您好,欢迎访问三七文档
Web安全胡建斌北京大学网络与信息安全研究室E-mail:hjbin@infosec.pku.edu.cn~hjbin目录1.Web安全概述2.SSL3.SSL程序设计4.ApacheWebServer安全Web安全概述Web安全威胁及对策Web安全的特点提供双向的服务,攻击防范能力脆弱作为可视化窗口和商业交互平台,提供多种服务,事关声誉底层软件庞大,如apache约10M,历来是漏洞之最,攻击手段最多如果被攻破可能导致成为进入企业的跳板配置比较复杂Web安全的组成部分Browser安全WebServer安全Browser与WebServer之间网络通信安全Web安全方案网络层:IPSec传输层:SSL/TLS应用层:SET/SHTTP目录1.Web安全概述2.SSL3.SSL程序设计4.ApacheWebServer安全SecureSocketsLayer(SSL)SSL设计目标在Browser和WebServer之间提供敏感信息传输通道SocialSecurityNumber(SSN)CreditCard,etc提供访问控制OpenClosedSSL被设计用来使用TCP提供一个可靠的端到端安全服务,为两个通讯个体之间提供保密性和完整性(身份鉴别)SSL历史Netscape公司于1994开发SSLv2releasedin1995SSLv3alsoreleasedin1995duetobugsinv21996年IETF成立TransportLayerSecurity(TLS)committeeTLSv1wasbaseduponSSLv3Netscape、Microsoft都支持TLSv1SSL功能SSL提供四个基本功能AuthenticationEncryptionIntegrityKeyExchange采用两种加密技术非对称加密认证交换加密密钥对称加密:加密传输数据SSL功能SSL的结构SSL是独立于各种协议的常用于HTTP协议,但也可用于别的协议,如NNTP,TELNET等建立在可靠的传输协议(如TCP)基础上提供连接安全性保密性,使用了对称加密算法完整性,使用HMAC算法用来封装高层的协议SSL记录协议客户和服务器之间相互鉴别协商加密算法和密钥提供连接安全性身份鉴别,至少对一方实现鉴别,也可以是双向鉴别协商得到的共享密钥是安全的,中间人不能知道协商过程是可靠的SSL握手协议协议的使用SSL体系结构连接会话SSL基本概念连接是能提供合适服务类型的传输(在OSI分层模型中的定义)对SSL,这样的连接是对等关系连接是暂时的,每个连接都和一个会话相关连接SSL会话是指在客户机和服务器之间的关联会话由握手协议创建会话定义了一组可以被多个连接共用的密码安全参数对于每个连接,可以利用会话来避免对新的安全参数进行代价昂贵的协商会话在任意一对的双方之间,也许会有多个安全连接理论上,双方可以存在多个同时会话,但在实践中并未用到这个特性连接Vs会话会话状态参数连接状态参数各种密钥pre_master_secretmastersecretClientwriteMACsecretClientwritesecretClientwriteIVServerwriteMACsecretServerwritesecretServerwriteIVSSLHandshakeSSL握手协议报文格式ClientServer一建立安全能力ClientHelloSSLClientSSLServerPort4431.TheClientHellomessageiscomposedofa.SSLVersion(highest)thatisunderstoodbytheclient.TLSv1elseSSLv3b.KeyExchangetoidentifythemethodofexchangingkeys.RSAifnotthenD-H.c.DataEncryptiontoidentifytheencryptionmethodsavailabletotheClient.TripleDesorelseDESd.MessageDigestfordataintegrity.SHAorelseMD5e.DataCompressionmethodformessageexchangePKZiporelsegzipf.ARandomnumbertocomputethesecretkey(highest)thatisunderstoodbytheclient.TLSv1b.KeyExchangetoidentifythemethodofexchangingkeys.RSA.c.DataEncryptiontoidentifytheencryptionmethodsavailabletotheClient.DESd.MessageDigestfordataintegrity.MD5e.DataCompressionmethodformessageexchangePKZipf.ARandomnumbertocomputethesecretkey一建立安全能力DataEncryption:RC2-40RC4-128DESDES403DESIDEAFortezzaMessageDigest:MD5SHA.CipherSuiteAlternativesKeyExchange.RSAFixedDiffie-HellmanEphemeralDiffie-HellmanAnonymousDiffie-HellmanFortezzaDataCompression:PKZipWinZipgzipStuffItSSLClientSSLServerServerCertificate1.TheServerCertificatemessageiscomposedofa.TheserverIdentifierinformationb.ADigitalCertificateoftheseverinformationencryptedwiththeCAsPrivateKey.Thiscontainstheserver'sPublicKeyClientCertificateRequest1.TheClientCertificateRequestmessageiscomposedofa.TheCertificatetypetoindicatethetypeofpublickeyb.TheCertificateAuthorityisalistofdistinguishednamesofCertificateAuthoritiesacceptabletotheServerServerDoneMessage1.ThisServerDonemessagehasnoparameters.二服务器鉴别和密钥交换SSLClientSSLServerClientCertificate1.TheClientCertificatemessageiscomposedofa.TheserverIdentifierinformationb.ADigitalCertificateoftheclientinformationencryptedwiththeCAsPrivateKey1.TheClientAuthenticatestheServerwiththeCA.a.ExtractsthepublickeyoftherootsignedcertificatethatcameinstalledwiththeclientandComputesaMDoftheservercertificateinformation.b.Decryptstheservercertificate(thatwasissuedbytherootCA)thatcontainsthehashcomputedbytheCAPrivateKeyc.ComparesthecomputedhashwiththehashcontainedintheserverDigitalCertificate.2.Generatesasessionkey(psuedo-randomnumber)touseasaPre-MasterKeythen3.Encryptsthesessionkeywiththeserver’spublickey.三客户机验证和密钥交换SSLClientSSLServerClientKeyExchange1.TheClientKeyExchangemessageiscomposedofa.Theencryptedsessionkeywhichwillserveasapre-mastersecretkeyencryptedwiththeserver’spublickey.1.Boththeclientandtheserverusethepre-mastersecretkeytocomputethreeidenticalsetsofsecretkeypairsa.Thefirstpair(i.e.DES)isusedtoencryptoutgoingtrafficfromtheclienttotheserverandtodecryptincomingtraffictotheserverwhileb.Thesecondpair(i.e.HMAC)isusedtoencryptoutgoingtrafficfromtheserverandtodecryptincomingtraffictotheclientc.ThethirdpairisusedtoinitializethecipherIV(InitializationVector)Note:BoththeClientandtheServereachgeneratethreesetsofkeys三客户机验证和密钥交换SSLClientSSLServerCSSCCSSCEncryptionMACIVEncryptionMACIV密钥交换结果1.TheClientFinishmessageiscomposedofa.Theclientauthenticatestheserverwithamessageencryptedwiththenewlygeneratedsharedkeys.b.Thisvalidatestotheserverthatasecureconnectionhasbeencreated.SSLClientSSLServerClientFinishServerFinish1.TheServerFinishmessageiscomposedofa.Theserverauthenticatestheclientwithamessageencryptedwiththenewlygeneratedsharedkeys.b.Thisvalidatestotheclientthatasecureconnectionhasbeencreated.Note:theServerandclientcannowbegintousetheirsixsharedkeysforbulkdataencryptionutilizingtheSSLRecordLayerprotocol四完成SSLRecordProtocolByIntroducingSSLandCertificatesusingSSLeay-Frederick
本文标题:Web安全
链接地址:https://www.777doc.com/doc-1250384 .html