Chapter 4 basic information security technology

ArticleDirectory

• 27.1 Password Technology
• 27.2 virtual private network and Virtual Private Network
• 27.3 wireless security network WLAN

27.1 cryptographic technology 27.1.1 terms: plaintext, ciphertext, key, Algorithm

Encrypted c = E (m)

Decrypt M = D (c)

Then M = D (E (m ))

Encryption and decryption with keys indicates M = d {k} (E {k} (m ))

27.1.2 symmetric and asymmetric encryption

1. Symmetric Key Algorithm

If equation M = d {K1} (E {K1} (M) is true, that is, encryption and decryption both use the same key, the algorithm is "symmetric ".

Common symmetric key algorithms: sdbi, idea, RC4, Des, 3DES

1. Advantages and Disadvantages of Symmetric Key Algorithms

Advantages:

Fast encryption/Decryption speed;

Simple key management;

Suitable for one-to-one Information Encryption Transmission.

Disadvantages:

The encryption algorithm is simple, the key length is limited (56bit/128bit), and the encryption strength is not high;

Key Distribution is difficult, and it is not suitable for one-to-many encrypted information transmission.

2. Asymmetric Key Algorithm

If the equation M = d {d-priv} (E {d-Pub} (M) is true, the algorithm is "asymmetric ".

Common asymmetric key algorithms: RSA and ECC

3. Advantages and Disadvantages of Asymmetric Key Algorithms

Advantages

The encryption algorithm is complex, the key length is arbitrary, and the encryption strength is high;

Suitable for one-to-many encrypted information exchange.

Disadvantages

Slow encryption/Decryption speed;

Complex key management;

Ciphertext attacks are fragile and do not apply to encrypted data transmission.

27.1.3 Hash Algorithm

Common hash algorithms: SDH, Sha, and MD5

27.1.4 information digest algorithm and digital fingerprint

The abstract can be seen as a "digital fingerprint" of a long file ".

27.1.5 digital signature and Verification

27.1.6 digital timestamp technology

The digital timestamp technology is a variant of the digital signature technology.

Data transmission (DTS) is one of the security services for online e-commerce.

27.1.7 transmit symmetric keys using asymmetric keys 27.1.8 National password and security product management

Password levels include commercial passwords, common passwords, top secret passwords, and military passwords.

27.2 virtual private network and virtual private network 1. Basic concepts of VPN and VLAN

VPN and VLAN are temporary and secure connections on a shared network (generally Internet.

2. Differences between IPSec VPN and MPLS VPN

IPSec is an open-source framework defined by the IETF IPSec Working Group.

Rfc2547 defines a mechanism of MPLS (Multi-Protocol Label Switching) that allows service providers to use their IP backbone networks to provide VPN services to users ).

27.3 wlan27.3.1 WLAN features

Security, QoS support, and scalability

27.3.2 WLAN Security Mechanism

1. WEP

The connection peer-to-peer protocol WEP is the first security mechanism provided by the 802.1 standard to establish a wireless network security environment.

WEP uses the RC4 dense stream, which is generated by the combination of the unique or data/icv and the 24 is IV. The key length is 40 bits.

2. WEP2

The IV Space of WEP2 is 128 bits and supports cerberusv.

1. WPA

Wi-Fi Alliance announcement

Content: one is to replace WEP with a better TKIP encryption system, and the other is a user Identity Authentication System Based on 802.1x standards.

4. China Standard WAPI