信息安全重要導(dǎo)論

1、信息安全重要導(dǎo)論密碼學(xué)原理及算法 page22022/7/202. 對稱密碼體系3. 公鑰密碼體系4. 密碼散列函數(shù)1. 概述1. 概述安全攻擊：Interruption 阻斷Interception 竊聽Modification 修改Fabrication 偽裝Active AttackPassive Attackpage32022/7/201. 概述安全服務(wù)Confidentiality (保密性)Availability (可用性)Nonrepudiation (防抵賴)Authentication (真實(shí)性)Integrity (完整性)Access Control (可控性)page

2、42022/7/201. 概述page52022/7/20Symmetric CryptographyAsymmetric CryptographyCryptographic Hash FunctionCryptography1. 概述page62022/7/20Cryptographic Hash FunctionAsymmetric CryptographySymmetric CryptographyGeneral idea of Symmetric-key cipher 對稱密碼PlaintextPlaintextCiphertextCiphertextDecryptionAlgorit

3、hmEncryptionAlgorithmSecure Key-exchange ChannelInsecure ChannelSharedSecret-KeySharedSecret-KeyAliceBobEncipherment（加密）1. 概述page72022/7/20Symmetric CryptographyCryptographic Hash FunctionAsymmetric CryptographyGeneral idea of Asymmetric-key cipherPlaintextPlaintextCiphertextCiphertextDecryptionAlgo

4、rithmEncryptionAlgorithmInsecure ChannelAliceBobAlicesPrivate-KeyAlicesPublic Key1Digital Signature數(shù)字簽名1. 概述page82022/7/20Symmetric CryptographyCryptographic Hash FunctionAsymmetric CryptographyGeneral idea of Asymmetric-key cipherPlaintextPlaintextCiphertextCiphertextEncryptionAlgorithmDecryptionAl

5、gorithmInsecure ChannelAliceBobAlicesPrivate-KeyAlicesPublic Key2Encipherment1. 概述page92022/7/20Symmetric CryptographyAsymmetric CryptographyCryptographic Hash FunctionGeneral idea of Hash Function for Message DigestOriginalMessageChecking integrity 完整性檢驗(yàn)密碼學(xué)原理及算法 page102022/7/202. 對稱密碼體系3. 公鑰密碼體系4.

6、密碼散列函數(shù)1. 概述1. 概述page112022/7/20分組密碼流密碼秘鑰管理對稱密碼2. 對稱密碼2.1 分組密碼: 基本變換函數(shù)page122022/7/20S-BoxXORCircular ShiftSwapSplit / CombineP-BoxA P-box (置換盒) parallels the traditional transposition cipher for characters. It transposes (移動(dòng)) bits. A straight(直接的) P-box is invertible(可逆的), but compression and expans

7、ion P-boxes are not.e.g.2. 對稱密碼2.1 分組密碼: 基本變換函數(shù)page132022/7/20P-BoxXORCircular ShiftSwapSplit / CombineS-BoxAn S-box (替換盒) can be thought of as a miniature(微小的) substitution cipher. An S-box is an m n substitution unit, where m and n are not necessarily the same.110 11010 012. 對稱密碼2.1 分組密碼: 基本變換函數(shù)pa

8、ge142022/7/20P-BoxS-BoxCircular ShiftSwapSplit / CombineXORThe exclusive-or operation is an important component in most block ciphers. XOR01001110+e.g.2. 對稱密碼2.1 分組密碼: 基本變換函數(shù)page152022/7/20P-BoxS-BoxXORSwapSplit / CombineCircular ShiftThe circular shift operation is another component found in some m

9、odern block ciphers. e.g.2. 對稱密碼2.1 分組密碼: 基本變換函數(shù)page162022/7/20P-BoxS-BoxXORCircular ShiftSplit / CombineSwapThe swap operation is a special case of the circular shift operation where k = n/2. e.g.EncryptionDecryption2. 對稱密碼2.1 分組密碼: 基本變換函數(shù)page172022/7/20P-BoxS-BoxXORCircular ShiftSwapSplit / Combin

10、eTwo other operations found in some block ciphers are split and combine. e.g.SplitCombineEncryptionDecryption2. 對稱密碼2.1 分組密碼: Feistel 密碼page182022/7/20Block sizeKey sizeNumber of roundsSubkey generationRound functionFast software E/DEase of analysis2. 對稱密碼2.1 分組密碼: DES（數(shù)據(jù)加密標(biāo)準(zhǔn)）page192022/7/20DES64bit

11、 plaintext64bit ciphertextInitial permutationRound 1Round 2Round 16Final permutation.56bit keyK1K2K16Round-key generator2. 對稱密碼2.1 分組密碼: DES（數(shù)據(jù)加密標(biāo)準(zhǔn)）page202022/7/20秘鑰擴(kuò)展：生成16個(gè)輪秘鑰2. 對稱密碼2.1 分組密碼: DES（數(shù)據(jù)加密標(biāo)準(zhǔn)）page212022/7/20多重加密(Multiple Encryption)Double DESC = EK2(EK1(P)M = DK1(DK2(P)meet in the middle

12、 attack:Triple DESTriple DES with 2 keysC=Ek1(Dk2(Ek1(P)P=Dk1(Ek2(Dk1(P)K1+K2: 112bitsTriple DES with 3 keysC=Ek3(Dk2(Ek1(P)P=Dk1(Ek2(Dk3(C)More secure than DES, but with more cost2. 對稱密碼2.1 分組密碼: AES（高級(jí)數(shù)據(jù)加密標(biāo)準(zhǔn)）page222022/7/202. 對稱密碼2.1 分組密碼: AES（高級(jí)數(shù)據(jù)加密標(biāo)準(zhǔn)）page232022/7/201) Byte Substitution2) Shift R

13、ows3) Mix Columns4) Add Round key2. 對稱密碼2.1 分組密碼: AES（高級(jí)數(shù)據(jù)加密標(biāo)準(zhǔn)）page242022/7/20秘鑰擴(kuò)展2. 對稱密碼2.1 分組密碼：加密模式對稱密碼算法的具體應(yīng)用機(jī)制增加安全性，如完整性可以將分組加密算法用作流加密page252022/7/202. 對稱密碼2.1 分組密碼：加密模式page262022/7/20CBCCFBOFBCTRECBThe electronic codebook (ECB) mode is the simplest mode of operation.Each block of plaintext is

14、encoded independently(獨(dú)立地) using the same key.2. 對稱密碼page272022/7/202.1 分組密碼：加密模式ECBCFBOFBCTRCBCTo transmit a lengthy message, we might employ the so called Cipher Block Chaining (CBC) mode；In this scheme, the input to the encryption algorithm is the XOR of the current plaintext block and the preced

15、ing ciphertext block; the same key is used for each block.To transmit a lengthy message, we might employ the so called Cipher Block Chaining (CBC) mode；In this scheme, the input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block; the same key is

16、used for each block.2. 對稱密碼page282022/7/202.1 分組密碼：加密模式ECBCBCOFBCTRCFB2. 對稱密碼page292022/7/202.1 分組密碼：加密模式ECBCBCCFBCTROFBOutput Feedback Mode is Similar to CFB. Can you find the difference?2. 對稱密碼page302022/7/202.1 分組密碼：加密模式ECBCBCCFBOFBIn the counter (CTR) mode, there is no feedback. The pseudo-rando

17、mness(偽隨機(jī)) in the key stream is achieved using a counter. CTR2. 對稱密碼2.2 流密碼page312022/7/20Structure110011000110110010100000+plaintextkey streamciphertext2. 對稱密碼2.2 流密碼：RC4算法page322022/7/202. 對稱密碼2.2 流密碼：RC4算法page332022/7/202. 對稱密碼2.2 流密碼：RC4算法page342022/7/20Initialization Initialization is done in t

18、wo steps:Key Stream GenerationThe keys in the key stream are generated, one by one. 2. 對稱密碼2.3 秘鑰分配page352022/7/20Key Distribution Scenario: preconditions(前提) A wishes to establish a logical connection with BABKDC A requires a session key from KDC to protect the communication A share a master key wi

19、th KDC, B share with KDCSecret channelSecret channel2. 對稱密碼2.3 秘鑰分配：KDC Scenariopage362022/7/20AKDCAB12456密碼學(xué)原理及算法 page372022/7/202. 對稱密碼體系3. 公鑰密碼體系 4. 密碼散列函數(shù)1. 概述3. 公鑰密碼page382022/7/203.1 Diffie-Hellman Key Exchange Scheme3. 公鑰密碼3.1 Diffie-Hellman Key Exchange Schemepage392022/7/20 Global Public ElementsY：YP, Y是P的素?cái)?shù)根P：素?cái)?shù) For AliceSelected private: A, ( AP )Calculate public =YA mod