Preface
It is mainly organized based on the content of the EBU7140 course and is more exam-oriented~
Block1: Introductory course, traditional encryption methods.
Block2: Principles and applications of public key encryption.
Block3: Some specific security protocol technologies (such as firewall Kerberos authentication protocol, etc.).
Block4: Email security, network security.
B1
The significance of network security goes without saying. Communications in the military field, daily life transactions...
The title of this course is called "Security and Authentication". What do security and authentication mean?
security system: Deter, Prevent, Detect and Correct security violations of data transmission.
Security systems: Prevent, prevent, detect and correct security violations in data transmission.
security architecture security architecture
The security architecture mainly includes three contents: security attacks that leak data information, security mechanisms to detect, prevent, and recover security attacks, and process security services to prevent attacks.
There are mainly the following types of security attacks, all of which are relatively easy to understand:
Security attacks are also divided into passive and active.
Security mechanism: We know that "security" is an abstract thing and cannot be provided. But systems can be called "more secure" by making security attacks more difficult, such as encryption. Cryptography
Security services: For example, security authentication Authentication identifies user permissions; access control allows only authorized people to access; verifies data confidentiality and integrity...
The picture below shows some terms. I don’t think the concepts will be tested. I just need to know the meaning when they appear in the question stem.
From top to bottom: plaintext (unencrypted data), encryption, ciphertext, decryption, key (used for encryption and decryption, usage depends on the specific encryption algorithm); encryption, hash algorithm, digital signature (ensure through encryption algorithm This information was sent by me); access control, data confidentiality, data integrity, non-repudiation, identity authentication.
The three are inclusive relationships, security is some basic definitions, mechanism is some algorithms that use security, and services are some functions implemented in combination with mechanicsim.
network security model
To simplify it, when sending information, the network security service helps us encrypt it and send it to the other party, and the other party uses the network security service to decrypt it and obtain the data.
Encryption example
Caesar cipher
The oldest and simplest encryption method: Caesar Cipher, letter shifting. Caesar used this method to communicate with his officers.
If we know that the ciphertext is encrypted by Caesar, then the crack is very simple, and we can get the answer in at most 25 attempts.
virginia cipher
Vigenère Cipher: Polyalphabetic Substitution, which is essentially the result of multiple Caesar ciphers.
We need a plaintext string and key string (for encryption).
For example, if the plain text M and the first key is S, then it corresponds to the letter E in the password table.
Plain text Y, the second key is T, corresponding to R.
Algorithm: (plain text corresponding letter + key corresponding letter) mod 26 (A counts as 0)
Decryption: (ciphertext corresponding letter - key corresponding letter) mod 26 (A counts as 0)
rotor encryption
Rotor Encryption: The mechanical structure of a multi-layer roller.
Single roller:
For each encryption, move the wheel to the left.
Multiple rollers: Different layers of rollers rotate at different speeds.
This is an encryption machine invented in Germany, but it was gradually cracked later.
Grille encryption
Grille encryption the grille: Use a grille pattern area for occlusion. Both the sending and receiving parties should share a grid map.
Each time a part of the data is taken, the grid chart is rotated clockwise and another part of the data is taken.
Classification of encryption systems
-
Steganography: An encryption method that hides data and cannot be directly discovered. For example, adjusting the least significant bit of the pixel, using spectrum adjustment or frequency shift in the audio file...The essence is that you cannot see the plain text at first glance.
-
Cryptographic: The ciphertext is given to you, it’s on this piece of paper, and this is the data. But you need to decrypt it to see it.
-
Encryption method: Substitution & Transposition. It is easier to understand.
-
Number of keys used: Symmetric encryption and Transposition & Asymmetric encryption. Using one key for encryption and decryption is symmetric encryption.
-
Plaintext processing methods: stream cipher and block cipher Stream Cipher & Block Cipher. The difference between processing one element at a time and multiple elements in a block.
The previous Caesar cipher is considered a stream encryption, and I think the grill should be considered a block encryption.
Stream Encryption 1: Simple XOR
To give an example of stream encryption, simply put, the plaintext and the key are XORed bit by bit to obtain the ciphertext, and then XORed again for decryption. Because if a bit is XORed with 0 or 1 twice, it will get itself.
The amount of calculation is small and the encryption is fast. But it is too simple. If you know the plaintext and ciphertext, you will know the key; and the attacker cannot be detected after tampering with the message. There is no mechanism similar to parity check to ensure that the information has not been tampered with.
Stream encryption 2: one time pad
The second stream encryption method is called one time pad and cannot be destroyed. That is, each transmission uses a new random key with the same length as the information to be transmitted. There is no statistical relationship between the ciphertext and the plaintext. This key is used for encryption. The problem is how to send the key to the other party. The key is too large and the algorithm is error-prone.
Block Encryption 1: Out of Order
For example, rearrange the order every 10 letters, from {1,2,3,4,5,6,7,8,9,10} to {3,1,2,10,7,5,4,8, 6,9}.
Block Encryption 2: Playfair Square Cipher
Playfair's square password was a bit confusing at first, but once I understood it, I found it quite interesting.
First, we use the key to generate a 5*5 encryption square matrix. For example, if the key is "MY SECRET CODE IS", we remove repeated letters and spaces and change it to "MYSECRTODI", which is written in the square matrix, and the remaining parts are filled in the order of letters that do not appear in the alphabet.
For the plaintext, first we split the plaintext into pairs of letter combinations. If a certain pair of letter combinations is repeated, replace the second one with X or Q.
For each pair of letters, we first find the corresponding letter position in the encrypted square matrix.
- If they are not in the same row and column, then they form two diagonals of a rectangle, and we replace them with the other two diagonal letters of the rectangle.
- If they are on the same line, replace both with the letter on the right.
- If they are in the same column, replace them with the letters below.
It's quite safe, it's so complicated. The problem is that the key cannot be leaked (the key used to generate the encryption matrix), otherwise it is over.
key agreement key agreement
The above are some of the more traditional encryption methods. The basic problem is: the key cannot be leaked. So at that time, people needed some way for both parties to negotiate the key. Otherwise, if the key was intercepted when the key was sent for the first time, subsequent information transmission would be equivalent to transparent.
There are two main attack methods for cracking keys. One is Cryptanalysis Attacks, which cracks the encryption methods that may be used and some encryption rules of the plaintext and keys of this method. For example, there is a chapter in Sherlock Holmes (The Dancing Man). At that time, MiXin just created a little person symbol with different movements for each letter. Sherlock Holmes first started from the rule that e appears most often in English, and got the symbol corresponding to e. , followed by other letters... gradually cracked.
The second method is Brute-force Attacks. I remember that when I moved to another campus, I had a 3-digit password lock that my classmates in the dormitory next door helped me violently try out. But there is one difference, that is a trial password, and the brute force cracking here is a trial key.
How to evaluate the security of encryption algorithms? In fact, any password will definitely be deciphered sooner or later (at worst, it will take 50 years, 100 years, 10,000 years to decipher?). To say that the key is secure does not mean that it can never be cracked, but that:
- The cost-effectiveness of cracking is not high, and the manpower, financial and material resources required to crack are not as good as the value of the key. When I pass a note to my classmates, I guess no one will have time to crack it. It's like a nuclear bomb code and I guess a lot of people are watching it.
- The validity period of plaintext is shorter than the cracking time. For example, the army sends a message: A general offensive will be launched tonight. The enemy will break out at noon tomorrow, and the situation is over.
crack
Isaac's Code Cracking
In the same way as Sherlock Holmes, we guess based on the frequency of letters.
At most, if you shift 25 times, you can always crack it, right?
However, a more effective way to crack is to calculate the probability using vectors. The prediction of classification problems in deep learning is also similar. We use a certain algorithm to quantify the probability that different keys are the correct solution, and finally compare and select the offset that is most likely to be the key. , and we don’t need to care about incorrect prediction values (if you are interested, you can read my article: Deep Learning (5) Softmax Regression: Introduction to Classification Algorithms, How to Load the Fashion-MINIST Data Set-CSDN Blog ).
The above table is the frequency of occurrence of letters in the current ciphertext (I call it the ciphertext vector), and the picture below is the statistical frequency of occurrence of subtitles (I call it the frequency vector).
Cracking method: We shift the ciphertext vector and multiply it with the frequency vector to calculate the prediction probability; try the shift value from 1 to 25, calculate the size of each prediction value, and finally take the maximum value.
Virginia code cracking
The Vigenère cipher is a 26*26 rectangle, and the letter in the corresponding position is found through the plaintext and the key. In other words, the key is not a simple numerical offset, but a string.
First we need to guess the key length. Let’s look at the number of times the repeated combination appears (it seems to be 2-3 letters?)
It seems that the more common distance for repeated combinations is 3, so the key is a multiple of 3 (this should be quite difficult to find without relying on algorithms).
Then we still try to ciphertext shift offset, recording the offset and the number duplication that occurs at each offset. For example, the picture below shows the offset of shift +2.
The offset and repetition are as follows:
And we know that the key length is likely to be a multiple of 3. Then we divide the ciphertext into three equal parts, 3k, 3k+1, 3k+2.
Next, for these three sets of data, perform vector cracking operations similar to Isaac's cipher cracking, and sum them up to obtain the most likely key.
In principle, the first difference between the Isaac cipher and the Vigenère cipher is that the Vigenère cipher is an Isaac cipher with a key string repeated many times, such as abcabcabc... If we estimate that the length of the Vigenère cipher is 3. Then the string at position 3k is equivalent to the Caesar cipher encrypted with a, the string at position 3k+1 is encrypted with b, and the string at position 3k+2 is encrypted with c, which can be cracked using the Isaac cipher respectively.
Traditional encryption
Block encryption algorithms using symmetric encryption are also called traditional encryption.
Feistel Algorithm: An algorithm that blocks passwords and performs multiple rounds of encryption. The more typical one is DES.
OF THE
DES data encryption standard is an encryption standard. There are many specific DES algorithms.
Take 64-bit data, use the substitution table to extend the right 32 bits to 48 bits and XOR it with the key, then replace it to 32 bits through the s-box substitution table, and XOR it with the left 32 bits to get a new round of right 32 bits. Then in the next round, the right 32-bit becomes the new left 32-bit.
The key is a 64-bit key, which becomes 56 bits after the permutation table. In each round, the permutation table becomes 48 bits after the shift, and is XORed with the 48-bit message.
The first function of S-Box is to compress the length for key operation, and the second function is to increase security.
DES security is related to the key length, and the s-box is related to the choice of a specific permutation (that is, the substitution table and the key length).
The DES 56-bit key is relatively insecure (although it is enough to stun me I think), so multiple DES can be used.
Dual DES
DES encryption twice, with different keys.
EK 1 ( EK 2 ( m ) ) E_{K1}(E_{K2}(m))EK 1(EK2 _(m))
At first, I thought it was possible to find a key k3 that would have the same effect as k1 k2 encrypted twice. Then the two encryptions would be meaningless. But it seems that according to the characteristics of the algorithm, this is impossible to happen.
The single DES key level is 256 and the double DES key level is 257 .
A way to crack Double DES: Meet-in-the-middle attack. Assuming that the intermediate value of double DES when encrypted only once is X (ie E_{K2}(m) or D_K1©), we only need two pairs of known plaintext and ciphertext pairs to crack double DES.
- The plaintext is encrypted once with all possible keys and the ciphertext is decrypted once with all possible keys. See which key pairs have the same intermediate value X.
- Use this key pair to check another set of known plaintext and ciphertext (optional). If the same intermediate value X is obtained, it means that this key pair is correct.
TDEA
Triple DES.
C = E K 3 ( E K 2 − 1 ( E K 1 ( m ) ) ) C=E_{K3}(E_{K2}^{-1}(E_{K1}(m))) C=EK 3(EK2 _−1(EK 1(m)))
-1 represents decryption. Decryption is the opposite, K3 decrypts, K2 encrypts, K1 decrypts.
AES
With the advancement of computer computing power, DES is relatively no longer secure, so the new encryption standard AES was introduced.
The standards are as follows:
- Three key lengths need to be supported, 128 bits, 192 bits, and 256 bits.
- Block size can only be 128 bits.
- Unlike Feistel Algorithm, which splits several parts and processes them separately (for a piece of data, it splits it into two left and right parts), AES processes a whole piece of data every time.
At that time, the National Institute of Standards and Technology in the United States formulated the AES standard and solicited algorithm implementations from everyone, hoping to find a more secure algorithm. The more famous work is Rijndael.
Rijndael
Simply put, it is divided into the following four rounds:
-
S-box byte replacement. A byte is 8 bits, the first 4 bits represent 16 rows, and the last 4 bits represent 16 columns. Find the corresponding replacement item in the replacement table.
-
Row shift, different row shifts are different.
-
Column MixMixColumns, the column is multiplied with a constant matrix to obtain a new column.
for example:
-
Round key plus AddRoundKey, this step is considered real encryption, the key is XORed with the state matrix. Generally, key expansion is performed based on the user key to generate multiple rounds of keys, and a different key is used for each round of encryption.
The overall process is to add round key once, and then repeat these four parts of substitute bytes, shift rows, mix cloumns, and add round key N_{r-1} times.
But in fact, this encryption method is not as complicated as it seems. You don’t even need to try the key 2 128 times, 2 100 is enough (probably based on some key analysis technology).
operating mode
Mode of operation is a method to improve the encryption method. In principle, try to avoid the same encryption result with the same key. This is also the biggest drawback of our previous encryption methods. Anyway, the same key will produce the same encryption result, so at most it will be 2,128 brute force attempts.
ECB Electronic Code Book
The electronic codebook is a simple block encryption.
But think about our method of cracking DES. The problem that encryption with the same key will produce the same result has not been solved. We only need to know the plaintext ciphertext pair and try all keys to crack it.
CBC Cipher Block Chaining
Each plaintext block is XORed with the previous ciphertext and then encrypted with the key. The c0 initial ciphertext block is the information agreed upon by both parties for encryption.
Decryption is just the opposite.
The complexity is higher. However, when encrypting, it is not possible to encrypt in parallel. It must be encrypted serially because of dependencies. Decryption can still be done in parallel during decryption.
CFB Cipher feedback
After encryption, the initial vector is XORed with plaintext block 1 to obtain ciphertext block 1; after encryption, ciphertext block 1 is XORed with plaintext block 2 to obtain ciphertext block 2;…
The IV initialization vector is similar to c0 of CBC and is a piece of information used by both parties to initiate encryption.
The decryption process is similar, but instead of XORing with the plaintext, you get XOR, you XOR with the ciphertext to get the plaintext.
The disadvantage is that encryption cannot be operated in parallel, and previous calculation errors will affect subsequent calculation results.
OFB Output feedback mode (OFB)
The difference from CFB is that CFB uses the previous ciphertext block as the initial vector for encrypting the next block, so error propagation will occur. When OFB is not XORed with the plaintext, it is used as the initial vector of the next block, and error propagation will not occur. And if the multiple rounds of encryption values of the IV vector are calculated in advance, parallel encryption operations can be performed directly with the grouped plaintext.
CTR Counter mode
A self-increasing encryption counter serves as the initialization vector.
It can also be calculated in parallel and is very fast.
key distribution
-
One of the most important questions: how to synchronize keys between the two parties. If the process of sending the key is intercepted, it will be useless to modify the algorithm.
-
The key transmission channel must be more secure than the messaging channel.
-
Another question is how to ensure that the key is sent to me by the other party through signature. For example, the middleman intercepts the key sent by A to B and forges a key for B. B does not know that his key has been modified.
The key can be sent through a physical channel (hand to the other party?). Or if two people had an old key before and now want to change it to a new one, the new key can be sent encrypted with the old key. Or two people can send over an encrypted connection between each other.