CN101888383A - Method for implementing extensible trusted SSH - Google Patents
Method for implementing extensible trusted SSH Download PDFInfo
- Publication number
- CN101888383A CN101888383A CN2010102225567A CN201010222556A CN101888383A CN 101888383 A CN101888383 A CN 101888383A CN 2010102225567 A CN2010102225567 A CN 2010102225567A CN 201010222556 A CN201010222556 A CN 201010222556A CN 101888383 A CN101888383 A CN 101888383A
- Authority
- CN
- China
- Prior art keywords
- ssh
- message
- msg
- client
- server end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention relates to a method for implementing extensible trusted SSH. A server and a client are equipped with a trusted security chip respectively, and a measurement module and a trusted operating system are installed so as to measure the state of respective platform. A trusted SSH channel can be realized by defining three new message codes in an SSH transmission sub-protocol layer and using a session key which is calculated by the key-exchange algorithm in the SSH transmission sub-protocol layer as a trusted computing remote authentication parameter. The realized trusted channel has two characteristics of transparency of the remote authentication process for the key-exchange algorithm and privacy of platform information of communication parties in the network transmission process.
Description
Technical field
The present invention relates to field of computer information security, be meant a kind of implementing extensible trusted SSH especially.
Background technology
SSH (Secure Shell) agreement is that the network work group of IETF has formulated a security protocol, is used to protect the data of transmitting between client and the server end.The SSH agreement has adopted the hierarchy design, comprises four sub-protocols: SSH transport layer sub-protocol, authentification of user sub-protocol, connexon agreement and file transfer sub-protocol.Preceding two sub-protocols are performed at first successively, and wherein SSH transport layer sub-protocol is responsible for setting up escape way at server end and client, and this sub-protocol comprises protocol version exchange, parameter negotiation and three processes of cipher key change.A session key be will negotiate behind the SSH transport layer sub-protocol end of run, the authentication information of encrypting user authentication phase, the communication data of access phase communicating pair and file transfer phase communication both sides' communication data will be used for.The packet of all sub-protocols of SSH all includes message coding, the scope of message coding is from 1 to 255, RFC 4251 (T.Ylonen and C.Lonvick, " TheSecure Shell Protocol Architecture; " SSH Communications Security Corp, Cisco Systems, RFC 4251, Jan.2006.) provided the defined message coding of SSH agreement.In SSH, communication end point is to decide the measure that will take according to the message coding in the datagram after receiving the other side's packet.Fig. 1 is the cipher key change flow chart of SSH transport layer sub-protocol, the Diffie-Hellman that uses is the Diffie-Hellman algorithm, SSH_MSG_KEXDH_INIT wherein, SSH_MSG_KEXDH_REPLY and SSH_MSG_NEWKEYS are RFC 4253 (T.Ylonen and C.Lonvick, " The Secure Shell Transport Layer Protocol; " SSHCommunications Security Corp, Cisco Systems, RFC 4253, Jan.2006.) Ding Yi message coding, these message codings are represented the type of IP packet related in the key exchange process in Fig. 1.It is to be noted that SSH_MSG_KEXDH_INIT will change the message coding relevant with the Diffie-Hellman that is adopted into SSH_MSG_KEXDH_REPLY among Fig. 1 when using other Diffie-Hellman.
At present, the attack method of many infringement terminals is implemented by various forms of malicious codes rather than by the infringement safe lane, therefore with unknown endpoint communication the time, even passage safe in utilization still may suffer a series of attacks.The safety problem of computerized information is difficult to depend merely on software and solves, in order to solve the existing structural unsafe problems of PC, the TCPA of credible calculating platform alliance (renaming TCG afterwards as) proposes credible calculating platform, and core concept is to introduce credible platform module (the being called credible chip again) TPM with safe storage and encryption function on hardware platform.Credible calculating platform is root of trust with TPM, by credible metric function system platform configuration is measured, safely running situation is recorded in the platform configuration register (PCR) among the TPM then, preserves the tolerance storing daily record SML (storage measurementlog) of the integrity measurement history of having represented the credible platform that is verified simultaneously in system.The long-distance user according to SML judge with relevant PCR value whether this running environment credible, whether some link safety problem occurs, this process is known as remote proving.In the TCG standard, TPM uses proof of identification key A IK (attestation identity key) to prove the identity of oneself, and every entity through the AIK signature all shows the processing of having passed through TPM.For prevent to reset, distort, attack such as personation, the remote proving process uses AIK to guarantee that the information of receiving handles through a certain appointment TPM.Fig. 2 is the flow chart of remote proving agreement of the researcher design of American I BM company.In this remote proving process, verify that at first the requestor generates a 160bit random number and is designated as nonce, and send to the authenticatee; The authenticatee asks the private key SK of built-in TPM with AIK after receiving nonce
AIKPCR value and nonce to appointment sign, and the signature result is designated as Quote, then Quote, SML and AIK public key certificate Cert (AIK) are sent to the checking requestor; Verify that at last the requestor verifies the content that receives, and determines the authenticity of remote computing platform identity and institute's report content thereof.
Utilize the remote proving technology of credible calculating can improve fail safe based on the escape way of SSH agreement, its core concept is that the Internet Key Exchange with remote proving technology and SSH agreement organically combines, thereby realizes the trusted SSH passage.But existing trusted SSH implementation method need be revised the Diffie-Hellman in the SSH agreement, so extensibility is bad.
Summary of the invention
The objective of the invention is to avoid the weak point of above-mentioned existing trusted SSH implementation method and a kind of implementing extensible trusted SSH is provided.This method is by at three new informations codings of SSH transmission sub-protocol layer definition, and SSH is transmitted Diffie-Hellman calculated in the sub-protocol layer the session key parameter as remote proving, realizes the trusted SSH passage.
Technical scheme of the present invention is as follows:
A kind of implementing extensible trusted SSH, encode at three new informations of SSH transmission sub-protocol layer definition: SSH_MSG_RA_INIT, SSH_MSG_RA_OK and SSH_MSG_RA_ERROR, and SSH transmitted Diffie-Hellman calculated in the sub-protocol layer the session key parameter as credible calculating remote proving, the concrete steps of method are as follows:
Step 1, client at first generate a Diffie-Hellman algorithm parameter, and note is made e, and the user end to server end sends a message that has the SSH_MSG_KEXDH_INIT message coding then, and this message only comprises e; Wherein SSH_MSG_KEXDH_INIT is the message coding of definition among the RFC 4253;
After step 2, server end are received the SSH_MSG_KEXDH_INIT message of client, at first generate a Diffie-Hellman algorithm parameter, note is made f; Server end generates session key according to e and f then, and note is made Skey; Send at last have the SSH_MSG_KEXDH_REPLY message coding message to client and enter step 3, this message comprises the signing messages of f and server end; Wherein SSH_MSG_KEXDH_REPLY is the message coding of definition among the RFC 4253;
Step 3, server end carries out the SHA-1 Hash operation to Skey, and the result is designated as h_Skey, utilizes among the TPM then
To character string PCR
s|| h_Skey signs, and signature result note is made sign
s, and with Skey as symmetric cryptographic key, to SML
sEncrypt, the result is designated as Senc; The message that transmission at last has the SSH-MSG_RA_INIT message coding is to client, and this message comprises Senc, sign
s,
PCR wherein
sBe the PCR content that representative server is held station information level with both hands among the safety chip TPM, || representative couples together two character strings,
With
Be respectively private key and the public key certificate of server end AIK, SML
sThe tolerance storing daily record of expression server end platform;
Step 4, client are at first verified the signature in the message after receiving the SSH_MSG_KEXDH_REPLY message of server end, if it is incorrect to sign, then stop communicating by letter with server end; Otherwise client has also generated session key according to e and f, and note is made Ckey; Enter step 5;
After step 5, client are received the SSH_MSG_RA_INIT message of server end, at first checking
Validity and legitimacy, if the checking do not pass through, then enter step 6; If the verification passes, then utilize
In PKI
From sign
sMiddle h_Skey and the PCR that obtains in the step 3
sThen Ckey is carried out the SHA-1 Hash operation, the result is designated as h_Ckey, and judges that whether h_Ckey and h_Skey mate, if do not match, then enter step 6; If coupling then utilizes Ckey deciphering Senc to obtain SML in the step 3
s, according to SML
sEnd value c_PCR is calculated and obtained to the whole integrity measurement process of reconstruct server end
s, and judge c_PCR
sWith PCR
sWhether mate,, then enter step 6 if do not match; If coupling then enters step 7; Wherein
PKI for server end AIK;
Step 6, client send the message that has the SSH_MSG_RA_ERROR message coding and communicate by letter with server end to server end and termination;
Step 7, client is utilized among the TPM
To PCR
c|| h_Ckey signs, and signature result note is made sign
cUse Ckey as symmetric cryptographic key, to SML then
cEncrypt, the result is designated as Cenc; The message that transmission at last has the SSH_MSG_RA_INIT message coding is to server end, and this message comprises Cenc, sign
c,
PCR wherein
cBe the PCR content of representing client platform information among the safety chip TPM,
With
Be respectively private key and the public key certificate of customer end A IK, SML
cThe tolerance storing daily record of expression client platform;
Step 8 if server end is received the message that client has the SSH_MSG_RA_ERROR message coding, then finishes operation;
After step 9, server end are received the SSH_MSG_RA_INIT message of client, at first checking
Validity and legitimacy, if checking is not passed through, then enter step 10, if the verification passes, then utilize
In PKI
From sign
cMiddle h_Ckey and the PCR that obtains in the step 7
cCheck then whether h_Ckey and h_Skey mate,, then enter step 10 if do not match; If coupling then utilizes Skey deciphering Cenc to obtain SML in the step 7
c, according to SML
cEnd value c_PCR is calculated and obtained to the whole integrity measurement process of reconstruct client
c, and judge c_PCR
cWith PCR
cWhether mate,, then enter step 10 if do not match; If coupling then sends message that has the SSH_MSG_RA_OK message coding and the message that has the SSH_MSG_NEWKEYS message coding to client, and enters step 11; Wherein
Be the PKI of customer end A IK, SSH_MSG_NEWKEYS is the message coding of definition among the RFC 4253, and SSH_MSG_NEWKEYS is the message coding of definition among the RFC 4253;
Step 10, server end send the message that has the SSH_MSG_RA_ERROR message coding and also stop and client communication to client;
Step 11 after if client is received the message that server end has the SSH_MSG_RA_ERROR message coding, then finishes operation; If client is received the message that server end has the SSH_MSG_RA_OK message coding, then transmission has the information of SSH_MSG_NEWKEYS message coding to server end;
Step 12, after server end and client all received the message that has the SSH_MSG_NEWKEYS message coding, key exchange process finished.
Method provided by the present invention has following advantage compared to existing technology: the trusted channel that this method realizes except platform information with communicating pair the characteristic of network secret transmission, also have the characteristic that does not need to revise Diffie-Hellman in the SSH transmission sub-protocol layer, promptly realized the transparency of remote proving process Diffie-Hellman.And realize that credible calculating remote proving and SSH transmit the tighter integration of sub-protocol layer key exchange process, thereby realize the trusted SSH passage.
Description of drawings
Fig. 1 is the cipher key change flow chart of SSH transmission sub-protocol layer;
Fig. 2 is the flow chart of remote proving agreement of the researcher design of American I BM company;
Fig. 3 is the cipher key change flow chart of trusted SSH transmission sub-protocol layer provided by the present invention.
Embodiment
Below by specific embodiment and Fig. 3 the present invention is elaborated.
Method provided by the invention requires server end and client all to be furnished with credible and secure chip on hardware, and the BIOS of server end and client supports TPM; On software, require server end and client that metric module and trusted operating system are installed.The entity that metric module decision is measured, measuring period and security maintenance tolerance result's method, its major function comprise the metric that calculates those entities of being measured, will measure logout to measuring storing daily record and metric being charged to the PCR of appointment among the TPM.The method that metric is charged to PCR is: new PCR value=hash (former PCR value || metric).The tolerance storing daily record comprises at least: information, metric and the measuring period of the entity of being measured.Server end and client all have the public and private key of the AIK of oneself.Method provided by the invention has additionally defined three new information codings at SSH transmission sub-protocol layer: SSH_MSG_RA_INIT, SSH_MSG_RA_OK and SSH_MSG_RA_ERROR.
Below in conjunction with Fig. 3 the cipher key change flow process of trusted SSH transport layer sub-protocol provided by the present invention is elaborated.
Step 1, client at first generate a Diffie-Hellman algorithm parameter, and note is made e, and the user end to server end sends a message that has the SSH_MSG_KEXDH_INIT message coding then, and this message only comprises e.
After step 2, server end are received the SSH_MSG_KEXDH_INIT message of client, at first generate a Diffie-Hellman algorithm parameter, note is made f; Server end generates session key according to e and f then, and note is made Skey; Send at last have the SSH_MSG_KEXDH_REPLY message coding message to client and enter step 3, this message comprises the signing messages of f and server end.
Step 3, server end carries out the SHA-1 Hash operation to Skey, and the result is designated as h_Skey, utilizes among the TPM then
To character string PCR
s|| h_Skey signs, and signature result note is made sign
s, and with Skey as symmetric cryptographic key, to SML
sEncrypt, the result is designated as Senc; The message that transmission at last has the SSH_MSG_RA_INIT message coding is to client, and this message comprises Senc, sign
s,
PCR wherein
sBe the PCR content that representative server is held station information level with both hands among the safety chip TPM, || representative couples together two character strings,
With
Be respectively private key and the public key certificate of server end AIK, SML
sThe tolerance storing daily record of expression server end platform.
Step 4, client are at first verified the signature in the message after receiving the SSH_MSG_KEXDH_REPLY message of server end, if it is incorrect to sign, then stop communicating by letter with server end; Otherwise client has also generated session key according to e and f, and note is made Ckey; Enter step 5;
After step 5, client are received the SSH_MSG_RA_INIT message of server end, at first checking
Validity and legitimacy, if the checking do not pass through, then enter step 6; If the verification passes, then utilize
In PKI
From sign
sMiddle h_Skey and the PCR that obtains in the step 3
sThen Ckey is carried out the SHA-1 Hash operation, the result is designated as h_Ckey, and judges that whether h_Ckey and h_Skey mate, if do not match, then enter step 6; If coupling then utilizes Ckey deciphering Senc to obtain SML in the step 3
s, according to SML
sEnd value c_PCR is calculated and obtained to the whole integrity measurement process of reconstruct server end
s, and judge c_PCR
sWith PCR
sWhether mate,, then enter step 6 if do not match; If coupling then enters step 7; Wherein
PKI for server end AIK.
Step 6, client send the message that has the SSH_MSG_RA_ERROR message coding and communicate by letter with server end to server end and termination.
Step 7, client is utilized among the TPM
To PCR
c|| h_Ckey signs, and signature result note is made sign
cUse Ckey as symmetric cryptographic key, to SML then
cEncrypt, the result is designated as Cenc; The message that transmission at last has the SSH_MSG_RA_INIT message coding is to server end, and this message comprises Cenc, sign
c,
PCR wherein
cBe the PCR content of representing client platform information among the safety chip TPM,
With
Be respectively private key and the public key certificate of customer end A IK, SML
cThe tolerance storing daily record of expression client platform.
Step 8 if server end is received the message that client has the SSH_MSG_RA_ERROR message coding, then finishes operation.
After step 9, server end are received the SSH_MSG_RA_INIT message of client, at first checking
Validity and legitimacy, if checking is not passed through, then enter step 10, if the verification passes, then utilize
In PKI
From sign
cMiddle h_Ckey and the PCR that obtains in the step 7
cCheck then whether h_Ckey and h_Skey mate,, then enter step 10 if do not match; If coupling then utilizes Skey deciphering Cenc to obtain SML in the step 7
c, according to SML
cEnd value c_PCR is calculated and obtained to the whole integrity measurement process of reconstruct client
c, and judge c_PCR
cWith PCR
cWhether mate,, then enter step 10 if do not match; If coupling then sends message that has the SSH_MSG_RA_OK message coding and the message that has the SSH_MSG_NEWKEYS message coding to client, and enters step 11; Wherein
Be the PKI of customer end A IK, SSH_MSG_NEWKEYS is the message coding of definition among the RFC 4253.
Step 10, server end send the message that has the SSH_MSG_RA_ERROR message coding and also stop and client communication to client.
Step 11 after if client is received the message that server end has the SSH_MSG_RA_ERROR message coding, then finishes operation; If client is received the message that server end has the SSH_MSG_RA_OK message coding, then transmission has the information of SSH_MSG_NEWKEYS message coding to server end.
Step 12, after server end and client all received the message that has the SSH_MSG_NEWKEYS message coding, key exchange process finished.
By said method, the trusted channel of realization has following two characteristics, a transparency that is the remote proving process to Diffie-Hellman, and another is the secret of platform information in network transmission process of communicating pair.
Claims (1)
1. implementing extensible trusted SSH, it is characterized in that: encode at three new informations of SSH transmission sub-protocol layer definition: SSH_MSG_RA_INIT, SSH_MSG_RA_OK and SSH_MSG_RA_ERROR, and SSH transmitted Diffie-Hellman calculated in the sub-protocol layer the session key parameter as credible calculating remote proving, the concrete steps of method are as follows:
Step 1, client at first generate a Diffie-Hellman algorithm parameter, and note is made e, and the user end to server end sends a message that has the SSH_MSG_KEXDH_INIT message coding then, and this message only comprises e; Wherein SSH_MSG_KEXDH_INIT is the message coding of definition among the RFC 4253;
After step 2, server end are received the SSH_MSG_KEXDH_INIT message of client, at first generate a Diffie-Hellman algorithm parameter, note is made f; Server end generates session key according to e and f then, and note is made Skey; Send at last have the SSH_MSG_KEXDH_REPLY message coding message to client and enter step 3, this message comprises the signing messages of f and server end; Wherein SSH_MSG_KEXDH_REPLY is the message coding of definition among the RFC 4253;
Step 3, server end carries out the SHA-1 Hash operation to Skey, and the result is designated as h_Skey, utilizes among the TPM then
To character string PCR
s|| h_Skey signs, and signature result note is made sign
s, and with Skey as symmetric cryptographic key, to SML
sEncrypt, the result is designated as Senc; The message that transmission at last has the SSH_MSG_RA_INIT message coding is to client, and this message comprises Senc, sign
s,
PCR wherein
sBe the PCR content that representative server is held station information level with both hands among the safety chip TPM, || representative couples together two character strings,
With
Be respectively private key and the public key certificate of server end AIK, SML
sThe tolerance storing daily record of expression server end platform;
Step 4, client are at first verified the signature in the message after receiving the SSH_MSG_KEXDH_REPLY message of server end, if it is incorrect to sign, then stop communicating by letter with server end; Otherwise client has also generated session key according to e and f, and note is made Ckey; Enter step 5;
After step 5, client are received the SSH_MSG_RA_INIT message of server end, at first checking
Validity and legitimacy, if the checking do not pass through, then enter step 6; If the verification passes, then utilize
In PKI
From sign
sMiddle h_Skey and the PCR that obtains in the step 3
sThen Ckey is carried out the SHA-1 Hash operation, the result is designated as h_Ckey, and judges that whether h_Ckey and h_Skey mate, if do not match, then enter step 6; If coupling then utilizes Ckey deciphering Senc to obtain SML in the step 3
s, according to SML
sEnd value c_PCR is calculated and obtained to the whole integrity measurement process of reconstruct server end
s, and judge c_PCR
sWith PCR
sWhether mate,, then enter step 6 if do not match; If coupling then enters step 7; Wherein
PKI for server end AIK;
Step 6, client send the message that has the SSH_MSG_RA_ERROR message coding and communicate by letter with server end to server end and termination;
Step 7, client is utilized among the TPM
To PCR
c|| h_Ckey signs, and signature result note is made sign
cUse Ckey as symmetric cryptographic key, to SML then
cEncrypt, the result is designated as Cenc; The message that transmission at last has the SSH_MSG_RA_INIT message coding is to server end, and this message comprises Cenc, sign
c,
PCR wherein
cBe the PCR content of representing client platform information among the safety chip TPM,
With
Be respectively private key and the public key certificate of customer end A IK, SML
cThe tolerance storing daily record of expression client platform;
Step 8 if server end is received the message that client has the SSH_MSG_RA_ERROR message coding, then finishes operation;
After step 9, server end are received the SSH_MSG_RA_INIT message of client, at first checking
Validity and legitimacy, if checking is not passed through, then enter step 10, if the verification passes, then utilize
In PKI
From sign
cMiddle h_Ckey and the PCR that obtains in the step 7
cCheck then whether h_Ckey and h_Skey mate,, then enter step 10 if do not match; If coupling then utilizes Skey deciphering Cenc to obtain SML in the step 7
cAccording to SML
cEnd value c_PCR is calculated and obtained to the whole integrity measurement process of reconstruct client
c, and judge c_PCR
cWith PCR
cWhether mate,, then enter step 10 if do not match; If coupling then sends message that has the SSH_MSG_RA_OK message coding and the message that has the SSH_MSG_NEWKEYS message coding to client, and enters step 11; Wherein
Be the PKI of customer end A IK, SSH_MSG_NEWKEYS is the message coding of definition among the RFC 4253, and SSH_MSG_NEWKEYS is the message coding of definition among the RFC 4253;
Step 10, server end send the message that has the SSH_MSG_RA_ERROR message coding and also stop and client communication to client;
Step 11 after if client is received the message that server end has the SSH_MSG_RA_ERROR message coding, then finishes operation; If client is received the message that server end has the SSH_MSG_RA_OK message coding, then transmission has the information of SSH_MSG_NEWKEYS message coding to server end;
Step 12, after server end and client all received the message that has the SSH_MSG_NEWKEYS message coding, key exchange process finished.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010222556 CN101888383B (en) | 2010-06-30 | 2010-06-30 | Method for implementing extensible trusted SSH |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010222556 CN101888383B (en) | 2010-06-30 | 2010-06-30 | Method for implementing extensible trusted SSH |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101888383A true CN101888383A (en) | 2010-11-17 |
| CN101888383B CN101888383B (en) | 2013-07-31 |
Family
ID=43074104
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010222556 Expired - Fee Related CN101888383B (en) | 2010-06-30 | 2010-06-30 | Method for implementing extensible trusted SSH |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101888383B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102098397A (en) * | 2011-02-28 | 2011-06-15 | 北京交通大学 | Realization method of VoIP (Voice-over-IP) media stream trusted transmission based on Zimmermann Real-Time Transport Protocol key exchange |
| CN102137103A (en) * | 2011-03-09 | 2011-07-27 | 北京交通大学 | Method for realizing trusted transmission of voice over internet phone (VoIP) media stream by expanding MIKEY protocol |
| CN103647654A (en) * | 2013-12-25 | 2014-03-19 | 国家电网公司 | Trusted computing based power distribution terminal key management method |
| CN113132406A (en) * | 2021-04-29 | 2021-07-16 | 山东云天安全技术有限公司 | Detection method, device and medium for discovering network threat based on SSH flow |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1625105A (en) * | 2003-12-02 | 2005-06-08 | 国际商业机器公司 | Information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus |
| CN101022455A (en) * | 2006-12-26 | 2007-08-22 | 北京大学 | Web communication encrypting method |
| CN101437022A (en) * | 2007-11-14 | 2009-05-20 | 丛林网络公司 | Server initiated secure network connection |
| CN101741842A (en) * | 2009-12-07 | 2010-06-16 | 北京交通大学 | Method for realizing dependable SSH based on dependable computing |
-
2010
- 2010-06-30 CN CN 201010222556 patent/CN101888383B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1625105A (en) * | 2003-12-02 | 2005-06-08 | 国际商业机器公司 | Information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus |
| CN101022455A (en) * | 2006-12-26 | 2007-08-22 | 北京大学 | Web communication encrypting method |
| CN101437022A (en) * | 2007-11-14 | 2009-05-20 | 丛林网络公司 | Server initiated secure network connection |
| CN101741842A (en) * | 2009-12-07 | 2010-06-16 | 北京交通大学 | Method for realizing dependable SSH based on dependable computing |
Non-Patent Citations (2)
| Title |
|---|
| T. YLONEN 等: "《rfc 4253: The Secure Shell (SSH) Transport Layer Protocol》", 31 January 2006 * |
| T. YLONEN 等: "《rfc 4253: The Secure Shell (SSH) Transport Layer Protocol》", 31 January 2006, article "rfc 4253: The Secure Shell (SSH) Transport Layer Protocol" * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102098397A (en) * | 2011-02-28 | 2011-06-15 | 北京交通大学 | Realization method of VoIP (Voice-over-IP) media stream trusted transmission based on Zimmermann Real-Time Transport Protocol key exchange |
| CN102137103A (en) * | 2011-03-09 | 2011-07-27 | 北京交通大学 | Method for realizing trusted transmission of voice over internet phone (VoIP) media stream by expanding MIKEY protocol |
| CN103647654A (en) * | 2013-12-25 | 2014-03-19 | 国家电网公司 | Trusted computing based power distribution terminal key management method |
| CN103647654B (en) * | 2013-12-25 | 2017-07-14 | 国家电网公司 | A kind of power distribution terminal key management method based on trust computing |
| CN113132406A (en) * | 2021-04-29 | 2021-07-16 | 山东云天安全技术有限公司 | Detection method, device and medium for discovering network threat based on SSH flow |
| CN113132406B (en) * | 2021-04-29 | 2022-06-07 | 山东云天安全技术有限公司 | Detection method, device and medium for discovering network threat based on SSH flow |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101888383B (en) | 2013-07-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Bera et al. | Designing blockchain-based access control protocol in IoT-enabled smart-grid system | |
| US20210367753A1 (en) | Trusted measurement and control network authentication method based on double cryptographic values and chaotic encryption | |
| CN101741842B (en) | Method for realizing dependable SSH based on dependable computing | |
| Chen et al. | A bilinear map pairing based authentication scheme for smart grid communications: Pauth | |
| JP2019531630A (en) | Method and system for data security based on quantum communication and trusted computing | |
| Delavar et al. | PUF‐based solutions for secure communications in Advanced Metering Infrastructure (AMI) | |
| US20120072717A1 (en) | Dynamic identity authentication system | |
| CN109687965A (en) | The real name identification method of subscriber identity information in a kind of protection network | |
| Sani et al. | Xyreum: A high-performance and scalable blockchain for iiot security and privacy | |
| Obert et al. | Recommendations for trust and encryption in DER interoperability standards | |
| CN101888383B (en) | Method for implementing extensible trusted SSH | |
| CN101789939B (en) | Effective realization method for credible OpenSSH | |
| Zhang et al. | Authentication methods for internet of vehicles based on trusted connection architecture | |
| Amintoosi et al. | TAMA: three-factor authentication for multi-server architecture | |
| Khashan et al. | Blockchain-Based Decentralized Authentication Model for IoT-Based E-Learning and Educational Environments. | |
| CN102098397A (en) | Realization method of VoIP (Voice-over-IP) media stream trusted transmission based on Zimmermann Real-Time Transport Protocol key exchange | |
| CN101834852B (en) | Realization method of credible OpenSSH for protecting platform information | |
| CN102137103A (en) | Method for realizing trusted transmission of voice over internet phone (VoIP) media stream by expanding MIKEY protocol | |
| Xu et al. | A decentralized lightweight authentication protocol under blockchain | |
| Shahidinejad et al. | Decentralized lattice-based device-to-device authentication for the edge-enabled IoT | |
| Ashraf et al. | Lightweight and authentic symmetric session key cryptosystem for client–server mobile communication | |
| Yilmaz et al. | A two-flights mutual authentication for energy-constrained iot devices | |
| Thungon et al. | A lightweight certificate-based authentication scheme for 6LoWPAN-based internet of things | |
| Lee et al. | Secure and Anonymous Authentication Scheme for Mobile Edge Computing Environments | |
| Basic et al. | Establishing Dynamic Secure Sessions for ECQV Implicit Certificates in Embedded Systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130731 Termination date: 20140630 |
|
| EXPY | Termination of patent right or utility model |