2

: . -


: SSL/TLS
SSL - Secure Sockets Layer
Netspace 1990-
SSLv2 (
!!!), SSLv3
TLS - Transport Layer Security
IETF- SSL
TLS 1.0 - SSLv3 RFC 2246 (1999)
TLS 1.1 - TLS 1.0 + RFC 4346 (2006)
TLS 1.2 - TLS 1.1 + RFC 5246 (2008)
, , ,
DTLS (Datagram TLS) TLS UDP


: SSL/TLS
:

Internet

Internet

- TCP (
HTTP)

PKI
(
, RC4)


(-) JKBob ?

JKCA

Verify
cert

(PK,JK)
JKCA

JK

CA
JK

I am Bob
Cert PKCA :

check
proof

JK

Cert ( , )

PKCA

:
:


Common Name :
,

ugd.edu.mk,

wildcard cert, *ugd.edu.mk f*.ugd.edu.mk

:
* , .
: *.a.com x.a.com y.x.a.com

CAs

 SSL/TLS
HTTP HTTPS
web
proxy

web
server

-
:

CONNECT domain-name

client-hello

:
IP .
TLS 1.1 (RFC 4366)
client_hello_extension: server_name=cnn.com
FF2 IE7 (vista)

443 HTTPS

client-hello
server-cert ???

web
server

certCNN
certFOX

 HTTPS
-?
-

ISP HTTPS
-

( )

 TLS

1.
2.
3.

:
(ciphersuit)

Handshake Protocol

Record Protocol

Handshake .

 TLS
Handshake
Protocol

Change Cipher
Spec Protocol

Alert
Protocol

Record Protocol

TCP

HTTP
.

TLS ciphersuits
TLS TCP .
TLS
.
.
200+ ciphersuits
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_NULL_WITH_NULL_NULL

TLS Record Protocol

,
214 .

TLS Record Protocol

MAC_Encode_Encrypt

TLS 1.2 AEAD (

/), AES-GCM, AES-CCM

TLS Record Protocol

(Content type, 8 )

.

20
21
22
23

SSL Change Cipher Spec

Alert
Handshake

(Major version, 8 )
. SSLv3 3.
(Minor version, 8 ) -
SSLv3 0.
(Compressed length,
16 ) .

 TLS Record
Protocol Handshake Protocol
TLS,
MAC
,

Handshake Protocol
.


Handshake Protocol

,
-

/ Record Protocol

SSL/TLS

TLS Handshake Protocol

ClientHello
TLS ,
, CipherSuites,
.
, ID
.
ServerHello ,
TLS ,
, CipherSuite,
.
ID
. TLS,
.

TLS Handshake Protocol

Certificate .
ServerHelloDone ,

.
ClientKeyExchange ,
PreMasterSecret, ,
( ).

PreMasterSecret master .


.

TLS Handshake Protocol

ChangeCipherSpec ,

( ).
,
Finished ,
MAC .

MAC.
,
.

TLS Handshake Protocol

ChangeCipherSpec ,

( ).

Finished .
.

TLS Handshake Protocol

Lock :

SSL

page origin

 lock ?

HTTPS
:

HTTPS CA

HTTPS ( , )
Common Name URL

Lock UI:

Lock UI: Extended Validation

CA
wildcard ( *.ugd.edu.mk )

:
www.bankofthevvest.com

HTTPS-EV HTTPS

HTTPS :



HTTP:
HTTP

URL

Google
HTTP

<form method="post"
action="https://onlineservices.wachovia.com/..."

HTTPS :

:
http://login.site.com

Redirect: https://login.site.com

 HTTPS Lock
1. HTTP HTTPS

2.
3. :

HTTP HTTPS

4. HTTPS ?

: ,

 TLS
BEAST (2011), CRIME (2012), Lucky 13, RC4 (2013),
Renegotiation Attack (2009), Triple Handshake Attack (2014)
(
):
Why Eve and Mallory Love Android (2012)
The most dangerous code in the world (2012)
Apple goto fail (2013)
OpenSSL CCS (2014)
Frankencerts (2014)

Heartbleed (2014)

 IP: IPSec

 IPSec

IPSec

a -
TCP :

IPSec : IPSEC IP

http://www.tcpipguide.com/free/t_IPSecModesTransportandTunnel.htm

IPSec : IPSEC + IP

IPSec
AH

ESP

ESP +

replay


Authentication Header (AH)

replay (
)
MAC;



Encapsulated Security Payload (ESP)

IPSec
- SA
IPsec
SA :

Security Parameters Index (SPI)

IP
Security Protocol Identifier (AH ESP)

SA , SA
IPsec .
SA

SA

IPSec
- SA)
Internet Key Exchange (IKE IKEv2) Kerberized
Internet Negotiation of Keys (KINK) SA



IPsec.
Oakley
SKEME ISAKMP (Internet Security Association and
Key Management Protocol) .
Diffie-Hellman

.
X.509

IKE IPSEC
m1

A, (ga mod p)

B, (gb mod p) , signB(m1,m2)

m2

signA(m1,m2)

: A B gab mod p


: SSH
Secure Shell, TCP 22

( , FTP)

SSH

(rcp)
ftp (sftp)
(rsync)


(sshfs)

SSH