Secure Sockets Layer.doc
Transcript of Secure Sockets Layer.doc
MasterRad
: Secure Sockets Layer (SSL):
: .
oj : 833/2008
, 2010.
31.
31.1. SSL
51.2.
71.3. SSL Handshake
81.4. SSL ChangeCipherSpec
81.5. SSL Record
91.6. SSL Alert
112. SSL
112.1.
122.2.
122.3.
132.4. " "
132.5. Cipher suite -
152.6.
153. SSL
153.1. SSL (VPM)
173.2. Online
183.3. S-HTTP SSL
194. SSL
205.
226.
1.
1.1. SSL
Secure Sockets Layer (SSL) () , (. ) . SSL , (. TCP/IP), SSL . , , , , , . , , , , , . SSL- . , .
SSL Netscape Communications , Nescape Navigatorom. , 1.0, 1994. , , . 2.0 Netscape Navigatorom, 1 2. SSL 2.0, Microsoft , PCT. SSL 3.0, PCT-, SSL 2.0. , Internet Engineering Task Force (IETF)
y y (TLS) , 1996. , SSL- 3.0. TLS 1.0, 1999. RFC 22461. TLS
IETF-, SSL- . , , WTLS (Wireless TLS - TLS).
SSL , . ISO/OSI . , SSL . , SSL User Datagram (UDP), , IP . , SSL : Simple Network Management Protocol (SNMP), Network File System (NFS), Domain Name Service (DNS), "voice over IP". SSL -: SSL Record SSL Handshake, 4 :
1) SSL Record,
2) SSL Handshake,
3) ChangeCipherSpec, i
4) Alert.
SSL Record , . SSL Handshake , . , TCP . Handshake , , PreMasterSecret, MasterSecret. ChangeCipherSpec (CCS) , Record () . (Alert), , "handshake-a". , Record , , , -. SSL (connection) (session). , "handshak-". (session) (connections). , :
(ID),
,
,
,
MasterSecret .
,"handshake" : , , "" , , . , ChangeCipherSpec. , . , . , , . SSL 24 , . Record ("") . , , . , .
1.2.
, SSL -, . . , MasterSecret ( ) , , "hash" , MAC- ( ).
1.3. SSL Handshake
SSL . , . , .
, . .
, . . , ClientHello . , . . ServerHello , ServerHelloDone . , ( ), PreMasterSecret , . . ChangeCipherSpec (Cipher Spec) , . , Finished . Finished . ChangeCipherSpec Handshake . , , Client_Random Server_Random, ClientHello ServerHello , , "hash" . , , ClientHello ServerHello . ChangeCipherSpec "handshake" Finished .
Session ID ClientHello . Session ID , , , "handshake", .
1.4. SSL ChangeCipherSpec
SSL . . (). Cipher Spec Cipher Spec , ( , : , , .) Record sloja.
1.5. SSL Record
Record ChangeCipherSpec . , "handshake" TCP . , (Handshake, Alert, ChangeCipherSpec, ), :
214 .
.
MAC- ( ) .
().
.
, , . , , . , Record Alert . Record 5 . :
(1 ),
(1 ),
(1 ),
(2 ).
(Handshake, ChangeCipherSpec, Alert, Application Data). " " SSL- ( SSL 3, 3). " " SSL- ( SSL 3, 0). , " " , 214 + 204822. SSL. SSL, SSL .
1.6. SSL Alert
, , . , , . . , . . , ( ), .
: , , Handshake , Record . , , SSL - ( ) , , .
2. SSL
SSL "" , . , , . SSL , w , . . , , SSL . SSL : , . , , , . " " , . , .
2.1.
SSL -, . , , . , . , . , , , , . x . :
SSL ;
Internet Explorer;
.
, . , w , . . browser SSL , . Browser , , . , Internet Exploreru Netscape-, . , , "". 2.2.
SSL , web browser . , , , . , SSL . SSL -, , " ".
2.3.
Windows - . SSL w . ()
, "" . Internet Exploreru i Windows Media Playeru, . , . , . , , . . y . , Windows 98, . Windows 2000 i XP, . 2000. . , : Windows 98, Windows NT Workstation, Windows 2000 Professional, i Windows XP Professional. " ".
2.4. " "
, w , , w w . SSL w , w. w, . , , SSL . , w , "" SSL .
2.5. Cipher suite -
SSL , 2.0, ( , , .) . 3.0, 2.0. , . - , , Hello . 3.0 MasterSecret, , . Handshake , , . , ChangeCipherSpec, . . ChangeCipherSpec Finished , MAC ( ) Handshake MasterSecreta. 48- MasterSecret , . Finished ( ). , Finished. :
1. KS: [ChangeCipherSpec]
2. KS: [Finished:]{a}k
3. SK: [ChangeCipherSpec]
4. SK: [Finished:]{a}k
5. KS: {m}k
{*} Record , , Finished , MAC- "handshake" .
2.6.
. 1998. , 40- , 512- . , 27% 40- . Browseri 40- SSL . 40- , (512) RSA . y (2000) 83% SSL . "" RSA , SSL . 3. SSL 3.1. SSL (VPM)
() , , . , . IPSec, , SSL . w w SSL. SSL , , w SSL.
SSL SSL "x" ( ) , /, w . , , "proxy" () . , "xy" , . w "" , w .
, , SSL . SSL -, , IPSec-, . , SSL , , , VPM . , , :
, X.509 ;
40- 128- 4 .
SSL - VPM-:
;
( PC-);
;
.
SSL - VPM-:
w ;
" ";
SSL , IPSec-.
3.2. Online
World Wide Web- . , - . 90% - . , . - ? - : Secure Sockets Layer (SSL) Secure Electronics Transaction (SET). SSL () . w w, Netscape Communicator 7.1, 128 - SSL . SSL , . , , SSL . . , , , , , . SSL , . . SSL , .
1. ;
2. -;
3. SSL ;
4. ;
5. ();
6. ;
7. .
, . , . . SSL , , SSL , , , TCP/IP .
3.3. S-HTTP SSL
- (S-HTTP) HTTP-, Enterprise Integration Technologies . , S-HTTP SSL w , , , () . , : SSL , , HTTP TCP/IP . S-HTTP HTTP. .
"" . S-HTTP w . .
S-HTTP . S-HTTP- , w . SSL , - w , SSL .
w w SSL- w . , - SSL .
4. SSL
SSL
. , , , SSL . SSL www consortiuma (www.w3.org) . SSL . SSL- . .
S-MIME
Secure-MIME RSA MIME . . SSL-, . MIME-a, SMIME SSL.
S-HTTP
Secure HTTP HTTP-, ISO/OSI . - , S-HTTP . , , SSL. , .
SSH
Secure Shell . , , . .
PEM Private Enhanced Mail - , . PEM , . PEM .
PCT Private Communication Technology Microsofta SSL 2. SSL- , . PCT SSL-, . SSL 3, , PCT . SHEN
SHEN HTTP. CERN-, HTTP, , .
PGP
Pretty Good Privacy , . . , . 5. SSL (Secure Sockets Layer) () , (. ) . SSL , . , , , , , . , , , , , . SSL - . , .SSL Netscape Communications, Nescape Navigatorom. , 1.0, 1994. , , . 2.0 Netscape Navigatorom, 1 2. SSL 2.0, Microsoft , PCT (Private Communications Transport). SSL 3.0, Microsoft- PCT-, SSL 2.0. , IETF (Internet Engineering Task Force) , 1996. , SSL- 3.0. TLS (Transport Layer Security) 1.0, 1999. RFC (Request For Comments) 22461. IETF-, SSL- . , , WTLS (Wireless Transport Layer Security ).6.
1. Benjamin Reyes, Kavitha Swaminathan, Jefferson Vega, Zuofeng Yuan, (2003) Secure Sockets Layer Protocol, University of Maryland, ENTS-650, Network security, Project paper.
2. Bill Brogden, Chriss Minnick, (2001) XML JSP, , .
3. Brian Komar, (1999) TCP/IP, , .
4. , (2002) W , , , , ,
5. IETF, TLS protocol, (1999) http://www.ietf.org/html.charters/tls-charters.html.
6. Micke Pettersson, Mickes Web Security, http://www3.tsl.uu.se/~micke. 7. Netscape Communications Corporation, (1996)
http://wp.netscape.com/eng/ssl3/draft302.txt, SSL protokol, verzija 3.0.
8. Sun Microsystems, Inc, Introduction to SSL,
http://docs.sun.com/source/816-6156-10/contents.htm
9. OpenReach Inc., (2002)
http://www.webtorials.com/main/resource/papers/openreach/paper1/IPSec_vs_SSL.pdf
10. Inc, http://www.rsa.com. PAGE