7. Security

安全通信要求

Threat consequence	Thread Action
Unauthorized Disclosure	Exposure,Interception,inference,Intrusion
Deception	Masquerade,Falsification,repudiation
Disrupction	Incapacitation,Corruption,Obstruction
Usurpation	Misappropriation,Misuse

	Availability	Confidentiality	Integrity
Hardware	denying service
Software	Programs deleted	unauthorized copy of software	working program modified
Data	Files deleted	unauthorized read	files modified, new files fabricated
Communication Lines	Messages destroyed	Messages read	Messages modified

Masquerader: An individual who is not authorized to use the computer and who penetrates a system's access controls to exploit legitimate user's account
Misfeasor: A legitimate user access authorized data or programs
Clandestine user: An individual seizes supervisory control of the system

Name	Description
Virus	Malware that, when executed, tries to replicate itself into other executable code; when it succeeds the code is said to be infected. When the infected code is executed, the virus also executes.
Worm	A computer program that can run independently and can propagate a complete working version of itself onto other hosts on a network.
Logic bomb	A program inserted into software by an intruder. A logic bomb lies dormant until a predefined condition is met; the program then triggers an unauthorized act.
Trojan horse	A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms
Backdoor	ANy mechanisms that bypasses a normal security check
Mobile code	Software that can be shipped unchanged to a heteorgeneous collection of planforms
Spammer programs	Used to send large volumes of unwanted e-mail
Flooders	Used to attack networked computer systems with a large volume of traffic to carry out a DoS attact
Keyloggers
RootKit
Zombie, bot	Program activated on an infected machine that is activated to launch attacks on other machines.
Spyware
Adware

对称秘钥密码体制
- 块密码：DES, 3DES, AES
- 密码块连接（CBC）：仅第一个报文发送一个随机值，然后双方使用计算的编码块代替后续随机数
- 攻击方法
  - 唯密文攻击
  - 已知明文攻击
  - 选择明文攻击
公开秘钥加密
- RSA
- 会话秘钥
  - Diffe-Hellman 算法
    - large prime $p$ , integer $g$ is a generator of $Z^*_p$
    - Alice: $a\in Z_{p-1},A=g^a\bmod p$
    - Bob: $b\in Z_{p-1},B=g^b\bmod p$
    - share $A,B$ , $K=A^b=B^a=g^{ab}\bmod p$
    - 离散对数问题
密码散列函数：找到任意两个 $x,y,H(x)=H(y)$ $x, y, H (x) = H (y)$ 在计算上不可能
- MD5
- SHA-1 (160 bits)
报文鉴别码(MAC) $H(m+s)$ $H (m + s)$
- 鉴别秘钥 $s$
- Alice 发送报文 $(m,H(m+s))$
- Bob 验证 $m=H(m+s)$
数字签名： $K_B^-(m)$
公钥认证
- 认证中心(CA)：验证真实身份，颁发证书
  - 主流机构：Symantec,GeoTrust,TrustAsia,Comodo,DigiCert,GlobalSign,Let's Encrypt
- 证书： $K_{CA}^-((K_B^+,B))$ $K_{C A}^{-} ((K_{B}^{+}, B))$
  - SSL 证书验证级别
    - DVSSL 域名型证书
    - OVSSL 企业型证书
    - EVSSL 增强型证书

SSL and TLS: provide a reliable end-to-end secure service

Confidentiality: Handshake Protocol defines a shared secret key used for symmetric encryption of SSL payloads
Message integrity: Handshake Protocol defines a shared secret key used to form a message authentication code (MAC)
Process: fragmentation -> compression -> add MAC -> Encrypt -> Append SSL Record Header

Content Type	Major Version	Minor Version	Compressed Length
8 bits	8	8	16
higher-layer protocol	major version of SSL (3 for SSLv3)	(0 for SSLv3)	max is $2^14+2048$

Phase 1: ClientHello
- Version
- 1st Random: 32-bit timestap + 28 bytes generated random number
- Session ID
- CipherSuite: a list that contains the combinations of crytographic algorithms supported by the client, in decreasing order of preference
- Compression method: a list of the compression methods that client supports
Phase 2: SeverHello
- send certificate from CA
- send 2nd Random
- wait for a client response
Phase 3: Certificate Verify
- verify server's certificate
- 第三个随机数，该随机数用服务器公钥加密，防止被窃听
- 编码改变通知，表示随后的信息都将用双方商定的加密方法和密钥发送
- 客户端握手结束通知，表示客户端的握手阶段已经结束。这一项同时也是前面发送的所有内容的hash值，用来供服务器校验
- ChangeCipherSpec
Phase 4: Server Finish

IPSec 协议族

AH 协议（Authentication Header, 鉴别首部）
- 源鉴别服务
- 数据完整性服务
ESP 协议 (Encapsulation Security Payload, 封装安全性载荷)
- 源鉴别
- 数据完整性
- 机密性
安全关联（SA）：一个单工逻辑连接
- 安全参数索引(SPI)：32 bits
- SA 初始接口和 SA 目的接口
- 加密类型，加密秘钥，完整性检查类型，鉴别秘钥
IPSec 数据报
- 隧道模式
  - 初始IPv4后附上 ESP 尾部 (填充 + 填充长度 + 下一首部)
  - 加密上述结果，在之前附上 ESP 首部 (SPI + 序号)
  - 以上算法生成鉴别 MAC
  - 以上结果为载荷，增加新 IP 首部（隧道端点的 IP 地址，协议号 50）
- 运输模式
IKE 协议（Internet Key Exchange, RFC 5996）：交换秘钥
VPN(虚拟专用网络)：通过相对而言不太安全的网络互相连接在一起