The widespread adoption of network security protocols has led to an increasing demand for the inspection of encrypted traffic. Most existing solutions that provide authorized inspectors with visibility of encrypted traffic are designed for the Transport Layer Security (TLS) protocol, and the best-known is the solution involving key escrow with the inspector. The Secure Shell (SSH) protocol has a similar architecture to TLS and is frequently used to secure access to remote systems, but SSH traffic inspection is less well-explored. In fact, the existing approach to TLS inspection can also be adapted to SSH. However, IA2-TLS, the state-of-the-art solution for TLS, is vulnerable to security risks because the inspection key is used in a symmetric way. Inspired by these observations, we propose a new variant of SSH called Inspectable SSH (iSSH). iSSH retains the core idea of IA2-TLS, but overcomes its limitations by using an asymmetric inspection key pair. Moreover, iSSH is compatible with standard SSH and provides flexible deployment options. Finally, we expanded upon the standard SSH security model and rigorously proved the security of key exchange in iSSH.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

iSSH: Enabling In-Flight SSH Traffic Inspection Without Key Escrow

  • Xincheng Tang,
  • Jiahao Liu,
  • Jinrong Chen,
  • Yi Wang,
  • Rongmao Chen

摘要

The widespread adoption of network security protocols has led to an increasing demand for the inspection of encrypted traffic. Most existing solutions that provide authorized inspectors with visibility of encrypted traffic are designed for the Transport Layer Security (TLS) protocol, and the best-known is the solution involving key escrow with the inspector. The Secure Shell (SSH) protocol has a similar architecture to TLS and is frequently used to secure access to remote systems, but SSH traffic inspection is less well-explored. In fact, the existing approach to TLS inspection can also be adapted to SSH. However, IA2-TLS, the state-of-the-art solution for TLS, is vulnerable to security risks because the inspection key is used in a symmetric way. Inspired by these observations, we propose a new variant of SSH called Inspectable SSH (iSSH). iSSH retains the core idea of IA2-TLS, but overcomes its limitations by using an asymmetric inspection key pair. Moreover, iSSH is compatible with standard SSH and provides flexible deployment options. Finally, we expanded upon the standard SSH security model and rigorously proved the security of key exchange in iSSH.