Scribd Logo
Unggah

Selamat datang di Scribd!

  • Fall2012 DVGC19 Websec Ge PDF

    Diunggah oleh

    abdel_lak
    55 tayangan10 halaman
    web sec

    Judul Asli

    Fall2012-DVGC19-Websec-Ge.pdf

    Hak Cipta

    © Attribution Non-Commercial (BY-NC)

    Format Tersedia

    PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    web sec

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    55 tayangan10 halaman

    Fall2012 DVGC19 Websec Ge PDF

    Diunggah oleh

    abdel_lak
    web sec

    Hak Cipta:

    Attribution Non-Commercial (BY-NC)
    Unduh sebagai PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 10

    Web security

    (Spoofing & TLS & DNS)

    Ge Zhang

    SSL Architecture
    SSL &an sha'e !rotoco" SSL -hange -ipher Spec( !rotoco" SSL Recor !rotoco" T-! )! SSL A"ert !rotoco" &TT!/ etc(

    Recor !rotoco"# $essage encryption%authentication &an sha'e !(# ) entity authentication & 'ey e*change A"ert !(# +rror notification (cryptographic or other,ise) -hange -ipher !(# Acti.ate the pen ing crypto suite

    SSL &an sha'e !rotoco"


    T,o parties# c"ient an ser.er Negotiate .ersion of the protoco" an the set of cryptographic a"gorith0s to be use
    1 )nteroperabi"ity bet,een ifferent i0p"e0entations of the protoco"

    Authenticate c"ient an ser.er (optiona")


    1 2se igita" certificates to "earn each other3s pub"ic 'eys an .erify each other3s i entity

    2se pub"ic 'eys to estab"ish a share secret

    &an sha'e !rotoco" (4)


    -"ient5he""o# .ersion/ ran o0/ session i / cipher suite/ co0pression 0etho Ser.er5he""o# .ersion/ ran o0/ session i / cipher suite/ co0pression 0etho
    Client
    Client_hello Server_hello

    Server

    &an sha'e !rotoco" (6)


    -ertificate# 7(89: certificate chain Ser.er5'ey5e*change# para0eters/ signature -ertificate5re;uest# type/ authorities Ser.er5he""o5 one# nu""
    Client
    Client_hello Server_hello C ertificate change Server_key_ex quest Certificate_re one Server_hello_d

    Server

    &an sha'e !rotoco" (<)


    -ertificate# 7(89: certificate chain -"ient5'ey5e*change# para0eters/ signature -ertificate5.erify# signature
    Client
    Client_hello Server_hello C ertificate change Server_key_ex quest Certificate_re one Server_hello_d Certificate

    Server

    Client_key_e xchange Certificate_ve rify

    &an sha'e !rotoco" (=)


    -hange5cipher5spec# a sing"e 0essage/ ,hich consists of a sing"e byte ,ith .a"ue 4( >inishe # hash .a"ue
    Client
    Client_hello Se rver_hello Certificate xchange Se rver_k ey_e equest Certifica te _r done Server_hello_ Certificate C lient_key_ex change Certifica te_ve rify Change_ciphe r_ spec Finished er_sp Change_ciph Finished ec

    Server

    SSL +ncryption
    $aster secret
    1 Generate by both parties fro0 pre0aster secret an ran o0 .a"ues generate by both c"ient an ser.er

    ?ey 0ateria"
    1 Generate fro0 the 0aster secret an share ran o0 .a"ues

    +ncryption 'eys
    1 +*tracte fro0 the 'ey 0ateria"

    SSL Recor !rotoco"

    Content Ma'or type version

    Minor (engt version h

    Data (optionally compressed)

    M C (!"#$" or %! &ytes)

    A"erts an -"osure
    A"ert the other si e of e*ceptions
    1 1 1 1 1 1 2ne*pecte 0essage @a recor 0ac &an sha'e fai"ure )""ega" para0eter @a certificate A

    6 "e.e"s
    1 Warning 1 fata"

    Anda mungkin juga menyukai