Applications and the Future - Codes: The Guide to Secrecy from Ancient to Modern Times

Cryptography Reference

In-Depth Information

SSH Protocol Architecture

We will assume that Alice is the user on the client computer, and she wishes

to establish secure communications with the (remote) host computer.

Overview of SSH Protocols

1. Transport Layer Protocol : This protocol provides stronghost authenti-

cation, confidentiality via strongencryption, and integrity protection from

the server to the client computer. This layer also thwarts the man-in-the-

middle attack. Moreover, it optionally supports compression. Although

there are other possible data streams over which this transport layer may

run, we assume that it does so over the canonical one, TCP/IP. The other

layers of the SSH protocol run on top of the secure tunnel provided by the

transport layer.

2. User Authentication Protocol : This protocol runs over the transport

layer protocol for the purpose of authenticatingAlice to the server. The

DSA cipher is used for authentication (see page 183). Once this protocol

is completed, there is a mutually authenticated secure channel between

Alice and the host.

3. Connection Protocol : This protocol runs over the encrypted tunnel es-

tablished above. It multiplexes 9.5 that tunnel into numerous logical chan-

nels that may be used for a rich variety of application-support services,

including remote program execution, signal propagation, and connection

forwarding.

SSH Protocols in Detail

SSH Transport Layer : The purpose of this layer is to ensure secure com-

munication between Alice, as the client user, and the remote server, as the host.

Once Alice contacts the server, key data must be exchanged in order to con-

struct the tunnel. With SSH2, it is mandated that DSS be used (see page 183).

The host sends its public key, called the host key e S , as identification. In order

for Alice to be certain that she is communicatingwith the correct server, she

must have prior knowledge of e S , for which two trust models are available.

Trust Models for Host Keys : The first is that Alice has a local database

available to her at the client machine. This database associates each host name,

which Alice enters, with the matchingpublic host key. This requires no PKI

infrastructure, which currently is unavailable to the Internet in any case. How-

ever, it is clear that maintainingsuch a database with matchingkey names may

become onerous.

9.5 Multiplexing means the use of a transmission channel to carry two or more signals at the

same time.

Search WWH ::

Custom Search

Home