1 / 1

HardSSH

End Product Data Flow. Solution. Problem. 202. 205. 239. 229. Cryptographic Hardware Key. HardSSH. Abstract. Proposed Approach & Considerations. Technologies Considered. Proposed Approach.

phillip-odonnell
Download Presentation

HardSSH

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. End Product Data Flow Solution Problem 202 205 239 229 Cryptographic Hardware Key HardSSH Abstract Proposed Approach & Considerations Technologies Considered Proposed Approach The Secure Shell (SSH) protocol allows for secure logins on remote computers without disclosing passwords or keys to intermediate devices on the network. However, when using an untrusted public computer which may have various malicious programs running, it is still possible for authentication credentials to be disclosed. This project focuses on building a device which will perform all the encryption and authentication operations necessary for SSH connections. Host software is being developed which will run on the untrusted computer and use the device to make an SSH connection to a remote server. Since all authentication is done on the device, using keys programmed into the device from a private, trusted computer, a user can establish a secure connection without compromising their authentication credentials in a public computing lab. • Hardware • Custom-built USB device (chosen) • Firmware • Embedded Linux • FreeRTOS or eCos • Custom software stack (chosen) • Host Software • C • Python • Java (chosen) Build a small USB device with an embedded microcontroller which will implement the authentication and encryption layers of the SSH protocol. A host software program will provide data transfer between the device and the remote server and provide a user interface for using the SSH connection (data flow during operation will occur as in the diagram below). When run on a private trusted computer, the host software will allow the firmware, keys, and other sensitive data items on the device to be updated. Testing Considerations • Test each component as it is developed • Perform final integration testing • Have non-team-members test the product for usability Introduction Problem Statement When users log in to a Secure Shell (SSH) server from an untrusted computer (e.g., at a library), they have no way of protecting their authentication information from an attacker who may have tampered with the machine (left figure below). We solve this problem by storing authentication information in the device and passing it through the untrusted host in a way that the host can’t read it (see right figure below). Estimated Resources & Schedule Personnel Effort Financial Resources Operating Environment Assumptions • Frequently transported (must withstand jostling/dropping) • Access to USB port • Room temperature during operation • User can access a trusted computer • User has USB read/write access on trusted & untrusted computers Limitations Intended Users • Device enclosure no larger than 2”x3.5”x.5” • Powered by USB only • SSH users who use public computing resources (students, hobbyists, employees) • Some technical knowledge Other resources Deliverables/End Product • Freely available software packages (GCC compiler suite, Eclipse IDE, Java) • IAR Embedded Workbench compiler (came with prototype board) • JTAG debugging stub (provided by senior design) • Prototype board paid for by the Information Assurance Center • Working prototype and firmware • Host software for using and managing the device • User’s manual Intended Uses • Protect authentication credentials from compromise • Does not provide extra security after login Project Schedule Project Requirements Design Objective Design Constraints To develop an implementation of SSH on an external USB device, with necessary accompanying software, to allow secure access to SSH servers from untrusted public computers. • The device must be powered solely by USB • The device must be small, about 2" x 3.5" x 0.5“ • All software and firmware must be buildable with free toolchains Functional Requirements Milestones • The device shall connect to and be fully powered by USB • User can define servers, load SSH private key, and perform other trusted functions • The project shall allow the user to connect to a remote SSH server without disclosing authentication credentials to the local computer • The device shall have updatable firmware • Problem defined • Technology considered & selected • Product designed • Prototype implemented • Product tested • Product documentation completed • Product demonstration completed Closing Summary The HardSSH device provides a more secure mechanism for using SSH software on untrusted systems. The project's solution includes the device hardware itself, the firmware implementing the SSH encryption and authentication, and the host software to use the device. With this solution, the user can login with SSH on an untrusted computer without compromising authentication information. Team May07-20: Clients: Michael Ekstrand Steven Schulteis Michael Ekstrand (Cpr E) Taylor Schreck (Cpr E) Steven Schulteis (Cpr E) Joseph Sloan (EE, Cpr E, Com S) Faculty Adviser: Doug Jacobson

More Related