Secure Sockets Layer - Jordan University of Science and 安全套接字层 -乔丹科技大学.ppt

Secure Sockets Layer _ - Jordan University of Science and 安全套接字层_ -乔丹科技大学
Agend
Definition
The idea
SSL components if you want to trust the guy who signed it
7
How It Works (Basic Protocol )
The browser negotiates a secure session using something like the following protocol:
1: A->B: hello
2: B->A: Hi, I'm Bob, bobs-certificate
3: A->B: prove it
4: B->A: Alice, This Is bob
{ digest[Alice, This Is Bob] } bobs-private-key
5: A->B: ok bob, here is a secret {secret} bobs-public-key
6: B->A: {some message}secret-key
8
How It Works
Step 1: your browser introduces itself to the secure server
Step 2: the server responds by sending back a message with the certificate included
Step 3: Your browser tells the secure site to prove its identity, that it really is who it says it is.
9
Supported key exchange methods
RSA based (SSL_RSA_with...)
the secret key (pre-master secret) is encrypted with the server’s public RSA key
the server’s public key is made available to the client during the exchange
fixed Diffie-Hellman (SSL_DH_RSA_with… or SSL_DH_DSS_with…)
the server has fix DH parameters contained in a certificate signed by a CA
the client may have fix DH parameters certified by a CA or it may send an unauthenticated one-time DH public value in the client_key_exchange message
ephemeral Diffie-Hellman (SSL_DHE_RSA_with… or SSL_DHE_DSS_with…)
both the server and the client generate one-time DH parameters
the server signs its DH parameters with its private RSA or DSS key
the client may authenticate itself (if requested by the server) by signing the hash of the handshake messages with its private RSA or DSS key
anonymous Diffie-Hellman
both the server and the client generate one-time DH parameters
they send their parameters to the peer without authentication
Fortezza
Fortezza proprietary key exchange scheme
15
Server certificate and key exchange messages
certificate
required for eve