Untitled Note
无标题笔记
Fri, Sep 27, 2024 7:02PM • 1:26:44
2024 年 9 月 27 日星期五 7:02PM • 1:26:44
00:00
The when we talk about the second attempt of the kernels, I mentioned something called the password based encryption, if you still remember here in step two, I believe when the or authentication server as send back the ticket, granting ticket to the client. The ticket is encrypted by using a key that is generated by the user's password, and if you still remember, this is called authentication through encryption. If that is not the right user, the user will not have the right password to generate a key. So what is password based encryption? Let me briefly explain this to you. I don't need you to go into the mathematical description, but you need to understand the idea.
当我们谈论内核的第二次尝试时,我提到了基于密码的加密,如果您还记得第二步中的内容,我相信当身份验证服务器发回票证时,将票证授予客户端。票证使用由用户密码生成的密钥进行加密,如果您还记得的话,这称为通过加密进行身份验证。如果这不是正确的用户,则该用户将没有正确的密码来生成密钥。那么什么是基于密码的加密呢?让我向您简要解释一下这一点。我不需要你深入数学描述,但你需要理解这个想法。
01:11
So here what happened is,
所以这里发生的事情是,
01:19
you still remember, we have the hash algorithm, like the hash algorithm, most of them, they have a few 100 bits as output, the size. And for most of the symmetric cryptographic algorithm, the effective T size is also a few 100 bits. So for example, if the user choose to use a symmetric cryptographic algorithm of key size, 128, bit, then what happened here is the user will supply his or her password, and
你还记得吗,我们有哈希算法,像哈希算法一样,大多数,它们有几个100位作为输出,大小。而对于大多数对称密码算法来说,有效T大小也是几百位。例如,如果用户选择使用密钥大小为 128 位的对称加密算法,那么这里发生的情况是用户将提供他或她的密码,并且
02:06
this password
这个密码
02:10
will pass through a Test algorithm.
将通过测试算法。
02:19
So now, once the password pass through the hash outbreak, the output will be something of size, 120, AP, and it can be used as a key. But the cache here is if we generate the key by using the password, and a hacker can just try to run through all possible password and see whether p or C can get the right key. So it's more or less the same as password protection right remember, I said cryptographic technique can provide stronger protection because the size of the keys are fairly long, much longer than the size of password. So if we want to do a brute force attack based on exhaustive research, it takes much, much longer. However, if we do this, even though the key is 128 bit batch, the key is generated based on password. So if I just use the password correcting technique, try all possible password, that means I can possibly find the right key to do the decryption right. So the key, the track here is, we don't pass this through this health hash algorithm once, we will take this output and then again put it back to the hash algorithm. We do this several times. Depends on the algorithm that you choose, so we do this several times
所以现在,一旦密码通过哈希爆发,输出的大小将是120,AP,并且它可以用作密钥。但这里的缓存是如果我们使用密码生成密钥,黑客可以尝试运行所有可能的密码,看看 p 或 C 是否可以获得正确的密钥。所以它或多或少与密码保护相同,记住,我说加密技术可以提供更强的保护,因为密钥的大小相当长,比密码的大小长得多。因此,如果我们想基于详尽的研究进行暴力攻击,则需要更长的时间。但是,如果我们这样做,即使密钥是 128 位批量的,密钥也是根据密码生成的。因此,如果我只使用密码更正技术,尝试所有可能的密码,这意味着我可能找到正确的密钥来正确解密。所以关键,这里的轨迹是,我们不会将其传递给健康哈希算法一次,我们将获取此输出,然后再次将其放回哈希算法。我们这样做了好几次。取决于您选择的算法,因此我们会执行多次
04:08
with
和
04:11
quantum delay.
量子延迟。
04:19
So in other words, in the normal password cracking procedure, you just try the password, you just try a password, and then you know whether the password is right or wrong right away. But here, if you try a password, it would take some time to generate the key before you can test whether the key is correct or not, so we introduce a delay there to make the whole cracking time much longer than the standard password cracking. So that is the trick, and then eventually.
所以换句话来说,在正常的密码破解过程中,你只要尝试一下密码,你只要尝试一下密码,然后你马上就知道这个密码是对还是错。但是在这里,如果你尝试输入密码,则需要一些时间来生成密钥,然后才能测试密钥是否正确,因此我们在那里引入了延迟,使整个破解时间比标准密码破解时间长得多。这就是诀窍,然后是最终的诀窍。
04:59
So this is how you generate a key based on the user's password. Well, this makes the whole cracking much longer than the standard password cracking, but still, we cannot prove that this is different to a 228 random key encryption, because if you just generate a key by using a random number generator, you really have to, you know, try all the two to the under 28 possible choices in order to find the right key. But here, basically you are just more or less try to perform a password cracking attempt. It is just a little bit longer than the standard attack. So this is what we mean by password cracking. Okay. And another thing that I want to talk about before I go back to talk about the authenticator, remember last time I said one very important security issue is if the user just present a ticket to the server and get access, then it's like you buy a ticket to get into a cinema. Anyone pick up your ticket, can get into the cinema, because there is no checking whether you are the owner of the ticket. And then at the at the end of the last lecture, I said, we can modify the protocol and use the concept of authenticator. So what is an authenticator? But there are several ways to generate a authenticator. Authenticator is a credential or something that you use to prove that you are the owner, or you are you own the identity of something, or you own something. One fairly straightforward technique that you have already learned. Can anyone tell me if here we don't, we don't assume that we have digital certificate. If you have digital certificate, public key, private key, and then infrastructure to buy the user identity with their property is a technique that you have already learned that can be used to prove the user has done something or own something, or will it own the identity. Can anyone here remember what that technique is?
这就是根据用户密码生成密钥的方法。好吧,这使得整个破解比标准密码破解要长得多,但是,我们仍然无法证明这与 228 随机密钥加密不同,因为如果您只是使用随机数生成器生成密钥,那么您确实必须,你知道,尝试所有这 28 种可能的选择,才能找到正确的钥匙。但在这里,基本上你只是或多或少地尝试执行密码破解尝试。它只比标准攻击长一点点。这就是我们所说的密码破解。好的。在我回去谈论身份验证器之前,我想谈谈另一件事,记得上次我说过一个非常重要的安全问题是,如果用户只是向服务器出示一张票并获得访问权限,那么就像您购买了一张票进入电影院的门票。任何人拿起你的票,都可以进入电影院,因为没有检查你是否是票的所有者。然后在上一讲的最后,我说,我们可以修改协议并使用验证器的概念。那么什么是验证器呢?但生成验证器的方法有多种。 Authenticator 是一种凭证或某种东西,您用来证明您是所有者,或者您拥有某物的身份,或者您拥有某物。您已经学会了一种相当简单的技术。谁能告诉我,如果我们没有,我们不假设我们有数字证书。如果你有数字证书、公钥、私钥,然后用其财产购买用户身份的基础设施是一种你已经学到的技术,可以用来证明用户已经做了某事或拥有某物,或者将拥有某物身份。 这里有谁记得这个技术是什么吗?
05:08
07:41
How can you prove to somebody that something is generated by you,
你如何向别人证明某些东西是由你产生的,
07:50
if if you have the public key and private key, how can people check something is generated by you? If you have public key, private key,
如果你有公钥和私钥,人们如何检查某些东西是由你生成的?如果你有公钥、私钥,
08:02
you can encrypt that with which one private or public. Okay, so you can encrypt that by using private key, but because the message or the thing that you want to encrypt may be of large size, so because of performance consideration, we go into the concept of hash. So digital signature is the cabinet that you can use if you already have, if you assume the users, they have public key, private key, and have a good mechanism to buy the user's identity with their public key, like digital certificate, then you can use digital signature to prove to prove that these user actually own the ticket. The way to do this is you present to the server the ticket, generate the hash of the ticket, encrypted by using your private key. Then the user can use your public key to check whether that is the signature generator by using the corresponding take up. So this is one possible way so digital signature can be an authenticator. Okay, authenticator in general, just is just a potential you use to prove you own something or you are somebody. So digital signature can be one possible approach. But in this case, you can see the setup. We don't have the public key private key, so we need to think about how we can do this by using the symmetric key approach. Well, if you think about how we do this in the public key private key content, then one possible approach is we generate the hash of the document, and then we can encrypt it by use a key, a symmetric key that only the server and the user can access. So if the server receive something that is encrypted by using that key, because only the user and the server can access the key so nobody else can generate this, so the server knows that this must be the user. You got that so it's is still the concept is you encrypt something by a key that is only loaned to the user and the server. The server did also this the key, because the server need to be able to check whether the encryption can be done. The public key, private key concept, we have the public key to check the private key, but in symmetric key concept, we don't have this, so we need one key that is that can be kept secret to both the server And the user. So let me just summarize this. I
您可以使用私有或公共加密。好吧,你可以用私钥来加密,但是因为消息或者你想要加密的东西可能很大,所以出于性能的考虑,我们引入了哈希的概念。所以数字签名是你可以使用的柜子,如果你已经有了,如果你假设用户,他们有公钥,私钥,并且有一个很好的机制来用他们的公钥购买用户的身份,比如数字证书,那么你可以使用数字签名来证明这些用户确实拥有该票。执行此操作的方法是向服务器提供票证,生成票证的哈希值,并使用您的私钥进行加密。然后用户可以使用你的公钥通过相应的占用来检查它是否是签名生成器。所以这是一种可能的方式,使数字签名可以成为验证器。好的,一般而言,验证器只是您用来证明您拥有某物或您是某人的潜力。因此数字签名可能是一种可能的方法。但在本例中,您可以看到设置。我们没有公钥私钥,所以我们需要考虑如何使用对称密钥方法来做到这一点。好吧,如果你考虑一下我们如何在公钥私钥内容中做到这一点,那么一种可能的方法是我们生成文档的哈希值,然后我们可以使用密钥对其进行加密,这是一个只有服务器和服务器才能使用的对称密钥用户可以访问。因此,如果服务器收到使用该密钥加密的内容,因为只有用户和服务器可以访问该密钥,所以其他人无法生成该密钥,因此服务器知道这一定是该用户。 您明白了,所以它的概念仍然是您通过仅借给用户和服务器的密钥来加密某些内容。服务器也这样做了密钥,因为服务器需要能够检查加密是否可以完成。公钥、私钥概念,我们有公钥来检查私钥,但在对称密钥概念中,我们没有这个,所以我们需要一个密钥,它可以对服务器和客户端保密用户。让我简单总结一下。 I
11:26
so the second thing that you want to know is what we call the authenticator.
所以你想知道的第二件事就是我们所说的验证器。
11:38
So as the name implies, this is Something that you use to authenticate Someone I
顾名思义,这是你用来验证某人身份的东西
12:09
so possible approach,
所以可能的方法,
12:21
digital signature.
数字签名。
12:32
Or you can
或者你可以
12:39
remember this location. You can click the using a BK only known the Center
记住这个位置。您可以使用仅已知中心的 BK 单击
13:00
for and
对于和
13:05
recipients.
收件人。
13:14
And there's also a post that we Call the message authentication, called Mac C, I,
还有一个帖子我们叫消息认证,叫Mac C,我,
13:44
I will talk more about the Mac later, but the idea is this MAC also you will use a symmetric key that is only known to the sender and The recipient and generate something similar to the encrypted heads. So
稍后我将详细讨论 Mac,但这个 MAC 的想法是,您将使用只有发送者和接收者知道的对称密钥,并生成类似于加密头的东西。所以
14:05
usually the Mac will be represented
通常会代表Mac
14:15
like this. This is MAC, so we know that we are generating an Mac. So the encryption will be challenged by you saying a key that is only going to the standard navcp. And then we also need something called the initialization vector
像这样。这是MAC,所以我们知道我们正在生成一台Mac。因此,如果您说出仅适用于标准 navcp 的密钥,则会对加密提出挑战。然后我们还需要一个叫做初始化向量的东西
14:36
to just give you a high level idea
只是给你一个高层次的想法
14:47
of the Mac.
的Mac。
14:55
What we do here is, for example, if we have a message so
例如,如果我们有一条消息,那么我们在这里所做的就是
15:04
again, this is one possibility. So we divide this into a box of equal size,
再说一遍,这是一种可能性。所以我们把它分成一个大小相等的盒子,
15:15
15:15
so we know sometimes the total size of the message, we will not be a we will not allow you to divide blocks of equal size. So sometimes the last block will be of smaller size then you pack it with zero or some symbol to make it the same size as the others. And now, so we process this block by block.
因此,有时我们知道消息的总大小,但我们不会允许您划分相同大小的块。因此,有时最后一个块的大小会较小,然后您用零或某个符号将其打包,以使其与其他块的大小相同。现在,我们逐块处理这个问题。
15:45
So usually we will have a initialization vector size is the same as the block size. This is the do
所以通常我们的初始化向量大小与块大小相同。这是做
16:15
the last ball you will do passing if needed.
如果需要,您将传出的最后一个球。
16:24
By the way, I won't ask you this in the example. You need to understand the high level concept, what you said, map and why we can use it to perform authentication. Just know the idea, okay.
顺便说一句,我不会在示例中问你这个问题。您需要了解高级概念、您所说的内容、地图以及为什么我们可以使用它来执行身份验证。只要知道这个想法就可以了。
16:44
So this, this, we have the initialization method of the same size as the box. So
所以这个这个,我们就有了和盒子一样大小的初始化方法。所以
17:02
so this is an exclusive OR,
所以这是一个异或,
17:07
and then you will do encryption.
然后你将进行加密。
17:14
I use a e to represent encryption. Usually the
我用ae代表加密。通常情况下
17:20
E is performed by using a symmetric autographic algorithm. So we have a key here. So now you have output.
E是通过使用对称自签名算法来执行的。所以我们这里有一把钥匙。所以现在你有输出了。
17:33
You take the output of the first block
您获取第一个块的输出
17:38
exclusive OR with the second block. Do
与第二个块进行异或。做
17:44
the encryption
加密
17:50
and your the second output.
和你的第二个输出。
17:54
So you keep doing this until you get to the last one. Do
所以你继续这样做,直到到达最后一个。做
18:16
so that's why you can see that we have the initialization vector, we have the p, k. This is how SSL or TLS to do authentication of the messages. So it's important for you to know this, but I won't ask you anything about this process, and this output here, we only take this after we have performed all these operation to each of the blocks. We only take the last output as the map. So this is the map and then rate by using the initialization vector IB and this electric decay of this message here, which
这就是为什么你可以看到我们有初始化向量,我们有p,k。这就是 SSL 或 TLS 对消息进行身份验证的方式。因此,了解这一点对您来说很重要,但我不会问您有关此过程的任何信息,以及这里的输出,我们仅在对每个块执行所有这些操作后才获取此输出。我们只将最后的输出作为地图。这是地图,然后使用初始化向量 IB 和此消息的电衰减来进行速率,这
19:17
we call this
我们称之为
19:29
19:29
so if you look at this carefully, you can see that this because each each block here, after you perform the operation, you will feed this to the next spot before the next ball will do encryption. So if you change something here, then it will affect this output. Any change to the original message, even we only take the last output as the map, any changes will cause change to the output right? Because you for each of these, you will check it and then do an exclusive OR with the next one. So if you make change to the this one should be different, so the last output will be different. So that is the idea, of course, to decide this mathematically. It's not easy, but that is basically the idea. So this is why, if we do it this way, we can also verify that the whether the message has been modified so that you now you we have three different ways okay to verify the authenticity of a message, or verify that somebody actually owns a certain identity, digital signature, hash, encrypted by a secret key and also a map for the hash encrypted by secret key and the map they are both rely on symmetric technology. Symmetric cryptographic technologies. Okay, so now with this idea, we can go Back to look at the last version of preglows. So
所以如果你仔细看一下,你会发现这是因为这里的每个块,在你执行操作后,你会将其馈送到下一个点,然后下一个球将进行加密。因此,如果您在此处更改某些内容,则会影响此输出。对原始消息的任何更改,即使我们只将最后的输出作为映射,任何更改都会导致输出发生变化,对吗?因为对于其中的每一个,您都会检查它,然后与下一个进行异或。因此,如果你对这个进行更改,这个应该会有所不同,所以最后的输出也会有所不同。当然,这就是用数学方法来决定的想法。这并不容易,但这基本上就是这个想法。所以这就是为什么,如果我们这样做,我们还可以验证消息是否已被修改,这样您现在我们可以通过三种不同的方式来验证消息的真实性,或者验证某人实际上拥有一个某种身份、数字签名、通过密钥加密的哈希值以及通过密钥加密的哈希值的映射,它们都依赖于对称技术。对称密码技术。好了,现在有了这个想法,我们就可以回去看看 preglows 的上一个版本了。所以
21:49
you can see the many difference of this last version as compared to the previous version is in addition, note to the takers, in fact, two the authentication server will generate a symmetric key, and this symmetric key will be sent to the, well, I call this client Okay, will be sent to the client. And also, this symmetric key is also included in the encrypted pickup. So you can see here, if you look at step two,
你可以看到这个最后一个版本与之前版本相比有很多不同之处,另外,请注意,实际上,两个身份验证服务器都会生成一个对称密钥,并且这个对称密钥将被发送到,嗯,我打电话给这个客户 好的,会发送给客户。而且,该对称密钥也包含在加密的拾取中。所以你可以看到这里,如果你看第二步,
22:33
the symmetric key can only be retrieved by the client. The client know the password, use the password to generate KC, which is used to encrypt this. And once the client generate the key KC, decrypt this, then the client get the symmetric key in red, and then the ticket squid in ticket is encrypted by the key that is shared between the authentication server and the ticket grinding server. So only the ticket grinding server and the authentication server can decrypt and get this key, but the authentication server, as a trusted server, will not do this, so this key can only be accessed by the client and also the ticket grinding server. Now, when the client is that free present the ticket grinding ticket, the client will generate an authenticator. By using this key, it can either decay of the ticket encrypted by this key or the map that is generated by using this key and some random initialization vector when the server receive this the server can use the key In this case is KC PTS to verify is authenticator. So that is the idea, okay? So we add a mechanism so that the server, in this case, the Ticket Granting server, can verify that this authentic authenticator is really generated by the client. Similarly, if you look at step four. In addition to the data. There is an additional symmetry. KCS, in this case, sent to the client and the client will use this to generate an authenticator, and the server.
对称密钥只能由客户端检索。客户端知道密码,使用密码生成KC,用于对此进行加密。一旦客户端生成了密钥KC,对其进行解密,然后客户端得到红色的对称密钥,然后用认证服务器和磨票服务器之间共享的密钥对ticket中的ticket鱿鱼进行加密。所以只有磨票服务器和认证服务器才能解密并得到这个密钥,而认证服务器作为受信任的服务器不会这样做,所以这个密钥只能被客户端和磨票服务器访问。现在,当客户端免费出示磨票票时,客户端将生成一个验证器。通过使用该密钥,它可以衰减由该密钥加密的票证,或者当服务器收到该密钥时使用该密钥和一些随机初始化向量生成的映射,服务器可以使用该密钥在这种情况下是 KC PTS 来验证是验证器。这就是我们的想法,好吗?因此,我们添加了一种机制,以便服务器(在本例中为票证授予服务器)可以验证这个真实的验证器是否确实是由客户端生成的。同样,如果你看看第四步。除了数据之外。还有额外的对称性。在本例中,KCS 发送到客户端,客户端将使用它来生成身份验证器和服务器。
25:28
It takes much longer. Okay, you can safely ignore slides 34 and 35 it just talk about the situation in an organization if you have more than one Kerberos server, so you divide this into different domain, and if you have several Kerbal server. So all I want you to understand is how the protocol for Kerberos work. You don't need to think about the situation in which you have several Kerberos So, 2435, you can probably forget about them for the time being.
这需要更长的时间。好的,您可以安全地忽略幻灯片 34 和 35,它只是讨论组织中的情况,如果您有多个 Kerberos 服务器,那么您将其划分为不同的域,并且如果您有多个 Kerberos 服务器。所以我想让您了解的是 Kerberos 协议是如何工作的。你不需要考虑你有几个Kerberos的情况,所以,2435,你可以暂时忘记它们。
26:16
Strong authentication. What is strong authentication? I mentioned this before briefly. Strong authentication, any time you perform your authentication based on H dot 509, infrastructure, then the authentication is referred to as strong authentication.
强认证。什么是强认证?我之前简单提到过这一点。强身份验证,任何时候您基于 H dot 509 基础设施执行身份验证,则该身份验证称为强身份验证。
26:39
There are several possible types of authentication. You can do one way, two way, three way, but they all based on the same general idea. So for this three different types of authentication, we will come back when we lead them so you can again. You can forget about this for the time being and get yourself familiar with security protocol analysis, before we come back to this. Okay, so the next thing I will do is
有几种可能的身份验证类型。你可以采用一种方式、两种方式、三种方式,但它们都基于相同的总体思路。因此,对于这三种不同类型的身份验证,我们会在领导他们时回来,以便您再次进行。在我们回到这个之前,您可以暂时忘记这一点并熟悉安全协议分析。好的,接下来我要做的是
27:23
in order to reinforce your technique or your skill in security political analysis. So let's do some exercise. Okay,
为了加强您在安全政治分析方面的技术或技能。那么让我们做一些练习吧。好的,
27:39
this is a exercise that you can help you to understand the different approaches when we do political analysis. So let's think about the Well, let's try to understand the following objective. Well, let's say we have several network devices that are connected together, and each of them need to work together to provide service to the users, and you want these surface up as much as possible. So what what you can do is to you can ask the serve the device to check on each other, to make sure that they are still up and alive. In other words, what do you want to do? You want to design a protocol that can help you to achieve the following objective. Well, the objective is you want to allow an entity like coin a to tap regularly that another entity, let's say B is still okay, and still working well and alive. In other words, you want to be able to conclude three things. First, you want someone to tell you that he or she is well and alive, and that's usually what we will do. You call this person up, right and see whether this person can still answer you. But first, when you get an answer, you want to know that this is really a person. So first, you must be able to authenticate that the reply is generated by b. So a must, when a get a reply, a must be able to authenticate that the reply is generated by B, right? Just compare this with the situation in which you call someone and make sure that this person is still doing well, still alive. So this person answer you you need to make sure that there is the right person. What is the second thing? The second thing is, you want to make sure that this answer is fresh, is not some answer from a recording, right from recording machine. So this must be a fresh answer by the person. So the second thing is, a must be sure that this reply from B is fresh. It's not a replay like a repaying from recording. What else. And a also want to make sure that B's reply is a. We respond to a particular request from a, so let's say you just get a reply from B, but that is not what you just get a reply from the person, but it's not answering some secret question from you, then maybe that is not really the person. Okay? So these are the three objective here I already illustrate to you. We can describe the protocol objective in general. But then when you try to design a protocol technically to achieve that objective, you need to translate this objective into security objective. So first one, we translate it to authentication. Second one, we translate it to be freshless. That means avoid repair tab. Secondly, maybe a has sent many requests before, and we must be sure that this is respond to this particular request. Okay, so these are the three objectives. So let's look at the following protocol. You understand the objective, because I explained to you, we kind of have easel that are not security issue. If the easel does not p when the political to achieve its security objective, then we we don't have a security issue. So that's why we need to understand what are the main security objective of the protocol. Before we do that analysis, look at the first one. I
这是一个练习,可以帮助您理解我们进行政治分析时的不同方法。那么让我们思考一下吧,让我们尝试理解以下目标。好吧,假设我们有多个连接在一起的网络设备,每个设备都需要协同工作才能为用户提供服务,并且您希望这些设备尽可能多地出现。因此,您可以做的是要求服务设备相互检查,以确保它们仍然正常运行。换句话说,你想做什么?您想要设计一个协议来帮助您实现以下目标。好吧,目标是你希望允许像硬币 a 这样的实体定期点击另一个实体,假设 B 仍然没问题,并且仍然运行良好且活跃。换句话说,您希望能够得出三件事。首先,您希望有人告诉您他或她身体健康,还活着,而这通常是我们会做的。你给这个人打电话吧,看看这个人是否还能接听你。但首先,当你得到答案时,你想知道这真的是一个人。因此,首先,您必须能够验证回复是由 b 生成的。那么,当a收到回复时,a必须能够验证该回复是由B生成的,对吗?只需将此与您给某人打电话的情况进行比较,并确保此人仍然状况良好,仍然活着。所以这个人回答你,你需要确保有合适的人。第二件事是什么?第二件事是,你要确保这个答案是新鲜的,而不是来自录音机的录音答案。所以这一定是这个人的新答案。 所以第二件事是,A必须确保B的这个回复是新鲜的。这不是像录音回放那样的重播。还有什么。而A也想确定B的回复是a。我们回应来自a的特定请求,所以假设你刚刚得到了来自B的回复,但这不是你刚刚从这个人那里得到的回复,而是它没有回答你的一些秘密问题,那么也许这并不是真的这个人。好的?这就是我已经向您说明的三个目标。我们可以概括地描述协议目标。但是,当您尝试从技术上设计协议来实现该目标时,您需要将该目标转化为安全目标。首先,我们将其翻译为身份验证。第二个,我们翻译成毫无新鲜感。这意味着避免修复标签。其次,也许a之前发送过很多请求,我们必须确定这是对这个特定请求的响应。好的,这就是三个目标。那么让我们看看下面的协议。你明白目的,因为我向你解释过,我们的画架不是安全问题。如果政治上没有达到其安全目标,那么我们就不存在安全问题。这就是为什么我们需要了解该协议的主要安全目标是什么。在我们进行分析之前,先看第一个。 I
28:03
30:34
32:31
so a try to check on B and see whether B is still well and alive. So a send a message to B. A, hello, message. Provide is identity and also a random number. B. Reply by taking the random number, the identity of a, tell the a that it is okay, and then it generate a map I concatenate by using the message, concatenating R, A, I, D, A and Okay. So what do you think we assume here that the random number generator is good? That means it is not possible for a potential attacker to predict more number that will be generated next A and B has a P shirt secret key only A and B can accept that is the key that we use to generate the map, and also the map is drawn, so there is no weak, less low weakness in the map algorithm. So do you think this protocol here can achieve the three objective?
因此,A 尝试检查 B,看看 B 是否还活着。于是A给B发了一条消息。A,你好,消息。提供身份和随机数。 B. 通过取随机数(a 的身份)进行回复,告诉 a 可以,然后它生成一个我通过使用消息连接的映射,连接 R、A、I、D、A 和 Ok。那么您认为我们在这里假设随机数生成器是好的吗?这意味着潜在的攻击者不可能预测接下来 A 和 B 将生成的更多数字,并且 B 拥有只有 A 和 B 可以接受的 P 衬衫密钥,这是我们用来生成地图的密钥,也是地图是绘制出来的,所以地图算法不存在弱、少低的弱点。那么您认为这个协议能够实现这三个目标吗?
33:59
33:59
You just go through these objectives one by one. Look at step two. When a we said, we see this reply, when a receive this reply, can a authenticate this reply is from B,
您只需一一完成这些目标即可。看第二步。当a我们说的时候,我们看到这个回复,当a收到这个回复时,a可以验证这个回复是来自B的,
34:20
the reply is the message, the random number, Ida And OK, so can a authenticated this, we point is generated by B.
回复是消息,随机数,Ida 和 OK,所以可以验证这一点,我们点是由 B 生成的。
34:37
What is the map doing there? The map is generated by using this message, right? So if this message is not generated by B. These, the one who generate this message will not have the secret key K to generate a map. So if the if a checks the map by using the shared secret key, if it checks out. That means this is generated by b, so objective one is okay. Can a tell? Tell step this is fresh.
地图在那里做什么?地图就是利用这个消息生成的吧?因此,如果该消息不是由B生成的,则生成该消息的人将没有密钥K来生成地图。因此,如果 a 使用共享密钥检查映射,则它会检查出来。这意味着这是由 b 生成的,因此目标 1 是可以的。能说一下吗?告诉步骤这是新鲜的。
35:23
If we assume that the random number generator is good, no one can predict that a can generate our A at this at least one of the protocol. So if b can use the random number, include a random number in the map, then a knows that this is fresh. This is a fresh reply. So second objective is okay. How about the third 1/3? One is okay, because the request can be identified by using the random number, right? Okay, so this is okay.
如果我们假设随机数生成器是好的,那么没有人可以预测 a 可以在至少一个协议中生成我们的 A。因此,如果 b 可以使用随机数,在地图中包含随机数,那么 a 就知道这是新鲜的。这是一个新鲜的回复。所以第二个目标是可以的。第三个1/3呢?一个也可以,因为可以用随机数来识别请求,对吗?好的,所以这没关系。
36:07
You got that. Just look at this one by one if you after you have identified the objective,
你明白了。如果你确定了目标之后,就一项一项地看吧,
36:17
let's look at protocol two. So now, in this case, a send a message to B hollow Ida timestamp generated by A, then B sent back to a timestamp generated by a, Ida, okay, and then it map assumption here A has the ability to generate reliable timestamp and to whether wet data integrity of the timestamp A and B has a piece journal security. The map is strong.
让我们看看协议二。所以现在,在这种情况下,A向B发送一条由A生成的空心Ida时间戳的消息,然后B发回由A生成的时间戳,Ida,好吧,然后它映射在这里假设A有能力生成可靠的时间戳并且时间戳A和B的湿数据完整性是否具有日志安全性。地图很强。
36:53
Well, if you really think about this, this basically is fairly similar to the first protocol. It has the time element. It has the map for authentication, the time stamp to guarantee freshness. And do we have a synchronization issue here.
好吧,如果你认真考虑一下,这基本上与第一个协议非常相似。它有时间因素。它有用于认证的地图、保证新鲜度的时间戳。我们这里有同步问题吗?
37:15
A timestamp is generated by who, by a check by who, by a so low synchronization issue, you may still have the time with time window issue, but at least you don't have a synchronization issue here. Okay, so in principle, this is okay, but the reality, if you want to implement this again, is how long you should wait before you consider this to be a no message. So the random number is better. But other than that, these protocol here can still achieve the three objectives that we talk about. Okay, so so far we have both political work. How
时间戳是由谁生成的,由谁检查,由如此低的同步问题,您可能仍然有时间窗口问题,但至少您这里没有同步问题。好的,原则上,这是可以的,但实际情况是,如果您想再次实施此操作,则需要等待多长时间才能认为这是一条无消息。所以随机数比较好。但除此之外,这里的这些协议仍然可以实现我们谈论的三个目标。好的,到目前为止我们都有政治工作。如何
38:03
about this one?
关于这个?
38:08
The main difference between this and the first bullet group is, well, you can see in the first step a send to be the same thing, a random number generated by a ID of a and also a hollow message. The only difference is, in second step, when b return the okay message to a, it only include random number okay and the map generated by the message that is concatenated by using these two values. So only difference is the ID of A is missing.
这和第一个项目符号组之间的主要区别是,你可以在第一步中看到发送是相同的东西,一个由 a 的 ID 生成的随机数,也是一个空消息。唯一的区别是,在第二步中,当b向a返回okay消息时,它只包含随机数okay和使用这两个值串联的消息生成的map。所以唯一的区别是缺少 A 的 ID。
38:59
So do you think this still work? I
那么你认为这仍然有效吗?我
39:22
In other words, this protocol actually tells you, why do we in the let me put it this way, this protocol tells you whether we read the ID of a in a second message.
换句话说,这个协议实际上告诉你,为什么我们要这样说,这个协议告诉你我们是否在第二条消息中读取了a的ID。
39:41
Okay, before you analyze this, let me we might use something
好的,在你分析这个之前,让我我们可以使用一些东西
39:54
39:54
remember this,
记住这一点,
40:01
I told you several guidelines that you can use and just tap it and See whether there are potential ease in a protocol. First, the secret key should be generated by the trust party. Secondly, if there's no data to guarantee freshness, times them, lungs, lungs means random number, a random number that you use it only once. That's why we call it lungs. We play a tap is possible, but as I said, we play a tap does not necessarily always lead to security issue. You need to perform further analysis. Authentication through symmetric encryption technique, protection of user identities. Need to avoid reflection net tech
我告诉了您几个可以使用的指南,只需点击它即可查看协议中是否有潜在的简易性。首先,密钥应由信任方生成。其次,如果没有数据保证新鲜度,乘以肺,肺就是随机数,一个你只用一次的随机数。这就是为什么我们称其为肺。我们玩水龙头是可能的,但正如我所说,我们玩水龙头并不一定总是会导致安全问题。您需要进行进一步的分析。通过对称加密技术进行认证,保护用户身份。需要避免反射网络技术
40:52
in asymmetric key based authentication. If we don't have proper certification to buy the users with their public key, then maybe the middle attack is possible. I will give you an example later, especially when we talk about SSL and TLS. If you don't have the secure mechanism to verify the certificate, then many the middle attack is possible.
基于非对称密钥的身份验证。如果我们没有适当的认证来购买用户的公钥,那么也许中间人攻击是可能的。稍后我会给你一个例子,特别是当我们谈论 SSL 和 TLS 时。如果您没有验证证书的安全机制,那么许多中间攻击都是可能的。
41:22
Again, similar to the previous point, if you don't have identity information, then refraction attack may be possible, or the last one is also important. See in the protocol, if you make the server work much harder than the client in the initial step, then the line of surface attack is possible. The reason is because if the server work much harder than a client, then I can use many, many clients submit requests to the server, and then the server will be working so hard that it won't be able to entertain or to process legitimate requests. A hacker can use a node of the client machine just to generate many, many requests so to use up the resources of the server, so the server will not be served the legitimate request from offer us the user. So this is what we call the denial of service attack.
再次,与上一点类似,如果你没有身份信息,那么折射攻击可能是可能的,或者最后一个也很重要。在协议中看到,如果你在最初的步骤中让服务器比客户端更加努力地工作,那么面线攻击是可能的。原因是因为,如果服务器比客户端工作得多,那么我可以使用很多很多客户端向服务器提交请求,然后服务器就会工作得非常辛苦,以至于无法娱乐或处理合法的请求。请求。黑客可以利用客户端机器的一个节点来生成很多很多请求,从而耗尽服务器的资源,因此服务器将无法满足用户的合法请求。所以这就是我们所说的拒绝服务攻击。
41:33
42:29
Okay, so now I have remind you all these so any guideline here you can use, I
好的,现在我已经提醒您所有这些,以便您可以使用这里的任何指南,我
42:53
I was fairly explicitly telling you that in a second step, identity of a is missing. So any of the guidelines deal with identity, so I said refraction attack is possible. So is it possible to do a refraction attack and cause the colloquial fail, or something similar to The refraction attack? Do
我相当明确地告诉你,在第二步中,a 的身份缺失了。所以任何准则都涉及身份,所以我说折射攻击是可能的。那么是否有可能进行折射攻击并导致口语失败,或者类似于折射攻击的东西?做
43:31
so let's
所以让我们
43:34
think about this. I
想想这个。我
43:59
So as usual, let's say a wants to check on B, So a you send the Following message to B. So
像往常一样,假设 A 想检查 B,那么 A 您将以下消息发送给 B。
45:04
what next? I'm
接下来怎么办?我是
45:11
45:11
reset refreshing attack, right? So still remember, how do you perform refreshing attack when you do the challenge and respond to local so at this point, a an attack tab. Let's say now C is the attacker.
重置刷新攻击吧?所以仍然记住,当你做挑战并响应本地时,你如何执行刷新攻击,所以此时,一个攻击选项卡。假设现在 C 是攻击者。
45:39
Okay,
好的,
45:43
refreshing that type as the name implies, I just refract something back to the person who sent it out. So in this case, of course, is the random number. So now the Okay,
顾名思义,刷新该类型,我只是将某些东西折射回发送它的人。所以在这种情况下,当然是随机数。所以现在好吧,
46:07
46:07
let me go back to the sliders.
让我回到滑块。
46:19
The point here is, if you look at step two, because Step Two has no identity. So the key is, if a potential attacker, this case is C, can get the map equipped by using the key k, that is shared between A and B with the random number and ok that you can Qb and P tender B is still alive and be pi this no identity information, as long as he can get this. So having said that, if you look at the second step, C wants to get the map that is encrypted by using the PK. So C has to pretend to do to send this to a. Remember in this scenario, because the label will have many, many different A and B, so the attacker C must be able to keep a to using the right key to do the encryption. So if the target is b, c must be pretended to be B, right because the attacker wants a to use the key that is shared between A and B to do the encryption. So here C, it has to be B.
这里的要点是,如果你看看第二步,因为第二步没有身份。所以关键是,如果潜在的攻击者(这种情况是 C)可以使用密钥 k 来获取装备的地图,该密钥 k 在 A 和 B 之间以随机数共享,并且可以 Qb 和 P 证明 B 还活着而被pi这个没有身份信息,只要他能得到这个。那么话虽如此,如果你看第二步,C想要得到使用PK加密的地图。所以 C 必须假装这样做才能将其发送给 A。请记住在这种情况下,因为标签将有很多很多不同的A和B,所以攻击者C必须能够使用正确的密钥来进行加密。因此,如果目标是 b,则 c 必须冒充 B,因为攻击者希望 a 使用 A 和 B 之间共享的密钥进行加密。所以这里的C,一定是B。
47:50
So be B, then this back to
所以是B,然后这又回到
47:57
A. Here
A、这里
48:01
cannot be IDC, because Id A, because C is pretending to be B, so this is ID B. So this is ID B.
不能是IDC,因为Id A,因为C冒充B,所以这是ID B。所以这是ID B。
48:12
Use the same random number.
使用相同的随机数。
48:17
I think for those of you who can do some calculation in your head, you already see how this work, because now what happens is still in red, because this is the second one of the protocol, just like, just like the refreshing attack we perform to the charge, respond. Protocol, okay, so A, in this case,
我认为对于那些可以在头脑中进行一些计算的人来说,您已经知道这是如何工作的,因为现在发生的事情仍然是红色的,因为这是协议的第二个,就像我们的刷新攻击一样执行充电,响应。协议,好的,所以 A,在这种情况下,
48:43
will send this to B, but will be intercept by c, right a, just follow the protocol. The protocol does not ask a to check whether this random number is generated by so follow the protocol. Send that out of a. Okay.
会发给B,但是会被c拦截,对a,按照协议就可以了。该协议不会要求检查该随机数是否是由协议生成的。发送出去a。好的。
49:09
Math. So generated by using the t shirt between A and B.
数学。因此通过使用 A 和 B 之间的 T 恤生成。
49:18
49:21
49:22
So now, of course,
所以现在,当然,
49:26
oh, by the way, as you put it this way already, Qb, so
哦,顺便说一句,正如你已经这样说的,Qb,所以
49:38
now,
现在,
49:40
B, C, back to
B、C、回到
49:47
A, ROA and
A、资产回报率和
50:05
Roach. Now, if we use this photocode And now, attacker already killed off B, but then when a tag on B, the attacker can use this track to reply to a, to make a think that B is still alive, if you have revealed what We did to the charge and respond to local code, and this is exactly the same, only now we have extra message like hello and ID, but the attack is using the random number and reflect this back to the sender. Okay, if I suggest, if you, if you have time, look at this attack, compare that with the refreshing attack we perform to the challenge we spawn. Because this is a fairly common if your protocol does not have identity information, or the identity formation is not properly protected, then that will be an issue. And you can see here in protocol one, we are not just acting the ID there. If you just send an ID in the message and not including that in the map, then still the attacker can perform the attack, the ID must be also inside the Mac, so that the attacker cannot change the ID information right. Think about this. If now in the
蟑螂。现在,如果我们使用这个照片代码,现在,攻击者已经杀死了B,但是当B上有一个标签时,攻击者可以使用这个轨迹来回复a,让a认为B还活着,如果你透露了什么我们对本地代码进行了收费和响应,这是完全相同的,只是现在我们有额外的消息,如 hello 和 ID,但攻击使用随机数并将其反射回发送者。好吧,如果我建议,如果你有时间的话,看看这次攻击,将其与我们针对我们产生的挑战执行的令人耳目一新的攻击进行比较。因为这是相当常见的,如果您的协议没有身份信息,或者身份形成没有得到适当的保护,那么这将是一个问题。您可以在协议一中看到,我们不仅仅是在那里扮演 ID。如果你只是在消息中发送一个ID,而不将其包含在地图中,那么攻击者仍然可以执行攻击,该ID也必须在Mac内部,这样攻击者就无法正确更改ID信息。想想这个。如果现在在
51:47
is now in the second message, we just add the ID of a but not in the map. And just like the attack, the user can get the map and then change the ID so it still work. So the ID needs to be protected. Okay.
现在在第二条消息中,我们只是添加了a的ID,但不在地图中。就像攻击一样,用户可以获取地图,然后更改 ID,这样它仍然可以工作。所以ID需要保护。好的。
52:09
Protocol for protocol four here, a sends to B, total Ida, random number B sends back to a, a message, concatenate random number, Ida, okay. And then everything encrypted by using the secret key that is shared between A and B.
这里的协议为协议四,a发送给B,总共Ida,随机数B发送回a,一条消息,连接随机数,Ida,好的。然后使用 A 和 B 之间共享的密钥对所有内容进行加密。
52:47
52:47
Well, let's assume that the message how Ida random number when they are concatenated together, the it is within the single block size of the inclusion algorithm. If you have more than one block, there could be other attack, but which is not the focus in this course, assume that the encryption is only one block.
好吧,让我们假设消息 Ida 在连接在一起时是如何随机数的,并且它在包含算法的单个块大小内。如果您有多个块,则可能存在其他攻击,但这不是本课程的重点,假设加密只有一个块。
53:21
Can you go through the three objectives and check it one by one? Okay? A receive this. A will use the key that is shared between it and B and try to decrypt this. If the decryption is successful, what can a conclude this is generated by who by B? Because only B has this key to perform the encryption. Can he conclude that this is fresh? Yes, because of the random number. Can he conclude that this corresponds to the request again? Yes, because so this works. So you can use the encryption. If we assume that this message is small enough, then we don't need to use hash so you can encrypt The message directly.
你能把这三个目标一一核对一下吗?好的?收到这个。 A 将使用它和 B 之间共享的密钥并尝试解密。如果解密成功,A可以根据什么断定这是由B的谁生成的?因为只有B有这个密钥来执行加密。他能断定这是新鲜的吗?是的,因为随机数。他能否断定这再次符合要求?是的,因为这有效。所以你可以使用加密。如果我们假设这个消息足够小,那么我们不需要使用哈希,因此可以直接加密该消息。
54:24
Protocol five. What
协议五.什么
54:28
do you think
你认为
54:50
there's a time stamp that B generated, and send this back to A. A can check the timestamp and see whether this is current, although in this case, we do have desynchronization issue right? Because the plot in a machine and B's machine may not be the same, but Okay, so this is the first observation, not very good. We may have the synchronization issue, but how about if we ignore this issue? Assume that there's no synchronization issue, assume that the waiting window is well defined. Can you still check the free objective and see whether they can be fulfilled by this algorithm or this protocol. First, can a conclude that this is generated by B
B 生成了一个时间戳,并将其发送回 A。A 可以检查时间戳并查看这是否是当前的,尽管在这种情况下,我们确实存在不同步问题,对吗?因为A机和B机的剧情可能不一样,但是好吧,所以这是第一次观察,不太好。我们可能会遇到同步问题,但是如果我们忽略这个问题呢?假设不存在同步问题,并假设等待窗口已明确定义。您仍然可以检查免费目标,看看它们是否可以通过该算法或该协议来实现。首先,A能否断定这是B生成的
55:43
we've done this many, many times already. You should be able to tell me right away whether this, yeah, because of the map, right? You see the map, and you already know it has to be generated by BK. That is not generated by H. Secondly, is this current? Forget about the synchronization. Diesel, yes, just check the timestamp. They check the timestamp. I said there will be synchronization issue waiting windows, but let's ignore this. Then this is okay. How about
我们已经做过很多很多次了。你应该能够立即告诉我这是否是因为地图,对吧?你看到地图,就知道它必须是由 BK 生成的。那不是H生成的。 其次,这是当前的吗?忘记同步。柴油机,是的,只需检查时间戳即可。他们检查时间戳。我说过等待窗口会有同步问题,但我们忽略这一点。那么这就可以了。怎么样
56:27
the third objective fail, because there's nothing to relate this to the request of a a could have sent this long time ago, because there's no information in the request message to distinguish the different requests.
第三个目标失败,因为没有任何东西可以将其与很久以前发送的 aa 请求联系起来,因为请求消息中没有信息来区分不同的请求。
56:53
Last one.
最后一张。
56:58
56:58
Okay, the first message is the same as the first is the same as the first protocol. So we include hello message, the identity, the random number, the second message. We don't use math. We use the private key of B to encrypt this message directly. So again, assuming that this message is small enough, we look if we have no performance issue. Do you think this is okay again? If you understand what I have said, you should be able to answer me right away. I said there are three different approaches that you can prove something is generated by some someone, or prove that someone owns something. What are the three approaches digital signature, and this is a form of digital signature, just you don't use hash, right? Encrypting something by using someone's private key, is the basic fundamental concept of a digital signature. So, yes, this one is okay, we don't use map, but we use the sender's private key to do the encryption. So it's more or less like a digital selector that you can use to verify that this is generated by the sender. So that's why, if you understand the principle, then you should be able to answer this question very quickly, except the refreshing app tag. You may want to spend some time to get used to or get used to these location the idea compare the app tag we perform here to the local without the ID information, with the reflection NET app, we perform on the challenge and respond to loop.
好的,第一条消息与第一条消息相同,与第一条协议相同。所以我们包括你好消息、身份、随机数、第二条消息。我们不使用数学。我们直接使用B的私钥来加密该消息。再次假设此消息足够小,我们会检查是否没有性能问题。你觉得这又可以了吗?如果你明白我说的话,你应该能够立即回答我。我说过,你可以通过三种不同的方法来证明某物是由某人生成的,或者证明某人拥有某物。数字签名有哪三种方法,这是数字签名的一种形式,只是不使用哈希,对吧?使用某人的私钥加密某些内容是数字签名的基本概念。所以,是的,这个没问题,我们不使用地图,但我们使用发送者的私钥来进行加密。因此,它或多或少像一个数字选择器,您可以使用它来验证这是否是由发送者生成的。所以这就是为什么,如果你了解了原理,那么你应该能够很快回答这个问题,除了刷新app标签。你可能想花一些时间来习惯或者习惯这些位置,这个想法将我们在这里执行的app标签与本地没有ID信息的应用程序进行比较,用反射.NET应用程序,我们执行挑战和响应循环。
58:59
So after all, if I just want you to be able to do the fundamental thing, it's not really that difficult. But of course, you need to spend some time to try to get used to these things.
所以说到底,如果我只是想让你能够做最基本的事情,其实并没有那么困难。但当然,你需要花一些时间来尝试习惯这些事情。
59:18
Okay, so before we move to another topic, let's go through some questions in tutorial one. I
好的,在我们转向另一个主题之前,让我们先回顾一下教程一中的一些问题。我
59:33
59:33
after our discussion, I will post the suggested outline to Blackpool together with one of the other question that we discussed before, the student loan application question. Okay, take a look at question one.
经过我们的讨论后,我会将建议的大纲与我们之前讨论过的另一个问题(学生贷款申请问题)一起发布到布莱克浦。好吧,看第一个问题。
59:56
We actually answer all these in class already. First question identify the crucial element upon which the conclusion of repudiation from digital signature is based. That is the public key. Public Key. You need to ensure that the public key really belongs to a particular user. Otherwise you cannot conclude rebuilding the public key is the crucial element. Some of the potential issues of using digital signature tab in without smart tokens. I explain to you, why do we need smart token? Because we want to provide a trusted computing environment for the private key to operate. If you don't use smart token, that means every time you perform digital signature, you have to extract the key to the computer, and it is possible for a potential attacker use wires, use malicious application to grab your key and send it to him or her. I gave you an example if you use your private key to perform digital signature inside the cafe? Well, either you don't remember to or you don't know that you have to delete it after that, because the key will already resign on the memory of the computer, or you don't know that you need to use a key secure delete because window system, when it deletes something, they just delete the pointer The thing is still in the heartbeats.
我们实际上已经在课堂上回答了所有这些问题。第一个问题确定数字签名否认结论所依据的关键要素。这就是公钥。公钥。您需要确保公钥确实属于特定用户。否则你不能断定重建公钥是关键因素。在没有智能令牌的情况下使用数字签名选项卡的一些潜在问题。我给你解释一下,为什么我们需要智能代币?因为我们要为私钥运行提供一个可信的计算环境。如果您不使用智能令牌,这意味着每次执行数字签名时,您都必须将密钥提取到计算机,并且潜在的攻击者有可能使用线路,使用恶意应用程序来获取您的密钥并将其发送到他或她。我举个例子,如果你在咖啡馆里用你的私钥进行数字签名?好吧,要么您不记得,要么您不知道之后必须删除它,因为密钥已经在计算机的内存中退出,或者您不知道需要使用密钥安全删除,因为窗口系统,当它删除某些东西时,它们只是删除指针,而该东西仍在心跳中。
1:01:39
And identifying the technical and business ethos will be, how you saying traditional ATM, cash in a smart card? Well, anyone, anyone here have any idea?
确定技术和商业精神将是,你怎么说传统的 ATM,用智能卡兑现?好吧,这里有人有任何想法吗?
1:01:57
1:01:58
Of course, nowadays, we already have all ATM can read with smart card, but before we reach this stage long time ago. ATM actually cannot be smart card because ATM is a fairly old technology. If you want to do this actually the Air Force and the expense actually pretty high. You get to change the card reader in all the ATM machine. So these are tech, these are business issue, because the investment is very high. You need to evaluate, remember, I've talked about risk assessment. So you need to evaluate whether the risk is worth for you to do this. Well, at that time, there are lot that many application that can help the bank to make money by using the smart card. But of course, nowadays we can, you can use your bank account to make payment to do a lot of things. So that's why, if you compare the situation the business situation now, to that of long time ago, it is more worth for them to change the ATM machine so that you can use smart card, and exactly that's what they did, okay, but long time ago, from the business perspective, That may not be worth. How about technical easel.
当然,现在我们已经拥有了所有可以用智能卡读取的ATM,但是我们很久以前就达到了这个阶段。 ATM实际上不可能是智能卡,因为ATM是一项相当古老的技术。如果你想这样做,实际上需要空军,而且费用实际上相当高。您可以更换所有 ATM 机上的读卡器。所以这些是技术,这些是商业问题,因为投资非常高。你需要评估,记住,我已经谈到了风险评估。所以你需要评估你是否值得冒这个风险。那么,当时有很多很多的应用程序可以帮助银行通过使用智能卡来赚钱。但是当然,现在我们可以,您可以使用您的银行帐户进行付款来做很多事情。所以这就是为什么,如果你把现在的商业情况与很久以前相比,他们更值得改变ATM机,这样你就可以使用智能卡,而他们正是这样做的,好吧,但是很久以前,从商业角度来看,那可能不值得。技术画架怎么样?
1:03:42
1:03:42
So why do you want to use smart card? One possible reason is you try to adopt this PKI technology to to do a lot of business transaction. But then, if you still remember I talked about different encryption algorithm from different standard, interoperability will be an issue, because once you use smart card, you want your well nowadays, one important thing is you want to use one card, and then you can draw money from ATM belongs to different bank or different banking network. And you have to resolve this interoperability issue. And if you don't have the right standard, that will be fairly difficult.
那么为什么要使用智能卡呢?一个可能的原因是您尝试采用这种 PKI 技术来进行大量的业务交易。但是,如果你还记得我谈到了不同标准的不同加密算法,互操作性将是一个问题,因为一旦你使用智能卡,你现在就想要你的好,一件重要的事情是你想使用一张卡,然后你可以从属于不同银行或不同银行网络的ATM取款。您必须解决这个互操作性问题。如果你没有正确的标准,那将是相当困难的。
1:04:33
1:04:33
Question two, okay, why do we want standardization? I think I already mentioned this in question one, because one of the main objective is, if you do not have standardization, then even company, different organization, will use different encryption technique, then you cannot read each other's message. That means the applications are not interoperable. And that is, that is okay in the old days, because we don't rely on the internet to do that many things. But nowadays, you can imagine, you all use your mobile phone to perform transactions, to buy things, to communicate. If that is the case, then the situation will be pretty worse. Maybe you have to install many, many applications in order to communicate.
问题二,好吧,为什么我们要标准化?我想我已经在问题一中提到过这一点,因为主要目标之一是,如果没有标准化,那么即使是公司、不同的组织,也会使用不同的加密技术,那么你们就无法读取彼此的消息。这意味着应用程序不可互操作。也就是说,这在过去是可以的,因为我们不依赖互联网来做很多事情。但现在,你可以想象,你们都用手机进行交易、买东西、交流。如果真是这样的话,那么情况就更加糟糕了。也许您必须安装很多很多应用程序才能进行通信。
1:05:29
Possible cause of non standardization, I think, is in you cannot communicate, and that will be a huge loss to business opportunity. How about advantages and advantages? I think you already know interoperability, efficiency and convenience. How about disadvantages? You know, you need standardization otherwise. You know, there will be a lot trouble when you try to use this internet to do things. But are there really any disadvantages doing standardization,
我认为,不标准化的可能原因是你们无法沟通,这将是商业机会的巨大损失。优点和优势又如何呢?我想您已经了解互操作性、效率和便利性。缺点呢?你知道,否则你需要标准化。你知道,当你尝试使用互联网来做事时会遇到很多麻烦。但标准化真的有什么缺点吗?
1:06:20
we talk about innovation. If we standardize everything, can we think of people's innovative ideas, and also he may give rise to monopoly. So maybe some single organization who set the standard will monopolize the business. The entry to the business will be entry barrier to the business will be a lot higher if the standardization is decided by a single or a few organization. So these are some of the disadvantages. But of course, if you think about the whole thing, the advantages in the way that we operate today, on which the disadvantages
我们谈论创新。如果我们把一切都标准化,我们能想到人们的创新想法吗?他也可能会产生垄断。因此,也许某个制定标准的单一组织会垄断该业务。如果标准化是由单个或几个组织决定的,那么业务的进入壁垒就会高很多。这些是一些缺点。但当然,如果你考虑一下整个事情,我们今天的运作方式有优点,也有缺点
1:07:12
so you can see in this course, when I accept the exam question, there will be some balance between the technical side and the this, this type of thing, this type of question you can answer By using common sense, smaller management type of question, so don't worry too much about about the exam, but try to try to understand the principles. Question three,
所以你可以在这门课程中看到,当我接受考试问题时,技术方面和这个,这种类型的事情,这种类型的问题之间会有一些平衡,你可以通过使用常识来回答,较小的管理类型的问题,所以不要太担心考试,而是尽量去尝试理解其中的原理。问题三、
1:07:44
when you use token to perform identification authentication. What are some of the possible options? Well, you can use car, you can use USB. Now, nowadays we have smart USB. Okay, there are many other options. I think you may want to do a share way in the market, but smart card and smart USB are just two possible options.
当您使用token进行身份认证时。有哪些可能的选择?嗯,你可以用汽车,你可以用USB。现在,我们有了智能USB。好吧,还有很多其他选择。我想你可能想在市场上做一种共享的方式,但智能卡和智能USB只是两种可能的选择。
1:08:14
Which one do you think is the best electronic payment system context? This one depends on what type of electronic payment system it is. So there may be some variation among even electronic payment system. Okay, now you can even use your your mobile phone. So it's not just car and smart USB. You can use your phone. So it depends on what case of electronic payment system, because this the first big question. Actually, there are rooms for you to to to give me different answer. So I will leave it to you to think about this. I give you some suggestion, but you don't have to follow the suggestion in the suggested online. Okay, and then we go to some of the more technical question here. Question four, explain whether the following protocol are vulnerable to DoS attack, denial of service attack. Remember, in the guideline, I told you that if your protocol will make the server work much harder than the client at the beginning, then the protocol will be more vulnerable to DoS attack. This is the first thing. The second principle is, whenever you need to do crypto operation. Crypto operation is resource, resources demanded. So the more crypto operation you need the server to do, the harder the server need to work. Okay, these two basic principle you can use to analyze these two protocol here,
您认为哪一种是最好的电子支付系统环境?这取决于它是什么类型的电子支付系统。因此,即使是电子支付系统也可能存在一些差异。好吧,现在你甚至可以使用你的手机了。所以这不仅仅是汽车和智能USB。您可以使用您的手机。所以这取决于电子支付系统是什么情况,因为这是第一个大问题。事实上,你可以给我不同的答案。所以我将留给你思考这个问题。我给你一些建议,但你不必遵循网上建议中的建议。好的,然后我们来讨论一些更技术性的问题。问题四,解释下列协议是否容易受到DoS攻击、拒绝服务攻击。请记住,在指南中,我告诉过您,如果您的协议一开始就会使服务器比客户端更加努力地工作,那么该协议将更容易受到 DoS 攻击。这是第一件事。第二个原则是,当你需要进行加密操作时。加密货币操作是资源,需要资源。因此,您需要服务器执行的加密操作越多,服务器就越需要工作。好的,这两个基本原理你可以在这里分析这两个协议,
1:10:18
you can see, in the first protocol,
你可以看到,在第一个协议中,
1:10:22
the client a just need to generate a message contains the ID and the random number, and send this to the server. Then the server have to generate another random number, generate a symmetric key, and then concatenate them together and click it by using a public key. Okay, so the client, the message sent by the client to the server is easy, just ID random number, and then the server has to do, generate a random number. One crypto operation, generate a symmetric key, another crypto operation, and encrypt it by using a public key, free crypto operation. This is the first one, the second one Kayan wants to initiate this protocol. He sent the message that contains the random number a symmetric key, a digital selector, and also an encryption. So in the second protocol, the current work much, much harder than the server. So the first protocol is more vulnerable to DoS attack, because now think about this, a potential attacker can get a large number of machine just generate the ID, random number sent to the server. Then the server has to perform E for each of them, it has to perform free crypto operation, so easy for the client to send a large number of requests, hard for the server to respond to a large number of requests. And if the number request requests is large enough, it can eat up all the resources of the server, the server will crash. This is what we call the DOS. Captive server have low resources to respond to other requests. On the other hand, for the second one, see the client has to work hard to generate the request, and so it's more difficult for a attacker to even it has many machines, but each machine has to work much harder to generate a request. So compare protocol one and political two. Protocol one is more vulnerable to the OSF debt, and that is a design principle. When you decide electronic payment protocol because you need to process payment from the general public, that means there are many, many user that may request payment process at the same time for you from your payment server. So you should make them work hard, better than the server, otherwise, the server will be crashed easy. Okay.
客户端只需要生成一条包含ID和随机数的消息,并将其发送到服务器。然后服务器必须生成另一个随机数,生成对称密钥,然后将它们连接在一起并使用公钥单击它。好了,那么客户端呢,客户端发给服务器的消息就简单了,就是ID随机数,然后服务器要做的,生成一个随机数。一次加密操作,生成对称密钥,另一次加密操作,使用公钥加密,自由加密操作。这是 Kayan 想要启动该协议的第一个、第二个。他发送的消息包含随机数、对称密钥、数字选择器和加密。所以在第二个协议中,当前的工作比服务器要辛苦得多。所以第一个协议更容易受到DoS攻击,因为现在想想,潜在的攻击者可以获得大量机器刚刚生成的ID,发送到服务器的随机数。然后服务器要对每个都执行E,要执行自由加密操作,所以客户端容易发送大量请求,服务器很难响应大量请求。而如果请求请求的数量足够大,就会吃掉服务器的所有资源,服务器就会崩溃。这就是我们所说的DOS。强制服务器资源不足,无法响应其他请求。另一方面,对于第二个,客户端必须努力工作才能生成请求,因此即使攻击者拥有很多机器,但每台机器都必须更加努力地工作才能生成请求,这对攻击者来说更加困难。因此,请比较协议一和政治协议二。 协议一更容易受到 OSF 债务的影响,这是一个设计原则。当您因为需要处理公众付款而决定使用电子支付协议时,这意味着有很多很多用户可能会同时向您的支付服务器请求付款处理。所以你应该让他们努力工作,比服务器更好,否则,服务器很容易崩溃。好的。
1:13:30
Okay, the last one,
好吧,最后一张,
1:13:34
this is actually the client authentication process in the early version of SSL. And the this early version of SSL. Actually, this early version was in use long time ago, but it's not secure. So now if you look at this, I want you to find an attack to this early version of client authentication. So here, the client will send a key. This KCS is exception key generated by the client sent to the server and is encrypted by using the public key of the server. Looks okay, right? Because that is encrypted by the server's public key so nobody else can decrypt and get this section key. First step, second step, the server use this section key generate a random number. And as you said, nouns generated by the server, which is a random number encrypted by using the section key that the server just received. Then the third step, the client will send back a certificate with the signature on the on the random number. Yeah, by the way, this side subscript private key and a message means that this is a digital signature. That means it generates the hedge of the random number and then use the private key to do the encryption. Digital Signature is not just an encryption by the private key. So why is this a kind of indication, before we look into the witness of the algorithm. Let's understand why this is a an authentication. Think about this. The first step the client says the section key, okay, and then this section key is there just to protect the random number. So we can ignore that for the time being, because the the at the end, the authentication mainly based on the digital signature. In the second step, the server send a random number and then the client respond by performing a digital signature on the random number. So this is what random number sent to the client. Server wants to authenticate a client. This is client authentication. Server wants to authenticate a client. So server send a random number client respond by performing something to the random number so that the server can prove that that is from the client, generated by a client. This is what, what do we call this? The random number is a one challenge, and the server will spawn. So this is similar to a challenge we spawn. So the hint to you, if you want to analyze this, think about the challenge response. Is there anything here that lack so that we can apply similar attack that we did To the challenge we spawned
这实际上是SSL早期版本中的客户端认证过程。还有 SSL 的早期版本。事实上,这个早期版本很早以前就已经在使用了,但它并不安全。所以现在如果你看看这个,我希望你找到对这个早期版本的客户端身份验证的攻击。所以在这里,客户端将发送一个密钥。该KCS是客户端生成的异常密钥发送给服务器,并使用服务器的公钥进行加密。看起来不错,对吧?因为它是由服务器的公钥加密的,所以其他人无法解密并获取此部分密钥。第一步、第二步,服务器使用这一段密钥生成一个随机数。正如你所说,服务器生成的名词,是使用服务器刚刚收到的部分密钥加密的随机数。然后第三步,客户端将发回带有随机数签名的证书。是啊,顺便说一句,这个边下标私钥和一条消息意味着这是一个数字签名。这意味着它生成随机数的对冲,然后使用私钥进行加密。数字签名不仅仅是私钥的加密。那么,在我们研究算法的见证之前,为什么这是一种指示呢?让我们理解为什么这是一个身份验证。想想这个。第一步,客户端说出部分密钥,好的,然后该部分密钥只是为了保护随机数。所以我们暂时可以忽略这一点,因为最后的认证主要是基于数字签名。第二步,服务器发送一个随机数,然后客户端通过对该随机数执行数字签名进行响应。这就是发送给客户端的随机数。 服务器想要验证客户端的身份。这是客户端身份验证。服务器想要验证客户端的身份。因此,服务器发送一个随机数,客户端通过对随机数执行某些操作来响应,以便服务器可以证明该随机数来自客户端,由客户端生成。这是什么,我们称之为什么?随机数是一次挑战,服务器将会生成。所以这类似于我们产生的挑战。所以提示你,如果你想分析这个,请考虑挑战响应。这里是否缺少任何东西,以便我们可以对我们产生的挑战应用我们所做的类似攻击
1:17:34
anyone?
有人吗?
1:17:38
Any suggestion here? I
这里有什么建议吗?我
1:17:51
1:17:51
so to successfully launch an attack, that means some attacker should be able to send the server a a certain potential similar to step three, and to fool the searcher to think that that is from the that is actually generated by c i,
因此,要成功发起攻击,这意味着某些攻击者应该能够向服务器发送类似于步骤三的特定电位,并欺骗搜索者认为该电位是由 ci 实际生成的,
1:18:47
any good idea.
有什么好主意。
1:18:55
1:18:55
This one is more difficult, but still the
这个比较难,但是还是
1:19:03
concept of refreshing attack and something similar up there you What do the attacker need to get in order to get The last message to pretend to be deciding?
刷新攻击的概念和类似的东西你的攻击者需要得到什么才能得到假装决定的最后一条消息?
1:19:30
See the attacker need to get the right random number right, and then the right random number that is, think that it is using them to authenticate. C, see the authentication is. Think about the challenge with respond protocol, the the server is all this random number, and in order to prove that the client, to prove that it is really C, the client has to perform the operation of this random number. Okay, this random number is for the server charge C. So first the attacker need to get this random number and then pull C into generating the last message. And of course, here a an add. The complication is, the challenge is one more. We don't have this section key to protect the random number. We can just refract this random number back, right? But here you need to do something extra in order to get this section
看到攻击者需要获得正确的随机数,然后认为它正在使用它们来进行身份验证。 C、查看认证方式。想想响应协议的挑战,服务器都是这个随机数,而为了证明客户端,证明它真的是C,客户端必须执行这个随机数的操作。好吧,这个随机数是给服务器费用C的。所以攻击者首先需要得到这个随机数,然后拉动C来生成最后一条消息。当然,这里还有一个补充。复杂的是,挑战又是一个。我们没有这个部分密钥来保护随机数。我们可以将这个随机数折射回来,对吧?但在这里你需要做一些额外的事情才能获得这个部分
1:20:49
key. Anyone.
钥匙。任何人。
1:20:52
Let me
让我
1:20:55
do the first step and see whether You can figure out I
做第一步,看看你是否能弄清楚我
1:21:24
1:21:24
again, here,
再次,在这里,
1:21:30
1:21:30
okay, we have c and s in the question. So now we let a, this is the objective,
好的,问题中有 c 和 s。所以现在我们让a,这就是目标,
1:21:46
in order to get the exception t, what a can Do is a will set up a ministry server, a
为了获得例外t,a可以做的是设置一个部门服务器,a
1:22:15
to attract
吸引
1:22:19
B to access. So we can call this server as part. So so it could be something that is very attractive. It can be a fake bank website. It could be a website that give a lot of bonus to the users, something that attract the users to try to make a SSL connection. So here assume that this service of self storage and authentication,
B 访问。所以我们可以将此服务器称为一部分。所以它可能是非常有吸引力的东西。它可能是假银行网站。它可能是一个给用户带来很多好处的网站,吸引用户尝试建立 SSL 连接。所以这里假设这个自存储和认证的服务,
1:23:27
okay, so this I is set up by A, so A will obtain this. Okay. Now your turn is the second step.
好吧,所以这个I是A设置的,所以A会得到这个。好的。现在轮到你了第二步。
1:23:42
Remember this section, key, according to the protocol, is generated by the client to the send it to the server. So the server will appear. As long as the server obtain a section key that is encrypted by using his public key, then the server will proceed. So
请记住这一节,密钥根据协议由客户端生成并发送给服务器。这样服务器就会出现。只要服务器获得使用其公钥加密的节密钥,那么服务器就会继续进行。所以
1:24:11
see a wants to pretend to be C to do this,
看到A想冒充C来做这件事,
1:24:18
and this can crypto session is the first step. So what do you think the attacker a now will do? P tend to be C, and do what?
这可以加密会话是第一步。那么你认为攻击者现在会做什么呢? P 倾向于 C,做什么?
1:24:34
If a P tend to be C, want to perform a kind of indication of server. What does a is to send to the server a section key encrypted by the public key of the server, right? So now in this step here, s pi is set up by A, so A can obtain this a can decrypt, because it's encrypted by using s PI's public key. So a use the corresponding private key, decrypt, get this section key and encrypt it by using the public key of s, and then send it to S. So the second step here is in back.
如果一个P趋向于C,则要执行服务器的一种指示。 a是什么意思,就是向服务器发送一个用服务器的公钥加密的section key,对吧?所以现在在这一步中,s pi 是由 A 设置的,因此 A 可以获得这个 a 可以解密的内容,因为它是使用 s PI 的公钥加密的。那么a用对应的私钥解密,得到这段密钥并用s的公钥加密,然后发送给S。所以这里的第二步在后面。
1:25:19
So in the second step, this is another one of the protocol initiated by the attacker. So now a, we tend
所以在第二步中,这是攻击者发起的另一个协议。所以现在,我们倾向于
1:25:29
to be C, is C send the following.
是C,是C发送以下内容。
1:25:46
Okay, now I have completed two steps, so let's take a tab, really track, see whether you can complete the rest, and then we come back and finish the tab. You
好的,现在我已经完成了两个步骤,所以我们来进行一个选项卡,真正跟踪,看看是否可以完成剩下的部分,然后我们回来完成选项卡。你
1:26:19
Multiple.
多种的。