【信息安全】密码学

最新推荐文章于 2024-06-30 12:28:37 发布
最新推荐文章于 2024-06-30 12:28:37 发布
阅读量1.1k 收藏 24
点赞数 16
文章标签: python 开发语言
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/David_Hzy/article/details/137497511
版权

信息验证遇到的问题Message Authentication

In the context of communications across a network, the following attacks can be identified.

泄密Disclosure

流量分析Traffic analysis

伪装Masquerade

Content modification

Sequence modification

Time modification

Source repudiation

Destination repudiation

Any message authentication or digital signature mechanism has two levels of functionality.

At the lower level, there must be some sort of function that produces an authenticator: a value to be used to authenticate a message.

This lower-level function is then used as a primitive in a higher-level authentication protocol that enables a receiver to verify the authenticity of a message.

Message Authentication Code (MAC)

An alternative authentication technique involves the use of a secret key to generate a small fixed-size block of data that is appended to the message.

This technique assumes that two communicating parties, say A and B, share a common secret key K. When A has a message to send to B, it calculates the MAC as a function of the message and the key:  

MAC based on Hash functions: HMAC

Digital Signatures

The most important development from the work on public-key cryptography is the digital signature.

The digital signature provides a set of security capabilities that would be difficult to implement in any other way.

The message is authenticated both in terms of source and in terms of data integrity.

Digital Signature Algorithm (DSA)

S-DES

class SDES:
    def __init__(self):
        self.P8_table = [6, 3, 7, 4, 8, 5, 10, 9]
        self.P10_table = [3, 5, 2, 7, 4, 10, 1, 9, 8, 6]

    def P8(self, key):
        k = key
        return [k[i - 1] for i in self.P8_table]

    def P10(self, key):
        k = key
        return [k[i - 1] for i in self.P10_table]

    def Shift(self, value):
        return value[1:5] + value[0:1] + value[6:10] + value[5:6]

    def generate_subkeys(self, key):
        key = self.P10(key)
        left = self.Shift(key[:5])
        right = self.Shift(key[5:])
        subkey1 = self.P8(left + right)
        left = self.Shift(left)
        right = self.Shift(right)
        left = self.Shift(left)
        right = self.Shift(right)
        subkey2 = self.P8(left + right)
        return subkey1, subkey2

    def IP(self, data):
        return [data[i - 1] for i in [2, 6, 3, 1, 4, 8, 5, 7]]

    def IP_inv(self, data):
        return [data[i - 1] for i in [4, 1, 3, 5, 7, 2, 8, 6]]

    def F(self, data, subkey):
        right = data
        right_expanded = [right[i - 1] for i in [4, 1, 2, 3, 2, 3, 4, 1]]
        xor_result = [subkey[i] ^ int(right_expanded[i]) for i in range(8)]
        sbox_result = self.sbox(xor_result)
        return sbox_result

    def F_K(self, data, subkey):
        left = data[:4]
        right = data[4:]
        right_F = self.F(right, subkey)
        xor_result = [int(left[i]) ^ int(right_F[i]) for i in range(4)]
        return xor_result+right

    def SW(self, data):
        return data[4:]+data[0:4]

    def sbox(self, data):
        sbox1 = [
            [1, 0, 3, 2],
            [3, 2, 1, 0],
            [0, 2, 1, 3],
            [3, 1, 3, 2]
        ]
        sbox2 = [
            [0, 1, 2, 3],
            [2, 0, 1, 3],
            [3, 0, 1, 0],
            [2, 1, 0, 3]
        ]
        row = int(''.join([str(data[0]), str(data[3])]), 2)
        col = int(''.join([str(data[1]), str(data[2])]), 2)
        return [int(x) for x in bin(sbox1[row][col])[2:].zfill(2) + bin(sbox2[row][col])[2:].zfill(2)]

    def encrypt(self, plaintext, key):
        key1, key2 = self.generate_subkeys(key)
        plaintext = self.IP(plaintext)
        plaintext = self.F_K(plaintext, key1)
        plaintext = plaintext[4:] + plaintext[:4]
        plaintext = self.F_K(plaintext, key2)
        return self.IP_inv(plaintext)

    def decrypt(self, ciphertext, key):
        key1, key2 = self.generate_subkeys(key)
        ciphertext = self.IP(ciphertext)
        ciphertext = self.F_K(ciphertext, key2)
        ciphertext = ciphertext[4:] + ciphertext[:4]
        ciphertext = self.F_K(ciphertext, key1)
        return self.IP_inv(ciphertext)


def ascii_to_binary_8(plaintext):
    binary_list = []
    for char in plaintext:
        ascii_value = ord(char)
        # Convert ASCII to binary, removing '0b' prefix
        binary_string = bin(ascii_value)[2:]
        binary_string = '0' * (8 - len(binary_string)) + \
            binary_string  # Ensure 10-bit length
        binary_list.append(binary_string)
    return binary_list


def binary_to_ascii(binary_list):
    plaintext = ""
    for binary_string in binary_list:
        binary = ''.join(str(bit) for bit in binary_string)
        # 将二进制字符串转换为整数
        ascii_value = int(binary, 2)
        # 将整数转换为字符,并添加到明文字符串中
        plaintext += chr(ascii_value)
    return plaintext


# 示例
plaintext = ('Network security encompasses all the steps taken to protect the integrity of a computer network and the '
             'data within it. Network security is important because it keeps sensitive data safe from cyber attacks '
             'and ensures the network is usable and trustworthy. Successful network security strategies employ '
             'multiple security solutions to protect users and organizations from malware and cyber attacks, '
             'like distributed denial of service')
key = '1100011110'
key = [int(i) for i in key]
s = SDES()
plaintext_binary = ascii_to_binary_8(plaintext)
print("明文:", plaintext_binary)
ciphertext = []
for binary_str in plaintext_binary:
    encrypted_text = s.encrypt(binary_str, key)
    ciphertext.append(encrypted_text)

print("密文:", ciphertext)

decrypted_text = []
for encrypted_text in ciphertext:
    decrypted_text.append(s.decrypt(encrypted_text, key))
print("解密后的明文(ASCII):", decrypted_text)
decrypted_text = binary_to_ascii(decrypted_text)
print("解密后的明文:", decrypted_text)

S-AES

公钥密码学Public-Key Cryptography

公钥密码学Public-Key Cryptography-CSDN博客

对称密钥分配Symmetric Key Distribution

Symmetric Encryption

For two parties A and B, key distribution can be achieved in a number of ways, as follows:

  1. A can select a key and physically deliver it to B.
  2. If A and B have previously and recently used a key, one party can transmit the new key to the other, encrypted using the old key.
  3. A third party can select the key and physically deliver it to A and B.
  4. If A and B each has an encrypted connection to a third party C, C can deliver a key on the encrypted links to A and B.

KTC(A key translation center)

Transfer symmetric keys for future communication between two entities, at least one of whom has the ability to generate or acquire symmetric keys by themselves. Entity A generates or acquires a symmetric key to be used as a session key for communication with B. A encrypts the key using the master key it shares with the KTC and sends the encrypted key to the KTC. The KTC decrypts the session key, re-encrypts the session key in the master key it shares with B, and either sends that re-encrypted session key to A (Figure a) for A to forward to B or sends it directly to B (Figure b).

KDC(A key distribution center)

Generate and distribute session keys. Entity A sends a request to the KDC for a symmetric key to be used as a session key for communication with B.  KDC generates a symmetric session key, and then encrypts the session key with the master key it shares with A and sends it to A. The KDC also encrypts the session key with the master key is shares with B and sends it to B (Figure c). Alternatively, KDC sends both encrypted key values to A, and A forwards the session key encrypted with the master key shared by the KDC and B to B (Figure d).

KDC vs KTC

kdc的密钥是第三方分发,ktc是用户自己产生密钥

非对称加密Asymmetric Encryption

If A wishes to communicate with B, the following procedure is employed:  

  1. A generates a public/private key pair {PUa, PRa} and transmits a message to B consisting of PUa and an identifier of A, IDA.  
  2. B generates a secret key, Ks, and transmits it to A, which is encrypted with A’s public key.  
  3. A computes D(PRa, E(PUa, Ks)) to recover the secret key. Because only A can decrypt the message, only A and B will know the identity of Ks.  
  4. A discards PUa and PRa and B discards PUa.

Secret Key Distribution with Confidentiality and Authentication

challenge and response

Distribution of Public Keys

Several techniques have been proposed for the distribution of public keys Public announcement Publicly available directory Public-key authority Public-key certificates

Public Announcement

The point of public-key encryption is that the public key is public. Thus, if there is some broadly accepted public-key algorithm, such as RSA, any participant can send his or her public key to any other participant or broadcast the key to the community. Anyone can forge such a public announcement.

Publicly Available Directory

A greater degree of security can be achieved by maintaining a publicly available dynamic directory of public keys. Maintenance and distribution of the public directory would have to be the responsibility of some trusted entity or organization.

  1. The authority maintains a directory with a {name, public key} entry for each participant.
  2. Each participant registers a public key with the directory authority. Registration would have to be in person or by some form of secure authenticated communication.
  3. A participant may replace the existing key with a new one at any time, either because of the desire to replace a public key that has already been used for a large amount of data, or because the corresponding private key has been compromised in some way.
  4. Participants could also access the directory electronically. For this purpose, secure, authenticated communication from the authority to the participant is mandatory.

Public-Key Authority

Stronger security for public-key distribution can be achieved by providing tighter control over the distribution of public keys from the directory.

Assume that a central authority maintains a dynamic directory of public keys of all participants.

Each participant reliably knows a public key for the authority, with only the authority knowing the corresponding private key.  

Step 6, Step 7: Challenge and Response

  1. A total of seven messages are required.
  2. However, the initial five messages need to be used only infrequently because both A and B can save the other’s public key for future use A technique known as caching
  3. Periodically, a user should request fresh copies of the public keys to ensure currency.
  4. The public-key authority could be somewhat of a bottleneck in the system.

公钥证书Public-Key Certificates

Certificates can be used by participants to exchange keys without contacting a public-key authority.

A certificate consists of a public key, an identifier of the key owner, and the whole block signed by a trusted third party.

The third party is a certificate authority, such as a government agency or a financial institution, that is trusted by the user community.  

Requirements

  1. Any participant can read a certificate to determine the name and public key of the certificate’s owner.
  2. Any participant can verify that the certificate originated from the certificate authority and is not counterfeit.
  3. Only the certificate authority can create and update certificates.
  4. 任何参与者都可以验证证书的时间有效性。 Any participant can verify the time validity of the certificate.

X.509 Certificates

一个证书的标准

X.509 has become universally accepted for formatting public-key certificates. X.509 certificates are used in most network security applications, including IP security, transport layer (TLS), and S/MIME. X.509 was initially issued in 1988. The standard was subsequently revised in 1993 to address some of the security. The standard is currently at edition eight, issued in 2016.

User Certificates generated by a CA have the following characteristics: Any user with access to the public key of the CA can verify the user public key that was certified. No party other than the CA can modify the certificate without this being detected. Because certificates are unforgeable, they can be placed in a directory without the need for the directory to make special efforts to protect them. A user can transmit his certificate directly to other users.

With many users, it may be more practical for there to be a number of CAs, each of which securely provides its public key to some fraction of the users. Now suppose that A has obtained a certificate from certification authority X1 and B has obtained a certificate from CA X2. If A does not securely know the public key of X2, then B’s certificate, issued by X2, is useless to A. A can read B’s certificate, but A cannot verify the signature.

If the two CAs have securely exchanged their own public keys, the following procedure will enable A to obtain B’s public key.

Step 1: A obtains from the directory the certificate of X2 signed by X1. Because A securely knows X1’s public key, A can obtain X2’s public key from its certificate and verify it by means of X1’s signature on the certificate.

Step 2: A then goes back to the directory and obtains the certificate of B signed by X2. Because A now has a trusted copy of X2’s public key, A can verify the signature and securely obtain B’s public key.  

岩塘
关注
  • 16
    点赞
  • 24
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 4
    评论
信息安全 密码学
01-24
信息安全 密码学
HDU信息安全密码学实验RSA源码
08-14
HDU信息安全密码学实验RSA源码
信息安全密码学实验三:密码学数学基础实验
她长眠于月色
01-26 2016
一、 实验目的 掌握密码学相关的数学基础知识,理解模幂、求逆等运算的过程,编程实现相关算法 二、实验原理 考虑模指数,即计算形如 x^c mod n 的函数,在RSA密码体制中,加密和解密运算都是模指数运算。计算 x^c mod n 可以通过c-1次模乘来实现。 ax ≡1(mod p)当 a 和 p 互质时,方程的解 x 称为 a 关于 p 的逆元 三、实验代码 1.模幂运算 package c...
密码学基础
qq_40569221的博客
02-20 2804
密码学能做什么?机密性:如何使得某个数据自己能看懂,别人看不懂认证:如何确保数据的正确来源,如何保证通信实体的真实性完整性:如何确保数据在传输过程中没有被删改不可否认性: 如何确保用户行为的不可否认性功能如何实现算法协议事实上,在非对称密码发展之前,大多数著名的密码体系,其核心都是扩散与混淆。但是,在我们上述谈到扩散与混淆的时候,有一个值得注意的地方:实现扩散与混淆的器件,即P盒与S盒,其接受的都是固定长度的输入。这与我们之前谈到的流密码不同,流密码的输入可以是任意长度的。
信息安全-密码学
Like_Sugar的博客
04-22 2522
信息安全密码学的发展
信息安全 —— 密码学
qq_53263466的博客
01-05 3972
密码学知识总结,密码学在很多领域用途广泛,提供安全保障。
计算机信息安全密码学研究,密码学是对信息安全各方面的研究,能够解决所有信息安全的问题。() - 试题答案网问答...
weixin_29986051的博客
06-16 2534
相关题目与解析密码学作为信息安全的关键技术,其安全目标主要包括三个非常重要的方面:保密性、完整性和可用性。()是指所有资源只能由授权方式以授权的方式进行修改,即信息未经授权不能进行改变的特性。密码学是保障信息安全的核心技术,信息安全密码学研究与发展的目的。()信息内容安全与传统的基于密码学信息安全的主要区别不包括()。密码学虽然只是信息安全技术的—部分,但却是信息安全技术的核心内容。()密码学...
信息安全密码学之Elgamal算法的加密解密过程
04-09
主要是对密码学中的Elgamal算法的详细分析,对加密解密所涉及的本原元、欧拉函数有说明解释,适合刚接触学习Elgamal算法的人进行快速理解掌握。
HDU信息安全密码学实验DES源码
08-14
HDU信息安全密码学实验DES源码
HDU信息安全密码学实验Caesar源码
08-14
HDU信息安全密码学实验Caesar源码
Python 中别再用 ‘+‘ 拼接字符串了!
最新发布
xyh2004的博客
06-30 1116
Python 中,字符串是不可变的数据类型,这意味着一旦字符串被创建,它就不能被修改。因此,当你尝试通过使用+来连接字符串时,实际上 Python 会创建新的字符串对象,并将旧字符串的内容复制到新字符串中,然后添加新内容。这个过程在处理大量数据或在循环中进行时,会导致性能问题。
昇思25天学习打卡营第2天|张量学习
main_h_的博客
06-26 655
张量是一种特殊的数据结构,主要是描述矩阵 行列式这类。张量(Tensor)是MindSpore网络运算中的基本数据结构,类似日常的多维数组,不过比基础的数组多了一些描述信息。
解决Java中的数组越界异常的技术
weixin_44627014的博客
06-26 524
通过本文的讨论,我们了解了如何有效地处理Java中的数组越界异常。预防异常的发生,合理使用异常处理机制以及考虑使用集合类来替代数组,是确保Java应用程序稳定性和可靠性的关键步骤。
编译正则表达式模式re.compile
liujingwei8610的专栏
06-27 203
print("【执行】pattern.findall('这里有123个苹果和45个橘子')")result = pattern.findall('这里有123个苹果和45个橘子')print(f"【显示】pattern={pattern}")print(f"【显示】result={result}")根据给定的Python代码,哪个选项是正确的?A选项:返回值可以进行search操作。B选项:返回值可以进行match操作。D选项:参数为要编译的正则表达式模式。C选项:参数为要搜索的字符串。
优化|PyOptInterface:高效且灵活的Python优化建模语言
weixin_53463894的博客
06-25 710
建模语言的效率直接影响优化模型的构建和求解时间。通过C++实现的内核直接调用优化求解器的底层C接口,构建优化模型的速度非常快,在性能测试中建模速度最接近求解器的C++接口,比Pyomo快10-20倍,比一些优化求解器的官方Python接口快2-5倍,并超越了目前速度最快的开源建模语言JuMP.jl。在统一接口的基础上,仍然提供了设置优化求解器特定参数等底层接口和高级功能,比如支持混合整数规划(MIP)中的回调函数(callback function),提供与优化求解器官方Python接口相近的完备功能。
Python布尔值:理解与应用
RetutghbxLouis的博客
06-26 282
Python中的布尔值是逻辑数据类型,用于表示真(True)或假(False)两种状态。布尔值在编程中广泛用于条件判断和逻辑运算,是程序中控制流程和逻辑判断的基础。Python的布尔值支持逻辑运算符(如and、or、not)以及与比较运算符(如==、!=、<、>等)的结合使用,使得开发者可以根据条件执行不同的代码分支,实现复杂的逻辑控制。
13017.win10安装WSL2及CUDA开发环境
写给自己的笔记
06-25 826
默认启动进入root用户,修改进入到自定义用户.进入到ubuntu.exe目录。
【知识图谱系列】Neo4j使用Py2neo与python进行链接
2301_81199775的博客
06-28 235
目录 一、安装py2neo 二、打开Neo4j 三、使用Python操作Neo4j 一、安装py2neo pip install --upgrade py2neo -i https://pypi.tuna.tsinghua.edu.cn/simple 可以先阅读下文档:https://py2neo.org/v4/index.html 这个文档里有好多关于这个工具包的API介绍,也就是如何使用这个工具包。 二、打开Neo4j 在cmd里输入neo4j.bat console,然
#include <stdio.h> #include <string.h> int main() { char password[] = "1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ21信息安全密码学课程设计"; // 预设密码 char input[2048]; // 输入缓冲区 printf("你的解密结果: "); scanf("%s", input); // 从键盘读取输入密码 if (strlen(input) != strlen(password)) { // 判断输入密码长度是否正确 printf("解密失败!\n"); } else if (strcmp(input, password) == 0) { // 判断输入密码是否正确 printf("解密成功!\n"); } else { printf("解密失败!\n"); } return 0;}这个程序如何实现在直接运行时不会直接关闭
06-02
可以在程序运行完毕后,加一个 `getchar()` 或 `system("pause")` 的语句,让程序暂停等待用户按下任意键后才退出。例如: ``` #include <stdio.h> #include <string.h> int main() { char password[] = "1234567890ABCDEFGHIJKLMNOPQRSTUVWXYZ21信息安全密码学课程设计"; // 预设密码 char input[2048]; // 输入缓冲区 printf("请输入密码: "); scanf("%s", input); // 从键盘读取输入密码 if (strlen(input) != strlen(password)) { // 判断输入密码长度是否正确 printf("解密失败!\n"); } else if (strcmp(input, password) == 0) { // 判断输入密码是否正确 printf("解密成功!\n"); } else { printf("解密失败!\n"); } getchar(); // 暂停等待用户按下任意键 return 0; } ``` 在 Windows 系统上,`system("pause")` 可以让程序在控制台窗口暂停等待用户按下任意键。在其他系统上,可能需要使用其他等效的语句。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 4
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

岩塘

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值