Upload
hyeok-oh
View
69
Download
0
Embed Size (px)
Citation preview
SSL/TLS그리고�암호화
SSL/TLS
SSL?
▸ SSL(Secure�Socket�Layer)넷스케이프사에서�전자상거래�보안을�위해�개발�
▸ TLS(Transport�Layer�Security)라는�이름으로�표준화IETF가�표준�유지관리�
▸ OSI�7�중에서�전송층(Transport�Layer,�4)에�기반한�암호화�방식HTTP뿐만�아니라�NNTP,�FTP,�XMPP등�응용층(Application�Layer,�7)�프로토콜에�상관없이�사용�가능
SSL/TLS
WHY�SSL?
A B
HACKER
ID PASSWD
EMAIL ADDR PHONE NO.
ETC
Hello SSL Hello SSL
Hello SSL
SSL/TLS
WHY�SSL?
A B
ID PASSWD
EMAIL ADDR PHONE NO.
ETCHACKER
Hello SSL Hello SSL
FxxK U
ENCRYPT DECRYPTFxxK U
SSL/TLS
SSL을�알기위해�알아야�할�것들
▸ 대칭키(Symmetric-Key)�암호화�
▸ 공개키(Public-Key)�or�비대칭키(Asymmetric-Key)�암호화�
▸ 인증기관(CA,�Certificate�Authority)
SSL/TLS
대칭키(SYMMETRIC-KEY)�암호화
A B
SSL/TLS
대칭키(SYMMETRIC-KEY)�암호화
A BLOVE LETTER
SSL/TLS
대칭키(SYMMETRIC-KEY)�암호화
A BLOVE LETTER
C
SSL/TLS
대칭키(SYMMETRIC-KEY)�암호화
A BLOVE LETTER
C
SSL/TLS
대칭키(SYMMETRIC-KEY)�암호화
A BLOVE LETTER
C얼레리 꼴레리~
SSL/TLS
대칭키(SYMMETRIC-KEY)�암호화
A B
ENCRYPTION KEY L -> A O -> B V -> E E -> V T -> L R -> P
SSL/TLS
대칭키(SYMMETRIC-KEY)�암호화
A B
ENCRYPTION KEY L -> A O -> B V -> E E -> V T -> L R -> P
ENCRYPTION KEY L -> A O -> B V -> E E -> V T -> L R -> P
SSL/TLS
대칭키(SYMMETRIC-KEY)�암호화
A BLOVE LETTER
ENCRYPTION KEY L -> A O -> B V -> E E -> V T -> L R -> P
ENCRYPTION KEY L -> A O -> B V -> E E -> V T -> L R -> P
SSL/TLS
대칭키(SYMMETRIC-KEY)�암호화
A B
ENCRYPTION KEY L -> A O -> B V -> E E -> V T -> L R -> P
ENCRYPT
ENCRYPTION KEY L -> A O -> B V -> E E -> V T -> L R -> P
ABEV AVLLVP
C
SSL/TLS
대칭키(SYMMETRIC-KEY)�암호화
A B
ENCRYPTION KEY L -> A O -> B V -> E E -> V T -> L R -> P
ENCRYPT
ENCRYPTION KEY L -> A O -> B V -> E E -> V T -> L R -> P
ABEV AVLLVP
C
SSL/TLS
대칭키(SYMMETRIC-KEY)�암호화
A B
ENCRYPTION KEY L -> A O -> B V -> E E -> V T -> L R -> P
ENCRYPT
ENCRYPTION KEY L -> A O -> B V -> E E -> V T -> L R -> P
ABEV AVLLVP
C???????
SSL/TLS
대칭키(SYMMETRIC-KEY)�암호화
A B
ENCRYPTION KEY L -> A O -> B V -> E E -> V T -> L R -> P
ENCRYPTION KEY L -> A O -> B V -> E E -> V T -> L R -> PC
???????
DECRYPTLOVE LETTER
SSL/TLS
대칭키(SYMMETRIC-KEY)�암호화
A B
C
ENCRYPTION KEY L -> A O -> B V -> E E -> V T -> L R -> P
ENCRYPT/ DECRYPT
ENCRYPT/ DECRYPT
ENCRYPTION KEY L -> A O -> B V -> E E -> V T -> L R -> P
???????
ABEV AVLLVP
DES, AES, 3DES, IDEA, RC4, TWOFISH, SERPENT, BLOWFISH, CAST5
SSL/TLS
대칭키(SYMMETRIC-KEY)�암호화
SSL/TLS
공개키(PUBLIC-KEY)�OR�비대칭키(ASYMMETRIC-KEY)�암호화
A B
PUBLIC KEYPRIVATE KEY
SSL/TLS
공개키(PUBLIC-KEY)�OR�비대칭키(ASYMMETRIC-KEY)�암호화
A B
PUBLIC KEY PUBLIC KEYPRIVATE KEY
SSL/TLS
공개키(PUBLIC-KEY)�OR�비대칭키(ASYMMETRIC-KEY)�암호화
A BENCRYPT DECRYPT
PUBLIC KEYPUBLIC KEY
PRIVATE KEY
SSL/TLS
공개키(PUBLIC-KEY)�OR�비대칭키(ASYMMETRIC-KEY)�암호화
A BENCRYPT DECRYPT
PUBLIC KEY PRIVATE KEY
PUBLIC KEY
SSL/TLS
공개키(PUBLIC-KEY)�OR�비대칭키(ASYMMETRIC-KEY)�암호화
A BENCRYPT/ DECRYPT
ENCRYPT/ DECRYPT
PUBLIC KEYPRIVATE KEY PUBLIC KEYPRIVATE KEY
PUBLIC KEYPUBLIC KEY
RSA, DSS, DIFFIE-HELLMAN KEY EXCHANGE, ECC
SSL/TLS
공개키(PUBLIC-KEY)�OR�비대칭키(ASYMMETRIC-KEY)�암호화
SSL/TLS
인증기관(CA,�CERTIFICATE�AUTHORITY)
▸ 전자서명을�이용한�전자상거래(통신)에�있어�객관적으로�신뢰할�수�있는�제3자(Trustred�Third�Party)를�의미�
▸ 전자서명�서명자�신원�확인�
▸ 서명자의�공개키를�보관/관리�
▸ 운영체제,�브라우저는�잘�알려진�인증기관의�목록을�보유한채�출하�
▸ 인증기관에서�발급한�인증서에는�공개키,�소유자식별정보,�인증서발행기관,�만료일이�포함됨
SSL/TLS
인증기관(CA,�CERTIFICATE�AUTHORITY)
SSL/TLS
인증기관(CA,�CERTIFICATE�AUTHORITY)
SSL/TLS
인증기관(CA,�CERTIFICATE�AUTHORITY)
참조
▸ 위키피디아�SSL (https://ko.wikipedia.org/wiki/SSL)�
▸ KLDP�Wiki(https://wiki.kldp.org/HOWTO/html/SSL-Certificates-HOWTO/x70.html)�
▸ 생활코딩�HTTPS와�SSL인증서 (https://opentutorials.org/course/228/4894)�
▸ 미닉스�개인�블로그�웹툰 (http://minix.tistory.com/395)�
▸ UCERT소개�페이지,�인증기관(CA)종류 (https://www.ucert.co.kr/ssl/sslca.html)�
▸ 개인�블로그,�Secure�Sockets�Layer�(SSL)�Overview�번역�및�정리(http://btsweet.blogspot.kr/2014/06/tls-ssl.html)
THANK YOU