信息安全重要导论

1、信息安全重要导论密码学原理及算法 page22022/7/202. 对称密码体系3. 公钥密码体系4. 密码散列函数1. 概述1. 概述安全攻击：Interruption 阻断Interception 窃听Modification 修改Fabrication 伪装Active AttackPassive Attackpage32022/7/201. 概述安全服务Confidentiality (保密性)Availability (可用性)Nonrepudiation (防抵赖)Authentication (真实性)Integrity (完整性)Access Control (可控性)page

2、42022/7/201. 概述page52022/7/20Symmetric CryptographyAsymmetric CryptographyCryptographic Hash FunctionCryptography1. 概述page62022/7/20Cryptographic Hash FunctionAsymmetric CryptographySymmetric CryptographyGeneral idea of Symmetric-key cipher 对称密码PlaintextPlaintextCiphertextCiphertextDecryptionAlgorit

3、hmEncryptionAlgorithmSecure Key-exchange ChannelInsecure ChannelSharedSecret-KeySharedSecret-KeyAliceBobEncipherment（加密）1. 概述page72022/7/20Symmetric CryptographyCryptographic Hash FunctionAsymmetric CryptographyGeneral idea of Asymmetric-key cipherPlaintextPlaintextCiphertextCiphertextDecryptionAlgo

4、rithmEncryptionAlgorithmInsecure ChannelAliceBobAlicesPrivate-KeyAlicesPublic Key1Digital Signature数字签名1. 概述page82022/7/20Symmetric CryptographyCryptographic Hash FunctionAsymmetric CryptographyGeneral idea of Asymmetric-key cipherPlaintextPlaintextCiphertextCiphertextEncryptionAlgorithmDecryptionAl

5、gorithmInsecure ChannelAliceBobAlicesPrivate-KeyAlicesPublic Key2Encipherment1. 概述page92022/7/20Symmetric CryptographyAsymmetric CryptographyCryptographic Hash FunctionGeneral idea of Hash Function for Message DigestOriginalMessageChecking integrity 完整性检验密码学原理及算法 page102022/7/202. 对称密码体系3. 公钥密码体系4.

6、密码散列函数1. 概述1. 概述page112022/7/20分组密码流密码秘钥管理对称密码2. 对称密码2.1 分组密码: 基本变换函数page122022/7/20S-BoxXORCircular ShiftSwapSplit / CombineP-BoxA P-box (置换盒) parallels the traditional transposition cipher for characters. It transposes (移动) bits. A straight(直接的) P-box is invertible(可逆的), but compression and expans

7、ion P-boxes are not.e.g.2. 对称密码2.1 分组密码: 基本变换函数page132022/7/20P-BoxXORCircular ShiftSwapSplit / CombineS-BoxAn S-box (替换盒) can be thought of as a miniature(微小的) substitution cipher. An S-box is an m n substitution unit, where m and n are not necessarily the same.110 11010 012. 对称密码2.1 分组密码: 基本变换函数pa

8、ge142022/7/20P-BoxS-BoxCircular ShiftSwapSplit / CombineXORThe exclusive-or operation is an important component in most block ciphers. XOR01001110+e.g.2. 对称密码2.1 分组密码: 基本变换函数page152022/7/20P-BoxS-BoxXORSwapSplit / CombineCircular ShiftThe circular shift operation is another component found in some m

9、odern block ciphers. e.g.2. 对称密码2.1 分组密码: 基本变换函数page162022/7/20P-BoxS-BoxXORCircular ShiftSplit / CombineSwapThe swap operation is a special case of the circular shift operation where k = n/2. e.g.EncryptionDecryption2. 对称密码2.1 分组密码: 基本变换函数page172022/7/20P-BoxS-BoxXORCircular ShiftSwapSplit / Combin

10、eTwo other operations found in some block ciphers are split and combine. e.g.SplitCombineEncryptionDecryption2. 对称密码2.1 分组密码: Feistel 密码page182022/7/20Block sizeKey sizeNumber of roundsSubkey generationRound functionFast software E/DEase of analysis2. 对称密码2.1 分组密码: DES（数据加密标准）page192022/7/20DES64bit

11、 plaintext64bit ciphertextInitial permutationRound 1Round 2Round 16Final permutation.56bit keyK1K2K16Round-key generator2. 对称密码2.1 分组密码: DES（数据加密标准）page202022/7/20秘钥扩展：生成16个轮秘钥2. 对称密码2.1 分组密码: DES（数据加密标准）page212022/7/20多重加密(Multiple Encryption)Double DESC = EK2(EK1(P)M = DK1(DK2(P)meet in the middle

12、 attack:Triple DESTriple DES with 2 keysC=Ek1(Dk2(Ek1(P)P=Dk1(Ek2(Dk1(P)K1+K2: 112bitsTriple DES with 3 keysC=Ek3(Dk2(Ek1(P)P=Dk1(Ek2(Dk3(C)More secure than DES, but with more cost2. 对称密码2.1 分组密码: AES（高级数据加密标准）page222022/7/202. 对称密码2.1 分组密码: AES（高级数据加密标准）page232022/7/201) Byte Substitution2) Shift R

13、ows3) Mix Columns4) Add Round key2. 对称密码2.1 分组密码: AES（高级数据加密标准）page242022/7/20秘钥扩展2. 对称密码2.1 分组密码：加密模式对称密码算法的具体应用机制增加安全性，如完整性可以将分组加密算法用作流加密page252022/7/202. 对称密码2.1 分组密码：加密模式page262022/7/20CBCCFBOFBCTRECBThe electronic codebook (ECB) mode is the simplest mode of operation.Each block of plaintext is

14、encoded independently(独立地) using the same key.2. 对称密码page272022/7/202.1 分组密码：加密模式ECBCFBOFBCTRCBCTo transmit a lengthy message, we might employ the so called Cipher Block Chaining (CBC) mode；In this scheme, the input to the encryption algorithm is the XOR of the current plaintext block and the preced

15、ing ciphertext block; the same key is used for each block.To transmit a lengthy message, we might employ the so called Cipher Block Chaining (CBC) mode；In this scheme, the input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block; the same key is

16、used for each block.2. 对称密码page282022/7/202.1 分组密码：加密模式ECBCBCOFBCTRCFB2. 对称密码page292022/7/202.1 分组密码：加密模式ECBCBCCFBCTROFBOutput Feedback Mode is Similar to CFB. Can you find the difference?2. 对称密码page302022/7/202.1 分组密码：加密模式ECBCBCCFBOFBIn the counter (CTR) mode, there is no feedback. The pseudo-rando

17、mness(伪随机) in the key stream is achieved using a counter. CTR2. 对称密码2.2 流密码page312022/7/20Structure110011000110110010100000+plaintextkey streamciphertext2. 对称密码2.2 流密码：RC4算法page322022/7/202. 对称密码2.2 流密码：RC4算法page332022/7/202. 对称密码2.2 流密码：RC4算法page342022/7/20Initialization Initialization is done in t

18、wo steps:Key Stream GenerationThe keys in the key stream are generated, one by one. 2. 对称密码2.3 秘钥分配page352022/7/20Key Distribution Scenario: preconditions(前提) A wishes to establish a logical connection with BABKDC A requires a session key from KDC to protect the communication A share a master key wi

19、th KDC, B share with KDCSecret channelSecret channel2. 对称密码2.3 秘钥分配：KDC Scenariopage362022/7/20AKDCAB12456密码学原理及算法 page372022/7/202. 对称密码体系3. 公钥密码体系 4. 密码散列函数1. 概述3. 公钥密码page382022/7/203.1 Diffie-Hellman Key Exchange Scheme3. 公钥密码3.1 Diffie-Hellman Key Exchange Schemepage392022/7/20 Global Public ElementsY：YP, Y是P的素数根P：素数 For AliceSelected private: A, ( AP )Calculate public =YA mod