Introduction

Telnet is a protocol, and an application with the same name, which allows users to log in on remote computers.

Most Telnet applications which are in use today provide no security to its users. All data is sent in plain-text format. This means that an adversary can obtain passwords and other sensitive material just by monitoring the data link. An active intruder can modify the transferred data, and even insert new data in the data flow. This will not be detected by the traditional, insecure, Telnet protocol [2].

Telnet is normally used in TCP/IP networks, but the protocol definition is independent of the underlying network. By adding security functions to the Telnet protocol, we get a secure communication system which is independent of the security provided by the underlying network.

This thesis proposes solutions to the following problems:

• Authentication of the involved parties -- It must not be possible to impersonate authorized users. Several secure authentication methods exists, but only the Kerberos system seems to be widely accepted and used. No standard for public key cryptography use in Telnet exists today. A new method based on public-key cryptography as implemented in PGP is proposed in this thesis.
• Confidentiality of the transferred information -- The transferred information shall only be readable by authorized users. No standard for encrypting the Telnet data stream exists today. Some work has been done on RFC drafts, but no standard has been adopted.
• Integrity of the system -- The communicating parties must be able to verify that the received data really was sent by the authenticated party at the other end of the connection. No RFC or RFC draft document has been proposed for implementing integrity verification. Oksås [1] propose a solution, but does not consider the intrinsic overhead of transport protocols. This overhead justifies the use a less complex method, as proposed here.

The solutions are based on existing standards and cryptological methods. It is the intention that a complete, working Secure Telnet application can be implemented based on the standards proposed in this thesis.

This thesis considers the protocol specific and cryptological issues only. The user interface and installation issues are only briefly mentioned.

Chapter 2 describes protocol standards, cryptographic algorithms and the PGP program. Chapter 3 contains the main part of the thesis, the goals and design of the proposed authentication, encryption, and integrity options. Chapter 4 discusses the proposed solutions and adds some recommendations on their use. The last chapter sums up the main design choices and what is gained by making them.