An Overview of the SSH Protocol

Richard E. Silverman
Staff at D. E. Shaw & Co., L.P., New York

Friday, 24 February 2006
11:00 a.m. - 12:00 p.m.
Fuller Labs 320

In 1995, Tatu Ylonen created SSH ("secure shell") to protect himself after his network at the Helsinki University of Technology in Finland was subject to a password-guessing attack. Since its beginning as a grad student's spare-time project, SSH has evolved to become perhaps the most widely-used secure remote login tool, with many free and commercial implementations on all major platforms, and an IETF standards-track protocol. In this talk, I will give a technical overview of the SSH protocol: its major components, security properties, and implementation issues. We will discuss some past security issues with SSH and how they have been addressed. Finally, I will also mention elements of the protocol which may be of interest for formal security analysis; this is joint work with Dan Dougherty.

Richard E. Silverman holds a B.A. in computer science and M.A. in mathematics from Wesleyan University; his thesis on higher-order unification was directed by Daniel J. Dougherty. Since then, Richard has worked in the fields of networking, formal methods in software development, public-key infrastructure, routing security, and systems administration. He is currently on the technical staff of D. E. Shaw & Co., L.P. in New York, a firm focused on areas it believes can be fundamentally altered by computing technology, in fields ranging from quantitative finance to molecular biology. Richard is also a co-author of two books published by O'Reilly: SSH, The Secure Shell (The Definitive Guide), and the Linux Security Cookbook.

Host: Daniel Dougherty

Refreshments will be served.