版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請進行舉報或認領(lǐng)
文檔簡介
學XuHui,: 1CISSPExpectation-CISSPUnderstandtheapplicationanduseof 碼學的應Dataatrest,e.g.,hardDataintransit,e.g.,“OntheUnderstandtheencryption 碼學概Foundationalconcepts(基本概念Symmetriccryptography(對稱加密Asymmetriccryptography(非對稱加密Hybridcryptography(混合加密Messagedigests(消 2CISSPExpectation-CISSPUnderstandKeyManagement 鑰管理流Creationanddistribution(創(chuàng)建和分發(fā)Storageand 和銷毀Recovery(密鑰恢復Keyescrow(密鑰托Understanddigital理解數(shù)字簽Understand理解不可抵3CISSPExpectation-CISSPUnderstandmethodsof ytic 方Chosenplaintext(選擇明 Socialengineeringforkeydiscovery(社會工程學Brute Knownplaintext(已知明 ysis(頻率分析Chosenciphertext(選擇密 Implementationattacks(針對實施 4CISSPExpectation-CISSPEmploycryptographyinnetwork 中使 學技Usecryptographyto 使 學技術(shù)保護電子郵件安Understandpublickey理解PKI公鑰技術(shù)設(shè) related理解數(shù) 和相關(guān)概Understandinformationhidingalternatives,e.g.,steganography,watermarking5※0.CISSP※1.Cryptography※2.Symmetric※3.Asymmetric※4.Hash※5.Cipher※6. ※7.6CRYPTOGRAPHY7CryptographyHistory-beforelast)scribeswritingdownthebookofJeremiahusedreversed-alphabetsimplesubstitutioncipherPlain:Cipher:MonoalphabeticPlain:Cipher:CipherPlaintext:IhaveagoodCiphertext:rszevztllw8CryptographyHistory- 700-300BCinGreece(希臘人于公元前600年-前500年consistingofacylinderwithastripofpar entwoundarounditonwhichiswrittenamessage.TheancientGreeks(希臘人),andtheSpartans(斯巴達人)inparticular,aresaidtohaveusedthisciphertocommunicateduringmilitary TranspositionCipher(移位 9CryptographyHistory-Caesar60-50BCbyJuliusCaesarRoma Substitution:Rightshiftthealphabeticby3positions()Plaintext:IhaveagoodCiphertext:fexsbxdllaCryptographyHistory-VigenereCipher(維吉尼 Polyalphabeticsubstitution(多字母替 ababcdefghijklmnopqrstuvwxyzAabcdefghijklmnopqrstuvwxyzBbcdefghijklmnopqrstuvwxyzaCcdefghijklmnopqrstuvwxyzabDdefghijklmnopqrstuvwxyzabcEefghijklmnopqrstuvwxyzabcdFfghijklmnopqrstuvwxyzabcdeGghijklmnopqrstuvwxyzabcdefHhijklmnopqrstuvwxyzabcdefgIijklmnopqrstuvwxyzabcdefghJjklmnopqrstuvwxyzabcdefghiKklmnopqrstuvwxyzabcdefghijLlmnopqrstuvwxyzabcdefghijkMmnopqrstuvwxyzabcdefghijklNnopqrstuvwxyzabcdefghijklmOopqrstuvwxyzabcdefghijklmnPpqrstuvwxyzabcdefghijklmnoQqrstuvwxyzabcdefghijklmnopRrstuvwxyzabcdefghijklmnopqSstuvwxyzabcdefghijklmnopqrTtuvwxyzabcdefghijklmnopqrsUuvwxyzabcdefghijklmnopqrstVvwxyzabcdefghijklmnopqrstuWwxyzabcdefghijklmnopqrstuvXxyzabcdefghijklmnopqrstuvwYyzabcdefghijklmnopqrstuvwxZzabcdefghijklmnopqrstuvwxyRepeatedKey:Ihaveagoods+i=>ae+h=>lc+a=>ck+v=>f…alcfiyysqnCryptographyHistory-OneTime 本KeyPeoplehumanbeingeatfooddrinkwatertakeshowerhappyfamilyFaithhopeloveawomana
Pre
KeyPeoplehumanbeingeatfooddrinkwatertakeshowerhappyfamilyFaithhopeloveawomana Ihaveagood …ymplqCryptographyHistory-RunningKey
Pre
KeyIndex:Ihaveagoodnews
IwenttothewoodsbecauseIwishedtolivedelibera y,tofrontonlytheessentialfactsoflife,andseeifIcouldnotlearnwhatithadtoteach,andnot,whenIcametodie,discoverthatIhadnotlived.Ididnotwishtolivewhatwasnotlife,livingissodear;CryptographyHistory-
TranspositionCipher(移位 Permutation MonoalphabeticPolyalphabeticCryptographyHistory-Steganography(隱寫術(shù)TheartandscienceofwritinghiddenTheadvantageofsteganographyovercryptographyaloneisthatmessagesdonotattractattentiontothe iodinestarchSYMMETRIC對
BlockCipherVSStream
……
…… Terminology(術(shù)語NIST(USA):NationalInstituteofStandardsand與技NISTSP:NationalInstituteofStandardsandTechnologySpecialPublication與技 特 信息處理標non-NSA(USA):NationalSecurity國家安全
DataEncryptionStandard(數(shù)據(jù)加密標準1977,FIPS46,byReplacedbyAES(被AES算法替代BlockCipher( KeySize:56bit(密鑰長度:56比特Rounds:16roundsoftranspositionand4CipherModes(4 模式ElectronicCodebookBlockChainingCipherFeedbackOutputFeedback安全性:DES已經(jīng)在1998年被EFF(ElectronicFrontierFoundation)證明是不安全的,當時EFF用了少于250000的價格組裝了一臺計算機用少于3天的時間了DES。ElectronicProblem:IdenticalplaintextblocksareencryptedintoidenticalciphertextAstrikingexampleCipherBlockCipherFeedbackOutputFeedbackTheoutputfeedback(OFB)modemakesablockcipherintoasynchronousstreamcipher.Itgenerateskeystreamblocks
TripleDataEncryptionStandardorTDEA(TripleDataEncryptionAlgorithm)publishedin1998,NISTSP800-1999年,NIST將3-DES指定為過渡的加密標準BlockCipher( 3DES3DES K1≠K2, K1≠K2≠安全性:NISThasapprovedTripleDESthroughtheyear2030forsensitive ernmentinformation
AdvancedEncryptionStandardFIPS197in2001byNIST,OriginallycalledWinfromMARS,RC6,Rijndael,Serpent,BlockBlockSize:128/192/256bitKeySize:10roundsfor128-bitkeys,12roundsfor192-bitkeys,and14roundsfor256-bitkeysBy2006,thebestknownattackswereon7roundsfor128-bitkeys,8roundsfor192-bitkeys,and9roundsfor256-bitkeys. RivestCipher
byRonRivestofRSASecurityInStreamThekey-schedulingalgorithmThepseudo-randomgenerationalgorithmKeyLength:variablelengthkey,typicallybetween40and256theonlycommoncipherwhichisimmunetothe2011BEASTattackonTLS1.0,whichexploitsaknownweaknessinthewaycipherblockchainingmodeisusedwithalloftheothercipherssupportedbyTLS1.0,whichareallblock
MoreTheTwofishSymmetricblockcipher:128-bitblock,Up256-bitTheIDEACipher(InternationalDataEncryptionJamesMasseyandXuejiaLai,blockcipher:64-bitplaintextblocks,128-bitRonaldRivestinBlockcipherofvariableblockTypicalBlocksizeof32,64,or128KeysizeandRoundsarefrom0toConfusionand ClaudeShannon( )inhispaperCommunicationTheoryofSecrecySystems,publishedin1949.ConfusionreferstomakingtherelationshipbetweentheplaintextandtheciphertextascomplexandinvolvedasDiffusionreferstothepropertythattheredundancyinthestatisticsoftheplaintextis"dissipated"inthestatisticsoftheInparticular,changingonebitofthekeyshouldchangetheciphertextcomple Kerckhoffs’s“Acryptosystemshouldbesecureevenifeverythingaboutthesystem,exceptthekey,ispublicknowledge”wasstatedbyAugusteKerckhoffsinthe19thcentury ASYMMETRICAsymmetricComparewithSymmetricAMessagethatisencryptedbyoneofthekeyscanbedecryptedwiththeotherkey.NoneedtoExchangeSlowerthansymmetric EllipticEl
RivestShamirh1977,byRonRivest,AdiShamirh,LenAdlemanatbasedonthepresumeddifficultyoffactoringlargeRSA1024andRSA 日,編號為RSA-768(768bits,232digits)數(shù)
KeygenerationChoosetwodistinctprimenumbers(質(zhì)數(shù)):Eg,p=13,ComputeComputeφ(n)=(p–1)(q–1)=(13-1)*(7-Chooseanintegere,suchthat1<e<φ(n)and(e,φ(n))=1Eg,e=11,PublickKey(e,n)=(11,Computed,suchthatd=e–1modd=11–1mod72=59,PrivateKey(d,φ(n))=(59,usingtheextendedEuclideanalgorithm(擴 Encryption
Decryption
DiffieHallmankeyToExchangesecretkeysoveranon-securemediumwithoutexposingthekeys.publishedbyWhitfieldDiffieand manin1ap,b2ap,g,gamodp=p,b3ap,g,gbmodp=p,g,A,b4a,p,g,A,Bamodp=Abmodp=p,g,A,b,
橢圓曲線y2=x3+a*x+bp=FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFa=FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFb=28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD41n=FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123Gx=32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7Gy=BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0Ellipticcurvecryptography(橢圓曲線算法basedonthealgebraicstructureofellipticcurvesoverfiniteEllipticCurve:y2=x3+ax+1985,byNealKoblitzandVictorS.DigitalSignature:ECDSA(ECC-DigitalSignatureDataEncryption:ECDH(Ellipticcurve HASH
Message-Digest1991,designedbyRonRivestinThesecurityoftheMD5hashfunctionisseverelyAcollisionattackexiststhatcanfindcollisionswithin
SHA-SecureHashAlgorithm-1995,designedbytheUnitedStatesNationalSecurityAgency,publishedbytheUnitedStatesNISTDigestLength:Rounds:安全In2005,crypt ystsfoundattacksonSHA-1suggestingthatthealgorithmmightnotbesecureenoughforongoinguse.NISTrequiredmanyapplicationsinfederalagenciestomovetoSHA-2after2010becauseoftheweakness.
SHABlocksize(bits)264?264?264?2264?2128?
Aone-wayhashingalgorithmwithvariablelengthofoutput1992,byYuliangZheng,JosefPieprzyk,andJenniferHAVALcanproducehashesinlengthsof128bits,160bits,192bits,224bits,and256bits.HAVALalsoallowsuserstospecifythenumberofrounds(3,4,or5)tobeusedtogeneratethehash.On17August2004,collisionsforHAVAL(128bits,3passes)wereannouncedbyXiaoyunWangCIPHERCipherApplication-
CIA- fromSymmetricEncryption,AsymmetricDataarenottamperedbeforeHash,checksum,Evidence,cannotDigital 基于對稱密鑰 認終 卡
服務(PSAM:刷卡機卡片隨機加密后的隨機
分散算法(消費密鑰 6. 隨機數(shù),比CipherApplication-MAC消息認證MessageAuthenticationHMAC:HashedMessageAuthenticationCipherApplication-
CBC-CipherApplication-基于HMAC的動態(tài)口 CipherApplication-DigitalRSA-basedsignatureschemes(PKCS#1,DSAanditsellipticcurvevariantElGamalsignatureCipherApplication-RSA-BasedSignature
PKCS#7數(shù)字簽 數(shù)據(jù)包內(nèi)
簽名信
? ?
CipherApplication-
數(shù)章CipherApplication-
S/MIME(SecureMultipurposeInternetMail inaMIMEToprovideauthenticationthroughdigitalsignaturesand ityofencryptionUsesX.509standardforits PGP(PrettyGoodInsteadof Authority,PGPusesa“WebUserscancertifyeachotherinameshCipherApplication-
PKIvs(Hierarchical
PGP:Mesh(WebofCipherApplication-IDBased thepublickeyofauserissomeuniqueinformationabouttheidentityoftheuser(e.g.auser's ID-basedencryptionwasproposedbyAdiShamirin1984.Thepairing-basedBoneh–FranklinschemeandCocks'sencryptionschemebasedonquadraticresiduesbothsolvedtheIBEproblemin2001.CipherApplication-
SecureElectronicVisa&MasterCarddevelopedSETin1997,Coverstheend-to-endtransactionsfromthecardholdertothefinancialinstitution. Despiteheavypublicitytowinmarketshare,itfailedtogainwidespreaduseNeedtoinstallclientCostandcomplexityformerchantstooffersupport,contrastedwiththecomparativelylowcostandsimplicityoftheexistingSSLbasedalternative. distributionCipherApplication-
4 5商 2
3
1實際B2C交易技 SSL加 5返回6支付交互過SSLCipherApplication-
SSLSecureSocketslatestversionSSLprotocoldevelopedbyNetscapein abovetheTransportLayerAsymmetriccryptography(Digital )toexchangekeyEncryptusingSymmetricTLS:TransactionLayerThesuccessorofSSL,CipherApplication-
InternetProtocolauthenticatingandencryptingeachIPpacketofacommunicationsessionAuthenticationHeaderEncapsulatingSecurityPayloadThedatainthepacketisencrypted,buttheheaderisTheoriginalIPheaderisencryptedandanewIPheaderisaddedtothebeginningofthepacket.ThisadditionalIPheaderhastheaddressofthe theencryptedIPheaderpointstothefinaldestinationontheinternalnetworkbehindthegateway.CipherApplication-
HTTPSandS-HTTPS:HypertextTransferProtocolHTTPSwrapstheentirecommunicationwithinrequireaseparateportwithSHTTP:SecureHypertextTransferS-HTTPencryptsonlytheservedpagedataandsubmitteddatalikePOSTfieldsS-HTTPcouldbeusedconcurrentlywithHTTP(unsecured)onthesameport,astheunencryptedheaderwoulddeterminewhethertherestofthetransmissionisencrypted.HTTPSandS-HTTPwerebothdefinedinthemid-1990stoaddressthisneed.Netscapeand supportedHTTPSratherthanS-HTTP,leadingtoHTTPS ingthedefactostandardmechanismforsecuringwebcommunications.Secure
ByestablishinganencryptedtunnelbetweenanSSHclientandanSSHserver.Canbeusedtoauthenticatetheclienttothesever,andalsotoprovide ityandintegritySSHV2.X mankeyIntegritycheckingviamessageauthenticationRunanynumberofs sessionsoverasingleSSH
WorkWorkFactorisdefinedastheamountofeffort(usuallymeasuredinunitsoftime)neededtobreakacryptosystem. ysisofSymmetricBruteKnownPlaintexttheattackerhassamplesofboththeplaintext,andChosenPlaintexttheattackerhasthecapabilitytochoosearbitraryplaintextstobeencryptedandobtainthecorrespondingciphertextsAdaptiveChosenwherethecrypt ystmakesaseriesofinteractivequeries,choosingsubsequentplaintextsbasedontheinformationfromthepreviousencryptions. ysisofSymmetricCiphertextOnlytheattackerisassumedtohaveaccessonlytoasetofChosenCiphertextthecryptystgathersinformation,atleastinpart,bychoosingaciphertextandobtainingitsdecryptionunderanunknownkey.IntheattackAdaptiveChosenaninteractiveformofchosen-ciphertextattackinwhichanattackersendsanumberofciphertextstobedecrypted ysisofSymmetricDifferential itisthestudyofhowdifferencesinaninputcanaffecttheresultantdifferenceattheoutputLinear findingaffineapproximationstotheactionofaTripleDESwiththreeindependentkeyshasakeylengthof168bits(three56-bitDESkeys),butduetothemeet-in-the-middleattack,theeffectivesecurityitprovi
溫馨提示
- 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
- 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
- 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會有圖紙預覽,若沒有圖紙預覽就沒有圖紙。
- 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
- 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內(nèi)容的表現(xiàn)方式做保護處理,對用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對任何下載內(nèi)容負責。
- 6. 下載文件中如有侵權(quán)或不適當內(nèi)容,請與我們聯(lián)系,我們立即糾正。
- 7. 本站不保證下載資源的準確性、安全性和完整性, 同時也不承擔用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。
最新文檔
- 中考政治總復習第四單元自然界的水教材知識梳理
- 內(nèi)蒙古通遼市科爾沁左翼中旗2024-2025學年七年級上學期期中生物學試題(原卷版)-A4
- 2023年微型燈泡項目融資計劃書
- 養(yǎng)老院老人衣物洗滌保養(yǎng)制度
- 養(yǎng)老院老人康復理療師職業(yè)道德制度
- 《食管癌查房》課件
- 《保險學邏輯體系》課件
- 2024年度汽車融資租賃與全面裝潢升級及售后服務合同3篇
- 《鼻出血搶救流程》課件
- 2024年文化旅游景區(qū)停車場車位租賃及旅游服務合同3篇
- 商品(服裝類)基礎(chǔ)知識
- 機電安裝工程質(zhì)量通病及防治措施
- 行政管理學的判斷題
- 傳感器原理與應用課程設(shè)計報告磁電式輪速傳感器系統(tǒng)設(shè)計
- 濟南市建設(shè)工程竣工測量技術(shù)規(guī)程
- 語音放大電路的設(shè)計畢業(yè)論文
- 滑動模板施工工法
- 合同履行確認單(模板).doc
- 框架結(jié)構(gòu)內(nèi)力計算-豎向彎矩二次分配,水平D值法講解
- 《初中團隊一體化工作模式的實踐與研究》
- 工程增項簽證單樣本
評論
0/150
提交評論