月6日-cissp203核心章节培训课件cissp-cryptography

Cryptography学Xu

Hui,CISSP:

chi

2013/2/41CISSP

ExpectationsUnderstand

the

application

and

use

of

cryptography理

码学的应用Data

atrest,

e.g.,

hard

driveData

in

transit,

e.g.,

“On

the

wire”Understand

the

encryption

concepts理

码学概念Foundational

concepts（基本概念）Symmetric

cryptography（对称加密）Asymmetric

cryptography（非对称加密）Hybrid

cryptography（混合加密）Message

digests（消息

）Hashing（杂凑算法）CISSP

Expectation

->2CISSP

ExpectationsUnderstand

Key

Management

Process理

钥管理流程Creation

and

distribution（创建和分发）和销毁）Storage

and

destruction（Recovery（密钥恢复）Key

escrow(密钥托管)Understand

digital

signatures理解数字签名Understand

nonrepudiation理解不可抵赖CISSP

Expectation

->3CISSP

ExpectationsUnderstand

methods

of

crypt ytic

attacks理

码

方法Chosen

plaintext（选择明文

）Social

engineering

for

key

discovery（社会工程学）Brute

force（

）Cipher

text

only（唯密文

）Known

plaintext（已知明文

）Frequency

ysis（频率分析）Chosen

ciphertext（选择密文

）Implementation

attacks（针对实施的

）CISSP

Expectation

->4CISSP

ExpectationsEmploy

cryptography

in

network

security在

中使用

学技术Use

cryptography

to

maintain

security使用

学技术保护电子邮件安全Understand

public

key

infrastructure理解PKI公钥技术设施Understand related

issues理解数字

和相关概念Understand

information

hiding

alternatives,

e.g.,steganography,

watermarking理解信息隐藏技术CISSP

Expectation

->5Topics对称非对称※

0.

CISSP

Expectation※

1.

Cryptography

History学历史※

2.

Symmetric

Cipher※

3.

Asymmetric

Cipher※

4.

Hash

Cipher杂凑※

5.

Cipher

Application应用※

6.Cryptysis分析学※

7.

More61.

CRYPTOGRAPHY

HISTORY学历史7ATBASHAleph(the

letter)-Tav(the

last)-Beth(the

second)-Shin(onebefore

last)600-500BC

by

Hebrew(希伯来人于公元前600年-前500年发明)scribes

writing

down

the

book

ofJeremiah

used

reversed-alphabet

simple

substitutioncipherMonoalphabetic

Substitution

Cipher(单字母替换

)DemoCipher

Spec:SubstitutionabcdefghijklmnopqrstuvwxyzzyxwvutsrqponmlkjihgfedcbaPlaintext:I

have

a

good

newsCiphertext:

r

szev

ztllw

nvdhCryptography

History->Plain:

אבגדהוזחטיכלמנסעפצקרשתCipher:

תשרקצפעסנמלכיטחזוהדגבא8Scytale

Cipher

(木棍

)700-300BC

inGreece(希腊人于公元前600年-前500年发明)consisting

of

acylinder

with

a

strip

of

par ent

wound

arounditon

which

is

written

a

message.

The

ancient

Greeks（希腊人）,

andthe

Spartans（斯巴达人）

in

particular,

are

said

to

have

used

thiscipher

to

communicate

during

military

nsTransposition

Cipher（移位式

）E.g.,Transposition

around

a

cylinder

of

0.7

diameterCryptography

History->9Caesar

Cipher凯撒60-50BC

by

Julius

Caesar,Roma

（凯撒大帝于公元前60年-前50年在罗马发明）Monoalphabetic Substitution

Cipher（单字母替换

）E.g.,Cipher_Spec:Substitution:

Right

shift

the

alphabetic

by

3positions()abcdefghijklmnopqrstuvwxyzxyzabcdefghijklmnopqrstuvwPlaintext:

I

have

a

good

newsCiphertext:

f

exsb

x

dlla

kbtpCryptography

History->10Vigenere

Cipher(维吉尼亚

)abcdefghijklmnopqrstuvwxyzAabcdefghijklmnopqrstuvwxyzBbcdefghijklmnopqrstuvwxyzaCcdefghijklmnopqrstuvwxyzabDdefghijklmnopqrstuvwxyzabcEefghijklmnopqrstuvwxyzabcdFfghijklmnopqrstuvwxyzabcdeGghijklmnopqrstuvwxyzabcdefHhijklmnopqrstuvwxyzabcdefgIijklmnopqrstuvwxyzabcdefghJjklmnopqrstuvwxyzabcdefghiKklmnopqrstuvwxyzabcdefghijLlmnopqrstuvwxyzabcdefghijkMmnopqrstuvwxyzabcdefghijklNnopqrstuvwxyzabcdefghijklmOopqrstuvwxyzabcdefghijklmnPpqrstuvwxyzabcdefghijklmnorstuvwxyzabcdefghijklmnopRrstuvwxyzabcdefghijklmnopqSstuvwxyzabcdefghijklmnopqrTtuvwxyzabcdefghijklmnopqrsUuvwxyzabcdefghijklmnopqrstVvwxyzabcdefghijklmnopqrstuWwxyzabcdefghijklmnopqrstuvXxyzabcdefghijklmnopqrstuvwYyzabcdefghijklmnopqrstuvwxZzabcdefghijklmnopqrstuvwxy16世纪由法国人Vigenere（维吉尼亚）发明Poly

alphabetic

substitution

(多字母替换

)DemoRepeated

Key:seckeyPlaintext:I

have

a

good

newsCiphertext:s

+

i

=>ae

+

h

=>lc

+

a

=>ck

+v

=>f…a

lcfi

y

ysqn

rcowCryptography

History->11One

Time

Pad(aman2People

humanbeing

eatfooddrink

watertakeshowerhappy

familyFaith

hope

loveawomanaman2本)KeyPadKey

PadPre

SharePeople

humanbeing

eat

fooddrink

watertake

showerhappy

familyFaith

hope

lovea

womanPlaintext:I

have

a

good

newsCiphertext:(i+p)mod26=y(h+e)mod26=m(a+o)mod26=p(v+p)mod26=l…y

mplq

…Cryptography

History->12Running

Key

CipherPre

ShareKey

Index:P10L05C01Plaintext:I

have

a

good

newsCiphertext:(i+i)mod26=r(h+w)mod26=d(a+e)mod26=fWaldenWaldenThoreauThoreauP10L05C01=Page:10,

Line:05,

Column:01Content:I

went

to

the

woods

because

I

wished

to

livedeliberay,

tofront

only

the

essential

facts

of

life,

and

see

if

I

could

notlearn

what

it

had

to

teach,

and

not,

when

I

came

to

die,discover

that

I

had

not

lived.

I

did

not

wish

to

live

whatwasnot

life,

livingis

so

dear;13Cryptography

History->ConclusionTranspositionCipher(移位式

)Permutation

CipherSubstitution

Cipher(替换式

)Mono

alphabetic

SubstitutionPoly

alphabetic

SubstitutionCryptography

History->14Steganography(隐写术)The

art

and

science

of

writing

hiddenmessages.隐藏信息的科学艺术The

advantage

of

steganography

overcryptography

alone

is

that

messages

do

notattract

attention

to

the隐写术相比 学的特点是不易引起注意Eg,–

iodine

starch

reaction碘酒和淀粉化学反应Cryptography

History->152.

SYMMETRIC

CIPHER对称16Symmetric

VS

AsymmetricEncryptionKeyCiphertextDecryptionKeyPlaintext对称

VSPlaintextEncryptionKey(1)CiphertextDecryptionKey(2)Plaintext非对称PlaintextSymmetric

Cipher->17Block

Cipher

VS

Stream

CipherBlock(eg.128bit)Block…EncryptionBlock(eg.128bit)Block…Plaintext110…EncryptionKey块

VS

流PlaintextPlaintext110…KeyPlaintextSymmetric

Cipher->18Terminology(术语)NIST(USA):

National

Institute

of

Standards

and

Technology与技术NIST

SP:

National

Institute

of

Standards

and

TechnologySpecial

Publication与技术

特别

物FIPS(USA):

Federal

Information

Processing

Standards•信息处理标准–

non-militaryNSA(USA):

National

Security

Agency国家安全局Symmetric

Cipher->19DESData

EncryptionStandard(数据加密标准)1977,

FIPS

46,

by

NISTReplaced

by

AES(被AES算法替代)Block

Cipher(块

)Block

Size:

64bit

Block

(块大小：64比特)Key

Size:

56bit(密钥长度：56比特)Rounds:

16

rounds

of

transposition

and

substitution4

Cipher

Modes

(4种

模式)Electronic

Codebook

(ECB)Block

Chaining

(CBC)Cipher

Feedback

(CFB)Output

Feedback

(OFB)安全性：DES已经在1998年被EFF(Electronic

Frontier

Foundation)证明是不安全的，当时EFF用了少于250000

的价格组装了一台计算机用少于3天的时间

了DES

。Symmetric

Cipher->20Electronic

CodebookSymmetric

Cipher->Problem:

Identical

plaintext

blocks

are

encrypted

into

identical

ciphertextblocks;对相同的明文模块加密会产生同样的加密结束A

striking

example

=>ECB(pixel)Cipher

Block

ChainingSymmetric

Cipher->ECB(pixel)Cipher

Feedback

ModeSymmetric

Cipher->Output

Feedback

ModeSymmetric

Cipher->The

output

feedback

(OFB)

mode

makes

a

block

cipher

into

a

synchronous

streamcipher.

It

generates

keystream

blocksCTRSymmetric

Cipher->3DESTriple

Data

Encryption

Standard

or

TDEA(TripleData

Encryption

Algorithm

)to

encrypt

the

message

three

times(使用DES加密三次)published

in

1998,

NIST

SP

800-671999年，NIST将3-DES指定为过渡的加密标准。Block

Cipher(块

)3DES

Encryption：C=Ek3(Dk2(Ek1(P)))3DES

Decryption：P=Dk1((EK2(Dk3(C)))Key

Option(密钥模式)–

K1

≠

K2,

K1=K3–

K1

≠

K2

≠

K3安全性：NIST

has

approved

Triple

DES

through

theyear

2030

for

sensitive ernment

information3DES算法可以在

敏感的

信息系统中继续使用到2030年26Symmetric

Cipher->AESAdvanced

Encryption

Standard(高级加密标准)FIPS

197

in

2001

by

NIST

,

Originally

called

RijndaelWin

from MARS,

RC6,

Rijndael,

Serpent,

TwofishBlock

CipherBlock

Size:

128/192/256bit

BlockKey

Size:

128/192/256bit10

rounds

for

128-bit

keys,

12

rounds

for

192-bit

keys,

and

14rounds

for256-bit

keys安全性By

2006,

the

best

knownattacks

were

on7

rounds

for128-bitkeys,

8

rounds

for

192-bit

keys,

and

9

rounds

for

256-bit

keys.到2006年为止，128比特的密钥和7轮加密的方式被成功

，192比特的密钥和8轮加密的方式被成功

，256比特的密钥和9轮加密的方式被成功

，27Symmetric

Cipher->RC4Rivest

Cipher

4by

Ron

Rivest

of

RSA

Security

In

1987Stream

CipherThe

key-scheduling

algorithm

(KSA)The

pseudo-random

generation

algorithm

(PRGA)Key

Length:

variable

length

key,

typically

between

40

and

256

bits安全性：根据目前的分析结果，没有任何的分析对于密钥长度达到128位的RC4有效the

only

common

cipher

which

is

immune

to

the

2011BEAST

attack

on

TLS

1.0,

which

exploits

a

known

weaknessin

the

way

cipher

block

chaining

mode

is

used

with

all

ofthe

other

ciphers

supported

by

TLS

1.0,

which

are

all

blockciphers.28Symmetric

Cipher->More

AlgorithmThe

Twofish

AlgorithmSymmetric

block

cipher：128-bit

block,

Up

256-bitkeyThe

IDEA

Cipher(International

Data

EncryptionAlgorithm)James

Massey

and

Xuejia

Lai,

1991block

cipher：64-bit

plaintext

blocks,

128-bit

keyRC5Ronald

Rivest

in

1994Block

cipher

of

variable

block

lengthTypical

Block

size

of

32,

64,

or

128

bitsKey

size

and

Rounds

are

from

0

to

2040bitsSymmetric

Cipher->Confusion

and

Diffusion

Claude

Shannon(香农)in

his

paper

Communication

Theory

ofSecrecy

Systems,published

in

1949.Confusion

refers

to

making

the

relationship

between

theplaintext

and

the

ciphertext

as

complex

and

involved

aspossible;：使明文和密文之间的关系变得复杂Diffusion

refers

to

the

property

that

the

redundancy

in

thestatistics

of

the

plaintext

is

"dissipated"

in

the

statistics

of

theciphertext.扩散：使得加密算法中添加的冗余信息扩散在密文中In

particular,

changing

one

bit

of

the

key

should

change

theciphertext

comple

y.改变一个 字节会使整个密文完全发生改变Symmetric

Cipher->Kerckhoffs’s

Principle“A

cryptosystem

should

be

secure

even

ifeverything

about

the

system,

except

the

key,is

public

knowledge”was

stated

by

AugusteKerckhoffs

in

the

19th

century一个

系统在除了密钥以外的所有信息都公开的情况下也应当是安全的Symmetric

Cipher->313.

ASYMMETRIC

CIPHER非对称32Asymmetric

CryptosystemsCompare

with

Symmetric

CryptosystemsA

Message

that

is

encrypted

by

one

of

the

keys

can

bedecrypted

with

the

other

key.No

need

to

Exchange

keySlower

than

symmetric

cryptographyAlgorithmRSADiffie-

manKnapsackElliptic

CurveEl

GamalAsymmetric

Cipher->RSARivest

Shamirh

Adleman1977,

by

Ron

Rivest,

Adi

Shamirh,

Len

Adleman

at

MITbased

on

the

presumed

difficulty

of

factoring

large

integersRSA

1024

and

RSA

2048安全性：世界上还没有任何可靠的

RSA算法的方式。只要其

的长度足够长，用RSA加密的信息实际上是不能被解破的。

，

为RSA-768（768

bits,232

digits）数也被成功分解。

NIST和中国国家

局分别于2009年和2011年发布了RSA1024算法的升级要求。即通过升级RSA1024到RSA2048或ECC算法来保证

算法的安全性。Asymmetric

Cipher->34RSAKey

generation(密钥生成)Choose

two

distinct

priEg,

p=13,

q=7Compute

nn=pq=13*7=91mbers(质数):

p,qCompute

φ(n)φ(n)

=

(p

–

1)(q

–

1)=(13-1)*(7-1)=72Choose

an

integer

e,

such

that

1

<

e

<

φ(n)

and(e,φ(n))

=

1Eg,

e=11，Publick

Key

(e,

n)=(11,

91)Compute

d,

such

that

d

=

e–1

mod

φ(n);d=11–1

mod

72=59，Private

Key（d,

φ(n)）=(59,

91)using

the

extended

Euclide gorithm

(扩展

得算法).Symmetric

Cipher->35RSAEncryption

(加密)CipherText=PlainTexte

mod

nEgPlainText=10,CipherText=1011

mod

91=82Decryption

(

)PlainText=CipherTextd

mod

nEgCipherText=82,PlainText=8259

mod

91=10Symmetric

Cipher->36Diffie

manDiffie

Hallman

key

exchangeTo

Exchange

secret

keys

over

a

non-secure

medium

withoutexposing

the

keys.published

by

Whitfield

Diffie

and

Martin man

in

1976AliceBobStepSecretPublicCalculatesSendsCalculatesPublicSecret1ap,

gp,g‐>b2ap,

g,

Aga

mod

p

=

AA‐>p,

gb3ap,

g,

A<‐Bgb

mod

p

=

Bp,

g,

A,

Bb4a,

sp,

g,

A,BBa

mod

p

=

sAb

mod

p

=

sp,

g,

A,

Bb,

sSymmetric

Cipher->37ECCElliptic

curve

cryptography(椭圆曲线算法)based

on

the

algebraic

structure

of

elliptic

curves

over

finitefields.Elliptic

Curve:

y2

=

x3

+

ax

+

b1985,

by

Neal

Koblitz

and

Victor

S.

Miller.Digital

Signature:

ECDSA(ECC-Digital

Signature

Algorithm)Data

Encryption:

ECD

iptic

curve

Diffie–

man)不同国家ECC

体系环境变量不同选择ECC算法在有限域上的椭圆曲线，Eq(a,b)，其中a和b是椭圆曲线的参数，q是一个质数选择ECC算法的椭圆曲线上的一点G，存在nG=0，且n非常大。Symmetric

Cipher->中国ECC‐256算法（SM2）的环境变量如下：椭圆曲线y2=x3+a*x+b\\其中p=FFFFFFFE

FFFFFFFF

FFFFFFFF

FFFFFFFF

FFFFFFFF

00000000

FFFFFFFFFFFFFFFFa=FFFFFFFE

FFFFFFFF

FFFFFFFF

FFFFFFFF

FFFFFFFF

00000000

FFFFFFFF

FFFFFFFCb=28E9FA9E

9D9F5E34

4D5A9E4B

CF6509A7

F39789F5

15AB8F92

DDBCBD41

4D940E93n=FFFFFFFE

FFFFFFFF

FFFFFFFF

FFFFFFFF

7203DF6B

21C6052B

53BBF409

39D54123Gx=32C4AE2C

1F198119

5F990446

6A39C994

8FE30BBF

F2660BE1

715A4589

334C74C7Gy=BC3736A2F4F6779C

59BDCEE3

6B692153

D0A9877C

C62A474002DF32E5

2139F0A0394.

HASH

CIPHER40MD5Message-Digest

Algorithm1991,

designed

by

Ron

Rivest

in

DigestLength:

128-bit

(16-byte)

hash

valueRounds:

64安全性：The

security

of

the

MD5

hash

function

is

severelycompromised.A

collision

attack

exists

that

can

find

collisions

withinsecondsHash

Cipher->SHA-1Secure

Hash

Algorithm-11995,

designed

by

the

United

States

National

SecurityAgency,

published

by

the

United

States

NISTDigest

Length:

160bitsRounds:

80安全性In

2005,

crypt ysts

found

attacks

onSHA-1suggesting

that

the

algorithm

might

not

be

secureenough

for

ongoing

use.NIST

required

many

applications

in

federal

agencies

tomove

to

SHA-2

after

2010

because

of

the

weakness.Hash

Cipher->4142SHA

FamilyHash

Cipher->AlgorithmYearOutputsize(bits)Block

sizeMax

messagesize

(bits)RoundsCollisionsfoundMD51991128512264

−

164YesSHA‐01993160512264

−

180YesSHA‐11995160512264

−

180TheoreticalattackSHA‐2SHA‐256/2242001256/224512264

−

180NoneSHA‐512/3842001512/38410242128

−

180NoneSHA‐32012224/256/384/512120None43HAVALA

one-way

hashing

algorithm

with

variable

lengthof

output1992,

by

Yuliang

Zheng,

Josef

Pieprzyk,

and

JenniferSeberry.HAVAL

can

produce

hashes

in

lengths

of

128

bits,

160

bits,192

bits,

224

bits,

and

256

bits.

HAVAL

also

allows

users

tospecify

the

number

of

rounds

(3,

4,

or

5)

to

be

used

togenerate

the

hash.安全性On

17

August

2004,

collisions

for

HAVAL

(128

bits,

3

passes)were

announced

by

Xiaoyun

WangHash

Cipher->5.

CIPHER

APPLICATION应用44CIA-NityKeep

from

eavesdropSymmetric

Encryption,

Asymmetric

EncryptionIntegrityData

are

not

tampered

before

readingHash,

checksum,

MAC,AvailabilityNon-RepudiationEvidence,

cannot

denyDigital

Signature45Cipher

Application->基于对称密钥的终端（SAM：

卡）认证服务端（PSAM：刷卡机）唤醒卡片ID计算卡片密钥：卡片密钥=分散算法（消费密钥+ID）随机数加密后的随机数 6.

随机数，比较46MAC消息认证码Message

Authentication

CodeHMAC:

Hashed

Message

Authentication

CodeCBC-MACCipher

Application->数据来源校验数据完整性校验47CBC-MACMACCipher

Application->基于HMAC的动态口令令牌因素：时间计数交易动态

原型Cipher

Application->4950Digital

SignatureAlgorithmRSA-based

signature

schemes(PKCS#1,

PKCS#7)DSA

and

its

elliptic

curve

variant

ECDSAElGamal

signature

scheme安全功能AuthenticationIntegrityNon-repudiationCipher

Application->RSA-Based

Signature

Schemes51Cipher

Application->PKCS#7数字签名包数据包类型数据包内容版本号杂凑算法原文数字签名信息版本号者DN和SN杂凑算法杂凑加密算法签名值HashHASH算法原文RSA算法签名值私钥PKCS#1签名PKCS#7封装PKCS#1签名验证HashHASH算法原文RSA算法签名值公钥Hash?PKIPublic

Key

Infrastructure(公钥基础设施)–

人、技术、管理52Cipher

Application->CertificationAuthorityKeyManagementRegistrationAuthorityRootCertPrivateKeyCert解冻冻结申请作废更新数字颁发者：信安世纪颁发给：徐辉有效期：2009‐2012密钥：28d29s0dflw用途：数字签名颁发机构签名章SecurityS/MIME（Secure

Multipurpose

Internet

MailExtensions）To

add

secure

services

to in

a

MIME

formatTo

provide

authentication

through

digital

signatures

andthe ity

of

encryptionFollows

the

Public

Key

Cryptography

Standards

(PKCS)Uses

X.509

standard

for

its

digital

sPGP(Pretty

Good

Privacy)Instead

of

using

Authority,

PGP

uses

a

“Web

ofTrust”Users

can

certify

each

other

in

a

mesh

modelCipher

Application->PKI

vs

PGP(Hierarchical

Trust)PGP:

Mesh

Model(Web

of

Trust)Cipher

Application->ID

Based

Encryption基于ID的加密

the

public

key

of

a

user

is

some

unique

information

aboutthe

identity

of

the

user

(e.g.

a

user's

address).ID-based

encryption

was

proposed

by

Adi

Shamir

in

1984.The

pairing-based

Boneh–Franklin

scheme

and

Cocks'sencryption

scheme

based

on

quadratic

residues

bothsolved

the

IBE

problem

in

2001.Reference:Cipher

Application->SETSecure

Electronic

TransactionVisa

&

MasterCard

developed

SET

in

1997，Covers

-to-end

transactions

from

thecardholder

to

the

financial

institution.基于X509数字 和PKIDespite

heavy

publicity

to

win

market

share,

itfailed

to

gain

widespread

useNeed

to

install

client

softwareCost

and

complexity

for

merchants

to

offer

support,contrasted

with

the

comparatively

low

cost

andsimplicity

of

the

existing

SSL

based

alternative.Client-side distribution

logistics.Cipher

Application->Cipher

Application->1客户请求2商城3用户商城 加密订单银行

加密账户信息6确认交易，提供物品SET交易4银行 加密付款信息银行 加密账户信息5

商城 加密确认信息7

银行

加密交易请求8转账确认实际B2C交易技术581客户下订单2商城对订单签名，并返回给客户4订单签名校验3订单数据5返回支付登陆页面6支付交互过程（签名，动态口令，SMS等）7支付结果通知8支付结果SSL加密SSL加密SSL/TLSSSL

Secure

Sockets

Layerlatest

version

3.0SSL

protocol

developed

by

Netscape

in

1994Implements ity,

Integrity,

Authenticationabove

the

Transport

Layer)

toAsymmetric

cryptography

(Digitalexchange

keyEncrypt

using

Symmetric

cryptographyTLS:

Transaction

Layer

Security–

The

successor

of

SSL,

TLS1.0SSLCipher

Application->IPSecInternet

Protocol

Securityauthenticating

and

encrypting

each

IP

packet

of

acommunication

sessionAuthentication

Header

(AH)Encapsulating

Security

Payload

(ESP)ModeIn

Transport

modeThe

data

in

the

packet

is

encrypted,

but

the

header

is

notencryptedIn

Tunnel

modeThe

original

IP

header

is

encrypted

and

a

new

IP

header

is

addedto

the

beginning

of

the

packet.This

additional

IP

header

has

the

address

of

the

gateway,

andthe

encrypted

IP

header

points

to

the

final

destination

on

theinternal

network

behind

the

gateway.Cipher

Application->HTTPS

and

S-HTTPHTTPS:

Hypertext

Transfer

Protocol

SecureHTTPS

wraps

the

entire

communication

within

SSLrequire

a

separate

port

with

httpSHTTP:

Secure

Hypertext

Transfer

ProtocolS-HTTPencrypts

only

the

served

page

data

and

submitted

datalike

POST

fieldsS-HTTP

could

be

usedconcurrently

with

HTTP

(unsecured)

on

thesame

port,

as

the

unencrypted

header

would

determine

whetherthe

rest

of

the

transmission

is

encrypted.HTTPS

and

S-HTTP

were

both

defined

in

the

mid-1990s

toaddress

this

need.

Netscape

and

supported

HTTPSrather

than

S-HTTP,

leading

to

HTTPS ing

the

de

factostandard

mechanism

for

securing

web

communications.Cipher

Application->SSHSecure

SBy

establishing

an

encrypted

tunnel

between

an

SSH

clientand

an

SSH

server.Can

be

used

to

authenticatethe

client

to

the

sever,

and

alsoto

provide ity

and

integritySSHV2.X

ImplementationDiffie- man

key

exchangeIntegrity

checking

via

message

authentication

codesRun

any

number

of

s sessions

over

a

single

SSHconnection6.

CRYPTYSIS分析学63Work

FactorWork

Factor

is

defined

as

the

amount

ofeffort

(usually

measured

inunits

of

time)needed

to

break

a

cryptosystem.Cryptysis->64Crypt ysis

of

Symmetric

CiphersBrute

ForceKnown

Plaintext

Attackthe

attacker

has

samples

of

both

the

plaintext,

and

ciphertextChosen

Plaintext

Attackthe

attacker

has

the

capability

to

choose

arbitrary

plaintextsto

beencrypted

and

obtain

the

corresponding

ciphertextsAdaptive

Chosen

Plaintextwhere

the

crypt yst

makes

a

series

of

interactive

queries,choosing

subsequent

plaintexts

based

on

the

information

fromthe

previousencryptions.Crypt

ysis->Crypt ysis

of

Symmetric

CiphersCiphertext

Only

Attackthe

attacker

is

assumed

to

have

access

only

to

aset

ofciphertexts.Chosen

Ciphertext

Attackthe

crypt

yst

gathers

information,

at

least

in

part,

bychoosinga

ciphertext

and

obtaining

its

decryption

under

an

unknown

key.In

the

attackAdaptive

Chosen

Ciphertextan

interactive

form

of

chosen-ciphertext

attack

in

which

anattacker

sends

a

number

of

ciphertexts

to

be

decryptedCrypt

ysis->Cryptysis

of

Symmetric

CiphersDifferential

Crypt

ysisit

is

the

study

of

how

differences

in

an

input

can

affect

theresultant

difference

at

the

outputLinear

Crypt

ysisfinding

affine

approximations

to

the

action

of

a

cipherMeet-in-the-MiddleTriple

DES

with

three

independent

keys

has

a

key

length

of168

bits

(three

56-bit

DES

keys)