Research And Improvement Of Application Layer SSH Security Protocol Based On VxWorks

With widely used and continuous development of the embedded operating system, especiallywith increasing widely used of the combine of the embedded devices and network, the networksecurity issues of embedded system become more prominent, and become an urgent problem.VxWorks operating system is an excellent real-time embedded systems, but it’s protecting means ofthe network security transmission are not very perfect. There is a largely hidden trouble in thepractical apply. So the study of VxWorks system network security is very important.Based on study of the existing TCP/IP network security technology and network securitymeasures of VxWorks system in-depth, the dissertation makes a scrutiny into SSH protocol. AlthoughWind kernel has a strong real-time and network communication function, with aspect of the lack ofapplication layer protection of program communication problem, the dissertation proposes using SSHprotocol mechanism on the VxWorks system of network application layer, making user’s applicationdata protected encrypting by the SSH protocol when transmitted over the network, thereby enhancingthe security of the application communication. Based on the analysis of SSH protocol transmissiondelay problem and the model of the "man-in-the-middle attack", with the demand for real-timeembedded systems and safety, the dissertation improves SSH protocol in the following two aspects:the dissertation introduces session resume mechanism in transport layer protocol’s negotiation stage toreduce the network transmission delay of the key negotiation’s intensive computation,thus meeting thereal-time requirements of the system; the dissertation uses notary server system for the serverauthentication,and use notary server system’s data to identify the legitimacy of the public host basedon certain client safety strategy, thus compensating the defect of the "trust-on-first-use" mechanismand preventing the harm of the "man in the middle" attack effectively.The dissertation implements the SSH protocol for secure communications of the networkapplication layer mechanisms on real-time embedded VxWorks system, lists the process to implementthe agreement,implements two improvement strategies, completes the test of system’s security anddaley effect,and evaluates the system finally.