SSL/TLS 1.3 Deep Dive

SSL/TLS Deep Dive
신 은 수
Security Specialist Solutions Architect

Secure Socket Layer
Transport Layer Security

Transport Layer Security
1994 — SSLv2
1995 — SSLv3
1999 — TLS 1.0
2006 — TLS 1.1
2008 — TLS 1.2
2018 — TLS 1.3

키 교환(비대칭키 교환)
세션을 시작할 때 암호화에 사용될 키를 교환하기 위한 방식을 정의
메시지 암호화(대칭키)
상호간의 데이터 전송 시 사용될 암호화 방식을 정의
메시지 인증
데이터의 무결성 검증을 위한 단방향 해쉬
RSA
DHE_RSA
ECDH(E)_RSA
ECDH(E)_ECDSA
AES
DES/3DES
RC4
Camellia
MD5
SHA

비밀키 공개키
전자서명(부인방지) 암호화
로널드 라이베스트(Ron Rivest), 아디 샤미르(Adi Shamir), 레너드 애들먼(Leonard Adleman)
소인수분해에 기반한 대표적인 공개키 암호화 알고리즘
암호화 및 전자 서명에 사용 가능

서명을 통한 인증/무결성 확인
Subnet: Owner Name
End-Entity Certificate
Owner Public Key
Issuer Name
Issuer Signature
Subject: Owner Name
Intermediate Certificate
Owner Public Key
Issuer Name
Issuer Signature
Subject: Owner Name
Root CA Certificate
Owner Public Key
Issuer Signature
발급자 확인
발급자 확인
Certificate 의 Signature 무결성 체크
Certificate 의 유효성 체크(만료 여부 확인)
Certificate 의 폐기 여부 확인(CRL, OCSP)
Certificate 의 발급자 확인(Issuer, Subject 확인)
서명을 통한 인증/무결성 확인

Root CA
Intermediate CA
Root CA
Subordinate CA
Intermediate CA
Subordinate CA
Cross Signing

TLS_ -AES128-GCM-SHA256
Signature
Algorithm Mode of
operation
MAC &
Hash size
Key
Exchange/
Agreement
Protocol
Key
size
Cipher

Client Hello
Client Random Number
Server Random Number
Premaster Key
Master Key(공유키)
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished

ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
o Master Key 생성에 사용될 Random Number 생성
Client Side Key Material
Server Side Key Material

ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
o 공유키 생성에 사용될 Random Number 생성
o Cipher Suite 는 Client 와 Server 가 모두 지원하는 Cipher Suite
중 최상위의 것을 선택

ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
o 서버의 인증서를 클라이언트에 전송

ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate Request
ServerKeyExchange
Server Hello Done
o Client Certificate 요청

ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
o 서버의 DH 키 정보를 클라이언트에 전송(옵션)

ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
o Server Hello 가 완료되었음을 명시

Certificate
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
o Client Certificate 전송

ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
o 클라이언트의 키 정보를 클라이언트에 전송(옵션)
o Premaster Key 를 생성
Premaster Key
공유키
o C.R + S.R + Premaster Key 를 이용해 공유키 생성
o Premaster Key 를 서버의 공개키로 암호화 후 전송
o 인증서 확인(CA, CN, Expiration Date)

Certificate Verify
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
o Certificate Verify 전송 – 디지털 사인(인증서 소유를 증명)
Premaster Key
공유키

ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
o 비대칭키에서 공유키로 암호키 전환을 알림
Premaster Key
공유키

ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
Premaster Key
공유키
o MAC 전송
o Handshake 전체에 대한 HASH 값 전송
o 공유키를 통해 암호화

ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
Premaster Key
공유키
o C.R + S.R + Premaster Key 를 이용해 공유키 생성
o 비대칭키에서 공유키로 암호키 전환을 알림
o Premaster Key 를 서버의 비밀키로 복호화
Premaster Key
공유키

ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
o MAC 전송
o Handshake 전체에 대한 HASH 값 전송
Premaster Key
공유키
o 공유키를 통해 암호화
Premaster Key
공유키

Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
DH Client Private
DH Client Public
DH Server Private
공유키
DH Server Public
공유키

ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
First Round Trip Time
Second Round Trip Time

ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
TLS Full Handshake TLS Renegotiation
ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
Client Renego Request
Server Renego Request

ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
TLS Full Handshake TLS Abbreviated handshake

RSA 키 교환 방식의 문제점
ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
o Premaster Key 를 생성
o Premaster Key 를 서버의 공개키로 암호화
공격자는 Handshake 트래픽과 Server 의 Private Key 를 탈취하면 모든 트래픽을 복호화 가능
Client Random Number Server Random Number Premaster Key

Public Subnet
RSA 키 교환 방식의 문제점
VPC
Instance
사용자
암호문 암호문 암호문 암호문
복호화에 동일한 비밀키 필요
Client Random Number Server Random Number Premaster Key
핸드쉐이크 트래픽과 Private Key 를 획득하면 대칭키 생성 가능
생성된 대칭키를 이용하여 기존에 생성된 모든 암호문에 대한 복호화 가능

Diffie Helman – 모듈러 연산
Client Server
x - Private Key y – Private Key
X = g^x mod n(Public Key) Y = g^y mod n (Public Key)
K = Y^x mod n K’ = X^y mod n
= = mod
mod
( ) ( )
공개키 비밀키 공개키 비밀키
공유키
Server Public Key Client Public Key
모듈러 연산에 기반한 공개키/비밀키 생성 및 교환 후 공유키 생성

Diffie Helman Ephemeral
= = mod
mod
( ) ( )
공유키
Forward Secrecy
Diffie Helman
Diffie Helman Ephemeral
= = mod
mod
( ) ( )
공유키
Forward Secrecy

Elliptic Curve 암호 – 타원곡선
노출된 값 P 와 비밀키 d 를 연산하여 공개키 Q 를 얻는 것은 쉬움
노출된 값(P, 공개키 Q) 를 이용하여 비밀키 d 를 얻는 것은 어려움

( )
Elliptic Curve – 대수 곡선/타원곡선
Client Server
x𝐴 - Private Key(난수) 𝑘𝐵 – Private Key(난수)
𝑃𝐴 = 𝑘𝐴P(Public Key) 𝑃𝐵 = 𝑘𝐵P(Public Key)
K = 𝑘𝐴𝑃𝐵 K’ = 𝑘𝐵𝑃𝐴
= = ,
, ( )
공유키
Server Public Key Client Public Key
𝑘𝐴 = 𝑘𝐵 = ∈{1,...,𝑛−1}∈{1,...,n−1}
이산대수 연산 기법에 기반한 공개키/비밀키 생성 및 교환 후 공유키 생성

Elliptic Curve Diffie Helman Ephemeral
Forward Secrecy
EC Diffie Helman
EC Diffie Helman Ephemeral
Forward Secrecy
( ) = = ,
, ( )
공유키
( ) = = ,
, ( )
공유키

Private CA #1 Private CA #2
Root CA #1 Cert Root CA #2 Cert
Client 인증서 Server 인증서
ECS Service A ECS Service B
Envoy Proxy Envoy Proxy
Root CA #2
Trust Chain
Root CA #1
Trust Chain
Client 인증서 Server 인증서
Client Hello
Server Hello
Certificate
Client Cert Req
Server Done
Client Certificate
Root CA #1 Cert
Client 인증서
암호화된 Private Key
Root CA #1 Cert
Client 인증서
암호화된 Private Key
Private Key 비밀번호
AWS Certificate Manager
AWS App Mesh
1 2
3
8
7
6
5
4
AWS Lambda Private Key PassPhrase
9
12
11
Secrets Manager
Cert 관련 정보 내보내기
Cert 관련 정보 가져오기
10
Root CA#2 Certificate Server Certificate/Key
To Envoy File System

Bleichenbacher 1998
Vaudenay 2002
Boneh/Brumley 2003
Marsh Ray Attack 2009
Renegotiation DoS 2011
BEAST 2011
CRIME 2012
Lucky13 2013
POODLE 2014
HEARTBLEED 2014
Triple Handshake 2014
Lucky Microseconds 2015
Jager 2015
DROWN 2016
SLOTH 2016

구성 요소의 간소화(Clean up)
지연 속도 개선(Latency)
프라이버시 개선(Privacy)
연속성 보장(Continuity)
보안(Security)
Reserved Instances
Make a 1 or 3-year commitment
and receive a
off On-Demand prices
Committed &
steady-state usage

키 교환 알고리즘
RSA
암호화 알고리즘
RC4
3DES
Camellia
해쉬 알고리즘
MD5
SHA-1
Cipher Mode
AES-CBC
Compression
Renegotiation
Static RSA/DH
Custom (EC)DHE Group
Custom Curve
Vaudenay 2002
Boneh/Brumley 2003
BEAST 2011
Lucky13 2013
POODLE 2014
Lucky Microseconds 2015
Bleichenbacher 1998
Jager 2015 DROWN 2016
CRIME 2012
Marsh Ray Attack 2009
Renegotiation DoS 2011
Triple Handshake 2014
SLOTH 2016
No Forward Secrecy
No Forward Secrecy
Vulnerable
Vulnerable

TLS_
AEAD Cipher Mode HKDF Hash
알고리즘
Protocol Cipher
*HKDF = HMAC-based Key Derivation Function
*Authenticated Encryption with Associated Data

TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_CCM_SHA256
TLS_AES_128_CCM_8_SHA256

Finished
Finished
Client Hello
Server Hello
Client Key Share
Client Pre Shared Key*
Server Key Share
Server Pre Shared Key*
Server Certificate
Server Cert Verify
Certificate Request*
Client Certificate*
Client Cert Verify*
Encrypted Extension

Finished
Finished
Client Hello
Server Hello
Client Key Share
Server Key Share
Server Certificate
Server Cert Verify
Client Certificate*
Client Cert Verify*
o 256bit Nonce 값 생성 후 전송
o Key Share – ECDH Public 값 전송
ECDH Client Private
ECDH Client Public

Finished
Finished
Client Hello
Client Key Share
Client Certificate*
Client Cert Verify*
ECDH Client Private
o Key Share – 재전송 요청
ECDH Client Public
Hello Retry

Finished
Finished
Client Hello
Client Key Share
Client Certificate*
Client Cert Verify*
ECDH Client Private
Hello Retry
Client Hello
Client Key Share
ECDH Client Public

Finished
Finished
Client Hello
Client Key Share
Client Certificate*
Client Cert Verify*
ECDH Client Private
ECDH Client Public
ECDH Server Private
ECDH Server Public
공유키
Server Hello
Server Key Share
Server Certificate
Server Cert Verify
o Client 인증서 요청(옵션)

Finished
Client Hello
Client Key Share
Client Certificate*
Client Cert Verify*
Server Hello
Server Key Share
Server Certificate
Server Cert Verify
o Handshake 에 대한 HASH 값 전송
Finished
ECDH Client Private
ECDH Client Public
ECDH Server Private
ECDH Server Public
공유키

Finished
Client Hello
Client Key Share
Server Hello
Server Key Share
Server Certificate
Server Cert Verify
ECDH Client Private
ECDH Server Public
공유키
o 인증서 검증
o ECDH Client Public, ECDH Server Private 을 이용 공유키 생성
o Handshake 에 대한 HASH 값 전송
Finished
Client Certificate*
Client Cert Verify*
o Client Certificate 전송
o Client Certificate Verify 전송 ECDH Client Public
ECDH Server Private
공유키

Finished
Finished
Client Hello
Server Hello
Client Key Share
Server Key Share
Server Certificate
Server Cert Verify
Client Certificate*
Client Cert Verify*
Encrypted Extension
First Round Trip Time

Finished
Finished
Client Hello
Server Hello
Client Key Share
Client Pre Shared Key
Server Key Share
Server Pre Shared Key
PSK 혹은 PSK w/ Key Share

Finished
Finished
Client Hello
Server Hello
Client Key Share
Client Pre Shared Key
Server Key Share
Server Pre Shared Key
GET /index.html
200 OK

효율성 개선
옵션의 축소
너무나 많은 Extension
호환성 보장을 위한 복잡도 증가

SSL/TLS 1.3 Deep Dive

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to SSL/TLS 1.3 Deep Dive

Similar to SSL/TLS 1.3 Deep Dive (15)

SSL/TLS 1.3 Deep Dive