11.1.5 Cryptographic techniques used by SSH
SSH uses the following cryptographic techniques to provide secure communication:
-
Symmetric-key cipher
-
Message Authentication Code
-
Authenticated cipher
-
Public-key algorithm
-
Key exchange
- <Structure of this section>
(1) Symmetric-key cipher
The same key (called a symmetric key) is used by the sender and receiver. Symmetric ciphers are techniques in which the sender and recipient share a symmetric key, the sender encrypts the symmetric key, and the receiver decrypts the symmetric key. The following figure shows an example of encrypted communication using symmetric ciphers.
|
|
![[Figure Data]](./GRAPHICS/Z6108630.GIF)
(2) Message Authentication Code
The Message Authentication Code is a technique that uses a symmetric key to verify that the communication data sent by the sender has not been tampered with. The fixed length data used to confirm that the data has not been tampered with is also called the message authentication code.
The sender combines the communication data and the symmetric key to create a message authentication code and transmits it simultaneously with the communication data. The recipient also combines the communication data and the symmetric key to create a message authentication code and compares it with the received message authentication code. If the comparison results are the same, it can be confirmed that the communication data has not been tampered with. The following figure shows an example of tampering confirmation using a message authentication code.
|
|
![[Figure Data]](./GRAPHICS/Z6108710.GIF)
(3) Authenticated cipher
Encryption with authentication is a combination of symmetric ciphers and message authentication codes. Symmetric keys are used to provide encryption and message authentication at the same time.
(4) Public-key algorithm
A public key algorithm is an algorithm that uses a pair of public and private keys, which are two kinds of keys. A pair of public and private keys is called a key pair.
(a) Public-key cryptography
Public-key cryptography is an encryption technique that encrypts with a public key and decrypts with a private key. The recipient creates a key pair and sends only the public key to the sender. The sender sends the data encrypted with the recipient's public key. In this way, encrypted communication is achieved in which only the recipient holding the private key can decrypt it. The following figure shows an example of encrypted communications using public key cryptography.
|
|
![[Figure Data]](./GRAPHICS/Z6108650.GIF)
(b) Digital signature
Digital signature is a technique for verifying that the communication data has not been tampered with or that the sender is correct. The sender publishes the public key to the receiver in advance and creates a signature from the communication data and the private key. The recipient verifies that the signature is correct from the communication data and the signature and public key. If the signature is correct, you can verify that the communication data has not been tampered with (authentication of the communication data) and that the sender is the holder of the private key (authentication of the sender). The following figure shows an example of a digital signature.
|
|
![[Figure Data]](./GRAPHICS/Z6108660.GIF)
(5) Key exchange
Key exchange is a method for creating a symmetric key based on information exchanged by both ends of the communication. The server and client each generate a key pair and send the public keys to each other. When the private key of the Switch and the public key of the partner switch are synthesized, the same symmetric key is generated between the server and the client. Even if a malicious third party eavesdrops and obtains the public key of the server and client, it is not possible to create a symmetric key by using only the public key. This allows you to safely share a symmetric key between the server and the client. The following figure shows an example of key exchange.
|
|
![[Figure Data]](./GRAPHICS/Z6108720.GIF)