Рассматриваются основные этапы развития криптографических протоколов от SSL 2.0 (Secure Socket Layer) до TLS 1.3 (Transport Layer Security), обеспечивающих защиту данных транспортного уровня модели OSI. Приводится краткое описание модификации протокола RuTLS, построенного на базе TLS 1.3, и их основные отличия. Развитие IPsec, предоставляющего криптографическую защиту коммуникаций на сетевом уровне модели OSI, рассмотрено на примерах развития трёх наиболее часто применяемых протоколов, на основе которых он строится. В их число входят IKE (Internet Key Exchange), AH (Authentication Header), ESP (Encapsulation Security Payload).
Скачать электронную версию публикации
Загружен, раз: 89
- Title Основные этапы развития криптографических протоколов SSL/TLS и IPsec
- Headline Основные этапы развития криптографических протоколов SSL/TLS и IPsec
- Publesher
Tomsk State University - Issue Прикладная дискретная математика 51
- Date:
- DOI 10.17223/20710410/51/2
Ключевые слова
криптографические протоколы, SSL, TLS, IPsecАвторы
Ссылки
Kipp E. B. H. The SSL Protocol. Netscape Communications Corp., 1995 (Expires 10 / 95). 26 p. https://tools.ietf.org/html/draft-hickman-netscape-ssl-00.
Polk T. and Turner S. Prohibiting Secure Sockets Layer (SSL) Version 2.0. RFC 6176. Internet Engineering Task Force (IETF), 2011. 4p. https://tools.ietf.org/html/rfc6176.
Freier A, Karlton P., and Kocher P. The Secure Sockets Layer (SSL) Protocol Version 3.0. RFC 6101. Internet Engineering Task Force (IETF), 2011. 67p. https://tools.ietf.org/ html/rfc6101.
Allen C. and Dierks T. The TLS Protocol Version 1.0. RFC 2246. Network Working Group, 1999. 80p. https://tools.ietf.org/html/rfc2246.
Kaliski B. PKCS#1: RSA Encryption Standard, version 1.5. RFC 2313. Network Working Group, 1998. 19p. https://tools.ietf.org/html/rfc2313.
Dierks T. and Rescorla E. The Transport Layer Security (TLS) Protocol Version 1.1. RFC 4346. Network Working Group, 2006. 87 p. https://tools.ietf.org/html/rfc4346.
Jonsson J. and Kaliski B. Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1. RFC 3447. Network Working Group, 2003. 72 p. https://tools.ietf.org/html/rfc3447.
Ford W., Housley R., Polk W., and Solo D. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 3280. Network Working Group, 2002. 129p. https://tools.ietf.org/html/rfc3280.
http://www. openssl.org/~bodo/tls-cbc.txt - Security of CBC Ciphersuites in SSL/TLS: Problems and Countermeasures, 2004.
Dierks T. and Rescorla E. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246. Network Working Group, 2008. 104 p. https://tools.ietf.org/html/rfc5246.
Eastlake D. 3rd. Transport Layer Security (TLS) Extensions: Extension Definitions. RFC 6066. Internet Engineering Task Force (IETF), 2011. 25 p. https://tools.ietf.org/ html/rfc6066.
Dworkin M. Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality. NIST Special Publication 800-38C, 2004. 27p.
Dworkin M. Recommendation for Block Cipher Modes of Operation: Galois / Counter Mode (GCM) and GMAC. NIST Special Publication 800-38D, 2007. 39 p.
McGrew D. An Interface and Algorithms for Authenticated Encryption. RFC 5116. Network Working Group, 2008. 22 p. https://tools.ietf.org/html/rfc5116.
Mavrogiannopoulos N. Using OpenPGP Keys for Transport Layer Security (TLS) Authentication. RFC 5081. Network Working Group, 2007. 8p. https://tools.ietf.org/ html/rfc5081.
Blake-Wilson S., Bolyard N., Gupta V., et al. Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS). RFC 4492. Network Working Group, 2006. 35 p. https://tools.ietf.org/html/rfc4492.
Bleichenbacher D. Chosen ciphertext attacks against protocols based on RSA Encryption Standard PKCS#1 // CRYPTO’98. LNCS. 1998. V. 1462. P.1-12.
Klima V., Pokorny O, and Rosa T. Attacking RSA-based Sessions in SSL/TLS. Cryptology ePrint Archive: Report 2003/052, 2003. 23 p.
https://csrc.nist.gov/publications/detail/fips/186/3/archive/2009-06-25 - Digital Signature Standard (DSS). NIST FIPS PUB 186-3, 2009. 131 p.
Rescorla E. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446. Internet Engineering Task Force (IETF), 2018. 160p. https://tools.ietf.org/html/rfc8446.
Eronen P. and Krawczyk H. HMAC-based Extract-and-Expand Key Derivation Function (HKDF). RFC 5869. Internet Engineering Task Force (IETF), 2010. 14p. https://www. rfc-editor.org/info/rfc5869.
https://standards.ieee.org/standard/1363-2000.html - IEEE Standard Specifications for Public Key Cryptography. IEEE Std 1363-2000, 2000. 236p.
Hamburg M., Langley A., and Turner S. Elliptic Curves for Security. RFC 7748. Internet Research Task Force (IRTF), 2016. 22 p. https://tools.ietf.org/html/rfc7748.
Гребнев С. В., Лазарева Е. В., Лебедев П. А. и др. Интеграция отечественных протоколов выработки общего ключа в протокол TLS 1.3 // Прикладная дискретная математика. Приложение. 2018. №11. C. 62-65.
Матюхин Д. В. О некоторых свойствах схем выработки общего ключа, использующих инфраструктуру открытых ключей, в контексте разработки стандартизированных криптографических решений. 2011. https://www.ruscrypto.ru/resource/archive/rc2011/ files/02_matyukhin.pdf.
Нестеренко А. Ю. Об одном подходе к построению защищенных соединений // Математические вопросы криптографии. 2013. №4:2. C. 101-111.
Гребнев С. В. О возможности стандартизации протоколов выработки общего ключа. РусКрипто, М., 2014. https://www.ruscrypto.ru/resource/archive/rc2014/files/03_ grebnev.pdf.
Carrel D. and Harkins D. The Internet Key Exchange (IKE). RFC 2409. Network Working Group, 1998. 41 p. https://tools.ietf.org/html/rfc2409.
Orman H. The Oakley Key Determination Protocol. RFC 2412. Network Working Group, 1998. 55 p. https://tools.ietf.org/html/rfc2412.
Krawczyk H. SKEME: A versatile secure key exchange mechanism for Internet // Proc. Internet Society Symp. on Network and Distributed Systems Security, San Diego, CA, USA, 1996. P.114-127.
Maughhan D., Schertler M., Schneider M., and Turner J. Internet Security Association and Key Management Protocol (ISAKMP). RFC 2408. 1998. https://tools.ietf.org/html/ rfc2408.
Schneier B. Applied Cryptography: Protocols, Algorithms and Source Code in C, 2nd ed. N.Y.: Wiley, 1996. 783 p.
Kaufman C. Internet Key Exchange (IKEv2) Protocol. RFC 4306. Network Working Group, 2005. 99p. https://tools.ietf.org/html/rfc4306.
Piper D. The Internet IP Security Domain of Interpretation for ISAKMP. RFC 2407. Network Working Group, 1998. 32 p. https://tools.ietf.org/html/rfc2407.
Ababa B., Blunk L., Carlson J., et al. Extensible Authentication Protocol (EAP). RFC 3748. Network Working Group, 2004. 67 p. https://tools.ietf.org/html/rfc3748.
Asokan N., Nierni V., and Nyberg K. Man-in-the-Middle in Tunneled Authentication Protocols. Cryptology ePrint Archive: Report 2002/163, 2002. 15 p.
Monsour B., Pereira R., Shacham A., and Thomas M. IP Payload Compression Protocol (IPComp). RFC 3173. Network Working Group, 2001. 13p. https://tools.ietf.org/html/ rfc3173.
DiBurro L., Huttunen A., Stenberg M., et al. UDP Encapsulation of IP Security ESP Packets. RFC 3948. Network Working Group, 2005. 15 p. https://tools.ietf.org/html/rfc3948.
Black D., Floyd S., and Ramakrishnan K. The Addition of Explicit Congestion Notification (ECN) to IP. RFC 3168. Network Working Group, 2001. 63p. https://tools.ietf.org/ html/rfc3168.
Kent S. and Seo K. Security Architecture for the Internet Protocol. RFC 4301. Network Working Group, 2005. 101 p. https://tools.ietf.org/html/rfc4301.
Eronen P., Hoffman P., Kaufman C., and Nir Y. Internet Key Exchange Protocol Version 2 (IKEv2). RFC 5996. Internet Engineering Task Force (IETF), 2010. 138 p. https://tools. ietf.org/html/rfc5996.
Eronen P. and Hoffman P. IKEv2 Clarifications and Implementation Guidelines. RFC 4718. Network Working Group, 2006. 58 p. https://tools.ietf.org/html/rfc4718.
Berners-Lee T., Fielding R., Frystyk H., et al. Hypertext Transfer Protocol - HTTP / 1.1. RFC 2616. Network Working Group, 1999. 176p. https://tools.ietf.org/html/rfc2616.
Eronen P., Laganier J., and Madson C. IPv6 Configuration in Internet Key Exchange Protocol Version 2 (IKEv2). RFC 5739. Internet Engineering Task Force (IETF), 2010. 32 p. https://tools.ietf.org/html/rfc5739.
Atkinson R. The IP Authentication Header. RFC 1826. Network Working Group, 1995. 13 p. https://tools.ietf.org/html/rfc1826.
Metzger P. and Simpson W. IP Authentication with Keyed MD5. RFC 1828. Network Working Group, 1995. 5p. https://tools.ietf.org/html/rfc1828.
Atkinson R. and Kent S. IP Authentication Header. RFC 2402. Network Working Group, 1998. 22 p. https://tools.ietf.org/html/rfc2402.
Kent S. IP Authentication Header. RFC 4302. Network Working Group, 2005. 34p. https: //tools.ietf.org/html/rfc4302.
Eastlake D. 3rd. Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH). RFC 4305. Network Working Group, 2005. 9p. https://tools.ietf.org/html/rfc4305.
Atkinson R. IP Encapsulating Security Payload (ESP). RFC 1827. Network Working Group, 1995. 12 p. https://tools.ietf.org/html/rfc1827.
Atkinson R. and KentS. IP Encapsulating Security Payload (ESP). RFC 2406. Network Working Group, 1998. 22 p. https://tools.ietf.org/html/rfc2406.
Kent S. IP Encapsulating Security Payload (ESP). RFC 4303. Network Working Group, 2005. 44 p. https://tools.ietf.org/html/rfc4303.
Основные этапы развития криптографических протоколов SSL/TLS и IPsec | Прикладная дискретная математика. 2021. № 51. DOI: 10.17223/20710410/51/2
Скачать полнотекстовую версию
Загружен, раз: 290