2019-2020-1 semester 20,192,401 "Introduction to cyberspace professional security" twelfth week learning summary

Others 2019-12-25 21:44:24 views: null

Chapter 10 Cryptography and Applications

10.1 The concept of cryptography and development history

The concept of cryptography

Including cryptography Cryptography and cryptanalysis two parts.

  • Cryptography: Coding major research information, build a variety of safe and effective cryptographic algorithms and protocols for message encryption, authentication, and so on.

  • Cryptanalysis: code-breaking research to get the message, or the message forgery.

    Confidentiality: means the information is not disclosed to the user, unauthorized entities or processes.
    Integrity: refers to the data can not be changed without authorization, i.e., the information is not accidentally or deliberately kept to delete, modify, or stored in a forged during transmission, disorder, playback, and other operations insert damaged.
    Availability: the information system can ensure that the information and access characteristics authorized entity needs to use the press, with access to the information needed when required i.e. when.

10.2 cryptographic algorithms

Symmetric ciphers

  • Basic Characteristics of symmetric cryptographic algorithms: for the encryption and decryption keys, or relatively easily derived, also known as a single key algorithm.
  • Classification symmetric ciphers: block cipher and stream cipher algorithm.

Asymmetric cryptographic algorithm

In public key cryptography, a different encryption key and decryption key, the decryption key corresponding deduced computationally infeasible by the encryption key.
The role of public-key cryptosystem: both can be used for encryption, can also be used for digital signatures.

hash function

  • hash functions: basic method for message authentication, message integrity, and is mainly used for digital signatures.
  • is a hash function mapping arbitrary finite length bit string is fixed-length string.
  • Characteristics of the hash function: can be applied to data of any length, and can generate a fixed size output.

10.3 cyberspace security cryptographic applications

Cryptography Application can resolve the following security issues:

① confidentiality issues
②. Integrity problems
③. Identifiability problem
④. Repudiation problem
⑤. Authorization and access control issues

Public Key Infrastructure

Public Key Infrastructure: One follows standard, providing technical specifications and security infrastructure platform using public key encryption technology to provide cryptographic services for network applications a basic solution.

  • PKI system: a general part of CA, registration authority, digital certificate, the certificate / CRL libraries and end-entity and other components.
  • CA: specifically responsible for producing, issuing and managing digital certificates.
    CA main functions: issuing and managing certificates; CRL issuance and management; RA establishment, audit and management.

  • RA: responsible for digital certificate application, examination and registration, but also extends CA certification bodies.
    RA's main functions:

    ① audit user identity information, to ensure its authenticity
    ② management and maintenance of user identity information in the region
    ③ download digital certificate
    issuance and management of digital certificates ④
    ⑤ registration blacklist

  • Digital certificates: CA-signed by some, including the data volume owner identity information and public key, is proof of the identity of each entity, unique and authoritative.
  • Certificate / CRL library: mainly used to publish, store digital certificates and certificate revocation lists for users to query, obtain a digital certificate for other users, the system used in the CRL.

  • End entity: has a public / private key pair and the corresponding public key certificate of the end user, it can be people, equipment, processes, and so on.
    Common PKI interoperability model is divided into three structures: a strict hierarchical model, network model and bridge construction trust trust structure model.
    PKI technology is mainly reflected in the attribute certificate, wireless roaming certificates and PKI.

Virtual Private Network

  • Virtual Private Network: refers to the public network, the tunnel technology, establish a temporary, secure network.
    VPN features:

    ① low cost
    ② security
    ③ service quality assurance
    ④ manageability
    ⑤ scalability

  • Tunneling: by encapsulating the data, to establish a data channel in the public network, so that packets transmitted through the tunnel.

    Protocol Stack view, there are three tunneling protocols:

  • Layer Two Tunneling Protocol: first encapsulated into network protocols PPP packet, then the entire packet into the tunnel protocol, this data through the two layers of encapsulation packet transmission by the second protocol layer.
  • The third tunneling protocol: the network layer protocol directly into the various network tunneling protocol, the data packet forming a third layer protocols rely for transmission.

  • Fourth tunneling protocol: data encapsulated in the transport layer.

    In VPN implementation, a large number of traffic encryption using a symmetric encryption algorithm, while the use of asymmetric cryptography in the management and distribution of symmetric encryption key.

  • AH: IP layer for enhancing safety, the protocol may provide connectionless data integrity, data origin authentication and anti-replay service attacks.
  • Encapsulating Security Payload: An enhanced IP layer security protocol IPSec.
  • Internet Key Exchange protocol: used to implement security parameter negotiation of security protocols to ensure the safety of the VPN network to communicate with a remote host or hosts.
  • IKE is a hybrid protocol, which contains three different protocols relevant part: Internet Security Association and Key Management Protocol, Oakley and secure key exchange mechanism.
  • Secure Sockets Layer protocol framework: the record protocol, the handshake protocol, change password protocol description and warning of protocols.

  • VPN three typical applications: remote access VPN, Intranet VPN, Extranet VPN.

Privilege Management Infrastructure

  • Privilege Management Infrastructure: provide a rights management and access control mechanisms in a multi-application environment, the rights management and access control classification from specific applications, making access control mechanisms and applications between systems can be flexibly and easily combine .
  • PMI's main functions: rights management system for the definition and description, application to establish the identity of the authorized user mapping, support application access control.

  • PMI consists of: attribute certificate, attribute authority, certificate store.

    The main difference between the PMI and PKI:

    ①PMI main authorization managed to prove what permissions the user can do.
    ②PKI mainly for identification, proof of user identity.

Guess you like

Origin www.cnblogs.com/wangmaiqi0206/p/12098790.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com