密码学与网络安全cryptographyandnetworksecurity3e
《密码学与网络安全cryptographyandnetworksecurity3e》由会员分享,可在线阅读,更多相关《密码学与网络安全cryptographyandnetworksecurity3e(81页珍藏版)》请在装配图网上搜索。
1、密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security31110830:Network and Information System Security-IChap 10 Message Authentication and Hash Functions四川大学软件学院 赵辉交流:作业:Website:cs.scu.edu/zhaohuiTel:88097474密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography
2、and Network SecurityReview报文源报文源密码分析者密码分析者目的端目的端加密加密算法算法解密解密算法算法密钥对产生源密钥对产生源KUbKRbXY终点终点B源点源点AX公钥、私钥对公钥、私钥对(KUb,KRb)加密/解密密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network SecurityReview密码分析者密码分析者目的端目的端加密加密算法算法解密解密算法算法XY终点终点B密钥对产生源密钥对产生源报文源点报文源点源点源点AXKRaKUa公钥、私钥对公钥、私钥对(KUa,KR
3、a)签名/验证密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network SecurityReview密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network SecurityReview密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network SecurityReviewv对称加密算法 非对称加密技术 对称加密的密钥分配
4、非对称加密的密钥分配v服务:保密性,认证,完整性,不可否认,访问控制vTopics:对称加密,PKC,签名,MAC,HASH,认证协议 密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security1.3 Security ServicesuAuthentication(认证/鉴别):who created or sent the datauAccess control(访问/存取控制):prevents misuse of resourcesuData Confidentiality(数据
5、保密性):privacyuData Integrity(数据完整性):has not been altereduNon-repudiation(不可否认性):the order is final密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security1)Confidentiality(privacy)保密性、机密性v功能:Protect of transmitted data from passive attack 为了防止被动攻击而对传输信息的保护v另外一个:traffic conf
6、identiality:Protect of traffic flow from analysis.防止流量分析1.3 Security Services密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security2)Authentication鉴别/认证 v功能:At time of connection initiation,assure that each of the two entities is the entity it claims to be.在连接的初始化阶段保证两个实
7、体的真实性(每个实体都是所声明的实体)v功能:Assure that a third party can not masquerade as one of the two legitimated parties for the purpose of unauthorized transmission or reception 保证第三方不能伪装成两个合法实体之一来干扰连接,执行未授权的传输或接收1.3 Security Services密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Secur
8、ity1.3 Security Servicesv认证服务的类型 uPeer entity authentication 同等实体认证uData origin authentication 数据源认证v认证服务的类型 uMessage authentication 消息认证uData origin authentication 用户认证密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network SecurityvData Integrity(完整性)uThe assurance that data rec
9、eived are exactly as sent by an authorized entity.(Messages are not altered)保证接收与发出的内容一致,没有经过修改、插入、删除或重放1.3 Security Services密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security4)Non-repudiation不可抵赖(否认)性v功能:Prevent either sender or receiver from denying a transmitted m
10、essage.防止发送方或接收方否认消息的传送v消息发送时,接收方可以证实:该消息确实从声明的发送方发出.(即发送方不能否认)v接收消息时,发送方也能证实:消息确实由声明的接收方接收了。(即接收方不能否认)1.3 Security Services密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security1.3 Security Services密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Netwo
11、rk Security1011Chap 09 PKC和RSAChap10 PKC的密钥管理和其他PKC算法netsec_ch08_sw_zhaohui_2009.pptnetsec_ch10_sw_zhaohui_2009.ppt12Chap11 MAC和Hash函数netsec_ch11_sw_zhaohui_2009.ppt13【Add】:User Authenticationnetsec_用户认证_sw_zhaohui_2009.ppt14Chap13 数字签名和认证协议【Add】:访问控制:Access Controlnetsec_ch13_sw_zhaohui_2009.pptnet
12、sec_访问控制_sw_zhaohui_2009.ppt15Chap12 Hash函数算法和MAC算法(学生讲解)(6组)(按照规定模版)HW3:3-4人一组:选择其中一个算法,完成文档;自主报名6组进行Presentation:16扩充阅读:Security概述(学生讲解)(4组)(按照规定模版)HW4:3-4人一组:都要完成PPT;自主报名4组进行Presentation:17复习&答疑密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network SecurityAgenda11.1 Introduct
13、ion to authentication(认证)requirements11.2 message encryption (method 1st)11.3 message authentication code(method 2nd)11.4 hash function(method 3rd)11.5 MAC and hash functions security密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network SecurityAgenda11.1 Introduction to authent
14、ication(认证)requirements11.2 message encryption (method 1st)11.3 message authentication code(method 2nd)11.4 hash function(method 3rd)11.5 MAC and hash functions security密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Securityv11.1.1 the need of authenticationv11.1.2 the me
15、thods of providing authentication11.1 Introduction to authentication(认证)requirements密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.1.1 the need of authenticationv1)disclosure(泄密)v2)traffic analysis(流量分析)v3)masquerade(伪装)v4)content modification(内容修改)v5)sequence
16、modification(乱序)v6)timing modification(计时修改):replay or delayv7)repudiation(否认)发送方否认接收否认(攻击类型)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Securityv功能:message authentication is concerned with:validating identity of originator(消息源身份确认)protecting the integrity(完整性)of a mes
17、sagev功能:digital signaturing is concerned with:non-repudiation(不可否认)of origin(dispute resolution)11.1.1 the need of authentication(解决方法)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.1.2 the methods of providing authenticationvThere are three alternative functio
18、ns used:message encryption(消息加密):把整个消息做为认证符message authentication code(MAC,消息认证码):产生定长的认证符,需要keyhash function(hash函数):产生定长的认证符,不需要key(概述3个方法)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network SecurityAgenda11.1 Introduction to authentication(认证)requirements11.2 message encryp
19、tion (method 1st)11.3 message authentication code(method 2nd)11.4 hash function(method 3rd)11.5 MAC and hash functions security密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.2 Message Encryptionv含义:message encryption by itself also provides a measure of authent
20、icationv实现:symmetric encryption(方法1)asymmetric encryption(方法2)(2个方法)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.2 Message Encryptionv功能分析:if symmetric encryption is used then:receiver know sender must have created itsince only sender and receiver now key use
21、dknow content cannot been altered(方法1)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.2 Message Encryption(方法1)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.2 Message Encryption(方法1)密码学与网络安全密码学与网络安全 Cryptography and Networ
22、k SecurityCryptography and Network Security11.2 Message Encryptionv局限性:either is needIt is better that message has suitable structure,It needs redundancy(冗余)such as Frame Check sum(帧校验,FCS)to detect any changes(方法1)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11
23、.2 Message Encryptionv使用FCS的于内部(方法1)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.2 Message Encryption(方法1)v使用FCS的于外部密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.2 Message Encryptionvif public-key encryption is used:As
24、we have learned:there are three way of using public-key encryption(方法2)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.2 Message Encryption(1)(方法2)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.2 Message Encryption(1)(方法2)密
25、码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.2 Message Encryption(2)(方法2)private密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.2 Message Encryption(2)(方法2)private密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptogra
26、phy and Network Security11.2 Message Encryption(3)(方法2)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.2 Message Encryption(3)(方法2)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network SecurityAgenda11.1 Introduction to authentication(认证)req
27、uirements11.2 message encryption (method 1st)11.3 message authentication code(method 2nd)11.4 hash function(method 3rd)11.5 MAC and hash function security密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.3 Message Authentication Codev原理:generated by an algorithm t
28、hat creates a small fixed-sized blockdepending on both message and some keylike encryption though need not be reversible(不必可逆)appended to message as a signaturev检查:receiver performs same computation on message and checks it matches the MACv功能:认证:provides assurance that message is unaltered and comes
29、 from sender(概述)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security(实现方法)11.3 Message Authentication Code(1)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.3 Message Authentication Code(1)密码学与网络安全密码学与网络安全 Cryptography and Network
30、SecurityCryptography and Network Security11.3 Message Authentication Code(2)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.3 Message Authentication Code(2)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.3 Message Authentica
31、tion Code(3)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.3 Message Authentication Code(3)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Securityvas shown,the MAC provides authenticationvWe can also use encryption for secrecygeneral
32、ly use separate keys for eachcan compute MAC either before or after encryption(即后面的两个方式)is generally regarded as better done before(总结)11.3 Message Authentication Code密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.3 Message Authentication Code(2)密码学与网络安全密码学与网络安
33、全 Cryptography and Network SecurityCryptography and Network Securityv分析原因:why use a MAC?sometimes only authentication is neededIt is a waste of CPU.(e.g:payload it too much and some file need not be encrypted)sometimes need authentication to persist longer than the encryption(e.g.archival use)Do the
34、 encryption and MAC in two levelv注意:note that a MAC is not a digital signature(区别signature is not digital signature)(分析)11.3 Message Authentication Code密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Securityv形式描述:a MAC is a cryptographic checksumMAC=CK(M)Condenses(浓缩)a va
35、riable-length message Musing a secret key Kto a fixed-sized authenticatorv本质:is a many-to-one functionpotentially many messages have same MACbut finding these needs to be very difficult(特点)11.3 Message Authentication Code密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Secu
36、rityv安全分析:taking into account the types of attacks:e.g:循环式的穷举攻击v要求:need the MAC to satisfy the following:1.knowing a message and MAC,is infeasible to find another message with same MAC2.MACs should be uniformly distributed(均匀分布)3.MAC should depend equally on all bits of the message(要求)11.3 Message A
37、uthentication Code密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Securityv方法:can use any block cipher chaining mode and use final block as a MACv举例:Data Authentication Algorithm(DAA)is a widely used MAC based on DES-CBCusing IV=0 and zero-pad of final blockencrypt message
38、 using DES in CBC modeand send just the final block as the MACvor the leftmost M bits(16M64)of final blockv缺点:but final MAC is now too small for security(实现方法)11.3 Message Authentication Code密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.3 Message Authenticatio
39、n Code(实现方法)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network SecurityAgenda11.1 Introduction to authentication(认证)requirements11.2 message encryption (method 1st)11.3 message authentication code(method 2nd)11.4 hash function(method 3rd)11.5 MAC and hash functions security密码
40、学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.4 Hash Functionsv功能:Condenses(浓缩)arbitrary message to fixed size v一般特点:usually assume that the hash function is public and needs not keyCompared witch MAC:which needs keyv应用:hash used to detect changes to messagev最常用
41、的应用方式:most often to create a digital signaturev使用方法:can use in various ways with message(概述)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security(使用方法)11.4 Hash Functions(1)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.4 Hash Func
42、tions(1)(使用方法)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.4 Hash Functions(2)(使用方法)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.4 Hash Functions(2)(使用方法)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography a
43、nd Network Security11.4 Hash Functions(3)(使用方法)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.4 Hash Functions(3)(使用方法)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.4 Hash Functions(4)(使用方法)密码学与网络安全密码学与网络安全 Cryptography a
44、nd Network SecurityCryptography and Network Security11.4 Hash Functions(4)(使用方法)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.4 Hash Functions(5)(使用方法)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.4 Hash Functions(5)(使用方
45、法)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.4 Hash Functions(6)(使用方法)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.4 Hash Functions(6)(使用方法)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network S
46、ecurityv本质:a Hash Function produces a fingerprint of some file/message/datah=H(M)condenses a variable-length message Mto a fixed-sized fingerprintv特点:assumed to be public(特点)11.4 Hash Functions密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security1.can be applied to any
47、sized message M2.produces fixed-length output h3.is easy to compute h=H(M)for any message M4.given h is infeasible to find x s.t.H(x)=hone-way property(单向性)5.given x is infeasible to find y.H(y)=H(x)weak collision resistance(抗弱碰撞性)6.is infeasible to find any x,y.H(y)=H(x)strong collision resistance(
48、抗碰撞性)(6个要求)11.4 Hash Functions密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Securityv引入:There are several proposals for simple functionsbased on XOR of message blocksv缺陷:not secure since can manipulate any message and either not change message or change hash alsov后面chap的
49、介绍:We need a stronger cryptographic function(简单的实现方法)11.4 Hash Functions密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.4 Hash Functions(简单的实现方法)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Securityv实现:can use block ciphers as hash
50、functionsusing H0=0 and zero-pad of final blockcompute:Hi=EMi Hi-1 (Q:可以有其他变体么?)and use final block as the hash valuesimilar to CBC but without a keyv缺点:resulting hash is too small(64-bit)both due to direct birthday attackand to“meet-in-the-middle”attackvother variants also susceptible(容易)to attack(
51、加密实现方法)11.4 Hash Functions密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Securityvmight think a 64-bit hash is securevbut by Birthday Paradox(生日悖论生日悖论)is notvbirthday attack works thus:opponent generates 2m/2 variations of a valid message all with essentially the same mea
52、ningopponent also generates 2m/2 variations of a desired fraudulent messagetwo sets of messages are compared to find pair with same hash(probability 0.5 by birthday paradox)have user sign the valid message,then substitute the forgery which will have a valid signature(生日攻击)11.4 Hash Functions密码学与网络安全
53、密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security9.4 Hash Functions(生日攻击)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.4 Hash Functions(现代方法)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.4 Hash
54、Functions(现代方法)密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network SecurityAgenda1.1 Introduction to authentication(认证)requirements11.2 message encryption (method 1st)11.3 message authentication code(method 2nd)11.4 hash function(method 3rd)11.5 MAC and hash functions security
55、密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security11.5 MAC&Hash Functions Securityvlike block ciphers have:v1)brute-force attacks exploitingstrong collision resistance hash have cost 2m/2 vhave proposal for h/w MD5 crackerv128-bit hash looks vulnerable,160-bits bette
56、rMACs with known message-MAC pairsvcan either attack keyspace(cf key search)or MACvat least 128-bit MAC is needed for security密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Securityv2)cryptanalytic attacks exploit structurelike block ciphers,want brute-force attacks to be
57、 the best alternativevhave a number of analytic attacks on iterated hash functionsCVi=fCVi-1,Mi;H(M)=CVNtypically focus on collisions in function fattacks exploit properties of round functions11.5 MAC&Hash Functions Security密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network S
58、ecuritySummaryvWe have learned in this chapter:message authenticationmessage encryptionMACshash functionsgeneral approach&security密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network SecurityThe end vThis is the end of the chapter.Any questions?And Home Work Thanks a lot and see you!密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security密码学与网络安全密码学与网络安全 Cryptography and Network SecurityCryptography and Network Security
- 温馨提示:
1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
2: 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
3.本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 装配图网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
![[精选]8消费者的学习心理与行为变化](/Images/s.gif)