發(fā)布時間：2018-05-22 17:54

  本文選題：SSH協(xié)議 + 密鑰交換算法��； 參考：《北京交通大學》2017年碩士論文

【摘要】：隨著互聯(lián)網(wǎng)技術(shù)的發(fā)展和網(wǎng)絡(luò)規(guī)模的擴大,人們對遠程登錄的需求也變得十分迫切,很多企業(yè)、組織對網(wǎng)絡(luò)設(shè)備以及服務器的管理都需要使用遠程登錄服務。因此遠程登錄技術(shù)成為了非常熱門的一個研究課題。早期提供遠程服務的Telnet、FTP等均以明文的方式傳送數(shù)據(jù),給用戶安全帶來了巨大的威脅。而SSH協(xié)議能夠?qū)鬏數(shù)臄?shù)據(jù)進行加密,因此它成為了目前應用最廣泛的網(wǎng)絡(luò)安全協(xié)議之一。目前,SSH協(xié)議對傳輸數(shù)據(jù)加密使用的算法都是對稱加密算法,因此在數(shù)據(jù)加密之前通信雙方需要安全地協(xié)商出一個共享密鑰,現(xiàn)階段此共享密鑰由DH算法生成。換句話說,DH算法生成的共享密鑰是SSH能夠提供安全傳輸?shù)闹刂兄�。眾所周�?DH算法的安全性依賴于計算離散對數(shù)的困難性。但是由于近年來量子理論的迅猛發(fā)展,已經(jīng)有學者找到了在多項式時間內(nèi)就能計算離散對數(shù)的量子算法,這導致基于離散對數(shù)的DH算法不再那么安全,SSH協(xié)議也面臨著巨大的挑戰(zhàn)與威脅。本文以解決量子算法給SSH協(xié)議帶來的威脅為目的,深入研究了 SSH協(xié)議的相關(guān)內(nèi)容,利用抗量子密鑰交換、RSA等算法設(shè)計了兩種對SSH的改進方案,并對兩種方案進行了源碼級的實現(xiàn)。具體的研究內(nèi)容與創(chuàng)新點如下:(1)深入研究SSH協(xié)議的組織架構(gòu)和工作原理以及SSH能夠提供的安全服務類型,并詳細分析量子領(lǐng)域密鑰交換的研究現(xiàn)狀以及未來量子時代給SSH協(xié)議帶來的威脅。(2)為有效解決SSH面臨的威脅,設(shè)計了兩種對SSH協(xié)議的改進方案。第一種方案基于R-LWE認證密鑰交換算法,此方案密鑰交換速度快,且不需要其他密碼算法支撐。第二種改進方案在第一種方案的基礎(chǔ)上,又結(jié)合了 SHA256算法和RSA算法,設(shè)計一個抗量子密鑰交換的協(xié)議簇,利用此協(xié)議簇對SSH進行改進。第二種改進方法為密鑰交換階段提供了數(shù)據(jù)完整性校驗功能。(3)對以上兩種改進方案進行系統(tǒng)設(shè)計和實現(xiàn),并對開發(fā)完成的系統(tǒng)進行了大量的連接測試實驗以及安全性驗證工作。實驗結(jié)果表明,兩種改進方案均能夠在不降低原有SSH性能和安全的條件下,提供抵抗量子攻擊的功能,其中第二種改進方案具有更高的安全性能。
[Abstract]:With the development of Internet technology and the expansion of network scale, the demand for remote login becomes very urgent. Many enterprises and organizations need to use remote login service for the management of network equipment and servers. Therefore, remote login technology has become a very popular research topic. Telnetn FTP, which provided remote service in the early years, all transmit data in clear text, which brings great threat to user security. SSH protocol can encrypt the transmitted data, so it becomes one of the most widely used network security protocols. At present, all the algorithms used in SSH protocol are symmetric encryption algorithms for transmission data encryption. Therefore, before data encryption, both parties need to negotiate a shared key safely, which is generated by DH algorithm at this stage. In other words, the shared key generated by the DH algorithm is the top priority for SSH to provide secure transmission. It is well known that the security of DH algorithm depends on the difficulty of computing discrete logarithms. However, due to the rapid development of quantum theory in recent years, some scholars have found a quantum algorithm that can calculate discrete logarithms in polynomial time. As a result, DH algorithm based on discrete logarithm is less secure than SSH protocol. In order to solve the threat posed by quantum algorithm to SSH protocol, this paper deeply studies the related contents of SSH protocol, and designs two improved schemes for SSH by using anti-quantum key exchange algorithm. And the two schemes are implemented at source level. The specific research contents and innovations are as follows: 1) deeply studying the organizational structure and working principle of the SSH protocol and the types of security services that SSH can provide. The present situation of key exchange in quantum field and the threat to SSH in the future quantum age are analyzed in detail. In order to effectively solve the threat faced by SSH, two schemes to improve the SSH protocol are designed. The first scheme is based on R-LWE authentication key exchange algorithm, which is fast and does not need other cryptographic algorithms. On the basis of the first scheme, the second scheme combines the SHA256 algorithm and the RSA algorithm to design a protocol family against quantum key exchange, which is used to improve the SSH. The second improved method provides the data integrity verification function for key exchange phase. It designs and implements the above two improved schemes, and carries out a lot of connection test and security verification work on the developed system. The experimental results show that the two improved schemes can provide resistance to quantum attacks without reducing the performance and security of the original SSH. The second improved scheme has higher security performance.
【學位授予單位】：北京交通大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TN918.4

【參考文獻】

相關(guān)期刊論文 前6條

1 趙秀鳳;高海英;王愛蘭;;基于RLWE的身份基認證密鑰交換協(xié)議[J];計算機研究與發(fā)展;2016年11期

2 ZHU Weiling;YU Jianping;WANG Ting;ZHANG Peng;XIE Weixin;;Efficient Attribute-Based Encryption from R-LWE[J];Chinese Journal of Electronics;2014年04期

3 陳蘇;劉江;萬鋒;;基于SSH協(xié)議的實驗室網(wǎng)絡(luò)管理系統(tǒng)研究與設(shè)計[J];實驗室科學;2014年04期

4 楊曉元;吳立強;張敏情;張薇;;基于R-LWE的公鑰加密方案[J];通信學報;2013年02期

5 項順伯;;一種基于身份的DH密鑰交換協(xié)議[J];廣東石油化工學院學報;2011年06期

6 楊冕,秦前清,吳娟娟,朱榮,王少宇;Telnet協(xié)議在網(wǎng)絡(luò)視頻監(jiān)控系統(tǒng)中的應用[J];計算機應用研究;2005年04期

相關(guān)碩士學位論文 前5條

1 范友濤;基于RLWE的并行全同態(tài)加密算法研究[D];云南大學;2015年

2 林遠輝;基于口令的三方認證密鑰交換協(xié)議研究[D];山東大學;2014年

3 葉茂;基于格的口令認證密鑰交換協(xié)議和相關(guān)加密算法研究[D];解放軍信息工程大學;2013年

4 李延松;基于VxWorks的應用層SSH安全協(xié)議研究與改進[D];南京航空航天大學;2013年

5 熊克琦;SSH協(xié)議的中間人攻擊研究[D];北京郵電大學;2008年

，

本文編號：1923059