In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-03-31 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
In today's network era, how to ensure the security of data transmission? The following describes the implementation process in principle.
I. Safety standards
Network information security standards are formulated by the National Institute of Standards and Technology (National Institute of Standards and Technology,NIST). The standards include:
Confidentiality (Confidenciality)
Ensure that information is not leaked to unauthorized users or entities during storage, use, and transmission.
Integrity (Integrity)
To ensure that the information will not be tampered with by unauthorized users in the process of storage, use and transmission, but also prevent authorized users from improperly tampering with the system and information, and maintain the consistency of internal and external representation of the information.
Availability (Availability)
Ensure that the normal use of information and resources by authorized users or entities will not be abnormally denied, allowing them to access information and resources in a reliable and timely manner.
These are what we usually call the three principles of information security.
Authenticity and traceability are often needed now.
Type of cryptographic algorithm
1. Symmetric encryption
Symmetric encryption uses the same secret key for encryption and decryption. The details are as follows:
Keyword description:
Plaintext: text before encryption
Secret key: it is actually a string of strings, which is encrypted and decrypted by combining the cryptographic algorithm with encryption and decryption.
Ciphertext: encrypted and followed by string
Encryption and decryption algorithm: DES,3DES,AES,Blowfish,Twofish,IDEA
Features of symmetric encryption:
Use the same secret key for encryption and decryption
Divide the plaintext into fixed-size blocks and encrypt them one by one
Defect:
A host and many machines need to obtain the secret key of each host when many machines are passing, which will lead to too many keys, resulting in insecure key transmission, authentication and data integrity.
2. Public key encryption
Different keys used for encryption and decryption usually appear in pairs. They are called secret keys and public keys, respectively. Public key: the length is too long, now it is usually more than 2048.
Commonly used encryption algorithms:
RSA: can be encrypted or authenticated
DSA: can only do identity authentication
ELGamal: commercial version of symmetric encryption algorithm
Encryption in this way is slow. And it can not guarantee the integrity of the data, that is, after B receives the data of A, it can not guarantee whether the data has been tampered with.
Therefore, its application is reflected in the following two aspects:
1. Identity authentication
Encrypt your own private key signature (fingerprint) and the other party's public key to verify your identity.
2. IKE (Internet Key Exchange, secret key exchange)
Using the other party's public key encryption to send to the other party may be violently cracked. Therefore, it will be implemented by DH algorithm, which is similar to the electronic password card of the bank. For a detailed introduction to DH, please refer to: http://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange
3. One-way encryption
One-way encryption (data integrity algorithm): extract data fingerprint, with irreversible characteristics.
Commonly used one-way encryption algorithms are: MD5,SHA1,SHA384,SHA512
The characteristics of the algorithm:
Fixed length output: the encrypted fingerprint is of fixed length.
Avalanche effect: small changes in the original file will cause great changes in fingerprint information.
Third, the encryption process of data transmitted on the network
The real data transmitted on the network is realized by taking the advantages of each encryption algorithm. The basic model is as follows:
Suppose host A wants to transfer data to host B. in order to ensure the security of the data, the transfer process is roughly as follows:
Host A uses the one-way encryption algorithm to extract the fingerprint of the plaintext data, uses the private key of A to encrypt the fingerprint information, and appends the encrypted private key to the plaintext. This kind of information is defined as the first encrypted information. At this time, a series of secret keys (symmetric encryption keys) are generated by using some algorithm, and the first encryption information is combined with the generated secret key to generate the second encryption information using the symmetric encryption algorithm. then the secret key is added to the second encryption information using the public key information of B to generate the final encryption information. After receiving the encrypted information from host A, host B tries to decrypt the received information with its own private key. If it can be decrypted, it will get the secret key of symmetrical encryption, and then extract the secret key to decrypt the remaining information and get the symmetrically decrypted data. After completing this step, using the public key of A to verify that the identity is A, the plaintext and fingerprint information will be obtained, and the same one-way encryption algorithm will be used to compare the extracted fingerprint information with the fingerprint information decrypted by the public key to achieve the integrity of the data.
However, the most important part of the above implementation is how can A reliably obtain the public key of B?
So the emergence of a third-party organization CA, usually CA is a recognized, trustworthy organization. It provides the corresponding public key information. The general process is as follows:
The implementation of the most important link is shown in the figure above. The general process is as follows: if A wants to obtain the public key information of B, B first applies for registration with the CA institution; after the application is successful, CA will return a certificate to B, which includes information such as the public key information and combination provided by B or each name, the period of validity, and finally the CA signature and other information. When A wants to transfer data to B, A first requests B to obtain a certificate. After B agrees, the certificate will be transmitted to Abot A to verify the identity and integrity of CA. At this time, it will also ask CA whether the certificate is revoked. When all conditions are met, A can start transmitting data to B.
IV. PKI
PKI (public key infrastructure, Public key Infrastructure): an infrastructure consisting of hardware, software, participants, management policies and processes designed to create, manage, distribute, use, store, and revoke digital credentials (from Wikipedia). It is an important specification-based specification for modern e-commerce and network security.
The above data transmission process on the network and CA authentication can be realized by PKI.
The composition of PKI includes:
Visa authority: CA
Registered institution: RA
Certificate revocation list: CRL
Certificate access library: user interface
For more information, please refer to: http://en.wikipedia.org/wiki/Public_key_infrastructure
Summary: this paper mainly introduces the types and implementation process of encryption algorithms, and how to obtain certificates through CA.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
Rpm-Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpmrpm-Uvh htt
© 2024 shulou.com SLNews company. All rights reserved.