ssl3 secure sockets layer ver.3
DESCRIPTION
SSL3 Secure Sockets Layer ver.3. Miloš P ö singer & Matej Radošovský. Secure Sock ets Layer ver.3. Protokol SSL. Použitie šifrovacích technológií Šifrovanie dát: DES, RC4 a Triple DES Prenos súkromných kľúčov : RSA, DSS, KEA. Secure Sock ets Layer ver.3. ŠIFROVANIE. Symetrické - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/1.jpg)
SSL3SSL3Secure Sockets Layer ver.3
Miloš PMiloš Pöösingersinger
&&
Matej RadošovskýMatej Radošovský
![Page 2: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/2.jpg)
Protokol SSL
Použitie šifrovacích technológií Šifrovanie dát: DES, RC4 a Triple DES Prenos súkromných kľúčov :
RSA, DSS, KEA
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 3: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/3.jpg)
ŠIFROVANIE
Symetrické
Asymetrické
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 4: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/4.jpg)
Klasický model protokolu TCP/IP
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 5: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/5.jpg)
Vrstva SSL vložená medzi aplikačný a TCP protokol
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 6: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/6.jpg)
SSL zložený zo 4 čiastkových protokolov:
Record Layer Protocol - RLP
Alert Protocol - AP
Change Cipher Specification Protocol - CCSP
Handshake Protocol - HP
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 7: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/7.jpg)
Record Layer Protocol – RLP
fragmentáciakomprimáciavýpočet kontrolného súčtušifrovanie
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 8: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/8.jpg)
Alert Protocol – AP
upozornenia po ktorých môže komunikácia pokračovaťfatálne chyby
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 9: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/9.jpg)
Handshake Protocol – HP
overenie servera klientomdohovorenie spoločných šifrovacích algoritmovpoužitie šifrovania s verejným kľúčomstabilizovanie bezpečného SSL spojenia
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 10: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/10.jpg)
Change Cipher Specification Protocol – CCSP
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 11: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/11.jpg)
Klient Server
Vytvorenie spojenia
ClientHello
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 12: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/12.jpg)
ClientHello
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 13: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/13.jpg)
Klient Server
Vytvorenie spojenia
ClientHelloServerHello
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 14: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/14.jpg)
ServerHello
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 15: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/15.jpg)
Klient Server
Vytvorenie spojenia
ClientHelloServerHelloCertificate
[CertificateRequest]
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 16: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/16.jpg)
CertificateRequest
typy podporovaných certifikátov
rozlišovacie mená autorít
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 17: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/17.jpg)
Klient Server
Vytvorenie spojenia
ClientHelloServerHelloCertificate
[CertificateRequest]
ServerHelloDone
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 18: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/18.jpg)
ServerHelloDone
0E 00 00 00
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 19: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/19.jpg)
Klient Server
Vytvorenie spojenia
ClientHelloServerHelloCertificate
[CertificateRequest]
ServerHelloDone[Certificate]
ClientKeyExchange
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 20: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/20.jpg)
klient aj server
PreMasterSecret
ClientRandom
ServerRandom
master_secret = MD5(PreMasterSecret + SHA('A' + PreMasterSecret + ClientRandom + ServerRandom)) + MD5(PreMasterSecret + SHA('BB' + PreMasterSecret + ClientRandom + ServerRandom)) + MD5(PreMasterSecret + SHA('CCC' + PreMasterSecret + ClientRandom + ServerRandom)
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 21: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/21.jpg)
klient aj server
PreMasterSecret
ClientRandom
ServerRandom
MasterSecret
key_block = MD5(master_secret + SHA(`A' + master_secret + ServerRandom + ClientRandom)) + MD5(master_secret + SHA(`BB' + master_secret + ServerRandom + ClientRandom)) + MD5(master_secret + SHA(`CCC' + master_secret + ServerRandom + ClientRandom)) + [...];
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 22: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/22.jpg)
KeyBlock
client_write_MAC_secret
server_write_MAC_secret
client_write_key
server_write_key
server_write_IV
client_write_IV
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 23: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/23.jpg)
Klient Server
Vytvorenie spojenia
ClientHelloServerHelloCertificate
[CertificateRequest]
ServerHelloDone[Certificate]
ClientKeyExchange[CertificateVerify]
CCSP messageFinished
CCSP messageFinished
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 24: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/24.jpg)
Často využívané aplikácie s SSL
HTTPS port 443
SSMTP port 465
Secure LDAP port 636
POP3 cez SSL port 995
IMAP cez SSL port 993
Secure SockSecure Socketsets Layer Layer ver.3ver.3
![Page 25: SSL3 Secure Sockets Layer ver.3](https://reader036.vdocuments.net/reader036/viewer/2022062517/56812c1b550346895d908331/html5/thumbnails/25.jpg)
Ďakujeme za pozornosť
Secure SockSecure Socketsets Layer Layer ver.3ver.3