导　　师： 马严

学科专业： 081203

授予学位： 硕士

作　　者： ;

机构地区： 北京邮电大学

摘　　要： 在互联网络飞速发展的今天,网络安全也越来越受到人们的关注。互联网的通信基础是TCP//IP协议,它也是事实上的工业标准。但是,由于在TCP//IP的设计之初,没有考虑到网络安全问题,而考虑更多的是怎样更好的完成信息传递工作,正是由于TCP//IP的设计缺陷导致了很多安全问题。为了在现有网络基础上实现网络的安全,设计了许多基于TCP//IP的安全协议来保护网络通信。其中的一些安全协议已经得到了广泛应用。本文要讨论的SSH就是一种已经得到广泛应用的安全协议。 SSH/(Secure Shell/)是目前比较可靠的为远程登录会话和其他网络服务提供安全性的协议。利用SSH协议可以有效防止远程管理过程中的信息泄露问题。通过SSH,可以把所有传输的数据进行加密,也能够防止多种入侵攻击,如DNS欺骗和IP欺骗。 路由器作为一种应用已经非常广泛的网络基本设备,它的安全性也日益重要。SSH协议可能很好解决路由器设备远程管理中遇到的安全性问题。本论文主要是通过对SSH协议的研究,解决了SSH协议基本功能在路由器操作系统上设计与实现。完成了路由设备的主机认证,服务器认证,数据私密和完整性检测等防护措施,实现了对大部分网络攻击的免疫。作为系统中的一个模块,还设计了专门的窗口机制来适应不同的上层应用。而且在实现了SSH协议版本1的功能上,对SSH协议版本2的进一步设计作了初步的研究工作。 Internet has been developed fast in recent years, and the security of the Internet has been drawing more and more attention. The basis of the Internet communication is the TCP//IP, which is also the industry standard nowadays. However, it mainly focuses on message transmission scheme rather than network security at the beginning of the design of the TCP//IP. In order to make sure the network security on the existing network, there are a lot of security protocol proposed based on TCP//IP to protect the network communication, among which a few have been applied widely. This thesis's topic is to do some research on SSH, which already is a widely used security protocol. SSH /(Secure Shell/) is a reliable protocol to provide security for the telnet session and other network service recently. We can avoid the issue of information leak in the process of remote management efficiently. The data transmitted can be encrypted through SSH, and it can be prevented from various kinds of network attack behaviors, such as Name Service and IP Spoofing. Router is a kind of basic network equipment widely used, and its security becomes more and more important. SSH can solve the security issue in the process of managing the router remotely. The thesis has designed and implemented the basic function of SSH on the router's operation system through the study of the SSH protocol. With the protection from server authentication, user authentication, data privacy and integrity and etc., the routers can immune to most network attack behaviors. As a moudule of the whole system, it also used a window mechanism to adapt to different upper layer application.Based on the function of SSH version 1, some work has been done on SSH version 2.

关 键 词： 网络安全 路由器 操作系统

领　　域： [自动化与计算机技术] [自动化与计算机技术]