Security in peer-to-peer multimedia communications

SSH is a client/server application protocol that can be used like telnet to log into a remote machine running the ssh server process. It is a very secure protocol unlike telnet because it uses algorithms to encrypt the data stream, ensure data stream integrity and even perform authentication in a safe way. The authentication takes place usually in two forms: the standard password based one and the public key one.
• The default standard password authentication: when a user logs in to a certain machine, the user is required to prompt its username and password for its account on that machine. This exchange takes place through an encrypted channel.
• Public key authentication. The user generates a key pair, the public key is copied in the server, the private key is held by the user and protected through a passphrase. The client prove the server to have the private key decrypting some data previously encrypted by the server with the user public key and sending back the plain data to the server. In this way the user is not requested every time to give its own password at each connection. In a similar but reciprocal way also the server can be authenticated by the client before sending the user credentials.
The required symmetric cipher is 3des-CBC, the requiredMAC algorithms hmacsha, the required key exchange are DH group1 (using Oakley group 2) and DH group14 (using Oakley group 14), whereas required public key algorithm is only sshdss. Each side has a preferred algorithm in each category, and it is assumed that most implementations, at any given time, will use the same preferred algorithm. Each side may guess which algorithm the other side is using, and may send an initial key exchange packet according to the algorithm, if appropriate for the preferred method. After this the true key exchange begins by each side sending a packet with a list of key exchange algorithms, server host keys algorithms, encryption algorithms client to server and viceversa, MAC algorithms client to server and viceversa, compression algorithms client to server and viceversa, etc. The first algorithm in each list must be the preferred one. If both sides make the same guess, that algorithm havs to be used, otherwise the chosen algorithm is the first one satisfying the following conditions:
• the server also supports the algorithm;
• there is an encryption capable algorithm on the server host key algorithms also supported by the client if needed;
• there is a signature capable algorithm on the server host key algorithms also supported by the client if needed.
Otherwise the connection fails.
The server lists the algorithms for which it has host keys, the client lists the algorithms that it is willing to accept. There may be multiple host keys for a host, possibly with different algorithms. The chosen to each direction encryption algorithm, MAC algorithm and compression algorithm MUST be the first algorithm on the client’s name-list that is also on the server’s name-list. If there is no such algorithm, both sides MUST disconnect. After receiving the SSH_MSG_KEXINIT packet from the other side, each party will know whether their guess was right. If the other party’s guess was wrong, and the first_kex_packet_follows is true, the next packet is silently ignored, and both sides act then as determined by the negotiated key exchange method. If the guess was right, key exchange continues using the guessed packet. After this exchange is performed, the key exchange algorithm is run. It may involve several packet exchanges, as specified by the key exchange method.The only following messages could be transport layer generic messages,algorithm negotiation messages,specific key exchange messages.The key exchange produces a shared secret K and an exchange hash H from which encryption and authentication keys will be derived.Each key exchange method specifies a hash function used in the key exchange and that is used in key derivation for encryption key client to server and viceversa,integrity key from client to server and viceversa. The key exchange ends by each side sending an SSH_MSG_NEWKEYS message. All messages sent after this message must use the new keys and algorithms.