2019-2020 semester 20,192,404 "Introduction to cyberspace security professionals," the twelfth week reading notes

Others 2019-12-25 22:33:13 views: null

Chapter 10 Cryptography and Applications

10.1 The concept of cryptography and development history

10.1.1 concept of cryptography

  • Including cryptography Cryptography and cryptanalysis two parts.

  • Cryptography main encoded information research aspect, various constructs efficient cryptographic algorithms and protocols used for message encryption, authentication, cryptanalysis is research to decipher the password obtained message , or the message forgery.

    10.1.2 the history of cryptology

  • The first stage : from antiquity to the 19th century, the early development of classical cryptography password (classical cryptography) stage.
  • The second stage : early 20th century in 1949, the stage of development of modern cryptography.
  • The third stage : 1949-1975, the early stages of the development of modern cryptography.

  • The fourth stage : from 1975 to date. 1976 is a revolution in education in the history of the password, marking a new era of public-key cryptography cryptography.

10.2 cryptographic algorithms

  • Password divided into three categories according to their functional characteristics: symmetric ciphers, public key cryptography and the Secure Hash Algorithm

10.2.1 symmetric ciphers

  • Symmetric cryptographic algorithm basic features : for encryption and decryption keys the same, or relatively easily derived, also known as a single key algorithm.
  • Symmetric cryptographic algorithm classification : block cipher and stream cipher algorithm .

10.2.2 asymmetric cryptographic algorithm

  • In public key cryptography, the encryption key and a decryption key differ , the corresponding decryption key derived computationally infeasible by the encryption key.
  • Public-key cryptosystem role : not only can be used for encryption , can also be used for digital signatures.

10.2.3 hash function

  • Hash function : the basic message authentication method, mainly for message integrity, and digital signatures .
  • Hash function is mapped to a bit string of arbitrary finite length to a string of fixed length .
  • Hash function characteristics : can be applied to data of any length, and can generate a fixed size output.

10.3 cyberspace security cryptographic applications

  • Cyberspace security cryptographic applications:
    1) protecting the confidentiality issue
    2) integrity protection
    3) can be identified protection issues
    4) Non-repudiation protection
    5) issue authorization and access control

10.3.1 Public Key Infrastructure

  1. Public Key Infrastructure : one kind of follow the standard, the use of public-key encryption technology to provide technical specifications and security infrastructure platform that provides cryptographic services for network applications a basic solution.
  2. PKI system : general by the CA, registration authority, digital certificate, the certificate / CRL libraries and end-entity parts and other components.
  3. CA : specializing in digital certificates generated, distribution and management .
    CA's main features :
  • Issuance and management of certificates;
  • CRL issuance and management;
  • RA establishment, audit and management.
  1. RA : responsible for digital certificate application, examination and registration , but also extends CA certification bodies.
    RA's main functions :
    1) audit user identity information, to ensure its authenticity
    2) to manage and maintain the user's identity information in the region
    3) to download digital certificates
    4) issuing and managing digital certificates
    5) registration blacklist
  2. Digital certificates : CA-signed by some, including the data volume owner identity information and public key, is proof of the identity of each entity, has a unique and authoritative .
    Digital certificates mainly includes three parts: certification body. CA signature algorithm and signature data .
  • Certificate body generally include the following:
  • version number
  • serial number
  • Signature algorithm identifier
  • Issuer
  • Validity
  • Principal name
  • Body public
  • Issuer unique identifier
  • Subject unique identifier
  • Extended domain
    certificate store: mainly used to publish / store digital certificates and certificate revocation list
  1. Certificate / CRL library : mainly used to publish, store digital certificates and certificate revocation lists for users to query, obtain a digital certificate for other users, the system used in the CRL.
  2. End entity : has a public / private key pair and the corresponding public key certificate of the end user , it can be people, equipment, processes, and so on.
  3. Common PKI interoperability model is divided into three structures: a strict hierarchical model, network model and bridge construction trust trust structure model .
    PKI technology mainly in the attribute certificate, roaming and wireless PKI certificate on.
    PKI technology development: attribute certificate, certificate roaming, wireless PKI.

10.3.2 Virtual Private Network

  1. Virtual Private Network : refers to the public network, using the tunnel technology , establish a temporary, secure network.
  2. VPN features :
    1) low cost
    2) Security
    3) Quality of Service
    4) Manageability
    5) Scalability
  3. VPN working principle and key technologies:
    (1) Tunneling : By encapsulating the data in the public network to establish a data channel , so that data packets transmitted through this tunnel.
    There are three main tunneling protocol:
    1) a second layer tunneling protocol: first the various network protocols encapsulated packet to the PPP, then the entire packet into the tunnel protocol, this data packet through the two layers of encapsulation by a second layer protocol transmission.
    2) The third tunneling protocol: the network layer protocol directly into the various network tunneling protocol, the data packet forming a third layer protocols rely for transmission.
    3) The fourth tunneling protocol: data encapsulated in the transport layer.
    (2) encryption technology
    (3) and the user device authentication technique
    (4) IPSec technology
    • Authentication Header (AH)
    • Encapsulating Security Payload
    • Security Association
    • Internet Key Exchange
    (5) Secure Sockets Layer (SSL) technology
    • Record Protocol
    • Change Password protocol
    • Alert Protocol
    • Handshaking protocol
  4. VPN three typical applications:
  • Remote Access VPN
  • Intranet VPN
  • Extranet VPN

10.3.3 Privilege Management Infrastructure

  • Privilege Management Infrastructure : provides a multi-application environment, rights management and access control mechanisms , the rights management and access control classification from specific applications, making access control mechanisms between systems and applications can be flexibly and easily combine .
  • PMI's main functions : rights management system for the definition and description, application to establish the identity of the authorized user mapping, support application access control.
  • PMI consists of: attribute certificate, attribute authority, certificate store .
  • Between the PMI and the PKI major differences :
    1) The main PMI authorize management to prove what permissions the user can do.
    2) PKI authentication mainly to prove user identity.
  • PMI construction applications:
    1) the visitor, target
    2) Strategy
    3) authorization checks
    4) access control decision point

Guess you like

Origin www.cnblogs.com/jzbysl0910/p/12099191.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com