Professional Documents
Culture Documents
BaoCao Nhom20 TimHieuSSL
BaoCao Nhom20 TimHieuSSL
HCM
TRNG H KINH T-LUT
----------
mn
T HI GI TH T
H TN NG HNG HNG
: TT H
N H H K084061050
N T G K084061045
T N K084061086
Page 2
S S SS
Internet - V
V
SS .
SS
ba
T
Page 3
1: T SS ............................................................. trang 04
1. SS ................................................................................................ trang 04
2. ................................................................................... trang 05
: ............................................................ trang 06
1. SS ................................................................................... trang 06
2. T .................................................................. trang 10
3. Handshake Protocol ............................................................................... trang 13
4. Record Protocol ..................................................................................... trang 17
: ................................................. trang 23
1. .................................................................................. trang 23
2. ................................................................................. trang 24
4: SS W S-Signed Cert) ...... trang 25
Page 4
hng m hi io h
1/SSL l g?
V W w I
K
W
I TP/IP SS
ton:
Xc thc:
W
M ho:
I
Ton vn d liu:
V SS W
SS w Web server, cho
W K W w
SS w
UR HTTPS
44 8 HTTP
SS
:
Xc thc server:
w
ID
V
Xc thc Client: Cho php pha server xc P
ID
V
Page 5
M ho kt ni: T
SS
hash algorithm).
2/Lch s pht trin ca giao thc SSL & TLS:
Transport) c
W:
SSL v TLS.
HTTP V
199 t S-HTTP
HTTP S-HTTP
S
S "" I
T SS
T
K SS
HTTP 1994 S-HTTP
SS:
1 SS 1:
SS : 1
T
SS
PT P T I
1996
PT
SS SS V
SS
TP/IP PT
T SS 1996
I
O
SS ITF TS WG
T TS 1 SS
Page 6
hng h ho ng
1/Cu trc ca giao thc SSL:
SS SS 11 SS
SS T SS
T SS
TP V
TP
HTTP T
T SS
TP
H 11 SIIOP
HTTP FTP T IP IR POP T
SS S
SS T SS -
gio h
T SS :
1
Page 7
m kha chung.
S
T thng bo
T SS
V IP TP
H SS
TP TP
SY
SS SS
:
1 S I
I T
SS
S
S TP
SS TP
S
TP
T
I SS
TS T
TP
T
R V
SS S S xc
T SS
cho.
I SS/TS
1 11 "S"
SS
S
Page 8
Bng s ng gn ho gio h ng dng hy n .
T kha Cng M t
Nsiiop 261 D IIOP TS/SS
https 443 HTTP trn TLS/SSl
Smtps 465 SMTP trn TLS/SSL
Nntps 563 NNTP trn TLS/SSL
Ldaps 636 LDAP trn TLS/SSL
Ftps-data 989 FTP TS/SS
Ftps 990 FTP TS/SS
Tenets 992 TELNET trn TLS/SSL
Imaps 994 IRC trn TLS/SSL
Pop3s 995 POP3 trn TLS/SSL
Ni SS SS
ID
1 SS
14
SS
Bng hnh phn hng in ng hi ession
Thnh Phn M t
Session ID
Peer certificate X59
ngang hng.
Compression
method
T
ha
Cipher spec T
MAC
Master secret K 48-
server.
Is resumable
Bng 3 hnh phn hng in ng hi ni k
Thnh Phn M t
Page 9
Ng nhin
server v client
Kh m
MAC ghi
server
K
Kh m
MAC ghi client
K
MAC trn
Kha ghi
server
K
Kha ghi client K
Initialization
vector
T
B T
SS H P S
hi
thng
11 SS SS R P
SS :
- R OK
TP
-
- SS SS R P
SS
G SS SS H P
SS
S SS H P
SS R P
SS R H P
Page 10
2/Tm iu cc loi m ha
Mt m ha vn bn thng hay vn bn r)
vn bn m. Gii mt m
Mt m l H
kha
giao thc mt m
h thng mt m
:
1. B :
2. :
3. X :
4. K :
5. : K
a.Kh i ng
Thu i xng l nhng thut ton hoc l s dng cng mt kha cho vic mt m
ha v gii mt m hoc l kha (th hai) s d gii mt m c th d c t
kha (th nh mt m ha.
DES (Data Encryption Standard) 56
3-DES (Triple-DES):
ho DES
AES: AES l mt tiu chun m ha m c trin khai s d i tr
b.Kh ng khi
Cc thut ton i xng c mt s tr ngi khng thun tin i mun
i cc thng tin b mt cn phi chia s kha b mt. Kha cn ph i theo mt
cch thc an ton, m khng phi b ng v lin l u
ny thng thng l bt tin, v mt m ha kha cng khai (hay kha b i x
Page 11
t gii php thay th. Trong m c s dng,
l kha cng khai (hay kha cng cng) v kha b mt (hay kha c nhn ha cng
mt m ha cn kha b mt gii m thc hi c li).
R c th c kha b mt t i no
t do gi kha cng khai ca h ra bn ngoi theo cc knh khng an ton m vn chc
chn rng ch c h c th gii m c mt m ha b
Chn mt s ngu nhin l sinh cp kha.
D gii m.
Page 12
T hp kho b mt mnh vi kho b mt c i khc to ra kho dng chung ch i
bit.
RSA:
R S
RSA key exchange: SS RS
c.m Bm
m bm gi bm khi d li
thng ip
.
Page 13
T D5 SH-1 5
3/SSL Handshake Protocol:
SS H P SS SS R P
K SS SS
SS
SS
SS SS H P
SS
T SS H P S
:
1: C -> S: CLIENTHELLO
2: S -> C: SERVERHELLO
[CERTIFICATE]
[SERVERKEYEXCHANGE]
[CERTIFICATEREQUEST]
SERVERHELLODONE
3: C -> [CERTIFICATE]
CLIENTKEYEXCHANGE
[CERTIFICATEVERIFY]
Page 14
CHANGECIPHERSPEC
FINISHED
4: S -> C: CHANGECIPHERSPEC
FINISHED
H
K S TP HTTPS
ITHO
1 SS H P
ITHO HORQUST
T ITHO
:
- S SS
- UIX
8
-
-
-
Page 15
SS
SS
ITHO
S
S ITHO
SRVRHO B
HORQUST
ITHO
SRVRHO T ITHO
SRVRHO :
-
ITHO S
- UIX
8
-
-
-
client.
ITHO
sessio
HGIPHRSP
FIISHD
S
SRVRHO
ITHO
SRVRHO
SS TS
14 17
SRVRHO V
RTIFIT
X59
Page 16
RTIFITR T
X59
T SRVRKYXHG
FORITZZ K R
RS
D RTIFITR
T
SRVRHOD
SRVRHO
Sau khi n SRVRHO
SRVRHO
RTIFIT
T
ITKYXHG
server:
- RS
48 RS
SRVRKYXHG rong thng bo
ITKYXHG
chnh.
- FORTZZ
TK K P K
TK
TK
ITKYXHG
T
ri.
RTIFITVRIFY
T
DH
S HGIPHRSP
FIISHD T FIISHD
HGIPRSP
Page 17
T FIISHD
K
FIISHD;
FIISHD V SS H P
HGIPHRSP FIISHD
4
S SS
SS R
P
SS R P
SS H P
SS H P
SS SS
T
:
1: C -> S: CLIENTHELLO
2: S -> C: SERVERHELLO
CHANECIPHERSPEC
FINISHED
3: S ->C: CHANGECIPHERSPEC
FINISHED
1 ITHO
SRVRHO
V HGIPHRSP
FIISHD
4/SSL Record Protocol:
SS R P SS
SS
168
Page 18
Cc bc SSL Record Protocol.
SS R P
SS P SS SS
15 S SS :
- ;
- S ;
- ;
- T ;
- MAC.
Page 19
trn SS SS R
P
SS R P T SS SS
:
- Alert Protocol: P SS R P
- H P:
- Change CipherSpec Protocol:
SS
Minh hoa 1 doan thng dip ch thng tin v kha v quy djnh thut ton
Premaster secret
T seed
R : SS + 46
G
Master secret
T premaster secret
Key material
G master secret shared random values
Encryption keys
T key material
INITIAL (NULL) CIPHER
SUITE
PUBLIC-
KEY
ALGORITH
SYMMETRC
ALGORITH
M
HASH
ALGORITH
M
CIPHER SUITE CODES
USED
IN SSL MESSAGES
SSL_NULL_WITH_NULL_NULL = { 0, 0 }
SSL_RSA_WITH_NULL_MD5 = { 0, 1 }
SSL_RSA_WITH_NULL_SHA = { 0, 2 }
SSL_RSA_EXPORT_WITH_RC4_40_MD5 = { 0, 3 }
SSL_RSA_WITH_RC4_128_MD5 = { 0, 4 }
SSL_RSA_WITH_RC4_128_SHA = { 0, 5 }
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = { 0, 6 }
SSL_RSA_WITH_IDEA_CBC_SHA = { 0, 7 }
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA = { 0, 8 }
SSL_RSA_WITH_DES_CBC_SHA = { 0, 9 }
Page 20
Minh hoa qu trnh tao Master Secret
CLIENT SENDS
PREMASTER
SECRET IN
ClientKeyExchange
SENT BY
CLIENT
IN ClientHello
SENT BY
SERVER
IN ServerHello
MASTER SECRET IS 3
MD5
HASHES
Page 21
Minh hoa qu trnh tao Key Materials
JUST LIKE FORMING
THE MASTER SECRET
EXCEPT THE MASTER
SECRET IS USED HERE
INSTEAD OF THE
PREMASTER SECRET
Page 22
Minh hoa qu trnh tng hop Key Meterials d ghp thnh thng dip
SECRET VALUES
INCLUDED IN MESSAGE
AUTHENTICATION CODES
INITIALIZATION VECTORS
FOR DES CBC ENCRYPTION
SYMMETRIC KEYS
Page 23
hng 3 ki n ng phng hng
1/Cc kiu tn cng SSL/TLS
SS/TS
:
a.Ki Mn in he middle (MIM)
Trong
DS RP
T w w
w w
: T
web browser w
-in- T
D w w
w SS
ra.
Page 24
b.n ng Be-force trn cc kho session:
B - -
T 4 4=19951167776
K
SS/TS GT/HTTP/1 V
S
SS/TS
T ^18 18-
T
PU
1-
T 4 56
PU
2/in php phng chng
T HTTPS
K IT
HTTP
B
T
Page 25
B
hng hng dn i eb ppliion s dng
( loi elf-Signed certificate)
B1: K w IIS IIS
Page 26
B: V S S-Signed Certificate
B:
Page 27
T
Page 28
B4: T IIS 1 w
Page 29
B5: V V S w W IIS
B6: S ISS w VS
Page 30
B7: W
B8: T W .