Cryptography principle of USB key

First, let's talk about the work process of Alibaba Cloud security.

Your digital certificate has one pair, one private key in Alibaba Cloud security and one public key in the Bank (in fact, both banks have one ). The principle of ushield is similar to that of two-way authentication TLS (SSL) or other two-way certificate verification methods that use RSA. The following steps may differ from the actual implementation of ushield, but they are essentially the same:

-- The bank first gives you an "shock", which includes a random number and the random number hash. They are all encrypted by the public key, so that only you can decrypt this "shock"
-- After you calculate the hash of the random number and use the hash obtained with the private key, you can confirm the identity of the bank.
-- Next, let's start withAlgorithmTo generate a "response" and corresponding hash Based on the random number and other information, and then use the private key to encrypt it and send it back to the bank. (At this time, the Bank also calculates the "response" using the same algorithm ")
-- The Bank decrypts the data with the public key and verifies that the hash is correct. Then, the Bank compares the two "corresponding" to determine whether the two are the same. If the two are the same, the customer's identity is also confirmed.
The confidentiality of the private key is implemented by Alibaba Cloud security. The control chip of ushield is designed to write only certificates, and cannot read certificates. All operations using certificates are carried out in ushield. Therefore, the operation results can only be read from the Alibaba Cloud security.

Next, we will analyze the security of network payment in light of cryptography principles, and finally solve the mystery of Alibaba Cloud security.

Question 1: The most natural idea is that a must encrypt the file to prevent others from viewing its content. So what encryption technology should it use, can contract transfer be safe and fast?

Some mature symmetric encryption algorithms, such as des, 3DES, and RC5, can be used to encrypt files. Symmetric encryption uses symmetric encryption technology, which features that the same key is used for file encryption and decryption, that is, the encryption key can also be used as the decryption key, this method is called symmetric encryption algorithm in cryptography,

Question 2: If a hacker intercepts this file, can he use the same algorithm to decrypt it?

No, because both encryption and decryption require two components: encryption algorithm and symmetric key. The encryption algorithm requires a symmetric key for decryption. Hackers do not know this key.

Question 3: Since hackers do not know the key, how can B securely obtain the key? By phone, a hacker may intercept the phone and send the key to B over the Internet. What should I do?
The method is to use asymmetric key algorithms to encrypt and transmit symmetric keys. Unlike symmetric encryption algorithms, asymmetric encryption algorithms require two keys: public key and private key ). A public key is a pair of private keys. If a public key is used to encrypt data, only the corresponding private key can be used for decryption. If a private key is used to encrypt data, only the corresponding public key can be decrypted. Because encryption and decryption use two different keys, this algorithm is called asymmetric encryption algorithm (public/private keys can be generated by specialized software ). Both parties have a pair of public/private keys. The public key can be transmitted over the Internet, and the private key is saved on its own. In this way, Party A can use Party B's public key to encrypt the symmetric key in the symmetric encryption algorithm mentioned in question 1. Even if the hacker intercepts the key, the hacker does not know the private key of Party B, but does not open the symmetric key. Therefore, the hacker cannot decrypt the ciphertext. Only Party B can unlock the ciphertext.

Question 4: Since Party A can use Party B's public key to encrypt its symmetric key, why not directly use Party B's public key to encrypt its file? This is not only simple, but also saves the steps to encrypt files using symmetric encryption algorithms?

you cannot do this. Asymmetric encryption algorithms have two disadvantages: Low encryption speed and 10-10-slower than symmetric encryption algorithms ~ 100 times, so only small data (such as symmetric keys) can be encrypted. In addition, encrypted ciphertext will become longer. Therefore, symmetric encryption algorithms are generally used to encrypt their files, and symmetric keys used by asymmetric algorithms are then used to encrypt symmetric keys.

question 5: If a hacker intercepts the ciphertext, likewise, the symmetric key encrypted with the public key is intercepted. Because the hacker does not have the private key of Party B, he cannot unlock the symmetric key. However, if he uses a symmetric encryption algorithm to encrypt a fake file, use the public key of Party B to encrypt the symmetric key of a false file and send it to Party B. Party B will assume that the file sent by Party A will be decrypted with the private key, I am very happy to read the content, but I don't know whether it has been replaced. In other words, Party B does not know that it was not sent to Party A. What should I do?
the answer is to use a digital signature to prove its identity. A digital signature uses hash algorithms, such as MD5 and SHA-1, to extract a Digest from large data blocks. However, the Digest cannot use the hash algorithm to restore any original text. That is, the Digest will not reveal any original plaintext information, but if the original information is changed, the summary is certainly different. Therefore, a can digest the file and encrypt it with its own private key (because the asymmetric algorithm is reversible, that is, the private key can be used to unbind the file encrypted by the public key, and vice versa ), in this way, even hacker interception is useless. Because the hacker does not obtain any information from the abstract, but B is not the same, he can use the public key of a to decrypt and obtain its abstract (if a public key can be used to unbind this abstract, this abstract must have been sent by a, because only the public key of a can unbind the Information encrypted by the private key of A, and the private key of A is only known by ), the same hashing algorithm is also applied to the files received (the decrypted contract files), and the digest is the same by comparing them, you can see whether the file has been tampered with (because if the abstract is the same, the information is certainly not modified, which is a feature of the hash algorithm ). This not only solves the problem of proving the sender's identity, but also solves the problem of file tampering.

Problem 6: The symmetric encryption algorithm is used to encrypt the file, the asymmetric algorithm is used to encrypt the symmetric key, and the hash algorithm is used to verify the identity and information of the sender, is this safe?

The answer is no. The problem is that Party B cannot be sure that the so-called public key of Party A must be a. The solution is to use a digital certificate to bind the public key and the owner of the public key.
A digital certificate is a digital signature signed by the certificate authority that contains information about the public key owner and the public key. It is a series of data that identifies the identity information of all parties in the network communication, it provides a way to authenticate identity on the Internet, which is similar to a driver's driving license or an ID card in everyday life. People can use it to identify each other in interactions.
The simplest certificate contains a public key, name, and digital signature of the certificate authorization center. Generally, the certificate includes the key validity period, the name of the issuing authority (Certificate Authority), and the certificate serial number. It is issued by a ca, also known as the Certificate Authority Center. As a trusted third party in e-commerce transactions, CA is responsible for verifying the validity of public keys in the public key system. The CA center issues a digital certificate to each user who uses the public key. The digital certificate is used to prove that the user listed in the certificate legally owns the public key listed in the certificate. The digital signature of CA prevents attackers from forging and tampering certificates. Ca is the core of PKI and manages all users under the PKI structure (including various applications ).Program.
Because the digital certificate is public, just like the public phone book, in practice, the sender (that is,) A copy of your digital certificate, together with the ciphertext and digest, will be sent to the recipient (that is, B ), B checks the validity of the certificate by verifying the signature of the Authority on the certificate (you only need to use the public key of the trusted authority to verify the signature on the certificate ), if the certificate check is normal, you can believe that the public key contained in the certificate does belong to the person listed in the certificate (that is, ).

Question 7: It seems safe now. However, security vulnerabilities still exist. For example, although Party A issues the contract documents to Party B, however, Jia refused to acknowledge that he had signed the document at the time indicated by the signature (digital signature is equivalent to the text signature of the written contract), blamed the computer for the fault, and thus did not perform the contract, what should I do?

The solution is to use a trusted clock service (provided by an authority), that is, signed by a trusted time source and file signer. In a written contract, the date of signing of the document is the same as that of the signature. It is important to prevent forgery and tampering of the document (for example, the contract generally stipulates that the document will take effect from the date of signing ). In electronic files, because the user's desktop time is easy to change (inaccurate or changeable), The timestamp generated by this time cannot be trusted, therefore, a third party is required to provide the timestamp Service (DTS), which is an online security service project provided by a dedicated organization ). This service provides security protection for the publication time of electronic files.
The process of Timestamp generation is as follows: the user first encrypts the file that requires timestamp into a digest using hash encoding, and then sends the Digest to DTs, DTS encrypts the file (digital signature) after adding the date and time information for receiving the file digest, and then sends it back to the user. Therefore, the timestamp is an encrypted document. It consists of three parts: the abstract of the file that requires timestamp, the date and time when DTS received the file, and the digital signature of DTs. Since the Trusted time source and the file signatory sign the file together, and thus prevent the Party (that is, Party A) of the document signature from being fraudulent in time, it is undeniable.
Question 8: Is there a digital certificate that binds the public/private key to the identity, and an authority provides the clock service to make it undeniable? No, there is still a problem. B still cannot prove that the other party is a, because it is entirely possible that someone else has stolen a's private key (for example, someone else is not using a's computer ), then I sent information to Party B as a. How can this problem be solved?
The solution is to use technologies such as strong passwords, authentication tokens, smart cards, and biometric features to authenticate users who use private keys to determine that they are legal users of private keys.
Before solving this problem, let's take a look at how PKI-based authentication currently works. Take the browser or other application that registers for certificate application as an example to describe that a key storage will be created when the key is generated for the first time, and the browser user will be prompted to enter a password, the password is used to construct the encryption key required to protect the key storage. If the key store only has weak password protection or no password protection at all, any user who can access the computer browser can access those private keys and certificates. In this scenario, how can I trust the identity created using PKI? Because of this, a strong PKI system must be built on the basis of strong authentication of the private key owner. The main authentication technologies currently include: strong passwords, authentication tokens, smart cards, and biometric features (such as fingerprint and eye mask ).
Take the authentication token as an example: assume that your private key is saved in the encryption container of the backend server and you want to access the private key, the user must first use the authentication token (for example, the user enters the account name, the pass code and pin displayed on the token). If the authentication is successful, the user's encrypted container is downloaded to the user's system and decrypted.
By solving the above problems, the security requirements for sending files are basically met. The following is a summary of this process. For A, the entire sending process is as follows:
1. Create a symmetric key (generated by the corresponding software and one-time), encrypt the contract with it, and pack the symmetric key with the public key of Party B.
2. create a digital signature, hash the contract (such as the MD5 Algorithm), and generate the original digest, A uses its own private key to encrypt the abstract (the public/private key can be created by itself or provided by the CA ).
3. Finally, Party A sends the encrypted contract, packaged key, encrypted summary, and digital certificate (issued by the CA) to Party B.
After receiving the encrypted file, Party B needs to do the following:
1. After receiving the accesskey, use the private key of Party B to decrypt the accesskey to obtain the symmetric accesskey.
2. Obtain the public key of a through the digital certificate of A and use it to unbind the abstract (called abstract 1 ).
3. Use the same hash algorithm as the sender to create a Digest (called digest 2) for the decrypted contract ).
4. Compare Summary 1 and Summary 2. If they are the same, the information is not tampered with and comes from.
The process of transmitting information from A to B does not seem complicated, but it actually consists of many basic components, such as symmetric/Asymmetric Key Cryptography technology, digital certificates, digital signatures, and certificate issuing authority (CA) and public key security policies, among which the most important and complex is the establishment of the certificate issuing authority (CA.

The following describes what is the essence of Alibaba Cloud security:

UAlibaba Cloud security also acts as a mobile digital certificate, which stores your personal digital certificate and cannot be read. Similarly, the bank records your digital certificate.

When you attempt to perform online transactions, the bank will send you the string A, which is encrypted by combining the time string, address string, transaction information string, and anti-Replay Attack String, your ushield will perform non-inverse operations on string a according to your personal certificate to obtain string B, and send string B to the bank. The bank also performs this non-inverse operation at the same time, if the bank operation result is the same as your operation result, you are deemed legal and the transaction can be completed. Otherwise, you are deemed illegal and the transaction will fail.

(Theoretically, different string a does not produce the same string B, that is, a string a corresponds to a unique string B. However, string B and string a cannot generate your digital certificate, in addition, Alibaba Cloud security is not readable, so no one can obtain your digital certificate. In addition, the bank sends different anti-replay strings (random strings) and time strings each time. Therefore, after a transaction is completed, the newly issued string B is no longer valid. To sum up, in theory, Alibaba Cloud security is absolutely secure-note that in theory, the probability of forgery is about one of the 80 power points of 2, but if there is a dnabasecomputer like Transformers ).

 

PS: from the network, sort it by yourself.