PSI

Secure Socket Layer SSLv2, SSLv3, TSLv1

ˇ Colakov Todor KIV / PSI

ˇ 1. kvetna 2005

Úvod Secure Socket Layer

• Cíl • vytvoˇrení bezpeˇcného spojení • Puvod ˚ • firma Netscape • Verze • SSL 2.0 • SSL 3.0 - opravuje mnoho chyb SSL 2.0 • TSL 1.0 - velmi podobná SSL3.0

Úvod Secure Socket Layer

• SSL 2.0 packet LENGTH + 8000h

TYPE VERSION

DATA

• SSL 3.0 a TSL 1.0 packet TYPE VERSION

LENGTH

DATA

Popis vrstev Secure Socket Layer

Application SSL handshake protocol

SSL record layer

TCP / IP

• Record protocol • Šifruje/Dešifruje data • Transparetní pro vyšší vrstvy • Handshake protokol • Vytvoˇrení bezpeˇcného spojení • Alert protokol • Ohlašuje chybu • Change cipher spec

protokol • Oznamuje zmenu ˇ

kódování



SSL record layer

TCP / IP



kódování



SSL record layer

TCP / IP



kódování



SSL record layer

TCP / IP



kódování

Record protocol Secure Socket Layer

• Rozdelí ˇ data na segmenty • Zkomprimuje • Pˇridá hashfunkci + v pˇrípadeˇ potˇreby padding • Zašifruje • Pˇridá hlaviˇcku

Handshake protocol Secure Socket Layer

Client

Server

Client Hello

-

• • 0040 0050 0060 0070 0080 0090 00A0

.. 01 00 33 00 00 6A

.. 00 39 00 00 60 73

80 80 00 00 65 00 6D

67 00 00 32 00 00 EB

01 00 38 00 00 15 EA

03 05 00 00 64 00 EB

00 00 00 2F 00 00 77

00 00 35 00 00 12 8D

4E 0A 00 00 63 00 3F

00 03 00 66 00 00 D1

00 00 16 08 00 09 5C

00 80 00 00 62 EF

10 07 00 80 00 56

00 00 13 06 00 D7

00 C0 00 00 61 E7

04 00 00 40 00 9C

• • • • • •

Length: 103 Handshake Message Type: Client Hello (1) Version: SSL 3.0 (0x0300) Cipher Spec Length: 78 Session ID Length: 0 Challenge Length: 16 Cipher Specs (26 specs) Challenge


Server Hello Certificate ServerKeyExchange CertificateRequest ServerHelloDone

Client

0040 0050 0060 0070 0080 0090

.. 8A 43 0D C3 00

.. E3 4A FE 17

16 B8 3B E9 FE

03 86 78 0A 55

00 7F F6 A5 C4

00 A4 E7 DD CC

4A D6 E7 1B 35

02 8E 5E 76 7A

00 29 90 E4 A6

00 37 69 8F 1B

46 67 1D 66 14

03 B3 F3 23 E1

00 92 F6 73 82

42 00 20 A4 69

51 04 EF 76 00

Server

15 4C E8 3A 04

• • • • • • • • • • •

Content Type: Handshake (22) Version: SSL 3.0 (0x0300) Length: 74 Handshake Type: Server Hello (2) Length: 70 Random.gmtunixtime: Random.bytes Session ID Length: 32 Session ID (32 bytes) TLS_RSA_WITH_RC4_128_MD5 Compression Method: null (0)


Client

0090 00A0 00B0 00C0 00D0 00E0 00F0 0100 0110 0120 0130 0140 0150 0160 ...

.. 30 86 30 0C 0F 31 3B 2D 6F 65 30 35 0B

16 82 30 7A 30 06 0B 06 43 6E 73 33 30 30

03 04 0D 31 0A 03 30 03 49 20 74 30 39 09

ServerHello Certificate ServerKeyExchange CertificateRequest ServerHelloDone 00 96 06 0B 06 55 09 55 56 41 20 39 31 06

04 30 09 30 03 04 06 04 20 75 43 31 30 03

A4 82 2A 09 55 0B 03 03 43 74 6C 30 31 55

0B 02 86 06 04 13 55 13 65 68 61 31 36 04

00 7E 48 03 0A 08 04 34 72 6F 73 36 32 06

04 A0 86 55 13 53 0B 52 74 72 73 32 37 13

A0 03 F7 04 03 65 13 6F 69 69 20 37 35 02

00 02 0D 06 7A 72 02 6F 66 74 43 35 33 43

04 01 01 13 63 76 43 74 69 79 41 33 5A 5A

9D 02 01 02 75 69 41 20 63 20 30 5A 30 31

Server

00 02 05 63 31 63 31 5A 61 2D 1E 17 81 17

04 02 05 7A 11 65 3D 43 74 20 17 0D A1 30

9A 00 00 31 30 73 30 55 69 54 0D 30 31 15

................ 0...0.. ........ .0...*.H........ 0z1.0...U....cz1 .0...U....zcu1.0 ...U....Services 1.0...U....CA1=0 ;..U...4Root ZCU -CIV Certificati on Authority - T est Class CA0... 030910162753Z..0 50910162753Z0..1 .0...U....CZ1.0.


Client

ServerHello Certificate ServerKeyExchange CertificateRequest ServerHelloDone

0530 .. .. .. .. .. .. .. .. .. .. 16 03 00 00 04 0E 0540 00 00 00

Server

• • • • • •

Content Type: Handshake (22) Version: SSL 3.0 (0x0300) Length: 4 Handshake Protocol: Server Hello Done Handshake Type: Server Hello Done (14) Length: 0


Certificate ClientKeyExchange Server CertificateVerify [ChangeCipherSpec] Finished

Client

0040 0050 0060 0070 0080 0090 00A0 00B0 00C0

.. 77 32 22 CC 74 E9 1C 45

.. 2F F0 27 5E 6B 03 D4 BF

16 F9 55 43 B2 D8 28 35 8F

03 BA 39 FD 02 F5 2E 97 5D

00 D3 6E BC B6 AC 8B 25 57

00 A6 2F 52 D4 18 42 92 CB

84 A7 18 FF 2B EC 7C 55 27

10 18 28 7F 6B D6 ED 71 EB

00 8B 2E 51 89 8B 97 1E E7

00 92 E4 D7 F4 E7 57 1F FE

80 95 D9 79 D7 2B 48 59 45

0D F6 9B DA 21 E8 73 DF

A9 B0 03 5F FE 66 37 04

91 0C B5 23 E3 8E A1 A3

62 9F B5 6E AF 52 D1 D4

D1 EC 8C BA C0 C7 F5 EB

• • • • • •

Content Type: Handshake (22) Version: SSL 3.0 (0x0300) Length: 132 Handshake Protocol: Client Key Exchange Handshake Type: Client Key Exchange (16) Length: 128


Client

Certificate ClientKeyExchange Server CertificateVerify [ChangeCipherSpec] Finished •

00C0 .. .. .. .. .. .. .. .. .. .. .. 14 03 00 00 01 00D0 01

• • •

Content Type: Change Cipher Spec (20) Version: SSL 3.0 (0x0300) Length: 1 Change Cipher Spec Message


Certificate ClientKeyExchange CertificateVerify [ChangeCipherSpec] Finished

Client

00D0 00E0 00F0 0100

.. 1B E2 F7

16 D0 E9 5A

03 B8 14 17

00 75 60 01

00 56 2F 7E

38 C7 7E C4

1D ED D2 44

28 73 A2 C4

3C CB E1 A6

0D 55 D3 75

78 13 1B 69

B0 C9 53 58

E4 9D 5C 29

28 33 32 92 4A 2E FF 4F 9E 71

Server -

• • • •

Content Type: Handshake (22) Version: SSL 3.0 (0x0300) Length: 56 Handshake Protocol: Encrypted Handshake Message


Client

[ChangeCipherSpec] Finished

0040 0050 0060 0070 0080 0090 00A0 00B0 00C0 00D0 00E0 00F0 0100

.. 15 E9 9C BA AC 24 EB AE CF 87 10 49

.. C9 41 64 E4 9E 50 19 E0 89 3B EC 7D

17 D8 87 57 DC AB 8F 48 81 F3 AF 3A 72

03 E6 DD 35 CA F6 8C 8C E9 4A 4A FC 52

00 40 8E 95 44 31 C3 05 01 84 6A AA 66

Server -

Application data 01 D4 D0 B2 17 18 8F EB 6E E5 5C 2C 30

8D 30 18 7B 9B 04 D6 D5 50 C8 86 EC 9C

A2 A8 47 4D 1E EB 5F 5D C2 42 B7 99 57

1D 48 E4 8C 64 05 8C 8C BB 15 48 33 71

E5 19 66 E4 53 83 A4 9A FA 74 E3 37 99

3D 7E 77 17 0A 90 47 2C F3 91 88 CA B3

6B 30 98 49 B9 F8 C8 FB 20 BB D8 8F 9F

AF EF 2C F6 86 8E B5 21 67 AE 61 8D B4

E1 69 71 69 E4 BC 4D 69 31 02 58 6F 23

C3 6E 1B B0 F2 10 50 4A 8D DD 6C 84 D1

CD 37 7B 30 70 AB B6 D2 88 DD A3 80 B3

• • • •

Content Type: Application Data (23) Version: SSL 3.0 (0x0300) Length: 397 Application Data

Alert protocol Secure Socket Layer

• Zajišt’uje pˇredání chyby druhé straneˇ • Zpráva obsahuje závažnost chyby a její popis • Závažnost má 2 úrovneˇ • warning • fatal

Pˇríklad: Clientem odmítnutý certifikát 147.228.67.106 147.228.57.30 SSLv2 Client Hello 147.228.57.30 147.228.67.106 SSLv3 Server Hello, Certificate, Server Key Exchange, [Unreassembled Packet] 147.228.57.30 147.228.67.106 SSLv3 Continuation Data, [Unreassembled Packet] 147.228.67.106 147.228.57.30 SSLv3 Alert (Level: Fatal, Description: Certificate Unknown)

Change cipher specification protocol Secure Socket Layer

• Oznamuje zmenu ˇ kódování • 00C0 .. .. .. .. .. .. .. .. .. .. .. 14 03 00 00 01 00D0 01

• • •

Content Type: Change Cipher Spec (20) Version: SSL 3.0 (0x0300) Length: 1 Change Cipher Spec Message

Útoky Secure Socket Layer

• Man in the middle • Slovíkové útoky • Útok na handshake • Obnovení session • Vynucení SSL2 • Zmena ˇ úrovneˇ zabezpeˇcení • ...

Prameny Secure Socket Layer

• SSLv3 RFC • TTLv1 RFC 2246 • www.svetsiti.cz • Ethereal

PSI

Recommend Documents