14 Network Security, Principles and Practice,2nd Ed. # $ !" : http://www.fata.ir http://mehr.sharif.edu/~shahriari SSL TLS SET ' " . # & # % !"# $" !"# ! , !" * + & )' :/ 5 (8 ! 9 4 & ( & ' ' ( 23 8( 736 # &8 # : !; < 5 1 ! Threats on the Web Sharif Network Security Center ( .( .1 # : = . IPSec & # % > .' , ,6 #& ?% C1 C B A :& #% IPSec & # % !: @ SSL/TLS & # % 'Application # & ? % & $ = ( IE Netscape ( ! ' " !( 2 D+ ' E # $ ! $ SET Web Security Approaches Sharif Network Security Center Netscape Support for SSL Sharif Network Security Center * - SSL July, 1994 .# # 7 4( SSL 1.0 !1 G Netscape ! D( D H* ' $( Dec, 1994 . ! @ 3 & SSL 2.0 .' Netscape " .# 9 %( 68 ! 3 1 & . .# J+ K 8 P 8Q # ! 40 ' & #% # M – SSL ( # ...) * !( 2 D+ SSL & #% # C B ' July, 1995 IE & @ 3 & $( / G T =: ' : P .# ! & !( 2 D+ Nov, 1995 D SSL 3.0 ; Netscape # .' ! 2B ' $( 2$( .3 T Backward Compatible )SSL v2.0 $( 2$( P # U .@ # " ( # ...) * XPD ! H . .# @ 3 & ## 7 ( U + W V$ – SSL # # C PD TLS . : " 3 May, 1996 " IETF SSL # # B Jan, 1999 # RFC 2246 .' !. TLS 1.0 4 C ,# # SSL v3.1 6 .' YB # SSL /Z( , , #! , $( 68 3 $( Netscape \ [ ! ( # ( ! 2 (end to end) ( ( 6 .G C B ^ TCP # ! & # + , # # 68 CP + ._ - SSL # $ ` , #7 # , /Z( , , / 7 # , Record CP + C / # ! & P +C # ! , , P ! 5' : SSL : # : SSL Record Protocol : !H( M ^ Handshake CP b + – SSL + # !% 6 Z a & #% . J" )DES )DES-40 )RC2-40 )IDEA . HW & !P & # % RC4-128 )RC4-40 )Fortezza )3DES 7U+ !% =( 7 6 Z . & #% MAC W MD5 SHA-1 & # % J"= 7 4( 6 Z ' handshake CP + Y& W %c 3 MAC 2 M Netscape’s Ciphersuites Sharif Network Security Center Record Protocol Operation Sharif Network Security Center + – SSL P Record CP . . . ## : :# " ! 7 4( & # (/ . ( ^ &# C 7 4( / .3 / G X W : _ B #& 6 : & # D: HMAC D : MAC W . ) & # D: d ( )bX / G )bX M) ! SHA-1 MD5 '& 1 W 5 HW . : + # 214 2$e ! ( ! X = & #% = bX : 8 : H(= 6# : @ # D: # # / G )SSL !3 : $( )SSL ! ; $( ) M d () & # % CP + 6 (Content Type) M d ( ! 7# , # SSL Record Format Sharif Network Security Center + – SSL P :Change Cipher Spec CP ! #% Record CP 4 (pending)f _ ! SSL 7 # , CP +& H(= + 3 & !P . ! 1C < D 6 ( 4 .# ! ! _: < D + P + – SSL :SSL Alert CP ! CZ C Z ? G SSL ` ' ' D' Warning or Fatal : 8 T + .# ! H(= & # D: SSL ' # # Z ( : ' ( .( unexpected message, bad record mac, decompression failure, handshake failure " P + – SSL SSL Handshake CP ! 7 4( SSL .# : ( H(= # ' #% # ! M =" ## d ( ' / Z ( & T + : 68 & # % ! H .' & 5' # Y ) H(= ' 5 HW . / # 6 Z ( 6 Z + + Hello & : – f: ## B SSL Handshake CP ! &!; &:4C f: . ?G # 68 ' W# 2 68 ' W# 2 ! 2B H(= : =" H(= Hello & : – f: : j( B 6# =" : ' g D '& 1 '& 1 + ! =H ## B ( $ "& h8) : \ Hello 7 U + / \ !( 2 D+ $( 8 : # # B $( # D + (8 /# 2 i K ' 5 HW # D + K & # D: 7= ( P # D + =" / 2B # ' 5 HW $( ( / 2B C B # D + 8 ! ! =" + /# 2 & : – f: ## B : DH =" !' " / + (RSA)! .3 ' .' / :! 2 M =" DH # ' W +& #% W : # ' . & : – f: . = . : ! =" . ! / ! ## B < D U # # B 6# / _: # / _: = < D U ## B : # / _: = < D U # # B = ( =" 6 + ' + ( M ; !( + 7 U + / 3XG /# 2 & h8 Handshake Payload and Types Sharif Network Security Center SSL Handshake Protocol Sharif Network Security Center Sharif Network Security Center " 4 ( – SSL ! 5' : &! '& ( SSL !H( M 6 Z H(= ## . ## '& 1 '& 1 x.509 # ( . ! ! HTTPS # # B # SSL # . & Transport Layer )TLS (Security IETF & # ( a ! SSL & ! ( # ( $( a # 4 / 2(# : & ![ = % : " >( # 6 3 $( SSL 2 $ H .3 & # % )MAC 2 M # !_B HMAC & 7U+ " (XOR HMAC 6 .' !:# < # 3 W Y $ ( / 2B C B no-certificate TLS # J"= Y& . HW & Fortezza 5 HW ?J1 " SET: Secure Electronic Transactions # SET: Secure Electronic Transactions & #% 6P !: _ )#& ! 5' : : P +& # $" ' P2 :#& 3 .4 & # #3 23 23 (MasterCard&Visa \ ! 5' : &^ /Z( a # " ## : & ( 68 !; !G 2 / ( a 6# 8 5' : .(transaction)!W X.509v3 # . 3 C B ' !' " & # % \Z: 3XG : # : !; < 5 1 & >: M C B) ( # SET SET ! : i % 4 # + 3XG !H( M k%1 23 K1 ; '& 1 CZ ' ## . k%1 = ( ( . HW P +)! ' = & #% .5 $ !1 G P P /Z( ,! .$ ( P # 7 3 # !H $ 7 3 (SSL IPSec ( ) ^ ' =: 7 ( C Z # P .3 6 P 6# 8 # =: 7 ( $ & SET 6# CZ $ : P2 6 " '# =: & ( SET SET : #& 23 ' . : 3XG !H( M (DES & # % ) ( ! !% 5' # )RSA !.B l m & # % : ' # # _ k%1 HMAC SHA-1 X.509v3 !' " !.B l m : ( # '& 1 X.509v3 !' " !.B l m : : '& 1 SET Components Sharif Network Security Center B SET :& 23 # : <B 6 :(Card Holder) K1 ; , '# ( # : K1 ; # : :(Merchant) : .# # ( f G & !( & a( ( !W C Z # ! 23 " # $ : (Issuer) #; # + / V$ ! #; SET ( #) 5 $ : & c c !W $ a :(Acquirer)!W ! : : ! # + :) + i& # + 6 21 ; (8 6# / _: $1 f G& # "# '# ( # : $1 $ $1 6# & 23 Z _ : #n2 = :(Payment Gateway) # + & # 7 # : Acquirer \ : X509 !' " # ; :(CA)!' " ;Y # + ' & # ' SET ! !( 2 D+ SET . !W / Z ( C1 !P( a( # $1 : X509 !' " : m Y& 23 H# 7 +lm !P : : / !' " D \ $1 o : D \ !' " : # :\ !' " : # D ? G& : & : D K( i % / & : ' SET !W / Z ( C1 # 3XG D : # + < D / # ! = ( !' " C # : = ; # + 3XG . . $(5 :C B : 3XG 23 ! i % # + i % :! : ( ! :: : K( & # + & 8“ . :! # + & # ”j# # # & ( @Z # + SET !W / Z ( C1 r :/ s + ! ; #: D & >( # : K( & i % ! 6# 8 5' : u n2 /Z( @Z : # + & # K( & : K( & : $1 # + D 2t / @Z $1 " SET :/ t . ( a( % (PI) ( 1 ( ! _: !W . 1 # ! # ' #% l : ' # + 3XG i % 6 (Dual Signature)C # l m ! U+/< ! .$ ( P ( " (OI)i % 3XG . ( ! # : ( 23 . 2( : ( i % = 2( a( f _ ! _: # + # v6 . _ ! 2B : ! Dual Signature 5$ ( P & # % : " : Construction of Dual Signature Sharif Network Security Center SET # ! C PD ! ; T & .3 SET # # B (Purchase Request) (Payment Authorization) (Payment Capture) i % # + & # + : # SET 7 + 4 68 !G :(Purchase Request) :# ! / (4 & 1) @Z ` : ? G& (ID) P ) # d (C .nonce :? G& C2B 1 ID nonce ) !' " : !' " X3 ) ( # W 23 (4 & 2) # W s + D nonce C : m # + & # SET (... : xC ( (4 & 3) : ? G& : a( m : f G &) i % (4 & 4) # # ! / ! / # ` 3 XG # + 3XG ! .3 !' " :? G& a( & m # #) < # + s + !' " 3XG s + Purchase Request – Customer Sharif Network Security Center Purchase Request – Merchant Sharif Network Security Center SET (Payment Gateway Authorization) # + & # & 23 & : dXG 1 : ) : J+ ' ; .1 # + : ! 7 + # C .# ! 7 4( # + & # SET : # + & # 3XG )(OIMD : ` ( " # m )PI) ' " ( h ID : ` 3XG ( m !' " . ! # . s + . :? G& & 3XG C 3XG C ) & # + & #? G& & # + & #\ = )& ` 3XG : \ (capture token)! # + : . # + & (# _ 1 capture token C # & # 3XG SET (payment capture) =' ( ! ^ . : # # + : # ^ / & ^+ : 23 & # ^ :# ! 7 4( 7 + # !G " SET : : ? G & (capture request) # + & # ' "=( & n2 ( / : lm a( ! ## # . : #s + . : # capture token ID )n 2 C : Y& lm # !; < P2 f G & ) ; # # ! CZ : $1 # + & # ? G & (capture response) # # = : K s +n2 /Z( ; # 6 + j
© Copyright 2026 Paperzz