ssl protokol

8/18/2019 SSL protokol

http://slidepdf.com/reader/full/ssl-protokol 1/17

SVEUČILIŠTE U OSIJEKUODJEL ZA MATEMATIKU,OSIJEK

SEMINARSKI RAD

Sigurnost na internetu, SSL protokol

Kolegij: Uvod u računalne mree ! u"lu#e,izv.prof.dr.sc. ------------------, dr.sc. ------------------

Autor: $$$$$$$$$$$$$$$$$, %redd& "veuč& "'ud!( ma'ema'!)e

O"!(e), *+& vel(ače *-.&



Sadržaj

-& Uvod&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&*& S!#urno"' na !n'erne'u&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&/& SSL %ro'o)ol&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&0& L!'era'ura1!2vor&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&+& 3r!lo#4 %ra)'!čn! d!o $ %5'6on %ro#ram!&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&



Uvod

U ovom "em!naru na"'o(!m u)ra')o o7a"n!'! %o(am "!#urno"'! na !n'erne'u 'e SSL %ro'o)ol)ao 2a8'!'n! %ro'o)ol )o(! "e )or!"'! %r! %ove2!van(u, "lan(u !l! %r!man(u %oru)a ! ra2n!6 %oda'a)a2a )o(e n!(e %oel(no da 7udu do"'u%n! trećoj strani&

O )a)v!m "e %oda9!ma rad!: Kada "e %r!ča o "!#urno"'! na In'erne'u %rven"'veno "e m!"l! na'a(no"' ! 9(elov!'o"' vla"'!'!6 o"o7n!6 %oda'a)a, "!#urno"' vla"'!'o# računala, čuvan(a 'a(no"'!vla"'!'o# ;e7 ! ma!l %rome'a, a u 2adn(e vr!(eme moda na(%o%ularn!(e %r!"'u%a "'ran!9ama!n'erne' 7an)ar"'va&

Ko(e "u %o"l(ed!9e: U2ev8! u o72!r da moe do<! do )ra=e %oda'a)a 7an)ovno# računa, %o"l(ed!9e mo#u 7!'! novčane %r!rode& Nadal(e, n!')o ne 7! 6'!o "vo(e o"o7ne %oda')e uč!n!'!do"'u%n!ma (avno"'!, a naroč!'o ne 7! 6'!o da ne')o dru#! do7!(e mo#u<no"' u%ravl(a'! na8!mračunalom 7e2 na8e# do%u8'en(a& 3r! )u%n(! %u'em !n'erne'a oče)u(emo da u!"'!nu do7!(emo %ro!2vod )o(! "mo el(el! naruč!'!, ! u )ol!č!n! )o(u "mo o2nač!l!> n!)a)o ne 7!"mo 6'(el! da ne')o 7e2 na8e# do%u8'en(a m!(en(a %oda')e )o(e "mo dal! %r!l!)om )u%ov!ne, 7!lo da "e rad! o )ol!č!n!oda7rano# %ro!2voda, 7o(! !l! ne<em 're<em, 8'o dovod! do na8e# ne2adovol("'va !l! novčane 8'e'e& Ner!(e')e %o"l(ed!9e ne"!#urno"'! na !n'erne'u "u ra2ne vr"'e v!ru"a )o(e na2a%aeno mo#u u<! una8e računalo, u"%or!'! #a !l! u%ravl(a'! a)9!(ama )o(!ma ne el!mo da u%ravl(a !')o o"!m na"&

Ka)o "e 2a8'!'!'!: U2ev8! u o72!r ra2ne v!ru"e )o(! "u ra8!ren! ra2n!m !n'erne' "adra(!ma,"va)a)o (e neo%6odna na7ava an'!v!ru"no# %ro#rama& U2 'o, vano (e 7!'! o"v(e8'en o 'ome )o(!m;e7 m(e"'!ma moemo v(erova'!, a )o(a "u ne"!#urna, naroč!'o )ad "e rad! o %reu2!man(u ra2n!6 %oda'a)a na na8e računalo !l! u%!"!van(u na8!6 %oda'a)a na m(e"'a )o(a od na" 'o 'rae, a neo7e<ava(u "!#urno"'&

?d(e (e u 'o( %r!č! SSL %ro'o)ol ! )a)o on %omae una%r!(ed!'! "!#urno"': SSL %ro'o)ol (e2a%ravo "!#urno"n! "u"'av ispod haube& To (e %ro'o)ol u )o(emu vanu ulo#u !ma(u en)r!%9!(aodno"'o )od!ran(e %oda'a)a )o(! "e 8al(u %u'em ve2e )a)o even'ualna treća strana ne 7! 7!la umo#u<no"'! la)o !8č!'a'! %oda')e )o(! "e 8al(u& 3ro'o)ol 'a)o=er o7!lu(e me'odama )o(e

o"!#urava(u da %oda9! "'!#nu do odred!8'a u odre=enom %ore')u, ne!2m(en(en! ! 2a8'!<en! oddal(n(e# d!(el(en(a ne%oel(n!m trećim stranama&

In'erne' !2 dana u dan una%r!(e=u(e ! ola)8ava na8e !vo'e ! "ve v!8e (e !"%re%le'en " ra2n!m %odruč(!ma na8e# d(elovan(a, 7!lo da "e rad! o %o"lu, 8)ol! !l! 6o7!(!ma, ra2n!m !vo'n!mnav!)ama !l! or#an!2!ran(u dnevn!6 o7ave2a& Ima vel!)u ulo#u u "va)odnevno( )omun!)a9!(!, %o"lovn!m %ro(e)'!ma, ra2n!m 'ran"a)9!(ama&&& ?o'ovo "ve nam %o"'a(e (edno"'avn!(e na%rav!'! preko mreže& U%ravo 27o# 'o#a "e (avl(a %o're7a o doda'n!m "!#urno"n!m m(erama> (er "lan(em %oda'a)a )ro2 mreu )o(a (e do"'u%na "v!ma ne el!mo da "e do#od! da ! '! %oda9! %o"'anudo"'u%n! "v!ma&



Sigurnost na internetu

Zam!"l!mo da T!n ! Ana ele "!#urno !2m(en(!va'! %oru)e %u'em !n'erne'a&

Ka)vo (e 'o "!#urno !2m(en(!van(e %oru)a, )o(! "u n(e#ov! elemen'!: Ka)o (e mo#u<e u#ro2!'!n(!6ovu )omun!)a9!(u:

Elementi sigurne komunikacije:-&3ov(erl(!vo"'&Samo %o8!l(a'el(u ! %r!ma'el(u )o(emu (e %oru)a nam!(en(ena (e do%u8'eno ra2um(e'! "adra( %oru)e& I2 'o# ra2lo#a, vano (e da %oru)a 7ude )od!rana&*&In'e#r!'e', 9(elov!'o"' %oru)e&Sva)a)o el!mo da %oru)a )o(u 8al(emo o"'ane ne%rom!(en(ena, 'e 9!(ela, a ne da "e do#od! da %r!m!mo "amo d!o %oru)e, da %o(ed!n! d!(elov! nedo"'a(u !l! da "e udvo"'ruč ! "l&/&3rov(era au'en'!@!)a9!(e&Odno"! "e na %o're7u da %o8!l(a'el( ! %r!ma'el( u'vrde !den'!'e'e )a)o 7! "a "!#urno8<u 2nal! da %oru)u 2a!"'a 8al(u 'o( o"o7!, '(& da "e na "'ran! %o8!l(a'el(a1%r!ma'el(a nala2! o"o7a 2a )o(u "e ona

%red"'avl(a da (e"'&0&O%era'!vna "!#urno"'&S!#urno"' )o(u %ove2u(emo "a mreama ra2n!6 or#an!2a9!(a )om%an!(e, "veuč!l!8'a, !'dB )o(e "u %ove2ane na (avn! !n'erne'& C!l( (e omo#u<!'! me=u"o7nu )omun!)a9!(u računala1o"o7a odre=eneor#an!2a9!(e %u'em (avno# !n'erne'a al! 'a)o da %oda9! )o(! "e !2m(en(u(u me=u n(!ma ne 7ududo"'u%n! (avnom !n'erne'u, '( traćim stranama " nam(erom da u#roava(u n(!6ov rad ! %r!va'no"'&

Akcije koje treća strana može poduzeti:



-&3r!"lu8)!van(e& Njuškanje !l! "n!man(e )on'roln!6 ! da'o'ečn!6 %oru)a )o(e "e 8al(u %u'em )anala*&I2m(ena, dodavan(e novo# "adra(a !l! 7r!"an(e "adra(a )o(! "e 8al(e&

T!n ! Ana mo#u 7!'! "'varn! )or!"n!9! )o(! ele !2m(en!'! e$ma!l %oru)u, 'o mo#u 7!'! dva

"uuče"n!)a u ele)'ron!č)o( 'ran"a)9!(! n%r& T!n el! "!#urno %ro"l!(ed!'! 7ro( )ar'!9e e7 "erveru)a)o 7! )u%!o %ro!2vod onl!neB> "l!čno 'o moe 7!'! Ana )o(a el! )omun!9!ra'! "a "vo(om 7an)om %u'em !n'erne'a, !l! "e %a) moe rad!'! o dva rou'era )o(! (edan dru#ome %reno"e %oru)u %r! 'ome'ee<! da "e 'a %oru)a ne !2m!(en! 'e da "!#urno "'!#ne na odred!8'e&

Jo8 )ro2 %ov!(e"' "e 'e!lo 2a8'!'! %r!va'no"' )omun!9!ran(a 'e "u "e ra2v!(ale ra2ne 'e6n!)e)r!%'o#ra@!(e )o(e "u ! dana" mo<an ala' ! !ma(u #lavnu ulo#u u "!#urno"nom )omun!9!ran(u 'e2a8'!'! %oda'a)a %r! "lan(u %u'em !n'erne'a& Š'o (e 2a%ravo )r!%'o#ra@!(a, )a)av (e 'o )on9e%':Kr!%'o#ra@!(a !l! 8!@r!ran(e1)od!ran(e (e "u"'av )o(! )or!"'! odre=ena %rav!la )o(a %oru)u %reo7l!)u(u u novu %oru)u )o(a n!(e la)o č!'l(!va trećoj strani& To (e !n'u!'!vna de@!n!9!(a, a %re9!2n!(a de@!n!9!(a ov!"! o )o(o( "e )r!%'o#ra@")o( me'od! rad!&

Te6n!)a )r!%'o#ra@!(e omo#u<u(e %o8!l(a'el(u da maskira %oru)u )o(u 8al(e )a)o treća strana ne 7! %re%o2nala o čemu "e rad!& 3r!ma'el( naravno mora 7!'! u mo#u<no"'! 2ama")!ranu %oru)u vra'!'! u or!#!nalno "'an(e )a)o 7! (e mo#ao %roč!'a'!& To o'%r!l!)e !de ova)o4 T!n )or!"'!)l(uč K A ,)a)o 7! "vo(u or!#!nalnu %oru)u 2ama")!rao 'a)o 8'o odre=en! al#or!'am m!(en(a2na)ove u %oru9! %rema 'očno odre=enom %rav!lu& Ta)av al#or!'am "e na2!vaen)r!%9!(a8!@r!ran(eB ! n(e#ov re2ul'a' (e 8!@r!rana %oru)a& Tu 8!@r!ranu %oru)u T!n 8al(e An! )o(a)or!"'! )l(uč K , '(, odre=en! al#or!'am )o(! 8!@r!ranu %oru)u vra<a u or!#!naln! o7l!)& Ta)aval#or!'am na2!va "e de)r!%9!(ade8!@r!ran(eB ! re2ul'a' (e or!#!nalna %oče'naB %oru)a )o(u (e T!nna%!"ao&

De'al(e o vr"'ama )r!%'o#ra@")!6 "u"'ava ! nač!n!ma na )o(! @un)9!on!ra(u ne<u navod!'!&!'no (e nave"'! da "u "e do dana" ra2v!l! "loen! )r!%'o#ra@")! "u"'av! 'e 'a)o dana" !mamo

"u"'ave )o(e (e nemo#u<e de8!@r!ra'! !l! n(!6ovo de8!@r!ran(e n!(e mo#u<e u realnom vremenu&

Sl(ede<! 7!'an )ora) "!#urno"'! (e !n'e#r!'e' ! au'en'!@!)a9!(a& T!n %r!m! %oru)u od "'rane )o(a"e %red"'avl(a da (e Ana& T!n el! 7!'! "!#uran u dv!(e "'var!4 da (e %oru)u do!"'a %o"lala Ana ! da "e'a %oru)a n!(e neovla8'eno m!(en(ala 'o)om "lan(a& Ka)o 7! u'vrd!l! 'o dvo(e 'e o7(a"n!l! %o%ularnume'odu )o(a čuva !n'e#r!'e' %oru)e, %o're7no (e ra2um(e'! ! )r!%'o#ra@")e hash$@un)9!(e& Kod'a)v!6 @un)9!(a (e nemo#u<e da "e %rona=u dv!(e ra2l!č!'e %oru)e, x ! y, 'a)ve da (e F xBGF yB&Dru#!m r!(eč!ma, %oru)u )o(a (e 2a8'!<ena hash$@un)9!(om n!(e mo#u<e 2am!(en!'! dru#om %oru)om )o(a 7! !mala !"'u vr!(edno"' )ao %oče'na %oru)a&

Messae !uthentication "ode odno"no MAC (e "l(ede<e 8'o <u o7(a"n!'!& Kora9! "u "l(ede<!4-&Ana "a"'av! %oru)u m ! %omo<u hash$@un)9!(e !2računa hash, '(& FmB

*&Ana %o'om %oru9! doda(e FmB 'e 'a)o )re!ra novu %ro8!renu %oru)u m,FmBB ! 'a)vu (e 8al(eT!nu/&T!n %r!ma %ro8!renu %oru)u )ao m,hB ! računa FmB& A)o (e FmBGh, T!n 2a)l(uču(e da (e "ve uredu& No, ovd(e ne8'o @al!& #reća strana moe la)o )re!ra'! %r!v!dnu %oru)u m$ u )o(o( "e %red"'av! )aoAna, !2računa'! Fm$ B 'e %o"la'! T!nu %ro8!renu %oru)u m$ ,Fm$ BB& U 're<em )ora)u 7! "ve 'o %ro8lo ! T!n ne 7! %o"umn(ao da "e ne8'o do#a=a& U 'o( %r!č! "e %o(avl(u(e au'en'!@!)a9!(")! )l(uč,'a(n! "'r!n# 7!'ova t )o(! T!n ! Ana me=u"o7no d!(ele& 3re'6odn! )ora9! "e m!(en(a(u 'e "e !2vod!



"l(ede<e4-&Ana "a"'av! %oru)u m ! doda (o( t ! %o'om računa hash Fm%t B& U%ravo Fm%t B "e na2!va MAC&*&Ana %o'om %oru9! m doda(e MAC 'vore<! 'a)o %ro8!renu %oru)u m,Fm%t BB&/&T!n %r!ma %ro8!renu %oru)u )ao m,hB ! %o2nava(u<! t !2računava MAC, Fm%t B& U)ol!)o (eFm%t BGh, T!n 2a)l(uču(e )a)o (e "ve u redu&

3redno"' )o(u do7!vamo )or!8'en(em MAC %ro9edure (e 'o 8'o nam n!"u %o're7n! en)r!%9!(")!al#or!'m!& Jer 2a!"'a u mno#!m a%l!)a9!(ama n!(e 7!'na %r!va'no"', ve< !")l(uč!vo !n'e#r!'e' %oru)e %r! "lan(u& Kor!"'e<! MAC, )ra(n(! )or!"n!9! mo#u %o'vrd!'! au'en'!@!)a9!(u %oru)a )o(e "!me=u"o7no 8al(u a da %r! 'ome ne mora(u uvod!'! "loene en)r!%9!(")e al#or!'me u 9!(elu %ro9eduru au'en'!@!)a9!(e&

Naravno, do dana" "u %onu=en! mno#! "'andard! 2a MAC %ro9eduru, a na(%o%ularn!(! (eHMAC )o(! 2a%ravo %rovod! %oda'a) ! au'en'!@!)a9!(")! )l(uč )ro2 hash$@un)9!(u dva%u'&

Jo8 %reo"'a(e ra2(a"n!'! (edno 7!'no %!'an(e& Ka)o o"o7e !2m(en(u(u !den'!@!)a9!(")! )l(uč )o(!me=u"o7no d!(ele: Re9!mo da "e rad! o dva rou'era )o(! n%r& !ma(u "vo(e vla"'!'e (avne )l(učeve&Mren! adm!n!"'ra'or 'a(n! au'en'!@!)a9!(")! )l(uč en)r!%'!ra )or!8'en(em (avno# )l(uča 'e #a

'a)vo# 8al(e rou'er!ma %re)o mree&Mo#u<no"'! ov(eravan(a do)umena'a d!#!'aln!m %o'%!"om %r! "lan(u do)umen'a %re)o mree

'a)o=er (e %rovedeno "l!čnom 8emom #d(e ona( )o(! %o'%!"u(e ! 8al(e do)umen' m !ma (avn! )l(učK $ ! %r!va'n! )l(uč K %o2na' "amo n(emu, a ona( )o(! %r!ma %o'%!"an! do)umen' !ma "amo (avn!)l(uč K $& T!n u2!ma "vo( %r!va'n! )l(uč ! računa K mB& Ana !ma m ! K mB 'e el! %rover!'! da l! (e 'o 2a!"'a T!nov %o'%!"& Ona u2!ma T!nov (avn! )l(uč K $ ! %r!m(en(u(e #a na d!#!'aln! %o'%!"K mB %ove2an " do)umen'om m. Da)le ona računa K $K mBB 8'o )ao od#ovor da(e m& S'var (eu 'ome da ')o #od da (e %o'%!"ao do)umen' m morao (e )or!"'!'! %r!va'n! )l(uč K !2računava(u<! %o'%!" K mB, 'a)av da vr!(ed! da (e K $K mBBGm& Vano (e %r!m(e'!'! da )ad 7! m %re%rav!l! um$ , 'ada %o'%!" )o(! (e T!n )re!rao 2a m ne 7! 7!o val(an ! 2a m$ (er K $K mBB ne 7! dalo m$ )aore2ul'a'& T!me (e "ačuvan !n'e#r!'e' %oru)e$do)umen'a&

Na )ra(u, (o8 (edan 7!'an elemen' (e )ra(n(a au'en'!@!)a9!(a& To (e %ro9e" u'vr=!van(a !den'!'e'ao"o7a )o(e )omun!9!ra(u& Za ova( d!o "u 2aduen! au'en'!@!)a9!(")! %ro'o)ol! ! ne<u !6o7(a8n(ava'!& Ono 8'o <u "l(ede<e o7(a"n!'! (e 2a8'!'a TC3 %r'o)ola, odno"no SSL %ro'o)ol&



SSL protokol

U %re'6odnom na"lovu "am %r!)a2ala u)ra')o )a)o )r!%'o#ra@")e 'e6n!)e mo#u omo#u<!'! %ov(erl(!vo"' ! !n'e#r!'e' %oru)a ! %oda'a)a 'e !"'o 'a)o )ra(n(u au'en'!@!)a9!(u )or!"n!)a )o(!)omun!9!ra(u %u'em a%l!)a9!(a& Ovd(e <u %r!)a2a'! )a)o "e %omo<u en)r!%9!(e moe 2a8'!'!'! TC3 %ro'o)ol, odno"no ono 8'o "e n(!me 8al(e& Ta)va una%r!(e=ena ver2!(a TC3 %ro'o)ola (e %o2na'a)ao &ecure &ockets 'ayer odno"no SSL&

SSL (e or!#!nalno d!2a(n!rao Netscape> o"novn!m !de(ama o 2a8'!'! TC3$a (e %re'6od!o Netscape$ov rad& Od "vo# o"nu')a, SSL (e %o"'!#ao 8!ro)u !m%lemen'a9!(u& 3odran (e od "v!6 %o2na'!6 e7 7ro;"era ! e7 "ervera ! )or!"'e #a u 7!'! "ve "'ran!9e )o(e nude In'erne' 'r#ov!nu,u)l(uču(u<! !mazon, e(ay, )ahoo*, M&N !'d& Sva)e #od!ne "e ulau o#romna "red"'va u SSL&U"'var!, a)o "'e !)ada !8'a )u%!l! )ar'!9om %u'em !n'erne'a, )omun!)a9!(a !2me=u va8e# 7ro;"era !"ervera 2a 'u )u%n(u (e #o'ovo "!#urno %rovedena %u'em SSL$a& Moe'e %r!m(e'!'! da va8 7ro;"er)or!"'! SSL u)ol!)o URL um(e"'o "a 6''%4 %oč!n(e "a 6''%"4&

Kao ! do "ada, "ve <u %r!)a2a'! %omo<u %r!m(era& Imamo '!%!čan "9enar!( )u%n(e %re)o!n'erne'a& 3o(avl(u(e "e na8 (una) T!n& T!n "ur@a !n'erne'om ! na!la2! na An!nu "'ran!9u 2a %roda(u %ar@ema& S'ran!9a mu %re2en'!ra o7ra2a9 u )o(! on uno"! vr"'u %ar@ema, )ol!č!nu, adre"u na )o(u

're7a do"'av!'! ! 7ro( )ar'!9e )o(om el! %la'!'!& Na)on uno"a "ve#a 2a'raeno#, %o'vr=u(e )u%n(u !oče)u(e da <e o7!čnom %o8'omB do7!'! ono 8'o (e naruč!o& Ta)o=er oče)u(e da <e do7!'! %o'vrdu2a n(e#ovu narud7u ! !2vr8enu u%la'u& Š'o "e "ve moe do#od!'! a)o ve2a n!(e 2a8'!<ena:3o(avl(u(e "e na8a na(draa ne%oel(na treća strana&$ 27o# neo7ra<an(a %an(e na 2a8'!'u %ov(erl(!vo"' %oda'a)a, treća strana moe %re)!nu'! T!novunarud7u ! %reu2e'! !n@orma9!(e o n(e#ovo( )ar'!9! )o(om %la<a& Ta)o )a"n!(e moe !2vr8!'! )u%n(e)or!"'e<! n(e#ov račun&$ 27o# 2anemarene 2a8'!'e !n'e#r!'e'a %oda'a)a, treća strana moe %rom!(en!'! narud7u ! n%r&naruč!'! dru#u vr"'u %ar@ema !l! %ove<a'! )ol!č!nu naručen!6 7oč!9a$ ! na )ra(u, 27o# ne)or!8'en(a au'en'!@!)a9!(e, "erver moe "'ran!9u %red"'av!'! )ao da (e An!na,do) 2a%ravo n(ome u%ravl(a treća strana )o(a na)on 2a)l(učene )u%ov!ne moe (edno"'avno u2e'!nova9 ! pobjeći& Il! moe "amo "a)u%!'!n(e#ove %oda')e, 7ro( )ar'!9e, !me !adre"u ! )or!"'!'! !6 u "vo(e "vr6e&

SSL (ača TC3 vode<! 7r!#u o 2a8'!'! %r!va'no"'!, !n'e#r!'e'u %oda'a)a 'eau'en'!@!)a9!(om "ervera ! )l!(en'a& Kadane)a a%l!)a9!(a el! )or!"'!'! SSL,ona u)l(uču(e SSL )la"e17!7l!o'e)e&



SSL "e u"'var! nala2! u a%l!)a9!(")om "lo(u, !2 %er"%e)'!ve develo%era 'o (e 'ran"%or'n! %ro'o)ol)o(! %rua TC3 u"lu#e o(ačane "!#urno"nom 2a8'!'om&

Generalni princip SSL protokola

3rvo <u o7(a"n!'! SLL ! n(e#ove elemen'e na %o(edno"'avl(eno( ver2!(! )o(a nam da(e o"novnora2um!(evan(e SSL$a& SSL )or!"'! 'r! @a2e4 rukovanje, nabavka kljua ! prijenos podataka&Sl!(ed! o%!" ov!6 'r!(u @a2a 2a )omun!)a9!(u !2me=u )l!(en'a T!nB ! "ervera AnaB, #d(e Ana !ma %r!va'n!1(avn! %ar )l(učeva ! 9er'!@!)a' )o(! n(e2!n !den'!'e' %ove2u(e " n(en!m (avn!m )l(učem&

!ukovanje"T!(e)om @a2e ru)ovan(a T!n 're7a u"%o"'av!'! TC3 )one)9!(u "a Anom, u'vrd!'! da (e Ana doistaAna ! %o"la'! (o( Master &ecret MSB )l(uč )o(! <e o7o(e )or!"'!'! )a)o 7! #ener!ral! "!me'r!čne)l(učeve )o(! <e !m 7!'! %o're7n! 2a SSL "e"!(u& Na)on u"%o"'avl(an(a TC3 )one)9!(e, T!n 8al(e An! %o2dravnu %oru)u& Ana u od#ovoru 8al(e 9er'!@!)a' )o(! "adr! n(en (avn! )l(uč ! T!n "a "!#urno8<u2na da (avn! )l(uč u 9er'!@!)a'u %r!%ada An!& T!n )re!ra MS Master &ecret B )o(! <e "e )or!"'!'! "amou ovo( "e"!(!, en)r!%'!ra #a An!n!m (avn!m )l(učem )a)o 7! "'vor!o +ncrypted Master &ecret $EMS ! %o"lao #a An!& Ana de)r!%'!ra EMS n(en!m %r!va'n!m )l(učem )a)o 7! do7!la MS& Na)onove @a2e o7o(e 2na(u MS 2a ovu SSL "e"!(u&

#abavka kljua"U %r!n9!%u "e MS )o(! d!(ele T!n ! Ana moe )or!"!'! )ao "!me'r!čn! )l(uč 2a "ve naredneen)r!%9!(e ! %rov(ere !n'e#r!'e'a %oda'a)a& O7!čno "e "ma'ra "!#urn!(!m da o7o(e )or!"'e ra2l!č!'e)l(učeve ! da "e 2a en)r!%9!(u ! %rov(ere !n'e#r!'e'a )or!"'e ne)! dru#! )l(učev!& Tada 7! "e#ener!rala če'!r! )l(uča4$E G "e"!(")! )l(uč 2a en)r!%9!(u %oda'a)a )o(e T!n 8al(e An!$M G "e"!(")! MAC )l(uč 2a %oda')e )o(e T!n 8al(e An!$EA G "e"!(")! )l(uč 2a en)r!%9!(u %oda'a)a )o(e Ana 8al(e T!nu$MA G "e"!(")! MAC )l(uč 2a %oda')e )o(e Ana 8al(e T!nu Na )ra(u ove @a2e, o7o(e !ma(u "va če'!r! )l(uča& Dva <e "e )l(uča )or!"'!'! 2a en)r!%9!(u %oda'a)a>a dva MAC )l(uča 2a %rov(eru !n'e#r!'e'a %oda'a)a&

$rijenos podataka"Sada )ad o7o(e %o"(edu(u od#ovara(u<e )l(učeve, "ve (e "%remno 2a "lan(e %oda'a)a& SSL ra27!(aT!nov 'o) %oda'a)a u 2a%!"e recordsB ! doda(e MAC na "va)! 2a%!" rad! %rov(ere !n'e#r!'e'a,2a'!m en)r!%'!ra 2a%!"MAC& Ka)o 7! )re!rao MAC, T!n hash @un)9!(! %ro"l(e=u(e 2a%!" u2 )l(učM& Za en)r!%9!(u %a)e'a 2a%!"MAC, T!n )or!"'! )l(uč E& Ta( en)r!%'!ran! %a)e' "e %ro"l(e=u(eTC3$u 2a 'ran"%or' %u'em !n'erne'a& Ia)o ova)av %r!"'u% %rela2! du# %u', (o8 uv!(e) n!(ene%ro7o(an )ada "e rad! o o"!#uravan(u !n'e#r!'e'a 9!(elo)u%ne %oru)e )o(a "e 8al(e&



3re'%o"'av!mo da treća strana !ma mo#u<no"' ume'a'!, 7r!"a'! ! %rem(e8'a'! "e#men'e u9!(elo)u%nom 'o)u TC3 "e#mena'a %o"lan!6 !2me=u T!na ! Ane& Moe na%r!m(er u6va'!'! dva"e#men'a, o7rnu'! !m redo"l!(ed %r!la#od!'! TC3 7ro(eve )o(! o2načava(u redo"l!(ed )o(! n!"uen)r!%'!ran!B 'e !6 'a)o %o"la'! An!& 3re'%o"'av!mo da "va)! TC3 "e#men' 'vor! 'očno (edan 2a%!" ! %o#leda(mo )a)o <e An=el)a o7rad!'! ove "e#men'e&-&TC3 "erver AnaB <e "ma'ra'! da (e "ve u redu ! %ro%u"'!'! dva 2a%!"a u SSL %od"lo(

*&SSL "erver <e de)r!%'!ra'! dva 2a%!"a/&SSL "erver <e )or!"'!'! MAC 2a "va)! 2a%!" da %rov(er! !n'e#r!'e' 'a dva 2a%!"a0&SSL <e 2a'!m %ro%u"'!'! de)r!%'!ran 'o) 75'ova 'a dva 2a%!"a u a%l!)a9!(")! "lo(> al! )om%le'an'o) 75'ova )o(e (e Ana %r!m!la ne<e 7!'! u !"%ravnom %ore')u 27o# o7rnu<a 2a%!"aR!(e8en(e ovo# %ro7lema (e )or!8'en(e 7ro(eva )o(! o2načava(u redo"l!(ed $ "e)ven'n! 7ro(ev!& SSL'o rad! na "l(ede<! nač!n4 T!n odre=u(e 7ro(ač "e)ven'no# 7or(a )o(! %oč!n(e od nula ! %ove<ava "e %r! "va)om SSL 2a%!"u )o(! on 8al(e& T!n ne u)l(uču(e "e)ven'n! 7ro( u "am 2a%!", al! )ad!2računava MAC on u)l(uču(e "e)ven'n! 7ro( u MAC !2račun& Da)le, MAC (e "ada hash 8!@raB %oda')a %lu" MAC )l(uč M %lu" 'renu'n! "e)ven'n! 7ro(& Ana %ra'! T!nove "e)ven'ne 7ro(eve,

do%u8'a (o( "e %rov(era !n'e#r!'e'a 2a%!"a u)l(uč!van(em odre=eno# "e)ven'no# 7ro(a u MAC!2račun& Ova)av nač!n uvo=en(a "e)ven'n!6 7ro(eva "%r(ečava treću stranu da na%adne 'o)"e#mena'a 'a)o da m!(en(a %oreda) !l! %onavl(a "e#men'e&

SSL zapis

Sa"'o(! "e od %ol(a4 '5%e$'!%, ver"!on$ver2!(a, len#'6$dul(!na, da'a$%oda'a) ! MAC& 3r!m(e'!mo da %rva 'r! %ol(a n!"u en)r!%'!rana& 3ol(e '5%e #ovor! da l! (e 2a%!" %oru)a u @a2! ru)ovan(a !l! %oru)a)o(a "adr! %oda'a) o a%l!)a9!(& Ovo %ol(e "e 'a)o=er )or!"'! 2a 2a'varan(e SSL )one)9!(e& SSL na"'ran! %r!m!')a )or!"'! %ol(e len#'6 2a !2dva(an(e SSL 2a%!"a !2 dola2e<e# TC3 'o)a 75'ova& 3ol(ever"!on (e "amo %o "e7! (a"no&

$otpuniji princip SSL protokola

Sada )ada !mamo o"novno 2nan(e o SSL %ro'o)olu, moemo 2av!r!'! du7l(e ! ra2mo'r!'!"u8'!nu "'varno# SSL %ro'o)ola&

!ukovanje"



SSL ne nalae da T!n ! Ana )or!"'e "ve 'e )l(učeve& Um(e"'o 'o#a, SSL !m do%u8'a da "e "loe o)o)r!%'o#ra@")o# al#or!'ma na %oče')u SSL "e"!(e, '!(e)om @a2e ru)ovan(a& Doda'no, '!(e)om 'e @a2eT!n ! Ana "! 8al(u nonce )o(e "e )or!"'e 2a !2radu "e"!(")!6 )l(učeva E ,M ,EA ! MAB& Kora9! %ravo# SSL %ro'o)ola "u4-&Kl!(en' 8al(e l!"'u )r!%'o#ra@")!6 al#or!'ama )o(e %odrava, 2a(edno "a )l!(en' noncom

*&Server 7!ra !2 l!"'eB "!me'r!čn! al#or!'am, al#or!'am (avn# )l(uča ! MAC al#or!'am& Svo(e

oda7!re 8al(e na2ad )l!(en'u, 2a(edno "a 9er'!@!)a'om ! "erver noncom/&Kl!(en' %rov(erava 9er'!@!)a', u2!ma "erverov (avn! )l(uč, #ener!ra re-Master &ecret 3MSB,en)r!%'!ra #a "a "erverov!m (avn!m )l(učem ! 8al(e en)r!%'!ran! 3MS "erveru0&Kor!"'e<! !"'u @un)9!(u na7av)e )l(uča, )l!(en' ! "erver neov!"no !2računava(u Master &ecret

MSB !2 3MS nonci& MS (e onda ra2d!(el(en na #ener!ran(e dva en)r!%9!(")a ! dva MAC )l(uča&Š'ov!8e, )ada !2a7rana "!me'r!čna 8!@ra u%o'r!(e7! CC, onda "u dva In!9!(al!2a9!(")a ve)'ora nitiaization /ectors B IV"B $ %o (edan 2a "va)u "'ranu )one)9!(e $ !"'o do7!vena !2 MS& Od"ada"u "ve %oru)e %o"lane !2me=u )l!(en'a ! "ervera en)r!%'!rane ! au'en'!@!9!rane MAC$omB&+&Kl!(en' 8al(e MAC "v!6 %oru)a ru)ovan(a.&Server 8al(e MAC "v!6 %oru)a ru)ovan(a

U )ora)u - )l!(en' 8al(e l!"'u al#or!'ama u )o(o( "u ne)! "la7!(! a ne)! (ač!, )ao ne2a8'!<en'e)"', (er "e en)r!%9!(a vr8! 'e) na)on 8'o "e )l!(en' ! "erver "loe o)o )l(učeva& #reća strana 7!ovd(e mo#la !27r!"a'! (ače al#or!'me !2 l!"'e& Da 7! "e 'o "%r(eč!lo, u )ora)u + )l!(en' 8al(e MAC of

concatenation&Čemu "lue nonce: N!"u l! "e)ven'n! 7ro(ev! dovol(n!: Rad! "e o 'ome da nonce 8'!'e od

%onovno# "lan(a !"'o# 2a6'(eva& Kad "e nonce ne 7! )or!"'!le, "l(ede<! dan 7! "e treća strana mo#la2ama")!ra'! ! %red"'av!'! )ao T!n, ! %o"la'! An! !"'! "l!(ed %oru)a )ao ! dan %r!(e& A)o Ana n!(e)or!"'!la nonce, od#ovor!' <e !"'!m "l(edom %oru)a )ao ! dan %r!(e& Sve %oru)e <e %ro<! )ao da (e"ve normalno& Ana 'o moe "6va'!'! )ao da T!n o%e' naruču(e !"'! %ro!2vod& U)l(uč!v8! nonce u %ro'o)ol, Ana 8al(e ra2l!č!'e 2a "va)u TC3 "e"!(u, 8'o 2nač! da <e en)r!%9!(")! )l(učev! 7!'!dru#ač!(! 2a 'a dva dana& Da)le, )ad Ana %r!m! 2a%!"e od treće strane, on! ne<e %ro<! "!#urno"ne

%rov(ere ! 'ran"a)9!(a ne<e 7!'! mo#u<a& Da)le u SSL$u, nonce "e )or!"'e 2a o7ranu odre%rodu)'!vno# na%ada, a "e)ven'n! 7ro(ev! "e )or!"'e 2a 2a8'!'u od %onavl(an(a odre=en!6 %a)e'a'!(e)om 'ra(an(a "e"!(e&

%atvaranje konekcije"U ne)om 'renu')u T!n !l! Ana ele 2avr8!'! SSL "e"!(u& Jedan %r!"'u% 7! 7!o da n%r& T!n %o8al(eTC3 FIN "e#men' An!& Ta)av )on9e%' (e na!van (er 7! treća strana mo#la u 7!lo )o(em'renu')udo) "e"!(a n!(e 2avr8enaB %o"la'! 'a)av "e#men' ! 2a'vor!'! )one)9!(u& T!me Ana ne 7! %r!m!la "ve, ve< "amo d!o ono#a 8'o T!n 8al(e& R!(e8en(e (e %ol(e '5%e u SSL 2a%!"u, )o(e "am ve<ran!(e "%omenula& Ia)o (e 'o %ol(e %o"lano u o7!čnom 'e)"'u, na "'ran! %r!ma'el(a au'en'!@!9!rano (e )or!8'en(em MAC$a 'o# 2a%!"a&B U)l(uču(u<! 'a)vo (edno %ol(e, )ada 7! Ana %r!m!la TC3 FIN

%r!(e %r!m!')a SSL 2a%!"a 2a 2a'varan(e )one)9!(e, 2nala 7! da "e ne8'o "umn(!vo do#a=a&

Ovd(e %r!ča o SSL$u 2avr8ava& O7(a8n(ene "u "ve @a2e ! %r!n9!%! %o )o(!ma rad! SSL, )a)o 7!na8a TC3 )one)9!(a o"'ala 2a8'!<ena od ra2n!6 neel(en!6 na%ada na %r!va'no"' ! !n'e#r!'e' %oda'a)a& Ova)vo ne8'o "e do#a=a "va)odnevno %r! ra2n!m 'ran"a)9!(ama %u'em !n'erne'a,)u%ov!n! %u'em !n'erne'a ! o"'al!m %ro9e"!ma )o( 2a6'(eva(u )om%le'nu 2a8'!'u TC3 )one)9!(e&



Literatura&izvori

-& J& F& Kuro"e, and Ke!'6 & Ro"", "omputer Net0orkin1 ! #op-2o0n !pproach,Add!"on$e"le5 3u7l!"6!n# Com%an5, USA, .'6 ed!'!on, *-/&

*& J& ?oer2en, & R6ode"4 3oundations of ython Net0ork rorammin1 #he"omprehensive 4uide to (uidin Net0ork !ppications 0ith ython, *nd Ed,A%re"", *-&



$rilog ' praktini dio

Ka)o "e moe )or!"'!'! SSL u 35'6on )odu: S!#urna )one)9!(a "e 2a%oč!n(e 'a)o 8'o )on'rolu

"o9)e'a %reu2!ma SSL 7!7l!o'e)a& T!me %o)a2u(emo da el!mo %re"'a'! " )or!8'en(em "o9)e'a 2a)omun!)a9!(u č!"'!m 'e)"'om ! 2a%oče'! )or!8'en(e "o9)e'a 2a )omun!)a9!(u en)r!%'!ran!6 %oda'a)a, )on'rol!ran!6 7!7l!o'e)om& Od "ada, ne )or!"'! "e ra; "o9)e', '!me <emo do7!'! error ! %re)!nu' <e "e )one)9!(a& Kor!"'!' <e "e dru#e me'ode omo#u<ene 7!7l!o'e)om )a)o 7! "e o"'var!la)omun!)a9!(a& I )l!(en' ! "erver 7! 're7al! %re7a9!'! "vo(e "o9)e'e na SSL !"'ovremeno&

Na(!2ravn!(! nač!n 2a )or!8'en(e SSL nač!na rada u %5'6on )odu (e )or!8'en(e ""l %a)e'a )o(!nov!(e ver2!(e %5'6ona !ma(u u "'andardn!m 7!7l!o'e)ama&$SSL %a)e' )o(! dola2! " 35'6on /&* u)l(uču(e "ve 8'o (e %o're7no 2a "!#urnu )omun!)a9!(u&$SSL %a)e'! )o(! dola2e " ver2!(ama 35'6on *&. do /&- %o're7no (e nado#rad!'! !n"'ala9!(ombackports.ssl_match_hostname d!"'r!7u9!(u$2a 35'6on *&+ ! ran!(e %o're7no (e na7av!'! ssl ! backports.ssl_match_hostname d!"'r!7u9!(u



$!() $!*G!A+

SE!(E!

from socketserver import TCPServer, ThreadingMixIn, StreamRequestHandlerimport ssl

class MSS!"TCPServer#TCPServer$% def ""init""#self, server"address, RequestHandlerClass, cert&le, ke&le, ssl"version'ssl(PR)T)C)!"T!Sv*, +ind"and"activate'True$% TCPServer(""init""#self, server"address, RequestHandlerClass, +ind"and"activate$ self(cert&le ' cert&le self(ke&le ' ke&le self(ssl"version ' ssl"version

def get"request#self$% nesocket, fromaddr ' self(socket(accept#$ connstream ' ssl(rap"socket#nesocket, server"side'True, cert&le ' self(cert&le, ke&le ' self(ke&le, ssl"version ' self(ssl"version$ return connstream, fromaddr

class MSS!"ThreadingTCPServer#ThreadingMixIn, MSS!"TCPServer$% pass

class testHandler#StreamRequestHandler$% def handle#self$% data ' self(connection(recv#-./0$ self(&le(rite#data$1test codeMSS!"ThreadingTCPServer##2*34(.(.(*2,5*5*$,testHandler,6cert(pem6,6ke(pem6$(serve"forever#$

KL)E#-

import osimport socket, ssls ' socket(socket#socket(78"I9:T,socket(S)C;"STR:7M$ssl"sock '

ssl(rap"socket#s,ca"certs'6cert(pem6,cert"reqs'ssl(C:RT"R:<=IR:>,ssl"version'ssl(PR)T)C)!"T!Sv*$ssl"sock(connect##2*34(.(.(*2,5*5*$$ssl"sock(send#2hello ?MSS! @2$print#ssl"sock(recv#-./0$$ssl"sock(close#$



.!UG) $!*G!A+KL)E#-import socket, ssl, pprint

s ' socket(socket#socket(78"I9:T, socket(S)C;"STR:7M$

1 Require a certi&cate from the server( Ae used a selfBsigned certi&cate

1 so here ca"certs must +e the server certi&cate itself(ssl"sock ' ssl(rap"socket#s,ca"certs'6server(crt6,cert"reqs'ssl(C:RT"R:<=IR:>$

ssl"sock(connect##2localhost2, *..3$$

print#repr#ssl"sock(getpeername#$$$print#ssl"sock(cipher#$$print#pprint(pformat#ssl"sock(getpeercert#$$$

ssl"sock(rite#6+oo@6$

if 8alse% 1 from the Pthon 3(4( docs 1 Set a simple HTTP request BB use httpli+ in actual code(

ssl"sock(rite#666D:T E HTTPE*(.FrHost% (verisign(comFnFn666$

1 Read a chunk of data( Aill not necessaril 1 read all the data returned + the server( data ' ssl"sock(read#$

1 note that closing the SS!Socket ill also close the underling socketssl"sock(close#$

SE!(E! import socket, ssl+indsocket ' socket(socket#$+indsocket(+ind##22, *..3$$

+indsocket(listen#5$

def do"something#connstream, data$% print#6do"something% 6, data$ return 8alse

def deal"ith"client#connstream$% data ' connstream(read#$ hile data% if not do"something#connstream, data$% +reak data ' connstream(read#$hile True%

nesocket, fromaddr ' +indsocket(accept#$ connstream 'ssl(rap"socket#nesocket,server"side'True,cert&le'6server(crt6,ke&le'6server(ke6$ tr% deal"ith"client#connstream$ &nall% connstream(shutdon#socket(SH=T"R>AR$ connstream(close#$

-!E/) $!*G!A+



222 To generate the selfBsigned SS! ke and certi&cate%openssl genrsa *.3- G ssl"keopenssl req Bne Bx5./ Bnodes Bsha* Bdas 05 Bke ssl"cert"ke G ssl"cert 222

import timeimport threading

import socketimport ssl

port ' 3.-/host ' 6localhost6

ssl"ke&le ' 6EhomeEiankEssl"certEssl"ke6ssl"cert&le ' 6EhomeEiankEssl"certEssl"cert6

tr% ip7ddr ' socket(gethost+name#host$ print#6IP ' 6 ip7ddr$except socket(gaierror%

print#6Host name could not +e resolved6$

class TCPase#threading(Thread$% def ""init""#self$% self(soc ' self(+uildSocket#$ super#TCPase, self$(""init""#$

def +uildSocket#self$% tr% s ' socket(socket#socket(78"I9:T, socket(S)C;"STR:7M$ print#2Socket created2$ except #socket(error, msg$% print#28ailed to create socket :rror code% 2 str#msgJ.K$ 2, :rror message% 2

msgJ*K$ return s

def print:rr#self, usrMsg, msg$% print#usrMsg$ print#usrMsg$

class ClientThread#TCPase$% def ""init""#self$% super#ClientThread, self$(""init""#$

def run#self$% 222

Client thread 222 err ' . tr% self(ssl"sock ' ssl(rap"socket#self(soc, ca"certs'ssl"cert&le, cert"reqs'ssl(C:RT"R:<=IR:> $ print#6Arapped client socket for SS!6$ except socket(error% print#6SS! socket rapping failed6$



err ' *

if not err% tr% self(ssl"sock(connect##host, port$$ print#6client socket connectedFn6$ except #socket(error, msg$%

self(print:rr#6Socket connection error in client% 6, msg$L err ' *

if not err% print#6send message6$ self(ssl"sock(sendall#6Tas +rillig and the slith toves6$

self(soc(close#$ self(ssl"sock(close#$ print#6exit client6$

class ServerThread#TCPase$% def ""init""#self$%

super#ServerThread, self$(""init""#$

def run#self$% 222 Server thread 222 err ' . msg ' 9one tr% self(soc(+ind##host, port$$ print#6ind orkedFn6$ except #socket(error , msg$% print#6ind failed in server% 6 str#msgJ.K$ 6 Message 6 msgJ*K$

err ' * if not err% tr% self(soc(listen#*.$ except #socket(error, msg$% print#6!isten failed% 6 str#msgJ.K$ 6 Message 6 msgJ*K$ err ' * if not err% self(conn, self(addr ' self(soc(accept#$ print#67ccepted client connection to address 6 str#self(addr$ 6Fn6$ tr% self(connstream ' ssl(rap"socket#self(conn, server"side'True, cert&le'ssl"cert&le, ke&le'ssl"ke&le, ssl"version'ssl(PR)T)C)!"T!Sv* $ print#6SS! rap succeeded for sever6$ except #socket(error, msg$% if #msg @' 9one$ % print#6SS! rap failed for server% 6 str#msgJ.K$ 6 Message 6 msgJ*K$ err ' *



hile True% data ' self(connstream(recv#*.3-$ if data% print#6server% 6 data$ else% +reak self(soc(close#$

self(connstream(close#$ print#6exit server6$

def main#$% print#6Hello orld6$ client ' ClientThread#$ server ' ServerThread#$ server(start#$ client(start#$ hile client(is7live#$ and server(is7live#$% 222 >o nothing

222 time(sleep#.(*..$ print#6Main% that2s all folks6$

main#$

ssl protokol

Documents