Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
TLS 1.3自作入門 / tls13
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Mako
August 09, 2021
Technology
1.3k
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
TLS 1.3自作入門 / tls13
seccamp2019 LT大会での発表内容
Mako
August 09, 2021
More Decks by Mako
See All by Mako
マイナンバーカードの暗号技術とセキュリティ
tex2e
2
3k
SELinuxで堅牢化する / selinux
tex2e
3
1.8k
プロトコルの形式的安全性検証ツールProVerif / proverif
tex2e
0
1.4k
マイナンバーカードで署名する / mynumbercard
tex2e
2
3.5k
Other Decks in Technology
See All in Technology
スタートアップにAmazon EKSは早すぎる? マルチプロダクト戦略を加速する Platform Engineeringの実践 / Is Amazon EKS Too Soon for Startups? Practical Platform Engineering to Accelerate a Multi-Product Strategy
elmodev09
1
1.8k
PostgreSQL 19 新機能概要 OSC Hokkaido 2026
nori_shinoda
0
240
AIチャット検索改善の3週間
kworkdev
PRO
2
170
フィジカル版Github Onshapeの紹介
shiba_8ro
0
320
コミットの「なぜ」を読む
ota1022
0
120
[チョークトーク資料]AWS DevOps Agent を使いこなす / AWS Dev Ops Agent Chalk Talk AWS Summit Japan 2026
kinunori
4
770
気軽に使える"情報のハブ"としてのNotion活用 〜フロー情報の集積点 と、 Claude Code × Notion AI〜
syucream
1
180
AIネイティブな開発のサプライチェーンリスク対策 〜激動の開発現場でリスクに立ち向かう〜【ZennFes】
cscengineer
PRO
2
160
[AWS Summit Japan 2026]迷っているあなたへ_小さな一歩が、やがて自分を助けてくれる
sh_fk2
2
400
WebGIS AI Agentの紹介
_shimizu
0
550
Comment regagner la souveraineté de vos données tout en étant payé grâce à Nostr !
rlifchitz
0
200
OTel × Datadog で 「AI活用」を計測し、改善に繋げる
shihochan
2
630
Featured
See All Featured
Facilitating Awesome Meetings
lara
57
7k
Breaking role norms: Why Content Design is so much more than writing copy - Taylor Woolridge
uxyall
0
330
So, you think you're a good person
axbom
PRO
2
2.1k
What’s in a name? Adding method to the madness
productmarketing
PRO
24
4.1k
Tell your own story through comics
letsgokoyo
1
960
Chasing Engaging Ingredients in Design
codingconduct
0
230
A Guide to Academic Writing Using Generative AI - A Workshop
ks91
PRO
1
330
sira's awesome portfolio website redesign presentation
elsirapls
0
280
The Language of Interfaces
destraynor
162
27k
svc-hook: hooking system calls on ARM64 by binary rewriting
retrage
2
310
Art, The Web, and Tiny UX
lynnandtonic
304
22k
The Organizational Zoo: Understanding Human Behavior Agility Through Metaphoric Constructive Conversations (based on the works of Arthur Shelley, Ph.D)
kimpetersen
PRO
0
370
Transcript
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ NͰͰ͖Δ! TLS 1.3ࣗ࡞ೖ @tex2e ηΩϡϦςΟɾΩϟϯϓશࠃେձ 2019 LT େձ
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ ࠓͷ͓ TLS 1.3
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ TLSͱ ௨৴͢Δ 2 ਓ͜Ε·Ͱʹձͬͨ͜ͱ͕ͳ͘ɺ ҆શͰͳ͍௨৴࿏Λͬͨͱͯ͠ɺ ҆શʹΓͱΓ͕Ͱ͖Δ
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ ҆શͳ௨৴࿏ͱ... • ਅਖ਼ੑ • ௨৴૬ख͕ຊͰ͋Δ͜ͱΛ֬ೝͰ͖Δ • (αʔόূ໌ॻʹΑΔೝূ ... X.509 Cert, PKI) • ػີੑ • ݖݶΛ࣋ͭਓ͚͕ͩΞΫηεͰ͖Δ • (௨৴༰ͷ҉߸Խ ... AES, ChaCha20) • શੑ • վ͟Μ͞Εͳ͍ • (ೝূ͖҉߸ʹΑΔվ͟Μݕ ... AEAD)
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ TLSͷϋϯυγΣΠΫ • Handshake • Ͳͷ҉߸εΠʔτΛ͏͔ܾΊΔ • ެ։ݤ҉߸Λ༻͍ͯݤڞ༗͢Δ • ূ໌ॻΛͬͯೝূ͢Δ • Application Data • ڞ௨ݤ҉߸Λ༻͍ͯ҉߸Խ͢Δ • HTTP Λ҉߸Խͨ͠σʔλͳͲ Open Socket Handshake Application Data Close Socket
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ TLS 1.3ͷΓͱΓ Client Server Client Hello Server Hello Application Data
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ ϓϩάϥϚͷ3େʮᅂΈʯ • ࣗ࡞ OS • ࣗ࡞ίϯύΠϥ (ϓϩάϥϛϯάݴޠ) • ࣗ࡞ϓϩτίϧελοΫ (TCP/IP, TLS) ˞ॾઆ͋Γ
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ TLSͲ͏ͬͯ࡞Δͷ? RFCΛಡΉ
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ TLS 1.3 (RFC 8446)
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ ߏମͱόΠτྻͷ૬ޓม ม ෮ݩ
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ ࣮ͷྲྀΕ TLS ͷΓͱΓͷ࣮ɿ 1. ιέοτ௨৴ 2. ϝοηʔδͷߏମͱόΠτྻͷ૬ޓม TLS ͷΓͱΓͷதͷ࣮ɿ 1. ପԁۂઢ Diffie-Hellman ݤڞ༗ 2. HKDF ʹΑΔݤεέδϡʔϦϯά 3. ೝূ͖҉߸ (AEAD) 4. X.509 ূ໌ॻ
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ TLS 1.3ͷ࠷৽ಈ (Server/Client)
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ TLS 1.3ͷ࠷৽ಈ (QUIC) UDP ͰίωΫγϣϯཱ֬ͱ TLS 1.3 ཱ֬Λಉ࣌ʹߦ͏ TCP + TLS 1.3 Client Server SYN SYN + ACK ACK Client Hello Server Hello Application Data QUIC (HTTP/3) Client Server QUIC QUIC QUIC Application Data
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ TLS 1.3ࣗ࡞ָ͍͚͠Ͳ͍͠ • จॻ΄ͱΜͲӳޠ • ҉߸ٕज़ͷج൫ͱͳΔֶͷࣝ • ωοτϫʔΫٕज़ͷࣝ • RFC ೖॻͰͳ͍ͷͰॳֶऀʹݫ͍͠
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ 30Ͱ TLS 1.3 ࡞Εͳ͍Α
༧උࣝ ࣮ ࠷৽ಈ ·ͱΊ ͓ΘΓ
ࢀߟจݙ I RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3. IETF, August 2018. Andy Brodie: Overview of TLS v1.3. OWASP, 2017. URL https://www.owasp.org/images/d/d3/TLS_v1.3_ Overview_OWASP_Final.pdf SSL Labs: SSL Pulse. Qualys, Inc, June 2019. URL https://www.ssllabs.com/ssl-pulse/ @Fyrd, @Lensco: Can I use... URL https://caniuse.com/ IETF Draft: “QUIC: A UDP-Based Multiplexed and Secure Transport”. URL https://tools.ietf.org/ html/draft-ietf-quic-transport-22
ࢀߟจݙ II Alessandro Ghedini: The Road to QUIC. Cloudflare, Inc, 2018. URL https://blog.cloudflare.com/the-road-to-quic/ խ ࢁຊ: TCP/IP ϓϩτίϧελοΫࣗ࡞ೖ. KLab Inc, 2018. URL https://www.slideshare.net/ pandax381/tcpip-105857327 Ivan Risti´ c ஶ, ᜊ౻ಓ ༁: ϓϩϑΣογϣφϧ SSL/TLS. ϥϜμϊʔτ, 2018.