Current location - Quotes Website - Personality signature - Fundamentals of network security
Fundamentals of network security
Basic attributes required for network security communication:

1. Confidential

2. Message integrity

3. Accessibility and usability

4. Identity authentication

eavesdrop

insert

pretend

kidnap

5. denial of service DoS and distributed denial of service DDoS

Step 6 draw pictures

Smell

8.IP spoofing

data encryption

? Clear text: an unencrypted message.

? Ciphertext: Encrypted information

? Encryption: the process of disguising messages to hide them, that is, the process of plaintext ciphertext.

? Decryption: the process of secret civilization

1. Replace password: replace plaintext letters with secret letters.

Shift password encryption function:

: encryption process

: clear text information

? Key, which means to move a few numbers.

If it is 26 letters, then Q is 26.

Decryption function:

: decryption process

: ciphertext

? : key

2.? Transposition password: rearrange plaintext according to certain rules.

For example, if the text is "Bob, I love you". Alice "is encrypted with Caesar password with k=3. What is the ciphertext obtained?"? What is the ciphertext obtained by column permutation encryption with the key "nice"?

Caesar password encryption ciphertext answer is:

"Before I grow up"

The ciphertext obtained after column permutation password encryption is:

iex bvu bly ooo "

Analyze Caesar's password:

Take the plaintext letter B as an example, where m = 2 (the position of B is 2), k=3 and q=26, then:

Ciphertext, corresponding to the letter e, so b is encrypted and becomes e.

The ciphertext "ere l oryh brx Dolfh" is obtained by replacing all plaintext.

? Column replacement password:

The alphabetical order of the "nice" key is "4,3, 1, 2". Therefore, the letters in the table are read out in this order to form ciphertext: "IEX BVU BLYOOOO". (There are several columns of keys. If the plaintext is not enough, make up x, and then read by column. )

1. Symmetric key password: the encryption key is the same as the decryption key (). For example, lock the box with a lock, which has two identical keys. After locking, send him another key.

2. Symmetric key password classification:

? Block cipher: DES, AES, IDEA, etc. (group processing)

1) (data encryption standard): 56-bit key, 64-bit grouping. (A 56-bit binary number, where the value of each bit is 0 or 1, then all values are 1)

2): Use two keys (*** 1 12 bits) to execute the DES algorithm for three times. (Encrypt once with 1 key, decrypt once with another key, * * * three times).

3) (advanced encryption algorithm): the block 128 bits, and the key 128/ 192/256 bits.

4) Idea: grouping 64 bits, key 128 bits.

? Stream passwords (one by one)

1. Asymmetric key encryption: The encryption key and decryption key are different, one of which is used for encryption and the other is used for decryption. (Private key: owned by the holder? Public key: public)

2. Encryption keys can be made public, which is also called public key encryption.

3. Typical public key algorithm:

? Diffie-Herman algorithm

? RSA algorithm

Encrypted hash function

1. Features:

? Fixed length output;

? One-way (message cannot be inverted based on hash value)

? Anti-collision (no two messages with the same hash value can be found)

2. Typical hash function

? MD5: 128-bit hash value

? Sha- 1: 160-bit hash value

Message authentication is an authentication method that enables the receiver of a message to check whether the received message is true or not. The source is true and has not been tampered with.

1.? Message digest (digital fingerprint)

2. Message authentication method

? Simple message verification: Only the message digest is used, and the authenticity of the message source cannot be verified.

? Message authentication code: Use * * * to enjoy the authentication key, but it cannot prevent the receiver from tampering.

Authentication, data integrity, non-repudiation

1. Simple digital signature: sign the message directly.

2. Signature message digest

1. password: it will be eavesdropped.

2. Encryption password: It may be attacked by playback/replay.

Encrypted passwords may be intercepted. Although he didn't know what the password was, he submitted the encrypted password to the server and said it was my encrypted password. It's called replay.

3. Encrypt a one-time random number: it may be attacked in the middle.

Alice sent Bob that she was Alice, but Bob said that you should prove to me that Bob generated a random number and sent it to Alice, so that Alice could encrypt it with her private key, then send the data to Bob, and then Bob asked Alice for a public key to decrypt it. If the decoded random number is the same as that sent to Alice by Bob, it means that she is Alice.

This method will be attacked by middlemen. The private key encryption sent by Alice was changed by Trudy to the data encrypted by her own private key and then sent to Bob, and the public key was changed by Trudy. Finally, Bob encrypts the data with the public key and sends it to Alice. Trudy intercepted it and decrypted it with his own private key, thus obtaining the data.

There are loopholes in key distribution: mainly in key distribution and public key authentication, which need to be solved by key distribution center and certificate certification authority.

When two parties communicate, they need to negotiate a key and then encrypt it. They need to negotiate a key every time they communicate to prevent the key from being reused after being intercepted, so they need to change the key every time, which involves the key distribution problem.

Key generation and distribution based on KDC

CA: Bind the public key to a specific entity.

1. Verify the true identity of the entity;

2. Issue digital certificates for entities (entity identity and public key binding).

Firewall: Software, hardware or a combination of software and hardware, which can isolate an organization's internal network from the public Internet, allow some packets to pass through, and prevent other packets from entering or leaving the internal network.

Premise: All traffic from the outside to the inside and from the inside to the outside must pass through the firewall.

1. Stateless packet filter

Decide whether to deliver or discard packets according to specific rules, such as using rules that implement firewalls.

2. State Packet Filter

Track the establishment and disconnection of each TCP connection, and decide whether to allow packets to pass according to the state.

3. Application Gateway

Identify users or enable specific services for authorized users.

Intrusion detection system (IDS): A device or system that can give a warning when potential malicious traffic is observed.

1. Email security requirements

1) confidentiality

2) Integrity

3) Identity authentication

4) refuse to resist

2. Secure e-mail standard:

1.SSL is a security protocol between and.

2.SSL protocol stack

(The traditional TCP protocol has no security protocol, and the transmission is plaintext, so SSL protocol is set above TCP to ensure security. )

3.SSL handshake process

Negotiate password group, generate key, server/client authentication and verification.

1. Virtual Private Network

The secure channel based on Internet can realize the secure connection among remote users, branches and business partners. And build a private network for a specific organization.

Key technologies: such as IPSec.

2. Typical network layer security protocols-

Provide confidentiality, authentication, data integrity and replay attack protection services.

Architecture: authentication header AH protocol and encapsulated security payload ESP protocol.

Operation modes: transmission mode (AH transmission mode and ESP transmission mode) and tunnel mode (AH tunnel mode and ESP tunnel mode).

This paper mainly introduces the basic concept of network security, data encryption algorithm, message integrity and digital signature, identity authentication, key distribution center and authentication institution, firewall and intrusion detection, and network security protocol.

Review:

1. Basic properties of network security

2. Typical data encryption algorithm;

3. Message integrity, digital prefix and authentication principle.