Security on the Secure Shell

Presentation	2002/10/4 Security on the Secure Shell Takamichi SAITO, Toshiyuki KITO,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	Although some flaws have been found out in the SSH, the Secure Shell, there is not so much discussion about its architecture or design safety. Therefore, in this paper, considering the SSH's architecture, e.g. the key exchange protocol, the user authentication protocols and its total design of the SSH, we not only discuss the SSH's architectural safety but show some critical flaws for SSH users. For establishing the SSH connection, before the user authentication, the SSH sever and client are exchanging a session key, which can make secure communication. Then, over the secret channel encrypted by the session key, the SSH server are authenticating a user in the SSH client using with a user's password or public key. However, owing to the defects in the SSH protocols and its design, a user can be deprived of its password in the authentication protocol. Moreover, we will show that those who uses its public key for authentication are exposed to the menace same as password-oriented users are.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)	System Security / Authentication / Authentication Protocol
Paper #	IA2002-31
Date of Issue

Paper Information
Registration To	Internet Architecture(IA)
Language	ENG
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	Security on the Secure Shell
Sub Title (in English)
Keyword(1)	System Security
Keyword(2)	Authentication
Keyword(3)	Authentication Protocol
1st Author's Name	Takamichi SAITO
1st Author's Affiliation	Tokyo University of Technology()
2nd Author's Name	Toshiyuki KITO
2nd Author's Affiliation	Science University of Tokyo
Date	2002/10/4
Paper #	IA2002-31
Volume (vol)	vol.102
Number (no)	362
Page	pp.pp.-
#Pages	7
Date of Issue