Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
TLS 1.3自作入門 / tls13
Search
Mako
August 09, 2021
Technology
1.3k
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
TLS 1.3自作入門 / tls13
seccamp2019 LT大会での発表内容
Mako
August 09, 2021
More Decks by Mako
See All by Mako
マイナンバーカードの暗号技術とセキュリティ
tex2e
2
3k
SELinuxで堅牢化する / selinux
tex2e
3
1.8k
プロトコルの形式的安全性検証ツールProVerif / proverif
tex2e
0
1.4k
マイナンバーカードで署名する / mynumbercard
tex2e
2
3.5k
Other Decks in Technology
See All in Technology
そこにあるから地図ができる~位置を示す"モノ"を愉しむ~ - Interface 2026年6月号GPS特集オフ会 / interface_202606_GPS_offline
sakaik
1
160
クラウドファンディング版StackChan 3体(4体)をインタラクティブな体験型作品にして展示もした話 / スタックチャンお誕生日会2026
you
PRO
0
260
技術・能力を向上する原理原則 #きのこセッションa #きのこ2026
bash0c7
0
190
「軸足」は 固定しなくていい - 熱量と強みで描く、しなやかなキャリアの形
kakehashi
PRO
1
310
AWS Summit 2026で見えたSIerにとっての Amazon Quickの位置づけ
maf_0521
0
140
AI時代における最適なQA組織の作り方
ymty
3
300
MySQL & MySQL HeatWave Report - June 2026
freshdaz
0
250
Hatena Engineer Seminar 37 jj1uzh
jj1uzh
0
370
AI Agentをシステムに組み込む前にゆるく向き合ってみる
hayama17
0
180
AI・ロボティクスと自動化社会 / AI, Robotics, and the Automated Society
ks91
PRO
0
120
初めてのDatabricks勉強会
taka_aki
2
220
「勝手に広まる」人気 AI エージェントを爆速で作ろう!(AWS Summit Japan 2026講演資料)
minorun365
PRO
10
2.8k
Featured
See All Featured
Building Applications with DynamoDB
mza
96
7.1k
It's Worth the Effort
3n
188
29k
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
170
My Coaching Mixtape
mlcsv
0
160
How to Grow Your eCommerce with AI & Automation
katarinadahlin
PRO
1
220
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
234
17k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
28
3.5k
Large-scale JavaScript Application Architecture
addyosmani
515
110k
Practical Orchestrator
shlominoach
191
11k
Google's AI Overviews - The New Search
badams
0
1.1k
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
1.1k
GraphQLの誤解/rethinking-graphql
sonatard
75
12k
Transcript
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ NͰͰ͖Δ! TLS 1.3ࣗ࡞ೖ @tex2e ηΩϡϦςΟɾΩϟϯϓશࠃେձ 2019 LT େձ
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ ࠓͷ͓ TLS 1.3
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ TLSͱ ௨৴͢Δ 2 ਓ͜Ε·Ͱʹձͬͨ͜ͱ͕ͳ͘ɺ ҆શͰͳ͍௨৴࿏Λͬͨͱͯ͠ɺ ҆શʹΓͱΓ͕Ͱ͖Δ
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ ҆શͳ௨৴࿏ͱ... • ਅਖ਼ੑ • ௨৴૬ख͕ຊͰ͋Δ͜ͱΛ֬ೝͰ͖Δ • (αʔόূ໌ॻʹΑΔೝূ ... X.509 Cert, PKI) • ػີੑ • ݖݶΛ࣋ͭਓ͚͕ͩΞΫηεͰ͖Δ • (௨৴༰ͷ҉߸Խ ... AES, ChaCha20) • શੑ • վ͟Μ͞Εͳ͍ • (ೝূ͖҉߸ʹΑΔվ͟Μݕ ... AEAD)
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ TLSͷϋϯυγΣΠΫ • Handshake • Ͳͷ҉߸εΠʔτΛ͏͔ܾΊΔ • ެ։ݤ҉߸Λ༻͍ͯݤڞ༗͢Δ • ূ໌ॻΛͬͯೝূ͢Δ • Application Data • ڞ௨ݤ҉߸Λ༻͍ͯ҉߸Խ͢Δ • HTTP Λ҉߸Խͨ͠σʔλͳͲ Open Socket Handshake Application Data Close Socket
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ TLS 1.3ͷΓͱΓ Client Server Client Hello Server Hello Application Data
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ ϓϩάϥϚͷ3େʮᅂΈʯ • ࣗ࡞ OS • ࣗ࡞ίϯύΠϥ (ϓϩάϥϛϯάݴޠ) • ࣗ࡞ϓϩτίϧελοΫ (TCP/IP, TLS) ˞ॾઆ͋Γ
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ TLSͲ͏ͬͯ࡞Δͷ? RFCΛಡΉ
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ TLS 1.3 (RFC 8446)
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ ߏମͱόΠτྻͷ૬ޓม ม ෮ݩ
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ ࣮ͷྲྀΕ TLS ͷΓͱΓͷ࣮ɿ 1. ιέοτ௨৴ 2. ϝοηʔδͷߏମͱόΠτྻͷ૬ޓม TLS ͷΓͱΓͷதͷ࣮ɿ 1. ପԁۂઢ Diffie-Hellman ݤڞ༗ 2. HKDF ʹΑΔݤεέδϡʔϦϯά 3. ೝূ͖҉߸ (AEAD) 4. X.509 ূ໌ॻ
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ TLS 1.3ͷ࠷৽ಈ (Server/Client)
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ TLS 1.3ͷ࠷৽ಈ (QUIC) UDP ͰίωΫγϣϯཱ֬ͱ TLS 1.3 ཱ֬Λಉ࣌ʹߦ͏ TCP + TLS 1.3 Client Server SYN SYN + ACK ACK Client Hello Server Hello Application Data QUIC (HTTP/3) Client Server QUIC QUIC QUIC Application Data
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ TLS 1.3ࣗ࡞ָ͍͚͠Ͳ͍͠ • จॻ΄ͱΜͲӳޠ • ҉߸ٕज़ͷج൫ͱͳΔֶͷࣝ • ωοτϫʔΫٕज़ͷࣝ • RFC ೖॻͰͳ͍ͷͰॳֶऀʹݫ͍͠
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ 30Ͱ TLS 1.3 ࡞Εͳ͍Α
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ ͓ΘΓ
ࢀߟจݙ I RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3. IETF, August 2018. Andy Brodie: Overview of TLS v1.3. OWASP, 2017. URL https://www.owasp.org/images/d/d3/TLS_v1.3_ Overview_OWASP_Final.pdf SSL Labs: SSL Pulse. Qualys, Inc, June 2019. URL https://www.ssllabs.com/ssl-pulse/ @Fyrd, @Lensco: Can I use... URL https://caniuse.com/ IETF Draft: “QUIC: A UDP-Based Multiplexed and Secure Transport”. URL https://tools.ietf.org/ html/draft-ietf-quic-transport-22
ࢀߟจݙ II Alessandro Ghedini: The Road to QUIC. Cloudflare, Inc, 2018. URL https://blog.cloudflare.com/the-road-to-quic/ խ ࢁຊ: TCP/IP ϓϩτίϧελοΫࣗ࡞ೖ. KLab Inc, 2018. URL https://www.slideshare.net/ pandax381/tcpip-105857327 Ivan Risti´ c ஶ, ᜊ౻ಓ ༁: ϓϩϑΣογϣφϧ SSL/TLS. ϥϜμϊʔτ, 2018.