密码编码学与网络安全(第五版) 向金海 03-分组密码与des.ppt

密码编码学与网络安全第五版密码编码学与网络安全是现代信息保密与通信安全的基础理论。

其研究内容包括加密、解密算法的设计与分析，密码系统的实现与安全性评估，网络安全协议的设计与分析等。

在网络时代，密码编码学与网络安全的研究显得尤为重要。

密码编码学主要包括对消息的加密与解密。

加密是将明文消息转化为密文消息的过程，解密是将密文消息还原为明文消息的过程。

密码算法的设计应具有安全性、可靠性和效率性。

安全性是指密文不能被未授权的人解密，可靠性是指密文在传输、存储和处理过程中不会出现错误，效率性是指算法需要较低的时间和空间成本。

密码系统的实现需要考虑多种因素。

首先是密钥的管理，密钥是加密与解密过程中必不可少的要素，因此密钥的生成、分发、存储和更新等都需要考虑。

其次是密码系统的可靠性与安全性评估，对密码系统的实施，应进行相关的评估与测试，以确保其在现实应用中的可靠性与安全性。

最后，密码系统的实施还需要考虑与其他系统的兼容性，以实现不同系统之间的通信与数据交换。

网络安全协议设计与分析是密码编码学与网络安全的重要研究内容之一。

网络安全协议是保证网络信息安全的关键，它基于密码学算法与协议的设计与实现。

网络安全协议的设计目标是实现认证、机密性、完整性和不可否认性等安全性质，并确保这些性质在网络通信中得以维护。

密码编码学与网络安全既有其理论研究的基础，也有其实际应用的重要性。

随着信息技术的不断发展，网络安全问题也越发凸显。

密码编码学与网络安全的研究对于保护个人隐私，防止信息泄露，维护国家安全等方面起到了重要作用。

综上所述，密码编码学与网络安全是现代信息保密与通信安全的基础理论。

其应用领域广泛，包括信息加密，网络安全协议的设计与分析等。

密码编码学与网络安全的研究对于保障个人隐私，防止信息泄露，维护国家安全等方面具有重要意义。

在信息时代，我们需要加强对密码编码学与网络安全的研究与实践，以应对不断增长的网络安全挑战。

In troduct ion 5Classical Encryp tio n Tech niq ues ........Block Cip hers and the Date Encryp ti on Stan dard .... Fi nite FieldsAdva need Encryp ti on Stan dard ........... More on Symmetric Cip hers ................ Con fide ntiality Using Symmetric Encryp ti on In troducti on to Number Theory ........... P ublic-Key Cryp togra phy and RSA .........Key Man ageme nt; Other P ublic-Key Cryp tosystems Message Authe nticati on and Hash Fun cti ons ..............................Hash and MAC Algorithms ...................Digital Sign atures and Authe nticati on P rotocols Authe nticatio n App lications ...........................................Electr onic Mail Security .................IP Security ...............................Web Security .............................Intruders ................................Malicious Software ........................Firewalls .................................A NSWERS TO Q UI S'TIO NSThe OSI Security Architecture is a framework that p rovides a systematic way of defi ning the requirements for security and characteriz ing the app roaches to satisfy ing those requireme nts. The docume ntdefi nes security attacks, mecha ni sms, and services, and the relatio nships among these categories. Passive attacks have to do with eavesdropping on, or monitoring, transmissions. Electro nic mail, file tran sfers, and clie nt/server excha nges are exa mples of transmissions that can be monitored. Activeattacks include the modification of tran smitted data and attem pts to gai n un authorized access tocompu ter systems.Passive attacks: release of message contents and traffic analysis. Active attacks:masquerade, re play, modificatio n of messages, and denial of service.Authe nticati on: The assura nee that the com muni cati ng en tity is the one that it claims to be. Access con trol: The p reve nti on of un authorized use of a resource (i.e., this service con trols who can have access to a resource, un der what con diti ons access can occur, and what the access ing the resource are allowed to do).Data con fide ntiality: The p rotecti on of data from un authorized disclosure.Data integrity: The assuranee that data received are exactly as sent by an authorized entity (i.e., contain no modificati on, in serti on, deleti on, or rep lay).Nonrepudiation: Provides protection against denial by one of the entities involved in a communicationCha pter 1: Cha pter 2: Cha pter 3: Cha pter 4: Chap ter 5: Cha pter 6: Cha pter 7: Cha pter 8: Cha pter 9: Cha pter 10: Cha pter 11: Cha pter 12: Cha pter 13: Cha pter 14: Cha pter 15: Cha pter 16: Cha pter 17: Cha pter 18: Cha pter 19: Cha pter 20:.......7 ..13 ..... 21 ....28 .....33 38 .... 42 ...46 .......55 (59)....62 ... (66)■ ...71 . (73) (76) (80) (83) (87) (89)1.1 1.2 1.3 1.4seof having participated in all or part of the communication.Availability service: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system (i.e., a system is available if it provides services according to the system design whenever users request them).1.5 See Table 1.3.。

Access control: The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do).Data confidentiality: The protection of data from unauthorized disclosure.Data integrity: The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay).Nonrepudiation: Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication.Availability service: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system (i.e., a system is available if it provides services according to the system design whenever users request them).1.5 See Table 1.3.2.1 Plaintext, encryption algorithm, secret key, ciphertext, decryptionalgorithm.2.2 Permutation and substitution.2.3 One key for symmetric ciphers, two keys for asymmetric ciphers.2.4 A stream cipher is one that encrypts a digital data stream one bit or one byteat a time. A block cipher is one in which a block of plaintext is treated as a whole and used to produce a ciphertext block of equal length.2.5 Cryptanalysis and brute force.2.6 Ciphertext only . One possible attack under these circumstances is thebrute-force approach of trying all possible keys. If the key space is very large, this becomes impractical. Thus, the opponent must rely on an analysis of the ciphertext itself, generally applying various statistical tests to it. Known plaintext. The analyst may be able to capture one or more plaintext messages as well as their encryptions. With this knowledge, the analyst may be able to deduce the key on the basis of the way in which the known plaintext is transformed. Chosen plaintext. If the analyst is able to choose the messages to encrypt, the analyst may deliberately pick patterns that can be expected to reveal the structure of the key.2.7 An encryption scheme is unconditionally secure if the ciphertext generatedby the scheme does not contain enough information to determine uniquely the corresponding plaintext, no matter how much ciphertext is available. An encryption scheme is said to be computationally secure if: (1) the cost of breaking the cipher exceeds the value of the encrypted information, and (2) the time required to break the cipher exceeds the useful lifetime of the information.C HAPTER 2C LASSICAL E NCRYPTION T ECHNIQUESR2.8 The Caesar cipher involves replacing each letter of the alphabet with theletter standing k places further down the alphabet, for k in the range 1 through25.2.9 A monoalphabetic substitution cipher maps a plaintext alphabet to a ciphertextalphabet, so that each letter of the plaintext alphabet maps to a single unique letter of the ciphertext alphabet.2.10 The Playfair algorithm is based on the use of a 5 5 matrix of lettersconstructed using a keyword. Plaintext is encrypted two letters at a time using this matrix.2.11 A polyalphabetic substitution cipher uses a separate monoalphabeticsubstitution cipher for each successive letter of plaintext, depending on a key.2.12 1. There is the practical problem of making large quantities of random keys.Any heavily used system might require millions of random characters on a regular basis. Supplying truly random characters in this volume is asignificant task.2. Even more daunting is the problem of key distribution and protection. Forevery message to be sent, a key of equal length is needed by both sender and receiver. Thus, a mammoth key distribution problem exists.2.13 A transposition cipher involves a permutation of the plaintext letters.2.14 Steganography involves concealing the existence of a message.A NSWERS TO P ROBLEMS2.1 a. No. A change in the value of b shifts the relationship between plaintextletters and ciphertext letters to the left or right uniformly, so that if the mapping is one-to-one it remains one-to-one.b. 2, 4, 6, 8, 10, 12, 13, 14, 16, 18, 20, 22, 24. Any value of a larger than25 is equivalent to a mod 26.c. The values of a and 26 must have no common positive integer factor otherthan 1. This is equivalent to saying that a and 26 are relatively prime, or that the greatest common divisor of a and 26 is 1. To see this, first note that E(a, p) = E(a, q) (0 ≤ p≤ q< 26) if and only if a(p–q) is divisible by 26. 1. Suppose that a and 26 are relatively prime. Then, a(p–q) is not divisible by 26, because there is no way to reduce the fractiona/26 and (p–q) is less than 26. 2. Suppose that a and 26 have a common factor k> 1. Then E(a, p) = E(a, q), if q = p + m/k≠ p.2.2 There are 12 allowable values of a (1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23,25). There are 26 allowable values of b, from 0 through 25). Thus the totalnumber of distinct affine Caesar ciphers is 12 26 = 312.2.3 Assume that the most frequent plaintext letter is e and the second most frequentletter is t. Note that the numerical values are e = 4; B = 1; t = 19; U = 20.Then we have the following equations:1 = (4a + b) mod 2620 = (19a + b) mod 26Thus, 19 = 15a mod 26. By trial and error, we solve: a = 3.Then 1 = (12 + b) mod 26. By observation, b = 15.2.4 A good glass in the Bishop's hostel in the Devil's seat—twenty-one degreesand thirteen minutes—northeast and by north—main branch seventh limb east side—shoot from the left eye of the death's head— a bee line from the tree through the shot fifty feet out. (from The Gold Bug, by Edgar Allan Poe)2.5 a. The first letter t corresponds to A, the second letter h corresponds toB, e is C, s is D, and so on. Second and subsequent occurrences of a letter in the key sentence are ignored. The resultciphertext: SIDKHKDM AF HCRKIABIE SHIMC KD LFEAILAplaintext: basilisk to leviathan blake is contactb. It is a monalphabetic cipher and so easily breakable.c. The last sentence may not contain all the letters of the alphabet. If thefirst sentence is used, the second and subsequent sentences may also be used until all 26 letters are encountered.2.6The cipher refers to the words in the page of a book. The first entry, 534,refers to page 534. The second entry, C2, refers to column two. The remaining numbers are words in that column. The names DOUGLAS and BIRLSTONE are simply words that do not appear on that page. Elementary! (from The Valley of Fear, by Sir Arthur Conan Doyle)2.7 a.2 8 10 7 9 63 14 5C R Y P T O G A H I4 2 8 1056 37 1 9ISRNG BUTLF RRAFR LIDLP FTIYO NVSEE TBEHI HTETAEYHAT TUCME HRGTA IOENT TUSRU IEADR FOETO LHMETNTEDS IFWRO HUTEL EITDSb. The two matrices are used in reverse order. First, the ciphertext is laidout in columns in the second matrix, taking into account the order dictated by the second memory word. Then, the contents of the second matrix are read left to right, top to bottom and laid out in columns in the first matrix, taking into account the order dictated by the first memory word. Theplaintext is then read left to right, top to bottom.c. Although this is a weak method, it may have use with time-sensitiveinformation and an adversary without immediate access to good cryptanalysis(e.g., tactical use). Plus it doesn't require anything more than paper andpencil, and can be easily remembered.2.8 SPUTNIK2.9 PT BOAT ONE OWE NINE LOST IN ACTION IN BLACKETT STRAIT TWO MILES SW MERESU COVEX CREW OF TWELVE X REQUEST ANY INFORMATION。