密瑪學原理與技術3. WWÁª
• _Ž³Ö “kryptos” (¯) q “graphein” (3¿)
ÓdþŒ¯Y¿ f
• WÁª‰SG;pªÙ,8ÁØWq
WYŪf
WQ, WQ,
W–L W–L
üÖ üÖ
-------------- WÖ --------------
ABCDE ------------- ABCDE
abcdef #@%$/ abcdef
123456 [~^%$) 123456
W W
(Encrypt) (Decipher)
5. WÁª?I¤Z (2/2)
• WQ, (Encryption Algorithm)
– ;WLÁüÖ†WYÜÁ*YQ,f
• WQ, (Decryption Algorithm)
– ;–LÁWÖ†WYÁ*YQ,f
• W (Decipher)
– ZWÖ”a‰üÖY@ûf
• WÁN (Cryptanalysis)
– ”ê¾_W–LÐ4ý¿–LCDZWÖ
a”‰üÖH˜f
6. ‰¡ÿêWÁª(Why Cryptography)
• ½ÃY÷WÌ (Confidentiality)
• d6ÇÆ9 (Authentication)
• »ØJI—”…Y· (Integrity)
• d6ÃÂÔ8UeŸ×fYÐtøYÇü
(Non-repudiation )
7. WÁªYfY
WÁªYfY
WÁªYfY
÷WÌ
÷WÌ ©Ç
©Ç
(Privacy)
(Privacy) (Authenticity)
(Authenticity)
ù
ù ÂÔk
ÂÔk
(Message)
(Message) (Sender)
(Sender)
ÆÌ
ÆÌ ”I©Ì
”I©Ì …Ç
…Ç
(Integrity)
(Integrity) (Non-repudiation)
(Non-repudiation) (Authentication)
(Authentication)
8. W¦”Yv
• W¦”Yv8YJWÁNÔê€lY
ۜ~Uf
• W¦”vY÷-·lQhYªoj
– Q,v
– –LÚS
– –LY—
• Kerckhoff Principle
– WÁûUYČ̔¯Q,YWdþJ_Ôõ
–LYWÚSf
11. WÁN¦” (1/2)
• %]WÖN (Ciphertext Only Attack)
– Nk_Ž«ÔÞYWÖø¬üÖЖLf
• Š]üÖN (Known Plaintext Attack)
– Nk_Š]YüÖ~I´ÁÐYWÖø¬–
Lf
• o¿üÖN (Chosen Plaintext Attack)
– ¸Øk;$ÿÙ,ZüÖïÔÂÔLdŽ_Â
Ôk_{WYWÖ (CNkø›SüÖ~
I´ÁÐYWÖ) dø¬W–Lf
12. WÁN¦” (2/2)
• o¿WÖN (Chosen Ciphertext Attack)
– ¸Øk;$ÿÙ,ZWÖïÔŸ×LdŽ_Ÿ
×k_{WYüÖ(CNkø›SWÖ~
I´ÁÐYüÖ) dø¬W–Lf
• sbN, (Brute-Force Attack)
– Nk“
ÔÞY÷W–L8¸ØWÁûUf
14. WÁª±ó
• WÁªûU·løì½gG”YHÃ8
±ój
– ZüÖ7l‰WÖÔ46QÙ,jY¨.j
• _þ (substitution)
• Äl (transposition)
• ´1 (product)
– 4–LHpY¨.j
• ÷WL(secret-key)dÐÂUWûU
• ¢ÁHÌЮšLWûU
• O« (HASH)
– ˆ#üÖÙ,jY¨.j
• ØlW, (block cipher)
• ØtW, (stream cipher)
15. W?I6Q
• _þ(substitution)
– _þ8YJüÖ•YÊSH©o
Ç—ÁÐQ$SH©of
• Äl(transposition)
– ÄlJZüÖ•Y©o -°f
• ´1 (Product)
– ø_þ~Äl‰?þôÓY
O _þ
¥dø:Q»
OY´1Öf
Äl ´1
16. –LY4Hp
• ÁHÌWÁª
– W~W4Sª–LH˜dfH‰
SÐ÷
WL(secret-key)dÐÂUWûUf
• ¢ÁHÌЮšLWûU
– W~W4SÁ–LH˜
• ”ê–LYW¦”H‰O« (HASH)
17. lW vs. ØtW
• ˜ØlW (block cipher)™
– ZüÖ±ÓpHnH¿©Ð©Yld(òÁÊ
SHlØдYQ,ÆqLdpªÌ
Œj‰ (M‰üÖd±òÓM1eM2…Mnl)
• E(M,K)=E(M1,K)E(M2,K)…..E(Mn,K)
• ˜ØtW (stream cipher)™
– ØtW(”6ZüÖ²±‰ldþJSã
WØtYSH©ÐJ©flY*,JZ
0õYWL·Ó‰Ì—e'¾ÁYS—
–Lt(keystream)dŽZ–LtqaØ
€plain text¾@XOR6Qd*[WÖØ
€cipher textf
18. JW¦”
• ZüÖ•Y¿©I4Y¿©ÐLî8þ
• Caesar W,
– ðØòð
Y_þW,d_©Ã50˯õ¬
Julius Caesar®
– ZÊH¿NIYKgH¿N8_þf7½j
• üÖjATTACK AT DAWN
• WÖjDWWDFN DW GCZQ
• Caesar WQ,jC=E(P) = (P+k) mod (26)
• Caesar WQ,jP=D(C) = (C-k) mod (26)
• JW¦”‰_þeÁHÌWÙ,
• Q,@õ
ò–LÄõdø—N
20. ÁHW¦”
Data
h ÁHÌWÁªfH‰ÂU
ÐdW–L (Symmetric
Encryption , Secret Key W
Encryption, conventional
Encryption)
y ùYWqW®´
Y–L
y êÂÔqŸ×PÙi¹ dW–L
Þ´YSª–L
W
Data
21. ÁHW¦”Y´yÃ
• ´Ãj
– 0žº
– ½4D}Y–LdZíøNf
• yÃj
– êÞSHÄŒÌÚSZ–LÄŒÌY±Ôtø
YPÙf
– d6÷WÌ(Confidential)YÄŒÌbdÌ,d6
”I©Yb
22. ¢ÁHÌW¦”
• ¢ÁHÌWÁª Data Data
(Asymmetric
EncryptioniPublic
Key Encryption) W W
– ÊH4k¹ÞSÁ ®š–L
–L-®š–Lq÷
W–L(public key
and a private key)d
ù_I•Sª–L
Wd@ê_$S
ª–LšøWd®
š–Lø—?9Y W W
ï1dþ÷W–L@ ÷W–L
ê¯WYøÀf
Data Data
24. ÁHÌW, vs.¢ÁHÌW,
ÁHÌW, ¢ÁHÌW,
I4¤H dW–LW, ®š–LW,
WYkeyJ
´ ”
I´
®šLø®š
keyI®š ”®š
÷ÞL”®š
½~NH[tlù, Ì~µÇ[tlùd
keyM*Z
êM»NªWL %êM‰Y÷WL
Wº ž Ô
lõW—0—YØdlõW—0õYØe
Ð
7jemail p¦Ý
27. lÁHÌWQ,Æ
• Data Encryption Standard (DES)
• Triple DES (3DES)
• IDEA
• BlowfishiTwofish
• RC4eRC5eRC6
• AESj(Advanced Encryption Standard)j
Rijndael
30. 1JZüÖ7lÓI4Yud+–LqWÖë·‹Ž
O·
– ÒsJ8üÖ•Y‚SHƒ®ÙY
»ÇZ6ÒsB¤QW
ÖY¢Å…
• DES®56©Y–L8Á64©YØl†
Wdê¾16«¥Y6Qf
• ôyÃj56©Y–L—ÄõdøfÃeØYQ
bd·l%ê€lS,Ûœ¬DES–Lf
31. Triple DES
• 1992Ëd¼ú[pï$DESøÀ'48#
vdªäTriple DESÐ6þ[f(6Q48«
¥)
• 3DESø4ZªÐgª–Ld½JZªd
ÆK1qK3JSuYdK2J”
• 168©–L
• âI4Q,0Ô
• óèjDES-EEE3eDES-EDE3eDES-EEE2e
DES-EDE2
• fÃÞ¢µc)ÐûU®3DESd½PGPe
S/MIME
32. 3DES 6*
¡
DES-EDE36*|Ì
üÖ
K1–L K2–L K3–L
†DES †DES †DES WÖ
W W W
WÖ
K3–L K2–L K1–L
†DES †DES †DES üÖ
W W W
33. † Wz_ (1/2)
• † Wz_ (AESiAdvanced Encryption
Standard) f
• NIST‰Y_þDESõ1997Ë4ÜMÌ®SD
ËhSþYïWÁœAESdø½
(sensitive)(¢ÚW(unclassified)YLØf
• 2000Ë10ÜdNIST18â;Û(Belgium)
YGWÁªkJoan DaemeneVincent
RijmenÔdYRijndaelQ,J{µ°D
oz(*‰-SþYWz_f
35. ÁHWQ,â0
DES 3DES AES
Øï 64 © 64 © 128 ©
–L— 56 © 168 © 128/192/256©
6Q 10/12/14ã
16 ã 48ã
ãp (‡–L—þ.)
36. ®š–LQ,
• Deffie-Hellman Key Exchange
– SG+GH·Ã¼X qÔ›WLYÙ,d
DHd6Y–L·@”ÄŒc)YÙ,f
• RSA
– 1978 ËdRiveseShamir ¿ Adleman gªk;
±}/pYbíÔdY¢ÁHÌ–LQ
,dJfÃðwAY®š–LW, f
• ÕåÜÞWÁª (Elliptic CurveiECC )
– -SþY®š–LQ,d_õECC%ê40õ
Y–L—1:Q~0—–LYRSAQ,v
S›dÔø¢lG¥¯7½}FYUÞ
¤h4f
37. O«Lp(Hash Function) (1/2)
• O«LpZ‚—Yùi]øâ5d
7lþÓ‰SH—0õòx›Yidä
iù‰O«= (Hash Value)ÐùÜ
(Message Digest)f
• Ðj
– ½ØÂÔYÆÌ
– p¦Ç
– WÁ·À
– ù½©
38. O«Lp(Hash Function) (2/2)
• O«Lp$Ì
–
£YH›Lp (One way transformation)dÌ
,_iÀªIai]=€”ÀÕ
– ¤ Ì (collision resistance)
• O«=ê‡üÖ·
þ
• í¬ZH”YÖHÞ´YO«=
• l—H‰˜p8m™(Digital Fingerprint)
– ÒuÌ (Diffusion)
• 8üÖ•Y‚SHƒ®ÙY
»ÇZ6ÒsB¤Q
WÖY¢Å…
40. Message Digest 5 (MD5)
• 1991Ë Ron Rivest £YMD5‰ MD4Y·
HId0MD4
OþÄŒd(ùÔf
• MD5 6Z 512 ©ï±Ó 16 H 32 ©Y
ïd8ˆ#i]Ö¿f
• i]‰SH512 ©Yïdi‰SH128
©YùÜf
• UNIX/Linux YshadowWÁ1JäGW¦”f
41. SHAe SHA-1
• ÄŒO«Q, (Secure Hash Algorithm )‰7
•z_~¦”X6(NIST)Ôï8dfY‰
Õjp¦Ýz_(DSS)ÔêYO«Q,f
• i]Yù”t@ 264H©d6—±ÓµH
512©Yl8ˆ#f
• SHA*[160©YO«=
• âMD5Dk#sb¸Ø (ª‰µY32©)
• SHA-1‰ SHAY·HI
• ]¤Ye‰ÄŒÌX›PGP1J4äG
Q,f
43. O«Q,â0
MD5 SHA-1 RIPEMD-160
Ü— 128© 160© 160©
ˆ#?I
512© 512© 512©
É7pf 64 80 160
(4H16HÉ (4H20HÉ (2;Y5H16H
7Y«¥) 7Y«¥) É7Y«¥)
ù— 8 264 -1 © Ü
´ÁÖ* 32.4Mbps 14.4Mbps 13.6Mbps
• * jYJS¯Pentium 266MHzYÚœjÔ{
(http://www.eskimo.com/~weidai/benchmarks.txt)
45. W PKI
• PKIJSG¢ÁHÌ
WÁªe´qc) ¯ÇM Õj PKI
YÆ¥¦”dô #•Ð ÐûÌ
J8dºæc
)·ÃqetøY
ÄŒÌf PKI
• PKI pJSGÕjp
¯Çq®š–L¢ ¢ÁH
°z_ÐX›YÄŒ f}
ÌW
ÌÆ¥~Vôf
46. ‰4 PKI
• PKI d6Y±Ô®š–LY¼¦”
• äh껵4q»÷ÄŒÌYtø
ÚSf
– êâÂUWÁûU» 48. ®š–LWa#
ŠWYؾ_
ŠWYؾ_
c)ÂÔ
c)ÂÔ
Data
Data
8A48
8A48
1
1
ug4îžY®š
ug4îžY®š
–L(public Key)Z
–L(public Key)Z
ÂÔYØW
ÂÔYØW Data
3A78
3A78
îž4‰Y÷W
îž4‰Y÷W
–L(Private Key)
–L(Private Key)
ðWYØ
ðWYØ
49. ®š–LÇa#
¦ÝYؾ_c
¦ÝYؾ_c
)ÂÔ
)ÂÔ
~*~*~*~
~*~*~*~
~*~*~*~
ug4‰Y÷
ug4‰Y÷
W–L¦ÝêÂ
W–L¦ÝêÂ
ÈYù
ÈYù ~*~*~*~
~*~*~*~
îž;ugY®š–L
îž;ugY®š–L
½©¦¹Jïug
½©¦¹Jïug
50. *[p¦Ç
p ¦ Ç
aù
MD5
SHA RSA
aù
O« Ü= ÂÔk
Q, ÷W–L
¦ÇYù
51. Çp¦Ç
Ç p ¦ Ç
MD5
aù SHA
O« O«=S â0ZH ðZk´
Q, O«= ǼYÆ
Ìe”I
RSA
©Ì
ÂÔk O«=Z
¦ÇYù ®š–L
52. p¦ (Digital Envelope)
ÂÔÙ Ÿ×Ù
ÁHÌûUW
ÁHÌW ¢ÁHÌW
d d
W W
Ø – Ø –
L L
×
ÁHÌûUW Ù
®
dW–L ×Ù®L dW–L L
• 8eÖ®ÁH–LW*[WÖdŽ ×
;×ÖkY®š–LZÁH–LWd Ù
÷
ZWÖ~W˜ÁH–LÂÔŸ×kd
L
ø:QdW·Ã˜fYkf
53. PKI 4Í
• d6ÃLÀ_ûU¿UY…ÇÚS
(vs. WÁûU)
• ½¢GØõc)jÂÔY÷WÌ
(confidentiality)qÆÌ(integrity)
• ´¦Ý (Code Signature)
• ÄŒÌY¢°etø
– «Å®Öe·
– e
– c)Õ
– c)h
56. ¯Ç (Certificates)
• p¯ÇJS…¾_CA
¦ÝYeÖf
version
• 8Çü®š–Lq$ Serial Number
›YH[Ð
(¹Þk) Subject
Y¹©ë·f Issuer
Public Key
• z_jITU-T X.509øÌ Validity Period
Extensions
• ¯Ç«™
4k¤ CA Signature
He®š–LeïÇk
(issuer)e[ÖqQ‚Ú
‚e¹Þk….Ãf
57. ¯Ç«™
HI
¯Çïk
¯ÇY
¯Ç5Þk ÞÖ‚
®š–L
58. X.509p¯ÇøÌ
• X.509p¯ÇWøASN.1LîŒj,
(Abstract Syntax Notation 1)›Èd Z¾1
YÓp¯ÇYZ†Øf
• ASN.1øµGÙÌøÜÁd$¦z_µ
‰4
YDER (Distinguished Encoding
Rules)dø*[Z†p¯ÇdBASE64
*[Ö¿|ÌÜÁøÌf
59. p¯ÇYÜÁ«™
• p¯Ç·løBase64ÜÁd*[½hÔ
YASCII«™Öj
-----BEGIN CERTIFICATE-----
MIICWDCCAgICAQAwDQYJKoZIhvcNAQEEBQAwgbYxCzAJBgNVBAYTAlpBMRUw
EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA
1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxHzAdBgNVBAsTFkNlcnRpZmljYXRp
b24gU2VydmljZXMxFzAVBgNVBAMTDnd3dy50aGF3dGUuY29tMSMwIQYJKoZIhvc
NAQkBFhR3ZWJtYXN0ZXJAdGhhd3RlLmNvbTAeFw05NjExMTQxNzE1MjVaFw05Nj
EyMTQxNzE1MjVaMIG2MQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGV
ybiBDYXBlMRIwEAYD
VQQHEwlDYXBlIFRvd24xHTAbBgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMR
8wHQYDVQQLExZDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzMRcwFQYDVQQDEw53d3
cudGhhd3RlLmNvbTEjMCEGCSqGSIb3DQEJARYUd2VibWFzdGVyQHRoYXd0ZS5j
b20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAmpIl7aR3aSPUUwUrHzpVMrsm3gp
I2PzIwMh39l1h/RszI0/0qC2WRMlfwm5FapohoyjTJ6ZyGUUenICllKyKZwIDAQABMA0
GCSqGSIb3DQEBBAUAA0EAfI57WLkOKEyQqyCDYZ6reCukVDmAe7nZSbOyKv6K
UvTCiQ5ce5L4y3c/ViKdlou5BcQYAbxA7rwO/vz4m51w4w==
-----END CERTIFICATE-----
60. ¯ÇM#•Ðï¯Ç
1 _k£W•Ðd
3 6…¿aÇü
2 W•ÐǯÇ
2 Ë[˜±d(¬Æ
¯ÇM#•Ð $8¦ï¯ÇdÛ
(Certificate pZ¯ÇËÄŒ®
Authority) 4 Â $
W•Ð
(Registration
Authority) 3 ¯ÇM#•Ð*[(
1 ¦Ça[¯Ç
Repository
4 ¯ÇM#•ÐÄŒY
Z¯ÇÂÔa[
ak
(Z4·ÀõØ«
•
61. A´Ú뮚–L?þ£(GPKI)
• fÃA´Ú뮚 A´Ú뮚–L?þ£ GPKI
–L?þ£
(Government Public
Key Infrastructure, A´¯Ç e¯Ç
GPKI)YVô½¡ M#•Ð ªƒ
Ôj
• GPKIYï¿Ä
ÙÌýGRCAc
«AÅ 62. ¿
gj ¯Ç
¯Ç
http://grca.nat.gov.tw M#•Ð M#•Ð
A´»
¯Ç ˆ ¯Ç
M#•Ð A´¯Ç M#•Ð
M#•Ð
66. lYÄŒÌX›
Ð4
SET,
S/MIME, Ð4
Ð4 Œ:4
PGP…..
64
SSL, SSH
Âi4
Âi4 Âi4
IPSec cç4
cç4 c)4
ع4
c)§
c)§
¼4
67. SSL(Secure Sockets Layer )
• U1994ËnetscapedSGVô¯TCP ˜jYČ̷
ÃX›
• SSL‰fÃð?9ÐYc+ÂiÄŒÌX›dC
HTTP+SSL=HTTPS
• SSLÕjYÄŒÌj
– Ç (Authentication) j4RSAeDSSqX.509¯Ç®š–L
W¦”
– ÂiYÚWÌ (Confidentiality)j4IDEAe3DESeRC4 ÁHÌ
W¦”
– ÆÌ(Integrity)j4MD5eSHAO«‰?þYù½©Á
(MAC)
• SSL Ì,d6˜”I©Ì™Çü
68. SSL X›
• SSL eÓX›jXDPÙÄŒ·ÃYpd
©Ç…e
Q,~–Ltl
• SSL ¾}X›j…PÙ:ÓÄŒXDd;¾}X›†
·ÃdI 69. ‰ZIj4YØø±ðeÀ5e]
ùÇÁ~WÂÈTCP4f
• SSL FSX›jª.K1YFSùf
• SSL
»WøX›j·]ÁÙ·
Wø
Ð4 (HTTPeLDAPeSMTP….)
Z SSL SSL
» SSL
4 eÓX› WøX› FSX›
…….
X
› SSL ¾}X›
TCP 4
IP 4
70. SSL eÓX›tû
ÒL #L
KS ljmÄŒÚS
Client_hello
X›HIe6Æ9ÁeW
Server_hello –LtlÐ*[Ù,
eÀ5Ù,dξp
Certificate
KZ lj#œ½©q–Ltl
exchange #œÔ¯Çe–LtlùÐRSA®š
Server_key_
request –Le˯Çùdð#œÔ
Certificate_
Server_hell
o_done ¨ hello message© Y¼Ã¹
Certificate
Kg ljÒL©Çq–Ltl
Client_key_ex ÒL—ËÔ¯ÇdÒÔ–L
change
Certificate_ve tlÐ*[˜ÃĘô–L ø#œ˜RSA
rify
®š–LW
dÒÔ¯ÇÇ
Change_ciphe
r_spec
K, ljÓ
Finish
PÙ*[ô–Ld
»WdÓeÓ
her_spec X›
Change_cip
Finish
71. TLS (Transport Layer Security)
• SSLõ1999Ë—IETFŸad»¤‰TLS 1.0
H (RFC2246) dTLS*‰SSLYƒX› f
• TLS«™~ SSL v3.1X›;÷Sud%*ƒÅ
…L·f
• TLS§õTCP4~Ð4˜œdd6Âi4ø
j˜÷WÌe…ÇeÆÌÄŒÌf
• øÐõTelneteFTPeHTTPqe‰
X›f
72. Secure Shell (SSH)
• SSH‰SÊd6ÄŒÌÃLî]~BvÿY
X›~ûÌf
• SSH ¹ÞÀ@WÁªd6ÇeÂiY÷WÌ
~ÆÌÄŒÌf
• HIjv1 ~ v2
• SSHv1 J‰Y_þYtelnete rloginershe
rexec”ÄŒYî]¿ÂiÙ,
• SSHv2‰SSHv1X›Y 3~vd4”
Y–LtlÚSe03YE”ÚS(d6YÄ
ŒÌYæéÂi~¹Ÿ=7Ô 75.
ÄŒÌYÃLî]
ÄŒÌBÃLvÿ
ssh ssh host command
ôÚ
ÒL ÒL ssh vÿ
ôÚ
p
X11 DISPLAY
ing
Po rt F orward
ssh ssh
ÒL ôÚ ÒL ôÚ
(3) X11 Forwarding
ÄŒÌYæéÂi
Vncho
st:59 00
Localhost Text
:5900
Port 22 ssh
vncviewer vnchost
(5) Port Forwarding
ssh -L 5900:localhost :5900 vnchost
76. SSH X›~W¦”
• ;Diffie Hellman Ð telnetercpershe
RSA tl÷W–L rlogineftp
• SSH;IDEAe ”ÄŒYÂi
BlowfisheAES Ð 3DES
ÁHQ,W
• 4 RSAeDSA ®š–
L¦”Ç ÄŒYÂi
• Õj PKIYÇ~¬ÆÙ sshesftpescp
Ì
77. IPSec
§
• IPSecJIETF(Internet Engineering TaskForce)
Ôô¬ïIpv6YSÅ…f
• IPSec›ÈØWeÆÌdÇ~–LM
#ø½c)ÂiÄŒÌ(confidentiality e
integrityeauthenticatione~key
management) f
• IPSecЯOSI|Ìc)4dòÇÔÞIP
Ø
«J ÄŒYþ~j4BYÐûÌ~
¾@Y)_œÌëf
78. IPSec Y´Ã
• šóYˆ8z_(IETF) dõIPv4qIPv6
• ½ÂiY÷WÌeÆÌ~P£ÇYÄŒ
Ìb
• ÀüÌ jIPSec‰c)4ÄŒÌX›d~4
k¿j4ÐûÌÌëf
• AÌbj IPSec¯ôÚœYÄŒÂi
j(transport mode)dpÐõclœYÄ
ŒÂÈ(Tunneling mode)d(d60}Y4
¿M#AÌf
79. IPsec X› (1/3)
IPSEC Vô
IPSEC Vô
IKE
IKE AH
AH ESP
ESP
IPSEC DOI
IPSEC DOI ÇQ,
ÇQ, WQ,
WQ,
82. f
– –LtlX› (IKE)
• ªmÄŒL(SA)~tl–Lf
– AH(Authentication Headerd©ÇŒ˜)
• ôd6©ÇY 83. jM½kÆ
Y8Ud’5 Ô
Ú¸Øf
• IP
YÆÌj½©IP
¯ÂÔÄ•J€J·f
• ½©IP
ïÔkY…f
– W:
©Ç(Ì,#ßc)jYKgk#
«™
87. IPSec Transport Mode
9c)
9c)
Host B
)_œ
)_œ
Internet
cçc)
Host A
IPSec between Hosts
IPSec between Hosts
AH z˜
aIPz˜ aØl
(IP Header)
or
(IP Payload)
ESPz˜
88. IPSec Tunnel Mode
IPSec ÄX IPSec ÄY Host B
Host A cçc)
W
W
9c) 1 IPSec between Gateways 9c) 2
aIPz˜ aØl aIPz˜ aØl
(IP Header) (IP Payload) (IP Header) (IP Payload)
-YIP AHÐESP aIPz˜ aØl ESP ESP
z˜ z˜ (IP Header) (IP Payload) Trailer ©Ç
93. +W¦” – IDEAeRSAeSHA-1e
MD5...
• ®ZIPÀ5ŽWÂÈÙÌ f
• ‰S5le®vbÜÁQ,òùm6*
”aA´Å˜›SYÄŒÌX› f
• http://www.pgpi.org/
94. SET (Secure Electronic Transaction)
• 1995Ë_VISAqMastercardZ}¦®!
ªYcçc) 8tøz_f
• Я¦˜œtø@ûYWÙf
• SET45ke ³Y¯Ç¿p¦Ç†
”I©YÇd½©
lke •˜…Y
M½Ì f
• 4p¦Ç½ØÂiYÆÌ f
• SET4DES*‰ù›ÃYWˆ#Ù,d
(ò4RSA*–Ltlqp¦ÝdSHA-1
d6ÆÌf
• ®P ¦ÇÚS(Dual Signature)ø©+ •Ì
,{]
lkênîØd×
Ì,_{
lk
Øf
95. SET ¤Vô
ez
cçc) $Ò ³
5[
(
lk) ³#œ
¯ÇM#•Ð cçc)
$
ù›˜
5[ VisaNet
Ø«
ïÕ ×
Õ
96. §
• WÁª‰ÃÄŒY?þŪf
• WÁªJ:ÓÃÄŒÔËYÇ (Authentication)e
÷WÌ(Confidentiality)eÆÌ(Integrity)e”I©
Ì(Non-repudiation)ÄŒÌÔ@êY¦”f
• ªf(YÁHÌe¢ÁHÌWÁª~O«Lp¯
ÃÄŒjYÐJ$þÄ[p@êY¦”f
• Dµ;ÄŒÌX›8X?Ð_þ”ÄŒYf
• 4W¦”êÛýŽÖ~Ù©ÌY_µ*Zf