Article Directory
Virtual private network definition
VPN (virtual Private Network) is a "private data channel established through a shared public network" form a special with a certain security and guaranteed quality of service network.
-
Virtual
users do not need to use actual data of private long-distance lines, but to use the Internet long-distance data lines to establish their own private network -
Private Network
Users can customize a network that best meet their needs for themselves
Common Security Technology
- Tunneling: no security,
- Authentication - Data signature
- Data Authentication
- Encryption and decryption technology
- Secret key management technology
Encryption technology
Password Technology
- Encryption: plaintext ciphertext becomes
- Cryptographic service:
- Confidentiality encryption ----------
- --------- data integrity certification
- Anti-repudiation
- Identification of
Encryption technology, the history:
- scytale
- Caesar Password: out of order solution mechanism: eg: ABC written DEF
- Two-track algorithm
- Cipher machine
Encryption technology classification
Symmetric encryption
- Encryption, decryption
同一个秘钥----共享秘钥
How it works: The sender and receiver must know the shared secret key (the same secret key), the sender sends plain text into encrypted algorithm into ciphertext, sent to the recipient, accepted who by shared key to decrypt- Common symmetric encryption algorithm
- Stream encryption algorithm
- RC4
- Block cipher
DES3DESAES# These three are more popular VPN technology- IDEA
- RC2、RC5、RC6
- Stream encryption algorithm
- Common symmetric encryption algorithm
Asymmetric encryption
- Using two different decryption keys and decryption, the data used to protect the private key, the public key used to detect the authenticity and identity of the sender
- Hi钥:
-
Private: data protection
-
Public Key: authenticate
-
Asymmetric cryptography
- How it works: Before sending data, the sender and receiver need
生成一把秘钥对, a public key, a private key. The sender and receiver交换公钥, the private issuance of their own, not leaking diarrhea. When the sender to send data to a recipient, with the first recipient公钥perform data加密transmission to the recipient. Recipients with their own私钥conduct on the data解密
- How it works: Before sending data, the sender and receiver need
-
Key Exchange Process:
- Sending end: plaintext into ciphertext · ·, formed
会话秘钥in the receiver with公钥the session keys加密发送 - Receiving end:
私钥解密出会话秘钥in plaintext decrypted using the session keys
- Sending end: plaintext into ciphertext · ·, formed
-
Symmetric, asymmetric encryption Comparative
-
advantage:
-
Symmetric secret key algorithms: encryption and decryption
速度快can be implemented using hardware -
Asymmetric secret key algorithms:
秘钥安全性高 -
Disadvantages:
-
Symmetric secret key algorithms: key distribution problem
-
Asymmetric secret key algorithms: encryption and decryption velocity sensitive
Digital signature authentication -----
- principle:
-
Sender: sending a clear, after hashing, summary form (ciphertext), using
发送者的私钥for加密obtain数字签名.
In the数字签名and明文数据sent to the recipient -
Recipients: After receiving the data, the plaintext data to make a local hash calculation, to obtain a digest (ciphertext). Is then sent from the digital signature with
发起者the公钥performed解密to obtain the original plaintext digest value, which is the local digest value对比, the same, there is no tampering.
-
- Thinking:
- How the sender's public key is sent to the recipient?
- How to tell the public that the sender's public key?
- Digital certificates:
- Public agencies carrier -CA
- X.509 digital certificate format
- Issued by a trusted institution
- Digital certificate storage
- Digital certificates:
Data Authentication
- Hashing algorithm: the input and output program any length of a fixed length
- h=H(M)
- Common hash algorithm
- MD5: fixed output 128bit
- SHA-1: fixed output: 160bit
