Top

Published in:

2018 | OriginalPaper | Chapter

Distributed SSH Key Management with Proactive RSA Threshold Signatures

Authors : Yotam Harchol, Ittai Abraham, Benny Pinkas

Published in: Applied Cryptography and Network Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

SSH is a security network protocol that uses public key cryptography for client authentication. SSH connections are designed to be run between a client and a server and therefore in enterprise networks there is no centralized monitoring of all SSH connections. An attractive method for enforcing such centralized control, audit or even revocation is to require all clients to access a centralized service in order to obtain their SSH keys. The benefits of centralized control come with new challenges in security and availability.

In this paper we present ESKM - a distributed enterprise SSH key manager. ESKM is a secure and fault-tolerant logically-centralized SSH key manager. ESKM leverages k-out-of-n threshold security to provide a high level of security. SSH private keys are never stored at any single node, not even when they are used for signing. On a technical level, the system uses k-out-of-n threshold RSA signatures, which are enforced with new methods that refresh the shares in order to achieve proactive security and prevent many side-channel attacks. In addition, we support password-based user authentication with security against offline dictionary attacks, that is achieved using threshold oblivious pseudo-random evaluation.

ESKM does not require modification in the server side or of the SSH protocol. We implemented the ESKM system, and a patch for OpenSSL libcrypto for client side services. We show that the system is scalable and that the overhead in the client connection setup time is marginal.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter A Cryptographic Analysis of the WireGuard Protocol

next chapter Non-interactive Zaps of Knowledge

Security cannot be proved under the sole assumption that the hash function is collision-resistant, since the input to the function contains the exchanged key. In [28] the security of SSH is analyzed under the assumption that the hash function is a random oracle. In [7] it was analyzed under the assumption that the function essentially implements a PRF.

The only way to prevent key generation by a single entity is by running a secure multi-party protocol for RSA key generation. However, such protocols, e.g., [17], are too slow to be practical, especially when run between more than two servers, and therefore we did not implement them.

Hashicorp Vault. https://github.com/hashicorp/vault

Heartbleed bug. http://heartbleed.com

Netflix Bless. https://github.com/Netflix/bless

Ponemon report. https://www.venafi.com/assets/pdf/Ponemon_2014_SSH_Security_Vulnerability_Report.pdf

SSH report. https://www.ssh.com/iam/ssh-key-management/

Venafi report. https://www.venafi.com/blog/deciphering-how-edward-snowden-breached-the-nsa

Bergsma, F., Dowling, B., Kohlar, F., Schwenk, J., Stebila, D.: Multi-ciphersuite security of the secure shell (SSH) protocol. In: Proceedings of the 2014 ACM Conference on Computer and Communications Security, pp. 369–381 (2014)

Boyd, C.: Digital multisignatures. In: Cryptography and Coding (1986)

Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_7CrossRef

10.

Desmedt, Y., Frankel, Y.: Threshold cryptosystems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 307–315. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_28CrossRef

11.

Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: FOCS 1987, pp. 427–438 (1987)

12.

Frankel, Y.: A practical protocol for large group oriented networks. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 56–61. Springer, Heidelberg (1990). https://doi.org/10.1007/3-540-46885-4_8CrossRef

13.

Frankel, Y., Gemmell, P., MacKenzie, P.D., Yung, M.: Optimal resilience proactive public-key cryptosystems. In: FOCS 1997, pp. 384–393 (1997)

14.

Gennaro, R., Halevi, S., Krawczyk, H., Rabin, T.: Threshold RSA for dynamic and Ad-Hoc groups. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 88–107. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_6CrossRef

15.

Gennaro, R., Rabin, T., Jarecki, S., Krawczyk, H.: Robust and efficient sharing of RSA functions. J. Cryptol. 20(3), 393 (2007)CrossRef

16.

Harchol, Y., Abraham, I., Pinkas, B.: Distributed SSH key management with proactive RSA threshold signature. Cryptology ePrint Archive (2018)

17.

Hazay, C., Mikkelsen, G.L., Rabin, T., Toft, T.: Efficient RSA key generation and threshold paillier in the two-party setting. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 313–331. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27954-6_20CrossRefMATH

18.

Herzberg, A., Jarecki, S., Krawczyk, H., Yung, M.: Proactive secret sharing or: how to cope with perpetual leakage. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 339–352. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-44750-4_27CrossRef

19.

Jarecki, S., Kiayias, A., Krawczyk, H., Xu, J.: TOPPSS: cost-minimal password-protected secret sharing based on threshold OPRF. Cryptology ePrint Archive, Report 2017/363 (2017). http://eprint.iacr.org/2017/363CrossRef

20.

Jarecki, S., Saxena, N.: Further simplifications in proactive RSA signatures. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 510–528. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_28CrossRef

21.

Jarecki, S., Saxena, N., Yi, J.H.: An attack on the proactive RSA signature scheme in the URSA ad hoc network access control protocol. In: Proceedings of the 2nd ACM Workshop on Security of ad hoc and Sensor Networks, SASN, pp. 1–9 (2004)

22.

Kong, J., Zerfos, P., Luo, H., Lu, S., Zhang, L.: Providing robust and ubiquitous security support for MANET. In: ICNP (2001)

23.

Liu, F., Yarom, Y., Ge, Q., Heiser, G., Lee, R.B.: Last-level cache side-channel attacks are practical. In: 2015 IEEE Symposium on Security and Privacy, SP 2015, pp. 605–622. IEEE Computer Society (2015)

24.

Ostrovsky, R., Yung, M.: How to withstand mobile virus attacks (extended abstract). In: PODC 1991, pp. 51–59. ACM, New York (1991)

25.

Rabin, T.: A simplified approach to threshold and proactive RSA. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 89–104. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055722CrossRef

26.

Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRef

27.

Shoup, V.: Practical threshold signatures. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 207–220. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_15CrossRef

28.

Williams, S.C.: Analysis of the SSH key exchange protocol. In: Chen, L. (ed.) IMACC 2011. LNCS, vol. 7089, pp. 356–374. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25516-8_22CrossRef

29.

Wu, T.D., Malkin, M., Boneh, D.: Building intrusion-tolerant applications. In: USENIX Security (1999)

30.

Yarom, Y., Falkner, K.: FLUSH+RELOAD: a high resolution, low noise, L3 cache side-channel attack. In: 23rd USENIX Conference on Security Symposium, SEC 2014, pp. 719–732. USENIX Association, Berkeley (2014)

31.

Ylonen, T., Lonvick, C.: The Secure Shell (SSH) Authentication Protocol. Internet Requests for Comments, RFC 4252 (2004)

32.

Ylonen, T., Lonvick, C.: The Secure Shell (SSH) Transport Layer Protocol. Internet Requests for Comments, RFC 4253 (2004)

33.

Ylonen, T.: Bothanspy & Gyrfalcon - analysis of CIA hacking tools for SSH, August 2017. https://www.ssh.com/ssh/cia-bothanspy-gyrfalcon

34.

Zhou, L., Schneider, F.B., Van Renesse, R.: COCA: a secure distributed online certification authority. ACM Trans. Comput. Syst. 20(4), 329–368 (2002)CrossRef

Title: Distributed SSH Key Management with Proactive RSA Threshold Signatures
Authors: Yotam Harchol
Ittai Abraham
Benny Pinkas
Publisher: Springer International Publishing
Book: Applied Cryptography and Network Security
Print ISBN: 978-3-319-93386-3

Electronic ISBN: 978-3-319-93387-0

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-3-319-93387-0_2

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner