2.1 Basics of Cryptography

развивать 2023-08-02 08:16:43 Время чтения: null

Data reference: CISP official 

Table of contents

  • Basic concepts of cryptography
  • Symmetric encryption algorithm
  • Asymmetric Cryptographic Algorithm
  • Hash functions and digital signatures
  • public key infrastructure 

1. Basic concepts of cryptography 

1. The formation and development of cryptography

development path

Classical Cryptography (before 1949)

  • Main features: data security based on algorithmic confidentiality

Modern Cryptography (1949~1975)

  • Key Features: Cryptography truly becomes a science

Modern Cryptography (after 1976)

  • A New Direction of Cryptography— Public Key Cryptography
  • Main features: solve the problem of key distribution and management 

classical cryptography

  • caesar cipher 

ENIGMA rotary machine

Introduction to classical ciphers

Security lies in keeping the confidentiality of the algorithm itself

  • not suitable for mass production
  • Not suitable for larger or changing organizations
  • Users cannot understand the security of the algorithm

main category

  • alternate password
  • replacement password
  • Combination of substitution cipher and permutation cipher

modern cryptography

  • In 1949, Shannon (Shannon) published the paper "The communication Theory of Secret Systems", which introduced information theory into cryptography, thus pushing cryptography, which has a history of thousands of years, to a scientific track, and laid the theoretical foundation of cryptography

modern cryptography

  • Solve key distribution, management issues, and provide more services
  • In 1976, Diffie&Hellman's "New directions in Cryptography" proposed an asymmetric key cipher

2. Basic secure communication model

basic concept:

  • Cryptography : Cryptography is a branch of cryptography that studies techniques and methods for encoding and decoding information. Cryptography aims to ensure the confidentiality and integrity of information, and usually involves encryption algorithms, decryption algorithms, and key management.

  • Cryptanalysis : Cryptanalysis is an important branch of cryptography, which studies how to crack or attack techniques and methods by analyzing the security of cryptographic systems. Cryptanalysis involves the study of the strength of cryptographic algorithms, the attack strategy of attackers, the weaknesses of cryptographic systems, and the mathematical and computational methods used to crack cryptographic algorithms.

Traditional cryptography is mainly used for secure communication, which solves the problem of secure transmission of information in insecure channels.

Modern cryptography covers all aspects of data processing (data encryption, cryptanalysis, digital signature, identification, zero-knowledge proof, password sharing, etc.)

Application of Cryptography Technology in Information Security

basic concept

  • plaintext, ciphertext
  • encryption, decryption, encryption key, decryption key
  • ......

 

3. Password system security

basic concept

  • Plain text: The original message whose content can be read without any decryption tool is called plain text.
  • Cipher text: The plaintext is transformed into a content that cannot be read under normal circumstances. This concealed information is called cipher text.
  • Encryption: The transformation process from plaintext to ciphertext is called encryption
  • Decryption: The transformation process from ciphertext to plaintext is called decryption.
  • Encryption/Decryption Algorithm: A set of rules adopted when encrypting plaintext is called an encryption algorithm, and a set of rules adopted by the receiver of ciphertext to decrypt ciphertext is called a decryption algorithm.
  • Key (Keγ): The parameter of the key input in the algorithm for converting plaintext to ciphertext or converting ciphertext to plaintext.

Basic Factors Affecting the Security of Cryptosystem

  • Cryptographic algorithm complexity, key confidentiality, key length

Kerckhoff's principle

  • The cryptographic system can be made public, but the key must be kept secret
  • If a cryptosystem requires more secrecy, the more possible weaknesses 

4. The actual security of the cryptosystem

Assess cryptosystem security

  • unconditional security
  • computing security
  • provable safety

For a cryptographic system to be practically secure, it must satisfy the following criteria:

  • The actual computational effort to decipher this cryptosystem cannot be achieved
  • The computational time required to decipher this cryptosystem exceeds the lifetime of the message
  • The cost of deciphering the cryptographic system exceeds the value of the encrypted information itself 

2. Symmetric encryption algorithm  

introduce

  • Symmetric cryptographic algorithm is also called traditional cryptographic algorithm , secret key algorithm or single key algorithm
  • The encryption key and decryption key are the same, or substantially equivalent

Algorithm advantages

  • The algorithm is simple, the amount of calculation is small, the encryption speed is fast, and the encryption efficiency is high. It is suitable for encrypting a large amount of data, and the length of the plaintext is equal to the length of the ciphertext.

Algorithm disadvantages:

  • Secure channels are difficult to implement
  • The problem of secure exchange of keys and the complexity of key management
  • Problems such as tampering and denial of messages cannot be solved. ·

Typical symmetric cryptographic algorithms include:

  • DES、3DES、DEA、AES、RC4、RC5、 Twofish、CAST-256、MARS等

3. Asymmetric cryptographic algorithm

1 Introduction

  • Asymmetric cryptographic algorithms are also called double-key or public-key cryptographic algorithms.
  • Its encryption key and decryption key are different, and it is difficult to deduce one from the other

Two keys are applied, one can be made public (called the public key), and the other is private (called the private key), and these two keys form a key pair. Data encrypted with a public key can only be decrypted with the corresponding private key .

 2. Characteristics of asymmetric encryption algorithm

Features of public key cryptography:

  • Public and private keys come in pairs : In public key cryptography, each user has a public key and a private key associated with their identity. The public key can be made public and used to encrypt data; the private key is kept secret and used to decrypt data or generate digital signatures.

  • Public key encryption and private key decryption : The public key can be used to encrypt data, and only the private key can decrypt the encrypted data, thus ensuring confidentiality.

  • Private key encryption and public key decryption : the private key can be used to encrypt data, and only the public key can decrypt encrypted data, which is used to generate digital signatures, verify data integrity and identity authentication, etc.

Advantages of public key cryptography:

  • Key delivery problem solved : In symmetric encryption, the delivery and management of keys is a difficult problem. The public key cryptography solves the problem of key distribution and management by using the public key for encryption and the private key for decryption.

  • Reduced key holding : In symmetric encryption, each user needs to hold the other user's key to communicate. In public key cryptography, each user only needs its own pair of public and private keys to complete encryption and decryption operations, reducing the amount of keys held.

  • Provides services such as digital signatures : Public key cryptography is not only used for secure communication, but also provides services such as digital signatures and identity authentication. Digital signatures are used to verify data integrity and identity authentication, which can prevent data from being tampered with.

Disadvantages of public key cryptography:

  • Complicated calculations and high resource consumption : Compared with symmetric cryptography, the encryption and decryption process of public key cryptography is more complicated and involves more mathematical calculations, so the calculation complexity is higher, and the demand for computing resources also increases accordingly.

  • Increased ciphertext length : The encryption algorithm used in public key cryptography usually results in longer ciphertext length. Compared with symmetric cryptography, the overhead of transmitting and storing ciphertext will be greater.

To sum up, public key cryptography has important advantages in the field of information security by solving key transfer problems and providing services such as digital signatures, but there are also some disadvantages of computational complexity and increased ciphertext length that need to be considered.

Typical algorithms of public key cryptography:

  • Merkle-Hellman: Merke-Hellman is a public-key cryptographic algorithm based on the knapsack problem, but it has been found to have security issues and is therefore no longer widely used .

  • RSA : RSA is one of the most commonly used public key cryptographic algorithms. It is a number theory algorithm based on the difficulty of factorizing large prime numbers. RSA can be used for operations such as encryption, decryption and digital signature, and is widely used in the fields of network communication and data protection .

  • Rabin : Rabin is a public-key cryptographic algorithm based on integer factorization problems. It has similar functions to RSA, but due to some characteristics, it is not as widely used as RSA.

  • ElGamal : ElGamal is a public-key cryptographic algorithm based on the discrete logarithm problem. It provides encryption and digital signature functions, and is considered a relatively secure algorithm.

  • ECC (Elliptic Curve Cryptography): ECC is a public-key cryptographic algorithm based on the mathematical problems of elliptic curves. Compared with other algorithms, ECC uses a shorter key length while providing the same security, thus saving storage space and computing resources.

There are several common misconceptions about public key cryptography:

  • Are public key cryptography more secure? Compared with symmetric cryptography, public key cryptography provides a stronger key management and distribution method, but it does not mean that public key cryptography is necessarily more secure than symmetric cryptography. Actual security depends on algorithm design, key length, implementation, and overall security of the system .
  • Does public key cryptography make symmetric cryptography obsolete? Both public key cryptography and symmetric cryptography have their own advantages and applicable scenarios . It cannot be said that public key cryptography makes symmetric cryptography obsolete. In practical applications, symmetric cryptography is still widely used, especially with advantages in resource-constrained devices and large-scale data transmission.
  • Is it really easy to implement key distribution using public key cryptography? Although the key distribution method of public key cryptography is relatively simple, it still needs to ensure the security of the private key and a reliable key distribution mechanism. Key distribution involves various complex issues such as key management, trust establishment, and key renewal .

4. Hash function and digital signature

1. Hash function

introduce

  • A hash function is also called a one-way hash function , which can map any finite-length information into a fixed-length value . Its characteristic is that a small change in the input data will lead to a huge change in the output result, and it is almost impossible to reversely calculate the input data from the output. Often used to ensure data integrity and implement digital signatures .

Main uses include:

  • Message Integrity Check : Hash functions can be used to verify the integrity of data. The sender performs hash calculation on the data to be transmitted, and passes the hash value to the receiver. After receiving the data, the receiver performs hash calculation again and compares it with the passed hash value. If the hash values ​​are consistent, it means that the data has not been tampered with during transmission, which ensures the integrity of the data.

  • Digital signatures : Hash functions play an important role in digital signatures. For the data to be signed, the sender first hashes it to obtain the hash value. The sender then encrypts the hash with its own private key, generating a digital signature. The recipient uses the sender's public key to decrypt the digital signature to obtain a hash value, and performs hash calculation on the original data. If the two hash values ​​are the same, it means the validity of the digital signature and the integrity of the data.

A secure hash function needs to satisfy the following properties:

  • Unidirectionality : For any given code h, it is computationally infeasible to find x;
  • Weak collision resistance : Any given group x, seeking y not equal to x makes it computationally infeasible;
  • Strong collision resistance : seek for any (x, y) pair, making it computationally infeasible.

Currently commonly used hash functions:

MD5 algorithm

  • The message digest algorithm (RFC1321) was proposed by Ron rivest. The algorithm takes an arbitrarily long message as input and outputs a 128bt message digest.

SHA-1 algorithm

  • The Secure Hash Algorithm (Secure Hash Algorithm, SHA) was designed by the American Institute of Standards and Technology and released in 1993 as the Federal Information Processing Standard (FPS180), and the revised version was released in 1995 (FPS180-1), commonly known as SHA- 1. The input of the SHA-1 algorithm is any message x whose length is less than 2^64, and outputs a 160-bit hash value.

2. Digital signature

introduce

  • Encrypting and hashing data can prevent third parties from stealing, tampering, and destroying data , but it cannot prevent mutual attacks between communication parties . There may be deception and repudiation between the two parties in the communication. An effective solution is digital signature.
  • Digital signature refers to some data attached to the data unit , or a cryptographic transformation of the data unit, which enables the receiver of the data unit to confirm the source of the data unit and the integrity of the data unit, and protect the data , to prevent forgery . ·
  • Digital signature is the combination of public key encryption technology and digital abstract technology .

Basic Features of Digital Signatures

  • Non- repudiation : Once a digital signature is created, it is difficult for others to forge a legal digital signature unless they have the signer's private key . This means that digital signatures can be used to verify the authenticity and integrity of data and prevent the signer from denying the signature.

  • Non -deniability: Anyone can verify the validity of a digital signature using the signer's public key. Due to the unforgeability of digital signatures, the signer cannot deny the signature he created . This allows the recipient of the signature to confirm the source of the message and prevents the signer from later denying the signing act.
  • Guarantee the integrity of the message, that is, the message is tamper-proof : through digital signature, the integrity of the message can be guaranteed and tamper-proof. The sender signs the message with the private key, and the receiver verifies it with the sender's public key. If the verification passes, it means that the message has not been tampered with. This guarantees the security and reliability of data transmission, and is especially suitable for scenarios such as digital communication, electronic contracts, and online transactions.

Application example

Sending process :

  1. The sender creates the message : The sender prepares the message to be sent, and uses the hash function to perform digest calculation on the message to generate the hash value of the message.

  2. Sender's signature : The sender uses its own private key to encrypt the hash value of the message to generate a digital signature.

  3. Send message and signature : The sender sends the message to the receiver along with the digital signature.

Receiving process :

  1. Receiver receives message and signature : The receiver receives the message and digital signature sent by the sender.

  2. Use the public key to decode the signature : the recipient uses the sender's public key to decrypt the digital signature and obtain the decrypted hash value.

  3. Verification of message integrity : The receiver uses the same hash function to perform digest calculation on the received message to generate the hash value of the received message.

  4. Compare the hash value : The receiver compares the decrypted hash value with the hash value calculated by itself. If the two hash values ​​are the same, it means that the received message has not been tampered with; if they are different, it means that the message has been tampered with .

  5. Verify the validity of the signature : If the hash value comparison is successful, the receiver can be sure of the integrity of the message. The recipient can then use the sender's public key to verify the signature to confirm the validity of the signature. If the signature is verified, then the source of the message can be determined.

Through the above process, the digital signature can guarantee the integrity of the message during the sending process, and verify the integrity and source authentication of the message during the receiving process. If the message has been tampered with or the signature verification fails, the receiver will realize that the factors ensuring the security and integrity of the message are not as expected and may refuse to accept the message.

Please note that in practical applications, issues such as key management and the use of digital certificates need to be considered to ensure the security and validity of digital signatures.

 

5. Public Key Infrastructure

1. PKI architecture

Public Key Infrastructure (Public Key Infrastructure, PK), also known as public key infrastructure

  • According to the X.509 standard formulated by the International Telecommunication Union (ITU), PKI "is a collection including hardware, software, personnel, policies and procedures, used to realize the generation, management and storage of keys and certificates based on public key cryptography. , distribution and withdrawal functions.
  • PKl is a standard-compliant technology and specification that uses public-key encryption technology to provide security-based integration. It is a basic solution that can provide trust, encryption, and password services for network applications.
  • The essence of PKI is to realize the public key distribution problem in a large-scale network and establish a foundation for trust in a large-scale network.

PKI Architecture - Four Types of Entities

CA(Certification Authority):

  • CA refers to the certification authority , which is responsible for managing the generation, issuance, renewal and revocation of user digital certificates .
  • As an authority , CA verifies the holder and signs a digital certificate to prove the user's true identity .

RA(Registration Authority):

  • RA is the application, review and registration center for digital certificates, and it is also an extension of CA.
  • The RA is responsible for collecting the user's identity information, and after verification and review, the information is passed to the CA to issue the certificate.

Certificate:

  • A certificate is an electronic file conforming to a specific format , which is used to identify the real identity of the digital certificate holder and provide a public key.
  • It is issued by a CA and contains information such as the holder's public key, digital signature, and validity period, and is used for authentication and encrypted communication.

End entity:

  • The end entity refers to the end user who owns the public-private key pair and the corresponding public key certificate , which can be a person, device or process, etc.
  • End entities use certificates for authentication and secure communication, ensuring the confidentiality and integrity of information.

 

2. Digital certificate

What is a digital certificate

  • A piece of electronic data is a data body signed by the certificate authority CA and contains the owner's identity information and public key .
  • A digital certificate corresponds to a pair of public and private keys, and the public key is placed in the digital certificate in plain text, while the private key is kept secretly by the owner .

The role of digital certificates

  • After being signed by the certificate authority CA, the authenticity of the information in the digital certificate is ensured, and the digital certificate can be used as the identity certificate of the terminal entity .
  • In e-commerce and network information exchange, digital certificates are often used to solve mutual trust issues . By verifying the authenticity and integrity of the digital certificate, the communicating parties can confirm each other's identity and ensure the security and reliability of the information.

3. CA (Certification Authority) certification authority

CA is the core component of PKI, and the PKI system is often called the PKCA system.

The certificate authority CA is responsible for the generation, issuance and management of digital certificates to ensure the authenticity and reliability of digital certificates.

  • Issuing digital certificates: issuing certificates, renewing certificates
  • Manage digital certificates: revocation, query, audit, statistics
  • Verification of digital certificates: blacklist certification (CRL), online certification (OCSP)

4. RA: Certificate Registration Authority

  • Digital Certificate Enrollment Center
  • It is the application, review and registration center for digital certificates, and it is also an extension of the CA certification authority.
  • Logically, RA and CA are a whole, mainly responsible for providing certificate registration, audit and certificate issuance functions. 

5. Definition and composition of PKI

Certificate/CRL library

  • The certificate/CRL library is mainly used to issue and store digital certificates and certificate revocation lists (Certificate Revocation List, CRL), for users to query and obtain digital certificates of other users and certificate revocation lists in the system.

end entity

  • Refers to the end user who owns the public-private key pair and the corresponding public key certificate, which can be a person, device, process, etc.

6. PKI system workflow

7. Typical application of PKI/CA technology

 

рекомендация

отblog.csdn.net/weixin_43263566/article/details/132047366
рекомендация
ранжирование
Глубокое понимание модели памяти jvm-java (в сочетании с volatile)
Babbitt | Metaverse Daily Must-Read: "Comprehensively Embracing Large Models" is Xiaomi's next strategy. Lei Jun delivered an annual speech, announcing his progress and strategies on AI large models...
Исследование Примечание (07): C # быстрый ввод - однорядные и многострочные комментарии
Автономный скрипт Centos для автоматического развертывания jdk
MyBatis の #{ } と ${ }
OpenHarmony的技术架构【鸿蒙开发20】
Что такое черная дыра? Что делать, если сервер подвергся DDOS-атаке и попал в черную дыру?
Hololens学习(四)一、MRTK功能——input System(输入系统)
цвет чай Ян Юэ
Использование панды в Python (1)
файл
более
2024-05-14(10)
2024-05-13(8)
2024-05-12(29)
2024-05-11(32)
2024-05-10(33)
2024-05-09(31)
2024-05-08(18)
2024-05-07(34)
2024-05-06(5)
2024-05-05(0)

Код мира

© 2018 codetd.com