Transport Layer Security

About This Presentation

Title:

Transport Layer Security

Description:

??? ??? ??????????? ?????? ?????? ??????? ??? ????????. ... ????? ????? ??????? ???????? HUSH ???????? ??? SHA , 5MD. ????????? ???? ????? ?? ??? MAC ??? ... – PowerPoint PPT presentation

Number of Views:73

Avg rating:3.0/5.0

Slides: 30

Provided by: rong8

Category:

more less

Transcript and Presenter's Notes

Title: Transport Layer Security

1
Transport Layer Security

?????? ????? ???
??? ????(????)

2
?? ?? TLS Transport Layer Security protocol

??? ??? ??????????? ?????? ?????? ??????? ???
????????.
????????? ????? ?????????? ???/???? ????? ?????
?????? ????
?????.
????? ????.
????? ??????.

3
????? ???????? TLS ????? ??????
4
?????? ?? TLS

TLS ????? ?????? ??????? ??? ??? ??????.
TLS ??? ?????? ??? ????? ????? ?? 128 bit RSA
TLS ???? ?????? "????" ?????? ??????????
??????? ???? ?????? ???? ????????? ???? ??????
????? ??????.

5
?????? ?? TLS

- Interoperability??????? ????????? ???? ??????
???? ????? ??? ??? ?????? ????? ??? ?? ?????? ???
????? ?????? ??? ??? ?? ??????.
TLS ????? ????? ?????? ?? ??? ????????? ?????
??????? ????? ?????? ?? ???? ??? ???? ?????
????? ??? "?????" .
?????? ????? ???????? ???????????? ????? ??????
?? ????? (???? ???????) ??? TLS ???? ?????
???????? ??? ???? ?????? ?? ??? ?????? ?????.

6
????? ?? TLS

????? ??????? ?? ???????? TLS ??? ???? ??????
?????? ???? ??? ??? ????????? ???????? ?????
???? ??????.
????????? ????? ???? ?????
TLS record protocol
TLS handshake protocol

7
TLS record protocol

TLS record protocol ???? ????? ?????? ?? ????????
?????? ???? (?????? TCP) ?????? ?????? ???????
???? ??? ????????
????? ???? ??????????? ??????? ????? ??????
?????? ????? (DES, RC4 ???...) ???? ???? ??????
???? ????? ?????? ??? ?????? ??-??? ???????? TLS
handshake ???? ????? ?????? ?? TLS .

8
TLS record protocol-continue

????? ???? ????? ?????? ????? ????? ??????
??????? ???? MAC. ????? ????? ??????? ????????
HUSH ???????? ??? SHA , 5MD.
????????? ???? ????? ?? ??? MAC ???
???"? ?? ??????? ?? ?MAC
???? ?????? ?? TLS record protocol
??? MAC ??? ????? ??????? ??????.

9
TLS handshake protocol

TLS Handshake protocol
- ????? ????? ????? ???? ????? ????? ????
????? ?????? ?????? ?????? ???????????? ??????
?????? ???? ??? ???? ?????? ???? ?????? (?????
??????).

10
TLS handshake protocol-continue

????? ?????? ??????? ???? 3 ???????
1. ???? ???? ?????? ?? ??? ???? ?-?????? ??
?????? (RSA, DSS ???...).
????? ????? ?????? ??? ?? ???? ??????? ?? ???
??????? ??? ????? ?????? ??? ????? ?????. ?????
???? ?????? ??? ??? ?????? ?? ????? ????? ???.
????? ???? ????? ?????? ?? ????? ??? ????? ??
??? ???? ??????.

11
TLS handshake protocol-continue

???? ??? ????? ??????? ?????? ???? ????? ??
??????? ?? ???? ????????? ???????? ?? ????????
??????????.
????? ?????? ?????? ???? ?? ??? ?????? ?"? ?????
????? ?????? ?????? ???? ??????.

12
TLS handshake protocol-continue
13
TLS handshake protocol-continue

???? ????? ?? ????? ClientHello ???? ???? ????
????? ????? ServerHello ???? ???? ????? ?????
??????? ?? ?????? ????.
?????? ?? ??????? ???????? ?????
Protocol Version
Session ID
CipherSuite
Compression Method
random values are generated 2 ?????? ?? ????/????
????? ????????.

14
TLS handshake protocol-continue

??? ??? ??? ???? ????? ?????.
?????????? ??? ???? ???? ServerKeyExchange
????? ?? ???????? Diffie-Hellman.
???? ?? ???????? ??????? ????? ?????? ???? ???
??? ?????.

15
TLS ??? ??????
16
Man in the middle

Use public private key
A-gtB hello
B-gtA Hi, I'm Bob, bobs-public-key
A-gtB prove it,
B-gtA Alice, This Is bob
digestAlice, This Is Bob
bobs-private-key

This is not secure
17
Man in the middle

Use public private key
A-gtB hello
B-gtA Hi, I'm Bob, bobs-certificate
A-gtB Hi, I'm Bob, bobs-public-key
B-gtA Alice, This Is bob
digestAlice, This Is Bob
bobs-private-key

18
Man in the middle

Alice -gtBob random message
Bob-gtAlice E(compute digest )
Alice compute digest to random message, compare
to Bobs message
Man in the middle couldnt get the original
message from the digest.

19
Man in the middle

Also MIM would tackle difficult trying to find a
different message with the same digest value
(digital signature)
While using MAC key as autentification MIM cant
do damage like in the "???? ????? "

20
TLS handshake protocol-continue

TLS handshake protocol ???? ????? ??-??????????
?????? ????? ???? ??????? ???????? ????? ??????
????? ???????? ?? ??????, ???? ?? ???? ?????? ??
?????? ??? ????.
??????????? ?????? ????? ?? "???? ????????" ??
TLS record protocol ??????? ?? ??????? ?????

21
TLS handshake protocol-continue

- ???? ??? - ???? ???? ??? ????????????
??????.
- ???????? ????? - ???? ?? ???????? ??????
?? ???? ??? .
- ???????? ????? - ???? ?? ????????
?????? ?? ???? ???.

22
??? ???? ?????????

???? ?????
??? ?????? ?-TLS ??? ????? ??????? ?? TLS record
protocol.
???? ??????? ?? ???? ????????? ??????? ?? ??
??????? ???????? ????? ??????? ?????? ???????
????????? ??????, ???????? ??????, ?????????
?-MAC .
???????? ?? ??????????? ?????? ????
Bulk encryption key, MAC secret

23
??? ???? ?????????-????

????? ???? ?????? 4 ???? ?????
??? ????? ?????
??? ????? ?????
??? ??? ????? ?????
??? ????? ?????

24
??? ???? ?????????-????

???????????? ?????? ?? ?????? ???????? ????? ??
???TLS handshake protocol ????????? ?? ??
???? ????? ??????? ???? ??? ????? ???? ?????.
????? ?? "????" ???? ?????? ?? ??? ???? ??????
?????? ????? ???? ?????? ?????? ???? ???.

25
???? ???? ?????? ?? TLS ????? ????? ??? ?
???? ??? ????
26
???? ???? ?????? ?? TLS ????? ????? ??? ?
???????? ???????
27
???? ???? ?????? ?? TLS ????? ????? ??? ?
(Advanced????? ??????? ?????(
28
???? ???? ?????? ?? TLS ????? ????? ??? ?
TLS" ??? V?? ???? " ?????
29
( Thanks )

Write a Comment

User Comments (0)