iSSH: Enabling In-Flight SSH Traffic Inspection Without Key Escrow
摘要
The widespread adoption of network security protocols has led to an increasing demand for the inspection of encrypted traffic. Most existing solutions that provide authorized inspectors with visibility of encrypted traffic are designed for the Transport Layer Security (TLS) protocol, and the best-known is the solution involving key escrow with the inspector. The Secure Shell (SSH) protocol has a similar architecture to TLS and is frequently used to secure access to remote systems, but SSH traffic inspection is less well-explored. In fact, the existing approach to TLS inspection can also be adapted to SSH. However, IA2-TLS, the state-of-the-art solution for TLS, is vulnerable to security risks because the inspection key is used in a symmetric way. Inspired by these observations, we propose a new variant of SSH called Inspectable SSH (iSSH). iSSH retains the core idea of IA2-TLS, but overcomes its limitations by using an asymmetric inspection key pair. Moreover, iSSH is compatible with standard SSH and provides flexible deployment options. Finally, we expanded upon the standard SSH security model and rigorously proved the security of key exchange in iSSH.