Cyber Security | Introduction to Password Basics

overview

password introduction

Security Question

1. Confidentiality: Get the sent message
2. Integrity: tampering with sent messages
3. Identity forgery: tampering with the identity of the sending subject, the message sent by a is tampered with the one sent by b
4. Behavior repudiation: denial of sent messages, loss of traceability of behavior

Cryptography

1. confidentiality
2. integrity
3. authenticity
4. non-repudiation

History of Cryptography

1. Origin of passwords: Wolf Smoke, Tiger Talisman, based on "secret language"
2. Classical ciphers: Caesar cipher, early 20th century cipher machines, algorithm-based secrecy
3. Modern Cryptography: Cipher Machines, Asymmetric Cryptography, Key-Based Secrecy
4. Quantum cryptography: key-based secrecy is theoretically absolutely safe

Cryptographic Industry Classification

1. Commercial encryption (not involving state secrets): applicable to banking, securities, taxation, insurance, electricity, transportation, e-commerce, e-government extranet, enterprise groups, etc.
2. Puti (party and government organs/military industry involving state secrets)
3. Nuclear Security (National Leadership)

name explanation

password

1. Refers generally to "cryptography"
2. From a functional point of view: cryptographic technology mainly includes encryption protection technology and security authentication technology.
3. From the content point of view: cryptographic technology mainly includes cryptographic algorithms, key management and cryptographic protocols.
4. Cryptographic algorithms: symmetric algorithms, asymmetric algorithms, digest algorithms, random number generation algorithms.

clear text

Algorithms that require secure transmission

ciphertext

The garbled information of the plaintext after password transformation

encryption

The process from plaintext to ciphertext

decrypt

The process of recovering plaintext from ciphertext

Encryption Algorithm

A set of rules to use when encrypting plaintext

decryption algorithm

A set of rules to use when decrypting ciphertext

key

A set of secret information used when encrypting and decrypting

Introduction to encryption and decryption process

encryption

decrypt

cryptographic algorithm

Classification of Cryptographic Algorithms

National Secret Algorithm

1. Symmetric encryption algorithm: SM1, SM4, SM6
2. Asymmetric cryptographic algorithm: SM2
3. Password hash algorithm: SM3

international algorithm

1. Symmetric encryption algorithm: DES, 3DES, AES
2. Asymmetric cryptographic algorithm: RSA
3. Password hash algorithm: SHA1

Symmetric algorithm

concept

An algorithm that uses the same key for encryption and decryption

process

features

1. Performance: Fast.
2. Key management: Shared keys, the same key used for encryption and decryption.
3. Usage scenario: fast encryption and decryption.

weakness

1. Keys are not easy to manage.
2. Each pair of communicators requires a pair of different keys, which is not suitable for applications with a large number of users.
3. It is impossible to correspond with someone you have never met.

asymmetric algorithm

concept

1. Algorithms that use different keys for encryption and decryption.
2. Exist in pairs, public key and private key, the private key can deduce the public key, and the public key cannot deduce the private key.

process

features

1. Performance: slower.
2. Key management: Encryption and decryption use different keys, and the public key can be made public.
3. Key usage: public key encryption, private key decryption; private key encryption, public key decryption.
4. Usage scenarios: small data volume encryption, digital signature, key exchange.

weakness

1. The speed is slow and the resource consumption is obvious.
2. It is not suitable for large data volume data encryption processing.

digest algorithm

concept

Map a data value of arbitrary length to a smaller data value of fixed length, which is called a hash value (summary value)

features

1. Map variable-length information to fixed-length information.
2. irreversibility.
3. Faster.
4. Usage scenario: Integrity verification. Such as MD5 file verification code (Checksum)

The difference between hashing and encryption

1. Encryption requires a key, and the original text can be obtained through decryption. (encryption reversible)
2. Hash does not require a key, and the original input cannot be reversed. (hash irreversible)

combination cipher

1. The Best Solution: Combined Cryptography
2. A symmetric algorithm is used for data encryption of a large amount of data, and a new random key is generated each time.
3. Use an asymmetric algorithm for signature verification to confirm the authenticity of the identities of both parties.
4. Hash values ​​are computed using a digest algorithm.

Digital Signatures and Certificates

digital signature

concept

杂凑值The result obtained by the signer using the private key to perform cryptographic operations on the data to be signed 公钥can only be verified with the signer's to confirm the integrity of the data to be signed, the authenticity of the signer's identity and the non-repudiation of the signature behavior . - "Cryptographic Terminology" (GM/Z 0001-2013)

Overview of Digital Certificates

concept

1. Digital certificates are also called "digital ID cards" and "network ID cards".
2. An electronic file issued by the CA organization and certified by it, containing the owner's identity information and public key related information.
3. It can be used to prove the true identity of the digital certificate holder. It is the identity certificate for various entities (individuals, merchants, enterprises, units, etc.) to carry out information exchange and business activities on the Internet, and to solve the problem of mutual trust.
4. A digital certificate is a piece of data containing 用户身份信息, 用户公钥信息and 身份验证机构数字签名, the digital signature of the authentication authority can ensure the authenticity of the certificate information.

storage

1. Storage information: user's certificate, user's private key, and CA root certificate.
2. Storage device: hard disk, smart IC card, TF card/SD card, smart password key (USB Key)

CA and RA

CA

concept

Certificate Authority (CA): It is an authoritative organization responsible for issuing and managing digital certificates. It mainly implements: certificate issuance, certificate renewal, certificate revocation and certificate verification.

effect

1. Publish the local CA policy.
2. Authenticate and identify subordinate institutions.
3. Generate and manage affiliate certificates.
4. Receive and authenticate RA certificate requests.
5. Issue and manage certificates.
6. Publish the certificate CRL.
7. cross-certification.

RA

concept

Certificate Registration and Approval Authority (RA): Responsible for information entry, approval and certificate issuance of certificate applicants.

effect

1. Review user identity information to ensure its authenticity.
2. Management and maintenance of user identity information in this area.
3. Download of digital certificates.
4. Issuance and management of digital certificates.
5. Register blacklist.

CA and RA relationship

CA and RA are similar to the relationship between the public security department and the police station.

Password Basic Functions

1. encryption function
2. Trusted Authentication Function

commercial encryption products

Classification of commercial encryption products

software

1. Refers to cryptographic products that appear in the form of pure software.
2. Such as: information security software, cryptographic algorithm software, digital certificate authentication system software.

chip

1. Refers to cryptographic products in the form of chips.
2. Such as: algorithm chip, cryptographic SOC chip, etc.
   Among them, SOC: the abbreviation of System on Chip, the translation is system-level chip, also known as system on chip.

board

1. A product that appears in the form of a board and has complete password functions.
2. Such as: IC card, USBKEY, PCI-E password card, TF card, MINI, PCI-E card, etc.

complete machine

1. A product that appears in the form of a complete machine and has complete password functions.
2. Such as: signature server, server cipher machine, VPN security gateway, etc.

system

1. A product that appears in the form of a system and is supported by password functions.
2. Such as: electronic signature system, key management system, secure document transmission system, etc.

Application cases of commercial encryption products

Ensuring the confidentiality of information

1. Encryption and decryption of stored information
   
2. Transmission data encryption and decryption
   

Ensure the credibility and non-repudiation of information

Provide key service for CA

Ensure identity authenticity, data integrity and non-repudiation