SSL/TLS 1.3 Deep Dive

SSL/TLS 1.3 Deep Dive
SSL/TLS Deep Dive 신 은 수 Security Specialist Solutions Architect
Secure Socket Layer Transport Layer Security
Transport Layer Security 1994 — SSLv2 1995 — SSLv3 1999 — TLS 1.0 2006 — TLS 1.1 2008 — TLS 1.2 2018 — TLS 1.3
키 교환(비대칭키 교환) 세션을 시작할 때 암호화에 사용될 키를 교환하기 위한 방식을 정의 메시지 암호화(대칭키) 상호간의 데이터 전송 시 사용될 암호화 방식을 정의 메시지 인증 데이터의 무결성 검증을 위한 단방향 해쉬 RSA DHE_RSA ECDH(E)_RSA ECDH(E)_ECDSA AES DES/3DES RC4 Camellia MD5 SHA
비밀키 공개키 전자서명(부인방지) 암호화 로널드 라이베스트(Ron Rivest), 아디 샤미르(Adi Shamir), 레너드 애들먼(Leonard Adleman) 소인수분해에 기반한 대표적인 공개키 암호화 알고리즘 암호화 및 전자 서명에 사용 가능
서명을 통한 인증/무결성 확인 Subnet: Owner Name End-Entity Certificate Owner Public Key Issuer Name Issuer Signature Subject: Owner Name Intermediate Certificate Owner Public Key Issuer Name Issuer Signature Subject: Owner Name Root CA Certificate Owner Public Key Issuer Signature 발급자 확인 발급자 확인 Certificate 의 Signature 무결성 체크 Certificate 의 유효성 체크(만료 여부 확인) Certificate 의 폐기 여부 확인(CRL, OCSP) Certificate 의 발급자 확인(Issuer, Subject 확인) 서명을 통한 인증/무결성 확인
End-Entity Certificate Root CA Intermediate CA Root CA Subordinate CA End-Entity Certificate Intermediate CA Subordinate CA Cross Signing
TLS_ -AES128-GCM-SHA256 Signature Algorithm Mode of operation MAC & Hash size Key Exchange/ Agreement Protocol Key size Cipher
TLS Handshake
Client Hello Client Random Number Server Random Number Premaster Key Master Key(공유키) Server Hello Certificate ServerKeyExchange Server Hello Done ClientKeyExchange Finished ChangeCipherSpec ChangeCipherSpec Finished
ClientKeyExchange Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello Certificate ServerKeyExchange Server Hello Done o Master Key 생성에 사용될 Random Number 생성 Client Random Number Client Side Key Material Server Side Key Material
ClientKeyExchange Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello Certificate ServerKeyExchange Server Hello Done o 공유키 생성에 사용될 Random Number 생성 Client Side Key Material Server Side Key Material Client Random Number Client Random Number Server Random Number o Cipher Suite 는 Client 와 Server 가 모두 지원하는 Cipher Suite 중 최상위의 것을 선택
ClientKeyExchange Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello Certificate ServerKeyExchange Server Hello Done Client Side Key Material Server Side Key Material Client Random Number Client Random Number Server Random Number o 서버의 인증서를 클라이언트에 전송
ClientKeyExchange Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello Certificate Request ServerKeyExchange Server Hello Done Client Side Key Material Server Side Key Material Client Random Number Client Random Number Server Random Number o Client Certificate 요청
ClientKeyExchange Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello Certificate ServerKeyExchange Server Hello Done Client Side Key Material Server Side Key Material Client Random Number Client Random Number Server Random Number o 서버의 DH 키 정보를 클라이언트에 전송(옵션)
ClientKeyExchange Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello Certificate ServerKeyExchange Server Hello Done Client Side Key Material Server Side Key Material Client Random Number Client Random Number Server Random Number o Server Hello 가 완료되었음을 명시
Certificate Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello Certificate ServerKeyExchange Server Hello Done Client Side Key Material Server Side Key Material Client Random Number Client Random Number Server Random Number Server Random Number o Client Certificate 전송
ClientKeyExchange Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello Certificate ServerKeyExchange Server Hello Done Client Side Key Material Server Side Key Material Client Random Number Client Random Number Server Random Number o 클라이언트의 키 정보를 클라이언트에 전송(옵션) o Premaster Key 를 생성 Server Random Number Premaster Key 공유키 o C.R + S.R + Premaster Key 를 이용해 공유키 생성 o Premaster Key 를 서버의 공개키로 암호화 후 전송 o 인증서 확인(CA, CN, Expiration Date)
Certificate Verify Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello Certificate ServerKeyExchange Server Hello Done Client Side Key Material Server Side Key Material Client Random Number Server Random Number o Certificate Verify 전송 – 디지털 사인(인증서 소유를 증명) Client Random Number Server Random Number Premaster Key 공유키
ClientKeyExchange Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello Certificate ServerKeyExchange Server Hello Done Client Side Key Material Server Side Key Material Client Random Number Server Random Number o 비대칭키에서 공유키로 암호키 전환을 알림 Client Random Number Server Random Number Premaster Key 공유키
ClientKeyExchange Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello Certificate ServerKeyExchange Server Hello Done Client Side Key Material Server Side Key Material Client Random Number Client Random Number Server Random Number Server Random Number Premaster Key 공유키 o MAC 전송 o Handshake 전체에 대한 HASH 값 전송 o 공유키를 통해 암호화
ClientKeyExchange Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello Certificate ServerKeyExchange Server Hello Done Client Side Key Material Server Side Key Material Client Random Number Server Random Number Premaster Key 공유키 o C.R + S.R + Premaster Key 를 이용해 공유키 생성 o 비대칭키에서 공유키로 암호키 전환을 알림 o Premaster Key 를 서버의 비밀키로 복호화 Client Random Number Server Random Number Premaster Key 공유키
ClientKeyExchange Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello Certificate ServerKeyExchange Server Hello Done o MAC 전송 o Handshake 전체에 대한 HASH 값 전송 Client Side Key Material Server Side Key Material Client Random Number Server Random Number Premaster Key 공유키 o 공유키를 통해 암호화 Client Random Number Server Random Number Premaster Key 공유키
Client Hello Server Hello Certificate ServerKeyExchange Server Hello Done ClientKeyExchange Finished ChangeCipherSpec ChangeCipherSpec Finished DH Client Private Client Side Key Material Server Side Key Material DH Client Public DH Server Private 공유키 DH Server Public 공유키
ClientKeyExchange Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello Certificate ServerKeyExchange Server Hello Done First Round Trip Time Second Round Trip Time
Renegotiation vs Resumption
ClientKeyExchange Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello Certificate ServerKeyExchange Server Hello Done TLS Full Handshake TLS Renegotiation ClientKeyExchange Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello Certificate ServerKeyExchange Server Hello Done Client Renego Request Server Renego Request
ClientKeyExchange Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello Certificate ServerKeyExchange Server Hello Done Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello TLS Full Handshake TLS Abbreviated handshake
P F S
RSA 키 교환 방식의 문제점 ClientKeyExchange Finished ChangeCipherSpec ChangeCipherSpec Finished Client Hello Server Hello Certificate ServerKeyExchange Server Hello Done o Premaster Key 를 생성 o Premaster Key 를 서버의 공개키로 암호화 공격자는 Handshake 트래픽과 Server 의 Private Key 를 탈취하면 모든 트래픽을 복호화 가능 Client Random Number Server Random Number Premaster Key
Public Subnet RSA 키 교환 방식의 문제점 VPC Instance 사용자 암호문 암호문 암호문 암호문 복호화에 동일한 비밀키 필요 Client Random Number Server Random Number Premaster Key 핸드쉐이크 트래픽과 Private Key 를 획득하면 대칭키 생성 가능 생성된 대칭키를 이용하여 기존에 생성된 모든 암호문에 대한 복호화 가능
Diffie Helman – 모듈러 연산 Client Server x - Private Key y – Private Key X = g^x mod n(Public Key) Y = g^y mod n (Public Key) K = Y^x mod n K’ = X^y mod n = = mod mod ( ) ( ) 공개키 비밀키 공개키 비밀키 공유키 Server Public Key Client Public Key 모듈러 연산에 기반한 공개키/비밀키 생성 및 교환 후 공유키 생성
Diffie Helman Ephemeral = = mod mod ( ) ( ) 공개키 비밀키 공개키 비밀키 공유키 Forward Secrecy Diffie Helman Diffie Helman Ephemeral = = mod mod ( ) ( ) 공개키 비밀키 공개키 비밀키 공유키 Forward Secrecy
Elliptic Curve Cryptography
Elliptic Curve 암호 – 타원곡선 노출된 값 P 와 비밀키 d 를 연산하여 공개키 Q 를 얻는 것은 쉬움 노출된 값(P, 공개키 Q) 를 이용하여 비밀키 d 를 얻는 것은 어려움
( ) Elliptic Curve – 대수 곡선/타원곡선 Client Server x𝐴 - Private Key(난수) 𝑘𝐵 – Private Key(난수) 𝑃𝐴 = 𝑘𝐴P(Public Key) 𝑃𝐵 = 𝑘𝐵P(Public Key) K = 𝑘𝐴𝑃𝐵 K’ = 𝑘𝐵𝑃𝐴 = = , , ( ) 공개키 비밀키 공개키 비밀키 공유키 Server Public Key Client Public Key 𝑘𝐴 = 𝑘𝐵 = ∈{1,...,𝑛−1}∈{1,...,n−1} 이산대수 연산 기법에 기반한 공개키/비밀키 생성 및 교환 후 공유키 생성
Elliptic Curve Diffie Helman Ephemeral Forward Secrecy EC Diffie Helman EC Diffie Helman Ephemeral Forward Secrecy ( ) = = , , ( ) 공개키 비밀키 공개키 비밀키 공유키 ( ) = = , , ( ) 공개키 비밀키 공개키 비밀키 공유키
Mutual TLS(mTLS)
Private CA #1 Private CA #2 Root CA #1 Cert Root CA #2 Cert Client 인증서 Server 인증서 ECS Service A ECS Service B Envoy Proxy Envoy Proxy Root CA #2 Trust Chain Root CA #1 Trust Chain Client 인증서 Server 인증서 Client Hello Server Hello Certificate Client Cert Req Server Done Client Certificate Root CA #1 Cert Client 인증서 암호화된 Private Key Root CA #1 Cert Client 인증서 암호화된 Private Key Private Key 비밀번호 AWS Certificate Manager AWS App Mesh 1 2 3 8 7 6 5 4 AWS Lambda Private Key PassPhrase 9 12 11 Secrets Manager Cert 관련 정보 내보내기 Cert 관련 정보 가져오기 10 Root CA#2 Certificate Server Certificate/Key To Envoy File System
Why TLS 1.3?
Bleichenbacher 1998 Vaudenay 2002 Boneh/Brumley 2003 Marsh Ray Attack 2009 Renegotiation DoS 2011 BEAST 2011 CRIME 2012 Lucky13 2013 POODLE 2014 HEARTBLEED 2014 Triple Handshake 2014 Lucky Microseconds 2015 Jager 2015 DROWN 2016 SLOTH 2016
구성 요소의 간소화(Clean up) 지연 속도 개선(Latency) 프라이버시 개선(Privacy) 연속성 보장(Continuity) 보안(Security) Reserved Instances Make a 1 or 3-year commitment and receive a off On-Demand prices Committed & steady-state usage
키 교환 알고리즘 RSA 암호화 알고리즘 RC4 3DES Camellia 해쉬 알고리즘 MD5 SHA-1 Cipher Mode AES-CBC Compression Renegotiation Static RSA/DH Custom (EC)DHE Group Custom Curve Vaudenay 2002 Boneh/Brumley 2003 BEAST 2011 Lucky13 2013 POODLE 2014 Lucky Microseconds 2015 Bleichenbacher 1998 Jager 2015 DROWN 2016 CRIME 2012 Marsh Ray Attack 2009 Renegotiation DoS 2011 Triple Handshake 2014 SLOTH 2016 No Forward Secrecy No Forward Secrecy Vulnerable Vulnerable
TLS_ AEAD Cipher Mode HKDF Hash 알고리즘 Protocol Cipher *HKDF = HMAC-based Key Derivation Function *Authenticated Encryption with Associated Data
TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_8_SHA256
TLS 1.3 Handshake
Finished Finished Client Hello Server Hello Client Key Share Client Pre Shared Key* Server Key Share Server Pre Shared Key* Server Certificate Server Cert Verify Certificate Request* Client Certificate* Client Cert Verify* Encrypted Extension
Client Side Key Material Server Side Key Material Finished Finished Client Hello Server Hello Client Key Share Server Key Share Server Pre Shared Key* Server Certificate Server Cert Verify Certificate Request* Client Certificate* Client Cert Verify* o 256bit Nonce 값 생성 후 전송 o Key Share – ECDH Public 값 전송 Client Pre Shared Key* ECDH Client Private ECDH Client Public
Finished Finished Client Hello Client Key Share Client Certificate* Client Cert Verify* Client Pre Shared Key* ECDH Client Private Client Side Key Material Server Side Key Material o Key Share – 재전송 요청 ECDH Client Public Hello Retry
Finished Finished Client Hello Client Key Share Client Certificate* Client Cert Verify* Client Pre Shared Key* ECDH Client Private Client Side Key Material Server Side Key Material Hello Retry Client Hello Client Key Share Client Pre Shared Key* o 256bit Nonce 값 생성 후 전송 o Key Share – ECDH Public 값 전송 ECDH Client Public
Finished Finished Client Hello Client Key Share Client Certificate* Client Cert Verify* Client Pre Shared Key* ECDH Client Private Client Side Key Material Server Side Key Material o 256bit Nonce 값 생성 후 전송 o Key Share – ECDH Public 값 전송 ECDH Client Public ECDH Server Private ECDH Server Public 공유키 Server Hello Server Key Share Server Pre Shared Key* Server Certificate Server Cert Verify Certificate Request* o Client 인증서 요청(옵션)
Client Side Key Material Server Side Key Material Finished Client Hello Client Key Share Client Certificate* Client Cert Verify* Client Pre Shared Key* Server Hello Server Key Share Server Pre Shared Key* Server Certificate Server Cert Verify Certificate Request* o Handshake 에 대한 HASH 값 전송 Finished ECDH Client Private ECDH Client Public ECDH Server Private ECDH Server Public 공유키
Finished Client Hello Client Key Share Client Pre Shared Key* Server Hello Server Key Share Server Pre Shared Key* Server Certificate Server Cert Verify Certificate Request* ECDH Client Private Client Side Key Material Server Side Key Material ECDH Server Public 공유키 o 인증서 검증 o ECDH Client Public, ECDH Server Private 을 이용 공유키 생성 o Handshake 에 대한 HASH 값 전송 Finished Client Certificate* Client Cert Verify* o Client Certificate 전송 o Client Certificate Verify 전송 ECDH Client Public ECDH Server Private 공유키
Finished Finished Client Hello Server Hello Client Key Share Client Pre Shared Key* Server Key Share Server Pre Shared Key* Server Certificate Server Cert Verify Certificate Request* Client Certificate* Client Cert Verify* Encrypted Extension First Round Trip Time
Finished Finished Client Hello Server Hello Client Key Share Client Pre Shared Key Server Key Share Server Pre Shared Key PSK 혹은 PSK w/ Key Share
Finished Finished Client Hello Server Hello Client Key Share Client Pre Shared Key Server Key Share Server Pre Shared Key GET /index.html 200 OK
효율성 개선 옵션의 축소 너무나 많은 Extension 호환성 보장을 위한 복잡도 증가
감사합니다!

SSL/TLS 1.3 Deep Dive

Check these out next

SSL/TLS 1.3 Deep Dive

Recommended

More Related Content

Slideshows for you(20)

Similar to SSL/TLS 1.3 Deep Dive (15)

Recently uploaded(20)

SSL/TLS 1.3 Deep Dive