1. Multiple choice questions
(1) () The cryptosystem not only has the function of confidentiality, but also the function of authentication.
A. Symmetrical B. Private key
C. Asymmetrical D. Hybrid encryption system
(2) The network encryption method () encrypts each bit of the data message transmitted on the network, and the routing information, checksum, etc. All control information is encrypted.
A. Link encryption B. Node-to-node encryption
C. End-to-end encryption D. Hybrid encryption
(3) Caesar cipher is () method, called cyclic shift cipher, the advantage is that the key is simple and easy to remember, the disadvantage is Security is poor.
A. Code encryption B. Replacement encryption
C.
Modification encryption D. One-time encryption (4) In encryption services, () is used to ensure the authenticity and integrity of data. There are currently two main types of MA.C generation. .The way.
A. Encryption and decryption B. Digital signature
C. Key placement D. Message authentication code
(5) According to the technical requirements and purpose of information hiding, the following () does not belong to the basic characteristics of digital watermarking.
A. Concealment B. Security
C. Integrity D. Robustness
Answer: (1) C (2) A (3) B (4) D (5) C
2. Fill in the blanks
(1) In the encryption system, the original information is called ___, the process of changing from ___ to ___ is called encryption, and the process of restoring it from ___ is called decryption.
(2) ______ is the only realization method to protect all kinds of information on large-scale transmission network systems, and it is _____ to ensure information security.
(3) The encryption and decryption of the symmetric cryptosystem uses the key of ————; the encryption and decryption of the asymmetric cryptosystem uses the key of ————, and the encryption key and the decryption key require ______ to calculate each other.
(4) The data encryption standard DES is a ______ encryption technology, specially designed for _____ encoded data, a typical ______ cryptographic algorithm that works in the manner of ______.
(5) There are four commonly used encryption methods: ___, ____, ____, ____.
Answer:
(1) Plain text, plain text, cipher text, cipher text, plain text
(2) Cipher technology, core technology
(3) Same, different, impossible
(4) Code encryption, substitution encryption, displacement encryption, one-time encryption
( 5) Symmetric, binary, group, single key
3. Short answer questions
(1) What are the encryption methods of the network? What are the advantages and disadvantages and suitable scope?
There are three types of computer network encryption: link encryption, node-to-node encryption, and end-to-end encryption.
- Link encryption method The
link encryption method refers to encrypting each bit of the data message transmitted on the network, and both ends of the link are encrypted with encryption equipment to make the transmission of the entire communication link safe.
In the link encryption mode, only the data in the transmission link is encrypted, not the data in the network node, and the data message on the intermediate node appears in plain text. At present, general network transmission security mainly adopts this method.
Disadvantages: It requires the cooperation of public network providers to modify their switching nodes and add security units or protection devices; at the same time, node encryption requires the header and routing information to be transmitted in plain text so that intermediate nodes can obtain information on how to process messages, and they are also vulnerable to attacks . - Node-to-node encryption
In order to solve the defect that the data in the node is plaintext, a protection device for encryption and decryption is installed in the intermediate node, that is, the device is used to complete the transformation from one key to another key (the message is decrypted first and then Re-encrypt with a different key).
Disadvantages: It requires the cooperation of public network providers to modify their switching nodes and add security units or protection devices; at the same time, node encryption requires the header and routing information to be transmitted in plain text so that intermediate nodes can obtain information on how to process messages, and they are also vulnerable to attacks . - End-
to-end encryption. End- to-end encryption is also called protocol-oriented encryption. It refers to only encrypting at both ends of the communication line between the users. The data is encrypted from the source node to the destination node through the network, and the destination node is used for source node sharing The key to decrypt the data. This method provides a certain degree of authentication function, while also preventing attacks on links and switches on the network.
The advantage is that each user on the network can have different encryption keywords, and the network itself does not need to add any special encryption equipment.
The disadvantage is that each system must have an encryption device and corresponding management encryption keyword software, or each system can complete the encryption work by itself. When the data transmission rate is calculated in units of megabits/second, the calculation amount of the encryption task is very large. big.
The difference between the link encryption method and the end-to-end encryption method is: the link encryption method takes protective measures for the transmission of the entire link, while the end-to-end method takes protective measures for the entire network system. The end-to-end encryption method is The main direction of future development. For important special confidential information, an encryption method that combines the two can be used.
(2) Describe the encryption process of the DES algorithm?
DES is a typical single-key cryptographic algorithm designed for binary coded data and works in a grouping manner. The basic principle is to group the plaintext of the binary sequence, and then use the key to replace and replace these plaintexts, and finally form the ciphertext. The DES algorithm is symmetric and can be used for both encryption and decryption. The key input sequence is exactly the same as the encryption and decryption steps, so it is easy to achieve standardization and generalization when making DES chips, which is very suitable for modern communications.
DES uses a 64-bit long key, including 8 check bits, and the key length is 56 bits, which can transform multiple 64-bit blocks of the original text into multiple encrypted 64-bit code blocks. The principle is to XOR the original text with the original text after a series of permutations and permutations. The encryption process is repeated 16 times, each time the key bit arrangement is different. Even in accordance with current standards, the encryption result using this method is quite secure. However, any security is relative.
(3) Briefly describe the method of deciphering the password and the measures to prevent it from being deciphered?
Code deciphering method
1. Exhaustive search of keys The
easiest way to decipher the ciphertext is to try all possible key combinations. If the cracker has the ability to identify the correct decryption result, although most key combination cracking attempts may fail, the cracker may eventually obtain the key and the original text. This process is called an exhaustive search of the key.
The exhaustive search of the key generally uses simple tools or mechanical devices. Like a combined password attack, the search efficiency is very low, or even to a small extent.
If the probability distribution of the key generation of the encryption system is not uniform, for example, some key combinations will not appear at all, while other combinations appear frequently, then the effective length of the key will be reduced a lot. Decipherers can greatly speed up the search by using this law. In addition, the use of multiple or more advanced computers for distributed searches is also very threatening.
2. Cryptanalysis
Cryptanalysis is the use of mathematical methods to decipher the ciphertext or find the secret key without knowing the key.
(1) Known plaintext deciphering method: A cryptanalyst can find the encrypted key through analysis of the correspondence between a plaintext and ciphertext. Therefore, outdated or commonly used encrypted plaintext, ciphertext, and keys are still in danger of being exploited.
(2) The method of deciphering the selected plaintext: The cryptanalyst can try to get the opponent to encrypt a selected plaintext and obtain the encrypted result. After analysis, the encryption key can also be determined.
3. Other methods of cryptanalysis
In addition to the exhaustive search for keys and cryptanalysis, in real life, opponents are more likely to attack the weaknesses of the human-machine system, rather than attack the encryption algorithm itself, to achieve its purpose. Other cryptanalysis method comprising:
● deceive the user password;
● when the user inputs the key, the application of various techniques, "peep" or "steal" the content key;
● using an encryption system to achieve defect or vulnerability;
● user The encryption system used is stealthily
changing ; ● Obtain unencrypted confidential information from other sources in the user’s work and living environment, such as performing "spam analysis";
● Let the other party of the password disclose the key or information;
● Threaten the user to hand over the key.
Measures to prevent password deciphering include:
(1) Strong encryption algorithm. Protect the password by increasing the complexity and time of decryption of the encryption algorithm.
(2) Only by exhaustive method can the key be obtained, which is a good encryption algorithm. As long as the key is long enough, it will be very safe.
(3) Dynamic session key. The key used in each session is different.
(4) Change the key of encrypted session regularly. Since these keys are used to encrypt the session key, the encryption session key must be changed regularly to avoid serious consequences caused by leakage.
(4) How to perform simple displacement encryption? It is known that the plaintext is "Guests have appeared and live on Renmin Road" and the key is 4168257390. After encryption, what is the ciphertext?
Simple variable encryption: first select a key represented by numbers, write it in one line, and then write the plaintext line by line under the numbers. Copy the original text column by column in the order indicated by the numbers in the key, which is the encrypted cipher text.
Key: 4 1 6 8 2 5 7 3 9 0
Plain text: The guest has appeared and lives on Renmin Road
0 1 2 3 4 5 6 7 8 9
Cipher text: Lu Bin is now living in Renmin Road
(5) Known The plaintext is "One World One Dream", what is the ciphertext after it is encrypted with 5 columns of displacements?
O ne W o
rld O n
e D rea
m
, the cipher text is: OremnlDedrWOeona
(6) It is known that the plaintext is "One World One Dream", which is arranged in a matrix by row, and replaced with f= 
. After the matrix transformation encryption method is used, what is the ciphertext?
Matrix variant password is to arrange the letters in the plaintext in a matrix in a given order, and then select the letters of the matrix in another order to generate the ciphertext.
Arrange the plaintext in a matrix according to the order of permuting the first row in f :
O ne W
orld
O ne D
ream
Re-arrange the rows in the above matrix according to the order of permuting the second row in f 2413:
n WO e
rdol
n DO The cipher text of e
emra
is: nWOerdolnDOeemra
(7) How to perform replacement encryption? Suppose that the natural order of letters a, b, c,..., x, y, z remains unchanged, but makes it correspond to F, G, H,..., A, B, C, D, and E respectively. The key is 5 and capitalized. According to this method, if the plaintext is student, what is the corresponding ciphertext?
Replacement encryption refers to a substitution method that replaces a set of plaintext letters with a set of ciphertext letters to hide the plaintext while keeping the order of the plaintext letters unchanged. One of the oldest replacement ciphers is the Caesar cipher, also known as the cyclic shift cipher.
Keep the natural order of letters a, b, c,..., x, y, z unchanged, but make them correspond to F, G, H,..., A, B, C, D, and E respectively. At this time, the key It is 5 and capitalized.
If the plaintext is student, the corresponding ciphertext is XYZ I JSY.
(8) What is one-time encryption? The known plaintext is: 1101001101110001, and the password is: 0101111110100110. Try to write the process of using exclusive OR to encrypt and decrypt.
One-time encryption is also called one-time password book encryption. If you want to maintain the reliability of code encryption and the flexibility of replacing the encryptor, you can use a one-time password for encryption.
Each page of the password book contains some code tables. You can use the code on one page to encrypt some words, tear it off or burn it after use, and then use the code on the other page to encrypt other words until all the plaintext is Is encrypted. The only way to decipher the cipher text is to obtain a copy of the same code book.
Generally, a random bit string is first selected as the key. Then the plaintext is converted into a bit string, and finally the two bit strings are Xored bit by bit.
1) Encryption process:
XOR the plaintext and the password by bit:
Plaintext: 1 1 0 1 0 0 1 1 0 1 1 1 0 0 0 1
Password: 0 1 0 1 1 1 1 1 1 1 0 1 0 0 1 1 0
means the ciphertext: 1 0 0 0 1 1 0 0 1 1 0 1 0 1 1 1
2) Decryption process:
XOR the ciphertext and the password:
password: 0 1 0 1 1 1 1 1 1 0 1 0 0 1 1 0
Cipher text: 1 0 0 0 1 1 0 0 1 1 0 1 0 1 1 1 The
plain text: 1 1 0 1 0 0 1 1 0 1 1 1 0 0 0 1
(9) What are the wireless network encryption technologies? What are their advantages, disadvantages and scope of application?
1. Wired Equivalent Protocol WEP (Wired Equivalent Protocol) encryption technology
in theory, this method is better than the explicit strategy of using a shared private key alone, because it adds some data specific to the packet, which should make it more difficult for the other party Cracked.
There is a certain gap between the design of WEP and its design goals; WEP cannot provide protection for data in the wireless LAN; the
main reason is that the encryption mechanism adopted by WEP is not sound. The most flawed design is the initialization vector IV.
In addition, there are several security issues as follows:
● The RC4 algorithm itself has a small flaw, which can be used to crack the key.
● The WEP standard allows the IV to be reused (on average, it is repeated approximately every 5 hours). This feature will make it easier to attack WEP, because repeated use of IV allows the attacker to repeat the analysis with the same ciphertext.
● The WEP standard does not provide a method to automatically modify the key. Therefore, you can only manually reset the key for the access point AP and its workstation; therefore, in actual situations, no one will modify the key, which will expose the wireless LAN to passive attacks that collect traffic and crack the key. .
2. Encryption and protection of access protocol WPA encryption technology
Most home and small business users can use WPA-Personal security, which is purely based on an encryption key.
WPA has two basic methods that can be used, depending on the required security level. The encryption methods used in WPA are quite different, and more complex and difficult to crack.
WPA provides a stronger encryption function than WEP and solves many weaknesses of WEP.
(1) TKIP (Temporary Key Integrity Protocol). TKIP is a basic technology that allows WPA to be backward compatible with WEP and existing wireless hardware. TKIP and WEP can be used together to form a longer key, a 128-bit key and a key that changes every time each data packet is clicked, making this encryption method more secure than WEP.
(2) EAP (Extensible Authentication Protocol). With the support of the EAP protocol, WPA encryption provides more functions for controlling wireless network access based on PKI (Public Key Infrastructure), rather than filtering based on MAC address alone. The filtering method is easy to be deceived.
3. Tunnel encryption technology
Use encryption technology to ensure the confidentiality of data message transmission. The encryption system provides a secure data transmission. If there is no correct decryption key, the content of the payload cannot be read. In this way, the data message received by the receiver is not only encrypted, but it does come from the sender. The length of the encrypted tunnel and the security encryption layer are the main attributes of the encryption system.
Data security gradually increases with the decrease of the encryption layer, so the third layer tunnel encryption is not as secure as the second layer tunnel encryption. For example, in the third-layer tunnel encryption, since the third-layer header is not encrypted, it is easy to implement IP address spoofing attacks, while it is difficult to implement such attacks in the second-layer tunnel encryption. Although the second-layer tunnel encryption reduces IP address spoofing attacks, since the MAC address is transmitted in plain text in the second-layer tunnel encryption, ARP spoofing attacks cannot be prevented. In addition to encryption technology, a comprehensive application of defense technologies such as integrity verification technology and authentication technology is also required.
(10) Why is the hybrid encryption system a better feasible method to ensure the security of information transmitted on the network?
In order to ensure the secure transmission of information over long distances over the network, a comprehensive application of symmetric, asymmetric and HASH encryption is generally adopted. Some applications such as IIS, PGP, SSL, S-MIME use a symmetric key to encrypt the original information, then use an asymmetric key to encrypt the used symmetric key, and finally use a random code to mark the information to ensure that it is not tampered with . This can have the advantages of various encryption methods. Although asymmetric encryption is relatively slow, it can only encrypt the symmetric key without encrypting the original information. The symmetric key is very fast and can be used to encrypt original information. At the same time, one-way encryption can effectively mark information.