Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
『プロフェッショナルSSL/TLS』読書会 第1章資料
Search
sylph01
May 12, 2017
Technology
0
1.4k
『プロフェッショナルSSL/TLS』読書会 第1章資料
https://connpass.com/event/56085/
sylph01
May 12, 2017
Tweet
Share
More Decks by sylph01
See All by sylph01
Updates on MLS on Ruby (and maybe more)
sylph01
1
200
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (RubyConf Taiwan 2025 ver.)
sylph01
1
95
PicoRuby's Networking is Incomplete
sylph01
1
44
The Definitive? Guide To Locally Organizing RubyKaigi
sylph01
6
1.7k
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too
sylph01
1
140
End-to-End Encryption Saves Lives. You Can Start Saving Lives With Ruby, Too (JP subtitles)
sylph01
2
650
Introduction to C Extensions
sylph01
3
210
"Actual" Security in Microcontroller Ruby!?
sylph01
0
160
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
sylph01
1
75
Other Decks in Technology
See All in Technology
M5製品で作るポン置きセルラー対応カメラ
sayacom
0
170
神回のメカニズムと再現方法/Mechanisms and Playbook for Kamikai scrumat2025
moriyuya
4
660
10年の共創が示す、これからの開発者と企業の関係 ~ Crossroad
soracom
PRO
1
620
AIAgentの限界を超え、 現場を動かすWorkflowAgentの設計と実践
miyatakoji
0
150
Where will it converge?
ibknadedeji
0
200
extension 現場で使えるXcodeショートカット一覧
ktombow
0
220
生成AIとM5Stack / M5 Japan Tour 2025 Autumn 東京
you
PRO
0
230
Access-what? why and how, A11Y for All - Nordic.js 2025
gdomiciano
1
120
大規模サーバーレスAPIの堅牢性・信頼性設計 〜AWSのベストプラクティスから始まる現実的制約との向き合い方〜
maimyyym
2
400
Exadata Database Service on Dedicated Infrastructure(ExaDB-D) UI スクリーン・キャプチャ集
oracle4engineer
PRO
2
5.5k
定期的な価値提供だけじゃない、スクラムが導くチームの共創化 / 20251004 Naoki Takahashi
shift_evolve
PRO
4
340
Adminaで実現するISMS/SOC2運用の効率化 〜 アカウント管理編 〜
shonansurvivors
3
380
Featured
See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.9k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
189
55k
Music & Morning Musume
bryan
46
6.8k
Producing Creativity
orderedlist
PRO
347
40k
Documentation Writing (for coders)
carmenintech
75
5k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
2.6k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
15
1.7k
Building a Modern Day E-commerce SEO Strategy
aleyda
43
7.7k
Navigating Team Friction
lara
189
15k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
285
14k
Designing for Performance
lara
610
69k
Transcript
(1) SSL/TLSͱ҉߸ٕज़ @ʰϓϩϑΣογϣφϧSSL/TLSʱಡ ॻձ Ryo Kajiwara (@s01), 5/12/2017
1.1 Transport Layer Security (p.1-2) TLSͷ4ͭͷඪ(্͔Βߴ༏ઌ): • ҉߸ֶతͳηΩϡϦςΟ(Cryptographic security) •
૬ޓӡ༻ੑ(Interoperability) • ֦ுੑ(Extensibility) • ޮੑ(Efficiency)
1.2 ωοτϫʔΫͷ֊ ͍ΘΏΔOSIࢀরϞσϧͷɻTLS໊લͷ௨Γτϥϯεϙʔτ (ୈ4 = TCP, UDP)ʹରͯ͠securityΛఏڙ͢ΔɻϓϨθϯςʔγϣ ϯ=ୈ6ʹҐஔ͢Δɻ TLS͕ͳͯ͘HTTP(=ୈ7)ʮػೳ͢Δʯɻ
1.3 ϓϩτίϧͷྺ࢙ • SSL2: 1994/11 • SSL 3.0: 1995ޙ •
TLS 1.0(RFC 2246): 1999/1 • ΄ͱΜͲSSL 3.0ͱࠩͳ͍͕ޓੑͳ͠ • TLS 1.1: 2006/4 (security fix, TLS֦ு(2003/6)) • TLS 1.2: 2008/4 (AEADରԠ) • TLS 1.3: ongoing
1.4 ҉߸ٕज़ Ͳͷ͘Β͍҉߸ٕज़ʹ͠Έ͕͋Δ͔ʹΑͬͯಡΈඈ͠·͢ɻ • ҉߸ֶͷจ͕ಡΊΔ/ॻ͚Δ: ৸ͯͯେৎ • ʢͨͿΜ͜ͷؒͩͱࢥ͍·͢ʣ • ύεϫʔυͬͯ҉߸Խͯ͠อଘ͞ΕΔΜͩΑͶʁ:
Ώͬ͘ΓಡΉ
1.4.1 ཁૉٕज़ (p.5) Kerckhoffsͷݪଇ ҉߸γεςϜɺ伴Ҏ֎ͷ͕ͯ͢߈ܸऀʹঠѲ͞Εͨͱͯ͠ ҆શͰͳ͚ΕͳΒͳ͍ɻ • ҉߸ΞϧΰϦζϜ͕ఢରऀʹ࿙Εͯ҆શͰ͋Δඞཁ͕͋Δ • ༏Εͨ҉߸ΞϧΰϦζϜΛઃܭ͢Δͷ͍͠ɻͨ͘͞Μͷਓ
ͷʹ৮Εͯਫ਼ࠪ͞Εͨͷ΄Ͳ҆શɻ ݱͷ҉߸ʮܭࢉྔత҆શੑʯʹͦͷࠜڌΛஔ͍͍ͯΔ
1.4.1 ཁૉٕज़ (p.7) ετϦʔϜ҉߸ 伴͔ΒϥϯμϜʹݟ͑ΔจࣈྻͰ͋Δ伴ετϦʔϜΛੜ͠ɺ ͱͯ͠҉߸จΛಘΔɻ ετϦʔϜ҉߸Ͱʮಉ͡伴Λ͍·Θ͞ͳ͍͜ͱʯ͕ඇৗʹॏ ཁɻˠظؒʹΘͨͬͯར༻͢Δൿີ伴͔Βɺ௨৴ͷͨͼʹ1ճݶ Γͷ伴ʢηογϣϯ伴ʣΛಋग़ͯ͠͏ɻ RC4͕༗໊͕ͩऑ͕ΒΕ͍ͯΔɻECRYPT
Stream Cipher Project ʹ࠷৽ͷͷ͕͋ΔɻSalsa20/12SOSEMANUKͳͲɻ
1.4.1 ཁૉٕज़ (p.8) ϒϩοΫ҉߸ ϒϩοΫ୯ҐͰ·ͱΊͯ҉߸Խɻଟ͘ͷํࣜͰ16byte͝ͱɻೖྗ Λड͚ͱͬͯϥϯμϜʹݟ͑Δग़ྗΛฦؔ͢ɻ ϒϩοΫ҉߸ҙͷ͞ͷσʔλΛ҉߸Խ͢ΔͨΊ҉߸ར༻Ϟ ʔυͱΈ߹ΘͤͰ͏ɻ ੈքͰ࠷Α͘ར༻͞Ε͍ͯΔͷAESɻ伴͕128bit/192bit/ 256bitɺϒϩοΫ128bitݻఆɻ
1.4.1 ཁૉٕज़ (p.9) ϋογϡؔ • ݪ૾ܭࢉࠔੑ: ͋Δϋογϡʹର͠ɺಉ͡ϋογϡʹͳΔ ϝοηʔδΛݟ͚ͭΔ͜ͱ͕ࠔͰ͋Δੑ࣭ • ୈ2ݪ૾ܭࢉࠔੑ(ऑিಥੑ):
͋Δϝοηʔδͱϋογϡ͔ Βɺಉ͡ϋογϡʹͳΔผͷϝοηʔδΛݟ͚ͭΔ͜ͱ͕ࠔ Ͱ͋Δੑ࣭ • িಥੑ(ڧিಥੑ): ಉ͡ϋογϡʹͳΔϝοηʔδͷΈ ߹ΘͤΛݟ͚ͭΔ͜ͱ͕ࠔͰ͋Δੑ࣭
1.4.1 ཁૉٕज़ (p.9) SHA1(160bit)͕Α͘ΘΕ͍ͯΔ͕SHA256ͷஔ͖͕͑ਪ͞ Ε͍ͯΔɻ ϋογϡؔͷڧݪཧతʹʮੜͷύϥυοΫεʯ͔ΒΑ ͯ͘ϋογϡͷ͞ͷɻn-bitͷϋογϡ2^(n/2)ճϋογ ϡܭࢉ͢ΕিಥΛߴ֬Ͱݟ͚ͭΒΕΔɻ
1.4.1 ཁૉٕज़ (p.10) MAC(Message Authentication Code) ͋Δ͍ 伴͖ϋογϡ(keyed- hash):ϋογϡؔΛ֦ுͯ͠ೝূΛՄೳʹͨ͠ͷɻϋογϡ ΛσʔλͱҰॹʹૹΔͱϋογϡͦͷͷվ͟Μ͞Ε͏Δͷ
Ͱͦͷରࡦʹ͏ɻ
1.4.1 ཁૉٕज़ (p.10-11) ҉߸ར༻Ϟʔυ • ECB: ϒϩοΫ୯ҐͰݸผʹ҉߸Խɻ҉߸จʹฏจͷใ͕ݱΕ ͯ͠·͏ͨΊ੬ऑɻ͏ཧ༝ͳ͠ɻ • CBC:
લͷϒϩοΫͷ҉߸Խ݁ՌͷXORΛͱ͔ͬͯΒ҉߸Խɻ • ॳظԽϕΫτϧ(IV)ΛऔΔɻϥϯμϜͳΛ͏͜ͱͱɺ͜ͷ Λ͍·Θ͞ͳ͍͜ͱ͕ॏཁɻ • ଞ: CTRɺGCMɺOCBͳͲɻGCMͱOCBೝূ͖ͭ҉߸Λఏڙɻ
None
None
CTRϞʔυͷ߹ɺ҉߸Խ/෮߸Խ྆ํͰNonceͱcounterͷ҉߸Խ Λߦ͏ɻΑͬͯCTRϞʔυʹద༻͢Δؔblock cipherͰͳ͘ pseudo-random functionͰेɻ
1.4.1 ཁૉٕज़ (p.11-12) ެ։伴҉߸ํࣜ ҉߸Խʹ͏伴ͱ෮߸ʹ͏伴͕ผɻ ެ։伴Λ҆શʹ͘ڞ༗Ͱ͖Ε͚͕ࣗͩಡΊΔϝοηʔδΛ શһ͔ΒૹͬͯΒ͑ΔʢˠPKIɺୈ3ষʹͯʣɻ ެ։伴҉߸ܭࢉʹ͕͔͔࣌ؒΔͷͰɺڞ༗伴ͷωΰγΤʔγϣ ϯʹΘΕɺͦͷޙڞ༗伴Λͬͯରশ伴҉߸Λ͏ɻ RSAɺElGamal(DH伴ަΛެ։伴҉߸ʹద༻ͨ͠ͷ)
1.4.1 ཁૉٕज़ (p.13) ిࢠॺ໊ ిࢠϝοηʔδจॻͷਅਖ਼ੑ(authenticity)ΛݕূՄೳʹ͢Δ҉߸ ֶతͳखஈɻ MACిࢠॺ໊ͷҰछ͕ͩMAC伴ͷڞ༗ͱ͍͏͕͋Δɻ RSAΛٯํʹద༻͢Δ͜ͱͰిࢠॺ໊ΞϧΰϦζϜͱͯ͑͠ ΔɻҰํͰDSA/ECDSA҉߸ԽΞϧΰϦζϜͱͯ͑͠ͳ͍ɻ
1.4.1 ཁૉٕज़ (p.13) ཚੜث ҉߸ʹ࣭ͷ͍͍ʢhigh entropyͳʣཚ͕ඞཁɻ ֎෦ஔͷׂΓࠐΈʹΑΔΤϯτϩϐʔͷऩू(=TRNG)Ͱ͍ͩͨ ͍ͷ߹ेͳΤϯτϩϐʔ͕ू·Βͳ͍ͷͰ࣮ࡍٙࣅཚੜ ث(PRNG)Λ͏ɻ҉߸ʹ༻͍Δͷʹ෦ঢ়ଶͷ༧ଌෆՄೳ ੑΛ࣋ͬͨCSPRNG͕ඞཁɻ
1.4.2 ϓϩτίϧ (p.14) ؆୯ͳ҉߸௨৴ϓϩτίϧͷྫΛ͍ࣔͯ͠Δɻ • ·ͱ·ͬͨσʔλͷ҉߸ԽAESͰ • վ͟Μʹରॲ͢ΔͨΊϝοηʔδʹMACΛ༩ • ϝοηʔδͷܽམ/ϦϓϨΠ߈ܸʹରॲ͢ΔͨΊ࿈൪Λ༩
• ձͷऴྃΛࣔ͢ಛघͳϝοηʔδ • ձʹઌཱͬͯެ։伴҉߸ํࣜͰޓ͍Λೝূ • 伴ަΞϧΰϦζϜͰ҉߸伴Λަ
1.4.2 ϓϩτίϧ (p.14) TLSʹ͓͍ͯ 1. ೝূͱ伴ަΛؚΜͩϋϯυγΣΠΫ 2. ϋϯυγΣΠΫޙʹػີੑͱશੑͷ͋Δঢ়ଶͰσʔλΛަ 3. γϟοτμϯͷखॱͰऴྃ
Λߦ͏ɻ
1.4.3 ҉߸ٕज़ʹର͢Δ߈ܸ (p.15) • ૯Γ߈ܸ • ࣮ʢόάʣʹର͢Δ߈ܸ: λΠϛϯά߈ܸͳͲ͕Α͘ΒΕΔ • αʔόʹ৵ೖͯ͠҉߸伴ΛऔΔ΄͏͕؆୯ͳ͜ͱ
΄ͱΜͲͷ߹ɺʮϓϩτίϧΛࣗͰઃܭ͠ͳ͍ʯʮ҉߸ॲཧ ͷίʔυΛࣗͰ࣮͠ͳ͍ʯ΄͏͕҆શɻ
1.4.4 ҉߸ڧ (p.16-17) ҉߸ͷڧ = ҉߸ΞϧΰϦζϜΛഁΔͷʹඞཁͳૢ࡞ͷճɺ͜ ΕΛϏοτ҆શੑͱ͍͏ɻ ҉߸ԽํࣜʹΑͬͯϏοτ҆શੑͷॏΈ͕ҟͳΔͷͰɺଞͷํࣜ ͷͲͷϨϕϧͱՁ͔ɺͱ͍͏มද͕͋Δɻ 2012࣌Ͱʮ30ͷ߈ܸʹର͢Δอޢʯɿڞ௨伴҉߸Խʹ͓͚
Δ128Ϗοτ૬
1.4.4 ҉߸ڧ (p.16-17) NIST SP800-57 Part1 Rev.3 ͷp.64ʹ͋ΔՁ҆શੑͷද1 ڞ௨伴҉߸ RSA/DSA/DH
ପԁۂઢ҉߸ ϋογϡ 80 1024 160 160 112 2048 224 224 128 3072 256 256 256 15360 512 512 1 ୯ҐͦΕͧΕbit
1.4.5 MITM߈ܸ (p.17-21) ΞΫηεͷୣऔ • ARP spoofing: MACΞυϨεͱIPΞυϨεͷؔ࿈͚Λশ͢Δ ͜ͱͰϩʔΧϧωοτϫʔΫʹ͓͚Δܦ࿏ใΛশ͢Δ •
WPAD(Web Proxy Auto-Discovery) hijacking: ِͷϓϩΩγʹ༠ಋ • DNS hijacking, DNS cache poisoning: ِͷDNSใΛ༩͑Δ͜ͱͰ υϝΠϯʹ͔͏τϥϑΟοΫΛͬऔΔɻ • BGP route hijacking: Πϯλʔωοτ্ͷϧʔλ͕ෆਖ਼ͳܦ࿏Λ ࢦఆ͢Δ͜ͱͰ௨৴͕߈ܸऀͷͱ͜ΖΛ௨Δ
1.4.5 MITM߈ܸ (p.17-21) डಈత߈ܸ • ҉߸Խ͞Ε͍ͯͳ͍τϥϑΟοΫΛܧଓతʹϞχλϦϯά • ҉߸Խ͞ΕͨτϥϑΟοΫͰظؒอଘͯ͠҉߸͕ഁΒΕΔ ͷΛͯΑ͍ •
Perfect Forward Secrecy2ͷॏཁੑɻಉ͡伴Λͬͯաڈʹ͞ ͔ͷ΅ͬͯ௨৴͕෮ݩͰ͖ΔͱϚζ͍ɻ 2 Perfect Forward SecrecyͱForward Secrecyಉٛɻ
1.4.5 MITM߈ܸ (p.17-21) ೳಈతͳ߈ܸ ैདྷͷMITM߈ܸ: Mallory͕ʮBobͱ͍ͯ͠Δ͔ͷΑ͏ʹAliceʹࢥ ͍ࠐ·ͤΔʯʹೝূΛλʔήοτʹͨ͠ͷɻ ௨ৗͷDH伴ަͰೝূ͕ఏڙ͞Εͳ͍ͷͰ͜Ε͕Մೳɻ
1.4.5 MITM߈ܸ (p.17-21) ೳಈతͳ߈ܸ TLSͷ߹ɺAlice͕༗ޮͳͷͱͯ͠ड͚औΔΑ͏ͳূ໌ॻΛ Mallory͕ఏࣔ͢Δ͜ͱ͕ཧతͳ߈ܸɻ αʔϏεΛὃͯ͠ূ໌ॻΛೖख͢Δํ๏4ষɺ༗ޮʹݟ͑Δূ໌ ॻΛߏ͢Δ߈ܸ6ষʹͯɻܯࠂΛແࢹ͢Δ͜ͱΛظͯ͠ෆਖ਼ ͳূ໌ॻΛఏࣔ͢Δ͜ͱɻϒϥβʹ҉߸ԽΛແޮԽ͢ΔΑ͏ ͳϦΫΤετΛૹ৴͢Δ߈ܸɻ7ষʹͯɻ
ίετ͕ߴ͍ͨΊେنʹߦΘͣಛఆͷରʹରͯ͠ߦ͏ɻ
None
ิ ຊʹࡌͬͯͳ͍͚Ͳؔ࿈͢Δ·ͱΊɻ 1. ετϦʔϜ҉߸ͱOne-Time Pad 2. িಥੑʹؔ͢Δ༻ޠʹ͍ͭͯ 3. HMACͷఆٛ 4.
DH伴ަʹ͓͚Δதؒऀ߈ܸ
ετϦʔϜ҉߸ͱOne-Time Pad One-Time Pad(Vernam҉߸)Ͱฏจͱಉ͡͞ͷཚྻΛ伴ͱ͠ ͯ ͷΑ͏ʹ҉߸จΛಘΔɻOne-Time Pad ฏจͷใΛҰ҉߸จʹ͞ͳ͍ใྔతʹperfectly secret ͳ҉߸͕ͩݱ࣮తͰͳ͍ͷͰɺݱ࣮ʹ͍伴͔Β伴ετϦʔϜ
Λੜ͢Δɻ
িಥੑʹؔ͢Δ༻ޠʹ͍ͭͯ SHA1SHAtteredͰڧিಥੑʢʹ1ͭͷিಥ͢ΔϖΞΛ࡞Γग़͢ ͜ͱʣಥഁ͞Ε͕ͨɺऑিಥੑʢʹ͋Δจࣈྻʹର͢Δϋο γϡͱಉ͡ϋογϡΛ༩͑ΔผͷจࣈྻΛࣔ͢ʣ·ͩಥഁ ͞Ε͍ͯͳ͍ͷͰɺ͜Ε͚ͩͰͬͯʮύεϫʔυϋογϡͱͯ͠ ෆద֨ʯͱ͍͏ͷιɻͬͱɺଞͷબࢶ͕ͬͱ༏लͳ ͷͰSHA256bcryptΛ͍·͠ΐ͏ɻ
HMACͷఆٛ ϋογϡؔHͱ伴KΛͬͯɺ ipad = Kͷ͞ͷ0x36 opad = Kͷ͞ͷ0x5c ʢ ||
࿈݁Λද͢ɻͳͷͰɺ ͱtextΛ͚ͬͭͨ͘ͷͷϋ ογϡΛɺ ͷޙΖʹ͚ͬͭͯ͘ɺͦͷϋογϡΛऔ Δɺͱ͍͏͜ͱʣ
DH伴ަʹ͓͚Δதؒऀ߈ܸ (ECͰͳ͍)DH伴ަ: • ެ։ͷ • p ͷେ͖ͳૉ • g
ͷੜݩ • ൿີͷ: • ૬खʹૹΒΕΔ:
None
None
DH伴ަʹ͓͚Δதؒऀ߈ܸ தؒऀEve͕ ͷΛड͚औΓɺ ͱಉ༷ͷੑ࣭Λ࣋ͭ Λੜ͠ɺҎԼͷΛ૬खʹΘΓʹ͢:
DH伴ަʹ͓͚Δதؒऀ߈ܸ ͦ͏͢ΔͱAliceͱBobҎԼͷΛܭࢉ͢Δ: ͜ͷͱ͖ɺAliceͱEveɺEveͱBobͷؒʹڞ௨伴ͷਃ͠߹Θཱ͕ͤ ͢Δʢલऀ ɺޙऀ ʣɻ