BaoCao Nhom20 TimHieuSSL

I HC QUC GIA TP.
HCM
TRNG H KINH T-LUT
----------

mn

T HI GI TH T
H TN NG HNG HNG

: TT H

N H H K084061050
N T G K084061045
T N K084061086

Page 2

S S SS
Internet - V

V
SS .

SS
ba

T

Page 3

1: T SS ............................................................. trang 04
1. SS ................................................................................................ trang 04
2. ................................................................................... trang 05

: ............................................................ trang 06
1. SS ................................................................................... trang 06
2. T .................................................................. trang 10
3. Handshake Protocol ............................................................................... trang 13
4. Record Protocol ..................................................................................... trang 17

: ................................................. trang 23
1. .................................................................................. trang 23
2. ................................................................................. trang 24

4: SS W S-Signed Cert) ...... trang 25

Page 4

hng m hi io h

1/SSL l g?
V W w I
K
W

I TP/IP SS
ton:
Xc thc:
W
M ho:
I

Ton vn d liu:

V SS W
SS w Web server, cho
W K W w
SS w
UR HTTPS
44 8 HTTP
SS
:
Xc thc server:
w
ID

V

Xc thc Client: Cho php pha server xc P

ID

V

Page 5

M ho kt ni: T

SS
hash algorithm).
2/Lch s pht trin ca giao thc SSL & TLS:

Transport) c
W:
SSL v TLS.
HTTP V
199 t S-HTTP
HTTP S-HTTP
S
S "" I
T SS
T

K SS
HTTP 1994 S-HTTP

SS:

1 SS 1:

SS : 1
T
SS
PT P T I
1996

PT
SS SS V
SS
TP/IP PT

T SS 1996
I
O
SS ITF TS WG
T TS 1 SS

Page 6

hng h ho ng

1/Cu trc ca giao thc SSL:

SS SS 11 SS
SS T SS
T SS
TP V
TP
HTTP T
T SS
TP
H 11 SIIOP
HTTP FTP T IP IR POP T
SS S
SS T SS -

gio h

T SS :

1
Page 7

m kha chung.

S

T thng bo

T SS
V IP TP

H SS
TP TP
SY
SS SS
:
1 S I
I T
SS
S

S TP
SS TP
S

TP
T
I SS
TS T
TP
T
R V
SS S S xc
T SS

cho.

I SS/TS
1 11 "S"
SS
S

Page 8

Bng s ng gn ho gio h ng dng hy n .
T kha Cng M t
Nsiiop 261 D IIOP TS/SS
https 443 HTTP trn TLS/SSl
Smtps 465 SMTP trn TLS/SSL
Nntps 563 NNTP trn TLS/SSL
Ldaps 636 LDAP trn TLS/SSL
Ftps-data 989 FTP TS/SS
Ftps 990 FTP TS/SS
Tenets 992 TELNET trn TLS/SSL
Imaps 994 IRC trn TLS/SSL
Pop3s 995 POP3 trn TLS/SSL

Ni SS SS

ID

1 SS
14

SS

Bng hnh phn hng in ng hi ession
Thnh Phn M t
Session ID

Peer certificate X59
ngang hng.
Compression
method
T
ha
Cipher spec T
MAC
Master secret K 48-
server.
Is resumable

Bng 3 hnh phn hng in ng hi ni k
Thnh Phn M t
Page 9

Ng nhin
server v client

Kh m
MAC ghi
server
K

Kh m
MAC ghi client
K
MAC trn
Kha ghi
server
K

Kha ghi client K

Initialization
vector
T
B T
SS H P S

hi
thng

11 SS SS R P
SS :

- R OK
TP

-

- SS SS R P
SS

G SS SS H P

SS

S SS H P
SS R P
SS R H P

Page 10

2/Tm iu cc loi m ha
Mt m ha vn bn thng hay vn bn r)
vn bn m. Gii mt m
Mt m l H
kha
giao thc mt m

h thng mt m

:
1. B :

2. :

3. X :

4. K :
5. : K

a.Kh i ng

Thu i xng l nhng thut ton hoc l s dng cng mt kha cho vic mt m
ha v gii mt m hoc l kha (th hai) s d gii mt m c th d c t
kha (th nh mt m ha.

DES (Data Encryption Standard) 56
3-DES (Triple-DES):
ho DES
AES: AES l mt tiu chun m ha m c trin khai s d i tr

b.Kh ng khi
Cc thut ton i xng c mt s tr ngi khng thun tin i mun
i cc thng tin b mt cn phi chia s kha b mt. Kha cn ph i theo mt
cch thc an ton, m khng phi b ng v lin l u
ny thng thng l bt tin, v mt m ha kha cng khai (hay kha b i x
Page 11

t gii php thay th. Trong m c s dng,
l kha cng khai (hay kha cng cng) v kha b mt (hay kha c nhn ha cng
mt m ha cn kha b mt gii m thc hi c li).
R c th c kha b mt t i no
t do gi kha cng khai ca h ra bn ngoi theo cc knh khng an ton m vn chc
chn rng ch c h c th gii m c mt m ha b

Chn mt s ngu nhin l sinh cp kha.

D gii m.
Page 12

T hp kho b mt mnh vi kho b mt c i khc to ra kho dng chung ch i
bit.

RSA:
R S
RSA key exchange: SS RS

c.m Bm
m bm gi bm khi d li

thng ip
.
Page 13

T D5 SH-1 5

3/SSL Handshake Protocol:

SS H P SS SS R P
K SS SS
SS
SS
SS SS H P

SS

T SS H P S
:
1: C -> S: CLIENTHELLO
2: S -> C: SERVERHELLO
[CERTIFICATE]
[SERVERKEYEXCHANGE]
[CERTIFICATEREQUEST]
SERVERHELLODONE
3: C -> [CERTIFICATE]
CLIENTKEYEXCHANGE
[CERTIFICATEVERIFY]
Page 14

CHANGECIPHERSPEC
FINISHED
4: S -> C: CHANGECIPHERSPEC
FINISHED
H

K S TP HTTPS
ITHO
1 SS H P
ITHO HORQUST
T ITHO
:
- S SS
- UIX
8
-
-
-

Page 15

SS

SS

ITHO
S

S ITHO
SRVRHO B
HORQUST

ITHO
SRVRHO T ITHO
SRVRHO :
-
ITHO S
- UIX
8
-
-
-
client.

ITHO
sessio

HGIPHRSP
FIISHD
S

SRVRHO
ITHO

SRVRHO
SS TS
14 17

SRVRHO V

RTIFIT
X59

Page 16

RTIFITR T
X59

T SRVRKYXHG

FORITZZ K R
RS

D RTIFITR
T

SRVRHOD
SRVRHO

Sau khi n SRVRHO

SRVRHO
RTIFIT
T
ITKYXHG
server:
- RS
48 RS
SRVRKYXHG rong thng bo
ITKYXHG
chnh.
- FORTZZ
TK K P K

TK
TK
ITKYXHG
T
ri.

RTIFITVRIFY
T

DH
S HGIPHRSP
FIISHD T FIISHD
HGIPRSP
Page 17

T FIISHD

K
FIISHD;
FIISHD V SS H P
HGIPHRSP FIISHD
4

S SS
SS R
P
SS R P
SS H P

SS H P
SS SS
T
:
1: C -> S: CLIENTHELLO
2: S -> C: SERVERHELLO
CHANECIPHERSPEC
FINISHED
3: S ->C: CHANGECIPHERSPEC
FINISHED

1 ITHO

SRVRHO
V HGIPHRSP
FIISHD

4/SSL Record Protocol:

SS R P SS

SS
168

Page 18

Cc bc SSL Record Protocol.

SS R P
SS P SS SS
15 S SS :
- ;
- S ;
- ;
- T ;
- MAC.
Page 19

trn SS SS R
P
SS R P T SS SS
:
- Alert Protocol: P SS R P

- H P:
- Change CipherSpec Protocol:

SS

Minh hoa 1 doan thng dip ch thng tin v kha v quy djnh thut ton

Premaster secret
T seed
R : SS + 46
G
Master secret
T premaster secret

Key material
G master secret shared random values
Encryption keys
T key material

INITIAL (NULL) CIPHER
SUITE
PUBLIC-
KEY
ALGORITH
SYMMETRC
ALGORITH
M
HASH
ALGORITH
M
CIPHER SUITE CODES
USED
IN SSL MESSAGES
SSL_NULL_WITH_NULL_NULL = { 0, 0 }

SSL_RSA_WITH_NULL_MD5 = { 0, 1 }
SSL_RSA_WITH_NULL_SHA = { 0, 2 }
SSL_RSA_EXPORT_WITH_RC4_40_MD5 = { 0, 3 }
SSL_RSA_WITH_RC4_128_MD5 = { 0, 4 }
SSL_RSA_WITH_RC4_128_SHA = { 0, 5 }
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0, 6 }
SSL_RSA_WITH_IDEA_CBC_SHA = { 0, 7 }
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0, 8 }
SSL_RSA_WITH_DES_CBC_SHA = { 0, 9 }
Page 20

Minh hoa qu trnh tao Master Secret

CLIENT SENDS
PREMASTER
SECRET IN
ClientKeyExchange
SENT BY
CLIENT
IN ClientHello
SENT BY
SERVER
IN ServerHello
MASTER SECRET IS 3
MD5
HASHES
Page 21

Minh hoa qu trnh tao Key Materials

JUST LIKE FORMING
THE MASTER SECRET
EXCEPT THE MASTER
SECRET IS USED HERE
INSTEAD OF THE
PREMASTER SECRET
Page 22

Minh hoa qu trnh tng hop Key Meterials d ghp thnh thng dip

SECRET VALUES
INCLUDED IN MESSAGE
AUTHENTICATION CODES
INITIALIZATION VECTORS
FOR DES CBC ENCRYPTION
SYMMETRIC KEYS
Page 23

hng 3 ki n ng phng hng

1/Cc kiu tn cng SSL/TLS

SS/TS

:

a.Ki Mn in he middle (MIM)

Trong
DS RP
T w w
w w

: T
web browser w
-in- T
D w w
w SS

ra.

Page 24

b.n ng Be-force trn cc kho session:

B - -

T 4 4=19951167776

K
SS/TS GT/HTTP/1 V
S

SS/TS

T ^18 18-
T
PU
1-

T 4 56

PU

2/in php phng chng
T HTTPS
K IT

HTTP
B

T

Page 25

B

hng hng dn i eb ppliion s dng
( loi elf-Signed certificate)

B1: K w IIS IIS

Page 26

B: V S S-Signed Certificate

B:

Page 27

T

Page 28

B4: T IIS 1 w

Page 29

B5: V V S w W IIS

B6: S ISS w VS

Page 30

B7: W

B8: T W .

BaoCao Nhom20 TimHieuSSL

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BaoCao Nhom20 TimHieuSSL

Uploaded by

Copyright:

Available Formats

I HC QUC GIA TP.

You might also like