39常用安全协议.ppt

《39常用安全协议.ppt》由会员分享，可在线阅读，更多相关《39常用安全协议.ppt（29页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、1Chapter 6常用安全常用安全协议协议2Chapter 6HTTP ProtocolHttp协议协议Hyper Text Transfer Protocol 超文本传输协议超文本传输协议Used on the Internet Internet上使用上使用Based on Request-Response Model 基于请求基于请求-响应模式响应模式3Chapter 6Static Web Page静态静态Web页面页面Fig 6.1Web BrowserWeb ServerStep 1:HTTP RequestStep 2:HTTP ResponseExample4Chapter 6

2、Sample HTTP InteractionHTTP交互例子交互例子Fig 6.2Web BrowserWeb ServerGET/files/new/image1 HTTP/1.1Accept:image/gifAccept:image/jpegHTTP/1.1 200 OKDate:Tue,19-06-02 15:58:10 GMTServer:MyServerContent-length:3010(Actual data for the image)HTTP RequestHTTP Response5Chapter 6Dynamic Web Page动态动态Web页页Client se

3、nds HTTP Request 客户端发送客户端发送HTTP请求请求Server executes a program 服务器执行程序服务器执行程序Server sends back an HTTP Response 服务器返回一个服务器返回一个HTTP响应响应6Chapter 6Dynamic Web Page动态动态Web页页Fig 6.3Web BrowserWeb ServerStep 1:HTTP RequestStep 4:HTTP ResponseStep 2:Invokes an application program in response to the HTTP requ

4、estStep 3:The program executes and produces HTML output7Chapter 6Active Web Page活动活动Web页页Client sends HTTP Request 客户端发送客户端发送HTTP请求请求Server sends back HTML Page and a Client-side Program 服务器端返回服务器端返回HTML页和客户端程序页和客户端程序Examples:Applet,ActiveX Control 例如：Applet,ActiveX Control8Chapter 6Active Web Page活

5、动活动Web页页Fig 6.4Web BrowserWeb ServerStep 1:HTTP RequestStep 2:HTTP ResponseContainsHTML Page.Small Program.Step 3:Browser interprets HTML page and also executes the program9Chapter 6TCP/IPTCP/IP协议协议Transmission Control Protocol/Internet Protocol 传输层控制协议传输层控制协议/Internet协议协议Convention for communicatio

6、n on the Internet Internet上通信的协定上通信的协定Consists of five layers of software 包含包含5层软件层软件10Chapter 6TCP/IP LayersTCP/IP层层Fig 6.5Layer NumberLayer Name5(Highest)Application4Transport3Internet2Data link1(Lowest)Physical11Chapter 6TCP/IP LayersFig 6.6Application LayerTransport LayerInternet LayerData Link

7、LayerPhysical Layer12Chapter 6TCP/IP ConceptTCP/IP概念概念All layers except physical layer communicate with adjacent layers on the same computer 除了物理层的所有层都和同一计算机上的相邻除了物理层的所有层都和同一计算机上的相邻层进行通信层进行通信Physical layer is the only layer where actual transmission between two computers happens 物理层是唯一在两个计算机间进行实际数据传

8、物理层是唯一在两个计算机间进行实际数据传输的层输的层13Chapter 6TCP/IP CommunicationTCP/IP通信通信Fig 6.7XYIntermediate nodesApplicationTransportNetworkData LinkPhysicalNetworkData LinkPhysicalApplicationTransportNetworkData LinkPhysicalCommunication linkNetworkData LinkPhysicalNetworkData LinkPhysical14Chapter 6Data Exchange usi

9、ng TCP/IP Layers使用使用TCP/IP层交换数据层交换数据XL5 data H4010101010100010101010010Transmission mediumL5 dataH3L4 dataH2L3 dataYL5 data H4010101010100010101010010L5 dataH3L4 dataH2L3 dataApplicationTransportInternetData linkPhysical15Chapter 6Secure Socket Layer(SSL)安全套接层安全套接层Worlds most widely used security me

10、chanism on the Internet 全世界最广泛使用的全世界最广泛使用的Internet安全机制安全机制Secures communication between a client and a server 实现客户端和服务器端的安全通信实现客户端和服务器端的安全通信Located between the Application and Transport Layers of TCP/IP protocol suite 位于位于TCP/IP协议组的应用层和传输层之间协议组的应用层和传输层之间16Chapter 6Secure Socket Layer(SSL)安全套接层安全套接层o

11、riginally developed by Netscape 最初由最初由Netscape 公司开发公司开发SSL has two layers of protocols SSL有两层协议有两层协议SSL Architecture17Chapter 6Position of SSL in TCP/IPTCP/IP中中SSL的位置的位置Fig 6.9Application LayerTransport LayerInternet LayerData Link LayerPhysical LayerSSL Layer18Chapter 6Data Exchange including SSL包含

12、包含SSL的数据交换的数据交换Fig 6.10XL5 data 010101010100010101010010Transmission mediumH4L5 dataH3L4 dataApplicationTransportInternetPhysicalL5 data SSLSHH2L3 dataData LinkYL5 data 010101010100010101010010H4L5 dataH3L4 dataL5 data SHH2L3 data19Chapter 6SSL Sub-ProtocolsSSL子协议子协议Handshake Protocol 握手协议握手协议Record

13、 Protocol 记录协议记录协议Alert Protocol 警报协议警报协议20Chapter 6SSL Handshake Message FormatSSL握手消息格式握手消息格式Fig 6.11TypeLengthContent1 byte3 bytes1 or more bytes21Chapter 6SSL Handshake Messages SSL握手消息握手消息Fig 6.12Message TypeParametersHello requestNoneClient helloVersion,Random number,Session id,Cipher suite,Co

14、mpression methodServer helloVersion,Random number,Session id,Cipher suite,Compression methodCertificateChain of X.509V3 certificatesServer key exchangeParameters,signatureCertificate requestType,authoritiesServer hello doneNoneCertificate verifySignatureClient key exchangeParameters,signatureFinishe

15、dHash value22Chapter 6SSL Handshake ProtocolSSL握手协议握手协议comprises a series of messages in phases 由当前状态的一系列消息组成由当前状态的一系列消息组成Establish Security Capabilities（建立安全能力）建立安全能力）Server Authentication and Key Exchange（服务器服务器认证和密钥交换）认证和密钥交换）Client Authentication and Key Exchange（客户端认客户端认证和密钥交换）证和密钥交换）Finish（完成）

16、完成）23Chapter 6SSL Handshake Process SSL握手处理握手处理Fig 6.13Web BrowserWeb Server1.Establish security capabilities2.Server authentication and key exchange3.Client authentication and key exchange4.Finish24Chapter 6SSL Handshake Phase 1 SSL握手握手-1阶段阶段Fig 6.14Web BrowserWeb ServerStep 1:Client helloStep 2:Se

17、rver hello25Chapter 6SSL Handshake Phase 2 SSL握手握手-2阶段阶段Fig 6.15Web BrowserWeb ServerStep 1:CertificateStep 2:Server key exchangeStep 3:Certificate requestStep 4:Server hello done26Chapter 6SSL Handshake Phase 3 SSL握手握手-3阶段阶段Fig 6.16Web BrowserWeb ServerStep 1:CertificateStep 2:Client key exchangeSt

18、ep 3:Certificate request27Chapter 6SSL Handshake Phase 4 SSL握手握手-4阶段阶段Fig 6.17Web BrowserWeb ServerStep 3:Change cipher specsStep 4:Finished1.Change cipher specs2.Finished28Chapter 6SSL Handshake SSL握手握手FinishedClintServerClient HelloSSLServer HelloCertificateServer Key ExchangeCertificate RequestSe

19、rver Hello doneCertificateClient Key ExchangeCertificate VerifyChange Cipher SpecFinishedChange Cipher SpecTimePhase 1Phase 2Phase 3Phase 429Chapter 6SSL Record Protocol SSL记录协议记录协议Confidentiality（保密性）保密性）using symmetric encryption with a shared secret key defined by Handshake Protocol（握手协议定义了加密的握手协议定义了加密的对称加密共享密钥）对称加密共享密钥）message is compressed before encryption（消息在加密前消息在加密前可以压缩）可以压缩）message integrity（消息完整性）消息完整性）using a MAC with shared secret key（定义了生成消息认定义了生成消息认证码的共享密钥）证码的共享密钥）