OpenSSH using Lattice-Based Cryptography

Post Quantum Network Encryption

Table Of Content:

  • Overview
  • What is OpenSSH?
  • What is NTRU Prime?
  • How to install OpenSSH 9.0?
  • Setup SSH
  • Using NTRU Prime in OpenSSH

Overview

This blog is not a tutorial but a documentation of my progress and research. In this blog am going to talk about OpenSSH, NTRU Prime and the installation process. I am also going to link all the required packages and documents.

What is OpenSSH?

OpenSSH(OpenBSD Secure Shell) is a widely used suite of network connectivity tools that provide encrypted communication over unsecured network in a client-server architecture. It is based on SSH(Secure Shell) protocol. SSH is a proprietary tool but OpenSSH is the open-source version.

Some of the tools/features available are:
  • SSH(Secure Shell)
    • The CMD tool used to establish SSH sessions and execute commands remotely.
  • SSHD(Secure Shell Daemons)
    • It runs on the remote machines and listen to the incoming SSH connections.
  • SCP(Secure Copy)
    • It is a CMD tool used to securely copying files between a local and remote machine.
  • SFTP(Secure File Transfer Protocol)
    • It is a subsystem of SSH that provides a more secure alternative to traditional FTP.
OpenSSH is a tool used in UNIX-like systems to ensure confidentiality and integrity of data that are being transmitted over the network. It is an essential tool for System Administrator, developers and anyone who needs security access and managing a remote system.


What is NTRU Prime?

NTRU Prime is a Lattice-based cryptography which is the third round candidate for the NIST's Post-Quantum Cryptography Standardization project. It is designed to provide secure encryptions and key exchange that are quantum resistant. It should remain secure even in the presence of a quantum computer. 
The NTRU Prime algorithm make use of the shortest vector problem is a lattice. The lattice relies on difficulty of solving certain mathematical problems like polynomial rings within the lattice structure. The polynomial rings forms the basics of encryption, key generation and other cryptographic processes.
The hardness of the problem in the lattice is believed to resist attacks from both classical and quantum computers.


How to install OpenSSH 9.0 and above?

OpenSSH is available for free and is usually installed by default in UNIX-like systems. But if you want to compile your own version these are the steps I followed. All of the steps are available on the  OpenSSH website.

Before installation, I had OpenSSH 8.9p1. After installation, I installed OpenSSH 9.0p1.


Here the only version that was available using the CMD was v8.9. So, I had to manually compile V9.0p1.
This screenshot was after installation of V 9.0p1

Step 1:

Download the correct version of the source file. The OpenBSD version and the Portable version are two different source file. The OpenBSD version will not install on Linux Distro. But the installation of both is the same. Portable version is for Linux distro.


Step 2:

Open the terminal and move the installed director. Extract the source file from the compressed tar.gz file. using:
tar -xf <packageName>.tar.gz


Step 3:

change your current directory to the source file by:
cd ssh

Then Run the commands one by one:

./configure
make all
make install

  • The ./configure command is responsible for getting ready to build the software on your specific system. It checks if all the dependencies are available.
  • make all command will compiles the source code into an executable.
  • make install command will copy the built program and its libraries and the documentations in the correct locations.

To check if OpenSSH has correctly install, run:

ssh -V


Setup OpenSSH


To start the ssh server, I ran the command on the server/remote machine:
sudo service ssh start

To end the ssh:
sudo service ssh stop

to get the status of the ssh:
sudo service ssh status


Once started, run this command on the client machine:
ssh <username of machine>@<ip address of client machine>

The username is the same as the profile of the windows login.

After that it will prompt for a password. Enter the password for the login profile of windows.

example:
Username: Atish
Password/pin: 1234

ssh Atish@<ip>
password: 1234

The IP can be get from using the command:
ip a


Using NTRU Prime in OpenSSH

For OpenSSH 9.0 or above, NTRU Prime is the default key exchange. Once connected, NTRU Prime will automatically be used.


OpenSSH using NTRU Prime



KEX algorithms: sntrup761x25519-sha512@openssh.com

This is the KEX algorithm for NTRU Prime.


Conclusion

All the details and use of OpenSSH and NTRU Prime can be found at:



Written by Atish Joottun
Contact: atishjoottun@gmail.com

Comments

Post a Comment

Popular Posts