Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Secure Shell Protocol Jia Zhu 2621081 Seminar WS 06/07 Computer Security Chair holder : Prof. Dr. Joachim von zur Gathen Tutor: Michael Nüsken, Daniel.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "The Secure Shell Protocol Jia Zhu 2621081 Seminar WS 06/07 Computer Security Chair holder : Prof. Dr. Joachim von zur Gathen Tutor: Michael Nüsken, Daniel."— Presentation transcript:

1 The Secure Shell Protocol Jia Zhu 2621081 Seminar WS 06/07 Computer Security Chair holder : Prof. Dr. Joachim von zur Gathen Tutor: Michael Nüsken, Daniel Loebenberger Name : Jia Zhu Student ID : 262108 Date: 30.10.2006 The Secure Shell Protocol

2 The Secure Shell Protocol Jia Zhu 2621082 Agenda History of SSH Architecture Related Concepts about SSH Protocol Workflow of SSH Connection Potential Security Problems of SSH

3 The Secure Shell Protocol Jia Zhu 2621083  Goal of Secure Shell (SSH) Protocol - a protocol for secure remote login and other secure network services over an insecure network.  Usage login a remote machine and execute commands by using public-key cryptography to authenticate both remote server and local client support tunneling, forwarding arbitrary TCP ports and X11 connection transfer files using the associated SFTP or SCP protocols.

4 The Secure Shell Protocol Jia Zhu 2621084 History of SSH  1995, SSH-1 ----Tatu Ylönen Helsinki University of Technology, Finland SSH Communications Security Corp. Attachmate organization, which markets Reflection for Secure IT

5 The Secure Shell Protocol Jia Zhu 2621085 History of SSH  1996, SSH-2 (incompatible with SSH-1) - RFC (Request of Comments) memorandum - Proposed as a new Internet standard by the Internet Engineering Task Force (IETF) working group - security and feature improvements over SSH-1

6 The Secure Shell Protocol Jia Zhu 2621086 Agenda History of SSH Architecture Related Concepts about SSH Protocol Workflow of SSH Connection Potential Security Problems of SSH

7 The Secure Shell Protocol Jia Zhu 2621087 Architecture

8 The Secure Shell Protocol Jia Zhu 2621088 Transport Layer Protocol performs connection setup, (DH) key exchange, encryption and data integrity protection may optionally provide compression derive a unique session id that may be used by higher-level protocols run over a TCP/IP connection or other reliable data stream service request

9 The Secure Shell Protocol Jia Zhu 2621089 User Authentication Protocol provide a suite of mechanisms to authenticate the client to the server Individual mechanism specified in the authentication protocol uses the session id provided by the transport layer protocol and also depend on the security and integrity guarantees of the transport protocol Public Key, Password and Host-Based Authentication

10 The Secure Shell Protocol Jia Zhu 26210810 Connection Protocol multiplex the encrypted tunnel into several logical channels of data over the confidential and authenticated transport specify channels for accessing an interactive shell, for proxy-forwarding various external protocols over the secure transport and secure subsystems on the server host provide them to higher network application protocols

11 The Secure Shell Protocol Jia Zhu 26210811 Agenda History of SSH Architecture Related Concepts about SSH Protocol Workflow of SSH Connection Potential Security Problems of SSH

12 The Secure Shell Protocol Jia Zhu 26210812 Host keys host server : host key  1:1 ; 1:N ; N:1 used to verify that the client is really talking to the correct server during key exchange

13 The Secure Shell Protocol Jia Zhu 26210813 Verification Request Trust model (2) SSH Client A Host Name and Public Key Host B Host C Private Key Trust model (1) Certification Authority Client AClient BClient C Root Key from CA

14 The Secure Shell Protocol Jia Zhu 26210814 A problem from host-key association host key association not checked when connecting to the host for the first time allow communication without prior communication of host keys or certification vulnerable to activate man-in-the-middle attacks Solution: normally NOT allow such connections by default

15 The Secure Shell Protocol Jia Zhu 26210815 Security Properties (1). All encryption, integrity, and public key algorithms used are well-known, well-established algorithms (2). All algorithms are used with cryptographically sound key sizes that are believed to provide protection against even the strongest attacks (3). All algorithms are negotiated, and in case some algorithm is broken, it is easy to switch to some other algorithm without modifying the base protocol.

16 The Secure Shell Protocol Jia Zhu 26210816 Packet Size and Overhead the increase in packet size due to new headers, padding, and the Message Authentication Code (MAC). The minimum packet size is 28 bytes (depending on negotiated algorithms).

17 The Secure Shell Protocol Jia Zhu 26210817 Localization and Character Set Support For the most case, not directly pass text that would be displayed to the user However, some places where such data might be passed. When applicable, the character set for the data must be explicitly specified. In most places, ISO-10646 UTF-8 encoding is used. When applicable, a field is also provided for a language tag.

18 The Secure Shell Protocol Jia Zhu 26210818 Data Type Representations Byte: an arbitrary 8-bit value (octet) Boolean: stored as a single byte. 0 represents FALSE, 1 represents TRUE uint32: a 32-bit unsigned integer uint64: a 64-bit unsigned integer string: Arbitrary length binary string, a uint32 containing its length

19 The Secure Shell Protocol Jia Zhu 26210819 uint32

20 The Secure Shell Protocol Jia Zhu 26210820 string

21 The Secure Shell Protocol Jia Zhu 26210821 Data Type Representations (cont.) mpint: multiple precision integers in two's complement format, stored as a string, 8 bits per byte, MSB first. Negative numbers have the value 1 as the MSB of the first byte of the data partition. If the MSB would be set 1 for a positive number, the number must be preceded by a zero byte. The value zero must be stored as a string with zero bytes of data. name-list: A string containing a comma-separated list of names, represented as a uint32 containing its length

22 The Secure Shell Protocol Jia Zhu 26210822 mpint

23 The Secure Shell Protocol Jia Zhu 26210823 name list

24 The Secure Shell Protocol Jia Zhu 26210824 Algorithm and Method Naming Names that do not contain an at-sign ("@") comma (","), white space, control characters (ASCII codes 32 or less), or the ASCII code 127 (DEL) are reserved to be assigned by IETF CONSENSUS. only valid if they are first registered with the IANA case-sensitive, and must NOT be longer than 64 characters. Examples include "3des-cbc", "sha-1", "hmac-sha1", and "zlib".

25 The Secure Shell Protocol Jia Zhu 26210825 Algorithm and Method Naming Anyone can define additional algorithms or methods by using names in the format name@domainname, e.g., "ourcipher- cbc@example.com". The format of the part preceding the at-sign is not specified; however, these names must be printable US-ASCII strings, and must NOT contain the comma character (","), white space, control characters (ASCII codes 32 or less), or the ASCII code 127 (DEL). They must have only a single at-sign in them. The part following the at-sign must be a valid, fully qualified domain name controlled by the person or organization defining the name. Names are case-sensitive, and must NOT be longer than 64 characters. It is up to each domain how it manages its local namespace.

26 The Secure Shell Protocol Jia Zhu 26210826 Message Numbers Protocol typeRangeUsage Transport Layer Protocol 1-19 Transport layer generic (e.g., disconnect, ignore, debug, etc.) 20-29Algorithm negotiation 30-49 Key exchange method specific (numbers can be reused for different authentication methods) User Authentication Protocol 50-59User authentication generic 60-79 User authentication method specific (numbers can be reused for different authentication methods) Connection Protocol 80-89Connection protocol generic 90-127Channel related messages Reserved for client protocols 128-191Reserved Local extensions192-255Local extensions

27 The Secure Shell Protocol Jia Zhu 26210827 Agenda History of SSH Architecture Related Concepts about SSH Protocol Workflow of SSH Connection Potential Security Problems of SSH

28 The Secure Shell Protocol Jia Zhu 26210828 Workflow of SSH Connection (1). Protocol Version Exchange When the connection has been established, both sides must send an identification string to exchange SSH protocol version. The maximum length of the string is 255 characters, including the Carriage Return and Line Feed. The part of the identification string preceding the Carriage Return and Line Feed is used in the Diffie- Hellman key exchange. Key exchange will begin immediately after sending this identifier. All packets following the identification string shall use the Binary Packet Protocol.

29 The Secure Shell Protocol Jia Zhu 26210829 Workflow of SSH Connection (2). Key Exchange(kex): Using Binary Packet Protocol, key exchange begins by each side sending name-lists of supported algorithms. Each side has a preferred algorithm in each category. Each side may guess which algorithm the other side is using, and may send an initial key exchange packet according to the algorithm, if appropriate for the preferred method.

30 The Secure Shell Protocol Jia Zhu 26210830 Workflow of SSH Connection (3). Output from Key Exchange: (a). a shared secret K (b). an exchange hash H Encryption and authentication keys are derived from these two values. The exchange hash H from the first key exchange is additionally used as the session identifier, which is a unique identifier for this connection. It is used by authentication methods as a part of the data that is signed as a proof of possession of a private key. Once computed, the session identifier is not changed, even if keys are later re-exchanged.

31 The Secure Shell Protocol Jia Zhu 26210831 Workflow of SSH Connection (4). Service Request: After the key exchange, the client requests a service. The service is identified by a name. When the service starts, it may have access to the session identifier generated during the key exchange. If the server supports the service (and permits the client to use it), it must respond with message numbers and service name. After a key exchange with implicit server authentication, the client must wait for a response to its service request message before sending any further data.

32 The Secure Shell Protocol Jia Zhu 26210832 Workflow of SSH Connection (5). Authentication Request: The server drives the authentication by telling the client which authentication methods can be used to continue the exchange at any given time. The client has the freedom to try the methods listed by the server in any order. This gives the server complete control over the authentication process if desired, but also gives enough flexibility for the client to use the methods it supports or that are most convenient for the user, when multiple methods are offered by the server. The server should have a timeout for authentication and disconnect if the authentication has not been accepted within the timeout period. When the server accepts authentication, it must respond with the authentication success message.

33 The Secure Shell Protocol Jia Zhu 26210833 Workflow of SSH Connection (6). Opening a Channel After setting the service type, both sides open a new channel and begin to data transferring.

34 The Secure Shell Protocol Jia Zhu 26210834 Agenda History of SSH Architecture Related Concepts about SSH Protocol Workflow of SSH Connection Potential Security Problems of SSH

35 The Secure Shell Protocol Jia Zhu 26210835 Potential Security Problems (1). Since SSH-1 has inherent design flaws which make it vulnerable to, e.g., man-in-the-middle attacks, it is now generally considered obsolete and should be avoided by explicitly disabling fallback to SSH-1. (2). It is important to verify unknown public keys before accepting them as valid. Accepting an attacker's public key as a valid public key has the effect of disclosing the transmitted password and allowing man in the middle attacks.

36 The Secure Shell Protocol Jia Zhu 26210836 Potential Security Problems (3). Man-in-the-middle, Covert Channels, etc. (4). Backdoors exists for hackers to execute any code using interactive authentication and can cause service not to function.

37 The Secure Shell Protocol Jia Zhu 26210837 Potential Security Problems (5). When client first login the server, it accept host key without examining if the host key belongs to the right server. (6). Can not improve any security for server. If server is attacked or controlled, SSH transferring can not be safe anymore (7). Above the TCP/IP Layer, and can not avoid DoS attack (8). Can not avoid hidden channels problems

38 The Secure Shell Protocol Jia Zhu 26210838 Potential Security Problems (9). Debug message may reveal server or client information without protection. (10). Port forwarding may bypass the firewall since the data in the channel is encrypted. (11). Have to know server’s IP and port, know which software can be used and how to configure the software, not transparent for users (12). manually manage host key for user authentication, not flexible and secure enough. (13). Client can find server quickly but server can not find client easily, can not bidirectional communication.

39 The Secure Shell Protocol Jia Zhu 26210839

Download ppt "The Secure Shell Protocol Jia Zhu 2621081 Seminar WS 06/07 Computer Security Chair holder : Prof. Dr. Joachim von zur Gathen Tutor: Michael Nüsken, Daniel."

Similar presentations

Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Ferry Astika Saputra Workshop Administrasi Jaringan TELNET & SSH.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2000 Ferry Astika Saputra Workshop Administrasi Jaringan TELNET & SSH.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
HTTP Cookies. CPSC 441 - Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.

HTTP Cookies. CPSC Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.
Cryptography and Network Security

Cryptography and Network Security
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
Cunsheng Ding HKUST, Hong Kong, CHINA

Cunsheng Ding HKUST, Hong Kong, CHINA

Similar presentations

Ads by Google