發(fā)布時間：2019-04-13 09:02

【摘要】：隨著計算機網(wǎng)絡(luò)技術(shù)特別是Internet技術(shù)的發(fā)展,網(wǎng)絡(luò)安全問題日益受到人們的重視,網(wǎng)絡(luò)安全協(xié)議的設(shè)計與分析成為當前人們研究的熱點,網(wǎng)絡(luò)安全協(xié)議如SSH、IPSec、TLS在保證數(shù)據(jù)傳輸安全性方面起到的關(guān)鍵作用越來越受到關(guān)注。SSH作為一種通用且可擴展的安全協(xié)議,加密網(wǎng)絡(luò)中傳輸?shù)臄?shù)據(jù),一定程度上降低了竊聽等部分網(wǎng)絡(luò)攻擊的成功概率與危害。然而,惡意用戶的攻擊手段越來越復(fù)雜,現(xiàn)有的計算機系統(tǒng)很容易遭受到惡意攻擊。由于傳統(tǒng)的SSH協(xié)議面臨著一些安全威脅,惡意用戶可以利用SSH對遠程的服務(wù)器進行攻擊�？尚庞嬎慵夹g(shù)可以通過提高平臺安全性來提高網(wǎng)絡(luò)安全協(xié)議的安全強度,遠程證明技術(shù)保證遠程不可信計算平臺上的代碼未被篡改,但如果直接應(yīng)用到傳統(tǒng)的SSH協(xié)議中會帶來高延遲、低效等缺點。為達到增強協(xié)議通信終端安全性的目的并盡量減少對通信的影響,本文提出了一種基于第三方平臺進行可信證明的SSH協(xié)議,旨在將傳統(tǒng)SSH協(xié)議結(jié)合可信計算平臺的遠程證明技術(shù),增強通信雙方的可信與安全特性的同時,不會降低傳統(tǒng)SSH協(xié)議的機密性、完整性和可用性。本文首先研究了網(wǎng)絡(luò)安全協(xié)議與可信計算的發(fā)展;然后詳細論述SSH協(xié)議與可信計算的研究基礎(chǔ);重點分析SSH協(xié)議面臨的安全風險。為達到設(shè)計目標,本文在傳統(tǒng)SSH協(xié)議之上,結(jié)合第三方平臺對終端進行可信證明,形成可信SSH協(xié)議,并在OpenSSH基礎(chǔ)上實現(xiàn)了此協(xié)議。為了證明本可信協(xié)議的安全特性,本文隨后研究了安全協(xié)議的驗證方法;對本可信協(xié)議部分進行了形式化分析;并對不同類型的攻擊下的防范能力進行了論述分析和攻擊實驗驗證。經(jīng)過總結(jié)分析,相較于傳統(tǒng)SSH協(xié)議,此協(xié)議的安全性和可信性有所提高,且沒有明顯降低連接效率。此協(xié)議對可信協(xié)議的發(fā)展有著積極的意義。
[Abstract]:With the development of computer network technology, especially Internet technology, the problem of network security has been paid more and more attention by people. The design and analysis of network security protocol has become the focus of research, such as network security protocol such as SSH,IPSec,. As a universal and extensible security protocol, TLS encrypts the data transmitted in the network. To a certain extent, the successful probability and harm of some network attacks such as eavesdropping are reduced. However, the attack methods of malicious users become more and more complex, and the existing computer systems are vulnerable to malicious attacks. Because the traditional SSH protocol faces some security threats, malicious users can use SSH to attack remote servers. Trusted computing technology can improve the security intensity of network security protocol by improving platform security. Remote proof technology ensures that the code on remote untrusted computing platform is not tampered with. However, if directly applied to the traditional SSH protocol, it will bring high latency, low efficiency and other shortcomings. In order to enhance the security of protocol communication terminals and minimize the impact on communication, this paper proposes a SSH protocol based on third-party platform for trusted authentication. The purpose of this paper is to combine the traditional SSH protocol with the trusted computing platform to enhance the trusted and secure characteristics of both sides of the communication, without reducing the confidentiality, integrity and availability of the traditional SSH protocol. This paper first studies the development of network security protocol and trusted computing, then discusses the research foundation of SSH protocol and trusted computing in detail, and emphatically analyzes the security risk of SSH protocol. In order to achieve the design goal, this paper based on the traditional SSH protocol, combined with the third-party platform to carry on the trusted proof to the terminal, forms the trusted SSH protocol, and realizes this protocol on the basis of OpenSSH. In order to prove the security characteristics of the trusted protocol, the verification method of the security protocol is studied, and the formal analysis of the trusted protocol is carried out. At the same time, the defensive ability of different types of attacks is analyzed and verified by experiments. Compared with the traditional SSH protocol, the security and credibility of this protocol are improved, and the connection efficiency is not significantly reduced. This agreement has positive significance to the development of trusted protocol.
【學位授予單位】：北京交通大學
【學位級別】：碩士
【學位授予年份】：2017
【分類號】：TP393.08

【參考文獻】

相關(guān)期刊論文 前8條

1 鐘軍;吳雪陽;江一民;段光明;;一種安全協(xié)議的安全性分析及攻擊研究[J];計算機工程與科學;2014年06期

2 常曉林;秦英;邢彬;左向暉;;SSH可信信道安全屬性的形式化驗證[J];北京交通大學學報;2012年02期

3 劉孜文;馮登國;;基于可信計算的動態(tài)完整性度量架構(gòu)[J];電子與信息學報;2010年04期

4 李莉;曾國蓀;陳波;;開放網(wǎng)絡(luò)環(huán)境下的屬性遠程證明[J];計算機應(yīng)用;2008年01期

5 沈昌祥;張煥國;馮登國;曹珍富;黃繼武;;信息安全綜述[J];中國科學(E輯:信息科學);2007年02期

6 薛銳;馮登國;;安全協(xié)議的形式化分析技術(shù)與方法[J];計算機學報;2006年01期

7 張煥明,宋振鋒;SSH協(xié)議分析[J];暨南大學學報(自然科學與醫(yī)學版);2003年03期

8 張杰,戴英俠;SSH協(xié)議的發(fā)展與應(yīng)用研究[J];計算機工程;2002年10期

，

本文編號：2457428