CN108377186A - A kind of ssl protocol based on TCM - Google Patents
A kind of ssl protocol based on TCM Download PDFInfo
- Publication number
- CN108377186A CN108377186A CN201810222609.1A CN201810222609A CN108377186A CN 108377186 A CN108377186 A CN 108377186A CN 201810222609 A CN201810222609 A CN 201810222609A CN 108377186 A CN108377186 A CN 108377186A
- Authority
- CN
- China
- Prior art keywords
- tcm
- client
- ssl
- server
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
- H04L9/3239—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention discloses a kind of ssl protocol based on credible password module TCM, is used for the communication of two side of client and server, is designed from the following aspect, 1) provide the certification based on hardware and system level using platform identity certificate;2) protection by the storage master key of chip to pre- master key so that before data exchange, the transmission of both sides' shared key has obtained better guarantee.This agreement will be in TCM module applications to ssl protocol, establish certification of the communicating pair based on hardware and system level, and improve Encryption Algorithm, make handshake phase, both data transmits to have obtained better guarantee, stronger safety guarantee is provided for the information transmission of record protocol part, the ability for resisting attack is enhanced, improves the safety of agreement.
Description
Technical field
The present invention relates to network communication fields, and in particular to one kind being based on credible password module (Trusted
CryptographyModule, TCM) ssl protocol.
Background technology
With information-based development, safety problem has become focus of attention, and ssl protocol provides one for network communication
Safe and reliable network environment, is widely used, although agreement provides data encryption, authentication and other security services,
But it is not without disadvantage.The various security risks of agreement may cause user by huge economic loss, and go-between attacks
Hit it is exactly a kind of it is common by the security breaches of agreement come realize attack in the way of.Therefore, agreement how is improved to go-between
The immunocompetence of attack ensures the own focus through as information security issue of the safety of sensitive information in transaction.
Credible password module TCM is the module that the software and hardware of a credible calculating platform is combined, and is credible calculating platform
Crypto-operation function is provided, there is shielded memory space.Trust is established by system safety chip credible password module
Source is established then by hardware, firmware, operating system and application program according to the front and back control planning of system starting process
The method of trust chain ensures the credible of computing platform and program.
Traditional ssl protocol is substantially that can not defend for man-in-the-middle attack in handshake phase, this is because shaking hands
The authentication stage does not have the information of bottom hardware platform in agreement.The improvement project of the present invention is based on credible password module
(TCM) new realization thought is covered using platform configuration register and platform identity certificate and storage master key to flat
The verification of platform configuration information.Since certificate and private key and key, key are held in chip interior, it is not easy to be obtained by attacker.
Any change to data source information can all react in platform configuration register value, to be found.Rank is exchanged in key
Section when TCM being needed to unseal, needs the platform configuration register and storage master key of platform due to generating shared pre- master key,
Due to the one-way of hash function, go-between can not obtain identical configuration, and then can not obtain pre- master key, also just can not be real
Apply attack.This project propose the realization thought new based on credible password module (TCM), for ensure key message system can
Letter operation, establishes self-protection, active immunity protect-ing frame structure, the information security for building depth defense is of great importance.
Invention content
In order to improve Network Communicate Security, the present invention provides a kind of ssl protocol based on TCM, can real-time guard it is logical
Believe the integrality of procedure message, takes precautions against go-between, the behaviors such as distort, deny.
To achieve the goals above, the present invention uses following technical scheme.
Credible password module TCM is the module that the software and hardware of a credible calculating platform is combined, and is credible calculating platform
Crypto-operation function is provided, there is shielded memory space.Trust is established by system safety chip credible password module
Source is established then by hardware, firmware, operating system and application program according to the front and back control planning of system starting process
The method of trust chain ensures the credible of computing platform and program.Traditional ssl protocol is in handshake phase for man-in-the-middle attack base
It can not be defended in sheet, this is because the authentication stage does not have the information of bottom hardware platform in Handshake Protocol.The present invention
Improvement project be based on the new realization thought of credible password module (TCM), on the basis of analyze existing ssl protocol, proposition is simultaneously
Realize a kind of SSL improved protocols based on credible password module TCM.The agreement is related to the logical of two side of client and server
Letter, is mainly designed, 1 from the following aspect) provide the certification based on hardware and system level using platform identity certificate.2) lead to
Cross protection of the storage master key of chip to pre- master key so that before data exchange, the transmission of both sides' shared key has obtained more
Good guarantee.This method in TCM module applications to ssl protocol, will establish certification of the communicating pair based on hardware and system level,
And improve Encryption Algorithm so that handshake phase, both data transmit to have obtained better guarantee, are record protocol part
Information transmission provides stronger safety guarantee, enhances the ability for resisting attack, improves the safety of agreement.
Description of the drawings
Fig. 1 is ssl protocol authentication section optimized flow chart.
Fig. 2 is ssl protocol key exchange part optimized flow chart.
Fig. 3 is the overall flow figure after ssl protocol optimization.
Specific implementation mode
To make present example, while technical solution and advantage are clearer, below in conjunction with the attached drawing in the present invention
3, technical scheme of the present invention is clearly and completely described, it is clear that described example is present invention part application
Example, rather than whole examples.
The present invention provides a kind of SSL associations based on credible password module (Trusted CryptographyModule, TCM)
View, the symbol and function declaration used:
1, Handshake Protocol improves
1.1 certification and optimization
In improved ssl protocol, believes the authentication procedures of both sides, mainly verify the platform identity certificate and SSL of TCM
The process of the cryptographic Hash of deed of settlement.
Authentication is on condition that (1) communicating pair has TCM chips first;(2) communicating pair has been applied and has been had
Platform identity certificate by certification.
Client is to the process of server-side certificate as shown in Figure 1, detailed process is described as follows:
1.1.1 the workflow of server-side is as follows:
1) server end encapsulation SSL certificate information and TCM platform credential information, the information after encapsulation are denoted as m respectively1、m2:
m1=(PubKS,PubKCertS);m2=(PEKS,PEKCertS)。
2) server end calculates separately SSL certificate, the cryptographic Hash of TCM platform identities certificate, two class wrapper certificates concatenation, meter
Value after calculation is denoted as calculating hm respectively1、hm2、hm12:
hm1=hmac (m1);hm2=hmac (m2);hm12=hmac (m1||m2)。
3) server end generates signature key to KS、KP, server end carries out digital doubled sign and obtains DSS:DSS=aenc
(m12,KCS), TCM platform identities certificate and SSL certificate are associated together using digital doubled sign, this ssl protocol of table name
Particular platform environment is the information in TCM.
4) server end is KS, m1, DSSAnd m1Cryptographic Hash hm1It is sent to client TCM i.e. TCMC, such TCM can only obtain
To m2Hash Value, but cannot get m2;KP, m2, DSSAnd m2Cryptographic Hash hm2It is sent to client host HC, such HCIt can only
Obtain m1Hash Value and cannot get m1。
1.1.2 the verification flow of client is as follows:
1) client is authenticated the SSL certificate and platform identity certificate of server end respectively.
2) client is authenticated the correspondence of SSL certificate and platform identity certificate, verifies the spy of this ssl protocol
Whether fixed platform environment is system environments in TCM, and specific verification is as follows:
Calculate hm12'=adec (DSS,KP);Calculate hm2=hmac (m2);Verify equation hm12=hmac (m1||m2) whether
It sets up, signs if setting up effective, continue following steps, otherwise terminate this agreement.
1.2 session secret key exchange process optimize
Pre-master secret key is as session secret key, it is necessary to can just be interacted after a series of encryptions, the secret key after optimization
The participation of TCM modules is added in exchange process, encrypts the generation of secret key according to having randomness and confidentiality, while to session secret key
Storage protection is also strengthened.Secret key exchange process is as shown in Fig. 2, detailed process is described as follows:
1) both sides TCM modules generate public and private secret key pair, and private key handle is sent to host where oneself, and public key is sent to communication
Another party.
2) client calculates the encryption secret key for encrypting pre-master secret key:
Client host generates pre-master secret key at random first;TCM modules generate interim secret key private key x at random, calculate interim
Secret key public key X=gx;
Then TCM client calls TCM modules SM2 Encryption Algorithm, with server end and the SSL certificate public key of client and
The public key for the cipher key pair that both sides' TCM modules generate calculates the shared session secret key seed of SM2 secret key agreement protocols;Further according to
Seed exports the encryption secret key of pre-master secret key.Specific calculation process is as follows:
(1) seed=SM2KE (PEKC,PEKS, Y, X), K1=kdf (' encryption', seed)
(2) a=senc (PreMasterSecret, K are calculated1), b=hmac (a, K2), sblob=(a, b)
Finally, client TCM modules return to X and Sblob to host, and X and Sblob are transmitted to server host by host, visitor
Family end main frame deletes interim secret key pair (x, X) simultaneously.
2) server end TCM modules use the encryption secret key kind of method generation pre-master secret key identical with client first
Son;Then the associated information calculation pre-master secret key that TCM modules are transmitted according to client, specific calculation process are as follows:
(1) 32 bytes before sblob are assigned to b, remaining byte is assigned to a
(2) verification b=hmac (a, K2),
(3) PreMasterSecret=sdec (a, K are calculated1),
It finally uses TCM modules to protect pre-master secret key using storage master key, while deleting the interim secret key pair generated at random.
2, the complete S SL agreements based on TCM include the following steps:
1) SSL clients are supported it by Client Hello message SSL versions, Encryption Algorithm, key, which exchange, to be calculated
The information such as method, hmac algorithms are sent to SSL service device.
2) SSL service device determines the SSL versions and encryption suite that this communication uses, and passes through Server Hello message
It notifies to give SSL clients.If SSL service device allows to reuse this session in the communication of SSL clients afterwards, SSL clothes
Business device can be that this session distributes session id, and is sent to SSL clients by Server Hello message.
3) SSL service device will carry the digital certificate PubKCert of oneself public key informationSWith server public key PubKSIt sends
Give SSL clients.
4) SSL service device is by the platform identity certificate PEKCert of itselfSWith corresponding platform identity public key PEKSIt is sent to
SSL clients.
5) server end encapsulation encapsulation SSL certificate information is m1:m1=(PubKS,PubKCertS);TCM certificate informations are
m2:m2=(PEKS,PEKCertS);.
6) server end calculates m1Cryptographic Hash hm1:hm1=hmac (m1);Calculate m2Cryptographic Hash hm2:hm2=hmac
(m2);Calculate m1、m2Cryptographic Hash hm12:hm12=hmac (m1||m2)。
7) server end generates signature key to KS、KP, server end carries out digital doubled sign and obtains DSS:DSS=aenc
(m12,KCS), TCM platform identities certificate and SSL certificate are associated together using digital doubled sign, this ssl protocol of table name
Particular platform environment is the information in TCM.
8) server end is KS, m1, DSSAnd m1Cryptographic Hash hm1It is sent to client TCM i.e. TCMC, such TCM can only obtain
To m2Hash Value, but cannot get m2;KP, m2, DSSAnd m2Cryptographic Hash hm2It is sent to client host HC, such HCIt can only
Obtain m1Hash Value and cannot get m1。
9) client validation server end SSL certificate PubKCertS。
10) client validation TCM platform identities certificate PEKCertS。
11) client carries out the certification of SSL certificate and TCM platform identity certificate correspondences:
Calculate hm12'=adec (DSS,KP);Calculate hm2=hmac (m2);Verify equation hm12=hmac (m1||m2) whether
It sets up, signs if setting up effective, continue following steps, otherwise terminate this agreement.
12) client sends PEKCAnd PEKCertCTo server, server authentication PEKCAnd PEKCertC。
13) server sends Server Hello Done message, and SSL client releases and encryption suite is notified to negotiate knot
Beam proceeds by key exchange.
14) server end HSCall TCM_CreateKeyExchange ();
Server TSAfter being connected to calling:
(1) secret key consulting session is created, it is random to generate session handle shdY
(2) interim secret key private key y is generated at random, calculates interim secret key public key Y=gy
(3) by interim secret key pair (y, Y) be stored in TCM and with handle shdYBinding;
TSReturn to Y, shdYTo HS, HSY is sent to client HC。
15) client HCA pre-master secret key PreMasterSecret is generated at random;
Client TCM, that is, TC:(1) interim secret key private key x is generated at random, calculates interim secret key public key X=gx
(2) seed=SM2KE (PEK are calculatedC,PEKS, Y, X),
K1=kdf (' encryption', seed),
K2=kdf (' intergrity', seed)
(3) a=senc (PreMasterSecret, K are calculated1),
B=hmac (a, K2), sblob=(a, b)
TCX and Sblob is returned to HC, HCX and Sblob are transmitted to HS, TCDelete interim secret key pair (x, X) simultaneously.
16) server end TS:(1) seed=SM2KE (PEK are calculatedB,PEKA, Y, X),
K1=kdf (' encryption', seed),
K2=kdf (' intergrity', seed)
(2) 32 bytes before sblob are assigned to b, remaining byte is assigned to a
(3) verification b=hmac (a, K2),
(4) PreMasterSecret=sdec (a, K are calculated1),
(5) main secret key protection PreMasterSecret=sdec (a, K are stored with SMK1):
KeyBlob=senc (PreMasterSecret, SMK).
17)OSCall TCM_ReleaseExchangeSessign (shdY), TSAfter being connected to calling, shd is deletedYIt is directed toward
Interim secret key pair (y, Y).
18)HSMaster key MasterSecret is calculated using the algorithm and parameter Ver_c, Ver_s that consult, then
HSCalculate the content and cryptographic Hash of Finished message:
MD5(MASTERSecret+Pad2+MD5(HandshakeMessages+MasterSecret+Pad1))
+SHA(MASTERSecret+Pad2+SHA(HandshakeMessages+MasterSecret+Pad1))
HandshakeMessages indicates that handshake information refers to the content since client hello message in formula, does not wrap
Include the information to the step including this message, Pad1And Pad2For byte of padding.
19) server HSTransmission ChangeCiperSpec, Finished give client HC.Client HCCalculate master key
MasterSecret=hmac (PreMasterSecret), HCCalculate the content of Finished message, Finished'=MD5
(MASTERSecret+Pad2+MD5(HandshakeMessages+MasterSecret+Pad1))+SHA(MASTERSecret+
Pad2+SHA(HandshakeMessages+MasterSecret+Pad1)) compare Finished' and Finished, identical expression
Message is not tampered with, and Finished' is also issued the end that server indicates entire handshake procedure by last client.
20) the Finished' message that server authentication client is sent can be exported if set up with piecemeal
MasterSecret。
3, improved ssl protocol safety analysis:
3.1 ssl protocol identification authentication securities are analyzed:
When there is attacker to pretend to be server identity, since the authentication information that server end is sent includes:Platform body
Part certificate PEKCertSWith platform identity public key PEKS.Platform identity key pair TCM internal datas such as register, Counter Value etc.
It is digitally signed, identity is proved with this.Attacker cannot get the above-mentioned data of TCM chip interiors, cannot also forge
Server identity certificate, to take precautions against identity attack.
3.2 ssl protocol conversation key safety transimiison analysis:
The cipher key interaction stage, due to the TCM modules of first aspect client and server generate temporary key to (x, X) and
(y, Y), by public key X and Y, the handle sed of private key x, yX、sedYHost is returned to, public key X, Y are issued into another party simultaneously, then
With temporary public key X, Y and TCM platform identity public key PEKC、PEKSFor parameter, given birth to using the SM2 key agreement protocols SM2KE of TCM
At the seed seed of session key PreMasterSecret, i.e. seed=SM2KE (PRKC,PEKS,X,Y)。
When attacker attempts to forge session key:
1) since attacker may not have TCM chips, it is difficult to support SM2 key agreement protocols, SM2KE cannot be carried out
(PEKC,PEKS, X, Y) and this step operation;
Even if 2) support SM2 key agreement protocols, due to cannot intercept the temporary key generated inside TCM to (x, X) and
(y, Y), platform identity public key PEKCAnd PEKS, while temporary key is deleted being finished, it is impossible to generate session key
Seed seed also can not just forge session key.
3) due to hash function one-way, session key can not be obtained by obtaining session key digest value.
Above-mentioned 3 points illustrate that the agreement after optimization can prevent the attack in session key stage.
Embodiment 1:
As shown in figure 3, the present invention provides the ssl protocol flow diagram based on TCM.The executive agent of example shown in Fig. 3
For server and client side.As shown in figure 3, the flow includes (client abbreviation C, server end abbreviation S):
1)C→S:ClinentHello (C, Verc_c, Ran_c, Suit_c) SSL clients are disappeared by ClientHello
The information such as the SSL versions that it is supported, Encryption Algorithm, Diffie-Hellman, hmac algorithms are sent to SSL service device by breath.
2)S→C:SeverHello (S, Ver_s, Ran_s, Suit_s), and 1) corresponding, SSL service device passes through
The information such as SSL versions, Encryption Algorithm, Diffie-Hellman, hmac algorithms that Server Hello message supports the ends Server
It is sent to SSL clients.
3)S→C:SSL service device carries out SSL certificate certification, will carry the digital certificate PubKCert of oneself public key informationS
With server public key PubKSIt is sent to SSL clients.
4)S→C:SSL service device carries out platform authentication, by the platform identity certificate PEKCert of itselfSWith corresponding platform
Identity public key PEKSIt is sent to SSL clients.
5)S:It is m that server end, which encapsulates TCM certificate informations,1:m1=(PEKS,PEKCertS);Encapsulating SSL certificate information is
m2:m2=(PubKS,PubKCertS)。
6)S:Server end calculates m1Cryptographic Hash hm1:hm1=hmac (m1);Calculate m2Cryptographic Hash hm2:hm2=hmac
(m2);Calculate m1、m2Cryptographic Hash hm12:hm12=hmac (m1||m2)。
7)S:Server end generates signature key to KS、KP, server end carries out digital doubled sign and obtains DSS:DSS=
aenc(m12,KCS), TCM platform identities certificate and SSL certificate are associated together using digital doubled sign, this time SSL is assisted table name
The particular platform environment of view is the information in TCM.
8)S→C:Server end is KS, m1, DSSAnd m1Cryptographic Hash hm1It is sent to client TCM i.e. TCMC, such TCM
It can only obtain m2Hash Value, but cannot get m2;KP, m2, DSSAnd m2Cryptographic Hash hm2It is sent to client host HC, in this way
HCIt can only obtain m1Hash Value and cannot get m1。
9)C:Client TCM carries out platform identity and the verification of SSL certificate correspondence:
Calculate hm12'=adec (DSS,KP);Calculate hm1=hmac (m1);Verify equation hm12=hmac (m1||m2) whether
It sets up, signs if setting up effective, continue following steps, otherwise terminate this agreement.
10)C:Client host carries out platform identity and the verification of SSL certificate correspondence:
Calculate hm12'=adec (DSS,KP);Calculate hm2=hmac (m2);Verify equation hm12=hmac (m1||m2) whether
It sets up, signs if setting up effective, continue following steps, otherwise terminate this agreement.
11)C:Client TCM verifies PEKSAnd PEKCertS。
12)C→S:Client sends PEKCAnd PEKCertCTo server, server authentication PEKCAnd PEKCertC。
13)S→C:Server sends Server Hello Done message, notifies SSL client releases and encryption suite association
Quotient terminates, and proceeds by key exchange.
14)S→C:Server end host HSCall TCM_CreateKeyExchange ();
Server TSAfter being connected to calling:
(1) secret key consulting session is created, it is random to generate session handle shdY
(4) interim secret key private key y is generated at random, calculates interim secret key public key Y=gy
(5) by interim secret key pair (y, Y) be stored in TCM and with handle shdYBinding;
TSReturn to Y, shdYTo HS, HSY is sent to client HC。
15)C→S:Client host HCA pre-master secret key PreMasterSecret is generated at random;
Client TCM, that is, TC:(1) interim secret key private key x is generated at random, calculates interim secret key public key X=gx
(4) seed=SM2KE (PEK are calculatedC,PEKS, Y, X),
K1=kdf (' encryption', seed),
K2=kdf (' intergrity', seed)
(5) a=senc (PreMasterSecret, K are calculated1),
B=hmac (a, K2), sblob=(a, b)
TCX and Sblob is returned to HC, HCX and Sblob are transmitted to HS, TCDelete interim secret key pair (x, X) simultaneously.
16)S:Server end TCM, that is, TS:(1) seed=SM2KE (PEK are calculatedB,PEKA, Y, X),
K1=kdf (' encryption', seed),
K2=kdf (' intergrity', seed)
(6) 32 bytes before sblob are assigned to b, remaining byte is assigned to a
(7) verification b=hmac (a, K2),
(8) PreMasterSecret=sdec (a, K are calculated1),
(9) main secret key protection PreMasterSecret=sdec (a, K are stored with SMK1):
KeyBlob=senc (PreMasterSecret, SMK).
17)S:The server end TCM owners call TCM_ReleaseExchangeSessign (shdY), TSIt is connected to calling
Afterwards, shd is deletedYThe interim secret key pair (y, Y) being directed toward.
18)S:Master key is calculated in the algorithm and parameter Ver_c, Ver_s that server end host computer consults
MasterSecret then calculates the content and cryptographic Hash of Finished message:
MD5(MASTERSecret+Pad2+MD5(HandshakeMessages+MasterSecret+Pad1))
+SHA(MASTERSecret+Pad2+SHA(HandshakeMessages+MasterSecret+Pad1))
HandshakeMessages indicates that handshake information refers to the content since client hello message in formula, does not wrap
Include the information to the step including this message, Pad1And Pad2For byte of padding.
19)S→C:Server HSTransmission ChangeCiperSpec, Finished give client HC.Client HCCalculate master
Key
MasterSecret=hmac (PreMasterSecret), HCThe content of Finished message is calculated,
Finished'=MD5 (MASTERSecret+Pad2+MD5(HandshakeMessages+MasterSecret+Pad1))+SHA
(MASTERSecret+Pad2+SHA(HandshakeMessages+MasterSecret+Pad1))
Compare Finished' and Finished, identical expression message is not tampered with, and last client is also by Finished'
Issue the end that server indicates entire handshake procedure.
20)S:The Finished' message that server authentication client is sent can be exported if set up with piecemeal
MasterSecret。
Claims (1)
1. a kind of ssl protocol based on TCM, which is characterized in that communicated for server and client side, flow includes following step
Suddenly, wherein client abbreviation C, server end abbreviation S,
1)C→S:ClinentHello (C, Verc_c, Ran_c, Suit_c) SSL clients will by ClientHello message
The SSL versions, Encryption Algorithm, Diffie-Hellman, hmac algorithm informations of its support are sent to SSL service device;
2)S→C:SeverHello (S, Ver_s, Ran_s, Suit_s), and 1) corresponding, SSL service device passes through Server
The SSL versions that the ends Server are supported, Encryption Algorithm, Diffie-Hellman, hmac algorithm informations are sent to SSL by Hello message
Client;
3)S→C:SSL service device carries out SSL certificate certification, will carry the digital certificate PubKCert of oneself public key informationSKimonos
Be engaged in device public key PubKSIt is sent to SSL clients;
4)S→C:SSL service device carries out platform authentication, by the platform identity certificate PEKCert of itselfSWith corresponding platform identity
Public key PEKSIt is sent to SSL clients;
5)S:It is m that server end, which encapsulates TCM certificate informations,1:m1=(PEKS,PEKCertS);Encapsulation SSL certificate information is m2:m2
=(PubKS,PubKCertS);
6)S:Server end calculates m1Cryptographic Hash hm1:hm1=hmac (m1);Calculate m2Cryptographic Hash hm2:hm2=hmac (m2);
Calculate m1、m2Cryptographic Hash hm12:hm12=hmac (m1||m2);
7)S:Server end generates signature key to KS、KP, server end carries out digital doubled sign and obtains DSS:DSS=aenc
(m12,KCS), TCM platform identities certificate and SSL certificate are associated together using digital doubled sign, this ssl protocol of table name
Particular platform environment is the information in TCM;
8)S→C:Server end is KS, m1, DSSAnd m1Cryptographic Hash hm1It is sent to client TCM i.e. TCMC, such TCM can only
Obtain m2Hash Value, but cannot get m2;KP, m2, DSSAnd m2Cryptographic Hash hm2It is sent to client host HC, such HCOnly
It can obtain m1Hash Value and cannot get m1;
9)C:Client TCM carries out platform identity and the verification of SSL certificate correspondence:
Calculate hm12'=adec (DSS,KP);Calculate hm1=hmac (m1);Verify equation hm12=hmac (m1||m2) whether true,
It signs if setting up effective, continues following steps, otherwise terminate this agreement;
10)C:Client host carries out platform identity and the verification of SSL certificate correspondence:
Calculate hm12'=adec (DSS,KP);Calculate hm2=hmac (m2);Verify equation hm12=hmac (m1||m2) whether true,
It signs if setting up effective, continues following steps, otherwise terminate this agreement;
11)C:Client TCM verifies PEKSAnd PEKCertS;
12)C→S:Client sends PEKCAnd PEKCertCTo server, server authentication PEKCAnd PEKCertC;
13)S→C:Server sends Server Hello Done message, and SSL client releases and encryption suite is notified to negotiate knot
Beam proceeds by key exchange;
14)S→C:Server end host HSCall TCM_CreateKeyExchange ();
Server TSAfter being connected to calling:
(1) secret key consulting session is created, it is random to generate session handle shdY
(2) interim secret key private key y is generated at random, calculates interim secret key public key Y=gy
(3) by interim secret key pair (y, Y) be stored in TCM and with handle shdYBinding;
TSReturn to Y, shdYTo HS, HSY is sent to client HC;
15)C→S:Client host HCA pre-master secret key PreMasterSecret is generated at random;
Client TCM, that is, TC:(1) interim secret key private key x is generated at random, calculates interim secret key public key X=gx
(2) seed=SM2KE (PEK are calculatedC,PEKS, Y, X),
K1=kdf (' encryption', seed),
K2=kdf (' intergrity', seed)
(3) a=senc (PreMasterSecret, K are calculated1),
B=hmac (a, K2), sblob=(a, b)
TCX and Sblob is returned to HC, HCX and Sblob are transmitted to HS, TCDelete interim secret key pair (x, X) simultaneously;
16)S:Server end TCM, that is, TS:(1) seed=SM2KE (PEK are calculatedB,PEKA, Y, X),
K1=kdf (' encryption', seed),
K2=kdf (' intergrity', seed)
(2) 32 bytes before sblob are assigned to b, remaining byte is assigned to a
(3) verification b=hmac (a, K2),
(4) PreMasterSecret=sdec (a, K are calculated1),
(5) main secret key protection PreMasterSecret=sdec (a, K are stored with SMK1):
KeyBlob=senc (PreMasterSecret, SMK);
17)S:The server end TCM owners call TCM_ReleaseExchangeSessign (shdY), TSAfter being connected to calling, delete
Except shdYThe interim secret key pair (y, Y) being directed toward;
18)S:Master key is calculated in the algorithm and parameter Ver_c, Ver_s that server end host computer consults
MasterSecret then calculates the content and cryptographic Hash of Finished message:
MD5(MASTERSecret+Pad2+MD5(HandshakeMessages+MasterSecret+Pad1))+SHA
(MASTERSecret+Pad2+SHA(HandshakeMessages+MasterSecret+Pad1)) in formula
HandshakeMessages indicates that handshake information refers to the content since client hello message, not including this message
To the information of the step, Pad1And Pad2For byte of padding;
19)S→C:Server HSTransmission ChangeCiperSpec, Finished give client HC.Client HCCalculate master key
MasterSecret=hmac (PreMasterSecret), HCCalculate the content of Finished message, Finished'=
MD5(MASTERSecret+Pad2+MD5(HandshakeMessages+MasterSecret+Pad1))+SHA
(MASTERSecret+Pad2+SHA(HandshakeMessages+MasterSecret+Pad1)) compare Finished' and
Finished, identical expression message are not tampered with, and Finished' is also issued server expression and entirely shaken hands by last client
The end of journey;
20)S:The Finished' message that server authentication client is sent can be exported if set up with piecemeal
MasterSecret。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810222609.1A CN108377186A (en) | 2018-03-19 | 2018-03-19 | A kind of ssl protocol based on TCM |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810222609.1A CN108377186A (en) | 2018-03-19 | 2018-03-19 | A kind of ssl protocol based on TCM |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108377186A true CN108377186A (en) | 2018-08-07 |
Family
ID=63018976
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810222609.1A Pending CN108377186A (en) | 2018-03-19 | 2018-03-19 | A kind of ssl protocol based on TCM |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108377186A (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109214221A (en) * | 2018-08-23 | 2019-01-15 | 武汉普利商用机器有限公司 | A kind of identity card reader verification method, host computer and identity card reader |
CN110298183A (en) * | 2019-06-26 | 2019-10-01 | 浪潮金融信息技术有限公司 | A kind of method of cascade protection data safety |
CN111740844A (en) * | 2020-06-24 | 2020-10-02 | 上海缔安科技股份有限公司 | SSL communication method and device based on hardware cryptographic algorithm |
CN112019500A (en) * | 2020-07-15 | 2020-12-01 | 中国科学院信息工程研究所 | Encrypted traffic identification method based on deep learning and electronic device |
CN112383917A (en) * | 2020-10-21 | 2021-02-19 | 华北电力大学 | Beidou secure communication method and system based on quotient and secret algorithm |
CN113014613A (en) * | 2019-12-20 | 2021-06-22 | 北京华耀科技有限公司 | Data transmission system and method for realizing SSL unloading session multiplexing based on TLS1.3 protocol |
CN113347010A (en) * | 2021-08-05 | 2021-09-03 | 深圳市财富趋势科技股份有限公司 | Mutual authentication method and device based on SSL-TLS protocol |
CN113422683A (en) * | 2021-03-04 | 2021-09-21 | 上海数道信息科技有限公司 | Edge cloud cooperative data transmission method, system, storage medium and terminal |
CN113593576A (en) * | 2021-08-30 | 2021-11-02 | 北京声智科技有限公司 | Voice interaction device, system and method, cloud server and storage medium |
CN114172679A (en) * | 2021-06-23 | 2022-03-11 | 上海电力大学 | Electric power data security encryption transmission method based on state cryptographic algorithm |
CN115296847A (en) * | 2022-07-06 | 2022-11-04 | 杭州涂鸦信息技术有限公司 | Flow control method and device, computer equipment and storage medium |
-
2018
- 2018-03-19 CN CN201810222609.1A patent/CN108377186A/en active Pending
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109214221A (en) * | 2018-08-23 | 2019-01-15 | 武汉普利商用机器有限公司 | A kind of identity card reader verification method, host computer and identity card reader |
CN110298183A (en) * | 2019-06-26 | 2019-10-01 | 浪潮金融信息技术有限公司 | A kind of method of cascade protection data safety |
CN110298183B (en) * | 2019-06-26 | 2021-07-20 | 浪潮金融信息技术有限公司 | Method for protecting data security in grading manner |
CN113014613A (en) * | 2019-12-20 | 2021-06-22 | 北京华耀科技有限公司 | Data transmission system and method for realizing SSL unloading session multiplexing based on TLS1.3 protocol |
CN113014613B (en) * | 2019-12-20 | 2022-10-11 | 北京华耀科技有限公司 | Data transmission system and method for realizing SSL unloading session multiplexing based on TLS1.3 protocol |
CN111740844A (en) * | 2020-06-24 | 2020-10-02 | 上海缔安科技股份有限公司 | SSL communication method and device based on hardware cryptographic algorithm |
CN112019500B (en) * | 2020-07-15 | 2021-11-23 | 中国科学院信息工程研究所 | Encrypted traffic identification method based on deep learning and electronic device |
CN112019500A (en) * | 2020-07-15 | 2020-12-01 | 中国科学院信息工程研究所 | Encrypted traffic identification method based on deep learning and electronic device |
CN112383917A (en) * | 2020-10-21 | 2021-02-19 | 华北电力大学 | Beidou secure communication method and system based on quotient and secret algorithm |
CN113422683A (en) * | 2021-03-04 | 2021-09-21 | 上海数道信息科技有限公司 | Edge cloud cooperative data transmission method, system, storage medium and terminal |
CN114172679A (en) * | 2021-06-23 | 2022-03-11 | 上海电力大学 | Electric power data security encryption transmission method based on state cryptographic algorithm |
CN114172679B (en) * | 2021-06-23 | 2023-12-01 | 上海电力大学 | Power data security encryption transmission method based on cryptographic algorithm |
CN113347010B (en) * | 2021-08-05 | 2021-11-05 | 深圳市财富趋势科技股份有限公司 | Mutual authentication method and system based on SSL-TLS protocol |
CN113347010A (en) * | 2021-08-05 | 2021-09-03 | 深圳市财富趋势科技股份有限公司 | Mutual authentication method and device based on SSL-TLS protocol |
CN113593576A (en) * | 2021-08-30 | 2021-11-02 | 北京声智科技有限公司 | Voice interaction device, system and method, cloud server and storage medium |
CN115296847A (en) * | 2022-07-06 | 2022-11-04 | 杭州涂鸦信息技术有限公司 | Flow control method and device, computer equipment and storage medium |
CN115296847B (en) * | 2022-07-06 | 2024-02-13 | 杭州涂鸦信息技术有限公司 | Flow control method, flow control device, computer equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108377186A (en) | A kind of ssl protocol based on TCM | |
US11757662B2 (en) | Confidential authentication and provisioning | |
CN102624740B (en) | A kind of data interactive method and client, server | |
WO2016180264A1 (en) | Method and apparatus for acquiring an electronic file | |
CN109361668A (en) | A kind of data trusted transmission method | |
WO2019020051A1 (en) | Method and apparatus for security authentication | |
US20090307486A1 (en) | System and method for secured network access utilizing a client .net software component | |
US20030081774A1 (en) | Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure | |
CN105704690B (en) | The method and system of the hidden close communication of short message based on hand-set digit fingerprint authentication | |
JP2016525838A (en) | ENCRYPTED COMMUNICATION METHOD AND ENCRYPTED COMMUNICATION SYSTEM | |
KR101879758B1 (en) | Method for Generating User Digital Certificate for Individual User Terminal and for Authenticating Using the Same Digital Certificate | |
CN109379387A (en) | Safety certification and data communication system between a kind of internet of things equipment | |
CN101978650A (en) | A system and method of secure network authentication | |
CN106788989A (en) | A kind of method and apparatus for setting up safe encryption channel | |
TW201537937A (en) | Unified identity authentication platform and authentication method thereof | |
US20180013832A1 (en) | Health device, gateway device and method for securing protocol using the same | |
CN114143117B (en) | Data processing method and device | |
Huang et al. | A secure communication over wireless environments by using a data connection core | |
CN113904767A (en) | System for establishing communication based on SSL | |
CN110572392A (en) | Identity authentication method based on HyperLegger network | |
CN107104888A (en) | A kind of safe instant communicating method | |
CN113545004A (en) | Authentication system with reduced attack surface | |
CN114866244B (en) | Method, system and device for controllable anonymous authentication based on ciphertext block chaining encryption | |
JP2005175992A (en) | Certificate distribution system and certificate distribution method | |
CN115333779A (en) | Method and device for verifying data and electronic equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180807 |
|
RJ01 | Rejection of invention patent application after publication |