Mainperformance
Keymanagementincludesallaspectsfromkeygenerationtokeydestruction.Mainlymanifestedinthemanagementsystem,managementagreementandkeygeneration,distribution,replacementandinjection,etc.Formilitarycomputernetworksystems,duetousermobility,affiliationandcoordinatedcombatcommandarecomplicated,higherrequirementsareputforwardforkeymanagement.
Proces
Generování klíčů
Délka klíče by měla být dostatečná. Obecně řečeno, čím větší je délka klíče, tím větší je odpovídající prostor klíčů a tím je pro útočníka obtížnější použít vyčerpávající hádání hesla.
Chooseagoodkeyandavoidweakkeys.Therandombitstringgeneratedbytheautomaticprocessingdeviceisagoodkey.Whenchoosingakey,youshouldavoidchoosingaweakkey.
Forpublickeycryptosystems,keygenerationismoredifficultbecausethekeymustsatisfycertainmathematicalcharacteristics.
Keygenerationcanbeachievedthroughonlineorofflineinteractivenegotiation,suchascryptographicprotocols.
Keydistribution
Theuseofsymmetricencryptionalgorithmsforconfidentialcommunicationrequiresthesharingofthesamekey.Usually,amemberofthesystemselectsasecretkeyfirst,andthentransmitsittoanothermemberorothermembers.TheX9.17standarddescribestwotypesofkeys:keyencryptionkeysanddatakeys.Thekeyencryptionkeyencryptsotherkeysthatneedtobedistributed;whilethedatakeyonlyencryptstheinformationflow.Thekeyencryptionkeyisgenerallydistributedmanually.Toenhanceconfidentiality,thekeycanalsobedividedintomanydifferentpartsandthensentoutondifferentchannels.
Ověřovací klíč
Klíč je vysílán s některými přiloženými bity pro detekci a opravu chyb. Když dojde u klíče při přenosu k chybě, lze jej snadno zkontrolovat a v případě potřeby jej lze odeslat.
Thereceivingendcanalsoverifywhetherthereceivedkeyiscorrect.Thesenderencryptsaconstantwiththekey,andthensendsthefirst2-4bytesoftheciphertexttogetherwiththekey.Atthereceivingend,dothesamework.Ifthedecryptedconstantatthereceivingendcanmatchtheconstantatthesendingend,thetransmissioniserror-free.
Updatingthekey
Whenthekeyneedstobechangedfrequently,itisindeeddifficulttodistributethenewkeyfrequently.Aneasiersolutionistochangethekeyfromtheoldone.Anewkeyisgeneratedfromthekey,sometimescalledakeyupdate.Youcanuseaone-wayfunctiontoupdatethekey.Ifbothpartiessharethesamekeyandoperatewiththesameone-wayfunction,thesameresultwillbeobtained.
Úložiště klíčů
Klíče lze uložit v mozku, na kartě s magnetickým proužkem, na čipové kartě.Klíč může být rozdělen na dvě části, jedna polovina je uložena v terminálu a druhá je uložena v klíči ROM. Je také možné použít metodu podobnou šifrování klíčů - klíč je zašifrovat - a
Záložní klíč
Pro zálohování klíčů lze použít crow, tajné rozdělení, tajné sdílení atd.
Theeasiestwayistouseakeyescrowcenter.Keyescrowrequiresalluserstohandovertheirkeystothekeyescrowcenter,andthekeyescrowcenterbacksupandkeepsthekeys(suchaslockedinasafesomewhereorencryptedandstoredwiththemasterkey),Oncetheuser'skeyislost(suchastheuserforgetsthekeyortheuseraccidentallydies),inaccordancewithcertainrulesandregulations,theuser'skeycanbeobtainedfromthekeyescrowcenter.Anotherbackupsolutionistousesmartcardsastemporarykeyescrow.Forexample,Alicestoresthekeyinthesmartcard,andgivesittoBobwhenAliceisaway.BobcanusethecardtodoAlice'swork.WhenAlicereturns,Bobreturnsthecard.Becausethekeyisstoredinthecard,BobIdon'tknowwhatthekeyis.
Secretdivisiondividesthesecretintomanypieces.Eachpiecedoesnotmeananything,butwhenthesepiecesareputtogether,thesecretwillbereproduced.
Nejlépe použijete protokol sdílení tajů.Rozdělte klíč Kintonbloky a každá část se nazývá jeho "stín". Znáte-li více bloků, můžete vypočítat klíčK, pokud víte, že stejné jméno-1nebo méně bloků nelze vypočítatKlíčK,který se nazývá(m,n)proprahovýpopř. ralgebra, SunTzutheorem atd.
Schéma Lagrangova interpolačního polynomu je snadno pochopitelné schéma tajného sdílení(m,n).
Secretsharingsolvestwoproblems:first,ifthekeyisaccidentallyorintentionallyexposed,theentiresystemisvulnerabletoattack;second,ifthekeyislostordamaged,allinformationinthesystemcannotbeused.
Keyvalidityperiod
Encryptionkeyscannotbeusedindefinitely.Thereareseveralreasons:thelongerthekeyisused,thegreaterthechanceofitbeingleaked;ifthekeyisHasbeenleaked,thenthelongerthekeyisused,thegreatertheloss;thelongerthekeyisused,thegreaterthetemptationforpeopletospendenergydecipheringit-evenbruteforceattacks;formultipleciphertextsencryptedwiththesamekeyItisgenerallyeasiertoperformcryptanalysis.
Differentkeysshouldhavedifferentvalidityperiods.
Thevalidityperiodofthedatakeymainlydependsonthevalueofthedataandtheamountofencrypteddatainagiventime.Thegreaterthevalueandthedatatransferrate,themorefrequentlythekeysusedwillbereplaced.
Keyencryptionkeysdonotneedtobechangedfrequently,becausetheyareonlyusedoccasionallyforkeyexchange.Insomeapplications,thekeyencryptionkeyisonlychangedonceamonthorayear.
Theencryptionkeyusedtoencryptthesaveddatafilecannotbechangedfrequently.Usuallyeachfileisencryptedwithauniquekey,andthenallkeysareencryptedwithakeyencryptionkey.Thekeyencryptionkeyiseithermemorizedorstoredinasafeplace.Ofcourse,losingthiskeymeanslosingallfileencryptionkeys.
Thevalidityperiodoftheprivatekeyinthepublickeycryptographyapplicationvariesaccordingtotheapplication.Theprivatekeyusedfordigitalsignatureandidentificationmustlastforseveralyears(orevenlife),andtheprivatekeyusedforthecointossprotocolshouldbedestroyedimmediatelyaftertheagreementiscompleted.Evenifthesecurityofthekeyisexpectedtolastforalifetime,itisnecessarytoconsiderchangingthekeyonceeverytwoyears.Theoldkeystillneedstobekeptsecretincasetheuserneedstoverifytheprevioussignature.Butthenewkeywillbeusedtosignthenewfiletoreducethenumberofsignaturefilesthatacryptanalystcanattack.
Zničit klíč
Pokud musí být klíč vyměněn, starý klíč musí být zničen a klíč musí být fyzicky zničen.
Systém správy
Heslo veřejného klíče usnadňuje správu klíče. Bez ohledu na to, kolik lidí je v síti, každý má pouze jednoho veřejného klíče.
Itisnotenoughtouseapublic/privatekeypair.Theimplementationofanygoodpublickeycryptographyneedstoseparatetheencryptionkeyfromthedigitalsignaturekey.Butasinglepairofencryptionandsigningkeysisnotenough.LikeanIDcard,aprivatekeyprovesarelationship,andpeoplehavemorethanonerelationship.Forexample,Alicecansignadocumentinthenameofaprivateperson,thevicepresidentofthecompany,etc.
InthefinancialICcardjointpilotprojectsofcommercialbanks,thesecuritycontrolandmanagementofkeysbybanksatalllevelsisthekeytothesecurityoftheapplicationsystem.
Systém správy klíčů RT-KMSKey se řídí specifikací "ChinaFinancialIntegrated Circuit (IC)Card Specification (v1.0)" a"BankICCardJointPilotTechnical Plan" s cílem usnadnit nezávislost členských bank
p>Vydávání karet, realizace sdílení čteček karet a provádění mezibankovních transakcí na různých místech.
Securitymechanism
InthenationalbankICcardjointpilotprogram,banksatalllevelsusekeymanagementsystemstoimplementkeysecuritymanagement.Thekeymanagementsystemadoptsthe3DESencryptionalgorithmandusesthethree-levelmanagementsystemofthebankheadoffice,theregionalbranchofthePeople’sBankofChina(commercialbankheadoffice),andmemberbankstosecurelysharethepublicmasterkeyandrealizecardintercommunication.,Equipmentsharing.
Theentiresecuritysystemstructuremainlyincludesthreetypesofkeys:thenationally-usedconsumer/cashwithdrawalmasterkeyGMPKoftheheadoffice,theconsumption/cashwithdrawalmasterkeyMPKoftheissuingbank,andothersoftheissuingbank
Hlavní klíč. Podle účelu klíče systém přijímá různé strategie zpracování.
Principy návrhu
(1)Všechny klíče jsou načteny a importovány šifrovací text.
(2)Klíč podléhá přísné autoritní kontrole a různé organizace nebo pracovníci mají jinou autoritu pro čtení, zápis, aktualizaci a používání různých klíčů.
(3)Inordertoensurethesecurityofkeyuseandconsidertheneedsofactualuse,thesystemcangeneratemultiplesetsofmasterkeys.Ifoneofthekeysisleakedorattacked,theapplicationsystemcanbestoppedimmediatelyTheuseofthissetofkeysandtheuseofbackupkeys,soastoavoidthewasteofexistinginvestmentandequipmentasmuchaspossible,andreducetheriskofsystemuse.
(4)Userscanchoosedifferentcombinationsandconfigurationsofthekeymanagementsubsystemaccordingtoactualneeds.
(5)Služba klíčů, úložiště a záloha jsou ve formě šifrovacího stroje pro klíče.
Managementtechnology
Technologyclassification
1.Symmetrickeymanagement.Symmetricencryptionisrealizedbasedonthecommonkeepingofsecrets.Bothpartiestothetradethatadoptsymmetricencryptiontechnologymustensurethattheyusethesamekey,thattheexchangeofeachother'skeysissafeandreliable,andalsosetupprocedurestopreventkeyleakageandchangekeys.Inthisway,themanagementanddistributionofsymmetrickeyswillbecomeapotentiallydangerousandcumbersomeprocess.Therealizationofsymmetrickeymanagementthroughpublickeyencryptiontechnologymakesthecorrespondingmanagementsimplerandmoresecure,andatthesametimesolvesthereliabilityandauthenticationproblemsinthepuresymmetrickeymode.Thetradingpartycangenerateauniquesymmetrickeyforeachexchangeofinformation(suchaseachEDIexchange)andencryptthekeywithapublickey,andthenencrypttheencryptedkeywiththekeyTheinformation(suchasEDIexchange)issenttothecorrespondingtradingpartytogether.Sinceauniquekeyisgeneratedforeachinformationexchange,eachtradingpartynolongerneedstomaintainthekeyandworryabouttheleakageorexpirationofthekey.Anotheradvantageofthismethodisthatevenifakeyisleaked,itwillonlyaffectonetransaction,andwillnotaffectallthetransactionrelationshipsbetweenthetradingparties.Thismethodalsoprovidesasecurewaytoissuesymmetrickeysbetweentradingpartners.
2.Publickeymanagement/digitalcertificate.Digitalcertificates(publickeycertificates)canbeusedtoexchangepublickeysbetweentradingpartners.ThestandardX.509developedbytheInternationalTelecommunicationUnion(ITU)definesdigitalcertificates.ThisstandardisequivalenttotheISO/IEC9594-8:195standardjointlyissuedbytheInternationalOrganizationforStandardization(ISO)andtheInternationalElectrotechnicalCommission(IEC).Digitalcertificatesusuallyincludethenamethatuniquelyidentifiestheownerofthecertificate(ie,thetradingparty),thenamethatuniquelyidentifiesthecertificateissuer,thepublickeyofthecertificateowner,thedigitalsignatureofthecertificateissuer,thevalidityperiodofthecertificate,andtheserialnumberofthecertificate,etc..Thecertificateissuerisgenerallycalledacertificateauthority(CA),whichisanorganizationtrustedbyallpartiesinthetrade.Digitalcertificatescanplayaroleinidentifyingtradingpartiesandarecurrentlyoneofthetechnologieswidelyusedine-commerce.
3.Standardspecificationsrelatedtokeymanagement.Atpresent,relevantinternationalstandardizationorganizationshavestartedtoformulatetechnicalstandardsandspecificationsonkeymanagement.TheInformationTechnologyCommittee(JTC1)underISOandIEChasdraftedaninternationalstandardspecificationforkeymanagement.Thespecificationismainlycomposedofthreeparts:oneisthekeymanagementframework;thesecondisthemechanismusingsymmetrictechnology;thethirdisthemechanismusingasymmetrictechnology.Thespecificationhasnowenteredthestageofvotingondraftinternationalstandardsandwillsoonbecomeanofficialinternationalstandard.
Digitální podpis
Digitalsignatureisanothertypeofapplicationofpublickeyencryptiontechnology.Itsmainmethodis:thesenderofthemessagegeneratesa128-bithashvalue(ormessagedigest)fromthemessagetext.Thesenderusesitsownprivatekeytoencryptthishashvaluetoformthesender'sdigitalsignature.Then,thisdigitalsignaturewillbesenttotherecipientofthemessageasanattachmenttothemessagetogetherwiththemessage.Thereceiverofthemessagefirstcalculatesa128-bithashvalue(ormessagedigest)fromthereceivedoriginalmessage,andthenusesthesender'spublickeytodecryptthedigitalsignatureattachedtothemessage.Ifthetwohashvaluesarethesame,thereceivercanconfirmthatthedigitalsignatureisfromthesender.Throughthedigitalsignature,theauthenticationandnon-repudiationoftheoriginalmessagecanberealized.
ISO/IECJTC1isalreadydraftingrelevantinternationalstandards.Thepreliminarytitleofthestandardis"InformationTechnologySecurityTechnologywithAttachedDigitalSignatureScheme",whichconsistsoftwoparts:anoverviewandanidentity-basedmechanism.
Šifrovací goritmus
Úvod do šifrování Podle záznamů v roce 400 př. n. l. vynalezli starověcí Řekové náhradní šifru. V roce 1881 se objevil první bezpečnostní patent na telefonní telefony na světě.
Withthedevelopmentofinformationtechnologyanddigitalsociety,people’sawarenessoftheimportanceofinformationsecurityandconfidentialitycontinuestoincrease,soin1997,theNationalBureauofStandardsannouncedtheimplementationofthe"USDataEncryptionStandard(DES)"Thecivilforcesbegantofullyinterveneintheresearchandapplicationofcryptography,usingencryptionalgorithmssuchasDES,RSA,andSHA.Asthedemandforencryptionstrengthcontinuestoincrease,AESandECChaverecentlyappeared.
Usingcryptographycanachievethefollowingpurposes:
Důvěrnost: Zabraňte přečtení identifikace uživatele nebo dat.
Integrita dat: Zabraňuje změně dat.
Ověření identity: abyste se ujistili, že data jsou odesílána od konkrétní strany.
2.IntroductiontoencryptionalgorithmsAccordingtodifferentkeytypes,moderncryptographictechnologiesaredividedintotwocategories:symmetricencryptionalgorithms(secretkeyencryption)andasymmetricencryptionalgorithms(publickeyencryption).
Thesymmetrickeyencryptionsystemusesthesamesecretkeyforencryptionanddecryption,andbothpartiesincommunicationmustobtainthiskeyandkeepthekeysecret.
Šifrovací klíč (veřejný klíč) a dešifrovací klíč (soukromý klíč) používaný systémem šifrování asymetrického klíče se liší.
Symmetricencryptionalgorithm
Inasymmetricencryptionalgorithm,onlyonekeyisusedtoencryptanddecryptinformation,thatis,thesamekeyisusedforencryptionanddecryption.Commonlyusedalgorithmsinclude:DES(DataEncryptionStandard):adataencryptionstandard,whichisfasterandissuitableforencryptinglargeamountsofdata.
3DES(TripleDES):Na základě DES je kus dat zašifrován třikrát pomocí tří různých klíčů, s vyšší pevností.
AES(AdvancedEncryptionStandard):Standardní pokročilé šifrování,standardní šifrovací algoritmus nové generace, s vysokou rychlostí a vysokou úrovní zabezpečení;
InOctober2000,NIST(AmericanNationalStandardAndTechnologyAssociation)announcedtheadoptionofanewkeyencryptionstandardselectedfrom15candidatealgorithms.RijndaelwasselectedasthefutureAES.Rijndaelwasfoundedinthesecondhalfof1999byresearchersJoanDaemenandVincentRijmen.AESisincreasinglybecomingthedefactostandardforencryptingvariousformsofelectronicdata.
Národní institut pro standardy a technologie (NIST) formuloval 26. května 2002 novou specifikaci Advanced EncryptionStandard (AES).
AlgorithmprincipleTheAESalgorithmisbasedonpermutationandpermutationoperations.Permutationistorearrangedata,andreplacementistoreplaceonedataunitwithanother.AESusesseveraldifferentmethodstoperformpermutationandpermutationoperations.
AESisaniterative,symmetrickeyblockcipher,itcanuse128,192,and256-bitkeys,anduse128-bit(16-byte)blockstoencryptanddecryptdata.Unlikepublickeyciphersthatusekeypairs,symmetrickeyciphersusethesamekeytoencryptanddecryptdata.Thenumberofbitsoftheencrypteddatareturnedbytheblockcipheristhesameastheinputdata.Iterativeencryptionusesaloopstructureinwhichtheinputdataisrepeatedlyreplacedandreplaced.
Porovnání mezi AES a 3DES
Název algoritmu | Typ algoritmu | Délka klíče | > Rychlost | p>Doba dešifrování (stavební stroje 255 klíčů za sekundu) | Spotřeba zdrojů |
AES | Symetrická bloková šifra | 128 192 256 bitů | > Vysoká | 149 bilionů let | nízká |
3DES | Heslo Symmetricfeistel | 112 bitů nebo 168 bitů | > nízká | 46 100 milionů let | Střední |
Asymetrický algoritmus
Společné asymetrické šifrovací goritmy jsou následující:
RSA:InventedbyRSA,itisapublickeyalgorithmthatsupportsvariable-lengthkeys.Thelengthofthefileblockthatneedstobeencryptedisalsovariable;
p>
DSA(Algoritmus digitálního podpisu):Algoritmus digitálního podpisu,isastandardDSS(DigitalSignatureStandard);
ECC(EllipticCurvesCryptography):EllipticCurvesCryptography.
In1976,becausesymmetricencryptionalgorithmscouldnolongermeettheneeds,DiffieandHellmanpublishedanarticlecalled"NewTrendsinCryptography",whichintroducedtheconceptofpublickeyencryption.AdelmanproposedtheRSAalgorithm.
Withtheprogressandimprovementofthemethodofdecomposinglargeintegers,theincreaseofcomputerspeedandthedevelopmentofcomputernetworks,inordertoensurethesecurityofdata,theRSAkeyneedstoincreasecontinuously.However,theincreaseofthekeylengthleadstoAsthespeedofencryptionanddecryptionhasbeengreatlyreduced,hardwareimplementationhasbecomemoreandmoreunbearable,whichhasbroughtaheavyburdentoapplicationsthatuseRSA,soanewalgorithmisneededtoreplaceRSA.
In1985,N.KoblitzandMillerproposedtheuseofellipticcurvesincryptographicalgorithms,basedonthediscretelogarithmproblemECDLPinpointgroupsonellipticcurvesoverfinitefields.ECDLPisamoredifficultproblemthanthefactorizationproblem,itisexponentiallydifficult.
Principle-thedifficultproblemontheellipticcurveThediscretelogarithmproblemontheellipticcurveECDLPisdefinedasfollows:GivenaprimenumberpandanellipticcurveE,forQ=kP,findPandQFindapositiveintegerkthatislessthanp.ItcanbeprovedthatitiseasiertocalculateQfromkandP,butitismoredifficulttocalculatekfromQandP.
Correspondingtheadditionoperationintheellipticcurvetothemodularmultiplicationoperationinthediscretelogarithm,andthemultiplicationoperationintheellipticcurvecorrespondingtothemodularexponentiationoperationinthediscretelogarithm,wecanbuildbasedonThecorrespondingcryptosystemoftheellipticcurve.
Forexample,correspondingtotheDiffie-Hellmanpublickeysystem,wecanimplementitontheellipticcurveinthefollowingway:selectthegeneratorPonE,andrequireenoughgroupelementsgeneratedbyP,andthecommunicationpartiesAAndBselectsaandbrespectively,aandbarekeptsecret,butaPandbParemadepublic,andthekeyusedforcommunicationbetweenAandBisabP,whichisnotknowntoathirdparty.
ThecorrespondingELGamalcryptosystemcanbeimplementedontheellipticcurveinthefollowingway:
Vložte prostý textmindoPmpointonE,vybertebodB∈EakaždýuživatelVyberteceléčíslo,0
K=kG[kdeK,GarepointsonEp(a,b),andkisanintegerlessnežn(nikolipořadíboduG)]
ItisnotdifficulttofindthatgivenkandG,itiseasytocalculateKaccordingtotheruleofaddition;butgivenKandG,itisrelativelydifficulttofindk.
Toto je problém, že šifrovací goritmus eliptické křivky. Nazýváme bodGzákladní bod,k(soukromý klíč)aKveřejný klíč.
ComparisonofECCandRSAComparedwithECCandRSA,Hasabsoluteadvantagesinmanyaspects,mainlyreflectedinthefollowingaspects:
Silný protiútok. Stejná délka, protiútok je mnohokrát silnější.
Theamountofcalculationissmallandtheprocessingspeedisfast.TheoverallspeedofECCismuchfasterthanthatofRSAandDSA.
Thestoragespaceissmall.ThekeysizeandsystemparametersofECCaremuchsmallerthanthoseofRSAandDSA.More,itmeansthatitoccupiesamuchsmallerstoragespace.ThisisofspecialsignificancefortheapplicationofencryptionalgorithmsonICcards.
Lowbandwidthrequirements.WhenencryptinganddecryptinglongmessagesAtthistime,thethreetypesofcryptosystemshavethesamebandwidthrequirements,butwhenappliedtoshortmessages,theECCbandwidthrequirementsaremuchlower.ThelowbandwidthrequirementsmakeECChaveawiderangeofapplicationprospectsinthefieldofwirelessnetworks.
ECCThesecharacteristicsmakeitsuretoreplaceRSAandbecomeageneralpublickeyencryptionalgorithm.Forexample,thecreatorsoftheSETprotocolhaveadopteditasthedefaultpublickeyencryptionalgorithminthenextgenerationSETprotocol.
ThefollowingtwoRepresentsthecomparisonofthesecurityandspeedofRSAandECC.
Timeofbreach (MIPSroky) td> | RSA/DSA (délka klíče) | délka klíče ECC | Poměr délky klíče RSA/ECC |
10 | 512 | 106 | 5:1 |
10 | 768 | 132 | 6:1 |
10 | 1024 | 160 | 7:1 |
10 | 2048 | 210 | > 10:1 |
10 | 21 000 | 600 | 35:1 |
Porovnání modulů zabezpečení RSA a ECC
Funkce | SecurityBuilder1.2 | BSAFE3.0 |
163bit ECC(ms) | 1 023 bitů RSA (ms) | |
Generování párů klíčů | 3.8 | 4 708,3 |
Podpis p> | 2.1 (ECNRA) | 228,4 |
3.0 (ECDSA) | ||
Certifikace | 9.9 (ECNRA) | 12.7 |
10,7 (ECDSA) | ||
Diffie – výměna klíčů Hellman | > 7.3 | 1 654,0 |
Porovnání rychlosti mezi RSA a ECC
Hashalgorithm
Hashingalgorithmisalsocalledhashalgorithm,EnglishisHash,whichistotransformaninputofanylength(alsocalledpre-image,pre-image)intoafixed-lengthoutputthroughahashingalgorithm.Theoutputisthehashvalue.Thisconversionisacompressionmapping,thatis,thehashvaluespaceisusuallymuchsmallerthantheinputspace,differentinputsmaybehashedintothesameoutput,anditisimpossibletouniquelydeterminetheinputvaluefromthehashvalue.Simplyput,itisafunctionthatcompressesmessagesofanylengthtoafixed-lengthmessagedigest.
HASHismainlyusedinencryptionalgorithmsinthefieldofinformationsecurity.Itconvertsinformationofdifferentlengthsintomessy128-bitcodes.ThesecodedvaluesarecalledHASHvalues.ItcanalsobesaidthathashistofindakindofThehashofthemappingrelationshipbetweenthedatacontentandthedatastorageaddressistherefinementoftheinformation,anditslengthisusuallymuchsmallerthanthatoftheinformation,anditisafixedlength.Astrongencryptionhashmustbeirreversible,whichmeansthatnopartoftheoriginalinformationcanbederivedfromthehashresult.Anychangeintheinputinformation,evenifitisonlyonebit,willcauseasignificantchangeinthehashresult,whichiscalledtheavalancheeffect.Hashingshouldalsobeanti-collision,thatis,twopiecesofinformationwiththesamehashresultcannotbefound.Thehashresultwiththesecharacteristicscanbeusedtoverifywhethertheinformationhasbeenmodified.
Jednosměrná hašovací funkce se obecně používá ke generování přehledů zpráv, šifrování klíčů atd. Běžné jsou:
MD5(MessageDigestAlgorithm5):Je vyvinutý společností RSADataSecurityCorporationJednosměrný hashalgoritmus.
SHA(SecureHashAlgorithm):Může vygenerovat 160bitovou hodnotu pro data libovolné délky;
In1993,theSecureHashAlgorithm(SHA)wasadoptedbytheAmericanNationalStandardItwasproposedbytheInstituteofTechnologyandTechnology(NIST)andpublishedastheFederalInformationProcessingStandard(FIPSPUB180);in1995,arevisedversionofFIPSPUB180-1wasreleased,usuallycalledSHA-1.SHA-1isbasedontheMD4algorithm,anditsdesignlargelyimitatesMD4.Itisnowrecognizedasoneofthesafesthashingalgorithmsandiswidelyused.
PrincipleSHA-1isadataencryptionalgorithm.Theideaofthealgorithmistoreceiveapieceofplaintextandthenconvertitintoapieceof(usuallysmaller)ciphertextinanirreversibleway.ItcanalsobesimpleTheunderstandingofistheprocessoftakingastringofinputcodes(calledpre-mappingorinformation)andconvertingthemintoashort-length,fixed-digitoutputsequencethatisahashvalue(alsoknownasinformationdigestorinformationauthenticationcode).
Thesecurityoftheone-wayhashfunctionliesinitsstrongone-wayoperationintheprocessofgeneratingthehashvalue.Ifthepasswordisembeddedintheinputsequence,noonecangeneratethecorrecthashvaluewithoutknowingthepassword,thusensuringitssecurity.SHAdividestheinputstreamintoblocksof512bits(64bytes)perblock,andproduces20bytesofoutputcalledthemessageauthenticationcodeormessagedigest.
Maximální délka vstupní zprávy algoritmu nepřesahuje 264 bitů a výstup produkuje 160 bitovou zprávu. Vstup je zpracován v 512 bitových skupinách. SHA-1 je nevratný, protikolizní a má dobrý lavinový efekt.
Thedigitalsignaturecanberealizedthroughthehashalgorithm.Theprincipleofdigitalsignatureistoconverttheplaintexttobetransmittedintoamessagedigestthroughafunctionoperation(Hash)(differentplaintextcorrespondstodifferentmessagedigests),Themessagedigestisencryptedandsenttotherecipienttogetherwiththeplaintext.Therecipientwillgenerateanewmessagedigestofthereceivedplaintextandcompareitwiththesender'ssentmessagedigest.Thecomparisonresultisconsistent,indicatingthattheplaintexthasnotbeenchanged.Ifitisinconsistent,itmeansTheplaintexthasbeentamperedwith.
MAC(InformationAuthenticationCode)isahashresult.Partoftheinputinformationisapassword.OnlyparticipantswhoknowthispasswordcanrecalculateandverifythevalidityoftheMACcode.ThegenerationofMACisshowninthefigurebelow.
Zadávací informace |
Heslo |
Hashovací funkce |
Kód pro ověření informací |
Porovnání mezi SHA-1 a MD5, protože oba odvozené od MD4, a SHA-1 a MD5 se od sebe navzájem liší. Odpovídající tomu, jejich síla a další vlastnosti jsou podobné, ale existují skutečné rozdíly, jako jsou následující:
Securityagainstforcedsupply:ThemostsignificantandimportantdifferenceisthattheSHA-1abstractislongerthantheMD5abstract32bits.Usingforcetechnology,thedifficultyofgeneratinganymessagesothatitsdigestisequaltoagivendigestisa2-orderoperationforMD5,anda2-orderoperationforSHA-1.Inthisway,SHA-1hasgreaterstrengthagainstforcedattacks.
Zabezpečení kryptoanalýzy: Díky návrhu MD5 je zranitelný vůči útokům kryptoanalýzy a SHA-1 není zranitelný vůči takovým útokům.
Rychlost: Na stejném hardwaru běží SHA-1 pomaleji než MD5.
Porovnání dvou
Porovnání symetrických a symetrických algoritmů
Theprinciplesofthetwoencryptionmethodsaresummarizedabove.Generallyspeaking,therearemainlythefollowingaspectsDifferent:
1.Intermsofmanagement:thepublickeycryptographicalgorithmonlyneedslessresourcestoachieveitspurpose.Inthedistributionofkeys,thereisanexponentialleveldifferencebetweenthetwo(oneisnoneIsn).Therefore,theprivatekeycryptographicalgorithmisnotsuitablefortheuseofWAN,andmoreimportantly,itdoesnotsupportdigitalsignatures.
2.Intermsofsecurity:Sincethepublickeycryptographicalgorithmisbasedonanunsolvedmathematicalproblem,itisalmostimpossibletocrack.Fortheprivatekeycryptographicalgorithm,althoughitisimpossibletocracktheoreticallybyAES,fromtheperspectiveofcomputerdevelopment.Thepublickeyismoreadvantageous.
3.Fromthepointofviewofspeed:ThesoftwareimplementationspeedofAEShasreachedseveralmegabitsortensofmegabitspersecond.Itis100timesthepublickey.Ifimplementedbyhardware,thisratiowillbeexpandedto1000times.
ThechoiceofencryptionalgorithmThepreviouschaptershaveintroducedsymmetricdecryptionalgorithmsandasymmetricencryptionalgorithms.Manypeoplearewondering:Sowhichoneshouldweuseinactualuseisbetter?
Weshoulddetermineaccordingtoourowncharacteristics.Sincetherunningspeedofasymmetricencryptionalgorithmismuchslowerthanthatofsymmetricencryptionalgorithm,whenweneedtoencryptalargeamountofdata,itisrecommendedtousesymmetricencryptionalgorithmtoimproveEncryptionanddecryptionspeed.
Symmetricencryptionalgorithmcannotrealizesignature,sosignaturecanonlybeasymmetricalgorithm.
Asthekeymanagementofthesymmetricencryptionalgorithmisacomplexprocess,themanagementofthekeydirectlydeterminesitssecurity,sowhentheamountofdataissmall,wecanconsiderusinganasymmetricencryptionalgorithm.
Intheactualoperationprocess,weusuallyadoptthemethod:useanasymmetricencryptionalgorithmtomanagethekeyofthesymmetricalgorithm,andthenusethesymmetricencryptionalgorithmtoencryptthedata,sothatwehaveintegratedtwotypesofencryptionalgorithmsTheadvantageofnotonlyrealizestheadvantagesoffastencryptionspeed,butalsorealizestheadvantagesofsafeandconvenientkeymanagement.
Pokud je šifrovací goritmus vybrán, kolik bitů klíčů by se mělo použít? Obecně řečeno, čím delší klíč, tím nižší rychlost běhu. Měl by být vybrán podle úrovně zabezpečení, kterou skutečně potřebujeme. Obecně řečeno, 1024bitová čísla jsou doporučena pro RSA, 160 bitů.
Themodernapplicationofcryptography,withthepopularizationofcommercialapplicationsofcryptography,publickeycryptographyhasreceivedunprecedentedattention.Inadditiontotraditionalcryptographicapplicationsystems,thePKIsystemisbasedonpublickeycryptography,providingfunctionssuchasencryption,signature,authentication,keymanagement,anddistribution.
Confidentialcommunication:Confidentialcommunicationisthecauseofcryptography.Whenusingpublicandprivatekeycryptographyforconfidentialcommunication,therecipientoftheinformationcandecrypttheinformationonlyifheknowsthecorrespondingkey.
Digitalsignature:Digitalsignaturetechnologycanreplacetraditionalhandwrittensignatures,andfromasecurityperspective,digitalsignatureshaveagoodanti-counterfeitingfunction.Ithasawiderangeofapplicationenvironmentsingovernmentagencies,militaryfields,andcommercialfields.
Secretsharing:Secretsharingtechnologyreferstotheuseofcryptographictechniquestosplitasecretinformationintonpiecesofinformationcalledsharingfactors,anddistributethemtonmembers,onlyk(k≤n)legalmembersThesecretinformationcanberecoveredbythesharingfactorof,andanyoneorm(m≤k)memberscooperateswithoutknowingthesecretinformation.Theuseofsecretsharingtechnologycancontrolanysecretinformation,commands,etc.thatneedtobecontrolledbymultiplepeople.
Authenticationfunction:transmitsensitiveinformationonopenchannels,usesignaturetechnologytoverifytheauthenticityandintegrityofthemessage,andverifytheidentityofthecommunicationsubjectbyverifyingthepublickeycertificate.
Keymanagement:Thekeyisamorefragileandimportantlinkinthesecuritysystem.Thepublickeycryptosystemisapowerfultooltosolvethekeymanagementwork;thepublickeycryptosystemisusedforkeynegotiationandgeneration,Thetwopartiesinconfidentialcommunicationdonotneedtosharesecretinformationinadvance;publickeycryptosystemsareusedforkeydistribution,protection,keyescrow,andkeyrecovery.
Basedonthepublickeycryptosystem,inadditiontotheabovegeneralfunctions,thefollowingsystemscanalsobedesignedandimplemented:securee-commercesystem,electroniccashsystem,electronicelectionsystem,electronicbiddingsystem,electroniclotterysystem,etc.
Theemergenceofthepublickeycryptosystemisthebasisforthedevelopmentofcryptographyfromthetraditionalgovernment,militaryandotherapplicationfieldstocommercialandcivilianuse.Atthesametime,thedevelopmentoftheInternetande-commercehasopenedupabroaderfieldforthedevelopmentofcryptography.prospect.
ThefutureofencryptionalgorithmsWiththeimprovementofcalculationmethods,theaccelerationofcomputeroperationspeed,andthedevelopmentofnetworks,moreandmorealgorithmshavebeencracked.
Atthe2004InternationalConferenceonCryptography(Crypto'2004),ProfessorWangXiaoyunfromShandongUniversity,China,madeareportondecipheringMD5,HAVAL-128,MD4andRIPEMDalgorithms,whichmadethepresentinternationaltoppasswordsAcademicexpertsareshocked,whichmeansthatthesealgorithmswillbeeliminatedfromtheapplication.Subsequently,SHA-1wasalsodeclaredtohavebeencracked.
TherearethreeattackexperimentsthathaveanimpactonDESinhistory.In1997,using70,000computersfromvariouscountriesatthattime,ittook96daystocracktheDESkey.In1998,theElectronicFrontierFoundation(EFF)usedaspecialcomputerbuiltfor$250,000tocracktheDESkeyin56hours.In1999,EFFcompletedthecrackingworkin22hoursand15minutes.therefore.DES,whichoncemadeoutstandingcontributions,cannolongermeetourgrowingneeds.
Recently,agroupofresearcherssuccessfullydecomposeda512-bitintegerandannouncedtheRSAcracking.
Wesaythatdatasecurityisrelative.Itcanbesaidthatitissafeforacertainperiodoftimeandundercertainconditions.Withthedevelopmentofhardwareandnetwork,ortheemergenceofanotherWangXiaoyun,thecurrentcommonlyusedencryptionalgorithmsareItmaybecrackedinashorttime.Atthattime,wehavetouselongerkeysormoreadvancedalgorithmstoensuredatasecurity.Therefore,encryptionalgorithmsstillneedtobecontinuouslydevelopedandimprovedtoprovidehigherencryptionsecuritystrengthandcalculatingspeed.
Overviewofthesetwoalgorithms,oneisfromDESto3DEStoAES,andtheotherisfromRSAtoECC.Itsdevelopmentangleisallconsideringthesimplicityofthekey,thelowcost,theeaseofmanagement,thecomplexityofthealgorithm,thesecurityofconfidentiality,andthespeedofcalculation.Therefore,thedevelopmentofalgorithmsinthefuturemustbebasedontheseperspectives,andthesetwoalgorithmsareoftencombinedinactualoperations,andanewalgorithmthatcombinestheadvantagesofthetwoalgorithmswillappearinthefuture.Atthattime,therealizationofe-commercewillsurelybefasterandsafer.