Analysis of the SSH Key Exchange Protocol
نویسنده
چکیده
We provide an analysis of the widely deployed SSH protocol’s key exchange mechanism. We exploit the design of the SSH key exchange to perform our analysis in a modular manner. First, a shared secret key is obtained via a Diffie-Hellman key exchange. Next, a transform is applied to obtain the application keys used by later stages of SSH. We define models, following well-established paradigms, that clarify the security provided by each type of key. Previously, there has been no formal analysis of the SSH key exchange protocol. We provide a modular proof of security for the SSH shared secret and application keys. We show that although the shared secret key exchanged by SSH is not indistinguishable, the transformation then applied yields indistinguishable application keys. Our proofs use random oracles to model the hash function used within SSH.
منابع مشابه
Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol
Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This memo describes a new key ex...
متن کاملNetwork Working Group Diffie-hellman Group Exchange for the Secure Shell (ssh) Transport Layer Protocol
Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This memo describes a new key ex...
متن کاملArchitectural Defects of the Secure Shell
Although some flaws have been found out in the SSH, the Secure Shell, there is not so much discussion about its architecture or design safety. Therefore, in this paper, considering the SSH’s architecture, e.g. the key exchange protocol, the user authentication protocols and its total design of the SSH, we not only discuss the SSH’s architectural safety but show some critical flaws for SSH users...
متن کاملGeneric Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell (SSH) Protocol
Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract The Secure Shell protocol (SSH) ...
متن کاملRSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This memo describes a key-exchange method for the Se...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2011 شماره
صفحات -
تاریخ انتشار 2011