Addis Ababa University Libraries Electronic Thesis and Dissertations: AAU-ETD! >
Institute of Technology >
Thesis - Computer Engineering  >

Please use this identifier to cite or link to this item: http://hdl.handle.net/123456789/1533

Title: Analysis of the Key Exchange method of SSH using Elliptic Curve Cryptography and a Public Key Infrastructure
Authors: Banchi, Hailu
Advisors: Prof. Dr. DP.Roy
Keywords: SSH
Elliptic Curve Cryptography
certificate path validation
certificate revocation status checking, key exchange handshake, authentication, Authenticated Dictionaries and RSA.
Copyright: 2008
Date Added: 21-Oct-2008
Publisher: Addis Ababa University
Abstract: SSH, Secure Shell, is a protocol that allows user to log into another computer, to execute commands in a remote machine, and to move files from one machine to another securely over an insecure network. It provides cryptographic authentication, encryption and data integrity to secure network communications. Negotiation of the security parameters and authentication of the peers require using public key cryptosystems. Public key operations are generally slow. In order to improve the performance of the protocol and make it applicable in both powerful and resource constrained environments Elliptic Curve Cryptography is used. In addition, since SSH uses plain public keys to authenticate a remote server, always the first time authentication is vulnerable to the Man-in-the-Middle attack. Using a public key certificate as a host key will eliminate the above vulnerability. And it requires a PKI, Public Key Infrastructure to support the certificate approach. PKI may potentially impact the performance of the security protocol. And PKI path validation techniques (certificate revocation status checking) need more storage capacity, more communication cost and more processing time. This seems to have a problem to scale with large communicating nodes. In this thesis, SSH’s key exchange handshake is implemented using java and bouncy castle cryptographic api. Performance with RSA (Rivest-Shamir-Adleman) and ECDH_ECDSA (Elliptic Curve Diffie-Hellman Elliptic Curve Digital Signature Algorithm) key exchange suites have been compared for both PKI and non-PKI authentication. Client waiting time (key exchange latency), server key exchange throughput, and revocation status message size have been measured for each key exchange suite. Simulation results show that ECC has better processing time performance and better throughput than RSA. Response time and revocation status message size are minimum when Authenticated Directories are used as a certificate status responder.
Description: A Thesis Submitted to School of Graduate Studies of Addis Ababa University in Partial Fulfillment of the requirement of The Degree of Master of Science In Computer Engineering.
URI: http://hdl.handle.net/123456789/1533
Appears in:Thesis - Computer Engineering

Files in This Item:

File Description SizeFormat
Banchi Hailu.pdf446.09 kBAdobe PDFView/Open

Items in the AAUL Digital Library are protected by copyright, with all rights reserved, unless otherwise indicated.


  Last updated: May 2010. Copyright © Addis Ababa University Libraries - Feedback