Cryptographic Authentication Notes

最新推荐文章于 2016-12-02 03:49:17 发布
最新推荐文章于 2016-12-02 03:49:17 发布
阅读量777 收藏
点赞数 1
分类专栏: 网络安全 文章标签: security
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/scythe666/article/details/53403841
版权

一、文章来由

老师在期末的时候给出自愿 presentation 的任务,想接触一下这块,所以果断报名了。

Textbook 下载:
https://www.homeworkmarket.com/sites/default/files/corporate_computer_security_0.pdf

第5.6章

二、Textbook notes

1. Public Key Infrastructures

Using public key authentication with digital certificates requires the organization to establish a public key infrastructure (PKI) to create and manage public key–private key pairs and digital certificates. Figure 5-18 illustrates the functions of a PKI.

THE FIRM AS A CERTIFICATE AUTHORITY

As Chapter 3 noted, certificate authorities (CAs) manage digital certificates. The chapter also noted that CAs are not regulated, and this creates questions of trust. However, if firms act as their own CAs, they have control of trust in their entire public key infrastructure. On the negative side, being a certificate authority is quite expensive because of the labor involved.

这里写图片描述

这里写图片描述

2. CREATING PUBLIC KEY–PRIVATE KEY PAIRS

First, a PKI needs a way to generate public key–private key pairs for non-PKI servers and clients. This is typically done by the client or non-PKI server rather than by the PKI server. The client or server generates a private key–public key pair, and then sends the
public key to the CA. This transmission can be done in the clear because public keys are not secret. The private key, which is secret, is not transmitted at all.

3. ACCEPTING DIGITAL CERTIFICATES

The figure also shows that a supplicant can send the true party’s digital certificate to the verifier. This might seem suspicious, but recall that digital certificates have their own digital signatures signed (encrypted) by the private key of the PKI server. Digital signa-tures give message integrity as well as authentication. Consequently, an impostor cannot change the true party’s name and replace it with his or her own name.

It is safe to accept a digital certificate from a supplicant, even if the supplicant is an impostor. The digital certificate has its own digital signature, which gives integrity. This means that the sender cannot change it.

This is bill
关注
专栏目录
应用手册 Cryptographic Performance-综合文档
05-22
《应用手册:Cryptographic Performance与能效在SimpleLink CC13x2 CC26x2 MCUs中的综合探讨》 本应用手册详细介绍了在SimpleLink CC13x2和CC26x2微控制器(MCUs)上实现密码学性能和能源效率的关键技术及其实际...
android openssl curl 交叉编译
女程序猿香香的博客
12-18 1215
依次执行命令: uname -m NDK=/home/dev/android-ndk-r11c SYSROOT=$NDK/platforms/android-23/arch-arm export CC="$NDK/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin/arm-linux-androideabi-gcc --...
服务里没有Cryptographic Services怎么办?
kepa520的博客
07-25 2335
从正常的电脑里面导出以下键项,然后导入自己的注册表:  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CRYPTSVC  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CRYPTSVC  HKEY_LOCAL_MACHINE\SYSTEM\Con
让你告别盗版软件的清单
yalke
06-03 2119
3D Graphics: 3Delight Free - http://www.3delight.com/index.htm Anim8or - http://www.anim8or.com/ Aqsis - http://www.aqsis.com/ Blender - http://www.blender3d.org/ Houdini (Free Edition) - http://www.s...
qca-qt-cryptographic-architecture-v2.1.3.zip
08-11
qca_-qt-cryptographic-architecture-v2.1.3笔者在Windows10系统下,使用VisualStudio2017预编译的二进制开发包,方便大家下载使用
CRYPTOGRAPHIC ALGORITHMS FOR UMTS
12-29
### 加密算法在UMTS中的应用 #### 引言 全球移动通信系统(GSM)作为第二代移动通信系统的代表,在其安全性设计方面积累了许多经验教训。这些经验为后续几代移动通信系统的安全架构提供了宝贵的参考。...
STM32 Cryptographic Library.rar
09-04
STM32 Cryptographic Library是一个专为STM32微控制器系列设计的加密库,它提供了丰富的安全功能,以支持各种加密算法和哈希操作。这个库是STM32开发者实现数据保护、安全通信和身份验证的关键工具。下面我们将深入...
Cryptographic-开源
05-09
标题中的"Cryptographic-开源"指的是在开源领域中与密码学相关的技术,特别是涉及到加密哈希函数的应用。在这个场景中,我们关注的是OpenOffice.org,一个知名的开源办公软件套件,它包含了一些组件来处理加密和哈希...
Kerberos 认证原理笔记
热门推荐
This is bill的专属博客
12-02 1万+
一、文章来由为了 computer security 课的展示准备素材。二、什么是 KerberosKerberos这一名词来源于希腊神话“三个头的狗——地狱之门守护者摘自百度百科 Kerberos 是一种网络认证协议,其设计目标是通过密钥系统为客户机 / 服务器应用程序提供强大的认证服务。该认证过程的实现不依赖于主机操作系统的认证,无需基于主机地址的信任,不要求网络上所有主机的物理安全,并假定
常见DoS攻击
This is bill的专属博客
11-01 3490
1、Figure 4-1 SYN Flood DoS AttackSYN Flood DoS Attack is that the attacker will send TCP SYN packets in an attempt to make many half-open TCP connections. Memory is allocated for each false connection
非对称加密---RSA算法
This is bill的专属博客
09-27 2445
一、文章来由上一篇提到了网络加密算法中,非对称加密算法是现代网络安全的基石,而RSA算法是公钥加密算法中应用最广的算法之一。二、RSA算法的基础1、互斥关系大家都知道,一个很大很大的数很难进行因式分解。如果两个正整数,除了1以外,没有其他公因子,我们就称这两个数是互质关系(coprime)。比如,15和32没有公因子,所以它们是互质关系。这说明,不是质数也可以构成互质关系。同时有以下结论: (1
Wireshark Lab 2
This is bill的专属博客
11-09 2152
第二次wireshark作业,讲了一些较为实用的技巧,记录一下What to do: A. Run your wireshark for a few seconds and save the capture files on your desktop (test.pcapng) B. Restart your Wireshark and open test.pcapng C. Take a s
公私钥加解密问题汇总
This is bill的专属博客
10-09 1429
A is sending a message to B (using public key infrastructure). What kind of key is used for encryption (for the purpose of confidentiality)? B’s public key. 加密用接收方公钥 A is sending a message to B (usi
Wireshark 3
This is bill的专属博客
11-16 916
Wireshark Lab 3wire shark 的层级功能。What to do A. Open lotsofweb.pcap you used last time and find protocol hierarchy. Take a snap-shot and put it HERE What to do A. Download http_google.pcap from canvas
Computer Security Notes
This is bill的专属博客
11-11 883
一、dos攻击1、常见DoS攻击详见:http://blog.csdn.net/scythe666/article/details/529899072、如何预防DoS攻击Black holingDrop all IP packets from an attacker Not a good long-term strategy because attackers can quickly change
Commands 4 Fun
This is bill的专属博客
11-01 731
dos命令之net,通过扫描21端口或3389端口就可以入侵一般黑客入侵所需要的几个常用命令1:NET 只要你拥有某IP的用户名和密码,那就用IPC$做连接吧! 这里我们假如你得到的用户是hbx,密码是123456。假设对方IP为127.0.0.1 net use \\127.0.0.1\ipc$ "123456" /user:"hbx" 退出的命令是 net use \\127.0.0.1\ip
2023-04-06-项目笔记 - 第二百六十一阶段 - 4.4.2.259全局变量的作用域-259 -2025.09.19
最新发布
09-19
2023-04-06-项目笔记-第二百六十一阶段-课前小分享_小分享1.坚持提交gitee 小分享2.作业中提交代码 小分享3.写代码注意代码风格 4.3.1变量的使用 4.4变量的作用域与生命周期 4.4.1局部变量的作用域 4.4.2全局变量的作用域 4.4.2.1全局变量的作用域_1 4.4.2.259局变量的作用域_259- 2024-09-19
采用Spring+Struts2+Hibernate框架,实现一个仿天猫购物网站的web工程(毕设&课设&实训&大作业&竞赛&项
09-19
项目工程资源经过严格测试可直接运行成功且功能正常的情况才上传,可轻松复刻,拿到资料包后可轻松复现出一样的项目,本人系统开发经验充足(全领域),有任何使用问题欢迎随时与我联系,我会及时为您解惑,提供帮助。 【资源内容】:包含完整源码+工程文件+说明(如有)等。答辩评审平均分达到96分,放心下载使用!可轻松复现,设计报告也可借鉴此项目,该资源内项目代码都经过测试运行成功,功能ok的情况下才上传的。 【提供帮助】:有任何使用问题欢迎随时与我联系,我会及时解答解惑,提供帮助 【附带帮助】:若还需要相关开发工具、学习资料等,我会提供帮助,提供资料,鼓励学习进步 【项目价值】:可用在相关项目设计中,皆可应用在项目、毕业设计、课程设计、期末/期中/大作业、工程实训、大创等学科竞赛比赛、初期项目立项、学习/练手等方面,可借鉴此优质项目实现复刻,设计报告也可借鉴此项目,也可基于此项目来扩展开发出更多功能 下载后请首先打开README文件(如有),项目工程可直接复现复刻,如果基础还行,也可在此程序基础上进行修改,以实现其它功能。供开源学习/技术交流/学习参考,勿用于商业用途。质量优质,放心下载使用。
RESTful IoT Authentication protocol COAP
05-20
The RESTful IoT Authentication protocol COAP (Constrained Application Protocol) is a protocol used to authenticate devices and clients in IoT (Internet of Things) systems. It is based on the principles of REST (Representational State Transfer) and is specifically designed for use in resource-constrained environments. COAP allows devices and clients to communicate securely over the internet by using lightweight cryptographic techniques. It uses DTLS (Datagram Transport Layer Security) to provide confidentiality, integrity, and authentication of messages exchanged between devices and clients. The protocol also includes support for token-based authentication, which helps to prevent unauthorized access to resources. In addition to authentication, COAP can also be used to monitor and control IoT devices. It supports a range of HTTP-like methods, including GET, POST, PUT, and DELETE, which can be used to request or update resource representations. Overall, COAP provides a secure and efficient way to authenticate devices and clients in IoT systems, while also enabling communication and control between them.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值