Internet安全协议

《Internet安全协议》由会员分享，可在线阅读，更多相关《Internet安全协议（87页珍藏版）》请在金锄头文库上搜索。

1、1Chapter 6InternetSecurityProtocolsInternet 安全协议安全协议2Chapter 6HTTPProtocolHttp协议协议HyperTextTransferProtocol超文本传输协议超文本传输协议UsedontheInternetInternet上使用上使用BasedonRequest-ResponseModel 基于请求基于请求-响应模式响应模式3Chapter 6StaticWebPage静态静态Web页面页面Web BrowserWeb ServerStep 1: HTTP RequestStep 2: HTTP ResponseExampl

2、e4Chapter 6SampleHTTPInteractionHTTP交互例子交互例子Web BrowserWeb ServerGET /files/new/image1 HTTP/1.1Accept: image/gifAccept: image/jpegHTTP /1.1 200 OKDate: Tue, 19-06-02 15:58:10 GMTServer: MyServerContent-length: 3010 (Actual data for the image)HTTP RequestHTTP Response5Chapter 6DynamicWebPage动态动态Web页页

3、ClientsendsHTTPRequest客户端发送客户端发送HTTP请求请求Serverexecutesaprogram服务器执行程序服务器执行程序ServersendsbackanHTTPResponse服务器返回一个服务器返回一个HTTP响应响应6Chapter 6DynamicWebPage动态动态Web页页Web BrowserWeb ServerStep 1: HTTP RequestStep 4: HTTP ResponseStep 2: Invokes an application program in response to the HTTP requestStep 3:

4、The program executes and produces HTML output7Chapter 6ActiveWebPage活动活动Web页页ClientsendsHTTPRequest客户端发送客户端发送HTTP请求请求ServersendsbackHTMLPageandaClient-sideProgram服务器端返回服务器端返回HTML页和客户端程序页和客户端程序Examples:Applet,ActiveXControl例如：Applet,ActiveXControl8Chapter 6ActiveWebPage活动活动Web页页Web BrowserWeb ServerS

5、tep 1: HTTP RequestStep 2: HTTP ResponseContainsHTML Page.Small Program.Step 3: Browser interprets HTML page and also executes the program9Chapter 6TCP/IPTCP/IP协议协议TransmissionControlProtocol/InternetProtocol传输层控制协议传输层控制协议/Internet协议协议ConventionforcommunicationontheInternetInternet上通信的协定上通信的协定Consis

6、tsoffivelayersofsoftware包含包含5层软件层软件10Chapter 6TCP/IPLayersTCP/IP层层Layer NumberLayer Name5 (Highest)Application4Transport3Internet2Data link1 (Lowest)Physical11Chapter 6TCP/IPLayersApplication LayerTransport LayerInternet LayerData Link LayerPhysical Layer12Chapter 6TCP/IPConceptTCP/IP概念概念Alllayersex

7、ceptphysicallayercommunicatewithadjacentlayersonthesamecomputer除了物理层的所有层都和同一计算机上的相邻除了物理层的所有层都和同一计算机上的相邻层进行通信层进行通信Physicallayeristheonlylayerwhereactualtransmissionbetweentwocomputershappens物理层是唯一在两个计算机间进行实际数据传物理层是唯一在两个计算机间进行实际数据传输的层输的层13Chapter 6TCP/IPCommunicationTCP/IP通信通信XYIntermediate nodesAppli

8、cationTransportNetworkData LinkPhysicalNetworkData LinkPhysicalApplicationTransportNetworkData LinkPhysicalCommunication linkNetworkData LinkPhysicalNetworkData LinkPhysical14Chapter 6DataExchangeusingTCP/IPLayers使用使用TCP/IP层交换数据层交换数据XL5 dataH4010101010100010101010010Transmission mediumL5 dataH3L4 da

9、taH2L3 dataYL5 dataH4010101010100010101010010L5 dataH3L4 dataH2L3 dataApplicationTransportInternetData linkPhysical15Chapter 6SecureSocketLayer(SSL)安全套接层安全套接层WorldsmostwidelyusedsecuritymechanismontheInternet全世界最广泛使用的全世界最广泛使用的Internet安全机制安全机制Securescommunicationbetweenaclientandaserver实现客户端和服务器端的安全通

10、信实现客户端和服务器端的安全通信LocatedbetweentheApplicationandTransportLayersofTCP/IPprotocolsuite位于位于TCP/IP协议组的应用层和传输层之间协议组的应用层和传输层之间16Chapter 6SecureSocketLayer(SSL)安全套接层安全套接层originallydevelopedbyNetscape最初由最初由Netscape 公司开发公司开发SSLhastwolayersofprotocolsSSL有两层协议有两层协议SSL Architecture17Chapter 6PositionofSSLinTCP/I

11、PTCP/IP中中SSL的位置的位置Application LayerTransport LayerInternet LayerData Link LayerPhysical LayerSSL Layer18Chapter 6DataExchangeincludingSSL包含包含SSL的数据交换的数据交换XL5 data010101010100010101010010Transmission mediumH4L5 dataH3L4 dataApplicationTransportInternetPhysicalL5 dataSSLSHH2L3 dataData LinkYL5 data010

12、101010100010101010010H4L5 dataH3L4 dataL5 dataSHH2L3 data19Chapter 6SSLSub-ProtocolsSSL子协议子协议HandshakeProtocol握手协议握手协议RecordProtocol记录协议记录协议AlertProtocol警报协议警报协议20Chapter 6SSLHandshakeMessageFormatSSL握手消息格式握手消息格式TypeLengthContent1 byte3 bytes1 or more bytes21Chapter 6SSLHandshakeMessagesSSL握手消息握手消息M

13、essage TypeParametersHello requestNoneClient helloVersion, Random number, Session id, Cipher suite, Compression methodServer helloVersion, Random number, Session id, Cipher suite, Compression methodCertificateChain of X.509V3 certificatesServer key exchangeParameters, signatureCertificate requestTyp

14、e, authoritiesServer hello doneNoneCertificate verifySignatureClient key exchangeParameters, signatureFinishedHash value22Chapter 6SSLHandshakeProtocolSSL握手协议握手协议comprises a series of messages in phases 由当前状态的一系列消息组成由当前状态的一系列消息组成Establish Security Capabilities（建立安全能力）建立安全能力）Server Authentication and

15、 Key Exchange（服务器服务器认证和密钥交换）认证和密钥交换）Client Authentication and Key Exchange（客户端认客户端认证和密钥交换）证和密钥交换）Finish（完成）完成）23Chapter 6SSLHandshakeProcessSSL握手处理握手处理Web BrowserWeb Server1.Establish security capabilities2.Server authentication and key exchange3.Client authentication and key exchange4.Finish24Chapt

16、er 6SSLHandshakePhase1SSL握手握手-1阶段阶段Web BrowserWeb ServerStep 1: Client helloStep 2: Server hello25Chapter 6SSLHandshakePhase2SSL握手握手-2阶段阶段Web BrowserWeb ServerStep 1: CertificateStep 2: Server key exchangeStep 3: Certificate requestStep 4: Server hello done26Chapter 6SSLHandshakePhase3SSL握手握手-3阶段阶段W

17、eb BrowserWeb ServerStep 1: CertificateStep 2: Client key exchangeStep 3: Certificate request27Chapter 6SSLHandshakePhase4SSL握手握手-4阶段阶段Web BrowserWeb ServerStep 3: Change cipher specsStep 4: Finished1. Change cipher specs2. Finished28Chapter 6SSLHandshakeSSL握手握手FinishedClintServerClient HelloSSLServ

18、er HelloCertificateServer Key ExchangeCertificate RequestServer Hello doneCertificateClient Key ExchangeCertificate VerifyChange Cipher SpecFinishedChange Cipher SpecTimePhase1Phase2Phase3Phase429Chapter 6SSLRecordProtocolSSL记录协议记录协议Confidentiality（保密性）保密性）usingsymmetricencryptionwithasharedsecretke

19、ydefinedbyHandshakeProtocol（握手协议定义了加密的握手协议定义了加密的对称加密共享密钥）对称加密共享密钥）messageiscompressedbeforeencryption（消息在加密前消息在加密前可以压缩）可以压缩）message integrity（消息完整性）消息完整性）usingaMACwithsharedsecretkey（定义了生成消息认定义了生成消息认证码的共享密钥）证码的共享密钥）30Chapter 6SSLRecordProtocolSSL记录协议记录协议Application dataFragmentationCompressionAdditi

20、on of MACEncryptionAppend header31Chapter 6SSLRecordFormatSSL记录格式记录格式32Chapter 6SSLAlertProtocolSSL警报协议警报协议conveysSSL-relatedalertstopeerentity（向对等实向对等实体传递体传递SSL相关的警报）相关的警报）Severity（严重程度）严重程度）warningorfatal（警告或致命）警告或致命）specificalert（特殊警报）特殊警报）unexpectedmessage（意外消息）意外消息）,badrecordmac（不正确不正确MAC）,deco

21、mpressionfailure（解压失败）解压失败）,handshakefailure（握手失败）握手失败）,illegalparameter（非法参数）非法参数）closenotify（结束通知）结束通知）,nocertificate（无证书）无证书）,badcertificate（坏证书）坏证书）,unsupportedcertificate（不支持的证书）不支持的证书）,certificaterevoked（证书撤消）证书撤消）,certificateexpired（证书过期）证书过期）,certificateunknown（未知证书）未知证书）33Chapter 6SHTTP安全超文

22、本传输协议安全超文本传输协议NotaspopularasSSL不如不如SSL流行流行Encryptsindividualmessages加密各个消息加密各个消息Almostobsolete很少使用很少使用34Chapter 6SHTTPandSSLPositionsSHTTP和和SSL的位置的位置Application Layer, SHTTPTransport LayerInternet LayerData Link LayerPhysical LayerSSL Layer35Chapter 6TimeStampingProtocol(TSP)时戳协议时戳协议Digitalversionof

23、anotaryservice公证服务的数字版公证服务的数字版SecurityTSisatrustedtimeauthority 安全时间戳就是一个可信的时间权威安全时间戳就是一个可信的时间权威DenoteTSusingasetofauthenticationintegrateddata 它用一段可认证的完整的数据表示时间戳它用一段可认证的完整的数据表示时间戳36Chapter 6TimeStampingProtocol(TSP)时戳协议时戳协议Provethatadocumentexistedataspecificdateandtime证明一个文档在特定的日期和时间存在证明一个文档在特定的日期

24、和时间存在TimeStampingAuthority(TSA)isusedandcreaterelativelyuniformtimedenotation 时戳机构使用时戳协议时戳机构使用时戳协议, 产生相对统一的产生相对统一的时间表示，这个时间为安全时间。时间表示，这个时间为安全时间。37Chapter 6TimeStampingProtocolStep1时戳协议时戳协议-1步步ClientTSAOriginal messageMessage Digest AlgorithmMessage Digest38Chapter 6TimeStampingProtocolStep2时戳协议时戳协议-

25、2步步ClientTSAStep 2:Time Stamping RequestMessage Digest39Chapter 6TimeStampingProtocolStep3时戳协议时戳协议-3步步ClientTSAStep 3: Time Stamping Response40Chapter 6Applicationofsecuritytimestamping安全时间戳应用安全时间戳应用 随着计算机网络的快速发展，招标投标也由原随着计算机网络的快速发展，招标投标也由原来的手工操作方式逐步转变为在来的手工操作方式逐步转变为在InternetInternet网上进行。网上进行。网上招标投标

26、是指通过专用招标投标电子商务平台，网上招标投标是指通过专用招标投标电子商务平台，将招标投标过程中的各个角色，如供应商、招标机将招标投标过程中的各个角色，如供应商、招标机构、评标专家、政府监督机构等连接起来，企业、构、评标专家、政府监督机构等连接起来，企业、机关和个人在网上传递投标数据，评标、开标均采机关和个人在网上传递投标数据，评标、开标均采用电子手段，通过网络发布中标结果的一种招投标用电子手段，通过网络发布中标结果的一种招投标方式。方式。41Chapter 6Applicationofsecuritytimestamping安全时间戳应用安全时间戳应用 在招投标系统中，时间和数字签名都是很重

27、要在招投标系统中，时间和数字签名都是很重要的证明文件有效性的内容。数字时间戳（的证明文件有效性的内容。数字时间戳（DTSDTS）就是就是用来证明电子数据的收发时间。用户将需要加时间用来证明电子数据的收发时间。用户将需要加时间戳的文件经加密后形成文档，然后将摘要发送到时戳的文件经加密后形成文档，然后将摘要发送到时戳中心，该时戳中心对原稿加上时间后，进行数字戳中心，该时戳中心对原稿加上时间后，进行数字签名，用私钥加密，并发送给原用户。数字时间戳签名，用私钥加密，并发送给原用户。数字时间戳有效地为文件发表时间提供了很好的证据。有效地为文件发表时间提供了很好的证据。 42Chapter 6Secure

28、ElectronicTransaction安全电子交易安全电子交易(SET)openencryption&securityspecification（开放的加密安全规范）开放的加密安全规范）toprotectInternetcreditcardtransactions（保护互联网上的信用卡保护互联网上的信用卡交易）交易）developedin1996byMastercard,Visaetc（由由Mastercard和和 Visa公司在公司在1996年开发年开发 ）notapaymentsystem（本身不是一个支付系统）本身不是一个支付系统）ratherasetofsecurityprotoc

29、ols&formats（而是一个安全协议和而是一个安全协议和格式集）格式集）securecommunicationsamongstparties（为交易各方提供安全为交易各方提供安全信道）信道）trustfromuseofX.509v3certificates（通过使用通过使用X.509v3 证书证书提供信任）提供信任）privacybyrestrictedinfotothosewhoneedit（限制信息提供以限制信息提供以确保私密性）确保私密性）43Chapter 6SecureElectronicTransaction安全电子交易安全电子交易(SET)Merchantdoesnotget

30、toknowthecreditcarddetailsofthecardholder 商店不知道持卡人信用卡的细节商店不知道持卡人信用卡的细节Requiressoftwaresetupontheclientaswellasserver要求在客户机和服务器上安装软件要求在客户机和服务器上安装软件44Chapter 6SETParticipantsSET参与方参与方45Chapter 6SETTransactionProcessSET交易过程交易过程1.customeropensaccount（顾客开通帐户）顾客开通帐户）2.customerreceivesacertificate（顾客收到证书）顾

31、客收到证书）3.merchantshavetheirowncertificates（商家拥有自己的证书）商家拥有自己的证书）4.customerplacesanorder（顾客进行订购）顾客进行订购）5.merchantisverified（商家被验证）商家被验证）6.orderandpaymentaresent（发送发送订购订购和和付款付款信息）信息）7.merchantrequestspaymentauthorization（商家请求付款认证）商家请求付款认证）8.paymentgatewayauthorizespayment（支付网关授权付款）支付网关授权付款）9.merchantcon

32、firmsorder（商家确认订购）商家确认订购）10.merchantprovidesgoodsorservice（商家提供商品和服务）商家提供商品和服务）11.merchantrequestspayment（商家请求支付）商家请求支付）46Chapter 6SETDualSignatureConcept双重签名概念双重签名概念customer creates dual messages 客户产生双重消息客户产生双重消息order information (OI) for merchant 给商家的订货消息给商家的订货消息payment information (PI) for bank 给

33、银行的支付消息给银行的支付消息neither party needs details of other 任何一方都不需要他方的细节信息任何一方都不需要他方的细节信息but must know they are linked 但是必须知道它们相关联但是必须知道它们相关联use a dual signature for this 使用双重签名使用双重签名signed concatenated hashes of OI & PI 47Chapter 6SETDualSignatureConcept双重签名概念双重签名概念1.Purchase-relatedinformation（购买相关信息购买相关

34、信息发给支发给支付网关）付网关）（a)PI(付款信息）付款信息）DSPI+OI（对对PI和和 OI求出的数字签名）求出的数字签名）OIMD （OI消息摘要）消息摘要）(b)AllaboveareencryptedwithK(所有上述信息用所有上述信息用K加密加密)(c)DigitalenvelopeiscreatedbyencryptingKwiththepaymentgatewayspublickey(用支付网关公钥加密用支付网关公钥加密K，生成数字信封生成数字信封)48Chapter 6SETDualSignatureConcept双重签名概念双重签名概念2.Order-relatedin

35、formation（订单相关信息订单相关信息发给商家）发给商家）QI(订单信息）订单信息）DSPI+OI（对对PI和和 OI求出的数字签名）求出的数字签名）PIMD （PI消息摘要）消息摘要）3.Cardholdercertificate(持卡人证书持卡人证书发给商家和支付网关发给商家和支付网关)49Chapter 6SETDualSignatureConcept双重签名概念双重签名概念PIOIHHPIMDOIMD+HPOMDEDual Signature (DS)50Chapter 6SETModelSET模型模型Certificate Authority GroupCertificate

36、Authority ACertificate Authority B MerchantCardholderPaymentGatewayYou can act as a CAYou can act as a CAPlease verify the cardholders certificatePlease verify the merchants certificateRequest for a certificateCardholders CertificateRequest for a certificateMerchants CertificatePurchase RequestPurch

37、ase ResponseAuthorization RequestAuthorization Response51Chapter 6SSLversusSETSSL与与SETIssueSSLSETMain aimExchange of data in an encrypted formE-commerce related payment mechanismCertificationTwo parties exchange certificatesAll the involved parties must be certified by a trusted third partyAuthentic

38、ationMechanisms in place, but not very strongStrong mechanisms for authenticating all the parties involvedRisk of merchant fraudPossible, since customer gives financial data to merchantUnlikely, since customer gives financial data to payment gatewayRisk of customer fraudPossible, no mechanisms exist

39、 if a customer refuses to pay laterCustomer has to digitally sign payment instructionsAction in case of customer fraudMerchant is liablePayment gateway is liablePractical usageHighLow at the moment, expected to grow52Chapter 6ElectronicMoney电子货币电子货币Digitalversionofmoney货币的数字版货币的数字版Takestheformofcomp

40、uterdiskfiles采用计算机磁盘文件形式采用计算机磁盘文件形式Canbeidentified/anonymous,online/offline可以署名可以署名/匿名，联机匿名，联机/脱机脱机53Chapter 6ModelofElectronicMoney电子货币模型电子货币模型C u s t o m e rB a n k1. The customer opens an account with the bank as usual.2. When the customer needs some electronic money (say $100), he sends an email

41、 to the bank, requesting for the same. This email is encrypted.3. The bank authenticates the message, and when sure, debits the customers account with the amount requested for.4. The bank sends the money as a computer file (which contains an extremely huge random number) to the customer. This file i

42、s also encrypted. The amount could come in multiple denominations (say 10 files, each representing $10).C u s t o m e rM e r c h a n tWhen the customer wants to make purchases using electronic money, he sends the necessary file(s) to the merchant. This data exchange is also encrypted.M e r c h a n t

43、B a n kThe merchant then sends the file(s) to the bank, which verifies them, and credits the merchants account with that much of money.54Chapter 6ElectronicMoneySecureStep1电子货币安全电子货币安全步骤步骤1Bank$100Original messageEncrypt with Banks private keyEncrypt with customers public key%ATwice-encrypted dataCu

44、stomer55Chapter 6ElectronicMoneySecurityStep2电子货币安全电子货币安全步骤步骤2Customer%AReceived messageDecrypt with customers private keyDecrypt with banks public key$100Original message56Chapter 6IdentifiedElectronicMoney标识电子货币标识电子货币Bankcantrackcustomersspending银行可以跟踪客户的花费银行可以跟踪客户的花费Canleadtoprivacyconcerns涉及到个人隐

45、私涉及到个人隐私Verysimpletoimplement简单易于实现简单易于实现57Chapter 6IdentifiedElectronicMoney标识电子货币标识电子货币BankCustomer$100SR100CustomerMerchant$100SR100MerchantBank$100SR1001. Bank generates the serial number and sends it along with the electronic money to the customer.2. The customer spends the money so the merchan

46、t has it now.3. The merchant now wants to encash the electronic money from the bank. The money still has the same serial number.58Chapter 6AnonymousElectronicMoney匿名电子货币匿名电子货币Bankcannottrackcustomersspending 银行不能跟踪客户的花费银行不能跟踪客户的花费Safefromprivacyconcerns保证个人隐私安全保证个人隐私安全Slightlycomplextoimplement实现有些复

47、杂实现有些复杂59Chapter 6AnonymousElectronicMoney匿名电子货币匿名电子货币BankCustomer$1008A8CCustomerMerchant$100PQP1MerchantBank$100PQP11. The customer generates a random number, and from it, creates another number called as blinded number.2. The customer sends the blinded number to the bank.3. The bank sends the ele

48、ctronic money along with the blinded number to the customer.4. During an actual transaction, the customer does not use the blinded number. Instead, he uses the original number.5. The merchant and the bank now have the original number they cannot trace the money, as they do not know the relationship

49、between the original number and the blinded number!CustomerBank8A8CCustomerPQP18A8COriginal numberBlinded Number60Chapter 6DoubleSpendingProblem重复使用问题重复使用问题Customercanspendthesamepieceofelectronicmoneymorethanonce客户可以不止一次的使用同一个电子货币客户可以不止一次的使用同一个电子货币Whoisliableinsuchafraud?谁对这类欺诈负责？谁对这类欺诈负责？Dangerous

50、canbeavoidedincaseofonlineelectronicmoney联机电子货币可以避免危险联机电子货币可以避免危险61Chapter 6DoubleSpendingProblem重复使用问题重复使用问题$10Customer spends the money once$10Customer spends the same money againMerchant 1Merchant 2BankSTOP!62Chapter 6Emailconcept电子邮件电子邮件ConsistsoftwomainpartsHeader头头Body内容内容Securingemails安全电子邮件安

51、全电子邮件PEMPGPS/MIME63Chapter 6EmailHeaderandBody电子邮件的头和内容电子邮件的头和内容From: John Smith ()To: Cherry ()Subject: Accepting the offerDate: 4 March 2002Dear Cherry,I have decided to accept your offer.Regards.JohnHeadersBody64Chapter 6SimpleMailTransportProtocol(SMTP)简单电子邮件传输协议简单电子邮件传输协议ProtocolinTCP/IPApplica

52、tionLayerTCP/IP应用层协议应用层协议Usedforemailcommunicationbetweenemailserversofthesenderandthereceiver用于发送方和接收方电子邮件服务器间用于发送方和接收方电子邮件服务器间的电子邮件通信的电子邮件通信Simpletounderstand容易理解容易理解65Chapter 6EmailTransmissionusingSMTP使用使用SMTP传输电子邮件传输电子邮件Senders SMTP serverSenderEmail Email Receivers SMTP serverEmail ReceiverPul

53、lInternet66Chapter 6EmailExample电子邮件例子电子邮件例子S: 220 Simple Mail Transfer Service ReadyC: MAIL FROM: S: 250 OKC: RCPT TO: S: 250 OKC: RCPT TO: S: 250 OKC: DATAS: 354 Start mail input; end with C: actual contents of the message C: C: C: S: 250 OKC: QUITS: 221 Service closing transmission channel67Cha

54、pter 6PEMSecurityFeatures隐私增强型邮件协议安全特点隐私增强型邮件协议安全特点Privacy Enhanced Mail (PEM)EncryptionNon-repudiationMessage integrity68Chapter 6PEMOperationsPEM的操作的操作1. Canonical Conversion 2. Digital Signature3. Encryption 4. Base 64 encoding规范转换规范转换数字签名数字签名加密加密64进制编码进制编码69Chapter 6Base-64EncodingConcept64进制编码概

55、念进制编码概念01010101010101000011000101011111001001Input bit stream0101010100010101 00010101 Divided into 24-bit blocks010101010000111110001011Each 24-bit divided into four 6-bit blocks010101100100001111111010001011006-bit block mapped to 8-bit block70Chapter 6PrettyGoodPrivacy(PGP)极棒隐私协议极棒隐私协议widelyusedd

56、efactosecureemail实际中广泛使用的安全邮件协议实际中广泛使用的安全邮件协议developedbyPhilZimmermann由由Phil Zimmermann开发开发selectedbestavailablecryptoalgstouse采用常用的加密算法实现采用常用的加密算法实现71Chapter 6PrettyGoodPrivacy(PGP)极棒隐私协议极棒隐私协议integratedintoasingleprogram集成为单个程序集成为单个程序availableonUnix,PC,MacintoshandAmigasystems可用于可用于Unix, PC, Macin

57、tosh and Amiga系统中系统中free,nowhavecommercialversionsavailablealso免费免费72Chapter 6PrettyGoodPrivacy(PGP)极棒隐私协议极棒隐私协议http:/73Chapter 6PGPSecurityFeaturesPGP的安全特点的安全特点Pretty Good Privacy (PGP)EncryptionNon-repudiationMessage integrity74Chapter 6PGPOperationsPGP操作操作1. Digital Signature 2. Compression3. Enc

58、ryption 4. Enveloping5. Base 64 encoding数字签名数字签名压缩压缩加密加密数字封包数字封包64进制编码进制编码75Chapter 6PGPOperationsPGP操作操作76Chapter 6Lempel-ZivAlgorithm(Zip)ZIPWhat is your name? My name is Atul.Original string1. A = is2. B = nameVariable creation and assignmentWhat 1 your 2? My 2 1 Atul.Compressed string77Chapter 6

59、78Chapter 6MultipurposeInternetMailExtensions(MIME)多用途多用途Internet邮件扩充协议邮件扩充协议Traditional email communication is text-only传统的邮件通信仅为文本通信传统的邮件通信仅为文本通信Modern email communication demands multimedia (sound, video, pictures, etc)现代邮件通信要求多媒体现代邮件通信要求多媒体Enhancements provided in the form of MIME MIME提供了增强型功能提供

60、了增强型功能 79Chapter 6MIMEExtensionstoEmail电子邮件的电子邮件的MIME扩展扩展From: Atul Kahate To: Amit JoshiSubject: Cover image for the bookContent-Type: image/gif80Chapter 6S/MIMEContentTypesS/MIME内容类型内容类型TypeSub-typeDescriptionMultipartSignedAclearsignedmessageconsistingofthemessageandthedigitalsignature.Applicatio

61、nPKCS#7 MIMESignedDataAsignedMIMEentity.PKCS#7 MIMEEnvelopedDataAnenvelopedMIMEentity.PKCS#7 MIMEDegenerateSignedDataAnentitythatcontainsonlydigitalcertificates.PKCS#7SignatureThe content type of the signature subpart of amultipart/signedmessage.PKCS#10MIMEAcertificateregistrationrequest.81Chapter 6

62、S/MIMEFunctionalitiesS/MIME功能功能FunctionalityDescriptionEnveloped dataConsists of encrypted content of any type, and the encryption keyencryptedwiththereceiverspublickey.Signed dataConsistsofamessagedigestencryptedwiththesendersprivatekey.ThecontentandthedigitalsignaturearebothBase-64encoded.Clear-si

63、gned dataSimilartoSigneddata.However,onlythedigitalsignatureisBase-64encoded.Signed and Enveloped dataSigned-onlyandEnveloped-onlyentitiescanbecombined,sothattheEnvelopeddatacanbesigned,ortheSigned/Clear-signeddatacanbeenveloped.82Chapter 6S/MIMEFunctionalitiesS/MIME功能功能envelopeddataencryptedcontent

64、andassociatedkeyssigneddataencodedmessage+signeddigestclear-signeddatacleartextmessage+encodedsigneddigestsigned&envelopeddatanestingofsigned&encryptedentities83Chapter 6WirelessSecurity无线安全无线安全Wirelesscommunicationprotocolsarebecomingpopular无线通信协议普及无线通信协议普及Concernsregardingwirelesssecurityarebeingr

65、aised对无线安全的关注与日俱增对无线安全的关注与日俱增HowtosecureWirelessApplicationProtocol(WAP)?如何保证无线应用协议的安全如何保证无线应用协议的安全84Chapter 6MobilePhoneandInternet移动电话和移动电话和InternetWeb (Origin) serverHTTP RequestHTTP ResponseWAP RequestWAP ResponseWAP Gateway85Chapter 6WAPSecurityWAP安全WirelessTransportLayerSecurity(WTLS)无线传输层安全无线

66、传输层安全SimilartoSSLinconcept在概念上像在概念上像SSLConversionsbetweenWTLSandSSLleadtosecurityconcernsWTLS与与SSL间的转换导致安全问题间的转换导致安全问题86Chapter 6WAPStackWAP堆栈堆栈Application Layer (WAE)Session Layer (WSP)Transaction Layer (WTP)Security Layer (WTLS)Transport Layer (WDP)Physical Layer (Wireless)87Chapter 6WTLSSecurityWTLS安全安全Web (Origin) serverWAP GatewayWireless Operator NetworkInternetWTLS SecuritySSL SecurityWAPClient