Read "Schematic http" Summary--seventh chapter

Securing Web-Safe HTTPS

In the HTTP protocol, there may be information eavesdropping or identity spoofing issues. The use of HTTPS communication mechanism can effectively prevent such problems. This article focuses on the next HTTPS

7.1 Disadvantages of HTTP

So far, we have learned that HTTP has a very good and convenient side, but HTTP is not only a good side, things have two sides, HTTP also has shortcomings. The main deficiencies are listed below:

• Communication using plaintext (unencrypted), content may be tapped;

• does not verify the identity of the communication party, so it is possible to encounter camouflage;

• Cannot prove the integrity of the message, so it may have been tampered with

These problems occur not only on HTTP, but also in other unencrypted protocols. In addition, HTTP itself has many drawbacks. Also, there are weaknesses in real-world applications such as certain Web servers and specific Web browsers (which can also be described as vulnerabilities or security breaches), and Web applications developed in programming languages such as Java and PHP may also have security vulnerabilities.

7.1.1 communication using plaintext may be bugged

Because HTTP itself does not have encryption, it cannot encrypt the overall communication (the content of requests and responses that use HTTP protocol communication). That is, HTTP messages are sent using plaintext (referred to as unencrypted messages).

• TCP/IP is a network that can be tapped

If you want to ask why communication is not encrypted is a disadvantage, because, according to the TCP/IP protocol cluster Working mechanism, communication content on all communication lines are likely to be peep. The so-called Internet is made up of networks that can connect to the world. No matter which corner of the world server and client communication, in this communication line, some network equipment, optical cable, computer, etc. can not be personal private, so do not rule out a link will be malicious peep behavior.

Even if the communication has been encrypted, it will be peered into the communication, which is the same as unencrypted communication. Just saying that if the communication is encrypted, it is possible for others to be unable to decipher the meaning of the message, but the encrypted processed message itself will be seen.

Eavesdropping on the same segment of communication is not difficult. Just collect the packets (frames) that flow over the Internet, and for the parsing of the collected packets, you can hand them over to the capture (Packet Capture) or sniffer (Sniffer) tools. PS: Widely used grab kit Wireshark (http://www.wireshark.org/), can get the content of HTTP protocol request and response, and parse.

• cryptographic processing prevents eavesdropping

At present, we are studying how to prevent eavesdropping protection information of several countermeasures, the most popular is the encryption technology. According to the object of encryption, it is divided into the encryption of communication and the encryption of content.

1. 1. Encryption of communications
      

One way is to encrypt the communication. There is no encryption mechanism in the HTTP protocol, but it can be used in combination with SSL (Secure Socket Layer) or TLS (Transport layer Security, Secure Transport layer protocol) to encrypt the communication content of HTTP. Once a secure communication line is established with SSL, HTTP communication can be made on this line. HTTP used in combination with SSL is called HTTPS (HTTP secure, Hypertext Transport Security Protocol)

650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/89/9A/wKiom1gYAPfSRfBSAABv6p2e86U200.png "title=" 07-01. PNG "alt=" Wkiom1gyapfsrfbsaabv6p2e86u200.png "/>

1. Encryption of Content  

There is also a way to encrypt the content that participates in the communication itself. Because there is no encryption mechanism in the HTTP protocol, the content transmitted by the HTTP protocol is inherently encrypted. That is, the content contained in the HTTP message is encrypted. In this case, the client needs to encrypt the HTTP message after the request is sent. Of course, in order to achieve effective content encryption, the premise is to require the client and server colleagues have encryption and decryption mechanism. The main application is in the Web service. It is important to note that the content is still at risk of being tampered with because it differs from SSL or TLS in encrypting the entire communication line.

7.1.2 may encounter a disguise without verifying the identity of the communicating party

Requests and responses in the HTTP protocol do not acknowledge the communication party. This means that there is a "server is a host that the URI really specifies in the sending request, whether the returned response really returns to the client that actually made the request", and so on.

• Anyone can initiate a request

When communicating with the HTTP protocol, anyone can initiate a request because there is no processing step to confirm the communication party. In addition, the server will return a response whenever it receives a request, regardless of whether the other person is or not, but only if the sender's IP address and port number are not restricted access by the Web server. The implementation of the HTTP protocol itself is very simple, no matter who sends the request will return the response, so there is no confirmation that the communication will have the following kinds of hidden dangers.

1. 1. It is not possible to determine whether the Web server that sent the request to the destination is the one that returned the response in real intention. It is possible that a Web server has been spoofed.

   2. Unable to determine whether the response returned to the ethical client is the client that received the response by its true intent. It is possible that the client has been spoofed.

   3. There is no way to determine whether the other person communicating has access rights. Because some Web servers hold important information, only the permissions that are sent to specific users for communication.

   4. Unable to determine where the request came from and by whom

   5. Even meaningless requests are accepted as a single order. Unable to block Dos attacks under massive requests. (Denial of Service)

• Identify the opponent's certificate

Although it is not possible to determine the communication party using the HTTP protocol, it is possible to use SSL. SSL not only provides cryptographic processing, but also uses a means known as a certificate that can be used to determine the party. Certificates are issued by trusted third-party organizations to prove that the server and client are actually present. In addition, it is technically difficult to forge a certificate. So as long as the communication party (server or client) can be confirmed to hold the certificate, you can judge the true intentions of the communication party.

By using a certificate to prove that the communication party is the expected server. This also reduces the risk of personal information disclosure to the user personally. In addition, the client holds the certificate to complete the identification of the individual, but also for the Web site Certification link.

7.1.3 cannot prove message integrity, may have been tampered with

The so-called completeness refers to the accuracy of information. Failure to prove its integrity often means that it is impossible to determine whether the information is accurate.

• The content received may be incorrect

Because the HTTP protocol cannot prove the message integrity of the communication, there is no way to know if the content of the request or response has been tampered with since the request or response was sent out until the other party received it. In other words, there is no way to confirm that the request/response was made and the request/response received was the same. For example, downloading content from a Web site does not determine whether the files downloaded by the client and the files stored on the server are consistent. The contents of the file may have been tampered with for other content in transit. Even if the content is really changed, the client as the receiver is not aware of it. Like this, a request or response is called a man-in-the-middle attack (Man-in-the-middle Attrack, MITM) when the attacker intercepts and tamper with the content in transit.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/89/98/wKioL1gYAlOyA0pPAAA5ZQp-W9g143.png "title=" 07-02. PNG "alt=" Wkiol1gyaloya0ppaaa5zqp-w9g143.png "/>

• How to prevent tampering

Although there are methods for determining message integrity using the HTTP protocol, it is not convenient and reliable in fact. The method used to check hash values such as MD5 and SHA-1, and the digital signature method used to confirm the file. Web sites that provide file download services also provide the corresponding digital signatures created with PGP (Pretty good Privacy, perfect privacy) and the hash values generated by the MD5 algorithm. PGP is a digital signature used to justify the creation of a file, and MD5 is a hash value generated by a one-way function. Whichever method is used, the user who manipulates the client personally checks to verify that the downloaded file is the file on the original server. Browsers can not automatically help users to check, unfortunately, these methods are not 100% guarantee that the results are correct. Since PGP and MD5 itself are rewritten, there is no way for users to be aware of it.

To effectively prevent these drawbacks, it is necessary to use HTTPS. SSL provides authentication and encryption processing and summary functionality. It is very difficult to ensure integrity by HTTP alone, so this is achieved through a combination of other protocols.

7.2 HTTP + encryption + authentication + Integrity protection = HTTPS

7.2.1 HTTP plus encryption processing and authentication and integrity protection is HTTPS

If an unencrypted plaintext is used during the HTTP protocol communication, such as entering a credit card number in a Web page, the credit card number is exposed if the communication line is tapped. In addition, for HTTP, server or client, there is no way to confirm the communication party. Because it is very likely that communication is not actually communicated with the intended communicator, and it is also necessary to consider the possibility that the received message has been tampered with during the communication. In order to resolve the above problems uniformly, it is necessary to add encryption processing and authentication mechanisms on HTTP. We've added an encryption and authentication mechanism to HTTPS (HTTP Secure).

HTTPS communication is often used on the web landing page and on the shopping checkout page. When using HTTPS communication, do not use http://, but with https://. In addition, when a browser accesses a Web site that is valid for HTTPS communication, a locked tag appears in the address bar of the browser. The way HTTPS is displayed will vary depending on the browser.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/89/99/wKioL1gYCbvD-GrwAABK2SzvkB8928.png "title=" 07-03. PNG "alt=" Wkiol1gycbvd-grwaabk2szvkb8928.png "/>

7.2.2 HTTPS is an HTTP that wears an SSL shell

HTTPS is not a new protocol for the application layer. Just the HTTP communication interface part is replaced with the SSL (Secure Socket layer) and TLS (Transport layer Security) protocol. Usually HTTP communicates directly with TCP, and when SSL is used, it becomes a communication with SSL, which is then communicated by SSL and TCP. In short, the so-called HTTPS, is actually wearing the SSL protocol layer of the shell HTTP.

With SSL, HTTP has the encryption, certificate, and integrity of HTTPS to protect these features. SSL is an HTTP-independent protocol, so not only the HTTP protocol, but other protocols that run on the application layer, such as SMTP and Telnet, can be used in conjunction with the SSL protocol. It can be said that SSL is the most widely used network security technology in the world today.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M02/89/9B/wKiom1gYGZzRDVolAAAdArJ9FnQ817.png "title=" 07-04. PNG "alt=" Wkiom1gygzzrdvolaaadarj9fnq817.png "/>

7.2.3 secret key encryption technology of mutual exchange key

Before the SSL is explained, the following encryption method is introduced. SSL uses an encryption method called Public key encryption (public-key-crytography). The encryption algorithm in modern encryption method is public, and the secret key is secret. This way, the security of the encryption method can be maintained. The secret key is used for both encryption and decryption. A password cannot be decrypted without a secret key, and conversely, anyone who holds a secret key can decrypt it. If the secret key is obtained by the attacker, the encryption loses its meaning.

· the dilemma of shared secret key encryption

The way to encrypt and decrypt the same secret key is called shared secret key encryption (Common Keycrypto system), also known as symmetric secret key encryption. The secret key must also be sent to the other party when it is encrypted with a shared secret key. But how can it be safely transmitted? When a key is forwarded over the Internet, the secret key can fall into the attacker's hand if the communication is being monitored, and it loses the meaning of encryption. In addition, you have to try to safely keep the keys you receive.

· use public key encryption for two keys

Public key encryption is a good solution to the difficulty of sharing secret key encryption, public secret key encryption using a pair of asymmetric keys. One is called the private key, and the other is the public key. As the name implies, the private key cannot be known to anyone else, and the public key can be freely published and available to anyone.

Using the Public key encryption method, the party sending the cipher uses the other's public key for encryption processing, the other party receives the encrypted information, and then use their own private key to decrypt. This way, you do not need to send a decrypted private key, you do not have to worry about the secret key by the attacker eavesdropping and stolen away. Also want to according to ciphertext and public key, restore to the original information is very difficult, because the decryption process is to evaluate the discrete logarithm, this is not easy to do, step back, if a very large integer to achieve rapid factorization, then the password cracking still exist hope. But in terms of current technology is not very realistic.

· HTTPS uses a hybrid encryption mechanism

HTTPS uses a hybrid encryption mechanism with both shared secret key encryption and public secret key encryption. If the secret key can be exchanged securely, then it is possible to consider using only public key encryption to communicate. However, public key encryption is slower to handle than shared secret key encryption. Therefore, we should make full use of the advantages of both to combine various methods for communication. The secret key encryption method is used in the Exchange key link, and then the communication Exchange message is encrypted using the shared secret key.

7.2.4 Certificate proving the correctness of the public key

Unfortunately, there are still some problems with the public key encryption method. It is impossible to prove that the public key itself is a genuine public key. For example, when preparing a communication with a server for public key encryption, how to prove that the public key received is the public key that was originally intended to be issued by that server. Perhaps in the public key transmission, the real public key has been replaced by the attackers.

To address these issues, you can use a public key certificate issued by a digital certification authority (ca,certificate authority) and its relevant authorities. The digital certificate Authority handles the position of a trusted third-party organization on both client and server. VeriSign (VeriSign) is one of the most prestigious digital certification authorities. The business process of the digital certificate certification authority. First, the operator of the server to the digital certification authority to make a public key application. After ascertaining the identity of the applicant, the digital certificate Authority will digitally sign the public key that has been applied, then assign the signed public key and bind the public key after it is placed in the public key certificate. The server sends this public key certificate issued by the digital certificate authority to the client for public secret key encryption communication. A public key certificate can also be called a digital certificate or directly called a certificate.

The client receiving the certificate can use the public key of the digital certificate certification authority to verify the digital signature on that certificate, and once the verification is passed, the client can clear two things, one, the public key of the authentication server is a true and effective digital certificate certification authority. Second, the server's public key refers to the trust. The public key of the certification authority here must be securely forwarded to the client. When using communication methods, how to safely transfer is a difficult thing, so most browser developers release the version, in advance in the internal implantation of the common certification authority's public key.

A: EV SSL certificate to prove the authenticity of the Organization

One of the functions of a certificate is to prove whether the server as a communication party is standardized, and another function is to determine whether the enterprise behind the other server is real. The certificate that owns the feature is the EV SSL certificate (Extended Validation SSL Certificate). EV SSL certificates are certificates issued on the basis of international standards certification guidelines. It is a strict policy of confirming the authenticity of an operating organization, so that a certified web site can achieve a higher degree of recognition. The background color of the browser address bar of the Web site that holds the EV SSL certificate is green and can be visually identified. , and the name of the organization that issued the certificate is displayed on the left side of the address bar, as well as the name of the certification authority in the SSL certificate.

B: Client certificate used to confirm client

HTTPS can also use client certificates, client certificates for client authentication, that the server is communicating with the other party is always expected to the client, its role is the same as the server certificate. However, the client certificate still has several problems, one of which is the acquisition and publication of the certificate. When you want to obtain a certificate, users have to install the client certificate themselves. But because the client certificate is purchased for a fee, and each certificate corresponds to a tasty user, it means that there is a cost equivalent to the number of users. In addition, to allow different levels of users to install certificates, the matter itself is full of challenges, the status quo is a highly secure certification authority can issue client certificates but only for special-purpose business, such as those that can support the client certificate expense of the business.

Another problem with the client certificate is that the client certificate can only be used to prove that the client is actually present, and cannot be used to prove the user's true validity. This means that as long as the use of the computer with the client certificate installed, it will also mean that the client certificate is used.

C: The credibility of the certification body first

The reason why it is feasible to intervene in the SSL mechanism is because of the premise of establishing the credit absolute reliability. ps:2011 July The Netherlands, a certification body named DigiNotar was hacked by hackers, promulgated the google.com and twitter.com and other sites such as forgery certificate events. This incident fundamentally shook the credibility of SSL. Because a forged certificate has a formal certification authority's digital signature, the browser will determine that the certificate is justified. When a forged certificate is used as a server camouflage, the user simply cannot detect it. Although there is a certificate revocation list (Certificate revocation list,crl) mechanism that can invalidate the certificate, and a countermeasure to remove the root certification authority (root Certificate Authority, RCA) from the client. But it will take a while for the distance to take effect, and it is unclear how many users are going to suffer during this period.

D: A certificate issued by a free certification authority is called a self-signed certificate

If you use OpenSSL, this open source program, everyone can build a set of their own certification authority, thereby issuing their own server certificates. But the server certificate is not available as a certificate on the Internet and seems to be of little help. The independent building of the certification body is called self-certification body, by the self-certification body issued by the "useless" certificate is also dubbed as self-signed certificate. When the browser accesses the server, a warning message such as "Unable to confirm connection security" or "there is a problem with the site's security certificate" is displayed. A server certificate issued by a free certification authority does not work because it does not eliminate the possibility of spoofing. Self-certification institutions can produce the role at most, that is, their own external claims of this degree, the use of self-signed certificates, through SSL encryption may occasionally see the communication is in a safe state of the hint, but that is also problematic. Because even encrypted communication does not preclude being in communication with a fake server that has been disguised. Trusted third-party agencies are involved in certification to enable the public key issued by a certification authority that has been implanted in the browser to function and to prove the authenticity of the server.

E: The certificate of the intermediate Certification body may become a self-certification certificate

Most browsers pre-populate a trusted certification authority's certificate, but a small number of browsers are implanted with a certificate from an intermediate certification authority. For the server certificate issued by the Intermediate Certification authority, some browsers will be treated with a formal certificate, and the browser may be a self-signed certificate.

Secure communication mechanism for 7.2.5 HTTPS

The communication steps for HTTPS are as follows:

Step one: The client begins the SSL communication by sending a customer hello message. The message contains the specified version of SSL supported by the client, a list of cryptographic components (Ciphersuite), the encryption algorithm used and the key length, and so on.

Step two: When the server can make SSL communication, it responds with the server Hello message. As with the client, the SSL version and the cryptographic components are included in the message. The contents of the server's cryptographic components are filtered from within the received client cryptographic component.

Step three: After the server sends the certificate message. The message contains a certificate that exposes the secret key.

Step four: The last server sends the server Hello done message to notify the client that the initial phase of the SSL Handshake Negotiation Section ends.

Step five: After the SSL first handshake is finished, the client responds with the customer Key Exchange message. The message contains a random cipher string called Pre-master secret used in communication encryption. The message has been encrypted with the public key in step 3.

Step Six: The client then continues to send the change Cipher spec message. The message will prompt the server, and the communication after this message will be encrypted with the Pre-master secret secret key.

Step Seven: The client sends a finished message that contains the overall checksum value of all the messages that have been linked to date. Whether the handshake negotiation can be successful, the server can correctly decrypt the message as a criterion.

Step eight: The server also sends the change Cipher Spec message.

Step Nine: The server also sends finished messages

Step Ten: After the finished message exchange between the server and the client is complete, the SSL link is established. Of course, communication is protected by SSL. This is where the application layer protocol communication begins, sending an HTTP request.

Step 11: Apply the layer protocol communication, that is, send the HTTP response.

Step 12: Finally the client disconnects. When disconnecting, send a close_notify message. The diagram does some ellipsis, which then sends a TCP fin message to close the communication with TCP.

650) this.width=650; "Src=" Http://s5.51cto.com/wyfs02/M01/89/9F/wKiom1gYXt6hjMR7AACEbQuOisA363.png-wh_500x0-wm_3 -wmp_4-s_3721529606.png "title=" 08-03.png "alt=" Wkiom1gyxt6hjmr7aacebquoisa363.png-wh_50 "/>

In the above process, the application layer sends the data with a message digest called Mac. The Mac is able to check if the message has been tampered with, thus protecting the integrity of the message.

Here is a diagram of the entire process. The diagram illustrates the entire process of establishing HTTPS traffic from only the server-side public key Certificate (server certificate).

650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/89/9E/wKiom1gYUJSiSRTYAAH1p-t7OYw864.jpg-wh_500x0-wm_3 -wmp_4-s_2100645252.jpg "title=" 08-01.jpg "alt=" Wkiom1gyujsisrtyaah1p-t7oyw864.jpg-wh_50 "/>

• SSL and TLS

HTTPS uses both the SSL (Secure Socket layer) and the TLS (Transport layer Security) protocols. SSL technology was first pioneered by the browser developer Netscape Communications and developed prior to the SSL3.0 version. The current dominance has been transferred to the IETF (Internet Engineering Task force,internet Engineering Task Force). The IETF was based on SSL3.0 and later customized TLS1.0, TLS1.1, and TLS1.2. TLS is a protocol developed with SSL as its prototype. This protocol is sometimes uniformly called SSL. The current mainstream version is SSL3.0 and TLS1.0. Since the SSL1.0 protocol was found to be problematic at the beginning of the design, it was not actually put into use. SSL2.0 has also been found to have problems, so many browsers have directly abolished the protocol version.

• Is SSL slow?
  

HTTPS also has some problems, that is, when using SSL, it will slow down the processing speed. There are two kinds of slow SSL. One is the slow communication, and the other is the slow processing speed due to the heavy consumption of resources such as CPU and memory. The network load may be 2-100 times slower than using HTTP. In addition to TCP connections, sending HTTP requests & responses, SSL communication is also required. Therefore, the overall processing of traffic will inevitably increase. Another point is that SSL must be encrypted. Both the server and the client need to perform cryptographic and decryption operations. As a result, the server and client hardware resources are consumed more than HTTP, resulting in increased application.

There is no fundamental solution to the problem of slow speed, and we use the SSL accelerator (dedicated server) hardware to improve the problem. This hardware is dedicated to SSL communication hardware, and relative to the software, can improve the computing speed of several times SSL.                                                The SSL accelerator works only when SSL is processed, and the load is shared. 650) this.width=650; "src=" Http://s1.51cto.com/wyfs02/M00/89/9F/wKiom1gYVyyDIV8MAAMGKKpIm1s138.png "title=" 08-02. PNG "alt=" Wkiom1gyvyydiv8maamgkkpim1s138.png "/>

PS: Why not always use HTTPS

Since HTTPS is so safe and reliable, why don't all Web sites use HTTPS all the time? One reason is that encrypted communication consumes more CPU and memory resources than plain text communication. If each communication is encrypted and consumes a considerable amount of resources, the number of requests that can be processed is bound to decrease when you divide it into a single computer. Therefore, if the non-sensitive information uses HTTP communication, only sensitive data, such as personal information, can be used for HTTPS encrypted communication. In particular, whenever those Web sites with more traffic are encrypted, the load they bear is not to be underestimated. When encryption is processed, all content is not encrypted, but it is encrypted only when information is hidden to conserve resources.

                         ,         &NB Sp                          ,         &NB Sp                          ,         &NB Sp                          ,         &NB Sp                          ,         &NB Sp                          ,         &NB Sp                          ,         &NB Sp                                                            ,         &N bsp; 

Read "Schematic http" Summary--seventh chapter