Generally speaking, information security mainly includes system security and data security. System security generally adopts passive measures such as firewall, virus killing and prevention; Data security mainly refers to the active protection of data by using modern cryptographic technology, such as data confidentiality, data integrity, data non-repudiation and denial, and two-way identity authentication.
Cryptography is the core technology to ensure information security. Cryptography technology has been applied in ancient times, but it is limited to important fields such as diplomacy and military affairs. With the rapid development of modern computer technology, cryptography is constantly infiltrating into more and more other fields. It is an interdisciplinary subject integrating mathematics, computer science, electronics and communication. Cryptography technology can not only ensure the encryption of confidential information, but also complete digital signature, identity verification, system security and other functions. Therefore, the use of cryptographic technology can not only ensure the confidentiality of information, but also ensure the integrity and verifiability of information, and prevent information from being tampered with, forged and counterfeited.
Cryptography includes cryptography and cryptanalysis. The design of cryptographic system is the main content of cryptography, and the decryption of cryptographic system is the main content of cryptanalysis. Cryptographic coding technology and cryptanalysis technology are interdependent, mutually supportive and inseparable.
Cryptosystem includes symmetric key cryptosystem and asymmetric key cryptosystem. Symmetric key cryptosystem requires both encryption and decryption to have the same key. The asymmetric key cryptosystem is that the encryption and decryption parties have different keys, and the encryption key and decryption key cannot be calculated with each other without knowing the trap information.
However, cryptography includes not only encoding and decoding, but also security management, security protocol design, hash function and so on. Moreover, with the further development of cryptography, a large number of new technologies and concepts have emerged, such as zero-knowledge proof technology, blind signature, quantum cryptography, chaotic cryptography and so on.
The Chinese government clearly stipulates that it is strictly forbidden to directly use foreign cryptographic algorithms and security products. This is because: foreign countries prohibit the export of cryptographic algorithms and products, and the so-called export security cryptographic algorithms have decoding means abroad; Worried that there is a "back door" in foreign algorithms and products, which will endanger China's information security at a critical moment. 1999 the State Council promulgated the regulations on the management of commercial passwords, which made specific provisions on the management and use of passwords. At present, China's information security system is managed by the National Cryptography Management Committee.
Symmetric key cryptosystem
Symmetric cryptosystem is developed from the traditional simple transposition. Its main feature is that both encryption and decryption should use the same key in the process of encryption and decryption. DES (Data Encryption Standard) cryptographic algorithm is the most widely used.
Since 1977, the United States promulgated DES cryptographic algorithm as the American data encryption standard, symmetric key cryptosystem has been widely used. Symmetric key cryptosystems can be divided into two categories: sequential cryptosystems and block cryptosystems.
1. serial password
Sequence cipher has always been one of the main cryptographic techniques used in military and diplomatic occasions. Its main principle is to use the finite state machine to generate a pseudo-random sequence with excellent performance, and use this sequence to encrypt the information flow to get a ciphertext sequence. Therefore, the security strength of the sequence cipher algorithm depends entirely on the quality of the pseudo-random sequence it generates. One of the main methods to generate good sequence cipher is to generate pseudo-random sequence by using shift register. At present, the order of the register is required to be greater than 100 to ensure the necessary security. The advantages of sequence cipher are small error expansion, high speed, easy synchronization and high security.
2. Block cipher
The working principle of block cipher is to divide plaintext into fixed-length blocks, such as 64 bits, encrypt each block with the same key and algorithm, and output fixed-length ciphertext.
The main problem of symmetric key cryptosystem is that both encryption and decryption need to use the same key, so the key distribution must be completed before sending and receiving data. Therefore, the distribution of keys has become the weakest and riskiest link in the encryption system, and it is difficult to ensure the safe completion of this work by all means. In this way, the period of updating the key is prolonged, which provides an opportunity for others to decipher the key. There are only two ways to crack other countries' intelligence in history: one is to intercept the enemy's password book in the process of replacing it; The other is that the enemy's key replacement cycle is too long, and it takes a long time to find out the law and be cracked. In the symmetric algorithm, although the chance of tracking and finding out the rule to crack the key is greatly reduced due to the enhancement of the key strength, the problem of key distribution can hardly be solved. For example, if n parties participate in communication, if all n parties use the same symmetric key, once the key is cracked, the whole system will collapse; If different symmetric keys are used, n(n- 1) keys are needed, and the number of keys is proportional to the square of the number of people participating in the communication. It can be seen that the management of large-scale system keys is almost impossible.
However, due to the advantages of fast encryption and decryption and high security, symmetric key cryptosystem is now more and more used in military, diplomatic and commercial fields.
Asymmetric key cryptosystem
Asymmetric key cryptosystem, namely public key cryptosystem, is the most important invention and progress of modern cryptography. Generally speaking, cryptography is to protect the confidentiality of information transmission, but this is only one aspect of cryptography today. Verifying the true identity of the sender and receiver of information, the undeniable nature of sending/receiving information afterwards and the protection of data integrity are another important aspect of modern cryptography research. The public key cryptosystem has solved these two problems well, and has produced many new ideas and schemes.
1976, in order to solve the problem of key distribution and management, Diffie and Hellman put forward a key exchange protocol in their basic work "The New Direction of Cryptography", which allowed the two communication parties to exchange information on insecure media and transmit keys safely. On the basis of this new idea, public key cryptosystem appeared soon. In this scheme, the keys appear in pairs, one is the encryption key (PK public key) and the other is the decryption key (SK secret key), and the other cannot be deduced from one of them. The encryption key is different from the decryption key. The encryption key can be made public and anyone can use it. Only the decryptor knows the decryption key, and the information encrypted with the public key can only be decrypted with the private key. Because the public key algorithm does not need an online key server and the key distribution protocol is simple, the key management is greatly simplified. In addition to the encryption function, the public key system can also provide digital signatures. At present, the public key encryption algorithms mainly include RSA, Fertezza, EIGama and so on.
RSA is by far the most famous and widely used public key cryptosystem. RSA public key cryptosystem was proposed by three professors, R.Rivest, A.Shamir and L.Adleman, in 1977. RSA's name comes from the initials of these three inventors' surnames.
The initial goal of RSA algorithm development is to solve the problem of transmitting and distributing DES algorithm keys through open channels. The actual results not only solve this problem well, but also can use RSA to complete the digital signature of the message to prevent the denial and negation of the message. At the same time, it can also use digital signature to easily find the attacker's illegal tampering with the message, thus protecting the integrity of data information.
The advantage of public key is that the user may not know an entity, but as long as its server thinks that the CA (abbreviation of Certification Authority) of the entity is reliable, it can carry out secure communication, which is exactly what Web commerce and other services require. For example, when shopping by credit card, the service provider can authorize its own resources according to the reliability of the issuer of the customer CA. At present, there is no CA that can be widely trusted at home and abroad, so it is very dangerous for foreign companies to act as CA in China.
Public key cryptosystem is slower than private key cryptosystem, so the best performance can be obtained by combining these two technologies. That is, public key cryptography is used to transmit the key between the two communication parties, and the actual transmitted data is encrypted and decrypted by using the key.