Abstract: This article introduces 7 security protocols. They are IPSec at the network layer . This is a security protocol suite. The main function is authentication and encryption. In order to realize authentication and encryption, key management and exchange functions are required, which are implemented by three components, AH, ESP, and IKE; SSL/TLS is located between the transport layer and the application layer . It can be subdivided into two sub-layers, namely the SSL recording protocol layer and the SSL handshake protocol layer, which respectively encapsulate, compress and encrypt complete information, as well as the identity authentication of the communicating parties, and key management. The function of SSL can cooperate with the http protocol of the application layer to form https, and it can also ensure the security of the mail protocol. Then I talked about the kerberos protocol at the application layer , which is an identity authentication protocol. Finally , the MIME and PGP protocols used on SMTP. In addition to the functions of encryption and decryption, MIME can also make the SMTP protocol that can only transmit ASCII codes more colorful. PGP is the abbreviation of pretty good privacy, which is a security guarantee. The application program, finally talked about the SET protocol , which is a security protocol specifically for credit card electronic payment, ensuring consistency and security issues among banks, merchants and customers. Finally, add zero-knowledge protocol and Diffle-Hellman key exchange protocol.
table of Contents
8.Diffle-Hellman secret key exchange protocol
In view of the many security flaws in TCP/IP , encryption technology, authentication technology, etc. must be used to implement the necessary security protocols. Security protocols can be placed in each layer of the TCP/IP protocol stack (see the figure below). For example, IPSec is located at the IP layer, and the SSL protocol is located between the TCP and the application layer. In the application layer, there are a series of security protocols for different applications. Such as: PGP , SET, etc.
1.IPSec
IPSec is a set of protocols used to solve network layer security problems. It provides two security mechanisms: authentication and encryption
Authentication : to ensure that the data receiver of the communication can determine the true identity of the data sender and determine whether the data has been tampered with during transmission
Encryption : Encrypt data to prevent data from being eavesdropped during transmission
In order to realize authentication and encryption, the functions of key management and exchange are also required . Therefore, IPSec has three important components to realize these three functions, namely
- Authentication header AH (authentication header): authentication
- Encapsulated security payload ESP (encapsulating security payload): encryption
- Internet key exchange IKE (Internet key exchange): key management and exchange
- Advantages of IPSec:
- If IPsec is implemented on the router or firewall, the security of the internal network can also be guaranteed
- Transport is at the network layer, transparent to the terminal, and easy to expand.
- IPSec working mode
- Transmission mode: run on two end hosts to protect upper layer protocol messages
- Tunnel mode: run on the gateway or host to protect complete ip data packets
2.SSL/TLS
- The relationship between SSL/TLS:
- SSL is located between the transport layer and the application layer. It uses a lot of security methods, such as asymmetric encryption, digital certificates, etc. The main task is to ensure privacy, integrity and identity authentication. TLS is equivalent to an extended version of SSL.
- The relationship between SSL and application layer protocols:
- HTTP over SSL: This is the https that we are familiar with
- Email over SSL:比如SMTP POP3
- SSL protocol structure
- SSL has two protocol layers
- SSL recording protocol layer: the main function is to encapsulate, compress, encrypt data, etc.
- SSL handshake protocol layer: the main function is to carry out identity authentication of the communicating parties, key negotiation, etc.
3.kerberos
Kerberos is an identity authentication protocol for access by ticket. If you compare the passenger to the client and the train to the server, then the authentication process will involve two tickets.
The first step: the user buys a train ticket and goes to the window to verify
Step 2: The window verifies whether the identity information of the purchased ticket is consistent with the identity information of the person. If the verification is passed, another ticket will be given to you
The third step: the user takes the second ticket and walks to the gate of the train, and checks whether the seat information of the train is consistent with the security inspector
Step 4: Pass the verification and get on the train successfully
4.S/MIME
Since the mail protocol SMTP only supports the transmission of ASCLL codes, the introduction of MIME can make the content of mail transmission rich and colorful. In addition to the first time, it can also provide authentication, encryption and other functions for mail services.
5.PGP
The abbreviation for pretty good privacy, is a computer program that provides encryption and authentication. PGP is often used to sign, encrypt, and decrypt emails to increase the security of email communications.
6.SET
In order to achieve a more complete instant electronic payment, the SET protocol came into being. The SET protocol is designed based on the credit card payment mode, which guarantees the safety of online shopping using credit cards on open networks . SET is mainly designed to solve credit card transactions between users, merchants, and banks . It has various advantages such as ensuring the integrity of transaction data and the non-repudiation of transactions. Therefore, it has become a recognized international credit card online transaction. standard.
7. Zero knowledge protocol
Occasion: A tells B that he knows a certain secret, but A does not want to reveal the secret. There is a cave with a secret door between its left and right passages, which can only be opened by those who know the spell. A knows the spell, he wants to prove it to B , but A doesn’t want B to know the spell
Step 1: B stands outside the cave
Step 2: A walks into the cave to reach the left location (right location)
Step 3: B walks into the cave and orders A to come out from the left passage (right passage)
The fourth step: A successfully completes the task (sometimes a spell is required)
8.Diffle-Hellman secret key exchange protocol
In a symmetric encryption system, both parties have to negotiate a secret key. Diffle-Hellman is used for key negotiation, which is based on the difficulty of discrete logarithms, but it may suffer from a man-in-the-middle attack.
