SSL (Secure Socket Layer) - PowerPoint PPT Presentation

About This Presentation
Title:

SSL (Secure Socket Layer)

Description:

Title: Efficient and Robust Secure Key Issuing Protocol in ID-based Cryptography Author: bclee Last modified by: bclee Created Date: 7/20/2005 1:11:57 AM – PowerPoint PPT presentation

Number of Views:213
Avg rating:3.0/5.0
Slides: 21
Provided by: bcl92
Category:
Tags: ssl | cert | layer | secure | socket | transport

less

Transcript and Presenter's Notes

Title: SSL (Secure Socket Layer)


1
SSL (Secure Socket Layer)
  • ????? ??????
  • ??? ??

2
? ?? ????
  • ???? ????? ????
  • ? ??
  • ? IP ??? ?? ??? ? ? IP Sec
  • ? ????? ?? ?????? ??? ??
  • ? VPN(Virtual Private Network)? ??

Application
Transport
IP Sec
Physical
3
? ?? ????
  • ?????????? ????
  • ? ??
  • ? Transport ?? ?? SSL? ?? ??
  • ? ????? ?? ?????? ??? ??
  • ? ???(End-to-End) ??? ??
  • ? ? ??? ?? ????
  • ? ???? ??? ??(???? ???? ?? ??)

Application
SSL
Transport
Network
Physical
4
? ?? ????
  • ??????? ???? SET, PGP, S/MIME
  • ? ??
  • ? ????? ????? ???? ??? ??? ??
  • ? ?? ?????? ??? ?? ????? ??
  • ? ???? ?? ? ??? ?? ??? ??(???? ??? ??)

SET
PGP
S/MIME
Application
Transport
Network
Physical
5
Secure Socket Layer
  • SSL ??
  • ? ??
  • ? Secure Socket Layer de facto Standard
    (??? ??)
  • ? 2 ?? Layer? ??
  • ? 1994? Netscape?? ? ?? ????? ??
  • ? ?? SSL ?? 3 ? ??
  • ? 1999? IETF ?? TLS Working Group ?? TLS ?
    ??
  • ? ????? TCP ????? ??

HTTP
SSL Higher Layer
SSL Lower layer
TCP
6
Secure Socket Layer
  • SSL ??
  • ? ??
  • ? ????? ? ??? ??? ??(Secure Channel)
    ??
  • ? ???(End-to-End) ?? ??? ??
  • ? ????? ? ?? ??(Authentication) we
    know who each other are
  • ? ??? ????(RSA, DSS,
    Diffie-Hellman)
  • ? X. 509 ??? ???
  • ? ??? ?? only you and I can see it
  • ? Handshake Protocol ? ?? ???(???)
    ??
  • ? DES, RC2, RC4, 3-DES ?
  • ? ??? ?? no one else can change it
  • ? Hashed MAC(Message Authentication Code)
  • ? SHA-1(160??), MD5(128??)

7
Secure Socket Layer
  • SSL ??
  • ? SSL Higher Layer(?? ????)
  • ? Handshake Protocol
  • ? Change Cipher Spec Protocol
  • ? Alert Protocol
  • ? SSL Lower Layer(??? ????)
  • ? Record Protocol

HTTP
Record Layer
TCP
8
Secure Socket Layer
  • SSL Handshake Protocol
  • ? ??
  • ? ????? ? ??? ???? ???? ?? Session ??
  • ? ????? ? ??? Session ??? ??? ?? ???? ?? ??
  • ? ?????? ?? ??? ??(Authentication)??
  • ? Record Protocol ? ???? ??
  • ? ?????? ?? ? ??? ??? ?? ???? ??
  • ? Protocol Version (SSL)
  • ? Session ID
  • ? ??? ???? , ?? ????
  • ? ????(Option, X.509)
  • ? ??? ??????? ?? pre-master-secret ??

9
SSL ????
  • SSL Handshake Protocol

??? ??? ??? ?? ???

?? ?? ??
Server ??
Client ??
Connection ?? ??? ??
Client Hello
Server ?? ?? ??? ??
Server Hello
Server authenticate
Server ? Certificate? ???
Server Certificate
Session Key ? ?? Premaster ?? ?? ? ? ??? ????
Public Key ??
Server Key Exchange
Client Certificate Request
Client? Certificate? ???.
Server Hello done
Server? ?? ?? ??? ??
  • Client Certificate

Client authenticate
  • Client? Certificate? ???.

Session Key? ?? Premaster ?? Server ? ???? Public
Key? ????? ???.
Client Key Exchange
  • Certificate Verify
  • Client Certificate ??? ??

Data???? ??? ???? ?? ??
Change Cipher Spec
Data???? ??? ???? ?? ??
Change Cipher Spec
Application Data? ??? ?? ???.
Application DATA
Application DATA
10
Full Handshake
11
Resume Session
12
Secure Socket Layer
  • SSL Change Cipher Spec Protocol
  • ? ??
  • ? Record Layer ?? ??? ??? ? ?????? ??? ??
    ???
  • ??? ????(Encryption)?? ??? ??? ?? ?????
    ??
  • ? Change Cipher Spec ???? ??? ??? pending
    read state?
  • Active read state ? ??(Cipher Spec ???)

Write
Write
Read
Read
Act
Act
Pnd
Act
Pnd
Pnd
Pnd
Act
null
Enc
null
DES
DES
DES
null
Enc
null
DES
Mac
null
null
MD5
Mac
null
null
MD5
MD5
MD5
Key
null
XXX
XXX
null
Key
XXX
null
null
XXX
13
Secure Socket Layer
  • SSL Alert Protocol
  • ? ??
  • ? ?????? ??? ??? ????? Error Message ??
  • ? Level?? fatal? warning? ??
  • ? ?????? ??? fatal level? alert? ??? ??
    Connection
  • ???? Session ID? ??

level
description
0 close-notify 10 Unexpected_message 20
Bad_record_mac 30 Decompression_failure
w F F F . ..
1 byte
1 byte
14
Secure Socket Layer
  • SSL Record Protocol
  • ? ??
  • ? ?????? ?? ??? ???(?? ??)? ?? ?? ??
  • ? ??? ?? ?? ? ?? ?? ?? ??? 2 (16,384 ???)
  • ? ??
  • ? ??? MAC(Message Authentication Code)? ???
    ??? ??
  • ? Handshake ???? ??? ?? ????? ?? ?? ??? ???
    ???? ???(Confidentiality) ??
  • ? ??? ??????? ??? ??? ??(Compression) ?? ??

14
15
Secure Socket Layer
  • SSL Record Protocol

16
Fragmentation
17
TLS
  • TLS ??
  • SSL 3.0? ????? ?? ??
  • IETF TLS WG?? ???
  • V1.0 ? ??
  • SSL 3.0? ???
  • Fortezza ????? ??
  • RSA ????? ????? ?? (????)
  • DSS? D-H? ??? ??
  • HMAC ??
  • HMAC_MD5, HMAC_SHA-1
  • Master_secret? ???? ???
  • PRF (pseudo-random function)

18
WTLS
  • WTLS ??
  • WAP (Wireless Application Protocol)?? ???? TLS
  • TLS?? ???
  • ? ?? ????? ECC ??
  • Record ???? Fragmentation ? Compression? ?? ??
  • ?? ?? ??? ?? ??
  • X.509 Cert, WTLS Cert, X968 Cert
  • ?? ? ??? ??
  • Pre_master_secret? Master_secret? 20 byte
  • Server, Client random? 16 byte
  • Key_block? ???? ???

19
SSL?? ???? ??

20
SSL ?? ?????
  • SSLeay
  • ??? Eric A. Young, Tim J. Hudson ??
  • ?? RSA??? ?? ??
  • RSA BSAFE SSL-C
  • http//www.ssleay.org/
  • OpenSSL
  • 1998? 12??? ???
  • SSLeay library? ???
  • SSL v2/v3, TLS v1
  • http//www.openssl.org/
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "SSL (Secure Socket Layer)" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!