CN101741842B - Method for realizing dependable SSH based on dependable computing - Google Patents

Method for realizing dependable SSH based on dependable computing Download PDF

Info

Publication number
CN101741842B
CN101741842B CN2009102417827A CN200910241782A CN101741842B CN 101741842 B CN101741842 B CN 101741842B CN 2009102417827 A CN2009102417827 A CN 2009102417827A CN 200910241782 A CN200910241782 A CN 200910241782A CN 101741842 B CN101741842 B CN 101741842B
Authority
CN
China
Prior art keywords
pcr
hash
client
server end
sml
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2009102417827A
Other languages
Chinese (zh)
Other versions
CN101741842A (en
Inventor
常晓林
左向晖
韩臻
刘吉强
刘新明
邢彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jiaotong University
Original Assignee
Beijing Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jiaotong University filed Critical Beijing Jiaotong University
Priority to CN2009102417827A priority Critical patent/CN101741842B/en
Publication of CN101741842A publication Critical patent/CN101741842A/en
Application granted granted Critical
Publication of CN101741842B publication Critical patent/CN101741842B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Computer And Data Communications (AREA)

Abstract

The invention provides a method for realizing dependable SSH based on dependable computing. The method integrates remote authentication of the dependable computing with key exchange of an SSH protocol so as to closely combine platform status information verification with session key negotiation; and the method enhances the security of data at a communication end point on the premise that safe transmission of the data is ensured. The method requires that both a server and a client are provided with dependable security chips; and the platform status can be measured by a measurement module and a dependable operating system. The method can not only effectively prevent the security threat that the communication with an unknown end point by using a security channel may undergo various attacks in the SSH protocol, but also effectively protect against replay attack, impersonation attack and man-in-the-middle attack.

Description

A kind of method that realizes trusted SSH based on Trusted Computing
Technical field
The present invention relates to field of computer information security, be meant a kind of method that realizes trusted SSH based on Trusted Computing especially.
Background technology
SSH (Secure Shell) agreement is that the network work group of IETF has formulated a security protocol, is used to protect the data of transmitting between client and the server end.The SSH agreement has adopted the hierarchy design, comprises four sub-protocol: SSH transport layer sub-protocol, authentification of user sub-protocol, connexon agreement and file transfer sub-protocol.Preceding two sub-protocol are performed at first successively; Wherein SSH transport layer sub-protocol is responsible for setting up escape way the server and client side; This sub-protocol comprises protocol version exchange, parameter negotiation (comprising the series of algorithms of using in key exchange method and the key exchange process) and three processes of key change; A session key be will negotiate behind this sub-protocol end of run, the authentication information of encrypting user authentication phase, the communication data of access phase communicating pair and file transfer phase communication both sides' communication data will be used for.Fig. 1 is the flow chart of the transport layer sub-protocol of SSH protocol specification definition, wherein k cAnd k sBe respectively the key that the client and server end produces, sign sThe signing messages of representative server, the public key certificate of Cert (server) representative server.The SSH agreement can be used for remote command execution, the telefile transmission of safety, the TCP/IP port of safe Telnet, safety and transmits or the like.Though the SSH agreement allows server and client to carry out authentication each other; But the SSH agreement is not considered the communication terminal fail safe of (comprising the server and client side); Do not provide protection not do checking to the software that moves on the terminal yet, that is to say that present SSH protocol specification do not realize trusted channel.Trusted channel is the secured communication channel that and the software and hardware configuration state at terminal carry out secure binding.
Security threats such as existing P C system is attacked by malicious code easily in network times, information is illegally stolen, data and system's unauthorised broken.The attack method at many infringements terminal is to implement through the malicious code that injects various ways such as virus, worm, wooden horse, spyware, fishing software rather than through the infringement safe lane; Therefore with unknown endpoint communication the time; Even passage safe in utilization still suffers a series of attacks.The safety problem of computerized information is difficult to depend merely on software and solves; In order to solve the existing structural unsafe problems of PC; Fundamentally improve its credibility; The TCPA of credible calculating platform alliance (renaming TCG afterwards as) proposes to guarantee through the fail safe that strengthens existing terminal architecture the safety of whole system, and core concept is on hardware platform, to introduce credible platform module (the being called credible chip again) TPM with safe storage and encryption function.Credible calculating platform is root of trust with TPM; By credible metric function system platform configuration is measured; Safely running situation is recorded in the platform configuration register (PCR) among the TPM then, preserves the historical metric daily record SML (storage measurement log) of integrity measurement that has represented the credible platform of being verified in system simultaneously.The long-distance user according to SML judge with relevant PCR value whether this running environment credible, whether some link safety problem occurs, this process is known as remote proving.In the TCG standard, TPM uses proof of identification key A IK (attestation identity key) to prove the identity of oneself, and every entity through the AIK signature all shows the processing of having passed through TPM.For prevent to reset, distort, attack such as personation, the remote proving process uses AIK to guarantee that the information of receiving handles through a certain appointment TPM.Fig. 2 is the flow chart of remote proving agreement of the researcher design of American I BM company.In this remote proving process, verify that at first the requestor generates a 160bit random number and is designated as nonce, and send to by the verifier; After receiving nonce, asked built-in TPM with the private key SKAIK of AIK value and the nonce of the PCR of appointment to be signed by the verifier, the signature result is designated as Quote, then Quote, SML and AIK public key certificate Cert (AIK) is sent to the checking requestor; Verify that at last the requestor verifies the content that receives, and confirms the authenticity of remote computing platform identity and institute's report content thereof.
Trusted Computing can improve the security intensity of escape way technology through the fail safe that improves the terminal, but also is not applied to the research report or the software of SSH agreement about the remote proving with Trusted Computing at present.
Summary of the invention
The objective of the invention is to avoid above-mentioned weak point of the prior art and a kind of method that realizes trusted SSH based on Trusted Computing is provided.This method is through carrying out organic combination with the remote proving of Trusted Computing and these two processes of key change of SSH agreement; Realized combining closely of platform status information checking and session key agreement; Under the prerequisite of transmission that guarantees data security, strengthened the fail safe of data at communication end point.
The object of the invention can reach through following measure:
A kind of method that realizes trusted SSH based on Trusted Computing; The remote proving of Trusted Computing and these two processes of key change of SSH agreement are carried out organic combination; Thereby the checking of implementation platform state information is combined closely with session key agreement; This method relates to the client and server end, and the concrete steps of its method are following:
Step 1, parameter negotiation: client and server end carry out parameter negotiation, negotiate content except the content of SSH agreement regulation, also comprise the platform status information checking the numbering of the PCR that will use; Client and server end are noted the information of information of receiving in the parameter-negotiation procedure and transmission respectively in addition, and leave Msg in respectively 1 cAnd Msg 1 s
Step 2, client transmission information are given server end: client is at first selected one less than p and greater than 1 positive integer x, calculates k c=g xMod p, and to V_C||V_S||Msg 1 c|| Msg 1 s|| PUK AIK c|| k cCarry out Hash operation, Hash operation result is designated as hash cThe content of the PCR of appointment and be designated as PCR in the obtaining step 1 the safety chip TPM of client from the mainboard that is installed in client place computer then c, use SK AIK cTo PCR c|| hash cSign, signature result note is made sign cAt last will Msg 2 c = ( SML c , k c , Sign c , Cert AIK c ) Send to server end; Wherein p is a big prime number, and g is a positive integer, and V_C and V_S represent the identifier of client and the identifier of server end respectively, symbol || expression link, SK AIK c, PUK AIK cAnd Cert AIK cBe respectively private key, PKI and the public key certificate of customer end A IK, SML cThe metric daily record of expression client platform;
Step 3, the server end checking client: server end is received Msg 2 cAfter, at first verify Cert AIK cValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the checking pass through, then utilize Cert AIK cIn PKI PUK AIK cFrom sign cThe middle SML that obtains in the step 2 c, hash cAnd PCR c, and note is made t_SML respectively s, t_hash sAnd t_PCR sThen to V_C and the V_S and the Msg of self record 1 cAnd Msg 1 s, and received PUK AIK cAnd Msg 2 cIn k cDo Hash operation, the result's note after the Hash operation is made s_hash s, inspection t_hash sAnd s_hash sWhether mate,, then stop key exchange process if do not match; If end value is calculated and obtained to coupling then according to the whole integrity measurement process of t_SML reconstruct client,, note is made s_PCR s, judge s_PCR sWith t_PCR sWhether mate,, then stop key exchange process if do not match; If coupling then gets into step 4;
Step 4, server end transmission information are given client: server end is at first selected one less than p and greater than 1 positive integer y, calculates k s=g yMod p and k Sc=(k c) yMod p, and to V_C||V_S||Msg 1 c|| Msg 1 s|| Msg 2 c|| PUK AIK s|| k c|| k s|| k ScCarry out Hash operation, Hash operation result is designated as hash s, the content of the PCR of appointment in the obtaining step 1 the safety chip TPM of server end from the mainboard that is installed in server place computer then, note is made PCR s, use SK AIK sTo PCR s|| hash sSign, signature result note is made sign sAt last will Msg 2 c = ( SML c , k c , Sign c , Cert AIK c ) Send to client; SK wherein AIK s, PUK AIK sAnd Cert AIK sBe private key, PKI and the public key certificate of server end AIK, SML sThe metric daily record of expression server end platform;
Step 5, the client validation server end: client is received Msg 2 sAfter, at first verify Cert AIK sValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the checking pass through, then utilize Cert AIK sIn PKI PUK AIK sFrom sign sThe middle SML that obtains in the step 4 s, hash sAnd PCR s, and note is made t_SML respectively c, t_hash cAnd t_PCR cCalculate k then Cs=(k s) xMod p, and to V_C and the V_S and the Msg of self record 1 cAnd Msg 1 sAnd Msg 2 cAnd k c, and the PUK that receives AIK sAnd Msg 2 sIn k s, k CsCarry out Hash operation, the result's note after the Hash operation is made c_hash cInspection t_hash cAnd c_hash cWhether mate,, then stop key exchange process if do not match; If coupling is then according to t_SML cFinal value c_PCR is calculated and obtained to the whole integrity measurement process of reconstruct server end c, judge c_PCR cWith t_PCR cWhether mate,, then stop key exchange process if do not match; If coupling then gets into step 6;
Step 6, client and server end are sent " new session key affirmation " confirmation mutually, finish key exchange process.
The present invention compares prior art and has following advantage: this method has been taken precautions against the security threat that utilizes escape way and unknown endpoint communication still possibly suffer various attack that exists in the SSH agreement effectively, has taken precautions against Replay Attack, impersonation attack and man-in-the-middle attack simultaneously effectively.
Description of drawings
Fig. 1 is the flow chart of the transport layer sub-protocol of SSH protocol specification definition;
Fig. 2 is the flow chart of remote proving agreement of the researcher design of American I BM company;
Fig. 3 is a flow chart of having integrated the key exchange method of Fig. 1 and Fig. 2 provided by the present invention.
Specific embodiment
Method provided by the invention supposes that on hardware the server and client side is furnished with credible and secure chip, and server and client side's BIOS supports TPM; The hypothesis server and client side installs metric module and trusted operating system on software.The entity that metric module decision is measured, measuring period and security maintenance tolerance result's method, its major function comprise the metric that calculates those entities of being measured, will measure logout is charged to appointment among the TPM to the metric daily record with metric PCR.The method that metric is charged to PCR is: new PCR value=hash (former PCR value || metric).The metric daily record comprises at least: information, metric and the measuring period of the entity of being measured.
Below in conjunction with Fig. 3 the key change flow process of the SSH agreement of having integrated the Trusted Computing remote proving is elaborated:
Step 1, parameter negotiation: client and server end carry out parameter negotiation, negotiate content except the content of SSH agreement regulation, also comprise the platform status information checking the numbering of the PCR that will use; Client and server end are noted the information of information of receiving in the parameter-negotiation procedure and transmission respectively in addition, and leave Msg in respectively 1 cAnd Msg 1 s
Step 2, client transmission information are given server end: client is at first selected one less than p and greater than 1 positive integer x, calculates k c=g xMod p, and to V_C||V_S||Msg 1 c|| Msg 1 s|| PUK AIK c|| k cCarry out Hash operation, Hash operation result is designated as hash cThe content of the PCR of appointment and be designated as PCR in the obtaining step 1 the safety chip TPM of client from the mainboard that is installed in client place computer then c, use SK AIK cTo PCR c|| hash cSign, signature result note is made sign cAt last will Msg 2 c = ( SML c , k c , Sign c , Cert AIK c ) Send to server end; Wherein p is a big prime number, and g is a positive integer, and V_C and V_S represent the identifier of client and the identifier of server end respectively, symbol || expression link, SK AIK c, PUK AIK cAnd Cert AIK cBe respectively private key, PKI and the public key certificate of customer end A IK, SML cThe metric daily record of expression client platform.
Step 3, the server end checking client: server end is received Msg 2 cAfter, at first verify Cert AIK cValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the checking pass through, then utilize Cert AIK cIn PKI PUK AIK cFrom sign cThe middle SML that obtains in the step 2 c, hash cAnd PCR c, and note is made t_SML respectively s, t_hash sAnd t_PCR sThen to V_C and the V_S and the Msg of self record 1 cAnd Msg 1 s, and received PUK AIK cAnd Msg 2 cIn k cDo Hash operation, the result's note after the Hash operation is made s_hash s, inspection t_hash sAnd s_hash sWhether mate,, then stop key exchange process if do not match; If end value is calculated and obtained to coupling then according to the whole integrity measurement process of t_SML reconstruct client,, note is made s_PCR s, judge s_PCR sWith t_PCR sWhether mate,, then stop key exchange process if do not match; If coupling then gets into step 4.
Step 4, server end transmission information are given client: server end is at first selected one less than p and greater than 1 positive integer y, calculates k s=g yMod p and k Sc=(k c) yMod p, and to V_C||V_S||Msg 1 c|| Msg 1 s|| Msg 2 c|| PUK AIK s|| k c|| k s|| k ScCarry out Hash operation, Hash operation result is designated as hash s, the content of the PCR of appointment in the obtaining step 1 the safety chip TPM of server end from the mainboard that is installed in server place computer then, note is made PCR s, use SK AIK sTo PCR s|| hash sSign, signature result note is made sign sAt last will Msg 2 c = ( SML c , k c , Sign c , Cert AIK c ) Send to client; SK wherein AIK s, PUK AIK sAnd Cert AIK sBe private key, PKI and the public key certificate of server end AIK, SML sThe metric daily record of expression server end platform.
Step 5, the client validation server end: client is received Msg 2 sAfter, at first verify Cert AIK sValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the checking pass through, then utilize Cert AIK sIn PKI PUK AIK sFrom sign sThe middle SML that obtains in the step 4 s, hash sAnd PCR s, and note is made t_SML respectively c, t_hash cAnd t_PCR cCalculate k then Cs=(k s) xMod p, and to V_C and the V_S and the Msg of self record 1 cAnd Msg 1 sAnd Msg 2 cAnd k c, k Cs, and the PUK that receives AIK sAnd Msg 2 sIn k sCarry out Hash operation, the result's note after the Hash operation is made c_hash cInspection t_hash cAnd c_hash cWhether mate,, then stop key exchange process if do not match; If coupling is then according to t_SML cFinal value c_PCR is calculated and obtained to the whole integrity measurement process of reconstruct server end c, judge c_PCR cWith t_PCR cWhether mate,, then stop key exchange process if do not match; If coupling then gets into step 6.
Step 6, client and server end are sent " new session key affirmation " confirmation mutually, finish key exchange process.
Pass through said method; Utilize escape way and unknown endpoint communication that the SSH agreement exists still possibly suffer the safety problem of various attack to obtain effective solution; Realized the SSH trusted channel, and Replay Attack, impersonation attack and man-in-the-middle attack have also obtained effective strick precaution.

Claims (1)

1. method that realizes trusted SSH based on Trusted Computing; It is characterized in that: the remote proving of Trusted Computing and these two processes of key change of SSH agreement are carried out organic combination; Thereby the checking of implementation platform state information is combined closely with session key agreement; This method relates to the client and server end, and the concrete steps of its method are following:
Step 1, parameter negotiation: client and server end carry out parameter negotiation, negotiate content except the content of SSH agreement regulation, also comprise the platform status information checking the numbering of the PCR that will use; Client and server end are noted the information of information of receiving in the parameter-negotiation procedure and transmission respectively in addition, and leave
Figure FSB00000733742200011
and
Figure FSB00000733742200012
respectively in
Step 2, client transmission information are given server end: client is at first selected one less than p and greater than 1 positive integer x, calculates k c=g xMod p, and right
Figure FSB00000733742200013
Carry out Hash operation, Hash operation result is designated as hash cThe content of the PCR of appointment and be designated as PCR in the obtaining step 1 the safety chip TPM of client from the mainboard that is installed in client place computer then c, use To PCR c|| hash cSign, signature result note is made sign cAt last will
Figure FSB00000733742200015
Figure FSB00000733742200016
Send to server end; Wherein p is a big prime number, and g is a positive integer, and V_C and V_S represent the identifier of client and the identifier of server end respectively, symbol || the expression link,
Figure FSB00000733742200017
With
Figure FSB00000733742200018
Be respectively private key, PKI and the public key certificate of customer end A IK, SML cThe metric daily record of expression client platform;
Step 3, the server end checking client: server end is received
Figure FSB00000733742200019
After, at first checking
Figure FSB000007337422000110
Validity and legitimacy, if checking is not passed through, then stop key exchange process, if checking is passed through, then utilize
Figure FSB000007337422000111
In PKI From The middle SML that obtains in the step 2 c, hash cAnd PCR c, and note is made t_SML respectively s, t_hash sAnd t_PCR sThen to the V_C of self record and V_S with
Figure FSB000007337422000114
With
Figure FSB000007337422000115
And it is received
Figure FSB000007337422000116
With
Figure FSB000007337422000117
In k cDo Hash operation, the result's note after the Hash operation is made s_hash s, inspection t_hash sAnd s_hash sWhether mate,, then stop key exchange process if do not match; If coupling is then according to t_SML sEnd value is calculated and obtained to the whole integrity measurement process of reconstruct client, and note is made s_PCR s, judge s_PCR sWith t_PCR sWhether mate,, then stop key exchange process if do not match; If coupling then gets into step 4;
Step 4, server end transmission information are given client: server end is at first selected one less than p and greater than 1 positive integer y, calculates k s=g yMod p and k Sc=(k c) yMod p, and right
Figure FSB00000733742200021
Carry out Hash operation, Hash operation result is designated as hash s, the content of the PCR of appointment in the obtaining step 1 the safety chip TPM of server end from the mainboard that is installed in server place computer then, note is made PCR s, use
Figure FSB00000733742200022
To PCR s|| hash sSign, signature result note is made sign sAt last will
Figure FSB00000733742200023
Send to client; Wherein With
Figure FSB00000733742200025
Be private key, PKI and the public key certificate of server end AIK, SML sThe metric daily record of expression server end platform;
Step 5, the client validation server end: client is received
Figure FSB00000733742200026
After, at first checking Validity and legitimacy, if checking is not passed through, then stop key exchange process, if checking is passed through, then utilize
Figure FSB00000733742200028
In PKI From
Figure FSB000007337422000210
The middle SML that obtains in the step 4 s, hash sAnd PCR s, and note is made t_SML respectively c, t_hash cAnd t_PCR cCalculate k then Cs=(k s) xMod p, and to the V_C of self record and V_S with
Figure FSB000007337422000211
With
Figure FSB000007337422000212
With
Figure FSB000007337422000213
And k c, and receive With
Figure FSB000007337422000215
In k s, k CsCarry out Hash operation, the result's note after the Hash operation is made c_hash cInspection t_hash cAnd c_hash cWhether mate,, then stop key exchange process if do not match; If coupling is then according to t_SML cFinal value c_PCR is calculated and obtained to the whole integrity measurement process of reconstruct server end c, judge c_PCR cWith t_PCR cWhether mate,, then stop key exchange process if do not match; If coupling then gets into step 6;
Step 6, client and server end are sent " new session key affirmation " confirmation mutually, finish key exchange process.
CN2009102417827A 2009-12-07 2009-12-07 Method for realizing dependable SSH based on dependable computing Expired - Fee Related CN101741842B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009102417827A CN101741842B (en) 2009-12-07 2009-12-07 Method for realizing dependable SSH based on dependable computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009102417827A CN101741842B (en) 2009-12-07 2009-12-07 Method for realizing dependable SSH based on dependable computing

Publications (2)

Publication Number Publication Date
CN101741842A CN101741842A (en) 2010-06-16
CN101741842B true CN101741842B (en) 2012-07-04

Family

ID=42464728

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009102417827A Expired - Fee Related CN101741842B (en) 2009-12-07 2009-12-07 Method for realizing dependable SSH based on dependable computing

Country Status (1)

Country Link
CN (1) CN101741842B (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101888383B (en) * 2010-06-30 2013-07-31 北京交通大学 Method for implementing extensible trusted SSH
CN101902472B (en) * 2010-07-09 2013-04-24 北京工业大学 Method for pushing remote declaration based on behaviors in trusted network
JP2014090372A (en) * 2012-10-31 2014-05-15 Sony Corp Information processing device, information processing system, information processing method, and computer program
CN104333451A (en) * 2014-10-21 2015-02-04 广东金赋信息科技有限公司 Trusted self-help service system
US10019604B2 (en) 2014-10-31 2018-07-10 Xiaomi Inc. Method and apparatus of verifying terminal and medium
CN104394129B (en) * 2014-11-05 2017-10-17 中国科学院声学研究所 The acquisition method and device of Secure Shell SSH2 protocol datas
US10503894B2 (en) * 2016-08-30 2019-12-10 Ncr Corporation Secure process impersonation
CN108111301B (en) * 2017-12-13 2021-06-15 中国联合网络通信集团有限公司 Method and system for realizing SSH protocol based on post-quantum key exchange
CN111654371A (en) * 2020-06-16 2020-09-11 可信计算科技(苏州)有限公司 Trusted computing-based hybrid encryption secure data transmission method
CN112491867B (en) * 2020-11-24 2021-11-12 北京航空航天大学 SSH man-in-the-middle attack detection system based on session similarity analysis
CN112685779A (en) * 2020-12-31 2021-04-20 天津南大通用数据技术股份有限公司 Static credibility judgment method for executing main keywords of select statement based on database
CN114500085B (en) * 2022-02-21 2023-03-07 河南科技大学 Remote certification method for multimedia edge cloud security
CN115085966B (en) * 2022-04-28 2024-04-05 麒麟软件有限公司 Method for establishing remote trusted connection of peers
CN116049826B (en) * 2022-06-09 2023-10-13 荣耀终端有限公司 TPM-based data protection method, electronic equipment and storage medium
CN115348070B (en) * 2022-08-10 2024-01-30 中国电信股份有限公司 Data packet processing method and device, electronic equipment and storage medium
CN115378740B (en) * 2022-10-25 2023-02-21 麒麟软件有限公司 Method for realizing bidirectional authentication login based on trusted opennsh

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101217549A (en) * 2008-01-17 2008-07-09 赵运磊 A SSH transport layer certification protocol of high efficiency, non-forging and without digital signature
CN101437022A (en) * 2007-11-14 2009-05-20 丛林网络公司 Server initiated secure network connection

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101437022A (en) * 2007-11-14 2009-05-20 丛林网络公司 Server initiated secure network connection
CN101217549A (en) * 2008-01-17 2008-07-09 赵运磊 A SSH transport layer certification protocol of high efficiency, non-forging and without digital signature

Also Published As

Publication number Publication date
CN101741842A (en) 2010-06-16

Similar Documents

Publication Publication Date Title
CN101741842B (en) Method for realizing dependable SSH based on dependable computing
ES2509040T3 (en) Method for a reliable network connection based on authentication between three elements of the same level
CN100553212C (en) A kind of reliable network access control system of differentiating based on the ternary equity
US8438631B1 (en) Security enclave device to extend a virtual secure processing environment to a client device
CN100496025C (en) Ternary equal identification based reliable network access control method
EP2426853B1 (en) Platform authentication method suitable for trusted network connect architecture based on tri-element peer authentication
EP2973168A1 (en) Systems, methods and apparatuses for remote attestation
WO2018089136A1 (en) System and method for transparent multi-factor authentication and security posture checking
Obert et al. Recommendations for trust and encryption in DER interoperability standards
Sani et al. Xyreum: A high-performance and scalable blockchain for iiot security and privacy
WO2014105914A1 (en) Security enclave device to extend a virtual secure processing environment to a client device
CN101610273B (en) Secure remote certification method
CN108390866B (en) Trusted remote certification method and system based on double-agent bidirectional anonymous authentication
Mumtaz et al. An RSA based authentication system for smart IoT environment
Sani et al. SPrivAD: A secure and privacy-preserving mutually dependent authentication and data access scheme for smart communities
Fongen et al. Integrity attestation in military IoT
CN113630244A (en) End-to-end safety guarantee method facing communication sensor network and edge server
CN101888383B (en) Method for implementing extensible trusted SSH
CN102098397A (en) Realization method of VoIP (Voice-over-IP) media stream trusted transmission based on Zimmermann Real-Time Transport Protocol key exchange
CN116707983A (en) Authorization authentication method and device, access authentication method and device, equipment and medium
Yu et al. A trusted remote attestation model based on trusted computing
CN115834149A (en) Numerical control system safety protection method and device based on state cryptographic algorithm
CN101834852A (en) Realization method of credible OpenSSH for protecting platform information
Aziz et al. Extending TLS with Mutual Attestation for Platform Integrity Assurance.
CN102223635B (en) WLAN (wireless local area network) credible transmission realization method based on 802.1x authentication protocol

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120704

Termination date: 20121207