Web安全

78633645
4 ℃
2019-09-30

整理文档很辛苦，赏杯茶钱您下走！

还剩 ... 页未读，继续阅读 >>

免费阅读已结束，点击下载阅读编辑剩下 ... 页

阅读已结束，您可以下载文档离线阅读编辑

资源描述

Web安全胡建斌北京大学网络与信息安全研究室E-mail:hjbin@infosec.pku.edu.cn~hjbin目录1.Web安全概述2.SSL3.SSL程序设计4.ApacheWebServer安全Web安全概述Web安全威胁及对策Web安全的特点提供双向的服务，攻击防范能力脆弱作为可视化窗口和商业交互平台，提供多种服务，事关声誉底层软件庞大，如apache约10M，历来是漏洞之最，攻击手段最多如果被攻破可能导致成为进入企业的跳板配置比较复杂Web安全的组成部分Browser安全WebServer安全Browser与WebServer之间网络通信安全Web安全方案网络层：IPSec传输层：SSL/TLS应用层：SET/SHTTP目录1.Web安全概述2.SSL3.SSL程序设计4.ApacheWebServer安全SecureSocketsLayer(SSL)SSL设计目标在Browser和WebServer之间提供敏感信息传输通道SocialSecurityNumber(SSN)CreditCard,etc提供访问控制OpenClosedSSL被设计用来使用TCP提供一个可靠的端到端安全服务，为两个通讯个体之间提供保密性和完整性(身份鉴别)SSL历史Netscape公司于1994开发SSLv2releasedin1995SSLv3alsoreleasedin1995duetobugsinv21996年IETF成立TransportLayerSecurity(TLS)committeeTLSv1wasbaseduponSSLv3Netscape、Microsoft都支持TLSv1SSL功能SSL提供四个基本功能AuthenticationEncryptionIntegrityKeyExchange采用两种加密技术非对称加密认证交换加密密钥对称加密：加密传输数据SSL功能SSL的结构SSL是独立于各种协议的常用于HTTP协议，但也可用于别的协议，如NNTP，TELNET等建立在可靠的传输协议（如TCP）基础上提供连接安全性保密性，使用了对称加密算法完整性，使用HMAC算法用来封装高层的协议SSL记录协议客户和服务器之间相互鉴别协商加密算法和密钥提供连接安全性身份鉴别，至少对一方实现鉴别，也可以是双向鉴别协商得到的共享密钥是安全的，中间人不能知道协商过程是可靠的SSL握手协议协议的使用SSL体系结构连接会话SSL基本概念连接是能提供合适服务类型的传输（在OSI分层模型中的定义）对SSL，这样的连接是对等关系连接是暂时的，每个连接都和一个会话相关连接SSL会话是指在客户机和服务器之间的关联会话由握手协议创建会话定义了一组可以被多个连接共用的密码安全参数对于每个连接，可以利用会话来避免对新的安全参数进行代价昂贵的协商会话在任意一对的双方之间，也许会有多个安全连接理论上，双方可以存在多个同时会话，但在实践中并未用到这个特性连接Vs会话会话状态参数连接状态参数各种密钥pre_master_secretmastersecretClientwriteMACsecretClientwritesecretClientwriteIVServerwriteMACsecretServerwritesecretServerwriteIVSSLHandshakeSSL握手协议报文格式ClientServer一建立安全能力ClientHelloSSLClientSSLServerPort4431.TheClientHellomessageiscomposedofa.SSLVersion(highest)thatisunderstoodbytheclient.TLSv1elseSSLv3b.KeyExchangetoidentifythemethodofexchangingkeys.RSAifnotthenD-H.c.DataEncryptiontoidentifytheencryptionmethodsavailabletotheClient.TripleDesorelseDESd.MessageDigestfordataintegrity.SHAorelseMD5e.DataCompressionmethodformessageexchangePKZiporelsegzipf.ARandomnumbertocomputethesecretkey(highest)thatisunderstoodbytheclient.TLSv1b.KeyExchangetoidentifythemethodofexchangingkeys.RSA.c.DataEncryptiontoidentifytheencryptionmethodsavailabletotheClient.DESd.MessageDigestfordataintegrity.MD5e.DataCompressionmethodformessageexchangePKZipf.ARandomnumbertocomputethesecretkey一建立安全能力DataEncryption:RC2-40RC4-128DESDES403DESIDEAFortezzaMessageDigest:MD5SHA.CipherSuiteAlternativesKeyExchange.RSAFixedDiffie-HellmanEphemeralDiffie-HellmanAnonymousDiffie-HellmanFortezzaDataCompression:PKZipWinZipgzipStuffItSSLClientSSLServerServerCertificate1.TheServerCertificatemessageiscomposedofa.TheserverIdentifierinformationb.ADigitalCertificateoftheseverinformationencryptedwiththeCAsPrivateKey.Thiscontainstheserver'sPublicKeyClientCertificateRequest1.TheClientCertificateRequestmessageiscomposedofa.TheCertificatetypetoindicatethetypeofpublickeyb.TheCertificateAuthorityisalistofdistinguishednamesofCertificateAuthoritiesacceptabletotheServerServerDoneMessage1.ThisServerDonemessagehasnoparameters.二服务器鉴别和密钥交换SSLClientSSLServerClientCertificate1.TheClientCertificatemessageiscomposedofa.TheserverIdentifierinformationb.ADigitalCertificateoftheclientinformationencryptedwiththeCAsPrivateKey1.TheClientAuthenticatestheServerwiththeCA.a.ExtractsthepublickeyoftherootsignedcertificatethatcameinstalledwiththeclientandComputesaMDoftheservercertificateinformation.b.Decryptstheservercertificate(thatwasissuedbytherootCA)thatcontainsthehashcomputedbytheCAPrivateKeyc.ComparesthecomputedhashwiththehashcontainedintheserverDigitalCertificate.2.Generatesasessionkey(psuedo-randomnumber)touseasaPre-MasterKeythen3.Encryptsthesessionkeywiththeserver’spublickey.三客户机验证和密钥交换SSLClientSSLServerClientKeyExchange1.TheClientKeyExchangemessageiscomposedofa.Theencryptedsessionkeywhichwillserveasapre-mastersecretkeyencryptedwiththeserver’spublickey.1.Boththeclientandtheserverusethepre-mastersecretkeytocomputethreeidenticalsetsofsecretkeypairsa.Thefirstpair(i.e.DES)isusedtoencryptoutgoingtrafficfromtheclienttotheserverandtodecryptincomingtraffictotheserverwhileb.Thesecondpair(i.e.HMAC)isusedtoencryptoutgoingtrafficfromtheserverandtodecryptincomingtraffictotheclientc.ThethirdpairisusedtoinitializethecipherIV(InitializationVector)Note:BoththeClientandtheServereachgeneratethreesetsofkeys三客户机验证和密钥交换SSLClientSSLServerCSSCCSSCEncryptionMACIVEncryptionMACIV密钥交换结果1.TheClientFinishmessageiscomposedofa.Theclientauthenticatestheserverwithamessageencryptedwiththenewlygeneratedsharedkeys.b.Thisvalidatestotheserverthatasecureconnectionhasbeencreated.SSLClientSSLServerClientFinishServerFinish1.TheServerFinishmessageiscomposedofa.Theserverauthenticatestheclientwithamessageencryptedwiththenewlygeneratedsharedkeys.b.Thisvalidatestotheclientthatasecureconnectionhasbeencreated.Note:theServerandclientcannowbegintousetheirsixsharedkeysforbulkdataencryptionutilizingtheSSLRecordLayerprotocol四完成SSLRecordProtocolByIntroducingSSLandCertificatesusingSSLeay-Frederick