Beihang Cyberspace Security Review Materials

Chapter 1 Introduction

1. Master the four goals of information security?

(CIA+ legal use)

• confidentiality
• integrity
• availability
• legal use

2. What are the common threats in information systems?

(CIA+ illegal use)

• information leakage
• integrity breach
• denial of service
• illegal use

3. What is a security policy? How many levels are security policies divided into?

A set of rules imposed on all security-related activities within a security domain . Divided into 3 levels:

• security policy target
• Institutional Security Policy
• System security policy.

4. What is an access control policy? Which two categories does it fall into? What is the difference?

Access control policies are system-level security policies that force computer systems and networks to automatically enforce authorization .
Divided into two categories:

• Mandatory access policy: The operating system kernel enforces authorization rules, checks the security attributes of the subject, and decides whether it can be accessed
• Autonomous access strategy: The owner of the object manages his own object, and the owner decides whether to grant his object access right or part of the access right to other subjects.

5. How many types of security attacks are there? What are the common forms of attack?

• passive aggressive
  • eavesdropping attack
  • Traffic Analysis
• active attack
  • masquerade attack
  • replay attack
  • message tampering
  • denial of service

6. Memorize the 5 types of security services and 8 specific security mechanisms in the X.800 standard, and briefly describe the relationship between security services and security mechanisms.

• Security service (CI + authentication + access control (legal use) + non-repudiation (availability))
  • certified
  • Access control
  • data confidentiality
  • data integrity
  • non-repudiation
• Security Mechanism
  • encryption
  • digital signature
  • Access control
  • data integrity
  • authentication exchange
  • traffic filling
  • routing control
  • notarization
• Relationship between security services and security mechanisms
  Security services implement security policies through security mechanisms
  

7. Able to understand and draw network security model and network access model.

Network Security Model

Network Access Model

Chapter 2 Basics of Computer Networks

1. Familiarize yourself with the seven-layer reference model of OSI and the four-layer model of TCP/IP.

OSI seven-layer reference model: physical layer, data link layer, network layer, transport layer, session layer, presentation layer, application layer.
TCP/IP four-layer model: Internet interface layer, network layer, transport layer, application layer.

2. What is a connection-oriented service? What is a connectionless service?

Connection-oriented services require both parties to establish a connection before transmitting data . The data transmission process includes three stages : connection establishment , data transmission , and connection release . The connectionless service does not require the communication parties to establish a connection before transmitting data, and it is a " best effort delivery (delivery) " service, which tries its best to transmit data to reach the target.

3. Must know the format and length of IPv4 and IPv6 addresses.

• IPv4 format = <network identifier net-id> <host identifier host-id>
  IPv4 length: 32bit
• IPv6 format = <site prefix> <subnet ID><interface ID>
  IPv6 length: 128bit

4. The length of the MAC address must be known.

48 bits

5. Which network protocol does IP address and MAC address conversion rely on?

ARP protocol

6. What are the types of IPv4 address classification? Given an IP address, it is necessary to be able to analyze and determine which type of address the address belongs to.

Note that the class A address does not include the 127 range address of the machine.

7. Given an IPv4 address and subnet mask, it is required to be able to calculate the network address.

IPv4 format = <network ID net-id> <host ID host-id>

8. Familiar with the representation of CIDR, such as: what is the address block range and subnet mask represented by 128.14.32.0/20?

Subnet mask: 255.255.240.0
address block range 128.14.32.1 - 128.14.47.254

9. What is a port number? What role do port numbers play in network communication?

The port number is used to identify the application process according to the function of the application process . (The length of the port number is 16bit.) In the communication process, the port number and IP address are bound and used, and the formed identifier is called a socket, which uniquely corresponds to a certain process of a certain host in the network .

Chapter 3 Security of Internet Protocols

1. Memorize the functions of common communication protocols such as http/ftp/telnet/pop3/smtp/imap/ssh/dns.

• Http (TCP80): Hypertext Transfer Protocol is used to transmit Web data
• FTP (TCP20/21): File transfer protocol is the basis of Internet file transfer
• Telnet (TCP23): Remote login protocol provides remote login service
• Pop3(TCP110): Receive mail
• SMTP(TCP25): send mail
• SSH (TCP22): A protocol that provides security for remote login sessions and other network services
• DNS(UDP53): Distributed database system, used to realize the mapping between domain name and IP
• DHCP (UDP 67/68): Dynamic Host Configuration Protocol, which is used to assign IP addresses and provide other information for starting computers
• IMAP (TCP143): mail acquisition protocol, supports offline reading, supports user authentication and remote encrypted access to the server

2. Memorize the port numbers of some commonly used network protocols.

3. What are the Internet layer protocols? What are the transport layer protocols? What are the application layer protocols?

• Internet layer:

  • IP
    Internet Protocol (Internet Protocol, IP) is the core of the TCP/IP protocol family and the most important protocol of the Internet layer. The first part of the header is a fixed length of 20 bytes, which is a must for datagrams

  • ARP
    Address Resolution Protocol (Address Resolution Protocol, ARP) is a TCP/IP protocol that obtains a physical address based on an IP address.

  • ICMP
    Control Message Protocol (Internet Control Message Protocol, ICMP) is an important error handling and information processing protocol.

  • IGMP
    Group Management Protocol (Internet Group Management Protocol, IGMP) is a protocol in the TCP/IP protocol suite responsible for IP multicast member management.

  • OSPF
    Open Shortest Path First (Open Shortest Path First, OSPF) is an interior gateway protocol for routing decisions within a single autonomous system.

  • The BGP
    Border Gateway Protocol (Border Gateway Protocol, BGP) transforms a single-management network into a network that is distributed and interconnected by multiple autonomous systems.

• transport layer:

  • TCP
    Transmission Control Protocol (Transmission Control Protocol, TCP) is a connection-oriented, reliable transport layer communication protocol.

  • UDP
    User Datagram Protocol (UDP) is a connectionless transport layer protocol that provides transaction-oriented simple and unreliable information transmission services.

• Application layer:

  • HTTP
    TCP80
    Hypertext Transfer Protocol (Hyper Text Transfer Protocol, HTTP) is a standard for client and server requests and responses, and is the most widely used network protocol on the Internet.

  • TELNET
    TCP23
    remote login protocol (Teletype Network, TELNET) is a member of the TCP/IP protocol family, and is the standard protocol and main method of Internet remote login service.

  • SSH
    TCP22
    Secure Shell Protocol (Secure Shell, SSH) is a protocol for establishing secure remote login or other secure network services on an insecure network.

  • DNS
    UDP53
    Domain Name System (Domain Name System, DNS) is a distributed database system used to realize the mapping between domain names and IP addresses.

  • SMTP
    TCP25
    Simple Mail Transfer Protocol (Simple Mail Transfer Protocol, SMTP) is a set of rules used to transmit mail from source address to destination address, and it controls the transfer mode of letters.

  • POP3
    TCP110
    Post Office Protocol (Post Office Protocol, POP) is a mail protocol, and its third version is called POP3.

  • IMAP4
    TCP 143,993
    Message Access Protocol (Internet Message Access Protocol, IMAP) is a mail access protocol, the fourth version is IMAP4.

  • FTP
    TCP20/21
    File Transfer Protocol (File Transfer Protocol, FTP) is the basis of Internet file transfer and one of the important protocols of the TCP/IP protocol family.

  • TFIP
    UDP69
    Trivial File Transfer Protocol (TFTP) is a protocol used for simple file transfer between a client and a server.

  • NFS
    UDP2049
    Network File System (Network File System, NFS) is a file sharing protocol based on TCP/IP network.

  • SNMP
    UDP161/162
    Simple Network Management Protocol (Simple Network Management Protocol, SNMP) is a protocol for supporting network management systems.

  • DHCP
    UDP67/68
    Dynamic Host Configuration Protocol (Dynamic Host Configuration Protocol, DHCP) is used to assign IP addresses and provide other information for starting computers.

  • H.323
    H.323 is a standard (NetMeeting) for VoIP (Voice over IP) to provide real-time audio, video and data communication on a packet network.

  • The SIP
    Session Initiation Protocol (Session Initiation Protocol, SIP) is a text-encoding-based multimedia communication protocol (such as VoLTE) formulated by the IETF.

  • NTP
    UDP123
    Network Time Protocol (Network Time Protocol, NTP) can perform time synchronization between distributed time servers and clients.

  • FINGER
    UDP79
    Finger protocol can help users query the details of a certain user in the system, such as their full name, address, phone number, login details, etc.

  • Whois
    TCP43
    Whois protocol is a transmission protocol used to query domain name IP and owner information.

  • LDAP
    TCP389
    Lightweight Directory Access Protocol (Lightweight Directory Access Protocol, LDAP) is an X.500-based directory access protocol that manages resources in the form of directories.

  • NNTP
    TCP119
    Network messages are usually transmitted through the network message transfer protocol NNTP. The Network News Transfer Protocol (NNTP) session adopted is similar to SMTP. The received and sent message entries are processed by the gateway and are a device for reading and Internet Application Protocol for posting news articles to Usenet. Forward. This protocol is only used to read news.

  • PGP
    The PGP (Pretty Good Privacy) protocol is a commonly used secure email standard. PGP includes five services: authentication, privacy, compression, e-mail compatibility, and segmentation.

  • RIP
    UDP520
    Dynamic Routing Protocol (Routing Information Protocol, RIP) is a dynamic internal routing/gateway protocol, used for the transfer of routing information within the autonomous system.

  • MIME
    Multipurpose Internet E-mail Extensions (Multipurpose Internet E-mail Extention, MIME) is a widely used e-mail technical specification

4. Why Network Address Translation (NAT)

There is a shortage of IP addresses in Asian countries , and NAT can solve the problem of address shortage. Advantages of NAT: Hide the topology of the internal network and improve network security.

5. What is the function of the ARP protocol?

Obtain the physical address based on the IP address and determine the mapping relationship between the two .
Ethernet sends packets with 48-bit Ethernet addresses; the IP driver must convert the 32-bit IP destination address into a 48-bit address; there is a static or algorithmic mapping between the two types of addresses; ARP is used to determine the mapping between the two relation.

6. Why is UDP more vulnerable to attacks than TCP?

UDP does not exchange handshake information and sequence numbers. It is a connectionless transport layer protocol and is unreliable.

7. Compared with POP3 protocol, what are the security improvements of IMAP?

In POP3 , the password is transmitted in plain text, and the IMAP protocol uses SSL/TLS to encrypt the transmitted data .

8. Compared with the Telnet protocol, what are the security improvements of SSH?

Telnet logs in through the user's account name and plaintext password, which may cause secret information leakage and Telnet session hijacking; SSH supports multiple identity authentication and data encryption , encrypts all transmitted data, and adopts **"challenge/response" "Mechanism replaces the traditional host name and password authentication, which can effectively prevent man-in-the-middle attacks**.

9. What is ICMP redirection attack? How to prevent such attacks?

Attack: The attacker can use ICMP to redirect messages, so that the target machine can modify the routing table according to the attacker's information , and suffer from connection hijacking and denial of service attacks.
Prevention: The redirection message should only be executed by the host or router that generated the message. The network administrator should not use ICMP to create a new route to the destination, and should disable the ICMP protocol or configure the security policy of the firewall to prevent attacks.

10. In the network, why can't a data packet come from the host with that IP address just by identifying the IP address of the data packet?

The IP layer cannot guarantee that the IP datagram must be sent from the source address . An attacker can masquerade as another network host and send data packets containing a forged source address to deceive the recipient. This attack is called an IP spoofing attack.

Chapter 4 Single Key Cryptosystem

1. According to the different processing methods for plaintext messages, what two types of single-key systems can be divided into?

block cipher, stream cipher.

2. What are the two commonly used transformations in classical ciphers?

Substitution, replacement.

3. What is theoretical security? What is Computationally Secure? How many theoretically secure cryptographic algorithms are there? What is a theoretically secure password?

Theoretically safe: Assume that the attacker has unlimited computing resources, but still cannot gain any advantage.
Computationally safe: Assume that the attacker has finite computing power running in polynomial time , and the advantage the attacker can gain is negligible .
There is one theoretically safe cryptographic algorithm, which is one-time pad (One-time pad).

4. What are synchronous stream ciphers and self-synchronizing stream ciphers? What does the security of a stream cipher depend on?

If the internal state of the keystream generator has nothing to do with the plaintext message at a certain moment , the keystream will be independent of the plaintext, and this type of stream cipher is called a synchronous stream cipher.
The key stream is related to the plaintext , and this type of stream cipher is called a self-synchronizing stream cipher.
The security of a stream cipher depends entirely on the strength of the pseudorandom numbers .

5. What are the block length, key length, and number of rounds of DES? What transformations are included in 1 round of encryption? What is the nonlinear transformation of DES?

6. What are the AES block length, key length, and round number? What transformations are included in 1 round of encryption? What is the nonlinear transformation of AES?

cryptographic algorithm	packet length	key length	Number of rounds	1 round of encryption including transformation	nonlinear transformation
OF THE	64bit	56bit	16	E box replacement + round key plus + S box replacement + P box replacement + left and right packet exchange	8 S box replacements
AES	128bit	128/192/256bit	10/12/14	Byte substitution + row shift + column obfuscation + round key addition	Byte substitution, column obfuscation

DES Algorithm

AES Algorithm

7. Is the more encryption rounds the better? Are longer keys better? Is it necessarily more secure to encrypt data by connecting two algorithms in series?

The number of encryption rounds is not as many as possible, the key is not as long as possible, and concatenation is not necessarily more secure.

8. What are the 5 working modes of a block cipher? Can draw the functional block diagram of 5 working modes.

Electronic codebook mode ECB:

ciphertext block chaining mode CBC:
cipher feedback mode CFB:


output feedback mode OFB:


counter mode CTR:

9. Among the five encryption modes, which ones have no error extension? Which have error extension? If there is error extension, how many packets will be affected?

No error code extension: CTR, OFB
with error code extension:
ECB affects 1 packet, ie the current packet.
CBC affects 2 packets, the current packet and the next packet (1 bit).
CFB affects 2 packets, the current packet (1 bit) and the next packet.
Considering the shift register affects at most $\lceil \frac{n}{s}\rceil$ (possibly removed earlier, with less impact on grouping).

10. Understand the Chinese commercial block cipher algorithm SM4, know its block length, key length and encryption round number.

128bit，128bit，32。

Chapter 5 Dual-Key Cryptosystem

1. The dual-key encryption system is constructed based on mathematical problems. Please list the existing mathematical problems. Whose public key is used when encrypting with a dual-key system? Whose public key is used for decryption?

Polynomial root finding, large integer decomposition, discrete logarithm, knapsack problem, DH problem, quadratic residue problem, square root problem modulo n.
The decryptor's public key is used for encryption, and the decryptor's private key is used for decryption.

2. What kind of mathematical puzzle is RSA based on? What kind of mathematical puzzle is Diffie-Hellman based on?

RSA is constructed based on the difficulty of factoring large integers modulo n.
Diffie-Hellman is constructed based on the Diffie-Hellman problem.

3. Please write out the mathematical expressions of RSA encryption and decryption, and point out what is a public key and what is a private key? And can do simple encryption and decryption calculations

RSA encryption and decryption mathematical expression:

• $c=m^e(\mathrm{mod}n)$
• $m=c^d\left(modn\right)$
  public key:$e$
  private key:$d$

4. What are the principles and limitations of RSA in the selection of various parameters? Why?

• $n$ modulus is large enough (greater than 1024bit),$p,q$ is a large prime number. Because the security of RSA depends on modulonnDifficulty of$n\; decomposition.$
• $p-1$，$q-1$ has a large prime factor,$p+1$、$q+1$ also has a large prime factor. because$p$ and$q$ is a strong prime number.
• $p$ and$The\; difference\; between\; q$ is larger. Because when the difference is small,$p$ and$The\; value\; of\; q$ .
• $e$满足$1\le e<\varphi \left(n\right)$ ,$gcd\left(\varphi \right(n),e)=1$ . Because the inversion condition needs to be satisfied.
• $e$ cannot be too small. Because the plaintext hour may not be modulo, you can open$The\; e$ -th power obtains the plaintext, and is vulnerable to low encryption index attacks.
• $d$ must be greater than$n^{1/4}$ . because$If\; d$ is too small, it will lead to known plaintext attacks and$The\; value\; of\; d$ will also face the system attack method.

5. What kind of mathematical problem is based on writing the ELGamal cryptosystem? Please write his encryption expression and decryption expression?

Discrete logarithm problem.

6. What kind of mathematical problem is the ECC public key cryptosystem based on? Please write his encryption expression and decryption expression?

Discrete logarithm problem on elliptic curves.

7. Write an ECC-based Diffie-Hellman key exchange protocol.

8. What is the difference in encryption and decryption speed between RSA and ECC public key cryptography algorithms? Check out the literature comparing encryption and decryption speeds for hardware and software implementations.

When meeting the same security requirements, ECC has a shorter key length, although the calculation is more complicated, but the encryption speed is faster.

9. What are the common attacks on public key cryptography? What are their characteristics?

• Chosen Plaintext Attack (CPA). The attacker selects the plaintext message and obtains the decryption service to generate the corresponding plaintext. The attacker reduces the security of the target cryptosystem through the obtained plaintext pair.
• Chosen Ciphertext Attack (CCA). The attacker selects the ciphertext message and obtains the decryption service to generate the corresponding plaintext. The attacker uses the obtained plain-ciphertext pair to reduce the security of the target cryptosystem. After the decryption service is stopped, that is, after the target ciphertext is obtained, the decryption service is stopped immediately. If the attacker can obtain the information of the secret plaintext from the "target ciphertext", the attack is said to be successful.
• Adaptive Chosen Plaintext Attack (CCA2). This is a kind of CCA, and in addition to decrypting the "target ciphertext", the decryption service can always be obtained.

10. Understand China's commercial public key cryptography algorithm SM2.

SM2 features

• A Group of Public Key Cryptography Algorithms Based on Elliptic Curves
• Contains encryption and decryption algorithms, digital signature algorithms and key exchange protocols
• Error detection measures have been taken to improve the data integrity and reliability of the system.
  It is recommended to use the elliptic curve on the 256-bit
  prime number field. It involves 3 types of auxiliary functions: hash function, key derivation function, and random number generator

Chapter 6 Message Authentication and Hash Functions

1. Please explain the difference between Hash function and encryption function?

Hash functions are irreversible, while encryption functions are reversible.

2. What are the properties of a hash function?

• one-way.
• Arbitrary-length input produces fixed-length output.
• anti-image attack
• anti-collision attack

3. What is message authentication code MAC? How to construct it?

MAC is an algorithm that has a key involved in a hash operation, also known as a cryptographic checksum.
Construction method: $MAC=H(m||k)$。

4. How to successfully attack the MAC algorithm without knowing the key? (167 pages)

• Exhaustive
• structure
• collision
• differential analysis
• Cryptanalysis

5. How to use Hash function and block encryption algorithm to construct MAC?

Hash function construction method: $MAC=H(m||k)$ .
Block encryption algorithm construction method: for message$m$ to group and pad to$l$ groups, let$C_0=IV$ is a random initial vector, and the sender uses CBC encryption:$C\; i\; \leftarrow \; E\; k\; (\; mi\; \oplus \; C\; i\; -$$C_i\leftarrow E_k(m_i\oplus C_{i-1})$ , value pairs$(IV,C_l)$ as$M$ 's MAC.

6. What is a Message Detection Code (or Message Digest) MDC? Briefly describe the similarities and differences between MDC and MAC.

MDC is a one-way hash function without key control. Its hash value is only a function of the input string, and anyone can calculate it.
Difference: MDC does not have identity authentication function, MAC has identity authentication function
Similarity: Both MDC and MAC can detect the integrity of received data

7. Familiar with the construction method of iterative hash function.

8. How many digits are the plaintext input packet length, word length, and output length of MD5?

9. How many digits are the plaintext input packet length, word length, and output length of SHA-1?

10. Master the basic methods of applying hash functions, and be familiar with the security functions provided by Figure 6-1, Figure 6-2, Figure 6-5, and Figure 6-6.

Provides both confidentiality and message authentication:

Provides only message authentication:

provides both message authentication and digital signature

Provides both confidentiality, message authentication and digital signature

Provides only message

authentication Provides both confidentiality and message authentication:

11. Familiar with the construction of Chinese commercial hash function SM3.

See Figures 8 and 9.
Construct Merkle-Damgard.

Chapter 7 Digital Signatures

1. What properties should a digital signature have?

• The recipient can confirm or verify the issued signature, but cannot forge it (R1)
• After the sender sends a signed message to the receiver, it can no longer deny the message(s) he signed
• The recipient cannot deny that the signed message has been received, that is, there is receipt certification (R2)
• A third party can confirm the delivery of messages between sender and sender, but cannot fake the process (T)

2. What are the types of digital signatures?

Deterministic digital signature, randomized digital signature.

3. What kind of mathematical puzzle is RSA signature based on?

Big integer factorization puzzle.

4. What kind of mathematical puzzle is ElGamal signature based on? Please write down the signature equation of ElGamal.

Based on the discrete logarithm-hard problem.

5. How are Schnorr signatures different from ElGamal signatures? Please compare the similarities and differences between the two.

The same point: they are all based on discrete logarithm puzzles, and they are all randomized digital signatures.

6. Please write down the signature equation of DSS, and compare its similarities and differences with ElGamal and Schnorr.

Differences: Similarities
: Both are constructed based on the discrete logarithm puzzle, and both are randomized digital signatures.

7. In the above three signature schemes, the user must choose a random number k every time he signs. If the random number k is replaced by a constant, what security issues will arise? Please analyze it.

The private key can be decrypted by 2 signatures using the same random number.

8. Can Diffie-Hellman be used for digital signature?

cannot.

9. Can the single key system be used for digital signature?

cannot.

10. Try to compare the difference between digital signature and public key encryption algorithm in the use of key.

11. Please list the digital signature systems with special functions? What are they for?

• Non-repudiable signature: This type of signature requires the cooperation of the signer to verify the signature. Such signatures are unverifiable without the cooperation of the signer, preventing malicious attackers from freely copying and distributing documents signed by the signer. This property can be used for the protection of intellectual property rights, etc.
• Anti-failure signature: It is a digital signature with strong security, which can prevent attackers with sufficient computing resources. In the case of analyzing the private key, it is also difficult for the attacker to forge Alice's signature. It is also difficult for the signer to deny his signature.
• Blind signature: The signer digitally signs a file, but the owner of the file does not want the signer to know the content of the file. Can be used for election voting, digital currency protocol, e-commerce system.
• Group signature: Only members of the group can sign digitally on behalf of the group. The recipient verifies the group signature with the public key, but has no way of knowing which member of the group signed it. In the event of a dispute, the signer of the group signature is identified by a member of the group or by a trusted authority. Can be used for project bidding.
• Proxy signature: Proxy signature is the signature authorized by the client to an agent. When entrusting the signature, the
  signature key is not given to the agent.
• Appointed Certifier Signature: In an institution, a designated person is responsible for certifying the signatures of all persons. The signature of any member is non-repudiable, but the verification work is done by the designated person.
• One-time digital signature: The signer can only sign one message at most, otherwise the signature may be forged.

12. Understand the Chinese commercial digital signature algorithm SM2.

Discrete Logarithm Problems Based on Elliptic Curves

Chapter 8 Cryptographic Protocols

1. What are the three main features (implications) that make up an agreement?

• orderliness
• at least two participants
• A certain task must be able to be completed by executing the protocol
  Note: The three elements of a network protocol: syntax, semantics, and synchronization.

2. What is an Arbitration Agreement? What is an award agreement? What is a self-executing agreement?

• Arbitration agreement: There is an impartial and trusted third party as an arbitrator to help two distrustful entities complete the agreement.
• Arbitration agreement: The trusted third party does not directly participate in the agreement, and only when a dispute occurs, the adjudicator will execute the agreement.
• Self-executing protocol: The protocol itself guarantees fairness. If one party in the protocol tries to cheat, the other party can immediately detect the occurrence of cheating and stop executing the protocol.

3. If classified according to the functions of cryptographic protocols, what types of cryptographic protocols can be divided into?

• key establishment protocol
• Authentication Establishment Protocol
• Authenticated Key Establishment Protocol

4. What is a man-in-the-middle attack? How to conduct a man-in-the-middle attack on the Diffie-Hellman protocol? Please use drawing to analyze the detailed process of man-in-the-middle attack on Diffie-Hellman protocol.

The attacker intercepts normal network communication data, and selectively tampers and forwards the data, but the communication is double-issued without knowing it.
Not only is Mallory able to eavesdrop on the messages exchanged between A and B, but he is also able to modify messages, delete messages, and even generate entirely new ones. When B talks to A, M can impersonate B, and when A talks to B, M can pretend to be A.

5. What is the essential reason why the DH protocol cannot resist man-in-the-middle attacks? How to transform the DH protocol to resist man-in-the-middle attacks?

The essential reason why DH is not resistant to man-in-the-middle attacks: the communication parties have not performed entity authentication .
Transform DH: Request a certificate from the CA with the public key, and send the certificate to the other party.

6. Can Diffie-Hellman be used for digital signature?

cannot.

7. Master the idea of ​​security protocol design of Big Mouth Frog protocol, Yahalom, Kerberos protocol.

Big Mouth Frog Protocol: Both A and B share a key with T, and only need to send two messages to send a session key to B.

Yahalom: B first contacts T, and T only sends a message to A.

Kerberos: Both A and B share a key with T, using time stamps. The session key is generated by A.

8. Please draw a picture to analyze why the SKID protocol on page 218 cannot resist man-in-the-middle attacks? How to transform this protocol to effectively resist man-in-the-middle attacks?

(I didn't understand the meaning of this question at the beginning. In fact, the purpose of the protocol is to authenticate after the key negotiation. Assuming that the attack has been successful, I hope this protocol can be found to be attacked. Of course, it is not possible in the question.) Assume that the middleman has been
implemented Attack, by encrypting and decrypting with the keys of A and B, the message can be forged, and A and B are still unaware.
(If the two parties meet the "involving some kind of secret" in the textbook, such as a shared key or clock, the secret can be introduced, but it is not included in the message, then the attacker cannot reconstruct the message because of the lack of secret information)

Solution: digital signature, digital certificate.

9. What are the methods of attacking cryptographic protocols?

• known plaintext attack
• chosen ciphertext attack
• Seer session attack
• parallel session attack

10. What are the common methods for security analysis of cryptographic protocols?

• attack detection method
• formal language logic proof
• Provable Safety Analysis

Chapter 9 Digital Certificates and Public Key Infrastructure

1. What is PKI? What parts does PKI consist of? What is the role of each component?

PKI is a standard-compliant infrastructure for providing security services established using public key theory and technology.

PKI consists of certificate authority, registration authority, certificate issuing library, key backup and recovery, certificate revocation, and PKI application interface.

• A certificate authority (CA) is responsible for issuing and managing digital certificates.

• The registration authority (RA) reviews the user's qualifications in accordance with specific policies and management specifications , and performs operations such as "whether to agree to issue a certificate to the applicant, revoke the certificate", and bear all consequences caused by review errors.

• The certificate issuance repository is a public information repository available online for open inquiry by the public.

• Key backup and recovery provides a key backup and recovery mechanism.

• Certificate revocation warns other users not to use the user's public key certificate.

• The PKI application interface enables users to conveniently use security services such as encryption and digital signature.

2. What is a digital certificate? What does a digital certificate contain?

A digital certificate is a combination of a user's identity and the public key it holds . Before the combination, a trusted authority, CA, verifies the user's identity, and then the authority performs a certificate that combines the user's identity and the corresponding public key. Digitally signed to attest to the validity of its certificate.

3. Familiarize yourself with the digital certificate format specified in the X.509 standard.

Version number, certificate serial number, signature algorithm identifier, signer, validity period (before/after), subject name, subject public key information, issuer unique identifier, subject unique identifier, extended information, CA signature.

4. In practice, who will issue the certificate? When issuing a certificate, whose key (private or public) is signing it? When verifying a certificate, whose key is used to verify it?

CA, CA's private key for signature, CA's public key for verification.

5. What is the function of digital certificate? What kind of problems in network security is it essentially solving?

The digital certificate binds the user's identity with the held public key, which can prove the relevant information of the network entity in a specific security application .
In order to solve the problem of public key credibility.

6. In practical applications, if a hierarchical CA architecture is adopted, how to implement digital certificate verification between two users located in different sub-CAs?

Obtain the certificate chain of the certificate to be verified, obtain the signature of the public key verification certificate of the upper-level certificate in turn, and reach the trusted root node CA.

7. What is a cross certificate?

Cross-certificate can allow root CAs of different PKI domains to perform cross-certification, thereby solving different trust problems of root CAs

8. How to realize the revocation of digital certificate? How to implement online query of digital certificates?

Maintain a certificate revocation list (CRL) or implement an online certificate status protocol to check the revocation status of a certificate.

The client sends an online certificate status query request (OCSP Request) to the OCSP responder to check whether the certificate is revoked

The OCSP responder queries the server's X.500 directory to see if a particular certificate is valid

Based on the status check structure looked up, the OCSP responder sends a digitally signed OCSP response to the client

9. What is a roaming certificate? Briefly describe its basic working principle.

Roaming certificates are provided through third-party software that allow users to access their own public-private key pair.

Fundamental:

(1) Store the digital certificate and private key in a secure central server;

(2) When the user needs a digital certificate, he can authenticate himself to the server;

(3) After successful authentication, the server sends the certificate and private key to the user;

(4) When the user finishes the work, the software automatically deletes the certificate and private key.

10. What are the components of a PKI/CA digital certificate system?

Issuing center, key management center, registration system, certificate issuing system, online certificate status query system.

Chapter 10 Network Encryption and Key Management

1. What is link encryption? What are the pros and cons?

advantage:

• Encryption is transparent to the user, and any information sent over the link is encrypted before being sent.
• Only one pair of keys is required per link.
• A signal flow security mechanism is provided.

Disadvantage: Data appears in plain text at intermediate nodes, and the cost of maintaining node security is high.

2. What is node encryption? What are the pros and cons?

advantage:

• Encryption and decryption of messages are carried out in the security module, which prevents the contents of messages from being leaked.
• Encryption is transparent to the user.

shortcoming:

• Certain information, such as headers and routing information, must be transmitted in clear text and may be subject to traffic analysis attacks.
• Since all nodes must have keys, key distribution and management becomes difficult.

3. What is end-to-end encryption? What are the pros and cons?

advantage:

• Encrypts the entire communication line between two terminals.
• Only two encryption machines are needed, one at the originating end and one at the receiving end.
• During the transmission process from the sender to the receiver, the message always exists in ciphertext.
• More secure and reliable than link and node encryption, easier to design and maintain.

Disadvantage: It cannot prevent business flow analysis attacks.

4. What is hybrid encryption? What are the pros and cons?

Hybrid encryption is composed of link and end-to-end hybrid encryption.

Advantages: In terms of cost, flexibility and security, the general end-to-end encryption method is more attractive. The message is encrypted twice, which protects the sensitive information in the header and prevents it from being attacked by business flow analysis.

Disadvantages: The security design of information is more complicated, the cost is high, and the system overhead is large.

5. What is key management? What aspects of management does it include?

Key management deals with issues related to the entire process from key generation to final destruction, including system initialization and key generation, storage, backup/recovery, loading, distribution, protection, update, control, loss, and revocation and destruction etc.

6. What types of keys are there? What are they each for?

• The basic key or initial key is selected by the user or assigned by the system, and can be used exclusively by a pair of users for a long period of time. Its purpose is to start and control a key generator constructed by a certain algorithm together with the session key to generate a key stream for encrypting data.

• The host master key is used to encrypt the key encryption key and is stored in the host processor.

• Key encryption key, the key used to encrypt the transmitted session or file key, also known as the secondary primary key, secondary key, or key transmission key.

• The session key is the key used by two communication terminal users when they talk or exchange data.

• The data encryption key, also known as the working key, expands the amount of keys that can be used without increasing the workload of key replacement.

7. What are the basic methods of key distribution?

Using Secure Channels to Realize Key Delivery

Establishing Secure Channel Delivery Using Dual Key System

Quantum technology enables key delivery

8. How to verify the correctness of the key injection when using the key gun to inject the key?

9. Why does key management divide keys into different levels?

Ensure that very few keys are stored in plain text in the host encryption device with strict physical protection, and other keys are stored in encrypted cipher text in the memory outside the cipher, thus greatly simplifying key management and Enhanced key security.

10. What are the components of a key management system? (This question was not found)

Key generation, key storage, key backup and recovery, key update, key destruction and revocation.

11. What are the four stages of the life cycle of the key? Learn the 12 working steps of key management.

four stages:

• pre-run phase

• run phase

• post run phase

• Scrapping stage

12 working steps: user registration, user initialization, key generation, key input, key registration, normal use, key backup, key update, key file, key cancellation and destruction, key recovery, key revoke

12. Find information to know what mathematical properties a good key should have?

• Truly Random, Equal Probability
• Avoid Weak Keys Using Specific Algorithms
• Satisfy a certain mathematical relationship
• easy to remember but hard to guess
• Using key kneading or hashing technology, the easy-to-remember long sentence is transformed into a pseudo-random number string through a one-way hash function

Chapter 11 Wireless Network Security

1. What are the main security threats to wireless networks? It is necessary to be able to identify which are active attacks and which are passive attacks.

Passive attack: eavesdropping, service area identifier disclosure

Active attacks: communication blocking, data injection and tampering, man-in-the-middle attacks, client impersonation, access point masquerading, anonymous attacks, client-to-client attacks, wireless channel concealment, and replay attacks.

2. What are the main security flaws in the GSM system?

• Leaking IMSI information when the device is turned on for the first time may lead to leakage of user identity.

• The base station implements one-way authentication for users, and the fake base station sends fraudulent information to users.

• The backbone network data transmission is not encrypted, and the intermediate nodes can intercept the session key.

• There is no data integrity verification mechanism, and it is impossible to detect whether the data has been tampered with.

• K directly participates in authentication and encryption, and there is a risk of leaking the master key.

• The master key K exists in the SIM card, and there is a risk of duplicating the SIM card.

3. What security functions does the 3G system have? What are the major security flaws? Compared with 2G, what security improvements have been made in 3G?

The two-way authentication between user networks is realized, the session key between user networks is established, the freshness of the session key is kept, and the data integrity verification function is added.

defect:

• Leaking IMSI information when booting for the first time may lead to user identity leakage

• Backbone network data transmission without encryption, intermediate nodes can intercept the session key

• K directly participates in authentication and encryption, and the master key lacks hierarchical protection

• $CK$和$IK$ is transmitted directly, there is a risk of eavesdropping

• The master key K exists in the SIM card, and there is a risk of duplicating the SIM card

• Using 10 security algorithms $f_1\sim f_{10}$, too many algorithms have the risk of being broken

4. What security features does the 4G system have? What are the major security flaws? What security improvements have been made in 4G compared to 3G?

It realizes two-way authentication between user networks, establishes session keys between user networks, increases data integrity verification, realizes hierarchical key management, and hides encryption key CK CKCK and integrity verification key IK IKIK

defect:

• Leaking IMSI information when booting for the first time may lead to user identity disclosure

• Backbone network data transmission without encryption intermediate nodes can intercept the session key

The improvements and features are as follows:

5. Please draw a diagram to analyze the working process of the confidentiality and authentication protocol of the GSM cellular system, and point out the security function played by each element in the triplet authentication vector.

Triple Authentication Vector

$RAND\; :\; Thechallenge\; value\; used\; for\; user\; authenticationand$ session key generation.

$SRE{S}^{\prime }$ : Used for authentication response SRES SREStransmitted by the user when the VLR performs user authentication$SRES$ comparison.

$K_c$: Session key, used to encrypt session data.

6. Please draw a diagram to analyze the working process of the 3G cellular system security and authentication protocol, and point out the security function played by each element in the quintuple authentication vector.

$RAND$ : used for user and network two-way authentication and session key generation

$XRES$ : Used for network authentication of users

$CK$ : data encryption key

$IK$ : integrity verification key

$AUTN$ : used for user authentication to the network

7. Why is the challenge value RAND of the 2G/3G/4G system a random number instead of a constant? If the challenge value RAND is constant, what kind of security issues will arise? Please analyze it.

Constants have security issues, and random numbers keep keys fresh. The challenge value is that random numbers can prevent brute force attacks. A 128b random number means 3.4*1038 possible combinations. Even if a hacker knows the A3 algorithm, the possibility of guessing a valid RAND/SRES is very small.

Replay attacks, compromise of session keys, device camouflage, etc.

8. Compared with 2G/3G/4G, in what ways does 5G improve security?

Increased user identity protection, realized two-way authentication between user networks, established session keys and data integrity verification keys between user networks, realized hierarchical key management, and hidden encryption keys CK $CKand$ integrity verification key