基于信任链技术的SSH 传输层协议改进

Xingguo Wang; Yunxiao Sun; Bailing Wang

doi:10.11896/jsjkx.231200187

基于信任链技术的SSH 传输层协议改进

Translated title of the contribution: Improvement of SSH Transport Layer Protocol Based on Chain of Trust

Xingguo Wang
, Yunxiao Sun
, Bailing Wang^*

^*Corresponding author for this work

School of Computer Science and Technology (School of Software)

School of Computer Science and Technology, Harbin Institute of Technology

Research output: Contribution to journal › Article › peer-review

1 Scopus citations

Abstract

Host keys are identification of SSH servers. Users are required to check host key fingerprints to authenticate SSH servers. However, users often ignore the process of checking fingerprints when using SSH, making man-in-the-middle attacks based on host key replacement possible. In this regard,an improvement scheme of the SSH transport layer protocol is proposed based on the chain of trust. In the scheme,a chain of trust is established by signing the new host key with the old host key. The improved SSH protocol can solve the trust problem of new host keys without the need for users to check fingerprints, so as to achieve identity authentication of servers, which greatly reduces the risk of man-in-the-middle attacks. Finally, using Pro Verify to analyze the improved protocol, verification results show that the improved protocol satisfies confidentiality and authentication,and can resist man-in-the-middle attacks.

Translated title of the contribution	Improvement of SSH Transport Layer Protocol Based on Chain of Trust
Original language	Chinese (Traditional)
Pages (from-to)	353-361
Number of pages	9
Journal	Computer Science
Volume	52
Issue number	2
DOIs	https://doi.org/10.11896/jsjkx.231200187
State	Published - 15 Feb 2025

Access to Document

10.11896/jsjkx.231200187

Cite this

@article{addf19c1ddaa49cf9cb5a48368888997,

title = "基于信任链技术的SSH 传输层协议改进",

abstract = "Host keys are identification of SSH servers. Users are required to check host key fingerprints to authenticate SSH servers. However, users often ignore the process of checking fingerprints when using SSH, making man-in-the-middle attacks based on host key replacement possible. In this regard,an improvement scheme of the SSH transport layer protocol is proposed based on the chain of trust. In the scheme,a chain of trust is established by signing the new host key with the old host key. The improved SSH protocol can solve the trust problem of new host keys without the need for users to check fingerprints, so as to achieve identity authentication of servers, which greatly reduces the risk of man-in-the-middle attacks. Finally, using Pro Verify to analyze the improved protocol, verification results show that the improved protocol satisfies confidentiality and authentication,and can resist man-in-the-middle attacks.",

keywords = "Chain of trust, Fromal analysis, Man-in-the-middle attack, Secure shell, Security protocol",

author = "Xingguo Wang and Yunxiao Sun and Bailing Wang",

year = "2025",

month = feb,

day = "15",

doi = "10.11896/jsjkx.231200187",

language = "繁体中文",

volume = "52",

pages = "353--361",

journal = "Computer Science",

issn = "1002-137X",

publisher = "Editorial office of Computer Science",

number = "2",

}

TY - JOUR

T1 - 基于信任链技术的SSH 传输层协议改进

AU - Wang, Xingguo

AU - Sun, Yunxiao

AU - Wang, Bailing

PY - 2025/2/15

Y1 - 2025/2/15

N2 - Host keys are identification of SSH servers. Users are required to check host key fingerprints to authenticate SSH servers. However, users often ignore the process of checking fingerprints when using SSH, making man-in-the-middle attacks based on host key replacement possible. In this regard,an improvement scheme of the SSH transport layer protocol is proposed based on the chain of trust. In the scheme,a chain of trust is established by signing the new host key with the old host key. The improved SSH protocol can solve the trust problem of new host keys without the need for users to check fingerprints, so as to achieve identity authentication of servers, which greatly reduces the risk of man-in-the-middle attacks. Finally, using Pro Verify to analyze the improved protocol, verification results show that the improved protocol satisfies confidentiality and authentication,and can resist man-in-the-middle attacks.

AB - Host keys are identification of SSH servers. Users are required to check host key fingerprints to authenticate SSH servers. However, users often ignore the process of checking fingerprints when using SSH, making man-in-the-middle attacks based on host key replacement possible. In this regard,an improvement scheme of the SSH transport layer protocol is proposed based on the chain of trust. In the scheme,a chain of trust is established by signing the new host key with the old host key. The improved SSH protocol can solve the trust problem of new host keys without the need for users to check fingerprints, so as to achieve identity authentication of servers, which greatly reduces the risk of man-in-the-middle attacks. Finally, using Pro Verify to analyze the improved protocol, verification results show that the improved protocol satisfies confidentiality and authentication,and can resist man-in-the-middle attacks.

KW - Chain of trust

KW - Fromal analysis

KW - Man-in-the-middle attack

KW - Secure shell

KW - Security protocol

UR - https://www.scopus.com/pages/publications/105019624355

U2 - 10.11896/jsjkx.231200187

DO - 10.11896/jsjkx.231200187

M3 - 文章

AN - SCOPUS:105019624355

SN - 1002-137X

VL - 52

SP - 353

EP - 361

JO - Computer Science

JF - Computer Science

IS - 2

ER -

基于信任链技术的SSH 传输层协议改进

Abstract

Access to Document

Other files and links

Fingerprint

Cite this