쥐스킨트의 작은 서재

Session Initiation Protocol

The Session Initiation Protocol (SIP) is acommunications protocol for signaling and controlling multimedia communicationsessions. The most common applications of SIP are in Internet telephony forvoice and video calls, as well as instant messaging, over Internet Protocol(IP) networks.

The protocol defines the messages that aresent between endpoints, which govern establishment, termination and otheressential elements of a call. SIP can be used for creating, modifying andterminating sessions consisting of one or several media streams. SIP is anapplication layer protocol designed to be independent of the underlyingtransport layer. It is a text-based protocol, incorporating many elements ofthe Hypertext Transfer Protocol (HTTP) and the Simple Mail Transfer Protocol(SMTP).

SIP works in conjunction with several otherapplication layer protocols that identify and carry the session media. Media identificationand negotiation is achieved with the Session Description Protocol (SDP). Forthe transmission of media streams (voice, video) SIP typically employs theReal-time Transport Protocol (RTP) or Secure Real-time Transport Protocol(SRTP). For secure transmissions of SIP messages, the protocol may be encryptedwith Transport Layer Security (TLS).

Proxy server

In computer networks, a proxy server is aserver (a computer system or an application) that acts as an intermediary forrequests from clients seeking resources from other servers. A client connectsto the proxy server, requesting some service, such as a file, connection, webpage, or other resource available from a different server and the proxy serverevaluates the request as a way to simplify and control its complexity. Proxieswere invented to add structure and encapsulation to distributed systems. Today,mots proxies are web proxies, facilitating access to content on the World WideWeb and providing anonymity.

Uses

Monitoringand filtering

-      Content-control software

A content-filtering web proxy server provides administrative controlover the content that may be relayed in one or both directions through theproxy. It is commonly used in both commercial and non-commercial organizations(especially schools) to ensure that Internet usage conforms to acceptable usepolicy.

A content filtering proxy will often support user authentication, tocontrol web access. It also usually produces logs, either to give detailed information about the URLs accessedby specific users, or to monitor bandwidth usage statistics. It may alsocommunicate to daemon-based and/or ICAP-based antivirus software to providesecurity against virus and other malware by scanning incoming content in realtime before it enters the network. 

-      Filtering of encrypted data

Web filtering proxies are not able to peer inside secure socketsHTTP transactions, assuming the chain-of-trust of SSL/TLS has not beentampered with.

The SSL/TLS chain-of-trust relies on trusted root certificateauthorities. In a workplace setting where the client is managed by theorganization, trust might be granted to a root certificate whose private key isknown to the proxy. Consequently, a root certificate generated by the proxy isinstalled into the browser CA list by IT staff.

In such situations, proxy analysis of the contents of a SSL/TLStransaction becomes possible. The proxy is effectively operating a man-in-the-middle attack, allowed by the client’s trust of a root certificate theproxy owns.

-      Bypassing filters and censorship

If the destination server filters content based on the origin of therequest, the use of a proxy can circumvent this filter. For example, a serverusing IP-based geolocation to restrict its service to a certain country can beaccessed using a proxy located in that country to access the service.

Transport Layer Security

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as “SSL”, are cryptographic protocols that provide communication security over a computer network. Several versions of the protocols are in widespread use in applications such as web browsing, email, Internet faxing, instant messaging, and voice-over-IP (VoIP). Major web sites use TLS to secure all communications between their servers and web browsers.

The primary goal of the Transport Layer Security protocol is to provide privacy and data integrity between two communicating computer applications. When secured by TLS, connections between a client (e.g., a web browser) and a server (e.g., Wikipedia.org) have one or more of the following properties:

-      The connection is private because symmetric cryptography is used to encrypt the data transmitted. The keys for this symmetric encryption are generated uniquely for each connection and are based on a shared secret negotiated at the start of the session. The server and client negotiate the details of which encryption algorithm and cryptographic keys to use before the first byte of data is transmitted. The negotiation of a shared secret is both secure (the negotiated secret is unavailable to eavesdroppers and cannot be obtained, even by an attacker who places himself in the middle of the connection) are reliable (no attacker can modify the communications during the negotiation without being detected).

-      The identity of the communicating parties can be authenticated using public-key cryptography. This authentication can be made optional, but is generally required for at least one of the parties (typically the server).

-      The connection is reliable because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission.

In addition to the properties above, careful configuration of TLS can provide additional privacy-related properties such as forward secrecy, ensuring that any future disclosure of encryption keys cannot be used to decrypt any TLS communication recorded in the past.

TLS supports many different methods for exchanging keys, encrypting data, and authenticating message integrity. As a result, secure configuration of TLS involves many configurable parameters, and not all choices provide all of the privacy-related properties described in the list above.

Attempts have been made to subvert aspects of the communications security that TLS seeks to provide and the protocol has been revised several times to address these security threats. Web browsers have also been revised by their developers to defend against potential security weaknesses after these were discovered.

The TLS protocol is composed of two layers: the TLS record protocol and the TLS handshake protocol.

Description

Client-server applications use the TLS protocol to communicate across a network in a way designed to prevent eavesdropping and tampering.

Since protocols can operate either with or without TLS (or SSL), it is necessary for the client to indicate to the server the setup of a TLS connection. There are two main ways of achieving this. One option is to use a different port number for TLS connections (for example, port 443 for HTTPS). The other is for the client to use a protocol-specific mechanism (for example, STARTTLS for mail and news protocols) to request that the server switch the connection to TLS.

Once the client and server have agreed to use TLS, they negotiate a stateful connection by using a handshaking procedure. During this handshaking, the client and server agree on various parameters used to establish the connection’s security:

-      The handshake begins when a client connects to a TLS-enabled server requesting a secure connection and presents a list of supported cipher suites.

-      From this list, the server picks a cipher and hash function that it also supports and notifies the client of the decision.

-      The server usually the sends back its identification in the form of a digital certificate. The certificate contains the server name, the trusted certificate authority (CA) and the server’s public encryption key.

-      The client confirms the validity of the certificate before proceeding.

-      To generate the session keys used for the secure connection, the client either:

n  Encrypts a random number with the server’s public key and sends the result to the server (which only the server should be able to decrypt with its private key); both parties then use the random number to generate a unique session key for subsequent encryption and decryption of data during the session

n  Uses Diffie-Hellman key exchange to securely generate a random and unique session key for encryption and decryption that has the additional property of forward secrecy: if the server’s private key is disclosed in future, it cannot be used to decrypt the current session, even if the session is intercepted and recorded by a third party.

This concludes the handshaking and begins the secured connection, which is encrypted and decrypted with the session key until the connection closes. If any one of the above steps fail, the TLS handshake fails, and the connection is not created.

TLS and SSL are defined as ‘operating over some reliable transport layer’, which places them as application layer protocol in the TCP/IP reference model and as presentation layer protocols in the OSI model. The protocols sued a handshake with an asymmetric cipher to establish cipher settings and a shared key for a session; the rest of the communication is encrypted using a symmetric cipher and the session key.

From: https://en.wikipedia.org/wiki/Transport_Layer_Security

Handshaking

In information technology, telecommunications, and related fields, handshaking is an automated process of negotiation that dynamically sets parameters of a communications channel established between two entities before normal communication over the channel begins. If follows the physical establishment of the channel and precedes normal information transfer.

The handshaking process usually takes place in order to establish rules for communication when a computer sets about communicating with a foreign device. When a computer communicates with another device like a modem, printer, or network server, it needs to handshake with it to establish a connection.

Handshaking can negotiate parameters that are acceptable to equipment and systems at both ends of the communication channel, including information transfer rate, coding alphabet, parity, interrupt procedure, and other protocol or hardware features. Handshaking is a technique of communication between two entities. However, within TCP/IP RFCs, the term “handshake” is most commonly used to reference the TCP three-way handshake. For example, the term “handshake” is not present in RFCs covering FTP or SMTP. One exception is Transport Layer Security, TLS, setup, FTP RFC 4217. In place of the term “handshake”, FTP RFC 3659 substitutes the term “conversation” for the passing of commands.

A simple handshaking protocol might only involve the receiver sending a message meaning “I received your last message and I am ready for you to send me another one.” A more complex handshaking protocol might allow the sender to ask the receiver if it is ready to receiveor for the receiver to reply with a negative acknowledgement meaning “I did not receive your last message correctly, please resend it”.

Handshaking facilitates connecting relatively heterogeneous systems or equipment over a communication channel without need for human intervention to set parameter.

-      TCP three-way handshake: Establishing a normal TCP connection requires three separate steps:
1. The first host (Alice) sends the second host (Bob) a “synchronize” (SYZ) message with its own sequence number x, which Bob receives.
2. Bob replies with a synchronize-acknowledgement (SYZ+ACK) message with its own sequence number Y and acknowledgement numberx+1, which Alice receives.
3. Alice replies with an acknowledgment message with acknowledgement number y+1, which Bob receives and to which he doesn’t need to reply.
In this setup, the synchronize messages act as service requests from one server to the other, while the acknowledgement messages return to the requesting server to let it know the message was received.
One of the most important factors of three-way handshake is that, in order to exchange the starting sequence number the two sides plan to use, the client first sends a segment with its own initial sequence number x, then the server responds by sending a segment with its own sequence number y and the acknowledgement number x+1, and finally the client responds by sending a segment with acknowledgement number y+1.
The reason for the client and server not using the default sequence number such as 0 for establishing connection is to protect against two incarnations of the same connection reusing the same sequence number too soon, which means a segment from an earlier incarnation of a connection might interfere with a later incarnation of the connection.

-      SMTP: The Simple Mail Transfer Protocol (SMTP) is the key Internet standard for email transmission. It includes handshaking to negotiate authentication, encryption and maximum message size.

-      TLS handshake: When a Transport Layer Security (SSL or TLS) connection starts, the record encapsulates a “control” protocol – the handshake messaging protocol (content type 22). This protocol isused to exchange all the information required by both sides for the exchange ofthe actual application data by TLS. It defines the messages formatting or containing this information and the order of their exchange. These may vary according to the demands of the client and server – i.e., there are several possible procedures to set ip the connection. This initial exchange results in a successful TLS connection (both parties ready to transfer application datawith TLS) or an alert message (as specified below).
The protocol is used to negotiate the secure attributes of a session.

Handshaking

In telephone communication, handshaking is the exchange of information between two modems and the resulting agreement about which protocol to use that precedes each telephone connection. You can hear the handshaking in those crunching and other sounds when you make a dial-out call from your computer.

From: https://en.wikipedia.org/wiki/Handshaking

From: http://searchnetworking.techtarget.com/definition/ handshaking