About the author: A cloud computing network operation and maintenance personnel, sharing the technology and dry goods of network and operation and maintenance every day.
Motto: Keep your head down and hurry on your way, be respectful
Personal homepage: Homepage of Netdou
Table of contents
3.SSL protocol security analysis
4. The encryption and authentication algorithms that the SSL protocol relies on
1. Encryption algorithm and session key
6. Problems in the SSL protocol
foreword
Through the previous article, I have a certain understanding of the SSL handshake protocol and the SSL record protocol . Network Security - Transport Layer Security Protocol (2)
This chapter will continue to explain other protocols of SSL
1.SSL Key Change Protocol
The SSL key change protocol is used to notify all parties involved of changes in encryption policies. The SSL key change protocol consists only of a message encrypted and compressed using the current (not pending) encryption method (Cipher Spec). This message contains one byte whose value is 1.
The message of changing the Cipher Spee can be sent by the client or the server, informing the other party that subsequent records will be protected by the newly negotiated encryption method (Cipher Spee) and key.
2.SSL alarm protocol
A content type (Content Types) supported by the SSL record layer is an alarm type, and an alarm message includes an alarm level and a description of the alarm. The alarm message of the most serious level will immediately terminate the connection. In this case, other connections of this session can continue, but the session identifier becomes invalid to prevent this failed session from re-establishing a new connection. Like other messages, alert messages are encrypted and compressed using the algorithm specified by the current connection state.
turn off alarm
In order to avoid truncation attacks, the client and the server must share the information that the connection has been closed. Both parties in the communication can initiate a close alarm message. The two parties in the communication send a close alarm (Close_notify Alert), and any subsequent data will be discarded. When any party closes the connection in the writing state, it needs to send a close alert (Closc_notifyAlert). The other party responds by immediately closing the connection, discarding all pending write operations. When closing a connection in the read state, there is no need to wait for a response to the close alert.
false alarm
Error handling in the SSL handshake protocol is relatively straightforward. When an error is found, the discovering party will send a message to the other party. When transmitting or receiving serious error alarm messages, both parties in the connection terminate the connection immediately. Both the server and the client discard identifiers, keys, and secrets used by the wrong session.
The following error alarms are defined in SSL
unexpected_message:收到意外的消息,此报警属于严重错误报警,不应在正常的连接中被观察到。
bad_record_mac:当收到带有不正确的MAC记录时,将返回此报警。此报警属于严重错误报警。
decompression_failure:解压缩函数收到不合法的输入(如数据太长等),此报警属于严重错误报警。
handshake_failure:收到handshake_failure报警消息,表明发出者不能接受现有的选项所提供的安全参数集合,此报警属于严重错误报警。
no_certificate:当被要求给出证书面没有合法的证书时,将发出no_certificate 报警消息。
bad_certificate:当一证书被破坏或者证书中签名无法被正确认证时,发出此报警。
unsupported_certificate:证书类型不支持。
certificate_revoked:证书被签发者撤销。
certificate_expired:证书过期或失效。
certificate_unknown:未知因素导致的证书不可接受性。
illegal_parameter;握手消息中域值溢出或一致,此报警属于严重错误报警。3.SSL protocol security analysis
The security of the SSL protocol is guaranteed by the adopted encryption algorithm and authentication algorithm. Practice has proved that the existing encryption and authentication algorithms are safe and effective, but with the development of computer technology and information countermeasure technology, some new problems and challenges arise immediately.
It is particularly noteworthy that a recent study by a group of Chinese cryptographers represented by Wang Xiaoyun showed that MD5 and SHA-1 are not conflict-free, and they have found an algorithm that finds conflicts faster than brute force. These discoveries have prompted the industry to develop more secure hash algorithms, and at the same time put the development of the next generation of more secure SSL. protocol on the agenda.
4. The encryption and authentication algorithms that the SSL protocol relies on
1. Encryption algorithm and session key
The encryption algorithms supported by the SSL.v2.0 protocol and the SSL.v3.0 protocol include RC4, RC2, IDEA, and DES. The key used in the encryption algorithm is generated by the message hash function MD5. RC4 and RC2 are defined by RSA, where RC2 is suitable for block encryption and RC4 is suitable for stream encryption.
2. Authentication algorithm
The SSL protocol authentication algorithm adopts the IEEEEx.509 electronic certificate standard, which is realized through the digital signature of the RSA algorithm. A typical authentication process includes server authentication and client authentication.
- (1) Authentication of the server. The write key of the server side and the read key of the client side, the write key of the client side and the read key of the server side are a pair of private and public keys respectively. When authenticating the server, the digital signature formed by the ClientHello message can be correctly decrypted by the client only if it is encrypted with the correct server-side writing key, thereby verifying the identity of the server.
- (2) Customer's authentication. As above, only the content encrypted with the correct client write key can be correctly decrypted by the server with its read key.
Five. SSL security advantages
- 1. Listening and man-in-the-middle attacks 2. Traffic data analysis attacks
- 3. Version replay attack 4. Detect attacks on the handshake protocol
- 5. Session recovery forgery 6. Short packet attack
- 7. Interception and splicing attack 8. Packet retransmission attack
6. Problems in the SSL protocol
1. Key management issues
- (1) When the client and the server send each other the encryption algorithms they can support, they are sent in clear text, which may be modified by attacks.
- (2) In order to be compatible with previous versions, SSLv3.0 may reduce security. All session keys will generate MASTER-KEY. The security of the handshake protocol depends entirely on the protection of MASTER-KEY. Therefore, MASTER·KEY should be used as little as possible in communication.
2. Encryption strength issues
Netscape uses 40-bit keys for its international browsers and servers in accordance with the US Department of the Interior. This is because, according to US law, the RC4 encryption algorithm used by it restricts the export of encryption key products with a length of more than 40 bits. A shorter key length means a higher possibility of deciphering.
3. Digital signature problem
Based on SSL. The protocol has no digital signature function, that is, there is no anti-repudiation service. To add digital signature function, you need to patch in the agreement. In this way, it is used for digital signatures while being used for encryption keys, and there are loopholes in security. The PKI system has perfected this measure, that is, the dual-key mechanism, which separates the encryption key and the digital signature key into a dual-certificate mechanism, thus forming a complete security service system of PK1.