第二讲密码学及其应用报告.ppt

Cryptography Is A tremendous tool The basis for many security mechanisms Is not The solution to all security problems Reliable unless implemented properly Reliable unless used properly Something you should try to invent yourself unless you spend a lot of time becoming an expert you subject your design to outside review Basic Concepts in Cryptography Encryption scheme: functions to encrypt, decrypt data key generation algorithm Secret key vs. public key Public key: publishing key does not reveal key-1 Secret key: more efficient, generally key = key-1 Hash function, MAC Map input to short hash; ideally, no collisions MAC (keyed hash) used for message integrity Signature scheme Functions to sign data, verify signature Evaluation of one-time pad Advantages Easy to compute encrypt, decrypt from key, text As hard to break as possible This is an information-theoretically secure cipher Given ciphertext, all possible plaintexts are equally likely, assuming that key is chosen randomly Disadvantage Key is as long as the plaintext How does sender get key to receiver securely? Idea for stream cipher: use pseudo-random generators for key... Applications of one-way hash Password files (one way) Digital signatures (collision resistant) Sign hash of message instead of entire message Data integrity Compute and store hash of some data Check later by recomputing hash and comparing Keyed hash for message authentication MAC – Message Authentication Code 用于数据完整性验证 ??? 用于数字签名(digital signature) 只有发送者才能生成的标志,接收者可以用来确认是否属于发送者 必须满足两个主要条件:不可伪造;可检验 在完成交易需要另外两个性质: 不可变(完整性) 不可重用(时间戳) 接收方可以验证发送方所宣称的身份 发送方以后不能否认该消息的内容 接收方不可能自己编造这样的消息 用于数字签名（1） 一些直接基于加密机制的签名方案 对签名的批评：签名和保密合在一起 认证不需对整条信息加密 用于数字签名（2） 对hash后的信息进行加密用作签名 消息认证码 消息认证是一种允许通行者验证所收消息是否可信的措施 验证消息的内容有无被篡改 验证信源是否可信 验证消息的时效性。 基于散列函数消息认证码-HMAC 设计散列函数不是为了用作MAC，因此不能达到MAC的目的 将密钥结合到现有的散列算法中，最广为被接收的方案是HMAC。 发布为RFC2104标准，被应用于Internet安全协议中，IPsec ,TLS , SET等。 HMAC的设计目标 不改动就可以使