Android Platform Security Concept Chapter

First, security is mainly used to solve 4 types of demand

1. Confidential (security/confidentiality) information is not disclosed to third parties

2. identification/authentication (authentication) to know who is communicating with you

3. Integrity (Integrity) information transfer stored in the process of preservation integrity (not modified, not destroyed, not inserted, no delay, no confusion, no loss)

4. non-repudiation (non-repudiation) It is easy to know that the message was generated, signed, and accepted by that user.

The nature of cryptographic algorithms

Separation of Algorithms and keys

Three, symmetric encryption

(i) Basic concepts

Key: Divided into encryption key and decryption key.
PlainText: Information that is not encrypted to directly represent the meaning of the original text.
Ciphertext: After the processing of encryption, hide the original meaning of the information.
Encryption: Converts the plaintext to the redact implementation process.
Decryption: The implementation process of converting ciphertext into plaintext.

(ii) symmetric encryption model

the process of encrypting EK (m) =c decryption process EK (c) =m, where M, C, K, E, and D are clear text, ciphertext, keys, cryptographic algorithms, and decryption algorithms, respectively. Symmetric encryption is called when the encryption key and decryption key are the same key

(iii) Types of symmetric cryptographic models

There are three kinds of symmetric encryption models : Substitution encryption Transpose encryption product encryption (which is the combination of permutation and transpose encryption)

Represents the encryption algorithm: DES (Data Encryption Standard) and AES (Advanced encryption)

1, displacement encryption
The order of the original characters does not change, just replace the original character with another character. For example, plaintext E:ABC, encrypted after the ciphertext P is DFG: Encryption process is: A--D,B--F,C--G, key K:DFG.

2, transpose encryption

The original characters did not change, but the order of the original characters changed. In fact, transpose encryption is a mathematical-based transpose matrix principle.

Key 14253

ASDFG AQZ where transpose matrix: Qaz 1-->1
Qwert---->dec SWX 2-->4

ZXCVB GTB Dec 3-->2
SWX FRV 4-->5

FRV GTB 5-->3

3, Product encryption

is to encrypt and decrypt data over and over again using conversion encryption and transpose encryption.

Four, asymmetric encryption

(i) Basic concepts

Public key: The public key as the name implies, the key that is used to encrypt during non-symmetric encryption .
Private key: The secret key that is used for decryption during non-symmetric encryption.

The popular understanding of asymmetric encryption: the public key and the private key are generated together, and then public key, others can feel the public key to encrypt data information and you communicate, so that other people even intercepted this piece of information, no private key can not be decrypted, that is, only their own to decrypt the data information. So the security of the key is relatively high, do not worry about the key exchange problem.

The theoretical cornerstone of public-key algorithms: Mathematics, Mathematics is the basis of science. The two most important mathematical foundations of public-key algorithms are:

1. Based on the difficulty of decomposing large numbers, it can be understood that I have two large large prime numbers as the private key, exposing two large prime numbers as the product of the public key, so that even if we know the public key, it is difficult to decompose the two private key out, it will not be able to decipher the data after encryption;

2. The difficulty of calculating the discrete logarithm is based on the large prime number model.

(ii) Asymmetric encryption model
the difference between asymmetric and symmetric encryption the encryption key and the secret key for asymmetric encryption are not the same

(iii) Asymmetric encryption algorithm

RSA: is an asymmetric encryption algorithm based on the difficulty of decomposing large numbers, whose public and private key lengths are at least 1024bit

Five key exchange overview

(a) advantages and disadvantages of public key cryptography algorithms

Advantages: High Efficiency
Cons: Issues with key exchange. RSA is not as secure as encryption, but when you choose 256bit AES, you can still do most of the security areas

(ii) Advantages and disadvantages of public key cryptography algorithms

Pros: Security is high enough, no key exchange issues
Cons: Low efficiency, slow encryption for big data

(iii) Summary of current status of actual confidential session

(1) Encrypt the session based on an efficient symmetric encryption algorithm

(2) Real-time session key generation and periodic changes

(3) Transfer and exchange of session keys based on other secure means

(iv) Type of key exchange

1, use public key password to exchange session password

Use the peer public key to encrypt the resulting session key and pass it to the peer, the peer uses the private key to decrypt the session key, and both parties begin the symmetric encryption of the confidential session communication based on the shared session key

2.diffie-hellman Key exchange protocol

The difficulty of calculating the discrete logarithm based on the large prime number model
Each side selects key and then transfers it to the other by a certain algorithm (which makes the key not transmitted in clear text).

The two sides use the data exchanged by each other and their own selected key to do the transformation, to obtain a consistent result, as a session key

Six digital fingerprint/message digest/hashing/hashing

A Definition of hash (hash) function (algorithm)

Variable-length input transforms into a fixed-length output

(ii) Common hash algorithms

MD5 (128bit), SHA1 (160bit)

Three The characteristics of hash algorithm

1. Variability: Even if the original information 1bit changes, the output of the hash will have unpredictable huge changes.
2. Irreversible: It is impossible or difficult to construct a satisfying input information through the hash result.

Four Application scenario of hash algorithm

Based on variability characteristics
 The integrity is guaranteed
 Examples:
MD5 When downloading files
Additional MD At the end of message delivery

Based on variability characteristics
 The integrity is guaranteed
 Examples:
The function and insufficiency of CRC calibration
MD test message integrity and undamaged transmission in harsh environments
Robust protection for core file/database reads and writes in applications, preventing power-down and crash

Based on non-reversible characteristics
 Certified Peer-to-peer
 Examples:
Basic and Digest authentication for HTTP
PAP and CHAP authentication for PPP
Mobile phone login password and hidden MMI design

Seven Electronic signatures

(a) signature to solve what problem

Sign what?
 Integrity Protection of the contents of the check

Who's signing?
 Non-repudiation of the signatory

(ii) The dual nature of public key cryptography

(iii) Electronic signature =hash+ Public key cryptography

rsa's low-efficiency features, resulting in even signatures that are not suitable for direct signature of the original information
 The use of hash to complete the message digest and integrity identification function
 then the simple message digest is based on the signature of the public key cryptography
 signature is usually attached to the end of the original message or sent together with the head

Eight digital certificates

(i) The role of certificates: Public key storage and exchange

The public key is stored in the digital certificate as a field, and the exchange and transfer of the certificate can transfer/exchange the public key (demo)

(ii) certificate-based certification

Authentication methods based on trusted certificates are widely used in modern security fields, such as Wifi,https
 in HTTPS, a typical client-to-server authentication and identification is based on a trusted list (demo)

Android Platform Security Concept Chapter