patents.google.com

CN109302369B - Data transmission method and device based on key verification - Google Patents

️Tue Mar 16 2021

CN109302369B - Data transmission method and device based on key verification - Google Patents

Data transmission method and device based on key verification Download PDF

Info

Publication number

CN109302369B

CN109302369B CN201710606031.5A CN201710606031A CN109302369B CN 109302369 B CN109302369 B CN 109302369B CN 201710606031 A CN201710606031 A CN 201710606031A CN 109302369 B CN109302369 B CN 109302369B Authority

China

Prior art keywords

server

client

key

digital certificate

information

Prior art date

2017-07-24

Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)

Active

Application number

CN201710606031.5A

Other languages

Chinese (zh)

Other versions

CN109302369A (en

Inventor

杨洋

苗辉

Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)

Guizhou Baishancloud Technology Co Ltd

Original Assignee

Guizhou Baishancloud Technology Co Ltd

Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)

2017-07-24

Filing date

2017-07-24

Publication date

2021-03-16

2017-07-24 Application filed by Guizhou Baishancloud Technology Co Ltd filed Critical Guizhou Baishancloud Technology Co Ltd

2017-07-24 Priority to CN201710606031.5A priority Critical patent/CN109302369B/en

2019-02-01 Publication of CN109302369A publication Critical patent/CN109302369A/en

2021-03-16 Application granted granted Critical

2021-03-16 Publication of CN109302369B publication Critical patent/CN109302369B/en

Status Active legal-status Critical Current

2037-07-24 Anticipated expiration legal-status Critical

Images

Classifications

- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

Engineering & Computer Science (AREA)
Computer Security & Cryptography (AREA)
Computer Networks & Wireless Communication (AREA)
Signal Processing (AREA)
Computer Hardware Design (AREA)
Computing Systems (AREA)
General Engineering & Computer Science (AREA)
Computer And Data Communications (AREA)
Storage Device Security (AREA)

Abstract

The invention discloses a method and a device based on key verification, wherein the method comprises the following steps: the server side sends the digital certificate information to the client side, and sends the summary information of the digital certificate information and the combined unique identification value containing the handshake information context information identification and the digital certificate information identification to the key server; the key server determines a private key corresponding to the digital certificate information according to the summary information, signs the combined unique identification value by using the private key, sends the signature value to the server side, and the server side sends the signature value to the client side; and after the client side verifies that the signature value is legal by using the public key corresponding to the digital certificate information, the client side and the server side perform data interaction. The method and the system solve the problem that the private key is required to be deployed to a server which executes TLS1.3 handshake between a front end and a client, and deploy the private key and the certificate to different devices, so that the server cannot read the content of the private key, the probability of disclosure of the private key is reduced, and the safety of the private key is ensured.

Description

Data transmission method and device based on key verification

Technical Field

The invention relates to the technical field of internet, in particular to a data transmission method and device based on key verification.

Background

A handshake link exists in the current Secure Socket Layer (SSL)/Transport Layer Security (TLS) protocols (including the following versions: SSL3.0, TLS1.0, TLS1.1 and TLS 1.2).

The main idea of the solution method without private key proposed for SSL/TLS protocols of TLS1.2 and previous versions (SSL3.0, TLS1.0, TLS1.1) in some related technologies in the prior art is to perform processing based on a specific protocol flow in the protocol handshake process, so as to achieve the purpose that a server does not need to deploy private key text locally.

In other related technologies, in the handshake link, server sides of two handshake parties need to use a private key corresponding to a digital certificate to complete the handshake. Wherein the digital certificate and its corresponding private key are deployed onto a server providing a service, thereby completing a handshake phase specified in the SSL/TLS protocol. The method for using the private key by the server side is determined according to a specific handshake algorithm, and mainly comprises two modes of private key decryption and private key signature.

Fig. 1 is a schematic diagram of a handshake procedure using private key decryption in the prior art, and the procedure includes:

step 101, the client sends a client hello message to the server.

Step 102, the server sends a server hello message, a Certificate (Certificate), and a server hello complete message to the client.

103, the client encrypts the PreMasterSecret message by using the public key in the certificate;

step 104, the client includes the encrypted information in a client key exchange (ClientKeyExchange) message and sends the client to the server.

And 105, the server side decrypts the encrypted PreMasterSecret message by using a private key corresponding to the certificate to obtain the PreMasterSecret.

And

step

106, the server side and the client side generate a symmetric key by using the same PreMasterSecret.

Step 107, the server and the client respectively send ChangeCipherSpec and Finished (Finished) messages to the other side, and respectively verify the messages of the other side.

And step 108, the server and the client encrypt data by using the negotiated symmetric key and transmit the data.

Fig. 2 is another schematic flow chart of a handshake procedure using private key decryption in the prior art, which includes:

step 201, the client sends a client hello message to the server.

Step 202, the server sends a server hello message, a Certificate (Certificate), and a server hello complete message to the client.

In step 203, the client encrypts the PreMasterSecret message with the public key in the certificate.

In step 204, the client includes the encrypted information in a client key exchange (ClientKeyExchange) message and sends the client to the server.

In step 205, the server parses the client key exchange (ClientKeyExchange) message to obtain the encrypted PreMasterSecret and sends the PreMasterSecret to the key server, and the key server decrypts the encrypted PreMasterSecret by using the private key corresponding to the certificate and sends the PreMasterSecret to the server.

step

206, the server and the client use the same PreMasterSecret to generate a symmetric key.

And step 207, the server side and the client side respectively send ChangeCipherSpec and Finished messages to the opposite side and respectively verify the messages of the opposite side.

And step 208, the server and the client encrypt data by using the negotiated symmetric key and transmit the encrypted data.

Fig. 3 is a schematic diagram of a handshake procedure using private key signature in the prior art, and the procedure includes:

step 301, the client sends a client hello message to the server.

Step 302, the server sends a server hello message and a Certificate (Certificate) to the client.

Step 303, the server signs the selected DH or EC (elliptic curve) parameter with a private key to obtain a signature value.

Step 304, the server side places the parameter and the signature value thereof in a server side key exchange (ServerKeyExchange) message and sends the message to the client side.

Step 305, the server sends a server hello complete (ServerHelloDone) message to the client.

In step 306, the client sends a client key exchange (ClientKeyExchange) message to the server.

Step

307, the server and the client generate a symmetric key based on the same DH or EC parameters.

Step 308, the server and the client respectively send ChangeCipherSpec and Finished (Finished) messages to the other side, and respectively verify the messages of the other side.

And 309, encrypting and transmitting data by using the negotiated symmetric key by the server and the client.

Fig. 4 is another schematic diagram of a handshake procedure using private key signature in the prior art, and the procedure includes:

step 401, the client sends a client hello message to the server.

Step 402, the server sends a server hello message and a Certificate (Certificate) to the client.

In step 403, the server side sends the signature parameters (DH or EC (elliptic curve)) to the key server.

Step 404, the key server signs the signature parameter by using a private key corresponding to the certificate;

step 405, the key server sends the signature value to the server;

step 406, the server sets the signature parameter and the signature value in a server key exchange (ServerKeyExchange) message, and sends the message to the client.

Step 407, the server sends a server hello done message to the client.

In step 408, the client sends a client key exchange (ClientKeyExchange) message to the server.

Step 409, the server and the client respectively send ChangeCipherSpec and Finished messages to the other side and respectively verify the messages of the other side.

And step 410, the server and the client encrypt data by using the negotiated symmetric key and transmit the encrypted data.

Because the TLS1.2 and the previous protocol version are very different from the TLS1.3 protocol, and the protocol flows are not compatible, the existing method has no way to be applied to the TLS1.3 protocol. Moreover, the private key corresponding to the certificate is deployed to the server directly connected with the client, so that the following problems exist:

1) copies of the private key are widely available in multiple servers, and the possibility of exposure of the private key to attacks increases.

2) For CDNs and other types of network service providers, as the services of the SSL/TLS protocol are provided by these vendors, the user providing the service provider with the private key increases the potential for private key leakage.

The TLS1.3 protocol is a vast variation from previous versions of the protocol, including but not limited to the following:

1) the RSA handshake as a whole no longer supports the sequence of flows shown in fig. 1 and 2

2) Remove the ClientKeyExchange and ServerKeyExchange messages

3) Remove the ServerHelloDone message

4) Removing ChangeCipherSpec message

5) Method for DHE/ECDHE handshake to no longer use related parameters for signature

6) The server starts using the CertificateVerify message (this message can only be used by the client before TLS1.2)

In summary, due to the huge change of the protocol itself, neither of the above two (RSA and DH) types of remote private key usage methods can be applied to TLS1.3, that is, from both the server and the key server, if the handshake between the client and the server is TLS1.3, the server cannot communicate with the key server, or even cannot correctly process the data to be sent to the key server. The key server cannot properly process the received data.

Although the latest TLS1.3 protocol (draft stage) is very different from the existing standardized SSL/TLS protocol, both key exchange procedures (and corresponding no-private key deployment methods) are no longer applicable.

FIG. 5 is a diagram illustrating a data transmission flow applied to the TLS1.3 protocol in the prior art; the process comprises the following steps:

in step 501, the client generates a client shared key (key _ share), and determines a signature algorithm (signature _ algorithm). The client initiates the TLS1.3 handshake, sending a client hello message to the server with the client shared key and signature algorithm (signature _ algorithm) in this message.

In step 502, the server receives a client hello message, and parses a client shared key (key _ share) and a signature algorithm (signature _ algorithm) from the message. The server generates a server shared key, and sends a server hello message to the client, wherein the server shared key is carried in the message.

In step 503, the client and the server both generate a Handshake key (Handshake Secret) and an application key (ApplicationSecret) according to the shared key received from the other party and the method specified in the TLS1.3 protocol.

In step 504, the server selects appropriate digital Certificate information (including a digital Certificate and a Certificate chain thereof) according to a signature algorithm (signature _ algorithm) supported by the client, sends a Certificate (Certificate) message to the client, where the message carries the digital Certificate information, and encrypts the message using the Handshake key (Handshake Secret) generated in step 503.

Step 505, the server determines a combined hash value of the Handshake Context (Handshake Context) and the hash value of the Certificate (Certificate) message, signs with a private key corresponding to the digital Certificate, and sends the signed data (i.e. signature value) to the client, where the signed data is carried in the Certificate confirmation (Certificate verification) message. Wherein the Handshake Context (handwake Context) comprises interactive messages from the client hello message up to the Certificate message.

In step 506, the server encrypts the merged hash value by using the Handshake key (handbreak Secret) generated in step 503, and sends the encrypted merged hash value to the client in a Finished message.

In step 507, the client verifies the validity of the signature value carried in the certificate verification (CertificateVerify) message received from the server by using the public key in the digital certificate, and if the verification is passed, the client and the server generate a Finished (Finished) message in the same way and send the Finished message to the server.

In step 508, the client and the server encrypt and transmit subsequent Application layer data using the Application key (Application Secret) generated in step 503.

The existing data transmission process applied to the TLS1.3 protocol has the problem that a private key is easy to leak, and the existing process needs to be improved to ensure the security of the private key.

Disclosure of Invention

In order to solve the technical problem, the invention provides a method and a device based on key verification.

The data transmission method based on the key verification comprises the following steps:

the server side sends the digital certificate information to the client side, and sends the summary information of the digital certificate information and the combined unique identification value containing the handshake information context information identification and the digital certificate information identification to the key server;

the key server determines a private key corresponding to the digital certificate information according to the digest information, signs the combined unique identification value by using the private key, and sends a signature value to the server side, and the server side sends the signature value to the client side;

and after the client side verifies that the signature value is legal by using the public key corresponding to the digital certificate information, the client side and the server side carry out data interaction.