Ssl/tls/wtls principle (the figurative analogy of key negotiation: Use the server's public key to negotiate the encryption format, and then encrypt the specific message) good

A preface

The first thing to clarify is the confusion of names:
1 SSL (Secure Socket Layer) is a secure transport protocol designed primarily for the web by Netscape Corporation. This kind of protocol has been widely used on the web.
The 2 IETF (www.ietf.org) standardizes SSL, RFC2246, which is called TLS (Transport Layer Security), and technically, the difference between TLS1.0 and SSL3.0 is very small. Since this article does not deal with the small differences between the two, the two names in this article are equivalent.
3 in the WAP environment, because the mobile phone and handheld device processing and storage capacity is limited, WAP forum (www.wapforum.org) on the basis of TLS did ... S protocol (Wireless Transport Layer Security) to accommodate the wireless special environment.

We learned from a variety of articles that SSL can be used for confidential transmissions, so that the messages we transfer to and from the Web server are "safe."
How does this "security" actually come about and how much secrecy can ultimately be achieved? This article hopes to use the popular language to clarify its realization principle.


Overview of the two overall structure


If you use the SSL protocol to access a webpage, the steps are as follows:
User: Enter https://www.sslserver.com in the address bar of the browser
HTTP layer: Translates user requirements into HTTP requests, such as
Get/index.htm http/1.1
Host http://www.sslserver.com

SSL layer: Negotiates a cryptographic key with the channel security of the underlying protocol and encrypts the HTTP request with this key.
TCP layer: Establishes a connection to port 443 of the Web server,pass the data after SSL processing.

The receiver side is the opposite of this process.

SSL establishes an encrypted channel on top of TCP, and the data through this layer is encrypted, thus achieving a confidential effect.

The SSL protocol is divided into two parts: handshake Protocol and record Protocol. Where handshake protocol is used to negotiate the key, the majority of the protocol is how the two sides of the communication use it to negotiate a secret key securely. The Record protocol defines the format of the transfer.


Three basic knowledge of encryption required
Understanding the concept of SSL requires a little bit of encryption, here the need to do a brief description of the concept:

Encryption is generally divided into three categories, symmetric encryption, asymmetric encryption and one-way hash functions.

Symmetric encryption: Sub-group password and serial password.
The block cipher is to group the plaintext in a certain length, and the plaintext group is encrypted, and the cipher group is decrypted.
(Inverse of cryptographic operations), reverted to clear text groups.
Sequence cipher refers to the use of a small number of keys (chaotic elements) through a complex operation (cryptographic algorithm) to generate a large number of pseudo-random bit streams, for the encryption of the plaintext bit stream.
Decryption refers to using the same key and cipher algorithms and the same pseudo-random bit stream as the encryption to restore the plaintext bit stream.

The word CBC (Cipher Block Chaining) pattern is often used in block ciphers, which refers to a plaintext grouping that is to be separated from the previous cipher before being encrypted. When the encryption algorithm is used in this mode, in addition to the key, you also need to negotiate an initialization vector (iv), this IV has no practical significance, but only in the first calculation of the need to use it. With this model, security can be increased.

A typical example of a block cipher is Des,rc5,idea.
A typical example of a sequence cipher is RC4.

Public Key cryptography:
Simply put, the encryption key differs from the decryption key by splitting the private key and the public key. This approach is mostly used for key exchange, and RSA is a familiar example.
There is also a common known as DH, which can only be used for key exchange and cannot be used for encryption.

One-way hash function:
Due to the interference of the channel itself and man-made destruction, the information received may be different from the original message, a common way is to add a check code.
A one-way hash function can be used for this purpose, a typical example of which is the MD5 we know, which produces a 128-bit digest, and in reality more of a secure hashing algorithm (SHA), a problem with the earlier version of Sha, currently using SHA-1, which can produce a 160-bit digest, This makes it more effective against brute-force attacks than 128-bit hashes.

Since the one-way hashing algorithm is public, others can change the original text before generating another digest. The solution to this problem can be achieved by HMAC (RFC 2104), which contains a key that can be identified only by people with the same key.


Four key negotiation process

Because of the slow speed of symmetric encryption, it is generally used for key exchange, the two sides through the public key algorithm to negotiate a copy of the key, and then through the symmetric encryption to communicate, of course, in order to ensure the integrity of the data, before the encryption before the processing of the HMAC.


SSL defaults to server-side authentication only, and client authentication is optional. The following is its flowchart (excerpted from the TLS protocol).


Client Server

Clienth*llo-------->
Serverh*llo
certificate*
serverkeyexchange*
certificaterequest*
<--------Serverh*llodone
certificate*
Clientkeyexchange
certificateverify*
[Changecipherspec]
Finished-------->
[Changecipherspec]
<--------finished
Application Data <-------> Application Data

Simply put: SSL client (also TCP client) after the TCP link is established, issue a clienth*llo toinitiate the handshake, which contains a list of the algorithms that can be implemented and other required messages, the server side of SSL responds to a Serverh*llo, which identifies the algorithm needed for this communication, and then sends out its own certificate(it contains the identity and its own public key). When the client receives this message, it generates a secret message that is encrypted with the SSL server's public key and passed in after the SSL server is decrypted with its own private key, and the session key negotiation succeeds, and the two parties can communicate with the same session key.


The figurative analogy of five key negotiation

If the above description is not clear enough, here we use an image analogy, we assume that A and B communication, A is the SSL client, B is the SSL server side, the encrypted message is placed in square brackets [], to highlight the difference between the plaintext message. The description of the handling action of both parties is enclosed in parentheses ().

A: I want to talk to you safely.my symmetric encryption algorithm here has DES,RC5, the key exchange algorithm has RSA and DH, the digest algorithm has MD5 and SHA (three groups of encryption methods are all, please select the server).

B: We'll use the Des-rsa-sha to set it up.(the server is selected)
This is my certificate, which has my name and public key, you take to verify my identity (send the certificate to a).(send server certificate and public key)
There is nothing else to say at the moment.

A: (check that the name of B on the certificate is correct, and verify the authenticity of B's certificate through the certificate of the CA that is already in hand, if one of the errors, issue a warning and disconnect, this step ensures the authenticity of B's public key)(Verify the identity of the server, and then accept the encryption required by the server and notify the server with Public key encryption)
(generates a secret message that is treated as an encryption key, encrypting the initialization vector and the HMAC key.) This secret message-the protocol, known as per_master_secret-, is encrypted with the public key of B, encapsulated in a message called Clientkeyexchange. Due to the use of B's public key to ensure that third parties cannot eavesdrop)
I generated a secret message and encrypted it with your public key and gave it to you (send Clientkeyexchange to B)
Note that I'm going to send you a message in an encrypted way!
(Process secret messages, generate encryption keys, encrypt initialization vectors, and keys for HMAC)
[I'm done.]

B: (Use your own private key to decrypt the secret message in Clientkeyexchange, and then process the secret message, generate the encryption key, encrypt the initialization vector and the HMAC key, the two sides have negotiated a set of encryption method safely)(the server confirms how the client is encrypted)
Note that I will also start to send you a message in an encrypted way!
[I'm done.]

A: [My secret is ...](really start a conversation, and all of it is passed with the information encrypted by the public key)

B: [Others won't hear ...]


Calculation of six encryption
The key negotiation was discussed in the previous step, but it has not yet been clarified how to encrypt the message using the encryption key, encrypting the initialization vector and the HMAC key.
In fact, the process is so:
1 with the HMAC key, the plaintext message is treated as a safe digest and then put together with the plaintext.
2 Encrypt the initialization vector to encrypt the message above with the encryption key.


Seven security
Securityportal at the end of 2000, an article "The end of SSL and SSH" aroused a lot of discussion,
There are also some mature tools such as Dsniff (http://www.monkey.org/~dugsong/dsniff/) that can
Intercept HTTPS messages with the man in the middle attack.

From the above principle, the structure of SSL is rigorous, the problem is generally in the application of the actual not rigorous. A common attack is
Middle in the middle attack, which refers to a and B communication at the same time, there is a third party C in the middle of the channel, can be fully
Hear messages that communicate with a and B, and intercept, replace, and add these messages.

1 SSL can allow a variety of key exchange algorithms, and some algorithms, such as DH, do not have the concept of a certificate, so that a can not verify the public key of B
And the authenticity of identity, so that C can easily impersonate, with their own key to communicate with both sides, so as to eavesdrop on the content of other people talking.
To prevent middle in the middle attack, a certificate-based key exchange algorithm should be used.
2 with the certificate, if C replaced the original certificate with its own certificate, A's browser will pop up a warning box to warn, but how many people will notice this warning?
3 Because of the U.S. password export restrictions, Ie,netscape and other browsers support the encryption strength is very weak, if only using the browser's own encryption function, theoretically there is the possibility of being cracked.


Eight agents
Here's a look at how SSL proxies work (see [6]). This may not be the same as what you started thinking:)
When the proxy for HTTPS is set in the browser, and after Https://www.example.com is entered in the browser,
The browser establishes a TCP link with proxy and then sends the

Http://www.cnblogs.com/qiubole/archive/2007/12/07/986822.html

Ssl/tls/wtls principle (the figurative analogy of key negotiation: Use the server's public key to negotiate the encryption format, and then encrypt the specific message) good