信息安全期末总结

信息安全期末总结

第一章、信息与网络安全概念

Information security:the concepts, techniques, technical measures, and administrative measures used to protect information assets from deliberate or inadvertent unauthorized acquisition, damage, disclosure, manipulation, modification, loss, or use

信息安全:用于保护信息资产免遭蓄意或无意的未经授权的获取、破坏、披露、操纵、修改、丢失或使用的概念、技术、技术措施和行政措施。

Cybersecurity :the protection of information that is stored, transmitted, and processed in a networked system of computers, other digital devices, and network devices and transmission lines, including the Internet.

网络空间安全：保护在计算机、其他数字设备、网络设备和传输线组成的网络系统中存储、传输和处理的信息，包括互联网。

Information Security：the preservation of confidentiality, integrity, and availability.

信息安全：保持信息的保密性、完整性和可用性。

Network Security：the protection of networks and their service from the attacks and provision of assurance that the network performs its critical functions correctly and there no harmful side effects.

网络安全：保护网络及其服务不受攻击，并保证网络正确执行其关键功能，不产生有害的副作用。

CIA：

confidentiality：保密性

Integrity:完整性

Availability:可用性

Confidentiality consists of two concepts

• Data confidentiality assures that private or confidential information is not made available or disclosed to unauthorized individuals.
• Privacy assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

保密性包括两个概念：

• 数据保密性保证了私人或机密信息不被提供或披露给未经授权的个人。
• 隐私保证个人控制或影响与他们有关的信息的收集和储存，以及由谁和向谁披露这些信息。

Integrity is about making sure things are as they should be：

• Data integrity, assures that information and programs are changed only in a specified and authorized manner.
• System integrity, assures that a system performs its intended function on undamaged manner, free from deliberate or inadvertent unauthorized manipulation of system.

完整性是指确保事情是他们应该做的：

• 数据完整性，保证信息和程序仅以指定和授权的方式被改变。
• 系统完整性，保证一个系统以未受损害的方式执行其预定的功能，不受蓄意或无意的未经授权的系统操纵。

Availability assures that systems work promptly and service is not denied to authorized users.
This covers areas beyond the normal scope of security, including fault-tolerance.

可用性保证了系统的及时工作，以及对授权用户的服务不被拒绝。这涵盖了安全的正常范围之外的领域，包括容错。

Authenticity: the property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator.

真实性：是指真实的、能够被验证和信任的属性；对传输、信息或信息发起人的有效性的信心。

Accountability: the security goal that generates the requirement for actions of an entity to be traced uniquely to that entity.

可审计性：产生要求实体的行动能够唯一地被追踪到该实体的安全目标。

OSI：

• security attack:is any action that compromises the security of information owned by an organization
• security mechanism：is a process that is designed to detect, prevent, or recover from a security attack
• security service：A processing or communication service that enhances the security of the data processing systems and the information transfers of an organization. The services are intended to counter security attacks.
• 安全攻击：任何危机信息系统安全的行为
• 安全机制：用了检测、阻止攻击或从攻击状态恢复到正常状态的过程
• 安全服务：加强数据处理系统和信息传输的安全性的一种处理过程或通信服务，目的是利用一种或多种安全机制阻止攻击。

安全攻击

Passive attacks:Passive attacks are in the nature of eavesdropping on, or monitoring of ,transmissions. The goal of opponent is to obtain information that is being transmitted. Such as: release of message contents and traffic analysis

被动攻击：是对传输进行窃听和检测。攻击者的目标是获取传输的信息。信息内容的泄露和流量分析都属于被动攻击。

Active attacks：Active attacks involve some modification of the data stream or the creation of a false stream and can be subdivided into four categories:masquerade,replay,modification of message and denial of service。

主动攻击：对数据流量进行篡改或伪造数据流，具体分为伪装、重放、消息篡改和拒绝服务4类。

Authentication ：The authentication service is concerned with assuring that a communication is authentic.

安全服务

• Authentication:认证
• Access Control:访问控制
• Data Confidentiality:数据保密性
• Data Integrity:数据完整性
• Non-Repudiation:不可否认性
• Availability:可用性服务

安全机制

• Encipherment：密码算法
• Digital Signature：数字签名
• Access Control：访问控制
• Data Integrity：数据完整性
• Authentication exchange：认证交换
• Traffic Padding：流量填充
• Routing Control：路由控制
• Notarisation ：公证

第二章、经典加密算法

Some Basic Terminology

cryptology:field of both cryptography and cryptanalysis

密码学：密码学和密码分析领域

cryptanalysis (codebreaking)：study of principles/ methods of deciphering ciphertext without knowing key

加密分析(破译密码)：研究在不知道钥匙的情况下破译密码文本的原则/方法

cryptography ：study of encryption principles/methods

加密学：加密原理/方法的研究

plaintext :original message ciphertext :coded message cipher :algorithm for transforming plaintext to ciphertext

明文：原始信息 密文：密码信息 密码：转化明文为密文的算法

分类密码系统：

type of encryption operations：substitution / transposition / product

加密操作类型：替代、置换、乘积

number of keys： single-key or private / two-key or public

密码得数量：单密钥或私钥/双密钥或公钥

wey:in which plaintext is processed block / stream

方法：其中明文是程序块/流

Attacking the cipher:cryptanalytic attack,brute-force attack

attack method密码攻击方式：

• key Analysis 密码分析：利用算法的性质来推导出特定的明文或使用的密钥
• Violent attacks暴力攻击：尝试所有的可能

Symmetric Encryption：对称加密

or conventional / private-key / single-key–或传统/私钥/单钥

Symmetric Cipher Model：对称密码模型(成分)

plaintext,Encryption,Secret Key,Ciphertext,Decryption algorithm

明文、加密算法、密钥、密文、解密算法

unconditional security:no matter how much computer power or time is available, the cipher cannot be broken since the ciphertext provides insufficient information to uniquely determine the corresponding plaintext

无条件安全：无论攻击者拥有多少资源（时间和金钱）都不能得到明文。

computational security ：given limited computing resources (eg time needed for calculations is greater than age of universe), the cipher cannot be broken

计算安全(计算机安全，信息安全)：攻击者有限的资源（时间和金钱）都不能的到明文。

Classical Encryption Techniques(经典加密技术)

substitution / transposition / product(替代、置换、乘积)

Classical Substitution Ciphers

第三章、Block Ciphers and Data Encryption Standard

根据明文的处理方式分为：分组密码和流密码

Block Ciphers: block ciphers process messages in blocks, each of which is then en/decrypted

分组密码：提前准备好全部明文，明文分组长度与与密文分组长度相同。分组大小一般-64bits

stream Ciphers:stream ciphers process a bit or byte of messages at a time when en/decrypting

流密码：每次处理一个比特或一个字节

Confusion and Diffusion(混淆与扩散)

diffusion – dissipates statistical structure of plaintext over bulk of ciphertext against deducing the key- permutation。

扩散–将明文的统计结构散布在大量的密码文中，以防止推导出密钥–置换。

confusion – makes relationship between ciphertext and key as complex as possible-to prevent the attack to deduce the key- substitution

混乱–使密码文本和钥匙之间的关系尽可能地复杂，以防止推断钥匙的攻击–替换

Feistel Cipher Structure(Feistel密码结构)

1.based on concept of invertible product cipher
2.partitions input block into two halves
3.process through multiple rounds which perform a substitution on left data half
4.based on round function of right half & subkey
5.then have permutation swapping halves
6.implements Shannon’s S-P net concept

1.基于可逆积密码的概念
2.将输入块分成两半
3.通过多轮处理，对左半边数据进行置换
4.基于右半部分和子密钥的圆函数
5.然后对两半数据进行置换。
6.实现了香农的S-P网概念

Feistel Cipher Design Elements(Feistel密码设计元素-参数和特征)

1.block size :larger block sizes mean greater security分组长度
2.key size :larger key size means greater security密钥长度
3.number of rounds :multiple rounds offer increasing security迭代轮次
4.subkey generation algorithm: greater complexity will lead to greater difficulty of cryptanalysis.子密钥生成算法
5.round function轮函数
6.fast software en/decryption:the speed of execution of the algorithm becomes a concern快速软件加解密
7.ease of analysis简化分析难度

Avalanche Effect雪崩效应：

A change in one bit of the plaintext or key will cause many bits of the ciphertext to change.明文或密钥的某一位发生变化会导致密文的很多位发生变化。

Data Encryption Standard (DES数据加密标准)

64位分组长度，64位密钥，但是仅用56，其余8位是奇偶校验。迭代16轮

不能阻止暴力攻击

第四章、Advanced Encryption Standard

Rijndel

data block of 4 columns of 4 bytes is state key is expanded to array of words has 9/11/13 rounds in which state undergoes:

• byte substitution (1 S-box used on every byte)
• shift rows (permute bytes between groups/columns)
• mix columns (subs using matrix multiply of groups)
• add round key (XOR state with key material)

initial XOR key material & incomplete last round with fast XOR & table lookup implementation

四个阶段

• 字节替代：用一个S盒完成分组的字节到字节的代替
• 行移位：一个简单的置换
• 列混淆：利用有限域上的算数特性的一个替代
• 轮密钥加：当前分组和拓展密钥的一部分进行按位XOR运算

初始的XOR密钥材料和不完整的最后一轮的快速XOR和查表实现

第五章、Block cipher operations and Confidentiality Using symmetric encryption

traditionally symmetric encryption is used to provide message confidentiality.

传统上，对称加密被用来提供信息的保密性。

need to decide what to be encrypted and where the encryption function should be located. Now examine potential locations of security attacks and then look at the two major approaches to encryption placement: link and end to end.

需要决定要加密的内容和加密功能的位置。现在检查一下安全攻击的潜在位置，然后看一下加密放置的两种主要方法：链接和端到端。

第六章、Random Bit Generation and Stream Cipher(随机位生成和流密码)

many uses of random numbers in cryptography

• nonces in authentication protocols to prevent replay attacks
• session keys
• public key generation
• keystream for a one-time pad

in all cases its critical that these values be

• statistically random, uniform distribution, independence
• unpredictability of future values from previous values

随机数在密码学中的许多用途

• 认证协议中的非编码，以防止重放攻击
• 会话密钥
• 公钥的产生
• 一次性码的密钥流

在所有情况下，这些值都是至关重要的

• 统计学上的随机性、均匀分布、独立性
• 未来的值与以前的值不可预测

True random number generator (TRNG): it takes as input a source that is effectively random; the source is often referred to as an entropy source.

真随机数生成器（TRNG）：它将一个有效的随机源作为输入；该源通常被称为熵源。

Pseudorandom number generator (PRNG): An algorithm that is used to produce an open-ended sequence of bits is referred to as a PRNG.

伪随机数生成器（PRNG）。一种用于产生无限制的比特序列的算法被称为PRNG。

Pseudorandom function (PRF): A PRF is used to produced a pseudorandom string of bits of some fixed length. Examples are the symmetric encryption keys and nonces.

伪随机函数（PRF）：伪随机函数是用来产生一些固定长度的伪随机位串的。例如，对称加密密钥和nonces。

PRNG Requirements

1. Randomness：uniformity, scalability, consistency

2. Unpredictability：forward & backward unpredictability

3. Characteristics of the seed：Secure if known adversary can determine output, so must be random or pseudorandom number

4. 随机性：均匀性、可扩展性、一致性

5. 不可预测性：前向和后向的不可预测性

6. 种子的特性：如果已知对手能确定输出，则安全，所以必须是随机或伪随机数。

Randomness:

• uniformity:At any point in the generation of a sequence of random or pseudorandom bits, the occurrence of a zero or one is equally likely.
• Scalability:Any test applicable to a sequence can be applied to subsequences extracted a random.
• Consistency:The behaviour of a generator must be consistent across starting values (seeds).

随机性：

• 均匀性:在随机或伪随机比特序列产生的任何一点上，出现0或1的可能性是相同的。
• 可扩展性:任何适用于一个序列的测试都可以应用于提取随机的子序列。
• 一致性:一个发生器的行为必须在不同的起始值（种子）中保持一致。

Unpredictability:

• forward unpredictability:If the seed is unknown, the next output bit in the sequence should be unpredictable in spite of any knowledge of previous bits in the sequence.
• backward unpredictability:It should also not be feasible to determine the seed from knowledge of any generated values.

不可预知性：

• 前向不可预知性：如果种子是未知的，那么尽管知道序列中以前的位，序列中的下一个输出位应该是不可预知的。
• 后向不可预测性：通过对任何生成值的了解来确定种子也应该是不可行的。

Algorithm Design算法设计

• Linear Congruential Generator 线性共轭发生器
• Blum Blum Shub Generator
• Using Block Ciphers as PRNG
• Natural Random Noise
• Published Sources

第七章、Public Key Cryptography and RSA

developed to address two key issues:

• key distribution – how to have secure communications in general without having to trust a KDC with your key
• digital signatures – how to verify a message comes intactly from the claimed sender

开发的目的是解决两个关键问题：

• 密钥分配–如何在一般情况下进行安全通信，而不需要用你的密钥去信任一个KDC
• 数字签名–如何验证一个信息是否完整地来自声称的发送者

public invention due to Whitfield Diffie & Martin Hellman at Stanford Uni in 1976

1976年斯坦福大学的Whitfield Diffie和Martin Hellman的公开发明。

Three misconceptions

• Public-key encryption is more secure from cryptanalysis than is symmetric encryption
• Public-key encryption is a general-purpose technique that has made symmetric encryption obsolete. It complements rather than replaces private key crypto
• Key distribution is trivial when using public-key encryption, compared to the rather cumbersome handshaking involved with key distribution centers for symmetric encryption

三种误解:

• 公开密钥加密比对称加密更安全，不受密码分析影响
• 公开密钥加密是一种通用技术，已经使对称加密过时。它是对私钥加密技术的补充，而不是取代。
• 在使用公开密钥加密时，密钥分配是不重要的的，相比之下，对称加密的密钥分配中心涉及到相当繁琐的握手过程。

public-key/two-key/asymmetric cryptography involves the use of two keys:

• a public-key, which may be known by anybody, and can be used to encrypt messages, and verify signatures
• a private-key, known only to the recipient, used to decrypt messages, and sign (create) signatures

公钥/双钥/非对称密码学涉及到两个钥匙的使用：

• 公钥，任何人都可以知道，可以用来加密信息，并验证签名
• 一个私钥，只有接收者知道，用于解密信息，并签署（创建）签名

A public-key encryption scheme has six ingredients:一个公钥加密方案有六个成分

1. ​ Plaintext 明文
2. ​ Encryption algorithm加密算法
3. ​ Public and private keys公钥和私钥
4. ​ Ciphertext密文
5. ​ Decryption algorithm解密算法

Requirements For Public Key Cryptography(公钥密码学的要求)

There are six requirements:

1. It is computationally easy for a party B to generate a pair keys(public key ,private key ).
2. it is computationally easy for sender A, knowing the public key and the message to be encrypted, to generate the corresponding ciphertext.
3. it is computationally easy for the receiver B, to decrypt the resulting ciphertext using the private key to recover the original message
4. it is computationally infeasible for an adversary, knowing the public key to determine the private key.
5. it is computationally infeasible for an adversary, knowing the public key and a ciphertext to recover the original message
6. The two keys can be applied in either order

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-UNf2NV7s-1639664619966)(C:\Users\m1520\AppData\Roaming\Typora\typora-user-images\image-20211215211435213.png)]

以下6各要求：

1. B产生的一对密钥(公钥PUb,私钥PRb)在计算上是容易的
2. 已知公钥和要加密的消息M，发送方A产生相应的密文在计算上是容易的：C=E(PUb,M)
3. 接收方B使用其私钥对接受的密文解密以恢复明文在计算上是容易的：M=D(PRb,C)
4. 已知公钥PUb时，敌手要确定私钥PRb在计算机是不可行的
5. 一直公钥PUb和密文C时，敌手恢复明文C在计算上是不可行的
6. 两个密钥可以交换顺序

Public Key Applications：

can classify uses into 3 categories:

1. encryption/decryption (provide secrecy)
2. digital signatures (provide authentication)
3. key exchange (of session keys)

可将用途分为3类：

1. 加密/解密（提供保密性）
2. 数字签名(提供认证)
3. 密钥交换（会话密钥）。

RSA Key Setup：

each user generates a public/private key pair by:

1. selecting two large primes at random : p, q

2. computing their system modulus n=p×q

   note ø(n)=(p-1)(q-1)

3. selecting at random the encryption key e

   where 1<e<ø(n), gcd(e,ø(n))=1

4. solve following equation to find decryption key d

   ed= 1 mod ø(n) and 0≤d≤n

5. publish their public encryption key: PU={e,n}

6. keep secret private decryption key: PR={d,n}

RSA use

to encrypt a message M the sender:

• obtains public key of recipient PU={e,n}
• computes: C = Me mod n, where 0≤M<n

to decrypt the ciphertext C the owner:

• uses their private key PR={d,n}
• computes: M = Cd mod n

possible approaches to attacking RSA are:

• brute force key search (infeasible given size of numbers)
• mathematical attacks (based on difficulty of computing ø(n), by factoring modulus n)
• timing attacks (on running of decryption)
• chosen ciphertext attacks (given properties of RSA)

攻击RSA可能的方法：

• 穷举攻击：考虑到数字的大小，不可行的
• 数学攻击（基于计算ø(n)的难度，通过因式分解模数n）。
• 时间攻击（关于解密的运行）。
• 选择的密码文本攻击（鉴于RSA的特性）
  r private key PR={d,n}
• computes: M = Cd mod n

possible approaches to attacking RSA are:

• brute force key search (infeasible given size of numbers)
• mathematical attacks (based on difficulty of computing ø(n), by factoring modulus n)
• timing attacks (on running of decryption)
• chosen ciphertext attacks (given properties of RSA)

攻击RSA可能的方法：

• 穷举攻击：考虑到数字的大小，不可行的
• 数学攻击（基于计算ø(n)的难度，通过因式分解模数n）。
• 时间攻击（关于解密的运行）。
• 选择的密码文本攻击（鉴于RSA的特性）