1. Safety technical goals
Confidentiality and Integrity (integrity) and Availability (availability) and known as the CIA three-factor
security technology objectives of information security include confidentiality (confidentiality), integrity (Integrity), availability (Availability), reliability (reliability) ), non-repudiationn is abbreviated as: confidentiality, integrity and availability, reliable and non-repudiation
Two, five types of security services
The five types of security services include authentication (authentication) services, access control services, data confidentiality services, data integrity services and anti-repudiation services.
Authentication (authentication) service: In the process of network interaction, the identities and data sources of the sender and receiver are verified.
Access control service: Prevent unauthorized users from illegally accessing resources, including user identity authentication and user permission confirmation.
Data confidentiality service: Prevent data from being cracked and leaked during transmission.
Data Integrity Services: Prevent data from being tampered with during transmission.
Non-repudiation service: Also known as non-repudiation service or confirmation service. Prevent both sender and receiver from denying their actions after performing their actions.
Three and eight types of security mechanisms
Eight types of security mechanisms include encryption mechanism, digital signature mechanism, access control mechanism, data integrity mechanism, authentication mechanism, business flow filling mechanism, routing control mechanism and notarization mechanism.
1) Encryption mechanism: The encryption mechanism corresponds to the data confidentiality service. Encryption is the easiest way to improve data security. By encrypting the data, the confidentiality of the data is effectively improved, and the data can be prevented from being stolen during the transmission process. Commonly used encryption algorithms are symmetric encryption algorithm (such as DES algorithm) and asymmetric encryption algorithm (such as RSA algorithm).
2) Digital signature mechanism: The digital signature mechanism corresponds to the authentication (identification) service. Digital signature is an effective identification method. Using digital signature technology can implement user identity authentication and message authentication. It has the ability to resolve disputes between senders and receivers, and is the core technology of authentication (identification) services. On the basis of the digital signature technology, in order to identify the validity of the software, the code signature technology is produced. Commonly used signature algorithms include RSA algorithm and DSA algorithm.
3) Access control mechanism: The access control mechanism corresponds to the access control service. The data accessed by users is restricted by pre-set rules. Usually, the first is to verify the user's user name and password, and the second is to verify the user's role, user group and other rules, and finally the user can access the corresponding restricted resources. Common applications often use user role-based access control methods, such as RBAC (Role Basic Access Control, user role-based access control).
4) Data integrity mechanism: The data integrity mechanism corresponds to the data integrity service. The function of data integrity is to prevent data from being disturbed during transmission, and to prevent data from being tampered with during transmission, so as to improve the integrity of data transmission. Usually, a one-way encryption algorithm can be used to encrypt data to generate a unique verification code to verify data integrity. Commonly used encryption algorithms include MD5 algorithm and SHA algorithm.
5) Authentication mechanism: The authentication mechanism corresponds to the authentication (identification) service. The purpose of authentication is to verify whether the data received by the receiver is from the expected sender, usually digital signatures can be used for authentication. Commonly used algorithms include RSA algorithm and DSA algorithm.
6) Service stream filling mechanism: also known as transport stream filling mechanism. The service flow filling mechanism corresponds to the data confidentiality service. The business flow filling mechanism confuses the real data, increases the difficulty of data cracking, and improves the confidentiality of data by transmitting random numbers during data transmission.
7) Routing control mechanism: The routing control mechanism corresponds to the access control service. The routing control mechanism selects a secure network communication path for the data sender to prevent the sender from using an unsafe path to send data and improve data security.
8) Notarization Mechanism: The impartial mechanism serves to resist denial. The role of the notarization mechanism is to resolve disputes between the sender and receiver and ensure that the interests of both parties are not damaged. Similar to real life, when both parties sign the contract, the third copy of the contract needs to be notarized by a third-party notary agency.
The security mechanism has made a detailed supplement to the security service. Selecting the corresponding security mechanism for various services can effectively improve the application security. With the continuous development of technology, the technology related to various security mechanisms has been continuously improved, especially after the combination of encryption theory, the application security has been significantly improved
