LWE authentication key exchange algorithm, which is fast and does not need other cryptographic algorithms. On the basis of the first scheme, the second scheme combines the SHA256 algorithm and the RSA algorithm to design a protocol family against quantum key exchange, which is used to improve the SSH. The second improved method provides the data integrity verification function for key exchange phase. It designs and implements the above two improved schemes, and carries out a lot of connection test and security verification work on the developed system. The experimental results show that the two improved schemes can provide resistance to quantum attacks without reducing the performance and security of the original SSH. The second improved scheme has higher security performance.
【学位授予单位】：北京交通大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TN918.4

【参考文献】