Secure Shell (SSH)Table of ContentsAbstract 3Acronyms 31.0 Introduction to Secure Shell (SSH) 41.1 The History of Secure Shell 41.2 SSH-1 and SSH-2 41.3 What does Secure Shell Protect Against? 52.0 SSH Encryption Technique 52.1 How does Secure Shell Work? 53.0 SSH-2 Architecture 74.0 Possible Attacks on SSH 85.0 Conclusion – Future Development 9References 10AbstractAcronyms1.0 Introduction to Secure Shell (SSH)1.1 The History of Secure Shell1.2 SSH-1 and SSH-21.3 What does Secure Shell Protect Against?2.0 SSH Encryption Technique2.1 How does Secure Shell Work?3.0 SSH-2 Architecture4.0 Possible Attacks on SSH5.0 Conclusion – Future DevelopmentReferences:Secure Shell Tam NgoSteve LickingSecure Shell (SSH)Tam NgoSteve LickingSan Jose State UniversityMarch 25, 2005CS265 - Cryptography and Computer SecuritySection 1 Page 1 of 10 March 24, 2005Secure Shell Tam NgoSteve LickingTable of ContentsAbstract 3Acronyms 31.0 Introduction to Secure Shell (SSH) 41.1 The History of Secure Shell 41.2 SSH-1 and SSH-2 41.3 What does Secure Shell Protect Against? 52.0 SSH Encryption Technique 52.1 How does Secure Shell Work? 53.0 SSH-2 Architecture 74.0 Possible Attacks on SSH 85.0 Conclusion – Future Development 9References 10Section 1 Page 2 of 10 March 24, 2005Secure Shell Tam NgoSteve LickingAbstractSecure Shell (SSH) is one of the most popular protocols in the market today that allows users to connect from a local computer to a remote computer securely. Secure Shell is able to provide users with such security by using the most modern and secure cryptographic available. In this paper, we will discuss the history of SSH, how SSH establishes connection between client and server, whatencryption technology it uses, what kind of attacks SSH protect against, and what attacks SSH cannot prevent.Acronyms3DES – Triple Data Encryption StandardAES – Advanced Encryption StandardCAST – Carlisle Adams and Stafford TavaresCRC-32 – Cyclic Redundancy CheckDES – Data Encryption StandardDSA – Digital Signature AlgorithmIDEA – International Data Encryption AlgorithmMD5 – Message Digest algorithm number 5RSA – Rivest-Shamir-AdlemanSCS – SSH Communications SecuritySHA-1 – Secure Hash AlgorithmSSH-AUTH – SSH Authentication ProtocolSSH-CONN – SSH Connection ProtocolSSH-TRANS – SSH Transport Layer ProtocolSSH – Secure ShellSection 1 Page 3 of 10 March 24, 2005Secure Shell Tam NgoSteve Licking1.0 Introduction to Secure Shell (SSH)Currently, millions of people around the world are using computers to interact with other users. Unfortunately, many of those users are unaware of the security behind the technology they use. Instead, many simply rely on the software and hardware within their computer to provide the security without understanding what level of security is being provided and where they may still be vulnerable. There are many different free, as well as commercial, software applications on the market today which provide a secure means to perform many common tasks on remote machines. A popular protocol, used by many applications to ensure a secure connection between two machines, is Secure Shell (SSH). After its introduction, SSH became the preferred method to access other computers over existing protocols such as telnet, rlogin, rsh, rdist, and rcp. SSH gained popularity over these other protocols by providing security the security other protocols lacked via authentication and encryption.1.1 The History of Secure ShellThe story behind the development of Secure Shell started in 1995 when a schoolnetwork at Helsinki University in Finland was attacked with a password-sniffer. Inresponse to the incident, a researcher by the name of Tatu Ylönen developed theprotocol SSH-1, which is the first version of Secure Shell. During the same year, SSH-1 gain rapid attention with an estimated 20,000 users in 50 countries around the world. Due to its popularity, Ylönen created SSH Communications Security Ltd. (SCS), a company in which he is the chairman and chief officer, to manage the research and development of SSH (Barrett, 2002).1.2 SSH-1 and SSH-2Like many new protocols, after a year of usage, users found some problems and limitations with SSH-1. SSH-1 was shown to be insecure after several flaws werediscovered with the protocol. These include SSH-1 being vulnerable to a man-in-the-middle-attack and using CRC-32 as an integrity check, which can allow intruder to change the supposedly secure data and still pass the CRC-32 check. In addition to security vulnerabilities, SSH-1 does not provide password change or public-key certificate authentication. Due to SSH-1’s weak points, SCS developed SSH-2. Unfortunately, in order to fix the problems with SSH-1, SSH-2was unable to remain backwards compatibility with SSH-1. In 1998, the program“SSH Secure Shell” based on the SSH-2 protocol was released. Later, other SSH-2 implementations such as OpenSSH followed. Currently, the developmentof SSH-1 is inactive while SSH-2 is actively being developed and researched (Barrett, 2002). Since most projects regarding SSH-1 have stopped, this paper will focus on SSH-2.Section 1 Page 4 of 10 March 24, 2005Secure Shell Tam NgoSteve Licking1.3 What does Secure Shell Protect Against?While on the topic of security, one may wonder, what kind of attacks can intruder perform on an insecure network and more importantly, how does SSH protect users from falling victim to these attacks. An intruder can view any information sent when transferring over an insecure network. This information includes usernames, passwords, messages, IP address, files, and many more. By using SSH, users are authenticated by the server when a connection is set-up and any information sent over that connection is encrypted, preventing eavesdropping. SSH prevents many attacks such as DNS spoofing, IP spoofing, IP source routing, and manipulating and intercepting data over the connection. SSH is able to provide users with such security by using modern encryption algorithms. According to the FAQ document online (Acheson, 2001), SSH uses RSA (SSH-1) or DSA (SSH-2) for authentication and then for data encryption, it can use a variety of ciphers including 3DES, Blowfish, Twofish, Arcfour, or Cast128-cbc (SSH-2). By using these cipher schemes, SSH is able to provide the user with privacy, integrity, and authentication.2.0 SSH Encryption TechniqueAs of today, there are two widely used key encryption algorithms.
View Full Document
Unlocking...