Article Directory
HTTPS
HTTPS is also an application layer protocol , which introduces an encryption layer (SSL) based on the HTTP protocol. The content of the HTTP protocol is transmitted
in plain text , which leads to some cases of tampering during the transmission.
This leads to the notorious carrier hijacking .
What is carrier hijacking
For example, I want to download a software now. If it is not hijacked, click the download button, and the download link of this software will pop up.
But if you encounter operator hijacking, click the download button at this time, and a download link for other software will pop up.
Since any data packets we transmit through the network will pass through the operator's network equipment (routers, switches, etc.),
then the operator's network equipment can parse out the content of the data you transmit and tamper with it.
Clicking the "Download button" actually sends an HTTP request to the server, and the obtained HTTP response actually contains the download link of the APP.
After the operator hijacks, it finds that the request is to download the app, so it automatically changes the response to the user to the download address of other software.
This is mainly due to the hijacking by the operator caused by ¥ .
How to fix nasty carrier hijacking?
The answer is encryption . HTTPS is encrypted on the basis of HTTP to further ensure the security of user information~
what is encryption
Encryption is to perform a series of transformations on plaintext (information to be transmitted) to generate ciphertext .
Decryption is to perform a series of transformations on the ciphertext and restore it to plaintext .
In a movie "Knives Out", there is such a scene where the father informs his daughter that her husband is cheating on her through ciphertext.
Originally there was nothing on a piece of paper, but handwriting appeared as soon as it was baked with a lighter.
The meaning of the father's original intention was to tell his daughter that her husband had cheated, but the encrypted message was that there was nothing left on this piece of paper.
The handwriting is revealed through the form of fire, where the fire source is the key , making the handwriting disappear is encryption , and the presentation is decryption .
How HTTPS works
In the network transmission, the plaintext is no longer directly transmitted, but the "ciphertext" after encryption.
There are many encryption methods, but the whole can be divided into two categories: symmetric encryption and asymmetric encryption .
1 Symmetric encryption
When performing secure transmission, the core is encryption, and symmetric encryption is the simplest and most effective method.
Symmetric encryption is encrypted by a key, and of course it can be decrypted by this key.
For example, a (plaintext) + key (key) => b (ciphertext) , b (ciphertext) + key (key) => a (plaintext)
key components can be considered as a string of numbers or a String string, in the process of encryption, a series of mathematical transformations are performed on the plaintext and the string,
the simplest of which is ^ (bitwise XOR)
In order to ensure its security during the encryption process, it must not be known by hackers.
Since the hacker does not know what the key is, even if the data is intercepted, they cannot know what it means.
Is the key generated by the client or by the server?
Since a server corresponds to many clients, these clients should have different keys.
Suppose the client generates a key. At this time, the client needs to inform the server of the key. At this time, the client needs to The key is sent to the server.
It should be noted that since the key is just generated at this time and the server does not know it yet, the transmission to the server here can only be transmitted in plain text .
The key transmitted at this time may be intercepted by hackers.
The question we have to consider at this time is how to securely transmit the key to the server, and of course it must be encrypted .
This is where asymmetric .
2 Asymmetric encryption
First, a and divided into public key and private key .
Plaintext + public key => ciphertext
Ciphertext + private key => plaintext
In other words, using the public key is encryption, and using the private key is decryption, or vice versa.
The server generates a pair of public and private keys, the client holds the public key, and the server holds the private key.
At this time, the client's public key is obtained from the server. Although the hacker can know the public key, he does not know the private key, because only the server knows the private key.
At this time, the client uses the public key to encrypt the symmetric key and transmits it to the server. At this time, the server can decrypt it with its own private key, and the symmetric
key can be obtained after decryption.
At this point, the client server can use this symmetric key for subsequent transmissions.
It should be noted that the client does not need a private key , because asymmetric encryption is only used to encrypt the symmetric key to be transmitted .
Once the symmetric key successfully reaches the server, subsequent transmissions will be encrypted using symmetric encryption. .
It is not possible to use all asymmetric encryption, because the speed of asymmetric encryption is relatively slow, and
the speed should be increased as much as possible under the premise of ensuring security.
3 Man-in-the-middle attack
Since the server can send the public key to the client, can hackers imitate the server and send their own public key to the client?
When it is possible, this is actually a man-in-the-middle attack
If the client receives the public key sent by the hacker, then the client will send the encrypted key to the hacker at this time.
As an example.
Zhang San is an undercover agent of the anti-narcotics police, Li Si is a drug dealer, and there are two other drug dealers A and B.
A and B do not know each other, but both of them know Li Si, and Li Si exists as an intermediary.
Li Si first brought Zhang San to meet A, and Zhang San played B at this time; then Li Si brought Zhang San to meet B again, and Zhang San played A at this time.
At this time, when AB and AB met upside down, the details had already been known by the police, and they could catch them all at once.
3.1 Preventing man-in-the-middle attacks
The key to solving man-in-the-middle attacks is to enable the client to distinguish whether the current public key is the public key of the server.
At this point, a "certificate" can be introduced, which is essentially a third-party certification authority .
At the beginning of the establishment of the server (website), it is necessary to apply for a certificate (provide some qualifications) from a special certification body.
After passing the review, a certificate will be issued, and the public key generated by the server will be included in this certificate.
At this time, when the client requests the public key from the server, it no longer simply requests a public key, but requests the entire certificate.
After the client gets the certificate, it can verify the certificate to verify whether the certificate at this time is fake or tampered with.
If the certificate is found to be invalid, the browser will directly pop up a warning box.
After the client gets the certificate, it can verify the certificate. There will be a specific field on the certificate , which is called the signature of the certificate .
Just like asking a teacher for leave requires the teacher's signature, the school guard will check to see if the signature is written by the teacher.
If the field 1 of a certificate is abc , the field 2 is cde , the field 3 is gdj , and the public key is 0xaabbccdd...
the certificate also has a signature : sdbdsbcskdbskaskc.
The signature here is actually an encrypted string, which can be decrypted by the client using the public key provided by the certification authority.
After decryption, the obtained result is equivalent to a hash value. Similar to the checksum in tcp udp, this is the result calculated based on the sum of other fields in the certificate.
The client can use the same hash algorithm to calculate the hash value again for other fields to get a hash2, and
see what the two values of hash1 (solved from the signature) and hash2 (calculated by the client) are Not the same,
if they are the same, the certificate is valid, if not, the certificate has been tampered with.
The certification authority also has a set of public and private keys, the private key is used to encrypt the hash value to obtain the signature, and the public key is used by the client to decrypt the signature to obtain the hash value.
Hackers cannot tamper with the certificate by themselves, such as changing the public key.
Because once the public key is changed, it means that the hash2 value calculated by the client and the hash1 value decrypted by the signature will not match, and the
client will know that it is invalid.
In addition, the hacker does not know the private key of the certification authority. Even if the hacker calculates a new tampered hash value,
he cannot encrypt and generate a signature.
