Shulou(Shulou.com)06/03 Report--

Preface

Baidu launched the site-wide HTTPS security search in 2015, and the default will jump the HTTP request to HTTPS. Starting today, we will share a series of articles to focus on introducing and analyzing Baidu's HTTPS best practices.

Overview of HTTPS Protocol

HTTPS can be thought of as HTTP+TLS.

The HTTP protocol is familiar to everyone. At present, most WEB applications and websites are transmitted using the HTTP protocol.

TLS is a transport layer encryption protocol, its predecessor is SSL protocol, which was first issued by Netscape in 1995, and changed its name to TLS after IETF discussion and specification in 1999. If not specified, both SSL and TLS are talking about the same protocol.

The location of HTTP and TLS at the protocol layer and the composition of the TLS protocol are shown below:

Figure 1 TLS protocol format

TLS protocol mainly has five parts: application data layer protocol, handshake protocol, alarm protocol, encrypted message confirmation protocol, heartbeat protocol.

The TLS protocol itself is transmitted by the Record protocol, and the format of the Record protocol is shown on the far right of the figure above.

At present, the commonly used HTTP protocol is HTTP1.1, and the commonly used versions of TLS protocol are as follows: TLS1.3,TLS1.2,TLS1.1,TLS1.0 and SSL3.0. Among them, SSL3.0 has been proved to be insecure due to POODLE attacks, but statistics show that less than 1% of browsers use SSL3.0. TLS1.0 also has some security vulnerabilities, such as RC4 and BEAST attacks. In the past, because TLS implementations in mainstream Web browsers and applications supported the downgrade negotiation process, attackers had the opportunity to take advantage of weaker protocols even if the server supported the latest version. Therefore, by 2020, all major Web browsers will remove TLS1.0 and TLS1.1 support.

TLS1.2 has no known security vulnerabilities and is relatively secure. At the same time, it has a large number of extensions to improve speed and performance, so it is currently widely used.

It is important to note that TLS1.3 is a very significant reform of the TLS protocol. Both security and user access speed will be qualitatively improved. The final version of the TLS1.3 protocol (RFC8446) was released on August 10th, 2018, and major browsers are gradually supporting TLS1.3.

At the same time, HTTP2 was formally finalized (RFC7540) in May 2015. compared with HTTP1.1, this protocol evolved from SPDY protocol is a very significant change, which can significantly improve the efficiency of application layer data transmission.

Introduction to HTTPS function

Baidu uses HTTPS protocol mainly to protect users' privacy and prevent traffic hijacking.

HTTP itself is transmitted in clear text without any security processing. For example, when a user searches for a keyword on Baidu, such as "iPhone", the middleman can see the information and may call to harass the user. When some users complain about using Baidu, they find that there is a long, large advertisement floating on the home page or the result page, which must be the ad content inserted into the page by the middleman. If the hijacking technology is inferior, users can't even access Baidu.

The middleman mentioned here mainly refers to some network nodes, which are the nodes through which user data must be transferred between the browser and Baidu server. Such as WIFI hotspots, routers, firewalls, reverse proxies, cache servers, etc.

Under the HTTP protocol, middlemen can sniff users' search content at will, steal privacy and even tamper with web pages. However, HTTPS is the nemesis of these hijackings and can be completely effective in defense.

In general, the HTTPS protocol provides three powerful features to combat the hijacking mentioned above:

Content encrypted. The content from the browser to the Baidu server is transmitted in encrypted form, and the middleman cannot view the original content directly.

Identity authentication. Users are guaranteed to visit Baidu services. Even if they are hijacked to a third-party site by DNS, users will be reminded that they have not visited Baidu services and may be hijacked.

Data integrity. Prevent the content from being impersonated or tampered with by a third party.

So how does HTTPS do these three things? Let's introduce it from the point of view of principle.

Introduction to the principle of HTTPS

1 content encryption

Encryption algorithms are generally divided into two types, symmetric encryption and asymmetric encryption. The so-called symmetric encryption (also known as key encryption) means that encryption and decryption use the same key. Asymmetric encryption (also known as public key encryption) means that different keys are used for encryption and decryption.

Fig. 2 symmetric encryption

Fig. 3 asymmetric encryption

The encryption strength of symmetrical content is very high and generally cannot be cracked. However, there is a big problem that the key can not be safely generated and kept. If each session between the client software and the server uses a fixed, the same key encryption and decryption, there must be a great security risk. If someone gets a symmetric key from the client, there is no security for the whole content, and it is a very complicated thing to manage a large number of client keys.

Asymmetric encryption is mainly used for key exchange (also known as key negotiation), which can solve this problem well. Each time the browser and the server create a new session, the asymmetric key exchange algorithm is used to negotiate the symmetric key, and these symmetric keys are used to complete the encryption, decryption and verification of the application data. The keys in the whole session are only generated and saved in memory. And the symmetric key for each session is different (unless the session is reused), and the middleman cannot steal it.

Asymmetric key exchange is secure, but it is also the "culprit" for the serious degradation of HTTPS performance and speed. If you want to know why HTTPS affects speed and why it consumes resources, you must understand the whole process of asymmetric key exchange.

The following focuses on the mathematical principle of asymmetric key exchange and its application in the process of TLS handshake.

2 asymmetric secret key exchange

Before the emergence of asymmetric key exchange algorithms, a big problem of symmetric encryption is that we do not know how to securely generate and keep keys. The main purpose of the process of asymmetric key exchange is to solve this problem and make the generation and use of symmetric keys more secure.

The key exchange algorithm itself is very complex, and the key exchange process involves random number generation, modular exponential operation, blank completion, encryption, signature and other operations.

Common key exchange algorithms include RSA,ECDHE,DH,DHE and other algorithms. Their characteristics are as follows:

RSA: the algorithm is easy to implement, was born in 1977, has a long history, has been cracked and tested for a long time, and has high security. The disadvantage is that a relatively large prime number (2048 bits is commonly used at present) is needed to ensure the security strength, which consumes CPU computing resources. RSA is the only algorithm that can be used for both key exchange and certificate signature at present.

The DH:Diffie-Hellman key exchange algorithm was born earlier (1977), but it was not made public until 1999. The disadvantage is that it consumes CPU performance.

ECDHE: the DH algorithm using elliptic curve (ECC) has the advantage of achieving the same security level of RSA with a small prime number (256bits). The disadvantage is that the implementation of the algorithm is complex, the history of key exchange is not long, and it has not been tested by security attacks for a long time.

ECDH: PFS is not supported, security is low, and False Start cannot be implemented.

DHE: ECC is not supported. It consumes CPU resources very much.

It is recommended to give priority to supporting RSA and ECDH_RSA key exchange algorithms. The reason is:

ECDHE supports ECC acceleration for faster computing. Support PFS for more security. Support False Start, user access speed is faster.

Currently, at least 20% of clients do not support ECDHE. We recommend using RSA instead of DH or DHE, because DH algorithms consume a lot of CPU (equivalent to doing two RSA calculations).

Figure 4 details of Baidu HTTPS connection

It should be noted that the so-called ECDHE key exchange refers to ECDHE_RSA by default. ECDHE is used to generate the public and private keys required by the DH algorithm, and then the RSA algorithm is used to sign and finally calculate the symmetric key.

Asymmetric encryption is more secure than symmetric encryption, but it also has two obvious disadvantages:

CPU computing resources are very expensive. In a complete TLS handshake, the amount of asymmetric decryption computation during key exchange accounts for more than 90% of the whole handshake process. The amount of computation of symmetric encryption is only 0.1% of that of asymmetric encryption. If the application layer data also uses asymmetric encryption and decryption, the performance overhead is too high to bear.

Asymmetric encryption algorithm limits the length of encrypted content, which cannot exceed the length of public key. For example, the commonly used public key length is 2048 bits, which means that the content to be encrypted cannot exceed 256bytes.

Therefore, public key encryption can only be used for key exchange or content signature, but it is not suitable for encryption and decryption of application layer transmission content.

Asymmetric key exchange algorithm is the cornerstone of the security of the whole HTTPS, and a full understanding of asymmetric key exchange algorithm is the key to understand the protocol and function of HTTPS.

Total knot

In the next article, we will continue to introduce the application of RSA and ECDHE in the process of key exchange.

The article is compiled from Baidu HTTPS Technical Joint team.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.