Shulou(Shulou.com)06/01 Report--

This article introduces you what the HTTPS protocol and principles are, the content is very detailed, interested friends can refer to, hope to be helpful to you.

HTTPS protocol and principle

Preface

Baidu has recently launched a site-wide security search for HTTPS, and by default it will jump to HTTPS for HTTP requests. This paper focuses on the HTTPS protocol and briefly introduces the significance of deploying HTTPS in the whole station.

Overview of HTTPS Protocol

HTTPS can be thought of as HTTP + TLS. The HTTP protocol is familiar to everyone. At present, most WEB applications and websites are transmitted using the HTTP protocol.

TLS is a transport layer encryption protocol, its predecessor is SSL protocol, which was first issued by netscape in 1995, and changed its name to TLS after IETF discussion and specification in 1999. If not specified, both SSL and TLS are talking about the same protocol.

The location of HTTP and TLS at the protocol layer and the composition of the TLS protocol are shown below:

TLS protocol mainly has five parts: application data layer protocol, handshake protocol, alarm protocol, encrypted message confirmation protocol, heartbeat protocol.

The TLS protocol itself is transmitted by the record protocol, and the format of the record protocol is shown on the far right of the figure above.

At present, the commonly used HTTP protocol is HTTP1.1, and the commonly used versions of TLS protocol are as follows: TLS1.2, TLS1.1, TLS1.0 and SSL3.0. Among them, SSL3.0 has been proved to be insecure due to POODLE attacks, but statistics show that less than 1% of browsers use SSL3.0. TLS1.0 also has some security vulnerabilities, such as RC4 and BEAST attacks. TLS1.2 and TLS1.1 have no known security vulnerabilities and are relatively secure. At the same time, there are a large number of extensions to improve speed and performance. It is recommended that you use them.

It is important to note that TLS1.3 will be a very major reform of the TLS protocol. Both security and user access speed will be qualitatively improved. However, there is no clear release time.

Introduction to HTTPS function

Baidu uses HTTPS protocol mainly to protect users' privacy and prevent traffic hijacking. HTTP itself is transmitted in clear text without any security processing. For example, when a user searches for a keyword on Baidu, such as "iPhone", the middleman can see the information and may call to harass the user. When some users complain about using Baidu, they find that there is a long, large advertisement floating on the home page or the result page, which must be the ad content inserted into the page by the middleman. If the hijacking technology is inferior, users can't even access Baidu.

The middleman mentioned here mainly refers to some network nodes, which are the nodes through which user data must be transferred between the browser and Baidu server. Such as WIFI hotspots, routers, firewalls, reverse proxies, cache servers, etc.

Under the HTTP protocol, middlemen can sniff users' search content at will, steal privacy and even tamper with web pages. However, HTTPS is the nemesis of these hijackings and can be completely effective in defense. In general, the HTTPS protocol provides three powerful features to combat the hijacking mentioned above:

Content encrypted. The content from the browser to the Baidu server is transmitted in encrypted form, and the middleman cannot view the original content directly.

Identity authentication. Users are guaranteed to visit Baidu services. Even if they are hijacked to a third-party site by DNS, users will be reminded that they have not visited Baidu services and may be hijacked.

Data integrity. Prevent the content from being impersonated or tampered with by a third party.

So how does HTTPS do these three things? Let's introduce it from the point of view of principle.

Introduction to the principle of HTTPS

Content encryption

Encryption algorithms are generally divided into two types, symmetric encryption and asymmetric encryption. The so-called symmetric encryption (also known as key encryption) means that encryption and decryption use the same key. Asymmetric encryption (also known as public key encryption) means that different keys are used for encryption and decryption.

Asymmetric key exchange

Before the emergence of asymmetric key exchange algorithms, a big problem of symmetric encryption is that we do not know how to securely generate and keep keys. The main purpose of the process of asymmetric key exchange is to solve this problem and make the generation and use of symmetric keys more secure.

The key exchange algorithm itself is very complex, and the key exchange process involves random number generation, modular exponential operation, blank completion, encryption, signature and other operations.

Common key exchange algorithms include RSA,ECDHE,DH,DHE and other algorithms. Their characteristics are as follows:

RSA: the algorithm is easy to implement, was born in 1977, has a long history, has been cracked and tested for a long time, and has high security. The disadvantage is that a relatively large prime number (2048 bits is commonly used at present) is needed to ensure the security strength, which consumes CPU computing resources. RSA is the only algorithm that can be used for both key exchange and certificate signature at present.

DH:diffie-hellman key exchange algorithm was born earlier (1977), but it was not made public until 1999. The disadvantage is that it consumes CPU performance.

ECDHE: the DH algorithm using elliptic curve (ECC) has the advantage of achieving the same security level of RSA with a small prime number (256bits). The disadvantage is that the implementation of the algorithm is complex, the history of key exchange is not long, and it has not been tested by security attacks for a long time.

ECDH: PFS is not supported, security is low, and false start cannot be implemented.

DHE: ECC is not supported. It consumes performance very much.

Baidu only supports RSA and ECDH_RSA key exchange algorithms. The reason is:

ECDHE supports ECC acceleration for faster computing. Support PFS for more security. Support false start, user access speed is faster.

Currently, at least 20% of clients do not support ECDHE. We recommend using RSA instead of DH or DHE, because DH algorithms consume a lot of CPU (equivalent to doing two RSA calculations).

It should be noted that the so-called ECDHE key exchange refers to ECDHE_RSA by default. ECDHE is used to generate the public and private keys required by the DH algorithm, and then the RSA algorithm is used to sign and finally calculate the symmetric key.

Asymmetric encryption is more secure than symmetric encryption, but it also has two obvious disadvantages:

CPU computing resources are very expensive. In a complete TLS handshake, the amount of asymmetric decryption computation during key exchange accounts for more than 90% of the whole handshake process. The amount of computation of symmetric encryption is only 0.1% of that of asymmetric encryption. If the application layer data also uses asymmetric encryption and decryption, the performance overhead is too high to bear.

Asymmetric encryption algorithm limits the length of encrypted content, which cannot exceed the length of public key. For example, the commonly used public key length is 2048 bits, which means that the content to be encrypted cannot exceed 256bytes.

Therefore, public key encryption can only be used for key exchange or content signature, but it is not suitable for encryption and decryption of application layer transmission content.

Asymmetric key exchange algorithm is the cornerstone of the security of the whole HTTPS, and a full understanding of asymmetric key exchange algorithm is the key to understand the protocol and function of HTTPS.

The following is a popular introduction to the application of RSA and ECDHE in the process of key exchange.

Application of RSA in the process of key Exchange

The principle of RSA algorithm is that multiplication is irreversible or large number factors are difficult to decompose. The derivation and implementation of RSA involves Euler function, Fermat theorem and the concept of modular inverse elements. Interested readers can do it on their own.

RSA algorithm is one of the most important algorithms that dominate the world, and at present, RSA is also the most important algorithm in HTTPS system. Here's a simple example of the magic of RSA.

Suppose a website needs to use HTTPS protocol, then it must first apply for a digital certificate. Before applying for a certificate, it needs to generate a pair of public and private keys. In order to illustrate the problem, assume that the key length of server is only 8 digits. In fact, the server certificate is at least 2048 bits long.

Two prime numbers p and Q are randomly selected so that pq is close to the eighth power of 2 = 256, assuming p = 13, Q = 19. N = pq = 13,19,247.

Choose a number e, which satisfies 1 < e < (pmur1) (qmurl) and e is coprime with (pmae1) (qmer1), assuming e = 53.

Calculate the modular inverse element of e with respect to n, ed ≡ 1 (mod φ (n)), d =

In practical application, the public key pair and the private key pair are formed by (NMagol e) and (NMagne d) respectively. The public key is generally registered in the certificate, and anyone can view it directly. For example, the public key pair of Baidu certificate is shown below, in which the last 6 digits (010001) are converted into decimal 65537, that is, the e in the public key pair. There are two reasons why the value is relatively small:

Reduce the computing strength of the client side, especially now the computing power of the mobile terminal is relatively weak, and the smaller public key makes the CPU computing faster.

Make it more difficult to crack the server end. If e is relatively small, d must be very large. So the value space of d will also be very large.

Application of ECDHE algorithm in key Exchange

The implementation of ECDHE algorithm is much more complicated, and it mainly depends on the mathematical principles of ECC elliptic curve and discrete logarithm. The detailed concept is not explained, but an example is introduced.

Symmetric content encryption

At the end of the asymmetric key exchange process, the symmetric key to be used in this session is obtained. Symmetric encryption is divided into two modes: streaming encryption and packet encryption. RC4 is now commonly used in streaming encryption, but RC4 is no longer secure, and Microsoft recommends that websites try not to use RC4 streaming encryption.

A new streaming encryption algorithm instead of RC4 is called ChaCha20, which is a faster and more secure encryption algorithm introduced by google. It has been adopted by android and chrome and compiled into boringssl, the open source openssl branch of google, and nginx 1.7.4 also supports compiling boringssl.

The commonly used mode of block encryption is AES-CBC, but CBC has been proved to be vulnerable to BEAST and LUCKY13 attacks. At present, the recommended packet encryption mode is AES-GCM, but its disadvantage is that it has a large amount of computation, high performance and power consumption, so it is not suitable for mobile phones and tablets.

Data integrity

This part is easy to understand, similar to the usual md5 signature, but the security requirements are much higher. Openssl now uses two integrity checking algorithms: MD5 or SHA. As MD5 is likely to conflict in practical applications, try not to use MD5 to verify content consistency. SHA also cannot use SHA0 and SHA1. Professor Wang Xiaoyun of Shandong University in China announced that he had cracked the full version of the SHA-1 algorithm in 2005. Both Microsoft and google have announced that they will no longer support sha1 signed certificates after 16 and 17 years.

Identity authentication

Identity authentication mainly involves PKI and digital certificates. Digital certificates serve two purposes:

Identity authorization. Make sure your browser visits a trusted site that has been verified by CA.

Distribute the public key. Each digital certificate contains the public key generated by the registrant. During the SSL handshake, the certificate message is transmitted to the client.

Here is a brief introduction of the digital certificate is how to verify the identity of the website, the specific knowledge of the PKI system is not described in detail.

The certificate applicant will first generate a pair of keys, including the public key and key, and then send the request for the public key, domain name and CU to RA,RA in CSR format (RA will ask an independent third party and legal team to confirm the identity of the applicant), then send CSR to CA,CA and create a certificate in X.509 format.

The applicant gets the CA certificate and deploys it on the server side of the website. after the browser initiates a handshake to receive the certificate, how do you confirm that the certificate is issued by CA? How to prevent a third party from forging this certificate?

The answer is digital signature (digital signature). A digital signature can be thought of as an anti-counterfeiting label for a certificate. The process of making and verifying the most widely used SHA-RSA digital signature is as follows:

The issuance of digital signatures. First, a hash function is used to hash the certificate data to generate a message digest, and then the certificate content and message digest are encrypted using CA's own private key.

Verification of digital signatures. Use the public key of CA to decrypt the signature, and then use the same signature function to sign the certificate content and compare it with the signature content in the server's digital signature. If the same, the verification is considered successful.

Here are a few points to explain:

The key pair used for digital signature signing and verification is CA's own public and private key, which has nothing to do with the public key submitted by the certificate applicant.

The signing process of digital signature is opposite to that of public key encryption, that is, it is encrypted with private key and decrypted by public key.

Now all large CA will have a certificate chain. One of the advantages of certificate chain is security, keeping the private key of the root CA offline. The second benefit is to facilitate deployment and revocation, that is, if there is a problem with the certificate, only the corresponding level of certificate needs to be revoked, and the root certificate is still secure.

The root CA certificate is self-signed, that is, the signature is made and verified with its own public key and private key. The certificate signatures on the certificate chain are signed and verified using the key pair of the previous certificate.

How to get the key pair of root CA and multi-level CA? Are they credible? Of course, it can be trusted, because these vendors cooperate with browsers and operating systems, and their public keys are installed in the browser or operating system environment by default. For example, firefox maintains a trusted CA list on its own, while chrome and IE use the operating system's CA list.

Cost of using HTTPS

At present, the only problem of HTTPS is that it has not been applied on a large scale, and it has received less attention and research. As for the cost and extra expenses, don't worry too much at all.

Generally speaking, people may pay close attention to the following issues before using HTTPS:

Certificate fee and update maintenance. People think that it is troublesome to apply for a certificate, and the certificate is also very expensive, but the certificate is actually not expensive at all. if it is cheap, it costs dozens of yuan a year, at most a few hundred. And now there are free certificate authorities, such as the famous mozilla-sponsored free certificate program: let's encrypt supports free certificate installation and automatic updates. The project will be put into use in the middle of this year. In fact, the cost of digital certificate is not high, for small and medium-sized websites can use cheap or even free digital certificate services (there may be security risks), such as the certificate of the famous verisign company generally ranges from thousands to tens of thousands of yuan a year. Of course, if the company has a large demand for certificates and high customization requirements, you can set up your own CA site, such as google, and you can issue google-related certificates at will.

HTTPS slows down user access. HTTPS will slow down the speed to a certain extent, but as long as it is properly optimized and deployed, the impact of HTTPS on speed is completely acceptable. In many scenarios, HTTPS is not inferior to HTTP at all, and even faster than HTTP if you use SPDY,HTTPS. We are now using Baidu HTTPS security search, do you feel slow?

HTTPS consumes CPU resources and requires a large number of additional machines. Asymmetric key exchange is introduced earlier, which consumes a large amount of CPU computing resources. in addition, symmetric encryption and decryption also requires CPU computation. Similarly, as long as the reasonable optimization, the machine cost of HTTPS will not increase significantly. For small and medium-sized websites, there is no need to add machines to meet the performance requirements.

About what the HTTPS protocol and principles are shared here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.