SITCON_2022_R2_終結網路剪刀手：安全鄰居發現_cdE9SKeoYQ.srt

1
00:02:00,000 --> 00:02:04,000
的一個協定

2
00:02:04,000 --> 00:02:11,000
DHCP 就是大家拿來動態分配 IP 的一個協定

3
00:02:11,000 --> 00:02:14,000
那這三個有什麼問題呢

4
00:02:14,000 --> 00:02:21,000
因為這三個東西全部都沒有經過任何驗證

5
00:02:21,000 --> 00:02:28,000
所以就變成說任何人都可以以任何人的身份去發送這些封包

6
00:02:28,000 --> 00:02:34,000
那 A 傳給 B C 也可以傳給 B 說我是 A

7
00:02:34,000 --> 00:02:37,000
那這樣就會造成很多很多問題

8
00:02:37,000 --> 00:02:40,000
然後 DHCP 的部分是

9
00:02:40,000 --> 00:02:44,000
他可以無止盡的去要求 IP 之類的

10
00:02:44,000 --> 00:02:49,000
把你的 DHCP 的 IP 池全部用光

11
00:02:49,000 --> 00:02:52,000
那就是上面寫的 DHCP starvation

12
00:02:52,000 --> 00:02:55,000
那 DHCP spoofing 就是他可以

13
00:02:55,000 --> 00:03:00,000
可能偽裝成惡意的 DHCP

14
00:03:00,000 --> 00:03:09,000
那這都會造成你在 Layer 3 就面臨到很大的安全問題

15
00:03:09,000 --> 00:03:11,000
雖然是在區網內

16
00:03:11,000 --> 00:03:15,000
但是現在隨著 Wall from home 的趨勢

17
00:03:15,000 --> 00:03:18,000
你現在很多 VPN 一直連

18
00:03:18,000 --> 00:03:19,000
全部都連進內網

19
00:03:19,000 --> 00:03:21,000
那你的內網也變得逐漸不安全

20
00:03:21,000 --> 00:03:25,000
所以內網的安全好像也越來越受到重視

21
00:03:25,000 --> 00:03:30,000
那演進到 IPv6

22
00:03:30,000 --> 00:03:36,000
就沒有 ARP ICMP DHCP 分開來了

23
00:03:36,000 --> 00:03:41,000
他取而代之的是有個叫 Nehaver Discovery Protocol NDP

24
00:03:41,000 --> 00:03:44,000
然後他是一種 ICMP 沒錯

25
00:03:44,000 --> 00:03:46,000
不過是 ICMPv6

26
00:03:47,000 --> 00:03:52,000
然後他定義了五種 ICMP 的訊息

27
00:03:52,000 --> 00:03:57,000
這個等一下會提到這五個訊息到底是幹嘛用的

28
00:03:57,000 --> 00:04:02,000
大家稍微瞄一下他的結構就好

29
00:04:02,000 --> 00:04:09,000
然後首先先講 Nehaver Solicitation

30
00:04:09,000 --> 00:04:11,000
我們簡稱 NS

31
00:04:11,000 --> 00:04:13,000
後面都講縮寫就好

32
00:04:13,000 --> 00:04:15,000
不然太難念了

33
00:04:15,000 --> 00:04:20,000
然後他有點類似 ICMP 的功能

34
00:04:20,000 --> 00:04:24,000
他可以多播給整個網路

35
00:04:24,000 --> 00:04:29,000
然後讓大家去回應你說誰存在

36
00:04:29,000 --> 00:04:33,000
那也可以主動去問某一個

37
00:04:33,000 --> 00:04:36,000
去問你存在嗎

38
00:04:36,000 --> 00:04:41,000
那他的用途跟 ARP 類似

39
00:04:41,000 --> 00:04:48,000
他的回應都會拿到對方的 L2 的 address

40
00:04:48,000 --> 00:04:51,000
然後也可以拿來檢測 IP 衝突

41
00:04:51,000 --> 00:04:55,000
因為假如你對一個 IP 發 NS

42
00:04:55,000 --> 00:04:57,000
結果發現有人回你

43
00:04:57,000 --> 00:05:00,000
那就代表說有人在用這個 IP

44
00:05:00,000 --> 00:05:04,000
那就代表 IP 有衝突

45
00:05:04,000 --> 00:05:07,000
然後 NA 就是回應 NS 用的

46
00:05:07,000 --> 00:05:10,000
表達該 IP 存活的一個訊息類別

47
00:05:10,000 --> 00:05:15,000
然後他裡面的 payload 會附帶自己的 L2 address

48
00:05:15,000 --> 00:05:19,000
然後他也可以主動定期發送

49
00:05:19,000 --> 00:05:21,000
告知這個網路我還存在

50
00:05:21,000 --> 00:05:26,000
然後 RS

51
00:05:26,000 --> 00:05:29,000
那個就是變成 Router 版的

52
00:05:29,000 --> 00:05:34,000
就是他要找願意幫你轉送封包的 Gateway

53
00:05:35,000 --> 00:05:41,000
然後 RA 就是回應 RS 說

54
00:05:41,000 --> 00:05:46,000
我這個 Router 我願意幫你轉送封包出去

55
00:05:46,000 --> 00:05:48,000
然後他也可以主動廣播

56
00:05:48,000 --> 00:05:51,000
然後讓大家知道這裡有個 Gateway

57
00:05:51,000 --> 00:05:53,000
大家可以轉送他出去

58
00:05:53,000 --> 00:05:59,000
然後這通常主機如果只有找到一個 RA 的話

59
00:05:59,000 --> 00:06:01,000
他就會把它設成 Default Gateway

60
00:06:01,000 --> 00:06:03,000
合理

61
00:06:03,000 --> 00:06:06,000
然後第五個是 Redirect

62
00:06:06,000 --> 00:06:08,000
那他是表達

63
00:06:08,000 --> 00:06:11,000
這是一個 Router 說他想要推薦你

64
00:06:11,000 --> 00:06:14,000
另外一個 Router 當作你的下一跳

65
00:06:14,000 --> 00:06:16,000
就是 Gateway 的話

66
00:06:16,000 --> 00:06:18,000
那他就會發這個訊息

67
00:06:18,000 --> 00:06:20,000
但是這是推薦而已

68
00:06:20,000 --> 00:06:22,000
他沒有強制說你一定要去 Router2

69
00:06:22,000 --> 00:06:26,000
你還是可以跟 Router1 繼續通訊

70
00:06:27,000 --> 00:06:33,000
那這些一樣存在的 IPV 是有的問題

71
00:06:33,000 --> 00:06:35,000
他依然沒有任何驗證方式

72
00:06:35,000 --> 00:06:38,000
所以他一樣可以做 Spoofing

73
00:06:38,000 --> 00:06:40,000
就是偽造

74
00:06:40,000 --> 00:06:42,000
那他一樣也可以做 DOS

75
00:06:42,000 --> 00:06:44,000
因為他一樣沒有驗證

76
00:06:44,000 --> 00:06:46,000
你一樣可以去回應說

77
00:06:46,000 --> 00:06:48,000
每個 IP 都衝突

78
00:06:48,000 --> 00:06:52,000
每個 IP 都存在

79
00:06:56,000 --> 00:06:58,000
那有人一定會問

80
00:06:58,000 --> 00:07:02,000
IPVO 當初規格有說 IPsec

81
00:07:02,000 --> 00:07:06,000
然後後來他把它改成可選的 Optional

82
00:07:06,000 --> 00:07:09,000
那為什麼不用 IPsec 呢

83
00:07:09,000 --> 00:07:13,000
IPsec 其實有蠻多問題的

84
00:07:13,000 --> 00:07:17,000
他是一個隱私加密導向的東西

85
00:07:17,000 --> 00:07:20,000
就是他是拿來做 VPN

86
00:07:20,000 --> 00:07:22,000
那如果用在區網上

87
00:07:22,000 --> 00:07:25,000
他就有點殺雞用牛刀

88
00:07:25,000 --> 00:07:29,000
在區網上你並不需要加密去傳輸

89
00:07:29,000 --> 00:07:33,000
這些 IP 的交流過程

90
00:07:33,000 --> 00:07:35,000
就是 NDP 的過程

91
00:07:35,000 --> 00:07:36,000
你不需要加密他

92
00:07:36,000 --> 00:07:38,000
你只是要確保他不可否認

93
00:07:38,000 --> 00:07:39,000
就是那是對方發出的

94
00:07:39,000 --> 00:07:41,000
不是有人仿冒他發出的

95
00:07:41,000 --> 00:07:43,000
然後確保訊息的完整性

96
00:07:43,000 --> 00:07:46,000
就是確保他做 A 座操作

97
00:07:46,000 --> 00:07:49,000
傳到你手上還是正確的

98
00:07:49,000 --> 00:07:53,000
那 IPsec 他第一個是加密

99
00:07:53,000 --> 00:07:56,000
因為他的效能已經不佳了

100
00:07:56,000 --> 00:07:59,000
他不適合用在 NDP 上面

101
00:07:59,000 --> 00:08:01,000
然後第二個是設定複雜

102
00:08:01,000 --> 00:08:03,000
你需要先知道 pre-share key

103
00:08:03,000 --> 00:08:06,000
然後之後你還要 IKE

104
00:08:06,000 --> 00:08:11,000
就是那個什麼公司要交換什麼的

105
00:08:11,000 --> 00:08:16,000
然後你還要用其他驗證方式去驗證你的身份

106
00:08:16,000 --> 00:08:20,000
那這對於一個我只是想要插到網路上

107
00:08:20,000 --> 00:08:23,000
然後就可以用的電腦來說

108
00:08:23,000 --> 00:08:25,000
這個非常的複雜

109
00:08:25,000 --> 00:08:27,000
然後也不適用於幾百台

110
00:08:27,000 --> 00:08:30,000
因為幾百台的話你的網管可能就要設定

111
00:08:30,000 --> 00:08:34,000
有幾百個的設定檔

112
00:08:34,000 --> 00:08:41,000
所以就到我們今天這個東西的用意了

113
00:08:41,000 --> 00:08:47,000
SE-ND 是他相容於原本的 NDP

114
00:08:47,000 --> 00:08:54,000
那他的做法是他新增多個 NDP 的 Message Options

115
00:08:54,000 --> 00:08:58,000
那這張圖剛才大家可能有看過

116
00:08:58,000 --> 00:09:00,000
我剛才放在下面

117
00:09:00,000 --> 00:09:02,000
那他就是最後一個

118
00:09:02,000 --> 00:09:04,000
他就是更一些選項

119
00:09:04,000 --> 00:09:08,000
他就可以讓你讓之後的協定

120
00:09:08,000 --> 00:09:13,000
去把額外資料塞在這個 Message Options 裡面

121
00:09:13,000 --> 00:09:19,000
那他就塞了這六個

122
00:09:19,000 --> 00:09:21,000
其實後來好像不只這六個

123
00:09:21,000 --> 00:09:23,000
還有更多

124
00:09:27,000 --> 00:09:32,000
反正那些 Message Options 就是定義了一些新的資料格式

125
00:09:32,000 --> 00:09:35,000
那不用管那個資料格式長怎樣

126
00:09:35,000 --> 00:09:39,000
反正你要知道的是裡面資料到底是幹嘛用的

127
00:09:39,000 --> 00:09:47,000
那首先這個東西這個 SEND 到底為什麼可以防禦

128
00:09:47,000 --> 00:09:51,000
那個剛才所說的仿冒啊 DOS 的問題

129
00:09:51,000 --> 00:09:55,000
那首先他先用了數位簽章達成不可否認性

130
00:09:55,000 --> 00:09:59,000
就是那個 A 發的你一定知道是 A 發的

131
00:09:59,000 --> 00:10:00,000
不會是 B 發的

132
00:10:00,000 --> 00:10:02,000
因為你有數位簽章

133
00:10:02,000 --> 00:10:03,000
私鑰只有他有

134
00:10:03,000 --> 00:10:05,000
除非他的私鑰被偷了

135
00:10:05,000 --> 00:10:07,000
那第二個是雜湊

136
00:10:07,000 --> 00:10:12,000
他用雜湊把 IP 跟公鑰綁在一起

137
00:10:12,000 --> 00:10:13,000
那這是怎麼做到的

138
00:10:13,000 --> 00:10:15,000
等一下會講

139
00:10:15,000 --> 00:10:17,000
好第三個是信任憑證鏈

140
00:10:17,000 --> 00:10:21,000
就是你封包要經過 Router 的時候

141
00:10:21,000 --> 00:10:23,000
你要找一個 Gateway

142
00:10:23,000 --> 00:10:27,000
那你要如何找一個合法

143
00:10:27,000 --> 00:10:30,000
然後你信任的 Gateway 就是一個問題了

144
00:10:31,000 --> 00:10:37,000
所以他用引入了憑證鏈的機制

145
00:10:37,000 --> 00:10:42,000
然後首先我們要先講一個叫

146
00:10:42,000 --> 00:10:44,000
又要講一個新名詞叫 CGA

147
00:10:44,000 --> 00:10:52,000
那 CGA 是剛才說的雜湊的一環

148
00:10:52,000 --> 00:10:55,000
他是一個顧名思義

149
00:10:55,000 --> 00:10:56,000
他是一個 address

150
00:10:56,000 --> 00:10:58,000
他最後是 address

151
00:10:58,000 --> 00:11:01,000
所以他是一個 IPv6 地址

152
00:11:01,000 --> 00:11:03,000
那他是用雜湊生成的

153
00:11:03,000 --> 00:11:06,000
目的就是要綁定 IP 跟公鑰

154
00:11:06,000 --> 00:11:07,000
那怎麼綁定呢

155
00:11:07,000 --> 00:11:11,000
等一下會稍微講解一下他的演算法

156
00:11:11,000 --> 00:11:13,000
那這樣的好處是

157
00:11:13,000 --> 00:11:19,000
你不需要像一般的機構一樣

158
00:11:19,000 --> 00:11:21,000
一般的憑證一樣

159
00:11:21,000 --> 00:11:23,000
你需要架一個 PKI

160
00:11:23,000 --> 00:11:25,000
還是你要架一個

161
00:11:25,000 --> 00:11:27,000
反正就是 CA 之類的東西

162
00:11:27,000 --> 00:11:32,000
他會利用剛才講到的

163
00:11:32,000 --> 00:11:33,000
其中一個 message option

164
00:11:33,000 --> 00:11:35,000
叫 CGA option

165
00:11:35,000 --> 00:11:37,000
傳遞這個 parameters

166
00:11:37,000 --> 00:11:44,000
然後要怎麼產生這個地址

167
00:11:44,000 --> 00:11:47,000
就會提到 CGA generation

168
00:11:47,000 --> 00:11:48,000
就是他的一個演算法

169
00:11:48,000 --> 00:11:50,000
那他的演算法是固定的

170
00:11:50,000 --> 00:11:53,000
你輸入一樣的參數

171
00:11:53,000 --> 00:11:56,000
那他的輸入就永遠是同一個地址

172
00:11:56,000 --> 00:11:59,000
輸入不同的也有可能是同一個

173
00:11:59,000 --> 00:12:02,000
那就是發生雜湊碰撞

174
00:12:02,000 --> 00:12:04,000
Hash correlation

175
00:12:04,000 --> 00:12:07,000
然後他還引入了一些

176
00:12:07,000 --> 00:12:10,000
Proof of Work POW 的機制

177
00:12:10,000 --> 00:12:13,000
要提高暴力破解的難度

178
00:12:13,000 --> 00:12:15,000
那講那麼多

179
00:12:15,000 --> 00:12:16,000
看一下

180
00:12:16,000 --> 00:12:18,000
他的 input 跟 output 很簡單

181
00:12:18,000 --> 00:12:22,000
那首先他第一步

182
00:12:22,000 --> 00:12:24,000
他有分兩大步驟

183
00:12:24,000 --> 00:12:27,000
那第一步就是防止暴力破解

184
00:12:27,000 --> 00:12:29,000
那怎麼防止暴力破解呢

185
00:12:29,000 --> 00:12:34,000
就是你會隨機產生一個叫 Modify 的數字

186
00:12:34,000 --> 00:12:35,000
變數

187
00:12:35,000 --> 00:12:40,000
然後跟公鑰合起來一起做 Shot1

188
00:12:40,000 --> 00:12:43,000
然後 Shot1 的值就是雜湊完的值

189
00:12:43,000 --> 00:12:48,000
前面 16 乘上 sec 這個變數的位元

190
00:12:48,000 --> 00:12:49,000
全部都要是零

191
00:12:49,000 --> 00:12:51,000
才能通過這個 Proof of Work

192
00:12:51,000 --> 00:12:53,000
那這件事就導致了

193
00:12:53,000 --> 00:12:57,000
你要逆推跟暴力破解是非常非常困難

194
00:12:57,000 --> 00:12:59,000
尤其是你 sec 越高

195
00:12:59,000 --> 00:13:03,000
代表你 Shot1 hash 出來的結果

196
00:13:03,000 --> 00:13:05,000
前面要很多的零

197
00:13:05,000 --> 00:13:06,000
那這個難度很高

198
00:13:06,000 --> 00:13:08,000
跟挖礦類似

199
00:13:08,000 --> 00:13:19,000
然後第二步是把第一步的 modify 拿來用

200
00:13:19,000 --> 00:13:27,000
就是確保說他是通過第一步的 Proof of Work 的檢測驗證

201
00:13:27,000 --> 00:13:29,000
然後他才能到第二關

202
00:13:29,000 --> 00:13:33,000
第二關就是產生一個 CGA

203
00:13:33,000 --> 00:13:34,000
產生一個地址

204
00:13:34,000 --> 00:13:37,000
那他再做一次 Shot1

205
00:13:37,000 --> 00:13:40,000
他這次做 Shot1 的意義是

206
00:13:40,000 --> 00:13:45,000
把所有你要的資訊全部都放在一起

207
00:13:45,000 --> 00:13:51,000
確保你生出來的地址跟那些資訊是吻合的

208
00:13:51,000 --> 00:13:52,000
對

209
00:13:52,000 --> 00:13:56,000
然後生出來後你還要檢查你生出來的地址

210
00:13:56,000 --> 00:13:57,000
有沒有跟別人碰撞到

211
00:13:57,000 --> 00:13:59,000
就是重複掉

212
00:13:59,000 --> 00:14:08,000
然後 procedural code 有興趣再看就好

213
00:14:08,000 --> 00:14:10,000
然後接下來要講

214
00:14:10,000 --> 00:14:12,000
我生成一個地址然後呢

215
00:14:12,000 --> 00:14:16,000
那接收方要怎麼確認這真的是你

216
00:14:16,000 --> 00:14:19,000
真的是有那把屍藥的

217
00:14:19,000 --> 00:14:22,000
有那個正確的傳送者

218
00:14:22,000 --> 00:14:26,000
而不是仿冒的攻擊者

219
00:14:26,000 --> 00:14:28,000
那首先因為我們剛才說了

220
00:14:28,000 --> 00:14:31,000
我們訊息後面都會附帶一個 CGA option

221
00:14:31,000 --> 00:14:35,000
所以接收者也可以拿到那個 parameters

222
00:14:35,000 --> 00:14:38,000
那接收者可以拿到 parameters

223
00:14:38,000 --> 00:14:42,000
就代表他可以生出一模一樣的 CGA

224
00:14:42,000 --> 00:14:47,000
那假如傳送就是你的 ICMP 封包裡面

225
00:14:47,000 --> 00:14:53,000
你的 source address 跟你 CGA 演算法生出來的

226
00:14:53,000 --> 00:14:55,000
長得不一樣

227
00:14:55,000 --> 00:15:00,000
就代表要不就是 source address 被改過

228
00:15:00,000 --> 00:15:04,000
要不就是你 CGA parameter 被改過

229
00:15:04,000 --> 00:15:07,000
對，那這樣就可以確保說

230
00:15:07,000 --> 00:15:16,000
你那個 parameters 跟你的 IP 是綁在一起的

231
00:15:16,000 --> 00:15:19,000
但是大家又會想到

232
00:15:19,000 --> 00:15:22,000
就好像怪怪的

233
00:15:22,000 --> 00:15:26,000
它原理的確是雜湊函式

234
00:15:26,000 --> 00:15:30,000
我看一下

235
00:15:30,000 --> 00:15:32,000
這裡

236
00:15:32,000 --> 00:15:34,000
因為剛才有說

237
00:15:34,000 --> 00:15:37,000
你要逆推一個雜湊函式是非常困難的

238
00:15:37,000 --> 00:15:40,000
然後加上你要逆推一個 prefix

239
00:15:40,000 --> 00:15:43,000
就是前 16 層上 sec 位元

240
00:15:43,000 --> 00:15:46,000
全部都要是零的一個 hash 值

241
00:15:46,000 --> 00:15:48,000
是更更更困難的事情

242
00:15:48,000 --> 00:15:52,000
大家可以防止說

243
00:15:52,000 --> 00:15:57,000
防止大家隨便偽造一個 CGA parameters

244
00:15:57,000 --> 00:16:01,000
然後就通過這個檢測

245
00:16:01,000 --> 00:16:03,000
大家又想到了

246
00:16:03,000 --> 00:16:06,000
大家只要把 parameters copy 出來

247
00:16:06,000 --> 00:16:10,000
然後塞到我自己的攻擊的訊息裡面

248
00:16:10,000 --> 00:16:12,000
不就繞過了嗎

249
00:16:12,000 --> 00:16:15,000
這就提到剛才為什麼我要把

250
00:16:15,000 --> 00:16:19,000
跟藥也一起拿去做 SHOT1 的用意

251
00:16:19,000 --> 00:16:23,000
因為我們接下來會塞一個私藥

252
00:16:23,000 --> 00:16:26,000
私藥簽章在訊息後面

253
00:16:26,000 --> 00:16:29,000
它會用到的是

254
00:16:29,000 --> 00:16:33,000
好像是 RSA Signature Option 吧

255
00:16:33,000 --> 00:16:35,000
然後它會塞在裡面

256
00:16:35,000 --> 00:16:37,000
傳遞數位簽章

257
00:16:37,000 --> 00:16:38,000
那數位簽章是簽什麼

258
00:16:38,000 --> 00:16:41,000
簽整個 NDP 風暴

259
00:16:41,000 --> 00:16:47,000
然後用傳送者私藥簽 NDP 風暴

260
00:16:47,000 --> 00:16:49,000
然後生成一個數位簽章

261
00:16:49,000 --> 00:16:52,000
然後放在風暴後面

262
00:16:52,000 --> 00:16:55,000
然後接收者拿到這個風暴以後

263
00:16:55,000 --> 00:16:58,000
除了做完 CGA 的驗證以外

264
00:16:58,000 --> 00:17:02,000
驗證 CGA Parameters 跟 IP 是符合的以外

265
00:17:02,000 --> 00:17:06,000
他還會把 Parameters 裡面的公藥拿出來

266
00:17:06,000 --> 00:17:08,000
去解這個簽章

267
00:17:08,000 --> 00:17:10,000
看這個簽章是不是對的

268
00:17:10,000 --> 00:17:15,000
如果 CGA Parameters 他解出來不對

269
00:17:15,000 --> 00:17:18,000
那就代表私藥有錯

270
00:17:18,000 --> 00:17:21,000
就不是那把傳送者的私藥

271
00:17:21,000 --> 00:17:25,000
可能是攻擊者的私藥

272
00:17:25,000 --> 00:17:27,000
那就會失敗

273
00:17:27,000 --> 00:17:31,000
因為攻擊者通常不會有傳送者的私藥

274
00:17:31,000 --> 00:17:34,000
因為私藥通常被保護好

275
00:17:34,000 --> 00:17:38,000
所以你就算複製了 CGA Parameters

276
00:17:38,000 --> 00:17:41,000
你複製的是傳送者的公私藥隊

277
00:17:41,000 --> 00:17:43,000
而不是你的公私藥隊

278
00:17:43,000 --> 00:17:44,000
你只有他的公藥

279
00:17:44,000 --> 00:17:45,000
你沒有他的私藥

280
00:17:45,000 --> 00:17:50,000
所以你過不了數位潛藏這一關

281
00:17:50,000 --> 00:17:52,000
然後又有人在想到

282
00:17:52,000 --> 00:17:54,000
那我整個封包重送呢

283
00:17:54,000 --> 00:17:56,000
這大家都知道

284
00:17:56,000 --> 00:17:57,000
老招了

285
00:17:57,000 --> 00:18:02,000
所以就放了時間戳跟隨機變數

286
00:18:02,000 --> 00:18:06,000
時間戳就是防止你送了又送了

287
00:18:06,000 --> 00:18:09,000
然後隔一段時間你再送

288
00:18:09,000 --> 00:18:12,000
那 nonce 就是確保你在短時間內

289
00:18:12,000 --> 00:18:15,000
不會接收到同樣的封包

290
00:18:15,000 --> 00:18:18,000
假如你合法的封包在三秒前

291
00:18:18,000 --> 00:18:20,000
傳了一個 nonce 為一千的

292
00:18:20,000 --> 00:18:22,000
你重放這個

293
00:18:22,000 --> 00:18:24,000
重新傳送這個封包

294
00:18:24,000 --> 00:18:26,000
然後他可能在十秒後

295
00:18:26,000 --> 00:18:28,000
又接到一個 nonce 為一千的

296
00:18:28,000 --> 00:18:32,000
那他就會把它丟掉

297
00:18:33,000 --> 00:18:35,000
這好像在現在的那個什麼

298
00:18:35,000 --> 00:18:36,000
車

299
00:18:36,000 --> 00:18:38,000
那個遠端解鎖車

300
00:18:38,000 --> 00:18:42,000
車輛好像蠻常見的

301
00:18:42,000 --> 00:18:44,000
然後接下來

302
00:18:44,000 --> 00:18:46,000
要講那個

303
00:18:46,000 --> 00:18:48,000
Router 方面的部分

304
00:18:48,000 --> 00:18:51,000
因為除了你好不容易驗證了

305
00:18:51,000 --> 00:18:53,000
對方這台裝置

306
00:18:53,000 --> 00:18:55,000
他的確是合法的 IP 擁有者

307
00:18:55,000 --> 00:18:57,000
那接下來還要

308
00:18:57,000 --> 00:18:59,000
你要出去

309
00:18:59,000 --> 00:19:01,000
你要能成功發封包出去

310
00:19:01,000 --> 00:19:03,000
你還要過 Router

311
00:19:03,000 --> 00:19:05,000
去有人幫你轉發

312
00:19:05,000 --> 00:19:07,000
或是有人幫你 NAT 之類的

313
00:19:07,000 --> 00:19:09,000
那 Router 的選擇也是很重要的

314
00:19:09,000 --> 00:19:13,000
所以 Router 也需要經過授權驗證

315
00:19:13,000 --> 00:19:16,000
然後他這個就比較

316
00:19:16,000 --> 00:19:19,000
一般這個想法跟現在的 TLS

317
00:19:19,000 --> 00:19:23,000
就是 HTTPS 的那個憑證的機制類似

318
00:19:23,000 --> 00:19:28,000
只是他名詞改了

319
00:19:28,000 --> 00:19:31,000
然後 Router 要被信任

320
00:19:31,000 --> 00:19:35,000
就是他的憑證鏈要被信任

321
00:19:35,000 --> 00:19:37,000
才能當作 Gateway

322
00:19:37,000 --> 00:19:42,000
然後他要新增兩個 ICMP Video Message Type

323
00:19:42,000 --> 00:19:44,000
不重要

324
00:19:44,000 --> 00:19:46,000
然後 Trust Anchor

325
00:19:46,000 --> 00:19:49,000
他就是類似現在的 CA

326
00:19:49,000 --> 00:19:52,000
大家在講什麼台灣 CA 啊

327
00:19:52,000 --> 00:19:55,000
什麼 Digisign CA 啊

328
00:19:55,000 --> 00:19:57,000
就是類似那個東西

329
00:19:57,000 --> 00:20:00,000
然後他簽發憑證給 Router

330
00:20:00,000 --> 00:20:03,000
然後一般的主機

331
00:20:03,000 --> 00:20:07,000
會存一個 Trust Anchor 的清單

332
00:20:07,000 --> 00:20:10,000
就像現在系統裡面會存的那個

333
00:20:10,000 --> 00:20:12,000
Trust CA 一樣

334
00:20:12,000 --> 00:20:14,000
然後他也可以信任多個

335
00:20:17,000 --> 00:20:18,000
然後一個

336
00:20:18,000 --> 00:20:21,000
他這兩個 Message Type 很簡單

337
00:20:21,000 --> 00:20:24,000
一個是要憑證鏈

338
00:20:24,000 --> 00:20:27,000
另外一個就是回應憑證鏈

339
00:20:27,000 --> 00:20:30,000
好 那我今天的簡報差不多到這裡

340
00:20:30,000 --> 00:20:32,000
那我總結一下

341
00:20:32,000 --> 00:20:36,000
就是他的確是一個可以算是大規模

342
00:20:36,000 --> 00:20:38,000
然後在不受信任的環境下

343
00:20:38,000 --> 00:20:40,000
你依然可以生出一個

344
00:20:40,000 --> 00:20:45,000
可以驗證對方的合法性的一個方案

345
00:20:45,000 --> 00:20:47,000
然後用在無線網路

346
00:20:47,000 --> 00:20:50,000
或是公共電腦都很適合

347
00:20:50,000 --> 00:20:54,000
但是他像 SLAAC 一樣

348
00:20:54,000 --> 00:20:57,000
因為他是用演算法生成的

349
00:20:57,000 --> 00:21:00,000
所以他無法指定你的 IP 地址

350
00:21:00,000 --> 00:21:07,000
而且他算是一個實作有點複雜的東西

351
00:21:07,000 --> 00:21:11,000
因為畢竟他牽扯到非對稱式加密

352
00:21:11,000 --> 00:21:15,000
那這部分實作還蠻少的

353
00:21:15,000 --> 00:21:18,000
尤其是實作在 Layer 3 的

354
00:21:18,000 --> 00:21:19,000
我目前還沒有找到

355
00:21:19,000 --> 00:21:22,000
好像只有 Cisco 有

356
00:21:22,000 --> 00:21:27,000
他是一個比 IPshake 更為妥善

357
00:21:27,000 --> 00:21:30,000
更為適合的認證方式

358
00:21:30,000 --> 00:21:37,000
他不用像 IPshake 一樣加密

359
00:21:37,000 --> 00:21:39,000
總結就是他現在

360
00:21:39,000 --> 00:21:40,000
他是一個好東西

361
00:21:40,000 --> 00:21:43,000
但是 IPv6 普及度很低

362
00:21:43,000 --> 00:21:48,000
在 IPv6 上關注這方面的人更少了

363
00:21:48,000 --> 00:21:51,000
所以他的實作普及度更低

364
00:21:51,000 --> 00:21:54,000
目前各大 OS 好像都不支援

365
00:21:54,000 --> 00:21:57,000
但是有興趣可以用 Scalepy 去寫一個

366
00:21:57,000 --> 00:22:02,000
然後我目前只有查到 Cisco 的 iOS 好像有支援

367
00:22:02,000 --> 00:22:03,000
這我不清楚

368
00:22:03,000 --> 00:22:04,000
我沒有買過 Cisco

369
00:22:04,000 --> 00:22:05,000
買不起

370
00:22:05,000 --> 00:22:06,000
好

371
00:22:06,000 --> 00:22:09,000
都是 RSE

372
00:22:09,000 --> 00:22:12,000
謝謝大家