Shulou(Shulou.com)06/01 Report--

With the Internet, it has brought a lot of convenience to our daily life, and at the same time, it has also brought us a lot of security risks. Maybe when you communicate with others, the communication data will be intercepted by others. Therefore, there must be a corresponding encryption technology to protect our communication privacy. So today, let's take a brief look at encryption technology and some common encryption algorithms.

1. Why encryption is needed

1. Vulnerability of unencrypted traffic

2. Unencrypted passwords / data are easy to sniff

3. Unencrypted data is easy to operate

4. The operation cannot be verified without encryption

5. Unencrypted is equivalent to mailing a postcard

2. Insecure traditional protocols

Telnet, FTP, POP3, etc.; insecure password

Http, smtp, NFS, etc.; unsafe information

Ldap, NIS, rsh, etc.; unsafe verification

3. Security attributes defined by NIST (National Institute of Standards and Technology)

Confidentiality:

Data confidentiality

Privacy

Integrity: cannot be tampered with

Data integrity

System integrity

Usability

4. Security *: STRIDE

Spoofing (fake)

Tampering (tampering)

Repudiation (deny)

Information Disclosure (Information Disclosure)

Denial of Service (denial of Service)

Elevation of Privilege (elevate privileges)

5. Security mechanisms: encryption, digital signature, access control, data integrity, authentication exchange, traffic filling, routing control, notarization

6. Security services

Authentication

access control

Data confidentiality

Connection confidentiality

Connectionless confidentiality

Select domain confidentiality

Traffic confidentiality

Data integrity

Undeniability

7. Basic principles of safety design

Use a mature security system

Input data in the heart of a villain

The external system is not secure.

Minimum authorization

Reduce external interfac

Use security mode by default

Safety is not specious.

Thinking from the perspective of STRIDE

Check at the entrance

Protect your system in terms of management

8. Common security technologies

Authentication

Authorization

Secure communication

Audit

9. Cryptographic algorithms and protocols

Symmetrical encryption

Public key encryption

One-way encryption

Authentication protocol

Linux system: OpenSSL, gpg (implementation of pgp protocol)

10. Symmetric encryption: encryption and decryption use the same key

DES:Data Encryption Standard,56bits

3DES: encrypt with DES three times

AES:Advanced (128,192, 256bits)

Blowfish,Twofish

IDEA,RC6,CAST5

Properties:

1. The same key is used for encryption and decryption with high efficiency.

2. Divide the original data into blocks of fixed size and encrypt them one by one.

Disadvantages:

1. Too many keys

2. Key distribution

3. The data source cannot be confirmed.

11. Asymmetric encryption:

Public key encryption: keys appear in pairs

Public key: open to all; public key

Private key: keep it by yourself, you must keep it private; secret key

Features: encrypt data with a public key and decrypt only with a paired private key, and vice versa

Features:

Digital signature: mainly to let the receiver confirm the identity of the sender

Symmetric key exchange: the sender encrypts a symmetric key with the other party's public key and sends it to the other party.

Data encryption: suitable for encrypting smaller data

Disadvantages: long key, low efficiency of encryption and decryption

Algorithm: RSA (encryption, digital signature), DSA (digital signature), ELGamal

Generate a pair of keys: public key / key, which is encrypted with one of the key pairs and decrypted by the other

Implement encryption:

Generate public key / key pairs: P and S

Public key P, secret key S

Sender

Encrypt message M using the recipient's public key

Send P (M) to the recipient

Recipient

Use key S to decrypt: masks (P (M))

Implement a digital signature:

Sender

Generate public key / key pairs: P and S

Public key P, secret key S

Use key S to encrypt message M

Send to recipient S (M)

Recipient

Use the sender's public key to decrypt MSecretP (S (M))

Combination of signature and encryption: key (data+SA (hash (data) + PB (key)

Separate signature

12. Unidirectional hash

Shrink arbitrary data into fixed-size "fingerprints"

Arbitrary length input

Fixed length output

If the data is modified, the fingerprint will also change ("no conflict")

Unable to regenerate data from fingerprint ("one-way")

Function: data integrity

Common algorithm

Md5: 128bits 、 sha1: 160bits 、 sha224 、 sha256 、 sha384 、 sha512

Common tools

Md5sum | sha1sum [--check] file

Openssl 、 gpg

Rpm-V

13. Key exchange: IKE (Internet Key Exchange)

Public key encryption:

DH (Deffie-Hellman):

DH:

1. A: a _ r _ p negotiates to generate an open integer a, a large prime p

B: a,p

2. A: generate private data: X (x)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.