0% found this document useful (0 votes)
6 views8 pages

16 SSL Part2

The document provides an overview of Secure Shell (SSH), detailing its structure and functionality, including its three main protocols: Transport Layer Protocol, User Authentication Protocol, and Connection Protocol. It explains how SSH ensures secure remote logon and client/server communication through server authentication, data confidentiality, and integrity. Additionally, it outlines the cryptographic algorithms used in SSH for secure data transmission.

Uploaded by

AMAR PREET
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
6 views8 pages

16 SSL Part2

The document provides an overview of Secure Shell (SSH), detailing its structure and functionality, including its three main protocols: Transport Layer Protocol, User Authentication Protocol, and Connection Protocol. It explains how SSH ensures secure remote logon and client/server communication through server authentication, data confidentiality, and integrity. Additionally, it outlines the cryptographic algorithms used in SSH for secure data transmission.

Uploaded by

AMAR PREET
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

System and Network Security

Dr. Ashok Kumar Das

Professor
Center for Security, Theory and Algorithmic Research
International Institute of Information Technology, Hyderabad
E-mail: [email protected]
URL: https://www.iiit.ac.in/faculty/ashok-kumar-das/
https://sites.google.com/view/iitkgpakdas/

Dr. Ashok Kumar Das (IIIT Hyderabad) System and Network Security 1 / 26
Transport-Level Security

Dr. Ashok Kumar Das (IIIT Hyderabad) System and Network Security 2 / 26
Secure Shell (SSH)
Secure Shell (SSH) provides secure remote logon and other secure
client/server facilities.
Client
Server

Client Server
application application

x y
TCP Unsecure TCP connection TCP
entity entity

(a) Connection via TCP

Client Server
application application

x y
Secure SSH Tunnel
SSH SSH
entity entity

a b
TCP Unsecure TCP connection TCP
entity entity

(b) Connection via SSH tunnel


Figure 16.12 SSH ransport Layer Packet Exchanges

Dr. Ashok Kumar Das (IIIT Hyderabad) System and Network Security 3 / 26
Secure Shell (SSH)

SSH is organized as three protocols that typically run on top of TCP:


Transport Layer Protocol: Provides server authentication, data
confidentiality, and data integrity with forward secrecy (i.e., if a key
is compromised during one session, the knowledge does not
affect the security of earlier sessions). The transport layer may
optionally provide compression.
User Authentication Protocol: Authenticates the user to the
server.
Connection Protocol: Multiplexes multiple logical
communications channels over a single, underlying SSH
connection.

Dr. Ashok Kumar Das (IIIT Hyderabad) System and Network Security 4 / 26
SSH Protocol Stack

SSH User SSH


Authentication Protocol Connection Protocol
Authenticates the client-side Multiplexes the encrypted
user to the server. tunnel into several logical
channels.
SSH Transport Layer Protocol
Provides server authentication, confidentiality, and integrity.
It may optionally also provide compression.

TCP
Transmission control protocol provides reliable, connection-
oriented end-to-end delivery.

IP
Internet protocol provides datagram delivery across
multiple networks.

Dr. Ashok Kumar Das (IIIT Hyderabad) System and Network Security 5 / 26
SSH Transport Layer Protocol Packet Exchanges

Client
Server

Establish TCP Connection

SSH-protoversion-softwareversion
Identification string
exchange SSH-protoversion-softwareversion

SSH_MSG_KEXINIT
Algorithm
negotiation SSH_MSG_KEXINIT

Key Exchange

SSH_MSG_NEWKEYS
End of
key exchange SSH_MSG_NEWKEYS

Service SSH_MSG_SERVICE_REQUEST
request

Dr. Ashok Kumar Das (IIIT Hyderabad) System and Network Security 6 / 26
SSH Transport Layer Protocol Packet Formation
Payload

COMPRESS

seq # pktl pdl Compressed payload padding

ENCRYPT MAC

Ciphertext

SSH Packet

pktl = packet length


pdl = padding length

Dr. Ashok Kumar Das (IIIT Hyderabad) System and Network Security 7 / 26
SSH Transport Layer Cryptographic Algorithms
Cipher MAC algorithm
3des-cbc* Three-key 3DES in hmac-sha1* HMAC-SHA1; digest length =
CBC mode key length = 20

blowfish-cbc Blowfish in CBC mode hmac-sha1-96** First 96 bits of HMAC-SHA1;


digest length = 12; key length = 20

twofish256-cbc Twofish in CBC mode hmac-md5 HMAC-SHA1; digest length =


with a 256-bit key key length = 16

twofish192-cbc Twofish with a 192-bit key hmac-md5-96 First 96 bits of HMAC-SHA1;


digest length = 12; key length = 16

twofish128-cbc Twofish with a 128-bit key

aes256-cbc AES in CBC mode with a Compression algorithm


256-bit key

aes192-cbc AES with a 192-bit key none* No compression

aes128-cbc** AES with a 128-bit key zlib Defined in RFC 1950 and
RFC 1951

Serpent256-cbc Serpent in CBC mode


with a 256-bit key

Serpent192-cbc Serpent with a 192-bit key

Serpent128-cbc Serpent with a 128-bit key

arcfour RC4 with a 128-bit key

cast128-cbc CAST-128 in CBC mode

* = Required
** = Recommended
Dr. Ashok Kumar Das (IIIT Hyderabad) System and Network Security 8 / 26

You might also like