第十二章

網絡安全協(xié)議與VPN關于小組作業(yè)攻擊性方案較多防御性方案偏少入侵檢測方面的方案還沒有組長：方意組員：李昊軒、張嫚盜取手機通訊錄APP基于Android手機短信竊取APP石宇舸胡吉忠林達點觸式驗證碼制作小組成員：姬曉霞沈焙焙趙佳瑤班級：11電子商務2班報告時間：2014年4月23日楊子溪,廖雙雙,許紅霞中國建設銀行釣魚網站制作報告2025/8/20關于密碼強度檢測的研究小組成員學號年級專業(yè)姓名成員111010430022511電子商務蘇忠斌成員211010430022911電子商務王嘉斌今天課程用到的知識對稱加密公鑰加密與簽名MAC=H(k,M)加密密鑰與認證密鑰要分開

對稱加密技術加密明文密文明文解密對稱密鑰

公鑰加密技術加密明文密文明文解密公鑰私鑰

單向Hash函數(shù)Y=h(x)WhathappenedHandshakeisfinishedListeningportischangedto443AsessionisestablishedAgreeonalgorithmsPre-masterkeyissharedPerformauthenticationAconnectionisestablishedEncryptionkey,MACkeyisproducedHandshakeprotocoloutlineCSClientHelloServerHelloClientHello:VersionCipherSuitsRandom

ServerHello:VersionCipherSuitSessionIDRandom

Certificate+DoneCertificate:SubjectIssuer(CA)SignedPKRSAClientKEDatatransferKeyscomputedClientKeyExchange:Pre-MasterKeyencryptedw/PKfinishedAsessioncanincludemanyconnectionsSamekeysuiteButDifferentkeyisusedindifferentconnectionsessionkeyPremasterkeyMastermasterkeyConnectionkeyEncryptionkey,MACkeyWhataboutWi-Fi??使用了證書的服務器能否被假冒??Finished&ChangeCipherSpecDatatransferKeyscomputedfinishedClientKEChangeCipherSpeckeyscomputedClientFinishedChangeCipherSpecServerFinishedFinished:

HASH(allHandshakemsgs):…HandshakeprotocoloutlineCSClientHelloServerHelloClientHello:VersionCipherSuitsRandom

ServerHello:VersionCipherSuitSessionIDRandom

CertificateCertificate:SubjectIssuer(CA)SignedPKDHClientKEClientKeyExchange:DHmessageServerKE+DoneServerKeyExchange:DHmessage,signedtobeverifiedw/PKDiffie-Hellman–groupsid=1,2,5Allthesethreegroups(id=1,2,5)have:Generator=2Forgroupid=1:Prime=2^768-2^704–1+2^64*{[2^638pi]+149686}Forgroupid=2:Prime=2^1024-2^960–1+2^64*{[2^894pi]+129093}Forgroupid=5:Prime=2^1536-2^1472–1+2^64*{[2^1406pi]+741804}Diffie-Hellman–groupsid=3,4Overgaloisfieldsusingellipticcurves.SMUCSE5349/49SSL/TLSSMUCSE5349/7349LayersofSecuritySMUCSE5349/7349SSLHistoryEvolvedthroughUnreleasedv1(Netscape)Flawed-but-usefulv2Version3fromscratchStandardTLS1.0SSL3.0withminortweaks,henceVersionfieldis3.1StandardTLS1.2,2009DefinedinRFC2246,/rfc/rfc2246.txtOpen-sourceimplementationat/SMUCSE5349/7349SSLHistorySMUCSE5349/7349SSLHistoryTLS1.2哈希算法:客戶端和服務器可以協(xié)商將用作內置功能的任何哈希算法，并且已經將默認的密碼對MD5/SHA-1替換為SHA-256。

證書哈?；蚝灻刂?可以將證書申請人配置為僅接受證書路徑中指定的哈希或簽名算法對。

符合SuiteB的密碼套件:已經添加了兩個密碼套件，以便使用TLS符合SuiteB：

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384SMUCSE5349/7349OverviewEstablishasessionAgreeonalgorithmsSharesecretsPerformauthenticationTransferapplicationdataEnsureprivacyandintegritySMUCSE5349/7349ArchitectureRecordProtocoltotransferapplicationandTLSinformationAsessionisestablishedusingaHandshakeProtocolTLSRecordProtocolHandshakeProtocolAlertProtocolChangeCipherSpecSMUCSE5349/7349Architecure(cont’d)HANDLESCOMMUNICATIONWITHTHEAPPLICATIONProtocolsINITIALIZESCOMMUNCATIONBETWEENCLIENT&SERVERINITIALIZESSECURECOMMUNICATIONHANDLESDATACOMPRESSIONERRORHANDLINGSMUCSE5349/7349HandshakeNegotiateCipher-SuiteAlgorithmsSymmetricciphertouseKeyexchangemethodMessagedigestfunctionEstablishandsharemastersecretOptionallyauthenticateserverand/orclientSMUCSE5349/7349HandshakePhasesHellomessagesCertificateandKeyExchangemessagesChangeCipherSpecandFinishedmessagesSMUCSE5349/7349SSLMessagesOFFERCIPHERSUITEMENUTOSERVERSELECTACIPHERSUITESENDCERTIFICATEANDCHAINTOCAROOTCLIENTSIDESERVERSIDESENDPUBLICKEYTOENCRYPTSYMMKEYSERVERNEGOTIATIONFINISHEDSENDENCRYPTEDSYMMETRICKEYSOURCE:THOMAS,SSLANDTLSESSENTIALSACTIVATEENCRYPTIONCLIENTPORTIONDONE(SERVERCHECKSOPTIONS)ACTIVATESERVERENCRYPTIONSERVERPORTIONDONE(CLIENTCHECKSOPTIONS)NOWTHEPARTIESCANUSESYMMETRICENCRYPTIONSMUCSE5349/7349ClientHelloProtocolversionSSLv3(major=3,minor=0)TLS(major=3,minor=1)RandomNumber32bytesFirst4bytes,timeofthedayinseconds,other28bytesrandomPreventsreplayattackSessionID32bytes–indicatestheuseofpreviouscryptographicmaterialCompressionalgorithmSMUCSE5349/7349ClientHello-CipherSuitesINITIAL(NULL)CIPHERSUITEPUBLIC-KEYALGORITHMSYMMETRICALGORITHMHASHALGORITHMCIPHERSUITECODESUSEDINSSLMESSAGESSSL_NULL_WITH_NULL_NULL={0,0}SSL_RSA_WITH_NULL_MD5={0,1}SSL_RSA_WITH_NULL_SHA={0,2}SSL_RSA_EXPORT_WITH_RC4_40_MD5={0,3}SSL_RSA_WITH_RC4_128_MD5={0,4}SSL_RSA_WITH_RC4_128_SHA={0,5}SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5={0,6}SSL_RSA_WITH_IDEA_CBC_SHA={0,7}SSL_RSA_EXPORT_WITH_DES40_CBC_SHA={0,8}SSL_RSA_WITH_DES_CBC_SHA={0,9}SSL_RSA_WITH_3DES_EDE_CBC_SHA={0,10}

SMUCSE5349/7349ServerHelloVersionRandomNumberProtectsagainsthandshakereplaySessionIDProvidedtotheclientforlaterresumptionofthesessionCiphersuiteUsuallypicksclient’sbestpreference–NoobligationCompressionmethodSMUCSE5349/7349CertificatesSequenceofX.509certificatesServer’s,CA’s,…X.509CertificateassociatespublickeywithidentityCertificationAuthority(CA)createscertificateAdherestopoliciesandverifiesidentitySignscertificateUserofCertificatemustensureitisvalidSMUCSE5349/7349ValidatingaCertificateMustrecognizeacceptedCAincertificatechainOneCAmayissuecertificateforanotherCAMustverifythatcertificatehasnotbeenrevokedCApublishesCertificateRevocationList(CRL)SMUCSE5349/7349ClientKeyExchangePremastersecretCreatedbyclient;usedto“seed”calculationofencryptionparameters2bytesofSSLversion+46randombytesSentencryptedtoserverusingserver’spublickeyThisiswheretheattackhappenedinSSLv2SMUCSE5349/7349ChangeCipherSpec&

FinishedMessagesChangeCipherSpecSwitchtonewlynegotiatedalgorithmsandkeymaterialFinishedFirstmessageencryptedwithnewcryptoparametersDigestofnegotiatedmastersecret,theensembleofhandshakemessages,senderconstantHMACapproachofnestedhashingSMUCSE5349/7349SSLEncryptionMastersecretGeneratedbybothpartiesfrompremastersecretandrandomvaluesgeneratedbybothclientandserverKeymaterialGeneratedfromthemastersecretandsharedrandomvaluesEncryptionkeysExtractedfromthekeymaterialSMUCSE5349/7349GeneratingtheMasterSecret

SOURCE:THOMAS,SSLANDTLSESSENTIALSSERVER’SPUBLICKEYISSENTBYSERVERINServerKeyExchangeCLIENTGENERATESTHEPREMASTERSECRETENCRYPTSWITHPUBLICKEYOFSERVERCLIENTSENDSPREMASTERSECRETINClientKeyExchangeSENTBYCLIENTINClientHelloSENTBYSERVERINServerHelloMASTERSECRETIS3MD5HASHESCONCATENATEDTOGETHER=384BITSSMUCSE5349/7349GenerationofKeyMaterialSOURCE:THOMAS,SSLANDTLSESSENTIALSJUSTLIKEFORMING

THEMASTERSECRETEXCEPTTHEMASTERSECRETISUSEDHEREINSTEADOFTHEPREMASTERSECRET...SMUCSE5349/7349ObtainingKeysfromtheKeyMaterial

SOURCE:THOMAS,SSLANDTLSESSENTIALSSECRETVALUESINCLUDEDINMESSAGEAUTHENTICATIONCODESINITIALIZATIONVECTORSFORDESCBCENCRYPTIONSYMMETRICKEYSSMUCSE5349/7349SSLRecordProtocolSMUCSE5349/7349RecordHeaderThreepiecesofinformationContenttypeApplicationdataAlertHandshakeChange_cipher_specContentlengthSuggestswhentostartprocessingSSLversionRedundantcheckforversionagreementSMUCSE5349/7349Protocol(cont’d)Max.recordlength214–1MACDataHeadersSequencenumberTopreventreplayandreorderingattackNotincludedintherecordSMUCSE5349/7349AlertsandClosureAlerttheothersideofexceptionsDifferentlevelsTerminateandsessioncannotberesumedClosurenotifyTopreventtruncationattack(sendingaTCPFINbeforethesenderisfinished)SMUCSE5349/7349SSLSessionsSessionsvs.ConnectionsMultipleconnectionswithinasessionsOnenegotiation/sessionSessionResumptionThroughsessionIDsClientsuseserverIPaddressornameasindexServersusethesessionIDsprovidebytheclientsUseofrandomnumbersinresumedsessionkeycalculationensuresdifferentkeysSessionRe-handshakeClientcaninitiateanewhandshakewithinasessionUseofServerGatedCryptography(SGC)foraddedsecuritySMUCSE5349/7349SSLOverhead2-10timesslowerthanaTCPsessionWheredowelosetimeHandshakephaseClientdoespublic-keyencryptionServerdoesprivate-keyencryption(stillpublic-keycryptography)UsuallyclientshavetowaitonserverstofinishDataTransferphaseSymmetrickeyencryptionSMUCSE5349/7349SSLApplicationsHTTP–originalapplicationSecuremailServertoclientconnectionSMTP/SSL?Telnet,ftp..Resources:/related/apps.htmlSMUCSE5349/49WTLSSMUCSE5349/7349WAPGatewayArchitectureWTLSHTTP/SSLHTTP/SSLWirelessGatewayApplicationServersSMUCSE5349/7349WAPStackConfigurationSMUCSE5349/7349WirelessTransportLayerSecurity(WTLS)Providessecurityservicesbetweenthemobiledevice(client)andtheWAPgatewayDataintegrityPrivacy(throughencryption)Authentication(throughcertificates)Denial-of-serviceprotection(detectsandrejectsmessagesthatarereplayed)SMUCSE5349/7349WTLSProtocolStackSMUCSE5349/7349WTLSRecordProtocolTakesinfofromthenexthigherlevelandencapsulatesthemintoaPDUPayloadiscom