Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
『プロフェッショナルSSL/TLS』読書会 第9章資料
Search
sylph01
June 22, 2018
Technology
0
78
『プロフェッショナルSSL/TLS』読書会 第9章資料
sylph01
June 22, 2018
Tweet
Share
More Decks by sylph01
See All by sylph01
"Actual" Security in Microcontroller Ruby!?
sylph01
0
93
Everyone Now Understands AuthZ/AuthN and Encryption Perfectly and I'm Gonna Lose My Job
sylph01
1
33
Updates on PicoRuby Networking, HPKE (and maybe more)
sylph01
1
250
Adding Security to Microcontroller Ruby
sylph01
2
3.3k
Secure Messaging at IETF 118
sylph01
0
85
Adventures in the Dungeons of OpenSSL
sylph01
0
530
Community & RubyKaigi Showcase @ Ehime.rb Reboot Meetup
sylph01
0
330
Build and Learn Rails Authentication
sylph01
8
2.1k
Email, Messaging, and Self-Sovereign Identity (2021/05/28 edition)
sylph01
0
310
Other Decks in Technology
See All in Technology
AWSを活用したIoTにおけるセキュリティ対策のご紹介
kwskyk
0
390
Amazon Aurora のバージョンアップ手法について
smt7174
2
150
AWS Well-Architected Frameworkで学ぶAmazon ECSのセキュリティ対策
umekou
2
150
Pwned Labsのすゝめ
ken5scal
2
460
Fraxinus00tw assembly manual
fukumay
0
110
OPENLOGI Company Profile
hr01
0
60k
4th place solution Eedi - Mining Misconceptions in Mathematics
rist
0
150
手を動かしてレベルアップしよう!
maruto
0
230
ウォンテッドリーのデータパイプラインを支える ETL のための analytics, rds-exporter / analytics, rds-exporter for ETL to support Wantedly's data pipeline
unblee
0
130
RayでPHPのデバッグをちょっと快適にする
muno92
PRO
0
190
ESXi で仮想化した ARM 環境で LLM を動作させてみるぞ
unnowataru
0
180
Snowflake ML モデルを dbt データパイプラインに組み込む
estie
0
110
Featured
See All Featured
[RailsConf 2023] Rails as a piece of cake
palkan
53
5.3k
A better future with KSS
kneath
238
17k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
100
18k
Six Lessons from altMBA
skipperchong
27
3.6k
Testing 201, or: Great Expectations
jmmastey
42
7.2k
Building Your Own Lightsaber
phodgson
104
6.2k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
6
570
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Practical Orchestrator
shlominoach
186
10k
Raft: Consensus for Rubyists
vanstee
137
6.8k
Transcript
ୈ9ষ: ύϑΥʔϚϯε ࠷దԽ @ʰϓϩϑΣογϣφϧSSL/TLSʱಡ ॻձ Ryo Kajiwara (@s01), 6/22/2018
TLS͍ ͱ͓ʔ͡ΌΜʁ
9.1 Ԇͱଓͷཧ TCPϨΠϠʔͷɻ • ଳҬ: ͓ۚͰղܾͩʂ • Ԇ: ޫͷ͞Λॻ͖͑Δʹ͍͘ΒੵΊ͍͍Ͱ͔͢
9.1 Ԇͱଓͷཧ [ఆٛ] RTT(round trip time): ϦΫΤετ͕తʹ౸ୡ͠Ϩεϙϯ ε͕ฦͬͯ͘Δ·Ͱʹ͔͔Δ࣌ؒɻ ͜͜Ͱαʔόͷॲཧ࣌ؒແࢹ͞Ε͍ͯΔͱࢥͬͯΑ͍ɻཁ͢ Δʹʢޫͷ͞ҰఆͱԾఆ͠ʣέʔϒϧͷԟ෮Ͱͷ͞ͱؔ
͕͋Δɻ 3way handshake1.5RTTɻͨͩ͠ΫϥΠΞϯτ͔Β௨৴Λ։࢝͢ ΔHTTPͳͲACKͱಉ࣌ʹΞϓϦέʔγϣϯσʔλΛૹ৴͢Δͷ Ͱ1RTTɻ
9.1.1 TCPͷ࠷దԽ TCP slow start: TCPͷ੍ޚํࣜɻ ૬ख͕ͲΕ͘Β͍ͷΛग़ͤΔ͔Θ͔Βͳ͍ͷͰɺ࠷ॳখ͞ ͳΟϯυ(congestion window)Λ͍ɺঃʑʹͦͷαΠζΛ ্͍͛ͯ͘ɻ
(7ষͷղઆͰHEIST߈ܸΛղઆͨ͠ࡍʹઆ໌ͨ͠Α͏ͳؾ͕͢Δ) HTTPଓ໋ͳͷͰcwnd͕খ͍͞ঢ়ଶͰӡ༻͞Ε͕ͪɻTLSϋ ϯυγΣΠΫଓͷ࠷ॳʹى͜ΔͷͰখ͍͞cwndͷӨڹΛड͚ ͕ͪɻ
9.1.1 TCPͷ࠷దԽ • Οϯυॳظͷνϡʔχϯά • ࠷ۙ10 segment㲈15KBΛॳظͱ͢Δͷ͕ਪ • idleޙͷslow startࢭ
• /etc/sysctl.conf ʹͯ net.ipv4.tcp_slow_start_after_idle=0
9.1.2 ଓͷ࣋ଓੑ TCPϋϯυγΣΠΫ/TLSϋϯυγΣΠΫ͕ԆͷӨڹΛड͚͕ͪ (RTTΛ૿͕ͪ͠)ͳͷͰଓΛ։͖ͬͺʹ͍ͨ͠ɻˠkeep-alive ͨͩ͠ରԠෆेͳWebαʔό͕ͨ·ʹ͍Δɻ ҎԼͷέʔεͰ༗ར/ෆར: (+) ΫϥΠΞϯτ͕ಉ͡αʔόʔʹͨ͘͞ΜͷϦΫΤετΛ͢Δ (-) ΫϥΠΞϯτ͕αʔόʔʹ1ճ͔͠ϦΫΤετΛ͠ͳ͍
9.1.3 SPDY, HTTP/2 ΈΜͳେ͖H2ͷɻ SPDY: TCPͱHTTPͷؒʹ৽ͨͳϨΠϠΛಋೖɻෳͷHTTP req/res ΛଟॏԽ͢ΔͷͰ1αʔό͋ͨΓ1ϦΫΤετɻHTTP/2ͷͱʹ ͳͬͨɻ •
TCP Fast Open: TCPϋϯυγΣΠΫ͔Β1RTTݮΒ͢ • QUIC: UDPͷ্ͰTCPͱಉ͡Α͏ͳ͜ͱͰ͖ͨΒ࠷ڧͩΑͶ
9.1.4 CDN ཧతʹࢄͨ͠େྔͷαʔόΛӡ༻ɻ • Τοδʹ͓͚ΔΩϟογϯά • ଓͷཧ • ෦ωοτϫʔΫͰଓΛظʹΘͨͬͯҡ࣋͢ΔͱଓΛ ຖճൃੜͤ͞ͳͯ͘Α͍
• ෦ωοτϫʔΫͰ࠷దͳroutingΛ͢Δ • ߋͳΔ࠷దԽͷͨΊͷಠࣗϓϩτίϧ͕͑Δ
9.2 TLSͷ࠷దԽ
9.2.1 伴ަ • 伴: ͍ͱsecure͚ͩͲͦΕ͚ͩॏ͍ɻ • ൿີ伴ΞϧΰϦζϜ • RSA࠷Ͱ2048bitҎ্ʹͳ͖ͬͯͯΔɻܭࢉྔ͕ͭΒ ͍ɻECDSAͳΒͬͱ͍ɻ
9.2.1 伴ަ • 伴ަΞϧΰϦζϜ • RSAForward Secrecy͕ͳ͍ • DHE͍ •
ΑΖ͍͠ɺͳΒECDHEͩ • secp256v1ͳΒ128bit҆શ • secp384v1ʹͯ҆͠શੑͦ͜·ͰΑ͘ͳΒͳ͍͚Ͳܭ ࢉྔ͕૿͑Δ
9.2.1 伴ަ ςετ݁Ռͷάϥϑ(p268): • RSA -> ECDHE_ECDSA ʹ͢ΔͱPFSΛಘ্ͨͰϋϯυγΣΠΫͷ ύϑΥʔϚϯε͕2ഒʹ্ʂ •
DHE1024bitͰ͢Β͍ɻ • : ΫϥΠΞϯτ࡞ۀ͕૿͑ͯͰͳ͍ɻαʔόʔͨ ͘͞ΜͷଓΛ͘͞ͷͰ࡞ۀ͕૿͑Δͱͦͷ͚ͩͭΒ͍ɻ
False Startʹ͍ͭͯ ϋϯυγΣΠΫ͕ޭ͢ΔલఏͰΞϓϦέʔγϣϯσʔλΛૹΕ ΔΑ͏ʹ͢Δ༷ɻ ߈ܸ͞Εͨ߹҉߸Խ͞ΕͨΞϓϦέʔγϣϯσʔλͷҰ෦͕ૹ ৴͞Εͯ͠·͏ɻ·ͨɺϋϯυγΣΠΫͷશੑݕূϋϯυ γΣΠΫ͕ऴΘΒͳ͍ͱͰ͖ͳ͍ͷͰ҉߸ԽύϥϝʔλΛ߈ܸ͞ ΕΔ͜ͱ͕͋Γ͏Δɻ →Googleʮڧ͍҉߸ͬͯΕ͍͍Μ͡Όͳ͍ͷʁʯ →Logjam߈ܸʮͦΜͳ͜ͱͳ͍ʯʢڧ͍伴ަඞཁʣ
9.2.2 ূ໌ॻ • ূ໌ॻνΣʔϯඞཁ࠷ݶͷαΠζʹ͠ɺશͳνΣʔϯΛ ఏࣔ͢Δ͜ͱ • αʔόͷূ໌ॻ + ൃߦݩCAͷূ໌ॻ •
ϧʔτূ໌ॻUAͷखݩʹ͋ΔͷͰ͚ͭͳͯ͘Α͍ • શͳͷͰͳ͍ͱ୳͠ʹߦ͘ख͕ؒൃੜ • αΠζ͕খ͘͞ͳΔͷͰECDSAূ໌ॻΛ͏
9.2.2 ূ໌ॻ • 1ͭͷূ໌ॻΛෳαΠτͰڞ༗͢Δͱɺϗετ໊Λূ໌ॻʹ Ճ͠ͳ͍͚ͯ͘ͳ͘ͳͬͯূ໌ॻͷαΠζ͕͘ͳΔ • ओʹSNIඇରԠΫϥΠΞϯτରࡦͱ͍͏͚ΕͲɺͦͦ͜ Μͳ͜ͱ͠ͳ͍ͷ͕ਖ਼͍͠ͷͰ…ʁ • ͱ͍͑ɺCloudFlareܦ༝ͷGitHub
PagesͷSSLԽͩͱ SubjectAltName͕ࢁ΄Ͳ͍ͭͯ͘Δͷͩͬͨ • ࠷ۙͦͷඞཁͳ͘ͳͬͨ
9.2.3 ࣦޮͷ֬ೝ • CRLͰͳ͘OCSPΛ͏ɻCRL͘ͳΓ͕ͪɻ • ߴͳOCSPϨεϙϯμΛඋ͑ͨCAΛ͏ • OCSP staplingΛ͏ EVৗʹࣦޮ֬ೝΛ͢Δ͕DVඞͣͦ͠ͷݶΓͰͳ͍ͷͰEV
ΑΓDVͷ΄͏͕͍ʂEVΦϫίϯʂʁˠOCSP stapling͢Εύ ϑΥʔϚϯεมΘΒͳ͍ͷͰͦΜͳ͜ͱͳ͍ɻ
9.2.4 ηογϣϯϦβϯϓγϣϯ ϑϧϋϯυγΣΠΫͷ͕ݮΕݮΔ΄ͲΑ͍ɻsession cacheΛద ʹઃఆ͠Α͏ɻ
9.2.5 సૹͷΦʔόʔϔου TLSͷసૹ୯ҐTLSϨίʔυ(௨ৗ16384byte)ɻ͜͜ʹσʔλ͕ଟ ͘ೖΕೖΔ΄Ͳޮ͕Α͍ɻ σʔλҎ֎ͷ෦ͱϔομɺMACɺύσΟϯάɺIVͳͲɻ AEADͩͱΦʔόʔϔου͕খ͍͞ɻMAC-then-Encryptͷ᠘ͷӨڹ ड͚ͳ͍͠ɺTLS 1.2Ҏ߱ͷAEADར༻ηΩϡϦςΟͰύ ϑΥʔϚϯεͰ༏ΕͯΔͱΘ͔Δɻ
9.2.6 ڞ௨伴҉߸Խํࣜ AES-NIରԠϚγϯΛ͑ɻ/proc/cpuinfoͷflagsʹaesͬͯೖͬͯ Εokɻ • AES͍ɻRC4͍͚Ͳ੬ऑͳͷͰ͏ཧ༝͕ͳ͍ɻ • CAMELLIAͱAESΞΫηϥϨʔγϣϯ͕͋ΔͱAESͷ΄͏͕2.77 ഒ͍ɻ •
SHA256SHA-1ΑΓ͍ɻํͳ͍Ͷɻ • AEAD(GCMϞʔυ)CBCϞʔυͱൺ͍ͯɻᘳͰʁ
9.2.7 TLSϨίʔυͷόοϑΝ… TLSϨίʔυ͕ෳύέοτʹׂ͞ΕΔ͜ͱ͕͋Δɻͦͷ߹Ͱ TLSϨίʔυ͕શʹἧ͏·Ͱ෮߸Խ/શੑݕূ͕Ͱ͖ͳ ͍ɻ TLSϨίʔυαΠζͷௐ͕Ͱ͖ΔWebαʔόͳΒϨίʔυαΠζ ΛԼ͛Δํ๏͋Δɻ MTU - IPv6
header - TCP header - TCP record = data size MTU͕มԽ͠͏Δ͜ͱʹҙɻ
9.2.8 ૬ޓӡ༻ੑ ৽͍͠ϓϩτίϧΛαʔόʔ͕ड͚͚ͳ͍ͱࣗಈతʹ࠶ωΰγ Τʔγϣϯ͕ൃੜͯ͠͠·͍RTT͕૿͑Δɻ͓ͱͳ͘͠࠷৽όʔ δϣϯ/࠷৽֦ுʹରԠͤ͞Δͷ͕Α͍ɻ
9.2.9 ϋʔυΣΞΞΫηϥϨʔγϣ ϯ ݱతʹαʔό͕҉߸νοϓΛผʹ࣋ͭཧ༝ύϑΥʔϚϯε ໘Ͱ΄ͱΜͲଘࡏ͠ͳ͍ɻͲͪΒ͔ͱ͍͏ͱHSM(hardware security module)ͱͯ͠ͷ༻్ɻ
9.3 DoS߈ܸ TLSʹؔͳ͍ରࡦͱͯ͠ • গͷIPΞυϨε͔ΒདྷΔ߹throttling • αʔόΛ૿͢ʢࡳଋͰԥΔʣ • ͦΕͰແཧͳΒDDoSରࡦઐۀऀΛཔΔʢΓࡳଋͰԥ Δʣ
9.3.1 伴ަͱ҉߸Խʹର͢ΔCPUͷ ίετ RSAͰެ։伴ͷॲཧʢʹΫϥΠΞϯτ͕ΔʣΑΓൿີ伴ͷ ॲཧʢʹαʔό͕Δʣͷ΄͏͕ॏ͍ɻ →ECDSAΛ͑ɻ
9.3.2 ΫϥΠΞϯτىݯͷ࠶ωΰγ Τʔγϣϯ ͜Ε͕ՄೳͳΒɺಉҰଓͰେྔͷϋϯυγΣΠΫΛൃੜͤ͞Β ΕΔͷͰɺthrottlingͷҙຯ͕ͳ͍ɻ IIS 6ɺApache 2.2.15Ҏ߱ͰΫϥΠΞϯτىݯͷ࠶ωΰγΤʔ γϣϯରԠ͍ͯ͠ͳ͍ʢNginxͦͦ࠷ॳ͔Βͳ͍ʣͷͰݱ తʹ΄΅ͳ͍ɻηΩϡϦςΟ্ͷ੬ऑੑ͋Γ͏ΔͷͰ
Θͳ͍΄͏͕͍͍ػೳͰ͢Ͷʢˠ7.1ষʣɻ
9.3.3 TLSʹର͢ΔDoS߈ܸͷ࠷దԽ : DoS߈ܸͷ࠷దԽͰ͢ɻ • ҉߸ॲཧΛ͠ͳ͍ϋϯυγΣΠΫϝοηʔδΛϋʔυίʔυ • αʔό͔Βड͚औͬͨϝοηʔδͷparse/ݕূΛলུ ͢Δͱαʔόʹ࠷ޙ·Ͱ༗ޮͳϋϯυγΣΠΫʹݟ͑ΔͷͰɺ αʔόͰܭࢉ͕ͬͯ͠·͏ɻαʔόʹରͯ͠ʮޮΑ͘ʯ
ʮܭࢉΛͤ͞Δʯ͜ͱ͕Ͱ͖ͯ͠·͏ɻ͜ΕΛΔͷ͕ sslsqueezeɻ