技术领域technical field
本发明属于信息技术领域,具体涉及一种基于后量子密钥交换实现SSH协议的方法和基于后量子密钥交换实现SSH协议的系统。The invention belongs to the field of information technology, and in particular relates to a method for realizing the SSH protocol based on the post-quantum key exchange and a system for realizing the SSH protocol based on the post-quantum key exchange.
背景技术Background technique
随着计算机网络的不断发展,网络规模也变得越来越大,人们对远程登录功能的需求也随之提升,例如对远程服务器的配置、管理等。SSH(Secure Shel l)是目前应用最为广泛的远程登录协议之一,与其他提供远程登录的协议相比,SSH能够提供通信双方身份验证、通信数据加密传输以及完整性校验等多种安全服务。With the continuous development of computer networks, the scale of the network has also become larger and larger, and people's demand for remote login functions has also increased, such as configuration and management of remote servers. SSH (Secure Shell) is one of the most widely used remote login protocols at present. Compared with other protocols that provide remote login, SSH can provide various security services such as authentication of both communication parties, encrypted transmission of communication data, and integrity verification. .
SSH协议标准规定了SSH的分层体系架构,如图1所示的SSH协议架构图所示,其包含传输层协议、用户认证和连接层协议三部分,其中传输层协议位于SSH的最底层,能够提供密钥协商、数据加密、身份认证等安全服务,是SSH能够提供安全远程登录的基础。目前SSH传输层中密钥协商部分由DH(Diffie-Hellman)算法完成,即通信双方利用DH算法在公共网络上协商出一个共享密钥,该共享密钥用于加解密之后所有要传输的数据,保障会话安全性。密钥协商算法在SSH协议中有着举足轻重的地位,必须具有足够高的安全性,目前的DH算法的安全性依赖于解决离散对数的困难性。离散对数问题在使用当今的计算机条件下,只能在指数时间内才能被解决。但是随着量子计算机与量子算法的出现,离散对数问题已被证明可用量子计算机在多项式时间内解决,这也就意味着DH算法在量子时代将不再那么安全。The SSH protocol standard specifies the layered architecture of SSH. As shown in the SSH protocol architecture diagram shown in Figure 1, it includes three parts: the transport layer protocol, user authentication, and connection layer protocol. The transport layer protocol is located at the bottom of SSH. The ability to provide security services such as key negotiation, data encryption, and identity authentication is the basis for SSH to provide secure remote login. At present, the key negotiation part in the SSH transport layer is completed by the DH (Diffie-Hellman) algorithm, that is, the communication parties use the DH algorithm to negotiate a shared key on the public network, and the shared key is used for all data to be transmitted after encryption and decryption , to ensure session security. The key agreement algorithm plays a pivotal role in the SSH protocol and must have sufficient security. The security of the current DH algorithm depends on solving the difficulty of discrete logarithms. The discrete logarithm problem can only be solved in exponential time using today's computers. But with the emergence of quantum computers and quantum algorithms, the discrete logarithm problem has been proven to be solved in polynomial time by quantum computers, which means that the DH algorithm will no longer be so safe in the quantum era.
一方面,为了防止DH算法受到中间人攻击,SSH在密钥协商阶段不仅要支持DH算法,还需要支持RSA、SHA256等算法,复杂性相对较高。另一方面,量子密码学技术迅猛发展。这些量子密码技术的研究严重威胁着当前依赖于数字理论的公钥密码体制,给SSH安全性带来了严重威胁,且Shor算法的提出使得依赖于离散对数困难性的密码算法不再那么安全,DH算法也随之面临巨大挑战,如果DH算法不能保证通信双方协商共享密钥的安全性,那么SSH提供安全服务就无从谈起。随着量子算法的深入研究,使得解决离散对数问题变得轻松与容易,破解DH算法协商的共享密钥也就成为了一件易事,SSH提供安全服务将受到严重质疑。On the one hand, in order to prevent the DH algorithm from being attacked by a man-in-the-middle, SSH needs to support not only the DH algorithm but also RSA, SHA256 and other algorithms during the key negotiation phase, which is relatively complex. On the other hand, quantum cryptography technology is developing rapidly. The research of these quantum cryptography technologies seriously threatens the current public-key cryptosystem that relies on digital theory, and poses a serious threat to the security of SSH, and the proposal of the Shor algorithm makes the cryptographic algorithm that relies on the difficulty of discrete logarithms no longer so safe. , the DH algorithm will also face huge challenges. If the DH algorithm cannot guarantee the security of the shared key negotiated by the two parties in communication, then SSH will not be able to provide security services. With the in-depth study of quantum algorithms, it becomes easy and easy to solve the discrete logarithm problem, and it becomes easy to crack the shared key negotiated by the DH algorithm. The security services provided by SSH will be seriously questioned.
另外,现阶段SSH也被爆出了很多安全漏洞,尤其是SSH协议在建立连接的过程中,不对通信双方是否被非法入侵或控制进行验证,通信双方均无法确定对端的可信状态,无法确定对方是否被攻击者入侵或非法控制,为攻击者进行攻击提供了机会。尽管现阶段SSH协议有诸多优点,拥有众多用户,但也确实存在着一些漏洞与不足,比如容易受到选择密文攻击、SQL注入等,对这些已现存的问题进行改进成为目前亟待解决的技术问题。In addition, at this stage, SSH has also been exposed to many security loopholes, especially in the process of establishing a connection in the SSH protocol, it does not verify whether the two parties in the communication have been illegally invaded or controlled. Whether it is invaded or illegally controlled by the attacker provides an opportunity for the attacker to attack. Although the current SSH protocol has many advantages and has many users, it does have some loopholes and deficiencies, such as vulnerability to chosen ciphertext attacks, SQL injection, etc. Improving these existing problems has become a technical problem that needs to be solved urgently .
发明内容Contents of the invention
本发明所要解决的技术问题是针对现有技术中存在的上述不足,提供一种基于后量子密钥交换实现SSH协议的方法和基于后量子密钥交换实现SSH协议的系统,其使用量子密码学理论知识以达到能够抵抗量子计算机攻击的目的,保证网络安全。The technical problem to be solved by the present invention is to provide a method for implementing the SSH protocol based on post-quantum key exchange and a system for implementing the SSH protocol based on post-quantum key exchange, which uses quantum cryptography Theoretical knowledge to achieve the purpose of resisting quantum computer attacks and ensuring network security.
解决本发明技术问题所采用的技术方案是该基于后量子密钥交换实现SSH协议的方法,包括密钥交换步骤,该密钥交换步骤包括:The technical solution adopted to solve the technical problem of the present invention is the method for realizing the SSH protocol based on post-quantum key exchange, including a key exchange step, which includes:
客户端和服务器从第一参数的高斯分布上随机采样,分别计算客户端的公私密钥对和服务器的公私密钥对;The client and the server randomly sample from the Gaussian distribution of the first parameter, and calculate the public-private key pair of the client and the public-private key pair of the server respectively;
客户端从第二参数的高斯分布上随机采样,计算客户端临时会话公钥,并将客户端公钥和客户端临时会话公钥发送至服务器;The client randomly samples from the Gaussian distribution of the second parameter, calculates the client temporary session public key, and sends the client public key and the client temporary session public key to the server;
服务器接收客户端公钥和客户端临时会话公钥,对客户端进行身份验证,如果验证不能通过,服务器将直接断开链接,否则进行下一步;The server receives the client's public key and the client's temporary session public key, and authenticates the client. If the verification fails, the server will directly disconnect the connection, otherwise proceed to the next step;
从第二参数的高斯分布上的随机采样,计算服务器临时会话公钥;Calculate the server temporary session public key from random sampling on the Gaussian distribution of the second parameter;
服务器根据客户端临时会话公钥、客户端向量、服务器临时会话公钥、服务器向量、以及服务器在第一参数和第二参数的高斯分布上的随机采样,计算服务器临时会话变量以及临时会话消错变量,进而根据服务器临时会话变量以及临时会话消错变量计算服务器共享密钥初始种子;The server calculates the server's temporary session variables and temporary session error correction based on the client's temporary session public key, client vector, server's temporary session public key, server vector, and the server's random sampling on the Gaussian distribution of the first parameter and the second parameter Variables, and then calculate the initial seed of the server's shared key according to the server's temporary session variables and temporary session error correction variables;
服务器根据客户端向量、服务器向量、客户端临时会话公钥、服务器临时会话公钥、临时会话消错变量和服务器共享密钥初始种子,利用后量子算法生成此次会话的最终服务器共享密钥;According to the client vector, server vector, client temporary session public key, server temporary session public key, temporary session error correction variable and server shared key initial seed, the server uses the post-quantum algorithm to generate the final server shared key for this session;
客户端根据服务器公钥对服务器进行身份验证;The client authenticates the server based on the server public key;
客户端通过服务器的身份认证,根据客户端临时会话公钥、客户端向量、服务器向量、服务器临时会话公钥、以及客户端在第一参数和第二参数的高斯分布上的随机采样,计算客户端临时会话变量,进而根据客户端临时会话变量以及临时会话消错变量计算客户端共享密钥初始种子;The client passes the identity authentication of the server, according to the client's temporary session public key, the client vector, the server vector, the server's temporary session public key, and the random sampling of the client on the Gaussian distribution of the first parameter and the second parameter, calculate the client The terminal temporary session variable, and then calculate the initial seed of the client shared key according to the client temporary session variable and the temporary session error correction variable;
客户端根据客户端向量、服务器向量、客户端临时会话公钥、服务器临时会话公钥、临时会话消错变量和客户端共享密钥初始种子,利用后量子算法生成此次会话的最终客户端共享密钥;According to the client vector, server vector, client temporary session public key, server temporary session public key, temporary session error correction variable and client shared key initial seed, the client uses the post-quantum algorithm to generate the final client shared key for this session key;
服务器或客户端任一身份验证不能通过,则密钥交换终止。If either server or client authentication fails, the key exchange is terminated.
优选的是,服务器临时会话公钥ks为:Preferably, the server temporary session public key ks is:
ks=(pcc+x)(ssd+rs)+2gsks =(pc c+x)(ss d+rs )+2gs
其中:in:
c=H1(client,server,x),为客户端向量;c=H1 (client,server,x), is the client vector;
x=arc+2fc,为客户端临时会话公钥;x=arc +2fc is the temporary session public key of the client;
rci和fci为客户端从第二参数为β的高斯分布χβ上的随机采样值,q为正整数;rci and fci are random sampling values from the client on the Gaussian distribution χβ with the second parameter β, and q is a positive integer;
d=H1(server,client,y,x),为服务器向量;d=H1 (server,client,y,x), which is the server vector;
y=ars+2fs,为服务器临时会话公钥;y=ars +2fs , which is the temporary session public key of the server;
rsi,fsi,gsi为服务器从第二参数为β的高斯分布χβ上的随机采样值,q为正整数;rsi , fsi , gsi are random sampling values from the server on the Gaussian distribution χβ with the second parameter β, and q is a positive integer;
pc=asc+2ec,为客户端公钥;pc =asc +2ec , which is the client public key;
sci和eci为客户端从第一参数为α高斯分布χα上的随机采样值,q为正整数,sc仍为客户端私钥;sci and eci are random sampling values of the client from the Gaussian distribution χα whose first parameter is α, q is a positive integer, and sc is still the private key of the client;
以及,临时会话消错变量w为:And, the temporary session error correction variable w is:
w=Cha(ks)w=Cha(ks )
其中:Cha()为特征关联函数。Among them: Cha() is the feature correlation function.
优选的是,根据(w,y,ps),服务器共享密钥初始种子σs为:Preferably, according to (w, y, ps ), the initial seed σs of the server shared key is:
σs=Mod2(ks,w)σs =Mod2 (ks ,w)
其中:Mod2()为模2函数,Mod2(v,w)=(v+w·(q-1)/2)modqmod 2,qmod2n=1,单位矩阵v∈Mq,w∈{0,1};Wherein: Mod2 () is a modulus 2 function, Mod2 (v, w)=(v+w·(q-1)/2) modqmod 2, qmod2n=1, identity matrix v∈Mq , w∈{0,1};
服务器共享密钥sks为:The server shared secret key sks is:
sks=H(client,server,x,y,w,σs)。sks =H(client, server, x, y, w, σs ).
优选的是,客户端临时会话变量kc为:Preferably, the client temporary session variablekc is:
kc=(psd+y)(scc+rc)+2gckc =(ps d+y)(sc c+rc )+2gc
其中:in:
gci为服务器从第二参数为β的高斯分布χβ上的随机采样值,q为正整数;gci is the random sampling value of the server from the Gaussian distribution χβ whose second parameter is β, and q is a positive integer;
ps=ass+2es,为服务器公钥;ps =ass +2es is the server public key;
ssi和esi为服务器从第一参数为α高斯分布χα上的随机采样值,q为正整数,ss仍为服务器私钥。ssi and esi are random sampling values of the server from the Gaussian distribution χα whose first parameter is α, q is a positive integer, and ss is still the private key of the server.
5.根据权利要求4所述的基于后量子密钥交换实现SSH协议的方法,其特征在于,根据(w,y,ps),客户端共享密钥初始种子σc为:5. The method for realizing the SSH protocol based on post-quantum key exchange according to claim 4, wherein, according to (w, y, ps ), the initial seed σc of the client shared key is:
σc=Mod2(kc,w)σc =Mod2 (kc ,w)
其中:Mod2()为模2函数,Mod2(v,w)=(v+w·(q-1)/2)modqmod 2,qmod2n=1,单位矩阵v∈Mq,w∈{0,1};Wherein: Mod2 () is a modulus 2 function, Mod2 (v, w)=(v+w·(q-1)/2) modqmod 2, qmod2n=1, identity matrix v∈Mq , w∈{0,1};
客户端共享密钥skc为:The client shared secret key skc is:
skc=H(client,server,x,y,w,σc)。skc =H(client, server, x, y, w, σc ).
优选的是,在密钥交换步骤之前,还包括:验证通信双方的可信状态的步骤,为:Preferably, before the key exchange step, it also includes: a step of verifying the trusted status of both communication parties, which is:
发送验证客户端可信状态的请求到服务器;Send a request to verify the trusted status of the client to the server;
服务器收到客户端的请求后,随机生成一个M位的第一随机数,将第一随机数与验证自身可信状态的请求到客户端,其中M为自然数;After receiving the request from the client, the server randomly generates a first random number of M digits, and sends the first random number and a request to verify its own trusted status to the client, where M is a natural number;
客户端收到第一随机数与验证请求后,对应生成一个M位的第二随机数,然后向可信请求完整性度量,并将第一随机数和配置寄存器值、度量日志SML加密,将加密结果、第二随机数以及TPM公钥一起发送到服务器;After the client receives the first random number and the verification request, it generates a second random number of M bits correspondingly, and then requests the integrity measurement to the trustworthy, and encrypts the first random number, the configuration register value, and the measurement log SML, and converts the The encryption result, the second random number and the TPM public key are sent to the server together;
服务器收到数据后,判断此客户端是否是请求建立SSH连接的第一个客户端,如果是,检查本地是否存在可信凭证,如果本地存在可信凭证且该可信凭证仍然在有效期内,则直接进行下一步;否则,则需要先向本机可信请求完整性度量,然后将第二随机数和自己的配置寄存器值、度量日志SML加密,将加密结果和TPM公钥一起发送到客户端;After the server receives the data, it determines whether the client is the first client requesting to establish an SSH connection. If so, check whether there is a trusted certificate locally. If there is a trusted certificate locally and the trusted certificate is still valid, Then go to the next step directly; otherwise, you need to first request integrity measurement from the local machine, and then encrypt the second random number, its own configuration register value, and measurement log SML, and send the encryption result together with the TPM public key to the client end;
服务器根据客户端发送的数据验证客户端的可信状态,如果验证通过,生成可信验证通过凭证,该凭证包含客户端IP、客户端唯一标识符、本机服务器的IP与标识符、生成该凭证的时间、凭证有效期,并使用客户端发送的TPM公钥进行加密,将加密结果与验证通过信息一起发送到客户端;The server verifies the credible status of the client according to the data sent by the client. If the verification is passed, a credible verification pass credential is generated. The credential includes the client IP, the unique identifier of the client, the IP and identifier of the local server, and generates the credential The time and validity period of the certificate are encrypted with the TPM public key sent by the client, and the encrypted result is sent to the client together with the verification pass information;
客户端收到数据后,验证服务器的可信状态,如果验证通过后,客户端同样生成一个可信凭证,内容包括服务器IP、服务器唯一标识符、本机客户端的IP与标识符、生成该凭证的时间、凭证有效期,并使用服务器发送的TPM公钥进行加密,将加密结果与验证通过信息一起发送到服务器;After the client receives the data, it verifies the trusted status of the server. If the verification is passed, the client also generates a credible credential, which includes the server IP, the unique identifier of the server, the IP and identifier of the local client, and generates the credential The time and validity period of the certificate are encrypted with the TPM public key sent by the server, and the encrypted result is sent to the server together with the verification pass information;
服务器收到可信凭据后,使用自己的TPM私钥解密该可信凭据,并将其保存在本地,如此则双方的可信状态均以验证通过,否则直接断开连接。After the server receives the credential, it uses its own TPM private key to decrypt the credential and saves it locally, so that the trusted status of both parties is verified, otherwise the connection is directly disconnected.
一种基于后量子密钥交换实现SSH协议的系统,包括密钥交换模块,该所述密钥交换模块包括第一密钥单元、第二密钥单元和第一验证单元、第二验证单元,其中:A system for realizing the SSH protocol based on post-quantum key exchange, comprising a key exchange module, the key exchange module including a first key unit, a second key unit, a first verification unit, and a second verification unit, in:
所述第一密钥单元,位于服务器,用于完成下述功能:The first key unit is located on the server and is used to complete the following functions:
从第一参数的高斯分布上随机采样,计算服务器的公私密钥对;Randomly sample from the Gaussian distribution of the first parameter, and calculate the public-private key pair of the server;
在所述第一验证单元通过客户端的身份认证后,从第二参数的高斯分布上的随机采样,计算服务器临时会话公钥;After the first verification unit passes the identity authentication of the client, it calculates the temporary session public key of the server from random sampling on the Gaussian distribution of the second parameter;
根据客户端临时会话公钥、客户端向量、客户端临时服务器向量、以及服务器在第一参数和第二参数的高斯分布上的随机采样,计算服务器临时会话变量以及临时会话消错变量;According to the client's temporary session public key, the client's vector, the client's temporary server's vector, and the server's random sampling on the Gaussian distribution of the first parameter and the second parameter, calculate the server's temporary session variable and the temporary session's error-elimination variable;
以及,根据服务器临时会话变量以及临时会话消错变量计算服务器共享密钥初始种子;And, calculate the initial seed of the server's shared key according to the server's temporary session variable and the temporary session error correction variable;
根据客户端向量、服务器向量、客户端临时会话公钥、服务器临时会话公钥、临时会话消错变量和服务器共享密钥初始种子,利用后量子算法生成此次会话的最终服务器共享密钥;According to the client vector, server vector, client temporary session public key, server temporary session public key, temporary session error correction variable and server shared key initial seed, use the post-quantum algorithm to generate the final server shared key for this session;
所述第一验证单元,位于服务器,用于接收客户端公钥和客户端临时会话公钥,对客户端进行身份验证,如果验证不能通过,服务器将直接断开链接,否则进行后续认证;The first verification unit is located at the server, and is used to receive the client public key and the client temporary session public key, and perform identity verification on the client. If the verification fails, the server will directly disconnect the link, otherwise, follow-up verification will be performed;
所述第二密钥单元,位于客户端,用于完成下述功能:The second key unit is located at the client end and is used to complete the following functions:
从第一参数的高斯分布上随机采样,计算客户端的公私密钥对;Randomly sample from the Gaussian distribution of the first parameter, and calculate the public-private key pair of the client;
从第二参数的高斯分布上随机采样,计算客户端临时会话公钥,并将客户端公钥和客户端临时会话公钥发送至服务器;Randomly sample from the Gaussian distribution of the second parameter, calculate the client temporary session public key, and send the client public key and the client temporary session public key to the server;
在所述第二验证单元通过服务器的身份认证后,根据客户端临时会话公钥、客户端向量、服务器向量、服务器临时会话公钥、以及客户端在第一参数和第二参数的高斯分布上的随机采样,计算客户端临时会话变量,进而根据客户端临时会话变量以及临时会话消错变量计算客户端共享密钥初始种子;After the second verification unit passes the identity authentication of the server, according to the client temporary session public key, the client vector, the server vector, the server temporary session public key, and the Gaussian distribution of the first parameter and the second parameter of the client random sampling, calculate the temporary session variable of the client, and then calculate the initial seed of the shared key of the client according to the temporary session variable of the client and the temporary error correction variable of the session;
以及,根据客户端向量、服务器向量、客户端临时会话公钥、服务器临时会话公钥、临时会话消错变量和客户端共享密钥初始种子,利用后量子算法生成此次会话的最终服务器共享密钥;And, according to the client vector, server vector, client temporary session public key, server temporary session public key, temporary session error correction variable and client shared key initial seed, use the post-quantum algorithm to generate the final server shared secret for this session key;
所述第二验证单元,位于客户端,用于根据服务器公钥对服务器进行身份验证,如果验证不能通过,终止密钥交换,否则进行后续认证。The second verification unit is located on the client side and is used to verify the identity of the server according to the server public key. If the verification fails, the key exchange is terminated; otherwise, subsequent verification is performed.
优选的是,在所述第一密钥单元中:Preferably, in the first key unit:
服务器临时会话公钥ks为:The server temporary session public key ks is:
ks=(pcc+x)(ssd+rs)+2gsks =(pc c+x)(ss d+rs )+2gs
其中:in:
c=H1(client,server,x),为客户端向量;c=H1 (client,server,x), is the client vector;
x=arc+2fc,为客户端临时会话公钥;x=arc +2fc is the temporary session public key of the client;
rci和fci为客户端从第二参数为β的高斯分布χβ上的随机采样值,q为正整数;rci and fci are random sampling values from the client on the Gaussian distribution χβ with the second parameter β, and q is a positive integer;
d=H1(server,client,y,x),为服务器向量;d=H1 (server,client,y,x), which is the server vector;
y=ars+2fs,为服务器临时会话公钥;y=ars +2fs , which is the temporary session public key of the server;
rsi,fsi,gsi为服务器从第二参数为β的高斯分布χβ上的随机采样值,q为正整数;rsi , fsi , gsi are random sampling values from the server on the Gaussian distribution χβ with the second parameter β, and q is a positive integer;
pc=asc+2ec,为客户端公钥;pc =asc +2ec , which is the client public key;
sci和eci为客户端从第一参数为α高斯分布χα上的随机采样值,q为正整数,sc仍为客户端私钥;sci and eci are random sampling values of the client from the Gaussian distribution χα whose first parameter is α, q is a positive integer, and sc is still the private key of the client;
以及,临时会话消错变量w为:And, the temporary session error correction variable w is:
w=Cha(ks)w=Cha(ks )
其中:Cha()为特征关联函数;Among them: Cha() is the feature correlation function;
根据(w,y,ps),服务器共享密钥初始种子σs为:According to (w, y, ps ), the initial seed σs of the server shared key is:
σs=Mod2(ks,w)σs =Mod2 (ks ,w)
其中:Mod2()为模2函数,Mod2(v,w)=(v+w·(q-1)/2)modqmod 2,qmod2n=1,单位矩阵v∈Mq,w∈{0,1};Wherein: Mod2 () is a modulus 2 function, Mod2 (v, w)=(v+w·(q-1)/2) modqmod 2, qmod2n=1, identity matrix v∈Mq , w∈{0,1};
服务器共享密钥sks为:The server shared secret key sks is:
sks=H(client,server,x,y,w,σs)。sks =H(client, server, x, y, w, σs ).
优选的是,在所述第二密钥单元中,Preferably, in the second key unit,
客户端临时会话变量kc为:The client temporary session variable kc is:
kc=(psd+y)(scc+rc)+2gckc =(ps d+y)(sc c+rc )+2gc
其中:in:
gci为服务器从第二参数为β的高斯分布χβ上的随机采样值,q为正整数;gci is the random sampling value of the server from the Gaussian distribution χβ whose second parameter is β, and q is a positive integer;
ps=ass+2es,为服务器公钥;ps =ass +2es is the server public key;
ssi和esi为服务器从第一参数为α高斯分布χα上的随机采样值,q为正整数,ss仍为服务器私钥;ssi and esi are random sampling values from the server on the Gaussian distribution χα whose first parameter is α, q is a positive integer, and ss is still the private key of the server;
以及,根据(w,y,ps),客户端共享密钥初始种子σc为:And, according to (w, y, ps ), the initial seed σc of the client shared key is:
σc=Mod2(kc,w)σc =Mod2 (kc ,w)
其中:Mod2()为模2函数,Mod2(v,w)=(v+w·(q-1)/2)modqmod 2,qmod2n=1,单位矩阵v∈Mq,w∈{0,1};Wherein: Mod2 () is a modulus 2 function, Mod2 (v, w)=(v+w·(q-1)/2) modqmod 2, qmod2n=1, identity matrix v∈Mq , w∈{0,1};
客户端共享密钥skc为:The client shared secret key skc is:
skc=H(client,server,x,y,w,σc)。skc =H(client, server, x, y, w, σc ).
优选的是,还包括验证可信模块,以验证通信双方的可信状态,所述验证可信模块包括位于服务器的第一可信单元和位于客户端的第二可信单元,用于完成下述功能:Preferably, it also includes a verification credible module to verify the trusted state of both communication parties, the verification credible module includes a first credible unit located at the server and a second credible unit located at the client, for completing the following Function:
所述第二可信单元发送验证客户端可信状态的请求到所述第一可信单元;The second trusted unit sends a request to verify the trusted status of the client to the first trusted unit;
所述第一可信单元收到客户端的请求后,随机生成一个M位的第一随机数,将第一随机数与验证自身可信状态的请求到所述第二可信单元,其中M为自然数;After the first trusted unit receives the request from the client, it randomly generates a first random number with M bits, and sends the first random number and a request to verify its own trusted status to the second trusted unit, where M is Natural number;
所述第二可信单元收到第一随机数与验证请求后,对应生成一个M位的第二随机数,然后向TPM请求完整性度量,并将第一随机数和配置寄存器值、度量日志SML加密,将加密结果、第二随机数以及TPM公钥一起发送到所述第一可信单元;After the second trusted unit receives the first random number and the verification request, it generates a M-bit second random number correspondingly, and then requests the TPM for integrity measurement, and sends the first random number, configuration register value, and measurement log SML encryption, sending the encryption result, the second random number and the TPM public key together to the first trusted unit;
所述第一可信单元收到数据后,判断此客户端是否是请求建立SSH连接的第一个客户端,如果是,检查本地是否存在可信凭证,如果本地存在可信凭证且该可信凭证仍然在有效期内,则直接进行下一步;否则,则需要先向本机可信请求完整性度量,然后将第二随机数和自己的配置寄存器值、度量日志SML加密,将加密结果和TPM公钥一起发送到所述第二可信单元;After the first trusted unit receives the data, it judges whether the client is the first client requesting to establish an SSH connection, and if so, checks whether there is a trusted certificate locally, if there is a trusted certificate locally and the trusted If the certificate is still within the validity period, go to the next step directly; otherwise, you need to first request integrity measurement from the local machine, then encrypt the second random number, your own configuration register value, measurement log SML, and encrypt the result with TPM sending the public key together to said second trusted unit;
所述第一可信单元根据所述第二可信单元发送的数据验证客户端的可信状态,如果验证通过,生成可信验证通过凭证,该凭证包含客户端IP、客户端唯一标识符、本机服务器的IP与标识符、生成该凭证的时间、凭证有效期,并使用客户端发送的TPM公钥进行加密,将加密结果与验证通过信息一起发送到客户端;The first credible unit verifies the credible state of the client according to the data sent by the second credible unit, and if the verification is passed, generates a credible verification certificate, which includes the client IP, the unique identifier of the client, the The IP and identifier of the machine server, the time when the certificate was generated, and the validity period of the certificate are encrypted with the TPM public key sent by the client, and the encrypted result is sent to the client together with the verification pass information;
客户端收到数据后,验证服务器的可信状态,如果验证通过后,所述第二可信单元同样生成一个可信凭证,内容包括服务器IP、服务器唯一标识符、本机客户端的IP与标识符、生成该凭证的时间、凭证有效期,并使用服务器发送的TPM公钥进行加密,将加密结果与验证通过信息一起发送到所述第一可信单元;After the client receives the data, it verifies the credible state of the server. If the verification is passed, the second credible unit also generates a credible credential, which includes the server IP, the unique identifier of the server, the IP and the identification of the local client. character, the time when the certificate was generated, and the validity period of the certificate, and use the TPM public key sent by the server to encrypt, and send the encryption result together with the verification pass information to the first trusted unit;
所述第一可信单元收到可信凭据后,使用自己的TPM私钥解密该可信凭据,并将其保存在本地,如此则双方的可信状态均以验证通过,否则直接断开连接。After the first trusted unit receives the trusted credential, it uses its own TPM private key to decrypt the trusted credential and saves it locally, so that the trusted status of both parties passes the verification, otherwise the connection is directly disconnected .
本发明的有益效果是:该基于后量子密钥交换实现SSH协议的方法和基于后量子密钥交换实现SSH协议的系统,使用后量子密钥交换协议和可信认证方法来解决SSH协议潜在的一些威胁。其中的后量子密钥交换协议可以解决目前的SSH协议中密钥交换阶段的共享密钥可能被攻破的问题,可信认证可以解决使用SSH协议进行通信的双方平台不可信的问题。The beneficial effects of the present invention are: the method for implementing the SSH protocol based on the post-quantum key exchange and the system for realizing the SSH protocol based on the post-quantum key exchange use the post-quantum key exchange protocol and the trusted authentication method to solve the potential problems of the SSH protocol some threats. Among them, the post-quantum key exchange protocol can solve the problem that the shared key in the key exchange phase of the current SSH protocol may be compromised, and trusted authentication can solve the problem of untrustworthy platforms of both parties using the SSH protocol for communication.
附图说明Description of drawings
图1为SSH协议架构示意图;Figure 1 is a schematic diagram of the SSH protocol architecture;
图2为现有的SSH协议远程登录流程图;Fig. 2 is the flow chart of existing SSH protocol remote login;
图3为本发明实施例1的基于后量子密钥交换实现SSH协议的方法中密钥交换流程图;Fig. 3 is the flow chart of key exchange in the method for implementing the SSH protocol based on post-quantum key exchange in Embodiment 1 of the present invention;
图4为本发明实施例1的基于后量子密钥交换实现SSH协议的方法中可信证明流程图。FIG. 4 is a flow chart of credible proof in the method for implementing the SSH protocol based on post-quantum key exchange according to Embodiment 1 of the present invention.
具体实施方式Detailed ways
为使本领域技术人员更好地理解本发明的技术方案,下面结合附图和具体实施方式对本发明基于后量子密钥交换实现SSH协议的方法和基于后量子密钥交换实现SSH协议的系统作进一步详细描述。In order to enable those skilled in the art to better understand the technical solution of the present invention, the method for implementing the SSH protocol based on post-quantum key exchange and the system for implementing the SSH protocol based on post-quantum key exchange in the present invention will be described below in conjunction with the accompanying drawings and specific embodiments described in further detail.
本发明的技术构思在于:截止到目前,对现阶段SSH协议的改进方案都是利用现代密码学技术进行的改进,还从未涉及利用量子密码学技术进行改进。本发明即利用量子密码学技术对上述的技术问题进行改进。采用量子算法可以在多项式时间内解决离散对数问题,还在建立SSH连接之前确保通信双方的状态是可信的,以兼顾SSH协议的安全性和可信性。The technical idea of the present invention is that: up to now, the improvement schemes of the current SSH protocol are all improved by using modern cryptography technology, and have never involved improvement by using quantum cryptography technology. The present invention uses quantum cryptography technology to improve the above technical problems. The discrete logarithm problem can be solved in polynomial time by using the quantum algorithm, and the state of the communication parties is guaranteed to be credible before the SSH connection is established, so as to take into account the security and credibility of the SSH protocol.
本发明提供了一种基于后量子密钥交换算法的可信SSH协议认证的改进方法,当用户使用改进后的SSH协议进行远程登录服务器时,客户端和服务器在进行版本协商后,分别向对端发送可信证明请求,然后对自身进行完整性度量并将结果发送到对端,最后根据对端发送的数据验证对方的可信状态。可信验证通过后SSH将利用后量子密钥交换算法来完成客户端与远程服务器之间的密钥协商阶段以及双方身份认证阶段,这些改变用户无需关心底层实现原理,也无需改变之前的登录方法。该方法不仅用户透明性强,速度快,算法简单易理解,还能够在不降低原有SSH远程登录安全性的前提下,一方面提供后量子计算机功能,即防止通信双方生成的共享密钥被量子计算机攻破;另一方面还能够验证客户端和服务器两方的可信状态。The present invention provides an improved method for authentication of trusted SSH protocol based on post-quantum key exchange algorithm. The end sends a credible proof request, then performs integrity measurement on itself and sends the result to the opposite end, and finally verifies the trusted status of the other end according to the data sent by the opposite end. After the credible verification is passed, SSH will use the post-quantum key exchange algorithm to complete the key negotiation phase between the client and the remote server and the identity authentication phase between the two parties. Users do not need to care about the underlying implementation principles for these changes, nor do they need to change the previous login method . This method not only has strong user transparency, fast speed, and simple and easy-to-understand algorithm, but also can provide post-quantum computer functions on the premise of not reducing the security of the original SSH remote login, that is, prevent the shared key generated by the two parties from being compromised. Quantum computer breaks; on the other hand, it can also verify the trusted status of both the client and the server.
实施例1:Example 1:
本实施例提供一种基于后量子密钥交换实现SSH协议的方法,能有效防止通信的客户端和服务器生成的共享密钥被量子计算机攻破;另一方面还能够验证客户端和服务器两方的可信状态。This embodiment provides a method for implementing the SSH protocol based on post-quantum key exchange, which can effectively prevent the shared key generated by the communicating client and server from being breached by a quantum computer; trusted status.
对SSH改进方案的协议结构为目前SSH协议规定的三层体系架构,具体的协议架构参考图1。SSH由下到上依次为传输层、用户认证、建立连接,会话建立流程包括版本协商、算法协商和密钥协商、用户认证和请求连接。The protocol structure of the SSH improvement scheme is the three-layer architecture stipulated by the current SSH protocol. Refer to Figure 1 for the specific protocol architecture. From bottom to top, SSH is the transport layer, user authentication, and connection establishment. The session establishment process includes version negotiation, algorithm negotiation, key negotiation, user authentication, and connection request.
目前,通信双方利用SSH协议进行远程登录的流程如图2所示。At present, the process of remote login by both communicating parties using the SSH protocol is shown in FIG. 2 .
第一步,版本协商:客户端与服务器互相发送自己的协议版本号、软件版本号进行版本协商,以确定是否继续会话,版本协商成功后进行以下步骤。此阶段发送的信息均以明文方式进行传输;The first step is version negotiation: the client and the server send their protocol version number and software version number to each other for version negotiation to determine whether to continue the session. After the version negotiation is successful, proceed to the following steps. All information sent at this stage is transmitted in plain text;
第二步,算法协商:客户端和服务器分别发送自己支持的公钥算法列表、加密算法列表、压缩算法列表等等,双方根据对端和自身支持的算法协商出此次会话最终将要使用的各类算法。其中,对于密钥协商算法,尽管理论上是可以协商的,但是实际上,SSH目前必须且唯一支持的就是DH算法;The second step is algorithm negotiation: the client and the server respectively send their supported public key algorithm list, encryption algorithm list, compression algorithm list, etc. class algorithm. Among them, for the key agreement algorithm, although it can be negotiated in theory, in fact, the DH algorithm must be supported by SSH at present;
第三步,密钥协商:客户端和服务器利用DH密钥交换算法进行协商共享密钥。此阶段需要RSA算法、SHA256算法进行协助,以降低被攻破的概率;The third step is key negotiation: the client and the server use the DH key exchange algorithm to negotiate a shared key. At this stage, the assistance of RSA algorithm and SHA256 algorithm is needed to reduce the probability of being breached;
第四步,用户认证:客户端将用户密码以密文的形式发送到服务器,服务器则对用户的身份进行合法性认证;The fourth step is user authentication: the client sends the user password to the server in the form of cipher text, and the server authenticates the legality of the user's identity;
第五步,建立连接:用户认证成功后,客户端发送会话请求,服务器针对客户端的请求类型作出反应,双方建立连接,进行数据传输。The fifth step is to establish a connection: after the user authentication is successful, the client sends a session request, the server responds to the client's request type, and the two parties establish a connection for data transmission.
现阶段SSH协议中使用DH算法进行协商密钥,同时为了防止受到中间人攻击,利用RSA算法和SHA256算法进行签名认证,以确保通信双方身份的合法性。这些算法的协同工作保障了共享密钥的高安全性。但是随时量子时代的不断临近与计算机技术的飞速发展,SSH将面临着巨大的挑战与风险。At this stage, the DH algorithm is used in the SSH protocol to negotiate the key. At the same time, in order to prevent man-in-the-middle attacks, the RSA algorithm and the SHA256 algorithm are used for signature authentication to ensure the legitimacy of the identities of both parties in the communication. The cooperative work of these algorithms ensures the high security of the shared key. However, with the approaching of the quantum era and the rapid development of computer technology, SSH will face enormous challenges and risks.
基于上述现状,本实施例提出了一种基于后量子密钥交换协议的可信SSH认证改进方案,来使SSH密钥交换阶段能够抵抗量子计算机的攻击,提升SSH的安全性,延续SSH在量子时代的生存寿命。具体是基于量子密码学的格理论,R-LWE(Ring-Learning WithErrors)问题复杂性最终可以规约到格上SVP(Shortest Vectors Problem)问题,而SVP问题已被证明是NP困难的。因此,基于R-LWE的认证密钥交换算法在能够很好的抵抗量子计算的攻击,且它还具有计算速度快、易于理解等优点。Based on the above status quo, this embodiment proposes a credible SSH authentication improvement scheme based on the post-quantum key exchange protocol, so that the SSH key exchange stage can resist the attack of quantum computers, improve the security of SSH, and continue SSH in the quantum The lifespan of the era. Specifically, based on the lattice theory of quantum cryptography, the complexity of the R-LWE (Ring-Learning With Errors) problem can eventually be reduced to the SVP (Shortest Vectors Problem) problem on the lattice, and the SVP problem has been proved to be NP-hard. Therefore, the R-LWE-based authenticated key exchange algorithm can well resist the attack of quantum computing, and it also has the advantages of fast calculation speed and easy understanding.
本实施例的基于后量子密钥交换实现SSH协议的方法,当客户端与服务器建立SSH连接时,双方首先向对端发送可信证明请求,然后分别向自己的可信请求(TPM请求,TPM即Trusted Platform Module,可信平台模块)完整性度量,并将相关信息发送到对端以及验证对端的可信状态,当双方的可信状态均验证通过后,双方开始密码协商。进行密钥协商时,双方分别从参数相同的高斯分布上随机采样,计算自己的公私密钥对,之后将自己的公钥发送至对端并接收对方的公钥,并验证对方的身份,然后计算此次会话的临时公私密钥对以及其他一些所需的变量,计算完成后将数据发送至对方,同时计算自己此次会话的共享密钥。从而实现确保终端的可信状态,以及实现了抵抗量子计算机的密钥协商流程,提供了高安全性的远程登录流程。In the method for implementing the SSH protocol based on post-quantum key exchange in this embodiment, when the client establishes an SSH connection with the server, both parties first send a trusted proof request to the opposite end, and then send their own trusted requests (TPM request, TPM That is, the Trusted Platform Module (Trusted Platform Module) integrity measurement, and sends relevant information to the peer and verifies the trusted status of the peer. When the trusted status of both parties is verified, the two parties start password negotiation. When conducting key agreement, both parties randomly sample from the Gaussian distribution with the same parameters, calculate their own public-private key pair, then send their public key to the other end and receive the other party’s public key, and verify the identity of the other party, and then Calculate the temporary public-private key pair of this session and other required variables, send the data to the other party after the calculation is completed, and calculate the shared key of this session. In this way, the trusted state of the terminal is ensured, and the key agreement process that is resistant to quantum computers is realized, and a high-security remote login process is provided.
如图3所示,该基于后量子密钥交换实现SSH协议的方法中的核心步骤,即密钥交换步骤包括:As shown in Figure 3, the core steps in the method for implementing the SSH protocol based on post-quantum key exchange, that is, the key exchange step includes:
客户端和服务器从第一参数的高斯分布上随机采样,分别计算客户端的公私密钥对和服务器的公私密钥对;The client and the server randomly sample from the Gaussian distribution of the first parameter, and calculate the public-private key pair of the client and the public-private key pair of the server respectively;
客户端从第二参数的高斯分布上随机采样,计算客户端临时会话公钥,并将客户端公钥和客户端临时会话公钥发送至服务器;The client randomly samples from the Gaussian distribution of the second parameter, calculates the client temporary session public key, and sends the client public key and the client temporary session public key to the server;
服务器接收客户端公钥和客户端临时会话公钥,对客户端进行身份验证,如果验证不能通过,服务器将直接断开链接,否则进行下一步;The server receives the client's public key and the client's temporary session public key, and authenticates the client. If the verification fails, the server will directly disconnect the connection, otherwise proceed to the next step;
服务器通过客户端的身份认证,从第二参数的高斯分布上的随机采样,计算服务器临时会话公钥;Through the identity authentication of the client, the server calculates the temporary session public key of the server from random sampling on the Gaussian distribution of the second parameter;
服务器根据客户端临时会话公钥、客户端向量、服务器临时会话公钥、服务器向量、以及服务器在第一参数和第二参数的高斯分布上的随机采样,计算服务器临时会话变量以及临时会话消错变量,进而根据服务器临时会话变量以及临时会话消错变量计算服务器共享密钥初始种子;The server calculates the server's temporary session variables and temporary session error correction based on the client's temporary session public key, client vector, server's temporary session public key, server vector, and the server's random sampling on the Gaussian distribution of the first parameter and the second parameter Variables, and then calculate the initial seed of the server's shared key according to the server's temporary session variables and temporary session error correction variables;
服务器根据客户端向量、服务器向量、客户端临时会话公钥、服务器临时会话公钥、临时会话消错变量和服务器共享密钥初始种子,利用后量子算法生成此次会话的最终服务器共享密钥;According to the client vector, server vector, client temporary session public key, server temporary session public key, temporary session error correction variable and server shared key initial seed, the server uses the post-quantum algorithm to generate the final server shared key for this session;
客户端根据服务器公钥对服务器进行身份验证;The client authenticates the server based on the server public key;
客户端通过服务器的身份认证,根据客户端临时会话公钥、客户端向量、服务器向量、服务器临时会话公钥、以及客户端在第一参数和第二参数的高斯分布上的随机采样,计算客户端临时会话变量,进而根据客户端临时会话变量以及临时会话消错变量计算客户端共享密钥初始种子;The client passes the identity authentication of the server, according to the client's temporary session public key, the client vector, the server vector, the server's temporary session public key, and the random sampling of the client on the Gaussian distribution of the first parameter and the second parameter, calculate the client The terminal temporary session variable, and then calculate the initial seed of the client shared key according to the client temporary session variable and the temporary session error correction variable;
客户端根据客户端向量、服务器向量、客户端临时会话公钥、服务器临时会话公钥、临时会话消错变量和客户端共享密钥初始种子,利用后量子算法生成此次会话的最终客户端共享密钥;According to the client vector, server vector, client temporary session public key, server temporary session public key, temporary session error correction variable and client shared key initial seed, the client uses the post-quantum algorithm to generate the final client shared key for this session key;
服务器或客户端任一身份验证不能通过,则密钥交换终止。If either server or client authentication fails, the key exchange is terminated.
在服务器侧,服务器临时会话公钥ks为:On the server side, the server temporary session public key ks is:
ks=(pcc+x)(ssd+rs)+2gsks =(pc c+x)(ss d+rs )+2gs
其中:in:
c=H1(client,server,x),为客户端向量,client为客户端主机,server为服务器主机;c=H1 (client, server, x), is the client vector, client is the client host, and server is the server host;
x=arc+2fc,为客户端临时会话公钥;x=arc +2fc is the temporary session public key of the client;
rci和fci为客户端从第二参数为β的高斯分布χβ上的随机采样值,q为正整数(例如q=5);这里经过多次采样,将多次采样的结果之和作为结果,以增加采样的随机性。rci and fci are random sampling values from the client on the Gaussian distribution χβ whose second parameter is β, and q is a positive integer (for example, q=5); here, after multiple sampling, the sum of the multiple sampling results As a result, to increase the randomness of the sampling.
d=H1(server,client,y,x),为服务器向量;d=H1 (server,client,y,x), which is the server vector;
y=ars+2fs,为服务器临时会话公钥;y=ars +2fs , which is the temporary session public key of the server;
rsi,fsi,gsi为服务器从第二参数为β的高斯分布χβ上的随机采样值,q为正整数(例如q=5);rsi , fsi , gsi are random sampling values from the server on the Gaussian distribution χβ whose second parameter is β, and q is a positive integer (for example, q=5);
pc=asc+2ec,为客户端公钥;pc =asc +2ec , which is the client public key;
sci和eci为客户端从第一参数为α高斯分布χα上的随机采样值,q为正整数(例如q=5),sc仍为客户端私钥;sci and eci are random sampling values from the first parameter of the client on the α Gaussian distribution χα , q is a positive integer (for example, q=5), and sc is still the private key of the client;
以及,临时会话消错变量w为:And, the temporary session error correction variable w is:
w=Cha(ks)w=Cha(ks )
其中:Cha()为特征关联函数;Among them: Cha() is the feature correlation function;
根据(w,y,ps),服务器共享密钥初始种子σs为:According to (w, y, ps ), the initial seed σs of the server shared key is:
σs=Mod2(ks,w)σs =Mod2 (ks ,w)
其中:Mod2()为模2函数,Mod2(v,w)=(v+w·(q-1)/2)modqmod 2,qmod2n=1,单位矩阵v∈Mq,w∈{0,1};Wherein: Mod2 () is a modulus 2 function, Mod2 (v, w)=(v+w·(q-1)/2) modqmod 2, qmod2n=1, identity matrix v∈Mq , w∈{0,1};
服务器共享密钥sks为:The server shared secret key sks is:
sks=H(client,server,x,y,w,σs)。sks =H(client, server, x, y, w, σs ).
在客户端层,客户端临时会话变量kc为:At the client layer, the client temporary session variablekc is:
kc=(psd+y)(scc+rc)+2gckc =(ps d+y)(sc c+rc )+2gc
其中:in:
gci为服务器从第二参数为β的高斯分布χβ上的随机采样值,q为正整数(例如q=5);gci is the random sampling value of the server from the Gaussian distribution χβ whose second parameter isβ , and q is a positive integer (for example, q=5);
ps=ass+2es,为服务器公钥;ps =ass +2es is the server public key;
ssi和esi为服务器从第一参数为α高斯分布χα上的随机采样值,q为正整数(例如q=5),ss仍为服务器私钥;ssi and esi are random sampling values of the server from the first parameter α Gaussian distribution χα , q is a positive integer (for example, q=5), and ss is still the server private key;
根据(w,y,ps),客户端共享密钥初始种子σc为:According to (w, y, ps ), the initial seed σc of the client shared key is:
σc=Mod2(kc,w)σc =Mod2 (kc ,w)
其中:Mod2()为模2函数,Mod2(v,w)=(v+w·(q-1)/2)modqmod 2,qmod2n=1,单位矩阵v∈Mq,w∈{0,1};Wherein: Mod2 () is a modulus 2 function, Mod2 (v, w)=(v+w·(q-1)/2) modqmod 2, qmod2n=1, identity matrix v∈Mq , w∈{0,1};
客户端共享密钥skc为:The client shared secret key skc is:
skc=H(client,server,x,y,w,σc)。skc =H(client, server, x, y, w, σc ).
优选的是,在密钥交换步骤之前,还包括:验证通信双方的可信状态的步骤,为:Preferably, before the key exchange step, it also includes: a step of verifying the trusted status of both communication parties, which is:
发送验证客户端可信状态的请求到服务器;Send a request to verify the trusted status of the client to the server;
服务器收到客户端的请求后,随机生成一个M位的第一随机数,将第一随机数与验证自身可信状态的请求到客户端,其中M为自然数;After receiving the request from the client, the server randomly generates a first random number of M digits, and sends the first random number and a request to verify its own trusted status to the client, where M is a natural number;
客户端收到第一随机数与验证请求后,对应生成一个M位的第二随机数,然后向可信请求完整性度量,并将第一随机数和配置寄存器值、度量日志SML加密,将加密结果、第二随机数以及TPM公钥一起发送到服务器;After the client receives the first random number and the verification request, it generates a second random number of M bits correspondingly, and then requests the integrity measurement to the trustworthy, and encrypts the first random number, the configuration register value, and the measurement log SML, and converts the The encryption result, the second random number and the TPM public key are sent to the server together;
服务器收到数据后,判断此客户端是否是请求建立SSH连接的第一个客户端,如果是,检查本地是否存在可信凭证,如果本地存在可信凭证且该可信凭证仍然在有效期内,则直接进行下一步;否则,则需要先向本机可信请求完整性度量,然后将第二随机数和自己的配置寄存器值、度量日志SML加密,将加密结果和TPM公钥一起发送到客户端;After the server receives the data, it determines whether the client is the first client requesting to establish an SSH connection. If so, check whether there is a trusted certificate locally. If there is a trusted certificate locally and the trusted certificate is still valid, Then go to the next step directly; otherwise, you need to first request integrity measurement from the local machine, and then encrypt the second random number, its own configuration register value, and measurement log SML, and send the encryption result together with the TPM public key to the client end;
服务器根据客户端发送的数据验证客户端的可信状态,如果验证通过,生成可信验证通过凭证,该凭证包含客户端IP、客户端唯一标识符、本机服务器的IP与标识符、生成该凭证的时间、凭证有效期,并使用客户端发送的TPM公钥进行加密,将加密结果与验证通过信息一起发送到客户端;The server verifies the credible status of the client according to the data sent by the client. If the verification is passed, a credible verification pass credential is generated. The credential includes the client IP, the unique identifier of the client, the IP and identifier of the local server, and generates the credential The time and validity period of the certificate are encrypted with the TPM public key sent by the client, and the encrypted result is sent to the client together with the verification pass information;
客户端收到数据后,验证服务器的可信状态,如果验证通过后,客户端同样生成一个可信凭证,内容包括服务器IP、服务器唯一标识符、本机客户端的IP与标识符、生成该凭证的时间、凭证有效期,并使用服务器发送的TPM公钥进行加密,将加密结果与验证通过信息一起发送到服务器;After the client receives the data, it verifies the trusted status of the server. If the verification is passed, the client also generates a credible credential, which includes the server IP, the unique identifier of the server, the IP and identifier of the local client, and generates the credential The time and validity period of the certificate are encrypted with the TPM public key sent by the server, and the encrypted result is sent to the server together with the verification pass information;
服务器收到可信凭据后,使用自己的TPM私钥解密该可信凭据,并将其保存在本地,如此则双方的可信状态均以验证通过,否则直接断开连接。After the server receives the credential, it uses its own TPM private key to decrypt the credential and saves it locally, so that the trusted status of both parties is verified, otherwise the connection is directly disconnected.
以下将对本实施例中的基于后量子密钥交换实现SSH协议的方法在建立SSH远程连接过程进行详细说明,分为六个步骤:The method for implementing the SSH protocol based on post-quantum key exchange in this embodiment will be described in detail in the process of establishing an SSH remote connection, which is divided into six steps:
第一步:版本协商。The first step: version negotiation.
版本协商之前,双方首先建立TCP连接:由客户端向服务器发送TCP请求连接。Before version negotiation, the two parties first establish a TCP connection: the client sends a TCP request connection to the server.
TCP连接成功建立之后,客户端进入等待阶段。服务器将发送第一个报文到客户端,报文内容为SSH协议版本号和软件版本号。其中协议版本号包括主版本号和次版本号,报文内容如下:After the TCP connection is successfully established, the client enters the waiting phase. The server will send the first message to the client, and the content of the message is the SSH protocol version number and software version number. The protocol version number includes a major version number and a minor version number, and the content of the message is as follows:
“SSH-<主协议版本号>.<次协议版本号>-<软件版本号>\n”"SSH-<Major protocol version number>.<Minor protocol version number>-<Software version number>\n"
客户端收到报文后,返回服务器一个报文,内容为自己的相关版本号,且内容的格式与服务器发送的报文一致。After receiving the message, the client returns a message to the server, the content of which is its own version number, and the format of the content is consistent with the message sent by the server.
服务器收到客户端发送过来的版本号后,与自己的版本号进行比较,以确定是否兼容。如果不兼容,则直接断开TCP连接,如果兼容,服务器生成一个数字,标识此客户端是第几个与自己请求建立SSH连接的主机,然后进入到下一阶段。After the server receives the version number sent by the client, it compares it with its own version number to determine whether it is compatible. If it is not compatible, the TCP connection will be disconnected directly. If it is compatible, the server will generate a number that identifies the client as the host that requests to establish an SSH connection with itself, and then enters the next stage.
第二步:验证可信。Step 2: Verify authenticity.
通信双方的可信验证自系统加电启动开始,一直到最后应用程序,这之间的每一步都将进行度量,并将度量值扩展到PCR(Platform Configure Register,平台配置寄存器)中。同时,双方还将每一步的度量操作、度量结果以及这些中间状态保存进存储度量日志SML(Storage Measure Log)内。The credible verification of both communication parties starts from the power-on of the system to the final application program. Every step in between will be measured, and the measured value will be extended to the PCR (Platform Configure Register, platform configuration register). At the same time, both parties also save the measurement operation, measurement results and these intermediate states of each step into the storage measurement log SML (Storage Measure Log).
验证通信双方的可信状态详细流程如图4所示,具体说明如下:The detailed process of verifying the trusted status of both communication parties is shown in Figure 4, and the details are as follows:
1客户端首先发送验证自身可信状态的请求到服务器;1 The client first sends a request to verify its trusted status to the server;
2服务器收到客户端的请求后,随机生成一个M位(,M为自然数,一般为160)的第一随机数RandNum1,然后将该第一随机数与验证自身可信状态的请求到客户端;2. After receiving the request from the client, the server randomly generates a first random number RandNum1 of M digits (where M is a natural number, generally 160), and then sends the first random number and a request to verify its own trusted status to the client;
3客户端收到第一随机数与验证请求后,首选也随机的对应生成一个M位的第二随机数RandNum2,然后向TPM请求完整性度量,并将第一随机数RandNum1和PCR值、度量日志SML加密,最后将加密结果、第二随机数RandNum2以及TPM公钥一起发送到服务器;3 After the client receives the first random number and the verification request, it firstly and randomly generates a second random number RandNum2 of M bits, and then requests the TPM for integrity measurement, and compares the first random number RandNum1 with the PCR value and measurement Log SML encryption, and finally send the encryption result, the second random number RandNum2 and the TPM public key to the server;
4服务器收到数据后,首先要判断此客户端是否是请求建立SSH连接的第一个客户端,如果是,检查本地是否存在可信凭证,如果本地存在可信凭证且该可信凭证仍然在有效期内,则直接进行下一步;否则,则需要先向本机TPM请求完整性度量,然后将随机数RandNum2和自己的PCR值、度量日志SML加密,将加密结果和TPM公钥一起发送到客户端;4 After the server receives the data, it must first determine whether the client is the first client requesting to establish an SSH connection. If so, check whether there is a trusted certificate locally. If there is a trusted certificate locally and the trusted certificate is still in the Within the validity period, go to the next step directly; otherwise, you need to request integrity measurement from the local TPM first, then encrypt the random number RandNum2, your own PCR value, and measurement log SML, and send the encryption result together with the TPM public key to the client end;
5服务器根据客户端发送的数据验证客户端的可信状态,如果验证通过,生成可信验证通过凭证,该凭证包含客户端IP、客户端唯一标识符、本机服务器的IP与标识符、生成该凭证的时间、凭证有效期,并使用客户端发送的TPM公钥对这些信息进行加密,将加密结果与验证通过信息一起发送到客户端;5. The server verifies the trusted status of the client according to the data sent by the client. If the verification is passed, a credible verification certificate is generated. The certificate includes the client IP, the unique identifier of the client, the IP and identifier of the local server, and generates the The time of the certificate, the validity period of the certificate, and use the TPM public key sent by the client to encrypt these information, and send the encryption result and the verification pass information to the client;
6客户端收到数据后,验证服务器的可信状态,同理,如果验证通过后,客户端同样生成一个可信凭证,内容包括服务器IP、服务器唯一标识符、本机客户端的IP与标识符、生成该凭证的时间、凭证有效期,并使用服务器发送的TPM公钥对这些信息进行加密,将加密结果与验证通过信息一起发送到服务器;6 After the client receives the data, it verifies the trusted status of the server. Similarly, if the verification is passed, the client also generates a credible certificate, which includes the server IP, the unique identifier of the server, and the IP and identifier of the local client. , The time when the certificate was generated, the validity period of the certificate, and use the TPM public key sent by the server to encrypt these information, and send the encryption result and the verification pass information to the server;
7服务器收到可信凭据后,使用自己的TPM私钥解密该可信凭据,并将其保存在本地。此时,双方的可信状态均以验证通过,可以进行下面的步骤,否则直接断开连接。7 After the server receives the credential, it uses its own TPM private key to decrypt the credential and save it locally. At this point, the trusted status of both parties has passed the verification, and the following steps can be performed, otherwise, the connection will be disconnected directly.
第三步:算法协商。Step 3: Algorithm negotiation.
由于SSH设计的灵活性,目前SSH可以协商的算法种类有很多种,例如,数据加密算法、密钥交换算法、压缩算法、身份认证算法以及完整性校验算法等。客户端和服务器将自己支持的算法列表发送到对端,每种算法类型列表的第一个算法为首选算法,且服务器以客户端的算法优先级作为考虑。如果双方某一算法类型没有共同的算法,那么此次会话将终止。Due to the flexibility of SSH design, there are currently many types of algorithms that can be negotiated by SSH, such as data encryption algorithms, key exchange algorithms, compression algorithms, identity authentication algorithms, and integrity verification algorithms. The client and server send their supported algorithm list to the peer. The first algorithm in each algorithm type list is the preferred algorithm, and the server takes the client's algorithm priority as consideration. If there is no common algorithm for a certain algorithm type between the two parties, the session will be terminated.
本实施例在于利用基于R-LWE的后量子认证密钥交换算法完成密钥协商,因此设置基于R-LWE的后量子认证密钥交换算法为密钥协商的首选算法。In this embodiment, the R-LWE-based post-quantum authenticated key exchange algorithm is used to complete the key agreement, so the R-LWE-based post-quantum authenticated key exchange algorithm is set as the preferred algorithm for key agreement.
第四步:密钥协商。Step 4: Key negotiation.
整个密钥交换过程主要分为三个步骤,交换数据两次,流程可参考图3。The entire key exchange process is mainly divided into three steps, exchanging data twice, the process can refer to Figure 3.
为了方便描述密钥交换的整个过程,定义如下参数:In order to describe the whole process of key exchange conveniently, the following parameters are defined:
n为安全参数,且n必须是2的幂数,函数f(x)=xn+1;n is a safety parameter, and n must be a power of 2, the function f(x)=xn +1;
q为一个奇素数,定义q=2w(logn);q is an odd prime number, define q=2w(logn) ;
定义R=Z[x]/<f(x)>,它是Z[x]上的所有多项式模f(x)的一个环,同理定义Rq=Zq[x]/<f(x)>。Define R=Z[x]/<f(x)>, it is a ring of all polynomials modulo f(x) on Z[x], similarly define Rq =Zq [x]/<f(x )>.
函数H1的定义如公式(1-1)所示:The definition of functionH1 is shown in formula (1-1):
由公式(1-1)可以看出函数H1的作用是将一个字符串映射到上的一个采样结果χγ,其中γ是一个正实数。函数H的定义为H:{0,1}*→{0,1}k,它是密钥生成函数,一般为哈希函数,使用不同的哈希函数,就可以得到不同位数的密钥。It can be seen from formula (1-1) that the function of function H1 is to map a string to A sampling result on χγ , where γ is a positive real number. The function H is defined as H:{0,1}* →{0,1}k , it is a key generation function, generally a hash function, using different hash functions, you can get keys with different digits .
以下是详细介绍密钥交换的整个过程:The following is the entire process detailing the key exchange:
1客户端首先生成自己的公私密钥对:从第一参数为α高斯分布χα上随机采样,通过计算得到sc和ec,然后计算pc=asc+2ec,计算成功后将sc和pc分别作为自己的私钥和公钥,即客户端私钥sc和客户端公钥pc,并将二者全部保存在本地。这里应该理解的是,本实施例采用高斯分布来达到抵抗量子计算机攻击的目的,以下的各计算公式与高斯分布对应。1 The client first generates its own public-private key pair: randomly sample from the Gaussian distribution χα whose first parameter is α, obtain sc and ec through calculation, and then calculate pc =asc +2ec , after the calculation is successful, the sc andpc are used as its own private key and public key respectively, that is, the client private key sc and the client public key pc , and both are stored locally. It should be understood here that the present embodiment uses a Gaussian distribution to achieve the purpose of resisting quantum computer attacks, and the following calculation formulas correspond to the Gaussian distribution.
2服务器首先进行的也是生成自己的公私密钥对:从与客户端相同的第一参数为α的高斯分布χα上随机采样并计算得到ss和es,并计算ps=ass+2es,计算成功后将ss和ps分别作为自己的私钥和公钥,即服务器私钥ss和服务器公钥ps,并将二者并保存在本地。此阶段可以与客户端同时进行。2 The first thing the server does is to generate its own public-private key pair: randomly sample and calculate ss ande sfrom the same Gaussian distribution χ α whose first parameter is α as the client, and calculate ps =ass + 2es , after the calculation is successful, use ss and ps as its own private key and public key respectively, that is, the server private key ss and the server public key ps , and save them locally. This phase can occur concurrently with the client.
3客户端成功生成自己的公私密钥对后,从第二参数为β的高斯分布χβ上随机多次采样计算得到rc和fc,计算客户端临时会话公钥x=arc+2fc,最后将计算结果即客户端临时会话公钥x和客户端公钥pc一起发送至服务器。而服务器计算完自己的公私密钥对后进入等待阶段。3 After the client successfully generates its own public-private key pair, it calculates r c and f c from the Gaussian distribution χβ whose second parameter is β, and calculates rc and fc randomly, and calculates the client temporary session public key x=arc +2fc , and finally send the calculation result, that is, the client temporary session public key x and the client public key pc to the server. After the server calculates its own public-private key pair, it enters the waiting stage.
4服务器收到客户端发送过来的数据后,首先将客户端发送过来的客户端公钥pc与自己的本地数据库进行对比,验证客户端主机的身份。如果本地数据库不存在该客户端对应的客户端公钥pc,说明是首次连接,则将客户端公钥pc、IP以及客户端的名字保存到本地数据库中。通常情况下,不存在身份不通过的可能,首次连接只需要把对方发送过来的数据保存,然后继续连接即可。4 After the server receives the data sent by the client, it first compares the client public keyPC sent by the client with its own local database to verify the identity of the client host. If the client public key pc corresponding to the client does not exist in the local database, it means that it is the first connection, and the client public key pc , IP and client name are saved in the local database. Under normal circumstances, there is no possibility of identity failure. For the first connection, you only need to save the data sent by the other party, and then continue the connection.
如果存在,并且客户端身份验证通过后,同样地在第二参数为β的高斯分布χβ上随机采样并计算得到rs、fs和gs,计算服务器临时会话公钥y=ars+2fs。If it exists, and after the client authentication is passed, similarly randomly sample and calculate rs , fs and gs on the Gaussian distribution χβ whose second parameter is β, and calculate the servertemporary session public key y=ars + 2fs .
同时按照公式(1-2)计算服务器临时会话变量ks:At the same time, calculate the server temporary session variable ks according to formula (1-2):
ks=(pcc+x)(ssd+rs)+2gs (1-2)ks =(pc c+x)(ss d+rs )+2gs (1-2)
其中:客户端向量c=H1(client,server,x),服务器向量d=H1(server,client,y,x),临时会话变量是仅为了此次会话才生成的临时公钥,会话结束后就自动删除,以保证较高的安全性。Among them: client vector c=H1 (client,server,x), server vector d=H1 (server,client,y,x), temporary session variable is a temporary public key generated only for this session, session After the end, it will be automatically deleted to ensure higher security.
随后,服务器为了消除错误,优选按照公式(1-3)计算临时会话消错变量w。Subsequently, in order to eliminate the error, the server preferably calculates the temporary session error elimination variable w according to the formula (1-3).
w=Cha(ks) (1-3)w=Cha(ks ) (1-3)
其中:Cha()为特征关联函数,定义如下:Among them: Cha() is a feature correlation function, defined as follows:
设qmod2n=1,单位矩阵则定义特征关联函数Cha()计算公式如(1-4)所示:Let qmod2n=1, identity matrix Then define the calculation formula of the feature correlation function Cha() as shown in (1-4):
其中:v∈Mq,即v是Mq中的元素。Among them: v∈Mq , that is, v is an element in Mq .
服务器成功计算出这些数据后,将计算结果(w,y,ps)一起发送至客户端。数据发出后,服务器利用公式(1-5)计算服务器共享密钥初始种子σs。After the server successfully calculates these data, it sends the calculation result (w, y, ps ) to the client together. After the data is sent, the server uses the formula (1-5) to calculate the initial seed σs of the server's shared key.
σs=Mod2(ks,w) (1-5)σs =Mod2 (ks ,w) (1-5)
其中:Mod2()为模2函数,定义如下:Wherein: Mod2 () is modulo 2 function, is defined as follows:
设qmod2n=1,单位矩阵则定义模函数Mod2的计算公式如(1-6)所示:Let qmod2n=1, identity matrix Then define the calculation formula of the modulus function Mod2 as shown in (1-6):
Mod2(v,w)=(v+w·(q-1)/2)modqmod 2 (1-6)Mod2 (v,w)=(v+w·(q-1)/2)modqmod 2 (1-6)
其中v∈Mq,w∈{0,1}。对于Mq中的任意一个元素v,可以通过简单计算即可证明u=v+Cha(v)·(q-1)/2mod q是E中的元素。where v∈Mq , w∈{0,1}. For any element v in Mq , it can be proved by simple calculation that u=v+Cha(v)·(q-1)/2mod q is an element in E.
这里应该理解的是,共享密钥初始种子虽然在一定程度上可以视为最终协商的共享密钥,但是出于安全性考虑,它可能会被攻击者根据双方交换的信息计算出来,所以不能直接用于共享密钥,这里先使用哈希函数进行额外的处理。It should be understood here that although the initial seed of the shared key can be regarded as the final negotiated shared key to a certain extent, for security reasons, it may be calculated by the attacker based on the information exchanged between the two parties, so it cannot be directly For shared keys, here a hash function is first used for additional processing.
最后,服务器利用上面计算的数据计算服务器共享密钥,计算公式如(1-7)所示:Finally, the server uses the data calculated above to calculate the server shared key, and the calculation formula is shown in (1-7):
sks=H(client,server,x,y,w,σs) (1-7)sks =H(client,server,x,y,w,σs ) (1-7)
其中:H()函数为一般为哈希函数,例如SHA256哈希函数。Wherein: the H() function is generally a hash function, such as the SHA256 hash function.
此时的服务器共享密钥sks就是密钥协商算法最终计算得到的共享密钥,用以加密后续要传输的数据,保障该次会话的安全。At this time, the server shared key sks is the shared key finally calculated by the key agreement algorithm, and is used to encrypt the data to be transmitted subsequently to ensure the security of the session.
5客户端收到服务器发送过来的数据(w,y,ps)后,首先进行的是身份认证,将服务器公钥ps与本地保存服务器公钥相关的数据库进行对比,如果本地数据库不存在该服务器的相关信息,则将该服务器公钥ps、IP以及名称保存在本地数据库。如果存在,且身份验证通过,则从第二参数为β的高斯分布χβ上随机采样gc,根据公式(1-8)计算客户端临时会话变量kc:5 After the client receives the data (w, y, ps ) sent by the server, the first thing to do is identity authentication, and compare the server public key ps with the database related to the server public key stored locally. If the local database does not exist For the relevant information of the server, save the server public key ps , IP and name in the local database. If it exists, and the identity verification is passed, randomly sample gc from the Gaussian distribution χβ whose second parameter is β, and calculate the temporary session variable kc of the client according to the formula (1-8):
kc=(psd+y)(scc+rc)+2gc (1-8)kc =(ps d+y)(sc c+rc )+2gc (1-8)
同样的,定义c=H1(client,server,x),d=H1(server,client,y,x)Similarly, define c=H1 (client,server,x), d=H1 (server,client,y,x)
最后,客户端计算客户端共享密钥初始种子σc和客户端共享密钥skc,计算公式分别如公式(1-9)和公式(1-10)所示:Finally, the client calculates the initial seed σc of the client shared key and the shared key skc of the client, and the calculation formulas are shown in formula (1-9) and formula (1-10):
σc=Mod2(kc,w) (1-9)σc =Mod2 (kc ,w) (1-9)
skc=H(client,server,x,y,w,σc) (1-10)skc =H(client,server,x,y,w,σc ) (1-10)
skc即为客户端密钥协商阶段生成的客户端共享密钥。skc is the client shared key generated during the client key negotiation phase.
客户端和服务器在成功计算出自己的共享密钥之后,向对端发送SSH2_MSG_NEWKEYS消息,告诉对方自己共享密钥已经生成,至此密钥协商阶段结束。可以进行下一步骤。After the client and the server successfully calculate their own shared key, they send the SSH2_MSG_NEWKEYS message to the other end, telling the other end that their shared key has been generated, and the key negotiation phase ends. You can proceed to the next step.
以下内容将先对上述计算过程进行验证:The following content will first verify the above calculation process:
由公式(1-7)和公式(1-10)可知,客户端共享密钥skc和服务器共享密钥sks的计算函数相同,函数参数类型基本相同,只有σc和σs是不同的,因此要想证明skc和sks相等,就可以转换为证明σc和σs是相等的。σc和σs的计算公式分别为公式(1-11)和公式(1-12)所示:From formula (1-7) and formula (1-10), it can be known that the calculation function of the client shared key skc and the server shared key sks are the same, and the function parameter types are basically the same, only σc and σs are different , so to prove that skc and sks are equal, it can be converted to prove that σc and σs are equal. The calculation formulas of σc and σs are shown in formula (1-11) and formula (1-12) respectively:
σc=Mod2(kc,w) (1-11)σc =Mod2 (kc ,w) (1-11)
σs=Mod2(ks,w) (1-12)σs =Mod2 (ks ,w) (1-12)
由公式(1-11)和公式(1-12)可以看出,σc和σs都是使用函数Mod2(k,v),且函数的第二个输入参数w也是相同的,换句话说,即σc和σs是否相等由第一个输入参数kc和ks来决定。那么判断σc和σs是否相等就可以转换为判断kc和ks是否相同。客户端和服务器计算kc和ks的方法分别为公式(1-13)和公式(1-14)所示。From formula (1-11) and formula (1-12), it can be seen that both σc and σs use the function Mod2 (k, v), and the second input parameter w of the function is also the same, in other words In other words, whether σc and σs are equal is determined by the first input parameters kc and ks . Then judging whether σc and σs are equal can be transformed into judging whether kc and ks are the same. The methods for calculating kc and ks by the client and the server are shown in formula (1-13) and formula (1-14) respectively.
其中:而in: and
结合公式(1-13)和公式(1-14)以及和可以得到公式(1-15):Combining Equation (1-13) and Equation (1-14) and and Formula (1-15) can be obtained:
时,则认为ki和kj相等。因此,在实际应用中,选取参数时,注意选取的参数能够满足此条件即可保障kc和ks相等。因此,联立公式(1-11)-公式(1-15),σc和σs是相等的,因此skc和sks相等。 , it is considered that ki and kj are equal. Therefore, in practical applications, when selecting parameters, pay attention to the fact that the selected parameters can satisfy this condition to ensure that kc and ks are equal. Therefore, simultaneous formula (1-11) - formula (1-15), σc and σs are equal, so skc and sks are equal.
此密钥交换算法的安全性依赖于R_LWE搜索型问题的困难性。即在R-LWE分布中,给定ai和bi,求解能够满足等式bi=<ai,s>+ei的向量s是非常困难的,即使使用量子计算机进行计算,也只能在指数时间内进行求解,并且密钥交换阶段在不需要支持其他身份认证算法的条件下,也完成了对通信双方的身份认证,防止中间人攻击,提升了SSH传输层的安全性。The security of this key exchange algorithm depends on the difficulty of the R_LWE search type problem. That is, in the R-LWE distribution, given ai and bi , it is very difficult to solve the vector s that satisfies the equation bi =<a i ,s> +ei , even if a quantum computer is used for calculation, only The solution can be solved in exponential time, and the key exchange phase also completes the identity authentication of both communication parties without supporting other identity authentication algorithms, preventing man-in-the-middle attacks and improving the security of the SSH transport layer.
此外,SSH支持多种加密算法,例如DES、3DES、AES等,这些加密算法所需要的密钥位数不同,且不一定就是256位,但是例如本方案中最终生成的共享密钥是固定的256位,那么为了能够很好的使用该密钥,就需要继续处理此共享密钥。当所需密钥小于256位时比较方便,只需要取出前面所需要的位数即可,例如加密算法需要128位密钥,那么取出共享密钥的前128位数据作为加密密钥即可。但是当所需要的密钥大于256位时,就需要进行额外的运算了。具体的计算方法如(1-16)-(1-18)所示:In addition, SSH supports a variety of encryption algorithms, such as DES, 3DES, AES, etc. The number of key bits required by these encryption algorithms is different, and not necessarily 256 bits, but for example, the final shared key generated in this solution is fixed. 256 bits, then in order to be able to use the key well, it is necessary to continue to process this shared key. It is more convenient when the required key is less than 256 bits. You only need to take out the required number of bits. For example, if the encryption algorithm requires a 128-bit key, then take out the first 128 bits of the shared key as the encryption key. However, when the required key is larger than 256 bits, additional calculations are required. The specific calculation method is shown in (1-16)-(1-18):
k1=SHA256(sk||session_id) (1-16)k1 =SHA256(sk||session_id) (1-16)
k2=SHA256(sk||k1) (1-17)k2 =SHA256(sk||k1 ) (1-17)
k3=SHA256(sk||k1||k2) (1-18)k3 =SHA256(sk||k1 ||k2 ) (1-18)
当需要的密钥大于256位时,按照公式(1-16)计算k1,加密密钥K=sk||k1;When the required key is greater than 256 bits, calculate k1 according to formula (1-16), encryption key K=sk||k1 ;
如果需要的密钥大于512位,则按照公式(1-17)计算k2,加密密钥K=sk||k1||k2;If the required key is greater than 512 bits, then calculate k2 according to formula (1-17), encryption key K=sk||k1 ||k2 ;
若需要的密钥长度按照公式(1-17)计算还是不够,则按照公式(1-18)计算k3,加密密钥K=sk||k1||k2||k3。If the required key length is not enough calculated according to the formula (1-17), then calculate k3 according to the formula (1-18), and the encryption key K=sk||k1 ||k2 ||k3 .
依次类推,直至按照上述方法加长密钥到需要的密钥长度为止。And so on, until the key is lengthened to the required key length according to the above method.
这样,在客户端和服务器成功计算出共享密钥之后,分别将两者的版本号、共享密钥等信息作为哈希值的输入计算此次会话的ID,该会话ID在这次整个会话的过程中将不再改变。计算公式如(1-19)所示:In this way, after the client and the server successfully calculate the shared key, the version number, shared key and other information of the two are used as the input of the hash value to calculate the ID of this session. The process will not change. The calculation formula is shown in (1-19):
Hash=SHA256(C_V||S_V||pc||y||w||ps||x||sk) (1-19)Hash=SHA256(C_V||S_V||pc ||y||w||ps ||x||sk) (1-19)
其中C_V和S_V分别为客户端和服务器的版本号字符串,sk为共享密钥,||为连接符。Where C_V and S_V are the version number strings of the client and server respectively, sk is the shared key, and || is the connector.
第五步:用户认证。Step 5: User authentication.
成功协商出共享密钥后,双方进入到认证阶段。首先客户端发送用户认证请到求服务器,服务器收到该请求后,向客户端返回自己支持的认证方式列表,同时检查自己对认证超时和认证次数上限的配置信息。随后客户端从服务器支持的认证列表中选择出自己首选的认证方法,然后将该认证方式所需要的信息发送到服务器进行认证,如果认证成功,双方进入到下一阶段。否则,断开连接。After successfully negotiating the shared key, both parties enter the authentication phase. First, the client sends a user authentication request to the requesting server. After receiving the request, the server returns the list of authentication methods it supports to the client, and at the same time checks its own configuration information on authentication timeout and upper limit of authentication times. Then the client selects its preferred authentication method from the authentication list supported by the server, and then sends the information required by the authentication method to the server for authentication. If the authentication is successful, both parties enter the next stage. Otherwise, disconnect.
SSH主要支持两种认证方式:基于主机的认证方式和基于口令的认证方式。但是由于密钥协商部分已经对客户端和服务器的身份进行了认证,因此,此阶段的用户认证方式不再建议使用基于主机的认证方式,推荐使用基于口令的认证方式,因为这样不仅完成了对通信主机的身份认证,还能够对使用用户的身份进行认证,进一步提高通信的安全强度。SSH mainly supports two authentication methods: host-based authentication and password-based authentication. However, since the identity of the client and the server has been authenticated in the key negotiation part, the user authentication method at this stage is no longer recommended to use the host-based authentication method, but the password-based authentication method is recommended, because this not only completes the authentication of the The identity authentication of the communication host can also authenticate the identity of the user, further improving the security strength of the communication.
第六步:请求连接。Step 6: Request connection.
认证成功后,客户端则发送会话请求,服务器收到客户端请求后及时进行处理。会话请求包括以下几类:请求伪终端、打开shel l、执行命令、启动X转发、启动TCP/IP端口转发、申请压缩数据、启动认证代理等等。After the authentication is successful, the client sends a session request, and the server processes it in time after receiving the request from the client. Session requests include the following categories: requesting a pseudo-terminal, opening a shell, executing commands, starting X forwarding, starting TCP/IP port forwarding, applying for compressed data, starting an authentication agent, and so on.
综上,该基于后量子密钥交换实现SSH协议的方法提供了一种基于R-LWE后量子认证密钥交换算法的可信SSH改进方法:当客户端和服务器使用SSH进行远程连接时,双方先将自己的协议版本号、软件版本号等信息发送到对端进行版本协商。版本协商成功后,双方分别向对端发送可信证明请求并验证对方的可信状态,当双方的可信状态均验证通过后,双方开始算法协商和密钥协商。密钥协商阶段双方均从同一参数的离散高斯分布上采样,计算自己的公私密钥对,以及其他必需的中间变量,之后将自己的公钥和其他数据发送至对端,完成身份认证与共享密钥的生成,此共享密钥由后量子算法生成,能够抵抗量子攻击,提高密钥协商阶段的安全性,防止共享密钥被第三方破解。共享密钥生成后,双方利用此密钥加密之后要传输的数据,完成用户认证和连接请求部分。To sum up, the method of implementing SSH protocol based on post-quantum key exchange provides a trusted SSH improvement method based on R-LWE post-quantum authentication key exchange algorithm: when the client and server use SSH for remote connection, both parties First send information such as its own protocol version number and software version number to the peer for version negotiation. After the version negotiation is successful, both parties send a credible certification request to the peer and verify the credible status of the other party. When the credible status of both parties is verified, the two parties start algorithm negotiation and key negotiation. In the key agreement phase, both parties sample from the discrete Gaussian distribution of the same parameter, calculate their own public-private key pair, and other necessary intermediate variables, and then send their own public key and other data to the peer to complete identity authentication and sharing Key generation. This shared key is generated by a post-quantum algorithm, which can resist quantum attacks, improve the security of the key agreement stage, and prevent the shared key from being cracked by a third party. After the shared key is generated, both parties use this key to encrypt the data to be transmitted to complete the user authentication and connection request.
可见,该基于后量子密钥交换实现SSH协议的方法,通过在SSH传输层阶段利用基于R-LWE的后量子认证密钥交换算法以及可信计算技术改进SSH的方案,首先利用可信计算技术,在SSH算法协商之前验证通信双方的可信状态,以防止其中一方可能被黑客攻击而另一方完全不知的情况,其次利用基于R-LWE的后量子认证密钥交换算法完成密钥协商与身份认证,然后利用协商出的共享密钥对数据加密传输,最终完成远程安全服务过程。从而,将基于R-LWE的后量子认证密钥交换算法与可信计算技术整合进SSH协议中,简化SSH密钥协商阶段,提高建立连接速度,防止共享密钥被量子计算机破解,提升SSH抵抗量子计算攻击的能力。同时验证了主机的可信状态,提升了SSH会话安全性,也大大降低了通信一方被另一方非法控制的可能性。It can be seen that the method of implementing the SSH protocol based on post-quantum key exchange uses the R-LWE-based post-quantum authentication key exchange algorithm and trusted computing technology to improve the SSH scheme in the SSH transport layer stage. First, the trusted computing technology is used to , before the SSH algorithm negotiation, verify the trusted state of the two parties in communication, so as to prevent one party from being hacked and the other party completely unaware, and then use the post-quantum authenticated key exchange algorithm based on R-LWE to complete the key agreement and identity Authentication, and then use the negotiated shared key to encrypt and transmit data, and finally complete the remote security service process. Therefore, the R-LWE-based post-quantum authentication key exchange algorithm and trusted computing technology are integrated into the SSH protocol, which simplifies the SSH key negotiation phase, improves the connection establishment speed, prevents the shared key from being cracked by quantum computers, and improves SSH resistance Capability of Quantum Computing Attacks. At the same time, the trusted status of the host is verified, the security of the SSH session is improved, and the possibility of one party being illegally controlled by the other party is greatly reduced.
实施例2:Example 2:
本实施例提供了一种基于后量子密钥交换实现SSH协议的系统,能有效防止通信的客户端和服务器生成的共享密钥被量子计算机攻破;另一方面还能够验证客户端和服务器两方的可信状态。This embodiment provides a system for implementing the SSH protocol based on post-quantum key exchange, which can effectively prevent the shared key generated by the communicating client and server from being breached by a quantum computer; on the other hand, it can also verify both the client and the server trusted status.
该基于后量子密钥交换实现SSH协议的系统包括密钥交换模块,密钥交换模块包括第一密钥单元、第二密钥单元和第一验证单元、第二验证单元,其中:The system for implementing the SSH protocol based on post-quantum key exchange includes a key exchange module, and the key exchange module includes a first key unit, a second key unit, a first verification unit, and a second verification unit, wherein:
第一密钥单元,位于服务器,用于完成下述功能:The first key unit is located in the server and is used to complete the following functions:
从第一参数的高斯分布上随机采样,计算服务器的公私密钥对;Randomly sample from the Gaussian distribution of the first parameter, and calculate the public-private key pair of the server;
在第一验证单元通过客户端的身份认证后,从第二参数的高斯分布上的随机采样,计算服务器临时会话公钥;After the first verification unit passes the identity authentication of the client, it calculates the temporary session public key of the server from random sampling on the Gaussian distribution of the second parameter;
根据客户端临时会话公钥、客户端向量、客户端临时服务器向量、以及服务器在第一参数和第二参数的高斯分布上的随机采样,计算服务器临时会话变量以及临时会话消错变量;According to the client's temporary session public key, the client's vector, the client's temporary server's vector, and the server's random sampling on the Gaussian distribution of the first parameter and the second parameter, calculate the server's temporary session variable and the temporary session's error-elimination variable;
以及,根据服务器临时会话变量以及临时会话消错变量计算服务器共享密钥初始种子;And, calculate the initial seed of the server's shared key according to the server's temporary session variable and the temporary session error correction variable;
根据客户端向量、服务器向量、客户端临时会话公钥、服务器临时会话公钥、临时会话消错变量和服务器共享密钥初始种子,利用后量子算法生成此次会话的最终服务器共享密钥;According to the client vector, server vector, client temporary session public key, server temporary session public key, temporary session error correction variable and server shared key initial seed, use the post-quantum algorithm to generate the final server shared key for this session;
第一验证单元,位于服务器,用于接收客户端公钥和客户端临时会话公钥,对客户端进行身份验证,如果验证不能通过,服务器将直接断开链接,否则进行后续认证;The first verification unit is located on the server, and is used to receive the client public key and the client temporary session public key, and perform identity verification on the client. If the verification fails, the server will directly disconnect the link, otherwise, follow-up verification will be performed;
第二密钥单元,位于客户端,用于完成下述功能:The second key unit is located at the client end and is used to complete the following functions:
从第一参数的高斯分布上随机采样,计算客户端的公私密钥对;Randomly sample from the Gaussian distribution of the first parameter, and calculate the public-private key pair of the client;
从第二参数的高斯分布上随机采样,计算客户端临时会话公钥,并将客户端公钥和客户端临时会话公钥发送至服务器;Randomly sample from the Gaussian distribution of the second parameter, calculate the client temporary session public key, and send the client public key and the client temporary session public key to the server;
在第二验证单元通过服务器的身份认证后,根据客户端临时会话公钥、客户端向量、服务器向量、服务器临时会话公钥、以及客户端在第一参数和第二参数的高斯分布上的随机采样,计算客户端临时会话变量,进而根据客户端临时会话变量以及临时会话消错变量计算客户端共享密钥初始种子;After the second verification unit passes the identity authentication of the server, according to the client's temporary session public key, the client vector, the server vector, the server's temporary session public key, and the client's random Sampling, calculating the client temporary session variable, and then calculating the initial seed of the client shared key according to the client temporary session variable and the temporary session error correction variable;
以及,根据客户端向量、服务器向量、客户端临时会话公钥、服务器临时会话公钥、临时会话消错变量和客户端共享密钥初始种子,利用后量子算法生成此次会话的最终服务器共享密钥;And, according to the client vector, server vector, client temporary session public key, server temporary session public key, temporary session error correction variable and client shared key initial seed, use the post-quantum algorithm to generate the final server shared secret for this session key;
第二验证单元,位于客户端,用于根据服务器公钥对服务器进行身份验证,如果验证不能通过,终止密钥交换,否则进行后续认证。The second verification unit is located on the client side and is used to verify the identity of the server according to the public key of the server. If the verification fails, the key exchange is terminated; otherwise, subsequent verification is performed.
在第一密钥单元中:In the first key unit:
服务器临时会话公钥ks为:The server temporary session public key ks is:
ks=(pcc+x)(ssd+rs)+2gsks =(pc c+x)(ss d+rs )+2gs
其中:in:
c=H1(client,server,x),为客户端向量;c=H1 (client,server,x), is the client vector;
x=arc+2fc,为客户端临时会话公钥;x=arc +2fc is the temporary session public key of the client;
rci和fci为客户端从第二参数为β的高斯分布χβ上的随机采样值,q为正整数(例如q=5);rci and fci are random sampling values from the client on the Gaussian distribution χβ whose second parameter is β, and q is a positive integer (for example, q=5);
d=H1(server,client,y,x),为服务器向量;d=H1 (server,client,y,x), which is the server vector;
y=ars+2fs,为服务器临时会话公钥;y=ars +2fs , which is the temporary session public key of the server;
rsi,fsi,gsi为服务器从第二参数为β的高斯分布χβ上的随机采样值,q为正整数(例如q=5);rsi , fsi , gsi are random sampling values from the server on the Gaussian distribution χβ whose second parameter is β, and q is a positive integer (for example, q=5);
pc=asc+2ec,为客户端公钥;pc =asc +2ec , which is the client public key;
sci和eci为客户端从第一参数为α高斯分布χα上的随机采样值,q为正整数(例如q=5),sc仍为客户端私钥;sci and eci are random sampling values from the first parameter of the client on the α Gaussian distribution χα , q is a positive integer (for example, q=5), and sc is still the private key of the client;
以及,临时会话消错变量w为:And, the temporary session error correction variable w is:
w=Cha(ks)w=Cha(ks )
其中:Cha()为特征关联函数;Among them: Cha() is the feature correlation function;
根据(w,y,ps),服务器共享密钥初始种子σs为:According to (w, y, ps ), the initial seed σs of the server shared key is:
σs=Mod2(ks,w)σs =Mod2 (ks ,w)
其中:Mod2()为模2函数,Mod2(v,w)=(v+w·(q-1)/2)modqmod 2,qmod2n=1,单位矩阵v∈Mq,w∈{0,1};Wherein: Mod2 () is a modulus 2 function, Mod2 (v, w)=(v+w·(q-1)/2) modqmod 2, qmod2n=1, identity matrix v∈Mq , w∈{0,1};
服务器共享密钥sks为:The server shared secret key sks is:
sks=H(client,server,x,y,w,σs)。sks =H(client, server, x, y, w, σs ).
在第二密钥单元中,In the second key unit,
客户端临时会话变量kc为:The client temporary session variable kc is:
kc=(psd+y)(scc+rc)+2gckc =(ps d+y)(sc c+rc )+2gc
其中:in:
gci为服务器从第二参数为β的高斯分布χβ上的随机采样值,q为正整数(例如q=5);gci is the random sampling value of the server from the Gaussian distribution χβ whose second parameter isβ , and q is a positive integer (for example, q=5);
ps=ass+2es,为服务器公钥;ps =ass +2es is the server public key;
ssi和esi为服务器从第一参数为α高斯分布χα上的随机采样值,q为正整数(例如q=5),ss仍为服务器私钥;ssi and esi are random sampling values of the server from the first parameter α Gaussian distribution χα , q is a positive integer (for example, q=5), ands s is still the server private key;
以及,根据(w,y,ps),客户端共享密钥初始种子σc为:And, according to (w, y, ps ), the initial seed σc of the client shared key is:
σc=Mod2(kc,w)σc =Mod2 (kc ,w)
其中:Mod2()为模2函数,Mod2(v,w)=(v+w·(q-1)/2)modqmod 2,qmod2n=1,单位矩阵v∈Mq,w∈{0,1};Wherein: Mod2 () is a modulus 2 function, Mod2 (v, w)=(v+w·(q-1)/2) modqmod 2, qmod2n=1, identity matrix v∈Mq , w∈{0,1};
客户端共享密钥skc为:The client shared secret key skc is:
skc=H(client,server,x,y,w,σc)。skc =H(client, server, x, y, w, σc ).
优选的是,该基于后量子密钥交换实现SSH协议的系统还包括验证可信模块,以验证通信双方的可信状态,由于增加了验证可信模块,那么就需要要求每一台通信主机内置TPM(Trusted Platform Module,可信平台模块)芯片。验证可信模块包括位于服务器的第一可信单元和位于客户端的第二可信单元,用于完成下述功能:Preferably, the system for implementing the SSH protocol based on post-quantum key exchange also includes a verification trusted module to verify the trusted status of both parties in communication. Since the verification and trusted module is added, it is necessary to require each communication host to have a built-in TPM (Trusted Platform Module, Trusted Platform Module) chip. The verification credible module includes a first credible unit located at the server and a second credible unit located at the client, for completing the following functions:
第二可信单元发送验证客户端可信状态的请求到第一可信单元;The second trusted unit sends a request to verify the trusted status of the client to the first trusted unit;
第一可信单元收到客户端的请求后,随机生成一个M位的第一随机数,将第一随机数与验证自身可信状态的请求到第二可信单元,其中M为自然数;After the first trusted unit receives the request from the client, it randomly generates a first random number with M bits, and sends the first random number and the request for verifying its own trusted status to the second trusted unit, where M is a natural number;
第二可信单元收到第一随机数与验证请求后,对应生成一个M位的第二随机数,然后向TPM请求完整性度量,并将第一随机数和配置寄存器值、度量日志SML加密,将加密结果、第二随机数以及TPM公钥一起发送到第一可信单元;After the second trusted unit receives the first random number and the verification request, it generates a M-bit second random number correspondingly, then requests the TPM for integrity measurement, and encrypts the first random number, the configuration register value, and the measurement log SML , sending the encryption result, the second random number and the TPM public key together to the first trusted unit;
第一可信单元收到数据后,判断此客户端是否是请求建立SSH连接的第一个客户端,如果是,检查本地是否存在可信凭证,如果本地存在可信凭证且该可信凭证仍然在有效期内,则直接进行下一步;否则,则需要先向本机可信请求完整性度量,然后将第二随机数和自己的配置寄存器值、度量日志SML加密,将加密结果和TPM公钥一起发送到第二可信单元;After the first trusted unit receives the data, it judges whether the client is the first client requesting to establish an SSH connection. If within the validity period, go to the next step directly; otherwise, you need to request integrity measurement from the local trustworthy first, then encrypt the second random number, its own configuration register value, measurement log SML, and encrypt the encrypted result with the TPM public key sent together to the second trusted unit;
第一可信单元根据第二可信单元发送的数据验证客户端的可信状态,如果验证通过,生成可信验证通过凭证,该凭证包含客户端IP、客户端唯一标识符、本机服务器的IP与标识符、生成该凭证的时间、凭证有效期,并使用客户端发送的TPM公钥进行加密,将加密结果与验证通过信息一起发送到客户端;The first credible unit verifies the credible state of the client according to the data sent by the second credible unit, and if the verification is passed, it generates a credible credential, which includes the client IP, the unique identifier of the client, and the IP of the local server With the identifier, the time when the certificate was generated, and the validity period of the certificate, it is encrypted with the TPM public key sent by the client, and the encrypted result is sent to the client together with the verification pass information;
客户端收到数据后,验证服务器的可信状态,如果验证通过后,第二可信单元同样生成一个可信凭证,内容包括服务器IP、服务器唯一标识符、本机客户端的IP与标识符、生成该凭证的时间、凭证有效期,并使用服务器发送的TPM公钥进行加密,将加密结果与验证通过信息一起发送到第一可信单元;After the client receives the data, it verifies the trusted status of the server. If the verification is passed, the second trusted unit also generates a trusted credential, which includes the server IP, the unique identifier of the server, the IP and identifier of the local client, The time of generating the credential and the valid period of the credential are encrypted with the TPM public key sent by the server, and the encrypted result is sent to the first trusted unit together with the verification pass information;
第一可信单元收到可信凭据后,使用自己的TPM私钥解密该可信凭据,并将其保存在本地,如此则双方的可信状态均以验证通过,否则直接断开连接。After the first trusted unit receives the trusted credential, it uses its own TPM private key to decrypt the trusted credential and saves it locally, so that the trusted statuses of both parties pass the verification, otherwise the connection is directly disconnected.
本实施例的基于后量子密钥交换算法的可信SSH协议改进方法,当用户使用改进后的SSH协议进行远程登录服务器时,SSH将首先验证通信双方的主机是否可信,然后再利用后量子密钥交换算法来完成客户端与远程服务器之间的密钥协商阶段以及双方身份认证阶段,这些过程用户无需关心底层实现原理,也无需改变之前的登录方法。本方法不仅用户透明性强,速度快,算法简单易理解,还能够在不降低原有SSH远程登录安全性的前提下,提供可信证明和后量子计算机功能,进一步增强SSH的安全性。The trusted SSH protocol improvement method based on the post-quantum key exchange algorithm of this embodiment, when the user uses the improved SSH protocol to log in to the server remotely, SSH will first verify whether the hosts of both communication parties are trustworthy, and then use the post-quantum The key exchange algorithm is used to complete the key negotiation phase between the client and the remote server and the two-way identity authentication phase. During these processes, users do not need to care about the underlying implementation principles, nor do they need to change the previous login method. This method not only has strong user transparency, fast speed, and simple and easy-to-understand algorithm, but also can provide credible proof and post-quantum computer functions without reducing the security of the original SSH remote login, and further enhance the security of SSH.
可以理解的是,以上实施方式仅仅是为了说明本发明的原理而采用的示例性实施方式,然而本发明并不局限于此。对于本领域内的普通技术人员而言,在不脱离本发明的精神和实质的情况下,可以做出各种变型和改进,这些变型和改进也视为本发明的保护范围。It can be understood that, the above embodiments are only exemplary embodiments adopted for illustrating the principle of the present invention, but the present invention is not limited thereto. For those skilled in the art, various modifications and improvements can be made without departing from the spirit and essence of the present invention, and these modifications and improvements are also regarded as the protection scope of the present invention.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711326036.9ACN108111301B (en) | 2017-12-13 | 2017-12-13 | Method and system for implementing SSH protocol based on post-quantum key exchange |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711326036.9ACN108111301B (en) | 2017-12-13 | 2017-12-13 | Method and system for implementing SSH protocol based on post-quantum key exchange |
| Publication Number | Publication Date |
|---|---|
| CN108111301Atrue CN108111301A (en) | 2018-06-01 |
| CN108111301B CN108111301B (en) | 2021-06-15 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711326036.9AActiveCN108111301B (en) | 2017-12-13 | 2017-12-13 | Method and system for implementing SSH protocol based on post-quantum key exchange |
| Country | Link |
|---|---|
| CN (1) | CN108111301B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108964890A (en)* | 2018-06-15 | 2018-12-07 | 南京南瑞国盾量子技术有限公司 | Based on tree-shaped identifiable multi-party quantum key distribution method layered |
| CN109101811A (en)* | 2018-08-10 | 2018-12-28 | 成都安恒信息技术有限公司 | A kind of O&M and auditing method of the controllable Oracle session based on the tunnel SSH |
| CN109617686A (en)* | 2019-01-10 | 2019-04-12 | 江苏理工学院 | An Improved Lattice-Based Key Exchange Protocol Algorithm |
| CN109756500A (en)* | 2019-01-11 | 2019-05-14 | 如般量子科技有限公司 | Anti- quantum calculation https traffic method and system based on multiple unsymmetrical key ponds |
| CN110808829A (en)* | 2019-09-27 | 2020-02-18 | 国电南瑞科技股份有限公司 | An SSH Authentication Method Based on Key Distribution Center |
| CN111464289A (en)* | 2020-01-13 | 2020-07-28 | 华中科技大学 | Implementation method and application of post-quantum key exchange protocol |
| CN111800467A (en)* | 2020-06-04 | 2020-10-20 | 河南信大网御科技有限公司 | Remote synchronous communication method, data interaction method, equipment and readable storage medium |
| CN111970270A (en)* | 2020-08-14 | 2020-11-20 | 山东省计算中心(国家超级计算济南中心) | SIP security authentication method and system based on-loop error learning problem |
| CN113094721A (en)* | 2021-03-16 | 2021-07-09 | 中国科学院信息工程研究所 | Post-quantum password authentication key exchange method based on modular error learning |
| CN113141327A (en)* | 2020-01-02 | 2021-07-20 | 中国移动通信有限公司研究院 | Information processing method, device and equipment |
| US11240014B1 (en) | 2019-09-10 | 2022-02-01 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| CN114024676A (en)* | 2022-01-05 | 2022-02-08 | 华中科技大学 | Post-quantum encryption and decryption method, system, equipment and medium based on identity identification |
| US11258617B1 (en)* | 2020-12-04 | 2022-02-22 | Salesforce.Com, Inc. | Device identity using key agreement |
| CN114095229A (en)* | 2021-11-15 | 2022-02-25 | 中国电力科学研究院有限公司 | Method, device and system for constructing data transmission protocol of energy Internet |
| CN114124496A (en)* | 2021-11-12 | 2022-03-01 | 福州汇思博信息技术有限公司 | SSH remote login method based on server issued key and server |
| CN114143031A (en)* | 2021-11-01 | 2022-03-04 | 北京银盾泰安网络科技有限公司 | Remote encryption platform based on Web and SSH and encryption method thereof |
| US11322050B1 (en) | 2020-01-30 | 2022-05-03 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11343270B1 (en) | 2019-09-10 | 2022-05-24 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| CN114629646A (en)* | 2022-05-06 | 2022-06-14 | 确信信息股份有限公司 | Safe transmission method and system based on mixed quantum key encapsulation and negotiation |
| CN114765531A (en)* | 2020-12-30 | 2022-07-19 | 科大国盾量子技术股份有限公司 | Authentication method, quantum key calling method, device and quantum cryptography network |
| US11449799B1 (en) | 2020-01-30 | 2022-09-20 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11477016B1 (en) | 2019-09-10 | 2022-10-18 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11533175B1 (en) | 2020-01-30 | 2022-12-20 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography on a smartcard |
| CN115549941A (en)* | 2022-07-12 | 2022-12-30 | 成都量安区块链科技有限公司 | A quantum security encryption application system, method and access device |
| US11626983B1 (en) | 2019-09-10 | 2023-04-11 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| CN110176991B (en)* | 2019-05-15 | 2023-09-05 | 如般量子科技有限公司 | Anti-quantum computing application system near field energy-saving communication method and system based on signcryption, and computer equipment |
| US11838410B1 (en) | 2020-01-30 | 2023-12-05 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| WO2024148905A1 (en)* | 2023-01-09 | 2024-07-18 | 量子科技长三角产业创新中心 | Data quantum computing management and control method and apparatus, device, and computer medium |
| CN118364496A (en)* | 2024-06-19 | 2024-07-19 | 山东云海国创云计算装备产业创新中心有限公司 | Encrypted file writing method and system, storage medium and electronic device |
| CN118659881A (en)* | 2024-08-15 | 2024-09-17 | 中电信量子信息科技集团有限公司 | A quantum-resistant security enhancement method for secure shell protocol |
| CN118764315A (en)* | 2024-09-03 | 2024-10-11 | 北京格尔国信科技有限公司 | SSH login authentication method, communication system and storage medium based on national secret algorithm |
| CN119089460A (en)* | 2024-08-06 | 2024-12-06 | 未来基因(北京)人工智能研究院有限公司 | Data transmission protection method and computer device |
| US12200116B1 (en) | 2022-11-18 | 2025-01-14 | Wells Fargo Bank, N.A. | Systems and methods for measuring one or more metrics of a cryptographic algorithm in a post-quantum cryptography system |
| US12267421B2 (en) | 2021-10-18 | 2025-04-01 | International Business Machines Corporation | Post quantum secure ingress/egress network communication |
| CN119766428A (en)* | 2024-12-18 | 2025-04-04 | 北京海泰方圆科技股份有限公司 | Quantum attack resistant key generation and decryption method, device, system and equipment |
| CN119766433A (en)* | 2024-12-24 | 2025-04-04 | 本源量子计算科技(合肥)股份有限公司 | Encryption communication method, device and system supporting post quantum algorithm |
| CN120128339A (en)* | 2025-05-09 | 2025-06-10 | 三未信安科技股份有限公司 | A SSH communication method, device and medium based on quantum key |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101741842A (en)* | 2009-12-07 | 2010-06-16 | 北京交通大学 | A Method of Realizing Trusted SSH Based on Trusted Computing |
| CN101789939A (en)* | 2010-01-25 | 2010-07-28 | 北京交通大学 | Effective realization method for credible OpenSSH |
| US20170048213A1 (en)* | 2015-03-27 | 2017-02-16 | International Business Machines Corporation | Runtime instantiation of broadcast encryption schemes |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101741842A (en)* | 2009-12-07 | 2010-06-16 | 北京交通大学 | A Method of Realizing Trusted SSH Based on Trusted Computing |
| CN101789939A (en)* | 2010-01-25 | 2010-07-28 | 北京交通大学 | Effective realization method for credible OpenSSH |
| US20170048213A1 (en)* | 2015-03-27 | 2017-02-16 | International Business Machines Corporation | Runtime instantiation of broadcast encryption schemes |
| Title |
|---|
| 刘伟: "基于抗量子密钥交换协议的SSH协议的研究与实现", 《中国优秀硕士学位论文全文数据库,信息科技辑》* |
| 张亚奇: "可信SSH协议的设计与实现", 《中国优秀硕士学位论文全文数据库,信息科技辑》* |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108964890B (en)* | 2018-06-15 | 2021-06-04 | 南京南瑞国盾量子技术有限公司 | An Authenticated Multi-Party Quantum Key Distribution Method Based on Tree Hierarchy |
| CN108964890A (en)* | 2018-06-15 | 2018-12-07 | 南京南瑞国盾量子技术有限公司 | Based on tree-shaped identifiable multi-party quantum key distribution method layered |
| CN109101811A (en)* | 2018-08-10 | 2018-12-28 | 成都安恒信息技术有限公司 | A kind of O&M and auditing method of the controllable Oracle session based on the tunnel SSH |
| CN109101811B (en)* | 2018-08-10 | 2021-10-15 | 成都安恒信息技术有限公司 | Operation, maintenance and audit method of controllable Oracle session based on SSH tunnel |
| CN109617686A (en)* | 2019-01-10 | 2019-04-12 | 江苏理工学院 | An Improved Lattice-Based Key Exchange Protocol Algorithm |
| CN109756500A (en)* | 2019-01-11 | 2019-05-14 | 如般量子科技有限公司 | Anti- quantum calculation https traffic method and system based on multiple unsymmetrical key ponds |
| CN110176991B (en)* | 2019-05-15 | 2023-09-05 | 如般量子科技有限公司 | Anti-quantum computing application system near field energy-saving communication method and system based on signcryption, and computer equipment |
| US11736281B1 (en) | 2019-09-10 | 2023-08-22 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11750378B1 (en) | 2019-09-10 | 2023-09-05 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11477016B1 (en) | 2019-09-10 | 2022-10-18 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11626983B1 (en) | 2019-09-10 | 2023-04-11 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11240014B1 (en) | 2019-09-10 | 2022-02-01 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11343270B1 (en) | 2019-09-10 | 2022-05-24 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11902431B1 (en) | 2019-09-10 | 2024-02-13 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| CN110808829A (en)* | 2019-09-27 | 2020-02-18 | 国电南瑞科技股份有限公司 | An SSH Authentication Method Based on Key Distribution Center |
| CN113141327A (en)* | 2020-01-02 | 2021-07-20 | 中国移动通信有限公司研究院 | Information processing method, device and equipment |
| CN111464289B (en)* | 2020-01-13 | 2021-07-27 | 华中科技大学 | A method, device and system for realizing a post-quantum key exchange protocol |
| CN111464289A (en)* | 2020-01-13 | 2020-07-28 | 华中科技大学 | Implementation method and application of post-quantum key exchange protocol |
| US11316682B2 (en) | 2020-01-13 | 2022-04-26 | Huazhong University Of Science And Technology | Method for implementation of post-quantum key exchange protocol and application thereof |
| US12074967B2 (en) | 2020-01-30 | 2024-08-27 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11838410B1 (en) | 2020-01-30 | 2023-12-05 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11322050B1 (en) | 2020-01-30 | 2022-05-03 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US12073300B2 (en) | 2020-01-30 | 2024-08-27 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11727310B1 (en) | 2020-01-30 | 2023-08-15 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US11449799B1 (en) | 2020-01-30 | 2022-09-20 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| US12219058B1 (en) | 2020-01-30 | 2025-02-04 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography on a smartcard |
| US11533175B1 (en) | 2020-01-30 | 2022-12-20 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography on a smartcard |
| US11727829B1 (en) | 2020-01-30 | 2023-08-15 | Wells Fargo Bank, N.A. | Systems and methods for post-quantum cryptography optimization |
| CN111800467A (en)* | 2020-06-04 | 2020-10-20 | 河南信大网御科技有限公司 | Remote synchronous communication method, data interaction method, equipment and readable storage medium |
| CN111800467B (en)* | 2020-06-04 | 2023-02-14 | 河南信大网御科技有限公司 | Remote synchronous communication method, data interaction method, equipment and readable storage medium |
| CN111970270A (en)* | 2020-08-14 | 2020-11-20 | 山东省计算中心(国家超级计算济南中心) | SIP security authentication method and system based on-loop error learning problem |
| CN111970270B (en)* | 2020-08-14 | 2022-08-02 | 山东省计算中心(国家超级计算济南中心) | SIP security authentication method and system based on-loop error learning problem |
| US11258617B1 (en)* | 2020-12-04 | 2022-02-22 | Salesforce.Com, Inc. | Device identity using key agreement |
| CN114765531B (en)* | 2020-12-30 | 2024-08-09 | 科大国盾量子技术股份有限公司 | Authentication method, quantum key calling method, device and quantum password network |
| CN114765531A (en)* | 2020-12-30 | 2022-07-19 | 科大国盾量子技术股份有限公司 | Authentication method, quantum key calling method, device and quantum cryptography network |
| CN113094721B (en)* | 2021-03-16 | 2022-06-24 | 中国科学院信息工程研究所 | A Post-Quantum Password Authentication Key Exchange Method Based on Modulo Error Learning |
| CN113094721A (en)* | 2021-03-16 | 2021-07-09 | 中国科学院信息工程研究所 | Post-quantum password authentication key exchange method based on modular error learning |
| US12267421B2 (en) | 2021-10-18 | 2025-04-01 | International Business Machines Corporation | Post quantum secure ingress/egress network communication |
| CN114143031B (en)* | 2021-11-01 | 2023-07-07 | 北京银盾泰安网络科技有限公司 | Remote encryption platform based on Web and SSH |
| CN114143031A (en)* | 2021-11-01 | 2022-03-04 | 北京银盾泰安网络科技有限公司 | Remote encryption platform based on Web and SSH and encryption method thereof |
| CN114124496B (en)* | 2021-11-12 | 2023-11-24 | 福建汇思博数字科技有限公司 | SSH remote login method based on server issued key and server |
| CN114124496A (en)* | 2021-11-12 | 2022-03-01 | 福州汇思博信息技术有限公司 | SSH remote login method based on server issued key and server |
| CN114095229A (en)* | 2021-11-15 | 2022-02-25 | 中国电力科学研究院有限公司 | Method, device and system for constructing data transmission protocol of energy Internet |
| CN114024676B (en)* | 2022-01-05 | 2022-03-22 | 华中科技大学 | Identity-based post-quantum encryption and decryption method, system, device and medium |
| CN114024676A (en)* | 2022-01-05 | 2022-02-08 | 华中科技大学 | Post-quantum encryption and decryption method, system, equipment and medium based on identity identification |
| CN114629646A (en)* | 2022-05-06 | 2022-06-14 | 确信信息股份有限公司 | Safe transmission method and system based on mixed quantum key encapsulation and negotiation |
| CN115549941A (en)* | 2022-07-12 | 2022-12-30 | 成都量安区块链科技有限公司 | A quantum security encryption application system, method and access device |
| US12200116B1 (en) | 2022-11-18 | 2025-01-14 | Wells Fargo Bank, N.A. | Systems and methods for measuring one or more metrics of a cryptographic algorithm in a post-quantum cryptography system |
| WO2024148905A1 (en)* | 2023-01-09 | 2024-07-18 | 量子科技长三角产业创新中心 | Data quantum computing management and control method and apparatus, device, and computer medium |
| CN118364496A (en)* | 2024-06-19 | 2024-07-19 | 山东云海国创云计算装备产业创新中心有限公司 | Encrypted file writing method and system, storage medium and electronic device |
| CN119089460A (en)* | 2024-08-06 | 2024-12-06 | 未来基因(北京)人工智能研究院有限公司 | Data transmission protection method and computer device |
| CN118659881B (en)* | 2024-08-15 | 2024-12-20 | 中电信量子信息科技集团有限公司 | Quantum-resistant security enhancement method for secure shell protocol |
| CN118659881A (en)* | 2024-08-15 | 2024-09-17 | 中电信量子信息科技集团有限公司 | A quantum-resistant security enhancement method for secure shell protocol |
| CN118764315A (en)* | 2024-09-03 | 2024-10-11 | 北京格尔国信科技有限公司 | SSH login authentication method, communication system and storage medium based on national secret algorithm |
| CN118764315B (en)* | 2024-09-03 | 2024-12-31 | 北京格尔国信科技有限公司 | SSH login authentication method based on cryptographic algorithm, communication system and storage medium |
| CN119766428A (en)* | 2024-12-18 | 2025-04-04 | 北京海泰方圆科技股份有限公司 | Quantum attack resistant key generation and decryption method, device, system and equipment |
| CN119766433A (en)* | 2024-12-24 | 2025-04-04 | 本源量子计算科技(合肥)股份有限公司 | Encryption communication method, device and system supporting post quantum algorithm |
| CN120128339A (en)* | 2025-05-09 | 2025-06-10 | 三未信安科技股份有限公司 | A SSH communication method, device and medium based on quantum key |
| Publication number | Publication date |
|---|---|
| CN108111301B (en) | 2021-06-15 |
| Publication | Publication Date | Title |
|---|---|---|
| CN108111301B (en) | Method and system for implementing SSH protocol based on post-quantum key exchange | |
| US7574600B2 (en) | System and method for combining user and platform authentication in negotiated channel security protocols | |
| WO2020087805A1 (en) | Trusted authentication method employing two cryptographic values and chaotic encryption in measurement and control network | |
| US8281127B2 (en) | Method for digital identity authentication | |
| CN101741842B (en) | Method for realizing dependable SSH based on dependable computing | |
| CN107360571B (en) | Methods for Anonymous Mutual Authentication and Key Agreement Protocol in Mobile Networks | |
| CN101978650B (en) | Secure network authentication system and method | |
| US8417949B2 (en) | Total exchange session security | |
| CN110020524B (en) | A Two-way Authentication Method Based on Smart Card | |
| CN106341232A (en) | Anonymous entity identification method based on password | |
| CN116633530A (en) | Quantum key transmission method, device and system | |
| CN112733129B (en) | Trusted access method for server out-of-band management | |
| WO2023151427A1 (en) | Quantum key transmission method, device and system | |
| CN111049647A (en) | Asymmetric group key negotiation method based on attribute threshold | |
| CN114386020B (en) | Quantum-safe fast secondary identity authentication method and system | |
| CN114760026A (en) | Identity authentication method and device | |
| CN117278330A (en) | Lightweight networking and secure communication method for electric power Internet of things equipment network | |
| CN101789939B (en) | Effective realization method for credible OpenSSH | |
| CN106230840B (en) | A kind of command identifying method of high security | |
| CN110866754A (en) | A pure software DPVA identity authentication method based on dynamic password | |
| CN101834852B (en) | An implementation method of trusted OpenSSH for protecting platform information | |
| CN101888383B (en) | Method for implementing extensible trusted SSH | |
| CN119051878A (en) | Method and system for data encryption transmission | |
| KR20080005344A (en) | System where authentication server authenticates user terminal | |
| CN110784305A (en) | Single sign-on authentication method based on careless pseudorandom function and signcryption |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |