Current location - Quotes Website - Signature design - Brief introduction of common cryptographic techniques
Brief introduction of common cryptographic techniques
##

Application of Cryptography Technology in Network Transmission Security

With the rapid development of Internet e-commerce and online payment, Internet security has become one of the most important factors. As a qualified software development engineer, you need to know how to ensure the safe transmission of data throughout the Internet. This paper briefly introduces the network transmission security system and related algorithm knowledge, hoping that everyone can have a preliminary understanding.

# # # Definition of encryption technology

Simply understood, cryptography is the technology of compiling and decrypting passwords, which is what we often call encryption and decryption. Common structure as shown in the figure:

Technical terms involved:

1. key: it can be divided into encryption key and decryption key. The same encryption algorithm is called symmetric encryption, and the different one is called asymmetric encryption.

2. Clear text: Unencrypted original information cannot be leaked;

3. Ciphertext: Encrypted information, from which effective plaintext information cannot be obtained;

4. Encryption: In the process of converting plaintext into ciphertext, the length of ciphertext will increase differently according to different encryption algorithms;

5. Decryption: the process of converting ciphertext into plaintext;

6. Encryption/decryption algorithm: the encryption method and decryption method used by the encryption system;

7. Attack: refers to the method of intercepting data stream, fishing, Trojan horse, exhaustive and so on to finally obtain the key and plaintext.

# # # Cryptography is closely related to our work and life.

In our daily life and work, the application of cryptographic technology can be seen everywhere, especially on the Internet system. Here are a few representative pictures, and the knowledge points involved will be explained one by one.

1. 12306 Every time you visit an old website, the browser usually prompts a warning. What is the reason? What are the risks?

2.360 When the browser browses the HTTPS website, clicking the small lock icon in the address bar will display the encryption details, such as ```` AES_ 128_GCM, ECDHE_RSA ```````, what do these mean?

3. There are many system root certificates in the keychain of 3.Mac system, which is very informative after expansion. What are these for?

4. If you go to the bank to open online payment, you will get a U shield. What's the use of U shield?

# # How to ensure the security of network data transmission

Next, starting from the actual scene, we take the most common file transfer between client and server as an example to understand the whole security system step by step.

# # # 1. Confidential

First of all, the client should send the file to the server, not in plain text, otherwise the hacker will intercept the data stream and easily obtain the whole file. In other words, files must be kept secret, which requires the use of symmetric encryption algorithms. ?

* * Symmetric encryption: * * Encryption and decryption use the same key, which is called symmetric encryption. Its characteristics are high speed and efficiency, and it is suitable for encrypting a large amount of data. Common symmetric encryption algorithms include DES, 3DES, AES, TDEA, RC5, etc. Let's take a look at the most common 3DES and AES algorithms:

* * DES (Data Encryption Standard): * * 1972 was developed by IBM. The mathematical principle is to group plaintext into 8 bytes (less than 8 bits can have different patterns of padding), and get the encryption result through mathematical permutation and inverse permutation. The length of ciphertext and plaintext is basically the same. The key length is 8 bytes, and then there is a more secure variant, which uses 3 keys to encrypt for three times, that is, 3DES encryption.

* * 3des: * * It can be understood that plaintext is encrypted by des three times, which enhances security.

* * AES (Advanced Encryption Standard): * * 2006 54 38+0 was released by the United States, became an effective standard in 2002, and became one of the most popular symmetric encryption algorithms in 2006. Because of its higher security, it is gradually replacing the 3DES algorithm. Its plaintext packet length is 16 bytes, and the key length can be16,24,32 (128,192,256 bits) bytes. According to the key length, the algorithms are called AES- 128 and AES-65438+.

The parameters of symmetric encryption algorithm are basically similar, all of which are plaintext, key and mode. Simulation tests can be conducted through the website: [/crypt3des] (). Among them, I mainly know two simple models, ECB and CBC, and others who are interested can consult on their own.

** ECB mode (electronic codebook): * * In this mode, the plaintext is divided into several small segments, and then each segment is encrypted separately, and each segment is unaffected, so some secret messages can be decrypted separately.

** CBC mode (cipher block chaining): * * In this mode, the plaintext is divided into several small segments, and then each segment is XOR with the initial vector (iv offset in the above figure) or the ciphertext of the encrypted previous segment. It is impossible to decrypt the decrypted ciphertext alone.

? * * Complement: * * is often used as PKCS5Padding, and the rule is to make up a few if they are missing. For example, the plaintext data is ``/x01/x01/x01/x01```` 6 bytes, and two ``````/x02` are missing. After decryption, it will also follow this law in turn. It should be noted that when the plaintext is 8 bits, 8 ````/x08 ````````` should be added at the back.

# # # 2. Authenticity

When the client has a symmetric key, it needs to consider how to send the key to the server. The problem is the same as above: it can't be transmitted directly in plain text, otherwise it will still be intercepted by hackers. An asymmetric encryption algorithm is needed here.

* * Asymmetric encryption: * * Encryption and decryption keys are different, called publicKey and privateKey respectively. The two appear in pairs, public key encryption can only be decrypted by private key, and private key encryption can only be encrypted by public key. The difference between them is that the public key is public and can be provided to anyone at will, while the private key must be kept secret. Its characteristic is good confidentiality, but the encryption speed is slow. Common asymmetric encryption algorithms are RSA, ECC and so on. Let's take a look at the common RSA algorithm:

** RSA(Ron Rivest, adi shamir, Leonard Adleman): * * 1977 was put forward by three people in MIT, and RSA is composed of the initials of their surnames. The mathematical principle is based on the decomposition of large numbers. It is similar to ````` 100 = 20x5`````````If only100 is known, it will take many calculations to try out the two factors of 20 and 5. If 100 is changed to a very large number, it will be very difficult to try out the real result. Here is a pair of randomly generated public keys and private keys:

This is that result encrypt with the public key:

This feature of RSA can ensure the authenticity of the private key holder. After the client encrypts the file with the public key, even if the hacker intercepts the data, it cannot be decrypted because there is no private key.

* * Tip: * *

+* * Can you directly encrypt and decrypt with RSA public and private keys without symmetric encryption? **

Answer: No, firstly, the speed of RSA encryption is several tens or even hundreds times slower than that of symmetric encryption, and secondly, the amount of data encrypted by RSA will become much larger.

+* * The server generates a symmetric key and then encrypts it with the private key. Is it feasible to decrypt it with the public key? **

Answer: No, because the public key is public, anyone can get the public key to decrypt and get the symmetric key.

####3. Complete

When the client sends a file encrypted with a symmetric key to the server, if it is intercepted by a hacker, it cannot be decrypted to get the symmetric key. However, a hacker can encrypt a fake symmetric key with the server's public key and send a fake file with the fake symmetric key to the server, so that the server will still think that it is sent by a real client and not know that the read file has been replaced.

This problem requires a Hash algorithm, which can also be translated into hash. Common ones are MD4, MD5, SHA- 1, SHA-2, etc.

* * hash algorithm): * * Simply put, it is the function of compressing messages of any length into message digests of fixed length. Moreover, the process is irreversible and the original text cannot be obtained through abstraction.

* * SHA- 1 (secure hash algorithm 1): * * proposed by the United States, which can generate a 20-byte message digest. In 2005, an effective attack method against SHA- 1 was found, which is no longer safe. After 20 10, it is suggested to replace SHA- 1 with SHA-2 and SHA-3.

* * sha-2 (Secure Hash Algorithm 2): * * There are six different algorithm standards: SHA-224, SHA-256, SHA-384, SHA-5/KOOC-0/2, SHA-5/KOOC-0/2 and SHA 5/KOOC-0/2. The number behind it is the length of the summary result, and the longer it is, the smaller the collision probability is. SHA-224 is used for the following purposes:

The client can obtain the digest message of the file through the above hash algorithm, and then encrypt it with the private key of the client and send it to the server together with the encrypted file. After the hacker intercepts the data, the symmetric key cannot be obtained without the server private key, and the digest message cannot be forged without the client private key. If the package file is removed as described above, the server can know that the file has been tampered by replacing the package after receiving the decrypted digest message.

This process of encrypting abstract messages with private key is called digital signature, which solves the problem of whether files have been tampered with or not, and can also determine the identity of the sender. It is usually defined as follows:

* * Encryption: * * When data is encrypted with a public key, it is called encryption.

* * Signature: * * When data is encrypted with a private key, it is called a signature.

####4. Trust

We encrypt the file by symmetric encryption algorithm, transmit the symmetric key by asymmetric encryption, and then use hash algorithm to ensure that the file has not been tampered with and the identity of the sender. Is this safe?

The answer is no, because the public key is sent to the other party through the network. In the meantime, if there is a problem, the public key received by the client may not be the real public key of the server. The common man-in-the-middle attack * * is an example:

* * Man-in-the-middle attack (MITM): * * An attacker pretends to be a proxy server, and when the server sends a public key certificate, it is tampered with as an attacker. Then after receiving the client data, decrypt it with the attacker's private key, then tamper with it, sign it with the attacker's private key, and send the attacker's public key certificate to the server. In this way, the attacker can deceive both parties to obtain plaintext at the same time.

This kind of risk requires CA to digitally sign the public key certificate and bind the public key to its owner, namely PKI system.

* * PKI (Rights Management Infrastructure): * * Infrastructure supporting public key management, which can support authentication, encryption, integrity and responsibility. It can be said that the data transmission of the whole Internet is guaranteed by PKI system.

* * CA (Certificate Authority): * * CA is responsible for issuing certificates, and it is a relatively recognized and authoritative certificate issuing authority. CA has a management standard: WebTrust. Only by passing the WebTrust international security audit certification can the root certificate be pre-installed in mainstream browsers and become a credible certification body in the world. For example, GlobalSign, VeriSign, DigiCert in America and Entrust in Canada. In China, CFCA is managed by the People's Bank of China, and China Telecom is primarily responsible for the construction of non-financial CA.

CA certificate application process: After the company submits the corresponding materials, the CA organization will provide the company with the certificate and its private key. Issuer, public key, subject, valid slave, valid to and other information will be written into the certificate in plain text, and then a fingerprint of these digital certificates will be calculated by a fingerprint algorithm, and the fingerprint and fingerprint algorithm will be encrypted with their own private keys. Because browsers basically have built-in root certificates of CA organizations, the fingerprints of company certificates can be verified correctly without security warning.

But in fact, all companies can issue certificates, and even individuals can issue certificates at will. However, because our root certificate is not built into the browser, when the client browser receives the certificate issued by us, it can't find the root certificate for verification, and the browser will directly warn you, which is why the warning will appear when opening 12306. This certificate issued by an individual can actually eliminate this warning by setting the system as a trusted certificate. However, because the authority and security of this certification authority are hard to trust, it is best not to do so.

Let's take a look at the certificate information of Baidu HTTPS:

Among them, the more important information:

Publisher: Globalsign rootca

Effective date: valid from 20 18-04-03 to 20 19-05-26;

Public key information: RSA encryption, 2048 bits;

Digital signature: Sha-256 with RSA encryption (1.2.840.113549.1.1).

Binding domain name: If the current domain name is inconsistent with the certificate binding domain name when HTTPS verification is performed again, a warning will also appear;

URI: online management address. If the current private key is at risk, CA can revoke the certificate online.

# # # 5. Undeniability

It seems that the whole process is safe, but there are still risks: what if the server refuses to admit it after signing, and the contract cannot be fulfilled due to the fault?

The solution is to use the digital timestamp service: DTS.

* * * DTS (digital time-stamp): * *): The role of * * is to require all parties involved in the transaction not to deny their actions for the successful application of e-commerce. Generally speaking, the process of generating digital timestamps is as follows: users first use hash algorithm to form a summary of files that need to be timestamped, and then send the summary to DTS. DTS digitally signs the file after adding the date and event information of receiving the file summary, and then delivers it to the user.

####6. Certification again

We have a digital certificate to ensure the authenticity of identity, and the non-repudiation provided by DTS. But it is still not 100% sure that the person who uses the private key is the legal holder. There may be a risk that others will steal the private key used for the transaction.

To solve this problem, it is necessary to use strong password, authentication token OTP, smart card, U shield or biometric technology to authenticate the current user who uses the private key, and its legality has been confirmed. Let's take a brief look at the common U shield.

** USB Key(U shield): * * When it first appeared, it looked like a U disk, and its security performance was like a shield, so it was named U shield. There is a writable and unreadable area to store the user's private key (there is also a public key certificate), and the bank also has a copy. When trading, all operations involving the private key are carried out inside the U shield, and the private key will not be revealed. After the transaction is confirmed, the detailed data of the transaction will be displayed on the U shield screen. After confirmation, the transaction can be successfully completed by physical key confirmation. Even if there is a problem, hackers can't control the physical keys of the U shield, and users can cancel them in time to avoid losses. Some U shields also have multiple certificates to support the state secret algorithm.

* * State secret algorithms: * * The State Cryptography Bureau has formulated some domestic cryptographic algorithms for various algorithms. Specifically, it includes: SM 1 symmetric encryption algorithm, SM2 public key algorithm, SM3 digest algorithm, SM4 symmetric encryption algorithm, ZUC Zu Chongzhi algorithm, etc. This can further control the security and data security of domestic firmware.

## HTTPS analysis

With the above knowledge, we can try to analyze the whole process of HTTPS and intercept an HTTPS message with Wireshark:

Client Hello: The client sends Hello to server port 443, including random number, encryption algorithm supported by the client, TLS version number of the client, etc.

Server Hello: the server replies Hello to the client, including the encryption suite and random number selected by the server;

Certificate: The server sends a certificate to the client.

The server calculates the symmetric key: the symmetric key is obtained by ECDH algorithm.

The client calculates the symmetric key: the symmetric key is obtained by ECDH algorithm.

Start encrypting and transmitting data with symmetric keys.

Among them, we encounter a new algorithm: DH algorithm.

* * DH (Diffie-Hellman): * *1976 A wonderful key exchange protocol proposed by Whitefield and Martin Hellman. The ingenuity of this mechanism is that both parties can obtain the same key in a secure way. The mathematical principle is based on the nature of the original root, as shown in the figure:

* * * The purpose of the algorithm is not to encrypt or decrypt messages, but to securely exchange the same key between two communicating parties. ***

* * ECDH: * * DH key exchange algorithm based on ECC (elliptic curve cryptosystem), the mathematical principle is based on the discrete logarithm problem on elliptic curve.

* * ecdhe: * * Literally an e is missing, and e stands for temporary. During the handshake, as a server, ECDH uses the certificate public key instead of Pb and its own private key instead of Xb. In this algorithm, the server does not send the server key exchange message, because the certificate itself contains Pb information when sending the certificate message.

# # Summary

| Algorithm name? | Function | Purpose | Name of commonly used algorithm |

| - | : - | : - : | - : |

| Symmetric encryption? | Fast and efficient | Used to directly encrypt files | 3DES, AES, RC4 |

| Asymmetric encryption? | Relatively slow, but safe | Building CA system | RSA, ECC |

| Hash algorithm | The calculated digest length is fixed and irreversible | Prevent file tampering | SHA- 1, SHA-2 |

| DH algorithm | Secure derivation of symmetric key | Exchange symmetric key | ECDH |

-