Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Design and implementation of TELNET protocol supporting security functionalities

보안 기능을 지원하는 TELNET 프로토콜의 설계 및 구현

  • Seong, Jeong-Ki (Department of Information and Communication Engineering, Hanbat National University) ;
  • Seo, Hye-In (Department of Information and Communication Engineering, Hanbat National University) ;
  • Kim, Eun-Gi (Department of Information and Communication Engineering, Hanbat National University)
  • Received : 2016.01.21
  • Accepted : 2016.03.14
  • Published : 2016.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

TELNET is vulnerable to network attack because it was designed without considering security. SSL/TLS and SSH are used to solve this problem. However it needs additional secure protocol and has no backward compatibility with existing TELNET in this way. In this paper, we have suggested STELNET(Secured Telnet) which supports security functionalities internally so that has a backward compatibility. STELNET supports a backward compatibility with existing TELNET through option negotiation. On STELNET, A client authenticates server by a certificate or digital signature generated by using ECDSA. After server is authenticated, two hosts generate a session key by ECDH algorithm. And then by using the key, they encrypt data with AES and generate HMAC by using SHA-256. After then they transmit encrypted data and generated HMAC. In conclusion, STELNET which has a backward compatibility with existing TELNET defends MITM(Man-In-The-Middle) attack and supports security functionalities ensuring confidentiality and integrity of transmitted data.

TELNET은 보안을 고려하지 않고 설계된 프로토콜이므로 네트워크 공격에 매우 취약하다. 이 문제를 해결하기 위한 방법으로 SSL/TLS와 SSH가 사용된다. 하지만 이 방법들은 추가적인 보안 프로토콜이 필요하고, 또한 기존의 TELNET과의 하위 호환성을 갖지 않는다. 본 논문에서는 내부적으로 보안 기능을 지원하여 기존의 TELNET과의 하위 호환성을 가지는 STELNET(Secured Telnet)을 제안하였다. STELNET은 옵션 협상을 통해 기존 TELNET과의 하위 호환성을 지원한다. STELNET에서 클라이언트는 ECDSA로 생성된 인증서와 전자서명으로 서버를 인증한다. 서버가 인증되면 두 호스트는 ECDH 알고리즘으로 세션 키를 생성하고, 이 세션 키를 사용하여 데이터를 AES로 암호화하며 SHA-256으로 HMAC을 생성한다. 이후 암호화된 데이터와 HMAC을 전송한다. 결과적으로 기존 TELNET과 하위 호환성을 가지는 STELNET은 중간자 공격을 방어하고 전송되는 데이터의 기밀성과 무결성을 보장하는 보안 기능을 지원한다.

Keywords

References

  1. Margaret Rouse. Telnet definition from The Tech Dictionary and IT Encyclopedia WhatIs.com site [Internet]. Available: http://sear chnetworking.techtarget.com/definition/Telnet
  2. Behrouz A. Forouzan, TCP/IP Protocol Suite, 4th ed. New York, NY: McGraw Hill, ch. 20, pp.624, 2010.
  3. IETF Std. RFC 2941, Telnet Authentication Option, IETF, J. Altman. 2000.
  4. IETF Std. RFC 4251, The Secure Shell (SSH) Protocol Archi tecture, IETF, T. Ylonen. 2006.
  5. Seok-Ho Kim, "Comparison and analysis on efficiency of sca lar multiplication for Elliptic Curve Cryptosystem," M.S. dissertation, Korea Maritime and Ocean University, Busan, 2003.
  6. SECG Std. SEC 1, SEC 1: Elliptic Curve Cryptography Version 2.0, SECG, Certicom Research, 2009.
  7. Jae-Won Ahn, Beom-Jin Choi, Sung-Jin Ok, Jung-Ha Kang, Jae-Young Kim, Eun-Gi Kim, "Design and implementation of file transfer protocol supporting security functionalities," Journal of the Korea Academia-Industrial cooperation Society, vol.15, no.5, pp.3086-3092, May. 2014. https://doi.org/10.5762/KAIS.2014.15.5.3086
  8. FIPS Std. FIPS PUB 197, Adveanced Encryption Standard (AES), FIPS, NIST, 2001.
  9. Wikipedia, The Free Encyclopedia. Cryptography hash function from Wikipedia.org site [Internet]. Available: http://en.wikipedia.org/wiki/Cryptographic_hash_function
  10. Seung-peom Park, Jae-won Ahn, Eun-gi Kim, "Design and Implementation of Secure Vehicle Communication Protocols for WAVE Communication Systems," Journal of the Korea Institute of Information and Communication Engineering, vol.19, no.4, pp.841-847, Apr. 2015. https://doi.org/10.6109/jkiice.2015.19.4.841
  11. IETF Std. RFC 2104, HMAC: Keyed-Hashing for Message Authentication, IETF, H. Krawczyk, M. Bellare, R. Canetti, 1997.
  12. Jeong-Ki Seong, Hye-In Seo, Jae-Won Ahn, Seung-Peom Park, Eun-Gi Kim, "A study on the TELNET protocol supporting security functionalities," in Proceeding of the 2015 Fall Conference of the KIPs, Jeju, pp. 1-3, 2015.
  13. IETF Std. RFC 854, Telnet Protocol Specification, IETF, J. Postel, J. Reynolds, 1983.
  14. IETF Std. RFC 855, Telnet Option Specifications, IETF, J. Postel, J. Reynolds, 1983.
  15. NIST Special Publication 800-57, Recommendation for Key Management, NIST, Gaithersburg, MD, 2012.
  16. Wikipedia, the free encyclopedia. Certificate authority from Wikipedia.org site [Internet]. Available: http://en.wikipedia.org/wiki/Certificate_authority
  17. IETF Std. RFC 6234, US Secure Hash Algorithms(SHA and SHA-based HMAC and HKDF), IETF, D. Eastlake 3rd, Huawei, T. Hansen, 2011.
  18. TechiWarehouse. IP spoofing and sniffing from Techiwarehouse.com site [Internet]. Available: http://techiwarehouse.com/engine/423a5281/IP-Spoofing-and-Sniffing