Article Updated: 2020-04-02
Note: This article reference from Machinery Industry Press "Password principles and application engineering."
Click on the directory jump
First, the scope of research into cryptography
Cryptography is an encryption-related arts and sciences.
1, the role of cryptography
Cryptography is part of the overall security system, but it is also the most critical part.
Cryptography systems typically provide access control functions.
2, barrel theory
The security of each security system depends on its most vulnerable part.
To improve the security of the system, we need to improve the security of the most vulnerable parts of the system. So we must first know who are the most vulnerable. This can be a complete hierarchical tree structure, each part of the system is what links, with each link in what other sub-sectors. We can link these attacks are organized into a tree (attack tree)
.
3, opponents set
Because if an attacker wants to attack the system, it will attack the weakest link in the system.
So we have to set to rival 最狡猾
opponents, so that we can better improve the security of our system!
Second, Introduction to Cryptography
Note 1: cryptographically conventional example referred to for convenience as the sender Alice
, the recipient is Bob
, as eavesdropper Eve
.
Note 2: If you look up the dictionary, you will find the key reading (yue). But some cryptography old professor will read when reading (yao). So when without ambiguity (key (yue) and honeymoons homonym ~)), you should read what is possible.
1, encryption
-
In order to prevent information being tapped from us, we can choose before sending the message, the plaintext
m
by the encryption functionE
using the key K E is encrypted into ciphertextc
, and then transmitted. -
By the ciphertext receiver
c
after decryption function byD
using the key K E is decrypted plaintextm
, so far, the information transmission is completed. -
If you
Eve
were eavesdropping, then he can only get the ciphertext, no key k E will not be in plain text. -
So the question is, how to deliver key it? If you have a secure channel is used to convey the key, then send information directly to good?
This involves the key distribution problem, do not expand here first. Being that
Alice
andBob
use another secure channel negotiation key. For example, when the last negotiation meeting, or written on paper mail in the past and so on. -
kerckhoff
in principleSecurity encryption scheme must depend only on the key K to E confidentiality, without depending on the algorithm for secrecy.
Facts have proved that the algorithm is not public is often problematic, we can not stand the test.
2. Certification
In the previous section, we explain how to conduct encrypted to prevent Eve
eavesdropping to plaintext. But this has not prevented Eve
modify the information.
Because Eve
Since the channel can eavesdrop, then he respective information may also be modified to intercept delete, or change the order of several messages, these are possible.
The recipient can not tell whether information has been tampered with. To solve this problem, we introduced the 认证
concept.
-
And encryption, authentication need to use a key, referred to herein as K A
-
Before transmitting information, we first use the K A of the information is a message authentication code computed (Message Authentication Code), it may also be referred to
MAC
. -
When sending messages, and even
MAC
send the past. -
Bob
Received信息m
andMAC
after their own information to calculate it againMAC
to see if and sent meMAC
the same. If the same, indicating that information safe. If not, it means that the information has been tampered with or damaged, it is directly discarded. -
Now if
Eve
eavesdropping even tampered with the information at the same time, but because he did not have an authentication key k A , so he is unable to play the role of tampering, because theBob
receipt was foundMAC
not to respect not throw ~ -
But that there is a problem, it is not enough to resist
消息重放攻击
. What is the message replay attacks?To say,
Eve
tapping into the information is not tampered with, but along withMAC
preserved, waiting for some time, and then togetherMAC
sent togetherBob
, dueMAC
to be effective, itBob
will think the message is valid.If the order is important in some scenes information, then this will also cause harm. To avoid this, we can add the number in the message. And verify that number when received, if the subject is less than the number of information number has been received, it is discarded. It means the future, if the information received No. 2, No. 1 Information was received No. 1 data will be discarded.
Note: 加密
and 认证
are two different concepts. Encryption can only guarantee not to disclose the plaintext, and certification is to ensure the integrity of the message.
3, public key encryption
In the above we discussed the encryption scheme, there is a need to send information both encryption key K E . We can imagine that, if a number of teams were the case, the key exchange is a very troublesome thing, but more than one person, the number of keys was also significantly increased.
You do not want your boss put a lot of work time spent on the exchange of key words.
To solve this problem, we introduce the 公钥加密
concept.
-
First, we use a special algorithm to generate a pair of keys (S Bob , P Bob ), where S Bob the private key, P Bob public key.
-
Then
Bob
open his public! In this way, everyone can get Bob's public key, which is consistent with the public key name of Kazakhstan. -
Then
Alice
you can useBob
the public key informationm
is encrypted into ciphertextc
, then sent toBob
. -
Bob
By the ciphertextc
later, using the private key S Bob ciphertext decryptsm
. -
So
Bob
I want toAlice
send a message is encrypted with your private key it? Impossible, as anyone with aBob
person's public key can decrypt the information will be. What encryption? ToAlice
send a message of course is to useAlice
the public key it! -
So, who to send private information on who is using public key encryption, decryption information only corresponding can. So if you want people to give you the information, you open your own public key on it.
Note 1: public and private keys are not the same, unlike the previously mentioned encryption key K E . In public-key encryption system, even the encryption function and the decryption functions are not the same.
Note 2: You do not want the private key to decrypt the encrypted public key information? You decrypt a try, I look at you decrypt it.
3, the digital signature
Waiting for me ...
this chapter to write.
三、Enjoy!
Follow-up ...