Research And Implementation Of SSH Protocol Based On Post-quantum Key Exchange

With the development of Internet technology and the expansion of network scale,people are badly in need of remote login.In recent years,more and more enterprises and organizations use remote login to manage server,network equipment.So remote login technology has become a hot topic in the field of network security.For telnet and FTP,which provided remote login in the early years,all the data is transmitted in plain text,including passwords.It brought a huge security threat to users.While the SSH protocol can encrypt all the transmitted data and offers security mechanism.Therefore SSH has become one of the most widely used network security protocols.Now,all encryption algorithms in SSH belong to symmetric encryption algorithms.So both parties of the communication need to negotiate a shared key before data encryption.At present SSH use DH algorithm to generate the shared key.In other words,the shared key generated by the DH algorithm is the most important thing that SSH can provide secure transmission.As we all know,the security of DH algorithm depends on the difficulty of computing discrete logarithms.However,due to the rapid development of quantum theory in recent years,some scholars have found a quantum algorithm that can calculate discrete logarithms in polynomial time,which leads to the DH algorithm is no longer secure and SSH also faces huge challenges and threats.In order to solve the threats to SSH protocol by the quantum algorithm,SSH protocol have been studied deeply,and two improved schemes for SSH protocol have been designed based on post-quantum key exchange,SHA256 and RSA algorithm.Moreover,we have developed a SSH system using our improved schemes.The specific content and innovation of this paper are as follows:(1)Intensive study of the mechanism and structure of SSH protocol,detailed introduction of the service that SSH can provide.Analyze the status quo of key exchange in post-quantum field and the threats to SSH protocol in the future quantum time.(2)In order to solve the threat that SSH protocol faces effectively,two schemes to improve the SSH are designed.The first scheme is based on the R-LWE authenticated key exchange algorithm.This scheme is fast in key exchange and does not need other cryptographic algorithms to support it.While the second scheme is based on the first scheme,and combines SHA256 algorithm and RSA algorithm to construct a post-quantum key exchange protocol cluster.And we use this protocol cluster to improve SSH.The second method also provides the data integrity checking function for key exchange.(3)Design and implement the above two methods.A lot of connection test experiments and security verification work are done on the developed system.The experimental results show that both the two schemes can resist the quantum attack without reducing the performance and security of the original SSH.Moreover,the second scheme has higher security performance.