2) Take the initiative to attack
Several common ways:
(1) tampering:
Attackers tamper with messages transmitted on the network, for example, completely interrupt and forge messages;
② Malicious programs: including the following types:
③ Denial of service
Attackers constantly send a large number of data packets to a server on the Internet, resulting in the server being unable to provide normal services or even completely paralyzed.
④ Switching attack
Attackers send a large number of frames with forged source MAC addresses to Ethernet switches. After the switch receives the MAC address, it learns and records it, which causes the switching table to fill up quickly and cannot work normally.
People always want to design a secure computer network, but unfortunately, the security of the network is undecidable, and only one secure communication protocol can be designed for specific attacks.
Four goals of computer network security
1) Confidentiality: It is required that only the sender and receiver of the information can understand the content of the sent information, but the interceptor of the information cannot understand the intercepted content. In this way, deal with passive attacks;
2) Endpoint authentication: The computer network is required to authenticate the true identities of the sender and receiver of information. Respond to the active attack;
3) Integrity of information: it is required that the content of information has not been tampered with;
4) Security of operation: The security of computer system during operation is required. Access control is a coping method. Respond to malicious programs and denial of service attacks.
The sender sends plaintext P to the receiver, and obtains ciphertext C through encryption algorithm. The receiver decrypts the plaintext P through a decryption algorithm.
If no matter how many ciphertexts the interceptor obtains, there is not enough information in the ciphertext to uniquely determine the corresponding plaintext, then this cryptosystem is called unconditional security or theoretically unbreakable.
At present, almost all cryptographic systems have been cracked without restrictions.
People are concerned about developing an unbreakable cryptographic system on the computer (not in theory). A cryptographic system is said to be computationally secure if its passwords cannot be deciphered by available computer resources within a certain period of time.
2) Development history
Symmetric cryptosystem means that the encryption key and decryption key use the same cryptosystem.
1) Data Encryption Standard (DES)
Belonging to a symmetric key cryptosystem. 1977, proposed by IBM, is positioned as the federal information standard by the United States, and DES is used as the data encryption standard by ISO.
2) Advanced Encryption Standard (AES)
1976, proposed by Stanford University, uses different encryption keys and decryption keys;
1) The reason why public key cryptography appears.
① key distribution of symmetric key cryptosystem;
② Demand for digital signature.
2) The challenge of symmetric encryption
In a symmetric cryptosystem, both encryption and decryption parties use the same key.
So, how to make both parties have the same key safely?
① Pre-agreement: it brings great inconvenience to key management and replacement;
(2) Express delivery: it should not be used in large computer systems with high automation;
③ Highly secure key distribution center: the network cost increases;
3) Three kinds of public keys
① RSA system: officially published in 1978, based on the decomposition of large numbers in number theory;
4) Difference:
The public key encryption algorithm is expensive and will not replace the traditional encryption algorithm.
5) Encryption attribute
The security of any encryption algorithm depends on the length of the key and the amount of calculation required to crack the ciphertext.
Letters or documents are based on signatures or seals to prove their authenticity. Forge a seal and you will go to jail.
1) verification: the receiver can verify the sender's signature on the message, that is, determine whether the message is sent by the sender;
2) No tampering: the receiver is convinced that the received data is exactly the same as the data sent by the sender and has not been tampered with. It's called information integrity.
3) Undeniable: The signature of the message cannot be denied at this time of sending, which is called undeniable.
1)A performs D operation on the message with its own private key to obtain ciphertext;
2) The receiver decrypts the message through A's public key and verifies whether the message is sent by A. ..
1) Verification guarantee: Only A has a private key, and encryption is unique;
2) No tampering: there is no private key of A after tampering, so it cannot be encrypted;
3) It is undeniable that others do not have A's private key;
Q: Is it possible to simulate A by generating a private key that can be decrypted with A's public key?
The above operation signed the data, but did not encrypt the data. Anyone with a public key can crack it.
1) Digital signature with confidentiality:
① The sender signs the data with the private key of A;
(2) The sender encrypts the data with B's public key;
③ The receiver decrypts the data with B's private key;
④ The receiver uses the public key of A to authenticate the data.
Authentication is to verify that the two communication parties are indeed the objects they want to communicate with, not other impostors.
And the transmitted message is complete and has not been tampered with by others.
0) Motivation
① Digital signature: it is a message authentication technology;
(2) Disadvantages: Digitally signing a long message will add a great burden to the computer, so it needs more time for calculation;
③ Requirements: a relatively simple method for identifying messages;
④ Solution: password hash function;
1) cryptographic hash function
Function: protect the integrity of plaintext;
Characteristics of (1) hash function:
② Features of cryptographic hash function:
2) Practical password hash functions: MD5 and SHA- 1.
① MD5
② Sand
NIST of American Institute of Technical Standards put forward SHA hash algorithm.
3) Message authentication code
Disadvantages of hash function: it may be tampered with by others, and then the corresponding correct hash value is calculated;
② Message authentication code: After generating the hash of the message, encrypt the hash to generate the message authentication code;
1) difference
2) Identification method
A sends a message with its own identity A and password to the far-end B, and encrypts it with the * * * symmetric key agreed by both parties;
3) Existing problems
Maybe the attacker is in the middle, pretending to be A, sending a password to B, and finally successfully pretending to be A to get important data of A;
4) Summary
Important issues: distribution of public keys and authenticity of public keys.
The cryptographic algorithm is public, and the network security is completely based on the key, so the key management is very important. Including:
1) Challenge
① The number of keys is huge: n people communicate with each other, and the number of keys needed is n (n-1);
(2) Secure communication: how to make the two communication parties obtain the key safely;
2) Solutions
Key distribution center: an institution trusted by the public, which is responsible for temporarily distributing a session key (one-time use) to users who need secret communication;
3) treatment process
① User A sends clear text to KDC Honeymoon Distribution Center, indicating that he wants to communicate with User B. ..
② KDC randomly generates a "one secret at a time" session key KAB, then encrypts it with KA and sends it to A key KAB and the bill.
(3) After receiving the bill from A and decrypting it according to its own key KB, B knows that A wants to communicate with him and knows the session key KAB.
4)
The system has been widely used in electronic passports, and it is an encryption system used in the next generation financial system.
The wide application of mobile communication puts forward higher requirements for the network.
The arrival of quantum computer will invalidate many cryptographic technologies currently used, and the research on the latter two-word cryptography is in the ascendant.