The Internet is a major development in the IT field. Its rapid development and comprehensive popularity have brought great help to people's production and life. However, the Internet was originally designed to allow more people to use the network, share resources, and be easy to expand, easy to manage, and so on. Therefore, it is a fully open system without sufficient security considerations. Coupled with the increasing number of users and various motivations, security incidents on the Internet are emerging in endlessly.
In Internet security, the security of network communication is a very important link, so it is necessary to study the method of safely transmitting data on the network.
1 Brief introduction of IPSec protocol
In the TCP/IP protocol, no security protection is provided for IP data packets. Attackers can attack normal TCP/IP communication through methods such as network sniffing, IP spoofing, and connection interception. Therefore, the following dangers exist in the communication process: the data does not come from a legitimate sender, the data is illegally tampered with during transmission, and the information content has been stolen.
In order to ensure safe and confidential communication on the IP network, the IETF has formulated a set of open standard network security protocols IP Sec (IP Security). The protocol applies cryptographic technology to the network layer to provide source address verification, data transmission integrity, access control, confidentiality and other security services to the sender and receiver of information, protect communications from eavesdropping, and resist network attacks. And higher-level application layer protocols can also directly or indirectly use these security services to provide transparent security protection services for their upper-layer protocols such as TCP, UDP, etc., and provide security guarantees for communications in insecure networks such as the Internet.
In IP v6, the IP Sec protocol is an indispensable component and is enforced; in IP v4, it is an optional extended protocol. Due to the public characteristics of networks such as the Internet, it is difficult to confirm that the transmission medium is safe during the communication process. Therefore, for secure communication, the communication data must be encrypted. The IP Sec protocol encrypts data in units of data packets instead of the entire data stream, which is not only very flexible, but also helps to further improve the security of IP data packets.
The basic working principle of the IP Sec protocol is: the sender encrypts the data before sending it, and then sends the ciphertext data to the network to start transmission. In the entire transmission process, the data is transmitted in cipher text, until the data reaches the destination node, the receiver decrypts the cipher text and extracts the plain text information.
The IP Sec protocol uses encryption technology for the communication at the network layer. It does not encrypt the header and tail information of the data packet (such as source address, destination address, port number, CRC check value, etc.), but on the data in the data packet. Encrypted. Since the encryption process takes place at the IP layer, the security encryption of the network protocol can be performed without changing the upper layer application protocol such as HTTP, providing transparent and secure transmission services for communication. The IP Sec protocol uses an end-to-end working mode. Only the sender and receiver of the data master the encryption and decryption methods, and both are responsible for the corresponding data encryption and decryption processing, while other nodes in the network are only responsible for forwarding the data without support IP Sec can realize that encrypted communication has nothing to do with the transmission medium, ensuring the adaptability and security of confidential data in the public network environment. Therefore, IP Sec can be applied to a very wide range of environments. It can provide strong protection for communications on LANs, dial-up users, remote sites, and the Internet. It can also be used to filter specific data streams and can also be used in different LANs. Secure interconnection through the Internet.
The IP Sec protocol is not a separate protocol. It includes a complete set of protocols for network data security at the IP layer, including AH (Authentication Header, IP Authentication Header Protocol), ESP (Encapsulating Security Payload, Encapsulating Security Payload Protocol), IKE (Internet Key Exchange, Internet Key Exchange Protocol) and some algorithms for network authentication and encryption. AH provides data integrity and authentication, but does not include confidentiality; while ESP only provides confidentiality in principle, but it is also possible to select appropriate algorithms and modes in the ESP Header to achieve data integrity and authentication. AH and ESP can be used separately or together. IKE provides the negotiation of encryption algorithms and keys.
1.1 Security Association and Security Policy
Security Association (SA) refers to a one-way relationship between the sender and receiver that provide communication security services. Security association is the basis of IP Sec, which is an agreement established through negotiation between the two communicating parties. The security association can be uniquely identified by a 32-bit security parameter index (Security Parameter Index, SPI). An SPI value determines a specific SA. It is usually placed in the AH or ESP header; the security association is one-way. To achieve two-way security for two hosts A and B, two security associations are required, one in each direction: (A, B), (B, A). The content of the security association includes whether the IP data packet is encrypted and authenticated, as well as the algorithm and key used for encryption and authentication. All SA records are stored in the security association database and accessed in hash mode.
The Security Policy defines the characteristics of the secure communication between two IPSec systems and determines the security services provided for data packets in the communication. All security policies of an IPSec system are stored in the security policy database and retrieved according to selectors (including source address, destination address, protocol, port, etc.). The security policy usually cooperates with the SA and acts together on the data packets of the communication.
1.2 AH
The AH protocol first checks and encrypts the data, and then encapsulates it into an IP packet, thereby achieving data integrity of connectionless communication, data source authentication and preventing replay attacks. AH can complete all the functions that ESP can provide except data encryption. In terms of authentication mechanism, it covers a wider range than ESP, including the authentication of some options in the IP header.
In order to apply the IP Sec protocol, the format of the IP data packet must be changed, that is, an AH header is inserted between the IP header and the protected data, as shown in Figure 1.
The format of the AH header is shown in Figure 2, including: next header, payload length, reserved bits, security parameter index, serial number, and authentication data.
The typical authentication algorithm used by AH is an iterative message digest algorithm. The MD5 algorithm is used in AH to provide integrity services. From the previous description, we can know that MD5 can hash any length of information to generate a unique 128-bit message digest. Since the message digest is unique, any modification to the information will result in a different message digest, which can prevent the message from being tampered with, thereby ensuring the integrity of the data. AH can also use the SHA algorithm to provide stronger anti-attack capabilities. On the basis of MD5, SHA increases the number of iterations and complexity of packet processing, and generates a 160-bit message digest. After receiving the data, the receiver can verify the validity of the data packet by checking the unidirectionally increasing sequence number in the data packet to prevent replay attacks.
1.3 ESP
ESP provides the confidentiality of transmission information by encrypting the data of the data packet, thereby realizing the security services of data integrity, data source authentication, and data confidentiality. ESP is a universal and extensible security mechanism, and its encryption authentication algorithm is mainly determined by the corresponding data items of SA. The receiver can also verify the validity of the data packet by checking the unidirectionally increasing sequence number in the data packet after receiving the data to prevent replay attacks. In the application, an ESP header needs to be inserted between the IP packet header and the protected data, and an ESP tail is appended after the protected data, as shown in Figure 3.
The format of the ESP header is shown in Figure 3, including: security parameter index (identifying the security association used to process data packets), serial number (used to prevent replay attacks), and payload data. All fields of the ESP header are not encrypted, because the header fields need to be read before decrypting the packet.
The format of the ESP tail is shown in Figure 5, including: padding (some encryption algorithms require that the length of the encrypted data is an integral multiple of the key length. If the length of the protected data does not meet this requirement, it needs to be added later Some padding items), padding item length (specify the length of the padding item), next header, authentication data (data integrity inspection result).
While ESP provides encryption functions, it can also provide authentication functions. For the sent data packet, the encryption process is performed first; and for the received data packet, the authentication process is performed first.
ESP supports multiple encryption algorithms. DES is the default encryption algorithm in ESP. It uses a 64-bit key to encrypt the plain text. The encryption and decryption use the same key. The algorithm is simple and efficient. In addition, you can also choose to use 3DES, AES, RC5, RC6, Blowfish and other algorithms.
1.4 IP key exchange
IKE is a hybrid protocol that uses Internet Security Association and Key Management Protocol (ISAKMP), key determination protocol Oakley, and SKEME protocol that describes key exchange that supports anonymous and fast key refresh. In addition to the key exchange between the communicating parties, IKE also uses ISAKMP to implement IPSec security association.
The ISAKMP protocol is the core component of IKE. It defines the process and data format including negotiation, establishment, modification, and deletion of security associations. ISAKMP’s work is divided into two stages: In the first stage, the communication parties negotiate and establish a secure channel, and verify the channel to provide security services for the second stage of further communication; in the second stage, a specific establishment for IPSec The IPSec security association is used to protect the data transmission security of the communication parties. In the IKE negotiation process, the Diffie-Hellman mechanism, Oakley's key exchange mode and SKEME's sharing and key update technology are used.
1.5 IPSec working mode
There are two working modes of IP Sec: transmission mode and tunnel mode.
In the transmission mode, the data to be transmitted is encrypted and encapsulated by IP Sec, and then the relevant IP Sec header is inserted between the IP header and the protected data and encapsulated. Because the IP header is not encrypted, the receiving end processes the IP header directly when receiving the encapsulated data packet, and then reads the SPI value from the IP Sec header to obtain the relative SA, and then uses the decryption parameters set by the SA to decode the encrypted data. The IP Sec header of the transmission mode is directly added before the data to be transmitted. Since there are fewer encrypted parts and no additional processing, it saves bandwidth and CPU load, and has higher communication and processing efficiency. In the transmission mode, the decryptor is the user at the destination address.
The tunnel mode first uses SA related information to encrypt all IP packets, then adds ESP Header in front, and then uses them as data plus a new IP header. After receiving the ESP packet, the receiving end uses the SA provided by the SPI value in the ESP Header content, and then decodes the loaded data after the ESP Header, and then the original IP header and packet can be retrieved. The tunnel mode can establish a secure tunnel between two terminals, and communication between the two terminals is carried out in this tunnel, so the security is high. The format of the IP data packet of the two modes is shown in Figure 6.
2 SSL protocol
SSL is a communication protocol used to securely transmit data. It uses public key encryption technology, symmetric key encryption technology, etc. to protect the confidentiality and integrity of information transmission between two applications. However, SSL also has a shortcoming, that is, it cannot guarantee the non-repudiation of transmitted information. The SSL protocol includes server authentication, client authentication, data integrity on the SSL link, and data confidentiality on the SSL link. It guarantees Internet data transmission by establishing a secure channel between the browser and the Web server Security.
At present, SSL technology using public key encryption has become an industry standard for secure communication on the Internet. The SSL protocol is often used to enhance the security of Web services. In the TCP/IP protocol, the SSL protocol is built on the transport layer, that is, above the TCP and below the application layer. An outstanding advantage of the SSL protocol is that it is independent of the application layer protocol. Higher-level application layer protocols such as HTTP can be transparently built on top of the SSL protocol to work. The transmission channel established through the SSL protocol has the following basic security:
(1) The channel is confidential. After the key is determined by the handshake, all messages are encrypted.
The SSL protocol has completed the encryption algorithm, key negotiation, server authentication, etc. before the application layer protocol works, and all the data transmitted by the application layer after that are encrypted, so the SSL protocol has good confidentiality .
(2) The channel is authenticated, the server in the communication is always authenticated, and the client can be authenticated.
In the communication process based on the SSL protocol, server-side authentication must be carried out. Therefore, even if the client-side authentication is not carried out during a session, the confirmation of the session can be well guaranteed.
(3) The channel is reliable. MAC is used to check the integrity of the transmitted message to ensure the integrity of the data on the channel.
In the communication process based on the SSL protocol, because the transmitted message includes message integrity check data (ie, MAC data), it can be guaranteed that the communication is reliable. The SSL protocol is composed of the SSL record protocol, the SSL handshake protocol, the SSL password change specification protocol, and the SSL warning protocol. Its architecture is shown in Figure 7.
2.1 SSL record protocol
In the SSL record protocol, all the data to be transmitted are encapsulated in the record. The record is composed of a record header and record data whose length is not zero. All SSL communications, including handshake messages, secure blank records, application data, etc., require SSL records.
2.2 SSL protocol record header format
The SSL protocol record header format is shown in Figure 8.
The data included in the SSL protocol record header includes the length of the record header, the length of the record data, whether there is pasted data in the record data, and so on. The length of the SSL protocol record header can be either 2 bytes or 3 bytes long. When the highest bit of the recording head is 1, it means that there is no paste data. The length of the recording head is 2 bytes, and the maximum length of the recorded data is 32767 bytes; when the highest bit of the recording head is 0, it contains the paste data. The length is 3 bytes, and the maximum length of recorded data is 16383 bytes. When the highest bit of the recording head is 0, the second highest bit has a special meaning. When the second highest bit is 1, it means that the transferred record is a normal record; when the second highest bit is 0, it means that the transferred record is a safe blank record.
The data length encoding in the record header does not include the byte length occupied by the data header.
2.3 Format of SSL record data
SSL record data contains three parts: MAC data and actual data and paste data. MAC data is used for data integrity checking. The hash function used to calculate the MAC is determined by the message in the handshake protocol. If the MD5 algorithm is used, the MAC data length is 16 bytes.
The method of generating MAC data is: MAC data=HASH (key, actual data, pasted data, serial number) where, when the client of the session sends data, the key is the client's write key (the server uses the read key to verify MAC data); and when the client of the session receives data, the key is the client's read key (the server uses the write key to verify the MAC data). The sequence number is a counter that can be incremented by both sender and receiver. Each communicating party will establish a counter, which belongs to the sender and receiver respectively. The counter has 32 bits and the count value is used cyclically. The count value is incremented every time a record is sent, and the initial value of the serial number is 0.
2.4 SSL handshake protocol
The SSL handshake protocol is built on top of the SSL record protocol, and is used to authenticate the identity, negotiate encryption algorithms, and exchange encryption keys before the actual data transmission starts.
The SSL handshake process can be divided into two stages. The first stage is used to establish a secret communication channel, and the second stage is used for client verification. In the SSL protocol, a symmetric key encryption algorithm and a public key encryption algorithm are used at the same time, which is to comprehensively utilize the advantages of the high speed of the symmetric key encryption algorithm and the security of the public key encryption algorithm.
The SSL protocol uses a public key encryption algorithm to verify the identity of the server on the client, and transfers the symmetric key used to encrypt data in the session. Then use the symmetric key to encrypt the received and sent data relatively quickly in the communication process, thereby reducing system overhead and ensuring communication efficiency.
SSL supports various encryption algorithms. In the "handshake" process, the RSA public key system is used. After the key exchange, a variety of passwords can be used, such as RC2, RC4, IDEA, DES, 3DES, and MD5 message digest algorithms. The SSL protocol can protect the communication process very effectively. However, if a certain kind of attack is carried out using SSL protocol communication, then this kind of attack will also be protected by the SSL protocol, making the attack more concealed and difficult to be detected. Of course, this kind of attack can also penetrate the firewall well and evade the inspection of the intrusion detection system.
In addition, during the communication process of SSL, many encryption and decryption operations are required. The complexity of these calculations varies with the strength of the password, but high-strength calculations will increase the server load and increase the network bandwidth, which will reduce the server performance. , Throughput also drops.
3 PGP protocol
In the information age, e-mail has become a part of people's lives, and at the same time, the security problem of e-mail has become increasingly prominent. Generally speaking, the transmission of e-mail on the network is not encrypted. This kind of unprotected mail is transmitted on the network, and the third party will easily obtain the information transmitted during the communication process. In addition, in order to prevent imposters, the recipient needs to confirm that the mail has not been tampered with by a third party, and that it is indeed sent by the sender himself, which requires the use of digital signature techniques. From the previous description, we can know that the RSA public key cryptosystem is very suitable to meet the above requirements. But to directly use RSA to encrypt emails, there are some inconveniences.
PGP (Pretty Good Privacy) is a set of email encryption schemes proposed by American Phil Zimmermann in 1995. It can be used to encrypt emails to prevent unauthorized persons from reading, and it can also add digital signatures to the emails so that the recipient can confirm that the email is indeed sent by the sender. PGP is not a new encryption algorithm or protocol, it uses a variety of encryption algorithms,
For example, the IDEA algorithm is used to encrypt the email content, the RSA public key encryption algorithm is used for the encrypted information, the message digest algorithm for digital signature is also used, and a set of software that encrypts emails by technical means such as compression before encryption. Through the combined use of these encryption methods, the good encryption effect of the RSA public key encryption system and the high speed of the symmetric key encryption system are combined, and the ingenious design in the digital signature and key authentication management mechanism makes PGP an excellent The powerful data encryption program. Because PGP is powerful, quick to process, easy to use, and its source code is free, PGP has been widely used in IT and other industries, and it is rapidly popularized.
Nowadays, in addition to the usual email encryption, PGP can also be used to encrypt important files. Instead of UUencode, PGP can be used to generate encoded files in RADIX64 format (that is, MIME's BASE64 format) to ensure their safe transmission on the network, or for Documents are digitally signed to prevent tampering and forgery.
3.1 The principle of PGP encryption
Suppose a user A wants to send an encrypted email to another user B. Then the encryption principle is shown in Figure 9.
First, user A uses the MD5 hash algorithm to calculate the mail P to be sent to generate a 128-bit message digest. With this message digest, you can check whether the mail information is complete and whether it has been tampered with. Then through the RSA algorithm, use A's private key SKA to encrypt the message digest to generate the ciphertext H of the message digest. Mail P and the encrypted mail message digest H together form a new message P1, and then P1 is compressed by ZIP to become a compressed message P1.Z. Then use IDEA algorithm to encrypt P1.Z. This time encryption uses a one-time key K, and K must be encrypted by RSA algorithm using the public key PKB of the other party B of the communication, together with the encrypted message P 2 After BASE64 encoding, a series of ASCII codes are obtained and sent to the Internet as the content of the mail.
After user B receives the encrypted mail sent by A, it performs the decryption process: in contrast to the encryption process, it first decodes the content of the mail by BASE64, then uses its own secret key SKB to solve the IDEA key K through the RSA algorithm. Then use this key to restore P1.Z, decompress P1.Z and restore P1. Then separate the plaintext P and the ciphertext H of the mail message digest, and use A's public key PKA to decrypt H to get the real mail message digest. Then B himself uses the MD5 algorithm to perform operations on the plaintext P of the mail to generate a 128-bit message digest. Compare whether the two abstracts are consistent. If they are consistent, it means that P is a mail from A.
Through the above communication process, it can be seen that PGP can not only ensure that the mail is not stolen by a third party, but also prevent the sender from denying the letter and the letter from being tampered on the way. Because the RSA algorithm is too computationally expensive and too slow, it is not suitable for encrypting large amounts of data such as the body of an email. Therefore, what PGP actually uses to encrypt the message body is not RSA itself, but the IDEA encryption algorithm used.
IDEA uses the same key for encryption and decryption. Its main disadvantage is that it is difficult to deliver a secure key in a public network environment, which is not suitable for the needs of mail encryption on the Internet. However, the encryption and decryption speed of IDEA is much faster than RSA, so PGP uses a randomly generated key (the encryption is different each time) to encrypt the plain text with the IDEA algorithm, and then encrypts the IDEA key with the RSA algorithm. In this way, the recipient also uses the RSA algorithm to decrypt the random IDEA key, and then uses the IDEA algorithm to decrypt the mail itself. This kind of chain encryption not only has the confidentiality effect of RSA algorithm, but also has the speed and convenience of IDEA algorithm. Here, the IDEA key used by PGP every time it encrypts a mail is a random number, and in order to enhance the randomness, PGP obtains a random number seed from the time interval when the user hits the keyboard to generate the key, thereby further enhancing It has an encryption effect.
PGP uses the PKZIP algorithm to compress the plaintext before encryption. For e-mail, on the one hand, the ciphertext obtained after compression and then encryption may be shorter than the plaintext, which saves network transmission time; on the other hand, the plaintext is compressed, which is actually equivalent to one more transformation. The information is more chaotic and the ability to resist illegal attacks is stronger. PGP can also only sign without encryption, which can be used to make public statements. The declarant can sign with his private key in order to verify his identity. In this way, the public can use their public key to verify the signature, thereby confirming the identity of the declarant.
3.2 PGP key management mechanism
In the PGP encrypted communication process, the key undoubtedly plays the most critical role. A mature encryption system must have a mature key management mechanism to match it. PGP also proposes a set of distribution, use and management schemes for key management.
The public key encryption system itself is proposed to solve the problem that the key distribution in the symmetric key encryption system is difficult to keep secret. For example, one of the methods commonly used by attackers is "monitoring." If the key is transmitted over the network, it is easily intercepted. PGP uses a public key to encrypt, and the public key is meant to be public, so there is no problem of being monitored. However, there are still hidden security risks in the public key release process. For example, the public key is illegally tampered with, which is a major security risk in the public key cryptosystem, because it is difficult for ordinary users to discover.
For example, if user A wants to send an encrypted email to user B, then A must have B's public key. So A finds B's public key from the public directory, uses it to encrypt the mail, and then sends it to B. This is a normal process. However, an attack may occur in the process: Neither A nor B knows, another user C replaces B's public key with the public key from the key generated by his own impersonation of B's name! Then the public key used by A to send the letter is not B's but C's public key. However, everything seems to be normal, because the user name of the public key obtained by A is B. Then C can use the private key in his hand to decrypt the mail sent by A to B, and even he can use the real public key of B to forward the letter sent by A to B, so that neither A nor B will find any abnormalities. All their communications have been leaked. Even if C wants to change the mail sent by A to B, there is no problem. Moreover, C can also forge B’s signature to send information to A or others, because the public key in the hands of A and others was forged by C, and A and others can normally decrypt this forged signature, and therefore believe that it is from B. information. To prevent this, you must prevent anyone from forging other people's public keys.
For example, if the communicating parties meet directly and exchange keys, you can avoid getting a forged public key. However, when the two parties are far apart or inconvenient to meet directly, it is difficult to exchange keys directly. In this case, PGP solves this problem through a public key introduction mechanism. Continuing the above example: If A and B have a common friend D, and D knows that the public key of B in his hand is correct (assuming D has authenticated the public key of B). In this way, D can use his own private key to sign B's public key, indicating that he guarantees that this public key is B's real public key, and sends it to A. Then A uses D's public key to verify the B's public key that D sent to A. Similarly, D can also guarantee A's public key to B. In this way, D becomes the introducer of the public key between A and B. In this way, B or D can safely list B's public key signed by D in the public directory for A to read. No one can forge B's public key without being discovered by A. This is the safe method used by PGP to transfer public keys from the insecure Internet.
However, how to confirm the security and reliability of D's public key? In this case, PGP recommends that a person or authority that everyone generally trusts should act as a certification authority. Every public key signed by an authoritative certification body is considered authentic, so that everyone only needs to have a copy of the public key of the certification body. Since certification agencies provide public key services extensively, their public keys are widely circulated, and it is difficult to counterfeit their public keys, so it is very convenient to authenticate their public keys. When using a key in PGP, it should be noted that before using any public key, it must be authenticated first. Under no circumstances should you directly trust a public key obtained from a public channel. Instead, use a public key introduced by a trusted person, or authenticate yourself with the other party. Since PGP can realize the functions of digital signature, non-repudiation, prevention of tampering, prevention of deciphering, etc., since the introduction of PGP, it has been generally welcomed by people. Currently, PGP has almost become the most popular public key encryption software. With the increase of people's communication and security awareness, PGP will be more widely used.