인터넷 환경에서 가장 많이 사용되는 전송 중 암호화 기술인 SSL/TLS 에 대한 설명입니다. TLS 는 2022년 현재 1.3 버전이 가장 최신버전이며 주요 기업 및 기관에서는 보안 강화 및 사용자 경험 개선을 위해 1.3 버전을 권고하고 있습니다. TLS 의 각 버전별 Handshake 방식과 적용되는 기술들이 어떻게 다른지 살펴보세요.

1. SSL/TLS Deep Dive
신 은 수
Security Specialist Solutions Architect

2. Secure Socket Layer
Transport Layer Security

3. Transport Layer Security
1994 — SSLv2
1995 — SSLv3
1999 — TLS 1.0
2006 — TLS 1.1
2008 — TLS 1.2
2018 — TLS 1.3

4. 키 교환(비대칭키 교환)
세션을 시작할 때 암호화에 사용될 키를 교환하기 위한 방식을 정의
메시지 암호화(대칭키)
상호간의 데이터 전송 시 사용될 암호화 방식을 정의
메시지 인증
데이터의 무결성 검증을 위한 단방향 해쉬
RSA
DHE_RSA
ECDH(E)_RSA
ECDH(E)_ECDSA
AES
DES/3DES
RC4
Camellia
MD5
SHA

5. 비밀키 공개키
전자서명(부인방지) 암호화
로널드 라이베스트(Ron Rivest), 아디 샤미르(Adi Shamir), 레너드 애들먼(Leonard Adleman)
소인수분해에 기반한 대표적인 공개키 암호화 알고리즘
암호화 및 전자 서명에 사용 가능

6. 서명을 통한 인증/무결성 확인
Subnet: Owner Name
End-Entity Certificate
Owner Public Key
Issuer Name
Issuer Signature
Subject: Owner Name
Intermediate Certificate
Owner Public Key
Issuer Name
Issuer Signature
Subject: Owner Name
Root CA Certificate
Owner Public Key
Issuer Signature
발급자 확인
발급자 확인
Certificate 의 Signature 무결성 체크
Certificate 의 유효성 체크(만료 여부 확인)
Certificate 의 폐기 여부 확인(CRL, OCSP)
Certificate 의 발급자 확인(Issuer, Subject 확인)
서명을 통한 인증/무결성 확인

7. End-Entity Certificate
Root CA
Intermediate CA
Root CA
Subordinate CA
End-Entity Certificate
Intermediate CA
Subordinate CA
Cross Signing

8. TLS_ -AES128-GCM-SHA256
Signature
Algorithm Mode of
operation
MAC &
Hash size
Key
Exchange/
Agreement
Protocol
Key
size
Cipher

9. TLS Handshake

10. Client Hello
Client Random Number
Server Random Number
Premaster Key
Master Key(공유키)
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished

11. ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
o Master Key 생성에 사용될 Random Number 생성
Client Random Number
Client Side Key Material
Server Side Key Material

12. ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
o 공유키 생성에 사용될 Random Number 생성
Client Side Key Material
Server Side Key Material
Client Random Number
Client Random Number
Server Random Number
o Cipher Suite 는 Client 와 Server 가 모두 지원하는 Cipher Suite
중 최상위의 것을 선택

13. ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
Client Side Key Material
Server Side Key Material
Client Random Number
Client Random Number
Server Random Number
o 서버의 인증서를 클라이언트에 전송

14. ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate Request
ServerKeyExchange
Server Hello Done
Client Side Key Material
Server Side Key Material
Client Random Number
Client Random Number
Server Random Number
o Client Certificate 요청

15. ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
Client Side Key Material
Server Side Key Material
Client Random Number
Client Random Number
Server Random Number
o 서버의 DH 키 정보를 클라이언트에 전송(옵션)

16. ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
Client Side Key Material
Server Side Key Material
Client Random Number
Client Random Number
Server Random Number
o Server Hello 가 완료되었음을 명시

17. Certificate
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
Client Side Key Material
Server Side Key Material
Client Random Number
Client Random Number
Server Random Number
Server Random Number
o Client Certificate 전송

18. ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
Client Side Key Material
Server Side Key Material
Client Random Number
Client Random Number
Server Random Number
o 클라이언트의 키 정보를 클라이언트에 전송(옵션)
o Premaster Key 를 생성
Server Random Number
Premaster Key
공유키
o C.R + S.R + Premaster Key 를 이용해 공유키 생성
o Premaster Key 를 서버의 공개키로 암호화 후 전송
o 인증서 확인(CA, CN, Expiration Date)

19. Certificate Verify
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
Client Side Key Material
Server Side Key Material
Client Random Number
Server Random Number
o Certificate Verify 전송 – 디지털 사인(인증서 소유를 증명)
Client Random Number
Server Random Number
Premaster Key
공유키

20. ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
Client Side Key Material
Server Side Key Material
Client Random Number
Server Random Number
o 비대칭키에서 공유키로 암호키 전환을 알림
Client Random Number
Server Random Number
Premaster Key
공유키

21. ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
Client Side Key Material
Server Side Key Material
Client Random Number
Client Random Number
Server Random Number
Server Random Number
Premaster Key
공유키
o MAC 전송
o Handshake 전체에 대한 HASH 값 전송
o 공유키를 통해 암호화

22. ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
Client Side Key Material
Server Side Key Material
Client Random Number
Server Random Number
Premaster Key
공유키
o C.R + S.R + Premaster Key 를 이용해 공유키 생성
o 비대칭키에서 공유키로 암호키 전환을 알림
o Premaster Key 를 서버의 비밀키로 복호화
Client Random Number
Server Random Number
Premaster Key
공유키

23. ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
o MAC 전송
o Handshake 전체에 대한 HASH 값 전송
Client Side Key Material
Server Side Key Material
Client Random Number
Server Random Number
Premaster Key
공유키
o 공유키를 통해 암호화
Client Random Number
Server Random Number
Premaster Key
공유키

24. Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
DH Client Private
Client Side Key Material
Server Side Key Material
DH Client Public
DH Server Private
공유키
DH Server Public
공유키

25. ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
First Round Trip Time
Second Round Trip Time

26. Renegotiation vs Resumption

27. ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
TLS Full Handshake TLS Renegotiation
ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
Client Renego Request
Server Renego Request

28. ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
TLS Full Handshake TLS Abbreviated handshake

29. P F S

30. RSA 키 교환 방식의 문제점
ClientKeyExchange
Finished
ChangeCipherSpec
ChangeCipherSpec
Finished
Client Hello
Server Hello
Certificate
ServerKeyExchange
Server Hello Done
o Premaster Key 를 생성
o Premaster Key 를 서버의 공개키로 암호화
공격자는 Handshake 트래픽과 Server 의 Private Key 를 탈취하면 모든 트래픽을 복호화 가능
Client Random Number Server Random Number Premaster Key

31. Public Subnet
RSA 키 교환 방식의 문제점
VPC
Instance
사용자
암호문 암호문 암호문 암호문
복호화에 동일한 비밀키 필요
Client Random Number Server Random Number Premaster Key
핸드쉐이크 트래픽과 Private Key 를 획득하면 대칭키 생성 가능
생성된 대칭키를 이용하여 기존에 생성된 모든 암호문에 대한 복호화 가능

32. Diffie Helman – 모듈러 연산
Client Server
x - Private Key y – Private Key
X = g^x mod n(Public Key) Y = g^y mod n (Public Key)
K = Y^x mod n K’ = X^y mod n
= = mod
mod
( ) ( )
공개키 비밀키 공개키 비밀키
공유키
Server Public Key Client Public Key
모듈러 연산에 기반한 공개키/비밀키 생성 및 교환 후 공유키 생성

33. Diffie Helman Ephemeral
= = mod
mod
( ) ( )
공개키 비밀키 공개키 비밀키
공유키
Forward Secrecy
Diffie Helman
Diffie Helman Ephemeral
= = mod
mod
( ) ( )
공개키 비밀키 공개키 비밀키
공유키
Forward Secrecy

34. Elliptic Curve Cryptography

35. Elliptic Curve 암호 – 타원곡선
노출된 값 P 와 비밀키 d 를 연산하여 공개키 Q 를 얻는 것은 쉬움
노출된 값(P, 공개키 Q) 를 이용하여 비밀키 d 를 얻는 것은 어려움

36. ( )
Elliptic Curve – 대수 곡선/타원곡선
Client Server
x𝐴 - Private Key(난수) 𝑘𝐵 – Private Key(난수)
𝑃𝐴 = 𝑘𝐴P(Public Key) 𝑃𝐵 = 𝑘𝐵P(Public Key)
K = 𝑘𝐴𝑃𝐵 K’ = 𝑘𝐵𝑃𝐴
= = ,
, ( )
공개키 비밀키 공개키 비밀키
공유키
Server Public Key Client Public Key
𝑘𝐴 = 𝑘𝐵 = ∈{1,...,𝑛−1}∈{1,...,n−1}
이산대수 연산 기법에 기반한 공개키/비밀키 생성 및 교환 후 공유키 생성

37. Elliptic Curve Diffie Helman Ephemeral
Forward Secrecy
EC Diffie Helman
EC Diffie Helman Ephemeral
Forward Secrecy
( ) = = ,
, ( )
공개키 비밀키 공개키 비밀키
공유키
( ) = = ,
, ( )
공개키 비밀키 공개키 비밀키
공유키

38. Mutual TLS(mTLS)

39. Private CA #1 Private CA #2
Root CA #1 Cert Root CA #2 Cert
Client 인증서 Server 인증서
ECS Service A ECS Service B
Envoy Proxy Envoy Proxy
Root CA #2
Trust Chain
Root CA #1
Trust Chain
Client 인증서 Server 인증서
Client Hello
Server Hello
Certificate
Client Cert Req
Server Done
Client Certificate
Root CA #1 Cert
Client 인증서
암호화된 Private Key
Root CA #1 Cert
Client 인증서
암호화된 Private Key
Private Key 비밀번호
AWS Certificate Manager
AWS App Mesh
1 2
3
8
7
6
5
4
AWS Lambda Private Key PassPhrase
9
12
11
Secrets Manager
Cert 관련 정보 내보내기
Cert 관련 정보 가져오기
10
Root CA#2 Certificate Server Certificate/Key
To Envoy File System

40. Why TLS 1.3?

42. Bleichenbacher 1998
Vaudenay 2002
Boneh/Brumley 2003
Marsh Ray Attack 2009
Renegotiation DoS 2011
BEAST 2011
CRIME 2012
Lucky13 2013
POODLE 2014
HEARTBLEED 2014
Triple Handshake 2014
Lucky Microseconds 2015
Jager 2015
DROWN 2016
SLOTH 2016

43. 구성 요소의 간소화(Clean up)
지연 속도 개선(Latency)
프라이버시 개선(Privacy)
연속성 보장(Continuity)
보안(Security)
Reserved Instances
Make a 1 or 3-year commitment
and receive a
off On-Demand prices
Committed &
steady-state usage

44. 키 교환 알고리즘
RSA
암호화 알고리즘
RC4
3DES
Camellia
해쉬 알고리즘
MD5
SHA-1
Cipher Mode
AES-CBC
Compression
Renegotiation
Static RSA/DH
Custom (EC)DHE Group
Custom Curve
Vaudenay 2002
Boneh/Brumley 2003
BEAST 2011
Lucky13 2013
POODLE 2014
Lucky Microseconds 2015
Bleichenbacher 1998
Jager 2015 DROWN 2016
CRIME 2012
Marsh Ray Attack 2009
Renegotiation DoS 2011
Triple Handshake 2014
SLOTH 2016
No Forward Secrecy
No Forward Secrecy
Vulnerable
Vulnerable

45. TLS_
AEAD Cipher Mode HKDF Hash
알고리즘
Protocol Cipher
*HKDF = HMAC-based Key Derivation Function
*Authenticated Encryption with Associated Data

46. TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_CCM_SHA256
TLS_AES_128_CCM_8_SHA256

47. TLS 1.3 Handshake

48. Finished
Finished
Client Hello
Server Hello
Client Key Share
Client Pre Shared Key*
Server Key Share
Server Pre Shared Key*
Server Certificate
Server Cert Verify
Certificate Request*
Client Certificate*
Client Cert Verify*
Encrypted Extension

49. Client Side Key Material
Server Side Key Material
Finished
Finished
Client Hello
Server Hello
Client Key Share
Server Key Share
Server Pre Shared Key*
Server Certificate
Server Cert Verify
Certificate Request*
Client Certificate*
Client Cert Verify*
o 256bit Nonce 값 생성 후 전송
o Key Share – ECDH Public 값 전송
Client Pre Shared Key*
ECDH Client Private
ECDH Client Public

50. Finished
Finished
Client Hello
Client Key Share
Client Certificate*
Client Cert Verify*
Client Pre Shared Key*
ECDH Client Private
Client Side Key Material
Server Side Key Material
o Key Share – 재전송 요청
ECDH Client Public
Hello Retry

51. Finished
Finished
Client Hello
Client Key Share
Client Certificate*
Client Cert Verify*
Client Pre Shared Key*
ECDH Client Private
Client Side Key Material
Server Side Key Material
Hello Retry
Client Hello
Client Key Share
Client Pre Shared Key*
o 256bit Nonce 값 생성 후 전송
o Key Share – ECDH Public 값 전송
ECDH Client Public

52. Finished
Finished
Client Hello
Client Key Share
Client Certificate*
Client Cert Verify*
Client Pre Shared Key*
ECDH Client Private
Client Side Key Material
Server Side Key Material
o 256bit Nonce 값 생성 후 전송
o Key Share – ECDH Public 값 전송
ECDH Client Public
ECDH Server Private
ECDH Server Public
공유키
Server Hello
Server Key Share
Server Pre Shared Key*
Server Certificate
Server Cert Verify
Certificate Request*
o Client 인증서 요청(옵션)

53. Client Side Key Material
Server Side Key Material
Finished
Client Hello
Client Key Share
Client Certificate*
Client Cert Verify*
Client Pre Shared Key*
Server Hello
Server Key Share
Server Pre Shared Key*
Server Certificate
Server Cert Verify
Certificate Request*
o Handshake 에 대한 HASH 값 전송
Finished
ECDH Client Private
ECDH Client Public
ECDH Server Private
ECDH Server Public
공유키

54. Finished
Client Hello
Client Key Share
Client Pre Shared Key*
Server Hello
Server Key Share
Server Pre Shared Key*
Server Certificate
Server Cert Verify
Certificate Request*
ECDH Client Private
Client Side Key Material
Server Side Key Material
ECDH Server Public
공유키
o 인증서 검증
o ECDH Client Public, ECDH Server Private 을 이용 공유키 생성
o Handshake 에 대한 HASH 값 전송
Finished
Client Certificate*
Client Cert Verify*
o Client Certificate 전송
o Client Certificate Verify 전송 ECDH Client Public
ECDH Server Private
공유키

55. Finished
Finished
Client Hello
Server Hello
Client Key Share
Client Pre Shared Key*
Server Key Share
Server Pre Shared Key*
Server Certificate
Server Cert Verify
Certificate Request*
Client Certificate*
Client Cert Verify*
Encrypted Extension
First Round Trip Time

56. Finished
Finished
Client Hello
Server Hello
Client Key Share
Client Pre Shared Key
Server Key Share
Server Pre Shared Key
PSK 혹은 PSK w/ Key Share

57. Finished
Finished
Client Hello
Server Hello
Client Key Share
Client Pre Shared Key
Server Key Share
Server Pre Shared Key
GET /index.html
200 OK

58. 효율성 개선
옵션의 축소
너무나 많은 Extension
호환성 보장을 위한 복잡도 증가

59. 감사합니다!