【信息安全】密码学
信息验证遇到的问题Message Authentication
Within a networked environment, various types of attacks can be observed in the context of communications.
泄密Disclosure
流量分析Traffic analysis
伪装Masquerade
Content modification
Sequence modification
Time modification
Source repudiation
Destination repudiation
Each message verification or digital signature scheme is characterized by two levels of functionality.
At the lowest level, there must exist some form of functionality which generates an authenticator: the value used for authenticating a message.
This basic function is subsequently utilized as an elementary component within the high-level authentication mechanism, which permits receivers to authenticate the message's authenticity.
Message Authentication Code (MAC)
Another authentication method employs a private key to produce a compact, predetermined data segment that is appended to the message itself.
This technique relies on two entities, for example A and B, commonly believing they share a secret key K. When A needs to send a message to B, it calculates the MAC based on both the message and the key.
MAC based on Hash functions: HMAC
Digital Signatures
This achievement in public-key cryptography is a significant development resulting in digital signatures.
A digital signature encompasses a collection of security capabilities that would be challenging or impossible to achieve through any other means.
The message is authenticated both in terms of its origin, and it is also confirmed for data accuracy.
Digital Signature Algorithm (DSA)
S-DES
class SDES:
def __init__(self):
self.P8_table = [6, 3, 7, 4, 8, 5, 10, 9]
self.P10_table = [3, 5, 2, 7, 4, 10, 1, 9, 8, 6]
def P8(self, key):
k = key
return [k[i - 1] for i in self.P8_table]
def P10(self, key):
k = key
return [k[i - 1] for i in self.P10_table]
def Shift(self, value):
return value[1:5] + value[0:1] + value[6:10] + value[5:6]
def generate_subkeys(self, key):
key = self.P10(key)
left = self.Shift(key[:5])
right = self.Shift(key[5:])
subkey1 = self.P8(left + right)
left = self.Shift(left)
right = self.Shift(right)
left = self.Shift(left)
right = self.Shift(right)
subkey2 = self.P8(left + right)
return subkey1, subkey2
def IP(self, data):
return [data[i - 1] for i in [2, 6, 3, 1, 4, 8, 5, 7]]
def IP_inv(self, data):
return [data[i - 1] for i in [4, 1, 3, 5, 7, 2, 8, 6]]
def F(self, data, subkey):
right = data
right_expanded = [right[i - 1] for i in [4, 1, 2, 3, 2, 3, 4, 1]]
xor_result = [subkey[i] ^ int(right_expanded[i]) for i in range(8)]
sbox_result = self.sbox(xor_result)
return sbox_result
def F_K(self, data, subkey):
left = data[:4]
right = data[4:]
right_F = self.F(right, subkey)
xor_result = [int(left[i]) ^ int(right_F[i]) for i in range(4)]
return xor_result+right
def SW(self, data):
return data[4:]+data[0:4]
def sbox(self, data):
sbox1 = [
[1, 0, 3, 2],
[3, 2, 1, 0],
[0, 2, 1, 3],
[3, 1, 3, 2]
]
sbox2 = [
[0, 1, 2, 3],
[2, 0, 1, 3],
[3, 0, 1, 0],
[2, 1, 0, 3]
]
row = int(''.join([str(data[0]), str(data[3])]), 2)
col = int(''.join([str(data[1]), str(data[2])]), 2)
return [int(x) for x in bin(sbox1[row][col])[2:].zfill(2) + bin(sbox2[row][col])[2:].zfill(2)]
def encrypt(self, plaintext, key):
key1, key2 = self.generate_subkeys(key)
plaintext = self.IP(plaintext)
plaintext = self.F_K(plaintext, key1)
plaintext = plaintext[4:] + plaintext[:4]
plaintext = self.F_K(plaintext, key2)
return self.IP_inv(plaintext)
def decrypt(self, ciphertext, key):
key1, key2 = self.generate_subkeys(key)
ciphertext = self.IP(ciphertext)
ciphertext = self.F_K(ciphertext, key2)
ciphertext = ciphertext[4:] + ciphertext[:4]
ciphertext = self.F_K(ciphertext, key1)
return self.IP_inv(ciphertext)
def ascii_to_binary_8(plaintext):
binary_list = []
for char in plaintext:
ascii_value = ord(char)
# Convert ASCII to binary, removing '0b' prefix
binary_string = bin(ascii_value)[2:]
binary_string = '0' * (8 - len(binary_string)) + \
binary_string # Ensure 10-bit length
binary_list.append(binary_string)
return binary_list
def binary_to_ascii(binary_list):
plaintext = ""
for binary_string in binary_list:
binary = ''.join(str(bit) for bit in binary_string)
# 将二进制字符串转换为整数
ascii_value = int(binary, 2)
# 将整数转换为字符,并添加到明文字符串中
plaintext += chr(ascii_value)
return plaintext
# 示例
plaintext = ('Network security encompasses all the steps taken to protect the integrity of a computer network and the '
'data within it. Network security is important because it keeps sensitive data safe from cyber attacks '
'and ensures the network is usable and trustworthy. Successful network security strategies employ '
'multiple security solutions to protect users and organizations from malware and cyber attacks, '
'like distributed denial of service')
key = '1100011110'
key = [int(i) for i in key]
s = SDES()
plaintext_binary = ascii_to_binary_8(plaintext)
print("明文:", plaintext_binary)
ciphertext = []
for binary_str in plaintext_binary:
encrypted_text = s.encrypt(binary_str, key)
ciphertext.append(encrypted_text)
print("密文:", ciphertext)
decrypted_text = []
for encrypted_text in ciphertext:
decrypted_text.append(s.decrypt(encrypted_text, key))
print("解密后的明文(ASCII):", decrypted_text)
decrypted_text = binary_to_ascii(decrypted_text)
print("解密后的明文:", decrypted_text)
python
S-AES
公钥密码学Public-Key Cryptography
基于数学理论的安全通信技术可以通过公钥密码学得以实现
对称密钥分配Symmetric Key Distribution
Symmetric Encryption
For two parties A and B, key distribution exists in various methods, as demonstrated below:
- A can select a key and physically deliver it to B.
- If A and B have previously and recently used a key, one party can transmit the new key to the other, encrypted using the old key.
- A third party can select the key and physically deliver it to A and B.
- If A and B each has an encrypted connection to a third party C, C can deliver a key on the encrypted links to A and B.
KTC(A key translation center)
用于未来通信的对称密钥转移(Transfer symmetric keys)需在两个实体中进行操作(between two entities),其中至少一个实体具备自行生成或获取对称密钥的能力(at least one of whom has...)。
其中一个是生成或获取对称密钥的能力(acquire/symmetric keys)用于与另一个实体(B)进行会话(communication)。
该实体(A)生成/获取一个对称密钥(symmetric-key),该会话将被用来作为连接双方的一次性秘密键(session-key)。
随后将该加密过的秘密键传递给共同分享主秘密键的另一方——KTC。
KTC接收此加密过的秘密键后将其解密,并重新加密该会话秘密键以供后续使用;随后要么将此重新加密后的会话秘密键发送给A以便A进一步传递给B(Figure a),要么直接发送给B (Figure b)。
KDC(A key distribution center)
The system produces and distributes session keys. Entity A initiates a request to the Key Distribution Center (KDC) for a symmetric encryption key intended for communication with B. The KDC generates a symmetric session key, subsequently encrypts this session key using its shared master encryption key with Entity A, and transmits it back. Additionally, The KDC further encrypts this same session key using its shared master encryption key with B and transmits it as well (as shown in Figure c). Alternatively, The KDC can send both encrypted keys directly to Entity A, which then forwards one of them—the one encrypted using the shared master encryption keys of the KDC and B—to B (as depicted in Figure d).
KDC vs KTC
kdc的密钥是第三方分发,ktc是用户自己产生密钥
非对称加密Asymmetric Encryption
If A wishes to communicate with B, the following procedure is employed:
- A creates a public/private key pair {PU_a, PR_a} by sending a message to B that includes PU_a along with A's identifier ID_A.
- B produces a secret key K_s for transmission to A using A's public key.
- First part: A calculates D(PR_a combined with E(PU_a encrypted with K_s)) to retrieve the secret key.
Second part: Only those who possess the private keys can decrypt the message; thus, both parties involved in the exchange are aware of the shared secret. - Both parties discard their unused keys after completing the transaction.
Secret Key Distribution with Confidentiality and Authentication
challenge and response
Distribution of Public Keys
Various methods have been proposed for public key dissemination, including the making of a publicly-made announcement, the creation of an open public directory, and the establishment of a digital public-key authority system. Additionally, digital public-key certificates are utilized to ensure secure authentication.
Public Announcement
The concept of asymmetric encryption methodology is characterized by its reliance on one-way mathematical functions where both participants have access to publicly available parameters. Therefore, when a commonly recognized asymmetric algorithm like RSA becomes accessible, any entity within the network can utilize it for secure communication with others without needing private information. Participants may be able to create and distribute these parameters freely. Any individual in possession of these parameters could potentially produce similar parameterized statements.
Publicly Available Directory
A higher degree of security can be attained by maintaining a publicly accessible dynamic directory system of public keys. Maintenance and distribution should be carried out by some trusted entity or organization.
- The authority keeps a record for every participant containing their name and public key.
- Each participant submits their public key to the directory authority. They must do so either in person or through secure authenticated communication.
- A participant may replace their existing public key with a new one at any time, whether they wish to update data previously encrypted using an older key or if their private key has been compromised.
- Participants could access the directory electronically as long as it's required that all communications between authorities and participants remain both secure and authenticated.
Public-Key Authority
Enhanced security measures in public-key distribution can be achieved through ensuring stricter management of key distribution within the directory.
Suppose that a centralized authority is responsible for maintaining an ever-changing repository for storing the public keys of all participants.
Participants reliably know a public key for the authority, with only the authority knowing the corresponding private key.
Step 6, Step 7: Challenge and Response
- 总计七条消息是必要的。
- 然而,在未来使用中仅需少量初始五条消息是因为双方均可利用缓存技术保存彼此的公钥。
- 定期获取最新版本的公钥有助于保持信息的准确性。
- 作为系统中的关键部分,在某种程度上它可能成为一个瓶颈。
公钥证书Public-Key Certificates
Certificates are commonly used by participants for exchanging keys in a reliable and secure manner, avoiding the need for contacting a public-key authority in modern cryptographic systems.
A certificate includes the public key, an identifier for the key owner, and the entire block signed by a trusted third party’s signature.
A third-party entity, such as a government agency or an entity in the financial sector, which is recognized and trusted by the public group, serves as a certificate authority.
Requirements
- Any participant can access a certificate to identify the name and public key of the certificate instance.
- Any participant can validate whether a certificate was issued by the certificate authority and is genuine.
- Only certified authorities are authorized to issue and manage certificates.
- Any participant can verify whether a certificate is valid in terms of its time validity.
X.509 Certificates
一个证书的标准
X.509 has achieved universal acceptance as a tool for formatting public-key certificates. X.509 certificates have widespread application across various network security applications, such as IP security, transport layer protocols (TLS), and S/MIME technology. The standard initially came into existence in 1988 and underwent revisions to improve its robustness over time; the most recent update took place in 1993 with the aim of enhancing its security aspects. The latest edition of the standard is edition eight, released in 2016.
Certificates issued by a CA possess certain features: individuals with access to its public keys may verify corresponding public keys that have been authenticated. Only entities associated with a CA cannot alter such certificates without attracting scrutiny. Given that these certificates cannot be forged, they may be safely stored in directories without additional protective measures being necessary. Any individual may transmit their certificates directly to others.
With many users in place, it may be more practical for there to be multiple CAs operating independently. Each CA can securely provide its own public key to a designated portion of the user base. Suppose that user A has successfully obtained a digital certificate issued by certification authority X1 and user B has acquired one from CA X2. If user A is unable to verify the public key associated with X2, then any digital certificates issued by X2 will hold no value for user A. User A possesses the digital certificate from X2 but cannot validate its signature.
Once the two CAs have securely exchanged their own public keys, the subsequent procedure will ensure that A is able to retrieve B’s public key.
Step 1: A accesses information about X_2's certification details from within a directory where X_1 has issued the certification. Given that A confidentially possesses X_1's public key, it is able to retrieve X_2's public key embedded within its certification and validate it using X_1's signature appended to the certification document.
Step 2: Upon returning to the directory, A retrieves B's signed certificate issued by X2. Having obtained a trusted copy of X2's public key, it is now possible for A to verify the signature and subsequently secure retrieval of B's public key.