密码学备忘录-前置知识

1. sec: cyber vs infovcs net

cyber >= info + net

  • info: info c.i.a
    • confidentiality
    • Integrity
      • Auth
    • Availablity

2. 攻击的主要形式

  • 拦截Interception
    • 中断(Interruption)
  • 传递大量”废纸”
    • 拒绝服务攻击Dos
  • 偷看
    • 窃听 Eavesdropping
  • 篡改/删节Tampering
  • 伪装/冒充身份 Masquerade
  • 复印后再次传递
    • 重放 Replay
      • 攻击信息实时性/真实性
  • 否认发送/接收 deny
  • 阻断访问式攻击denial-of-access attack
    • 勒索软件 ransomware (e.g. WannaCry)

2.1. Active and passive attacks

Sr. No.KeyActive AttackPassive Attack
1ModificationIn Active Attack, information is modified.In Passive Attack, information remain unchanged.
2Dangerous ForActive Attack is dangerous for Integrity as well as Availability.Passive Attack is dangerous for Confidentiality.
3AttentionAttention is to be paid on detection.Attention is to be paid on prevention.
4Impact on SystemIn Active Attack, system is damaged.In Passive Attack, system has no impact.
5VictimVictim gets informed in active attack.Victim does not get informed in passive attack.
6System ResourcesSystem Resources can be changed in active attack.System Resources are not changed in passive attack.
7Propertyintegrity && availabilityconfidentiality
  • 被动攻击

    在未经用户同意和认可的情况下,将信息或数据文件泄露给系统攻击者,但不对数据信息做任何修改。威胁信息机密性

  • 主动攻击

    旨在篡改系统信息、改变系统状态等,威胁信息的可用性和真实性

2.2. Security Services

  1. Authentication
  2. Access Control
  3. Data Confidentiality
  4. Data Integrity
  5. Nonrepudiation
  6. Available Service

3. 信安基本属性

  • 机密性(Confidentiality)
    • 通过访问控制阻止非授权用户获得机密信息
    • 通过加密变换阻止非授权用户获知信息内容
  • 完整性(Integrity)
    • 完整性是指信息未经授权不能进行篡改的特征,维护信息的一致性
    • 通过访问控制阻止篡改行为
    • 通过消息摘要算法检验信息是否被篡改
  • 可用性(Availablity)
  • 认证性(Authentication)
    • 确保一个消息的来源或消息本身被正确地标识,同时确保该标识没有被伪造
    • 认证分为消息认证实体认证
  • 不可否认性(Non-Repudiation)
    • 不可否认性是指能保障用户无法在事后否认曾经对信息进行的生成、签发、接收等行为
    • 通过数字签名提供抗否认服务

4. 基本术语

1
2
3
4
5
6
7
8
9
10
• plaintext - oriigiinall message
• ciphertext - coded message
• cipher 密码算法- allgoritthm for transfformiing pllaiinttextt tto ciipherttextt
• key - inffo used in ciipher known onlly to sender//receiiver
• encipher (encrypt) - converttiing pllaiinttextt tto ciipherttextt
• decipher (decrypt) - recoveriing ciipherttextt ffrom pllaiinttextt
• cryptography - study off encryption principles//methods
• cryptanalysis (codebreaking) 密码分析(破译)- sttudy off priinciiplles//
metthods off deciipheriing ciipherttextt wiithout knowiing key
• cryptology - ffiielld off botth crypttography and crypttanallysiis

4.1. 攻击

  • 图片有误

4.2. 绝对安全 vs 相对安全

  • unconditional security
    • 管有多少计算能力或时间可以使用都无法破解密码
  • computational security
    • 考虑到有限的计算资源,一定时间内无法被破译