SlideShare a Scribd company logo

密瑪學原理與技術

David Liao
David Liao
Technology
1 of 80
Download to read offline
C05-101 WÁªa#~¦” (ÁHÌ~¢ÁHÌWÁ¦”)
©1j WÁª?
WWÁª • _Ž³Ö “kryptos” (¯) q “graphein” (3¿) ÓdþŒ¯Y¿ f • WÁª‰SG;pªÙ,8ÁØWq WYŪf WQ, WQ, W–L W–L üÖ üÖ -------------- WÖ -------------- ABCDE ------------- ABCDE abcdef #@%$/ abcdef 123456 [~^%$) 123456 W W (Encrypt) (Decipher)
WÁª?I¤Z (1/2) • WÁûUJ_üÖeWQ,e–Le WQ,¿WÖ¥þÓf • üÖ (Plaintext) – WÃYaØd‰WQ,Yi]dW Q,Yif • WÖ (Ciphertext) – W˜YØd‰WQ,YidW Q,Yi]f
WÁª?I¤Z (2/2) • WQ, (Encryption Algorithm) – ;WLÁüÖ†WYÜÁ*YQ,f • WQ, (Decryption Algorithm) – ;–LÁWÖ†WYÁ*YQ,f • W (Decipher) – ZWÖ”a‰üÖY@ûf • WÁN (Cryptanalysis) – ”ê¾_W–LÐ4ý¿–LCDZWÖ a”‰üÖH˜f
‰¡ÿêWÁª(Why Cryptography) • ½­ÃY÷WÌ (Confidentiality) • d6ÇÆ9 (Authentication) • »ØJI—”…Y· (Integrity) • d6ÃÂÔ8UeŸ×fYÐtøYÇü (Non-repudiation )
WÁªYfY WÁªYfY WÁªYfY ÷WÌ ÷WÌ ©Ç ©Ç (Privacy) (Privacy) (Authenticity) (Authenticity) ù ù ÂÔk ÂÔk (Message) (Message) (Sender) (Sender) ÆÌ ÆÌ ”I©Ì ”I©Ì …Ç …Ç (Integrity) (Integrity) (Non-repudiation) (Non-repudiation) (Authentication) (Authentication)
W¦”Yv • W¦”Yv8YJWÁNÔê€lY Ûœ~Uf • W¦”vY÷-·lQhYªoj – Q,v – –L­ÚS – –LY— • Kerckhoff Principle – WÁûUYČ̔¯Q,Y­WdþJ_Ôõ –LY­WÚSf
–L (Key) • Sª–LJ8qWÁQ,*[$›WÖY Lî¿fI/jd–LJS´…—Yp ¿ÐLî¿dI}ƒ·lø©(bit)‰ f • –LlJQ,Æ«YSH pdÔø”Y –L6*[”SuYWÖf • 1WÁªþ d–L—s—dWÖ1s­Wf
QjYÄŒ • QjYÄŒ (Computationally Secure) • WÁûUYÄŒ~IYEŽz_¯õNkê €lµÇÛœø¿µÇÓI‘DNf • QjYÄŒ – NÔêYÓI÷õùY= – NÔêYÛœt@–LYªv
WÁN¦” (1/2) • %]WÖN (Ciphertext Only Attack) – Nk_Ž«ÔސYWÖø¬üÖЖLf • Š]üÖN (Known Plaintext Attack) – Nk_Š]YüÖ~I´ÁÐYWÖø¬– Lf • o¿üÖN (Chosen Plaintext Attack) – ¸Øk;$ÿÙ,ZüÖïÔÂÔLdŽ_ Ôk_{WYWÖ (CNkø›SüÖ~ I´ÁÐYWÖ) dø¬W–Lf
WÁN¦” (2/2) • o¿WÖN (Chosen Ciphertext Attack) – ¸Øk;$ÿÙ,ZWÖïÔŸ×LdŽ_Ÿ ×k_{WYüÖ(CNkø›SWÖ~ I´ÁÐYüÖ) dø¬W–Lf • sbN, (Brute-Force Attack) – Nk“ ÔސY÷W–L8¸ØWÁûUf
©2jWÁªóè WÁª±ó
WÁª±ó • WÁªûU·løì½gG”YHÃ8 ±ój – ZüÖ7l‰WÖÔ46QÙ,jY¨.j • _þ (substitution) • Äl (transposition) • ´1 (product) – 4–LHpY¨.j • ÷WL(secret-key)dÐÂUWûU • ¢ÁHÌЮšLWûU • O« (HASH) – ˆ#üÖÙ,jY¨.j • ØlW, (block cipher) • ØtW, (stream cipher)
W?I6Q • _þ(substitution) – _þ8YJüÖ•YÊSH©o Ç—ÁÐQ$SH©of • Äl(transposition) – ÄlJZüÖ•Y©o -°f • ´1 (Product) – ø_þ~Äl‰?þôÓY O _þ ¥dø:Q» OY´1Öf Äl ´1
–LY4Hp • ÁHÌWÁª – W~W4Sª–LH˜dfH‰ SÐ÷ WL(secret-key)dÐÂUWûUf • ¢ÁHÌЮšLWûU – W~W4SÁ–LH˜ • ”ê–LYW¦”H‰O« (HASH)
lW vs. ØtW • ˜ØlW (block cipher)™ – ZüÖ±ÓpHnH¿©Ð©Yld(òÁÊ SHlØдYQ,ÆqLdpªÌ Œj‰ (M‰üÖd±òÓM1eM2…Mnl) • E(M,K)=E(M1,K)E(M2,K)…..E(Mn,K) • ˜ØtW (stream cipher)™ – ØtW(”6ZüÖ²±‰ldþJSã WØtYSH©ÐJ©flY*,JZ 0õYWL·Ó‰Ì—e'¾ÁYS— –Lt(keystream)dŽZ–LtqaØ €plain text¾@XOR6Qd*[WÖØ €cipher textf
JW¦” • ZüÖ•Y¿©I4Y¿©ÐLî8þ • Caesar W, – ðØòð Y_þW,d_©Ã50˯õ¬ Julius Caesar® – ZÊH¿NIYKgH¿N8_þf7½j • üÖjATTACK AT DAWN • WÖjDWWDFN DW GCZQ • Caesar WQ,jC=E(P) = (P+k) mod (26) • Caesar WQ,jP=D(C) = (C-k) mod (26) • JW¦”‰_þeÁHÌWÙ, • Q,@õ ò–LÄõdø—N
©2jWÁªóè ÁHÌ vs.¢ÁHÌWÁª
ÁHW¦” Data h ÁHÌWÁªfH‰ÂU ÐdW–L (Symmetric Encryption , Secret Key W Encryption, conventional Encryption) y ùYWqW®´ Y–L y êÂÔqŸ×PÙi¹ dW–L Þ´YSª–L W Data
ÁHW¦”Y´yà • ´Ãj – 0žº – ½4D}Y–LdZíøNf • yÃj – êÞSHÄŒÌÚSZ–LÄŒÌY±Ôtø YPÙf – d6÷WÌ(Confidential)YČ̐bdÌ,d6 ”I©Yb
¢ÁHÌW¦” • ¢ÁHÌWÁª Data Data (Asymmetric EncryptioniPublic Key Encryption) W W – ÊH4k¹ÞSÁ ®š–L –L-®š–Lq÷ W–L(public key and a private key)d ù_I•Sª–L Wd@ê_$S ª–LšøWd® š–Lø—?9Y W W ï1dþ÷W–L@ ÷W–L ê¯WYø­Àf Data Data
¢ÁHW¦”Y´yà • ´Ãj – ®šLø®š±Ô – d6 ÷WÌeÇ~”I©Ì • yÃj – Ö0¨ ´Ã yÃ
ÁHÌW, vs.¢ÁHÌW, ÁHÌW, ¢ÁHÌW, I4¤H dW–LW, ®š–LW, WYkeyJ ´ ” I´ ®šLø®š keyI®š ”®š ÷ÞL”®š ½~NH[tlù, Ì~µÇ[tlùd key­M*Z ê­M»NªWL %ê­M‰Y÷WL Wº ž Ô lõW—0—YØdlõW—0õYØe Ð 7jemail p¦Ý
YÁHW~¢ÁHW¦” • ¢ÁHÌW¦”(¢8_þÁHÌ W¦”dþJ8ÎþI”(vÄŒÌf • Zk¢Þ´•d¼j¾l¥;4f Secret Private Public
©3j WÁªQ, §
lÁHÌWQ,Æ • Data Encryption Standard (DES) • Triple DES (3DES) • IDEA • BlowfishiTwofish • RC4eRC5eRC6 • AESj(Advanced Encryption Standard)j Rijndael
DES • DES‰Ø‚ð?94YÁH–LYQ,f • 1977Ë_Õ77•z_~¦”X6(NIST)®‰L È#z_f • ;ÿ
(Confusion)~Òs(Diffusion)a#f – ÿ
1JZüÖ7lÓI4Yud+–LqWÖë·‹Ž O· – ÒsJ8üÖ•Y‚SHƒ®ÙY »ÇZ6ÒsB¤QW ÖY¢Å… • DES®56©Y–L8Á64©YØl† Wdê¾16«¥Y6Qf • ôyÃj56©Y–L—ÄõdøfÃeØYQ bd·l%ê€lS,Ûœ¬DES–Lf
Triple DES • 1992Ëd¼ú[pï$DESøÀ'48# vdªäTriple DESÐ6þ[f(6Q48« ¥) • 3DESø4ZªÐgª–Ld½JZªd ÆK1qK3JSuYdK2J” • 168©–L • âI4Q,0Ô • óèjDES-EEE3eDES-EDE3eDES-EEE2e DES-EDE2 • fÃÞ¢µc)ÐûU®3DESd½PGPe S/MIME
3DES 6* ¡ DES-EDE36*|Ì üÖ K1–L K2–L K3–L †DES †DES †DES WÖ W W W WÖ K3–L K2–L K1–L †DES †DES †DES üÖ W W W
† Wz_ (1/2) • † Wz_ (AESiAdvanced Encryption Standard) f • NIST‰Y_þDESõ1997Ë4ÜMÌ®SD ËhSþYïWÁœAESdø­½ (sensitive)(¢ÚW(unclassified)YLØf • 2000Ë10ÜdNIST18â;Û(Belgium) YGWÁªkJoan DaemeneVincent RijmenÔdYRijndaelQ,J{µ°D oz(*‰-SþYWz_f
† Wz_ (2/2) • RijdaelYv÷eG¥õ÷ºc)(ò™ø ¯÷j¼*f • AES‰lÌW¦”d4Yï}ƒ‰ 128©dþ–L}ƒ‰128e192e256© gGo¿f 4 üÖï© ïW WÖï© –L— ©
ÁHWQ,â0 DES 3DES AES Øï 64 © 64 © 128 © –L— 56 © 168 © 128/192/256© 6Q 10/12/14ã 16 ã 48ã ãp (‡–L—þ.)
®š–LQ, • Deffie-Hellman Key Exchange – SG+GH·Ã¼X qÔ›WLYÙ,d DHd6Y–L·@”ÄŒc)YÙ,f • RSA – 1978 ËdRiveseShamir ¿ Adleman gªk; ±}/pYbíÔdY¢ÁHÌ–LQ ,dJfÃðwAY®š–LW, f • ÕåÜÞWÁª (Elliptic CurveiECC ) – -SþY®š–LQ,d_õECC%ê40õ Y–L—1:Q~0—–LYRSAQ,v S›dÔø¢lG¥¯7½}FYUÞ ¤h4f
O«Lp(Hash Function) (1/2) • O«LpZ‚—Yùi]øâ5d 7lþÓ‰SH—0õòx›Yidä iù‰O«= (Hash Value)ÐÃ¹Ü (Message Digest)f • Ðj – ½­ØÂÔYÆÌ – p¦Ç – WÁ·À – ù½©
O«Lp(Hash Function) (2/2) • O«Lp$Ì – £YH›Lp (One way transformation)dÌ ,_iÀªIai]=€”ÀՁ – ¤ Ì (collision resistance) • O«=ê‡üÖ· þ • í¬ZH”YցHÞ´YO«= • l—H‰˜p8m™(Digital Fingerprint) – ÒuÌ (Diffusion) • 8üÖ•Y‚SHƒ®ÙY »ÇZ6ÒsB¤Q WÖY¢Å…
lYO«Q,(Hash Algorithms) • MD2eMD4eMD5 • Secure Hash Algorithm (SHA) • RIPEMD-160
Message Digest 5 (MD5) • 1991Ë Ron Rivest £YMD5‰ MD4Y· HId0MD4 OþÄŒd(ùÔf • MD5 6Z 512 ©ï±Ó 16 H 32 ©Y ïd8ˆ#i]Ö¿f • i]‰SH512 ©Yïdi‰SH128 ©YùÜf • UNIX/Linux YshadowWÁ1JäGW¦”f
SHAe SHA-1 • ÄŒO«Q, (Secure Hash Algorithm )‰7 •z_~¦”X6(NIST)Ôï8dfY‰ Õjp¦Ýz_(DSS)ÔêYO«Q,f • i]Yù”t@ 264H©d6—±ÓµH 512©Yl8ˆ#f • SHA*[160©YO«= • âMD5Dk#sb¸Ø (ª‰µY32©) • SHA-1‰ SHAY·HI • ]¤Ye‰ÄŒÌX›PGP1J4äG Q,f
RIPEMD-160 • _„rRACEÆ¥?–Yµ°Œï8f • øŸa‚—Yi]ùdi]ù6— ±ÓµH512©Yl8ˆ#f • *[160©YO«=f
O«Q,â0 MD5 SHA-1 RIPEMD-160 Ü— 128© 160© 160© ˆ#?I 512© 512© 512© É7pf 64 80 160 (4H16HÉ (4H20HÉ (2;Y5H16H 7Y«¥) 7Y«¥) É7Y«¥) ù— 8 264 -1 © Ü ´Á֐* 32.4Mbps 14.4Mbps 13.6Mbps • * jYJS¯Pentium 266MHzYÚœjÔ{ (http://www.eskimo.com/~weidai/benchmarks.txt)
©4j ®š–L?þô
W PKI • PKIJSG¢ÁHÌ WÁªe´qc) ¯ÇM Õj PKI YÆ¥¦”dô #•Ð ÐûÌ J8dº­æc )·ÃqetøY ÄŒÌf PKI • PKI pJSGÕjp ¯Çq®š–L¢ ¢ÁH °z_ÐX›YÄŒ f} ÌW ÌÆ¥~Vôf
‰4 PKI • PKI d6Y±Ô®š–LY¼¦” • äh껵4q»÷ÄŒÌYtø ÚSf – êâÂUWÁûU»
+YÇÚS – êd6”I©ÚS PKI
®š–LWa# ŠWYؾ_ ŠWYؾ_ c)ÂÔ c)ÂÔ Data Data 8A48 8A48 1 1 ug4îžY®š ug4îžY®š –L(public Key)Z –L(public Key)Z ÂÔYØW ÂÔYØW Data 3A78 3A78 îž4‰Y÷W îž4‰Y÷W –L(Private Key) –L(Private Key) ðWYØ ðWYØ
®š–LÇa# ¦ÝYؾ_c ¦ÝYؾ_c )ÂÔ )ÂÔ ~*~*~*~ ~*~*~*~ ~*~*~*~ ug4‰Y÷ ug4‰Y÷ W–L¦Ýê W–L¦Ýê ÈYù ÈYù ~*~*~*~ ~*~*~*~ îž;ugY®š–L îž;ugY®š–L ½©¦¹Jïug ½©¦¹Jïug
*[p¦Ç p ¦ Ç aÃ¹ MD5 SHA RSA aÃ¹ O« Ü= ÂÔk Q, ÷W–L ¦ÇYù
Çp¦Ç Ç p ¦ Ç MD5 aÃ¹ SHA O« O«=S â0ZH ðZk´ Q, O«= ǼYÆ Ìe”I RSA ©Ì ÂÔk O«=Z ¦ÇYù ®š–L
p¦ (Digital Envelope) ÂÔÙ Ÿ×Ù ÁHÌûUW ÁHÌW ¢ÁHÌW d d W W Ø – Ø – L L × ÁHÌûUW Ù ® dW–L ×Ù®L dW–L L • 8eց®ÁH–LW*[WÖdŽ × ;×ÖkY®š–LZÁH–LW­d Ù ÷ ZWÖ~W˜ÁH–LÂÔŸ×kd L ø:QdW·Ã˜fYkf
PKI 4Í • d6ÃLÀ_ûU¿UY…ÇÚS (vs. WÁ­ûU) • ½­¢GØõc)jÂÔY÷WÌ (confidentiality)qÆÌ(integrity) • ´¦Ý (Code Signature) • ÄŒÌY¢°etø – «Å®Öe· – e – c)Õ – c)h
¯ÇM#•Ð(Certification Authority) • ‰Y4®š–LWÁûU{ø±;6*d@ê £,aW¥(ÇüTSª®š–L½¼‰T [ÐT Ô¹Þd+ü[Ì,ÿ½eý¿f ÔÙ,J|w™àÇüYÙÌd_¦`Y KgkÐÚô(Trusted Third Parity)8…*® L¬Æ dø¦ï®Le¯ÇYÙÌ8Ç ü®LYÖbf • CA1JSH8d6ïeÞVM#¯ÇY f • _A´e 8Úô(½verisigneThawte Consulting)Ð
«V£ød6¢°¯Ç ´ëYf
¯Ç (Certificates) • p¯ÇJS…¾_CA ¦ÝYeցf version • 8Çü®š–Lq$ Serial Number ›YH[Ð (¹Þk) Subject Y¹©ë·f Issuer Public Key • z_jITU-T X.509øÌ Validity Period Extensions • ¯Ç«™ 4k¤ CA Signature He®š–LeïÇk (issuer)e[ÖqQ‚Ú ‚e¹Þk….Ãf
¯Ç«™ HI ¯Çïk ¯ÇY ¯Ç5Þk ÞÖ‚ ®š–L
X.509p¯ÇøÌ • X.509p¯ÇWøASN.1LîŒj, (Abstract Syntax Notation 1)›Èd Z¾1 YÓp¯ÇYZ†Øf • ASN.1øµGÙÌøÜÁd$¦z_µ ‰4 YDER (Distinguished Encoding Rules)dø*[Z†p¯ÇdBASE64 *[Ö¿|ÌÜÁøÌf
p¯ÇYÜÁ«™ • p¯Ç·løBase64ÜÁd*[½hÔ YASCII«™Öj -----BEGIN CERTIFICATE----- MIICWDCCAgICAQAwDQYJKoZIhvcNAQEEBQAwgbYxCzAJBgNVBAYTAlpBMRUw EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA 1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxHzAdBgNVBAsTFkNlcnRpZmljYXRp b24gU2VydmljZXMxFzAVBgNVBAMTDnd3dy50aGF3dGUuY29tMSMwIQYJKoZIhvc NAQkBFhR3ZWJtYXN0ZXJAdGhhd3RlLmNvbTAeFw05NjExMTQxNzE1MjVaFw05Nj EyMTQxNzE1MjVaMIG2MQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGV ybiBDYXBlMRIwEAYD VQQHEwlDYXBlIFRvd24xHTAbBgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMR 8wHQYDVQQLExZDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzMRcwFQYDVQQDEw53d3 cudGhhd3RlLmNvbTEjMCEGCSqGSIb3DQEJARYUd2VibWFzdGVyQHRoYXd0ZS5j b20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAmpIl7aR3aSPUUwUrHzpVMrsm3gp I2PzIwMh39l1h/RszI0/0qC2WRMlfwm5FapohoyjTJ6ZyGUUenICllKyKZwIDAQABMA0 GCSqGSIb3DQEBBAUAA0EAfI57WLkOKEyQqyCDYZ6reCukVDmAe7nZSbOyKv6K UvTCiQ5ce5L4y3c/ViKdlou5BcQYAbxA7rwO/vz4m51w4w== -----END CERTIFICATE-----
¯ÇM#•Ðï¯Ç 1 _k£W•Ðd 3 6…¿aÇü 2 W•ÐÇ¯Ç 2 Ë[˜±d(¬Æ ¯ÇM#•Ð $8¦ï¯ÇdÛ (Certificate pZ¯ÇËÄŒ® Authority) 4  $ W•Ð (Registration Authority) 3 ¯ÇM#•Ð*[( 1 ¦Ça[¯Ç Repository 4 ¯ÇM#•ÐÄŒY Z¯ÇÂÔa[ ak (Z4·ÀõØ« •
A´Ú뮚–L?þ£(GPKI) • fÃA´Ú뮚 A´Ú뮚–L?þ£ GPKI –L?þ£ (Government Public Key Infrastructure, A´¯Ç e¯Ç GPKI)YVô½¡ M#•Ð ªƒ Ôj • GPKIYï¿Ä ÙÌýGRCAc «AÅ
¿ gj  ¯Ç ¯Ç http://grca.nat.gov.tw M#•Ð M#•Ð A´» ¯Ç ˆ ¯Ç M#•Ð A´¯Ç M#•Ð M#•Ð
PKI 48Ï • ýGPKI ¯
«YÐï9ødºYÄ ŒÌ • PKI ¥´~÷:Ó÷YÄŒÌË • ºpˆM½4¯ÇYH – a¯Ç – M#~ê…¯Ç
©5j ÄŒÌX›
lYÄŒÌX› Ð4 SET, S/MIME, Ð4 Ð4 Œ:4 PGP….. 64 SSL, SSH Âi4 Âi4 Âi4 IPSec cç4 cç4 c)4 ع4 c)§ c)§ ¼4
SSL(Secure Sockets Layer ) • U1994ËnetscapedSGVô¯TCP ˜jYČ̷ ÃX› • SSL‰fÃð?9ÐYc+ÂiÄŒÌX›dC HTTP+SSL=HTTPS • SSLÕjYÄŒÌj – Ç (Authentication) j4RSAeDSSqX.509¯Ç®š–L W¦” – ÂiYÚWÌ (Confidentiality)j4IDEAe3DESeRC4 ÁHÌ W¦” – ÆÌ(Integrity)j4MD5eSHAO«‰?þYù½©Á (MAC) • SSL Ì,d6˜”I©Ì™Çü
SSL X› • SSL eÓX›jXDPÙÄŒ·ÃYpd ©Ç…e Q,~–Ltl • SSL ¾}X›j…PÙ:ÓÄŒXDd;¾}X›† ·ÃdI
‰ZIj4YØø±ðeÀ5e] ùÇÁ~WÂÈTCP4f • SSL FSX›jª.K1YFSùf • SSL »WøX›j·]ÁÙ· Wø Ð4 (HTTPeLDAPeSMTP….) Z SSL SSL » SSL 4 eÓX› WøX› FSX› ……. X › SSL ¾}X› TCP 4 IP 4
SSL eÓX›tû ÒL #L KS ljmÄŒÚS Client_hello X›HIe6Æ9ÁeW Server_hello –LtlÐ*[Ù, eÀ5Ù,dΐ¾p Certificate KZ lj#œ½©q–Ltl exchange #œÔ¯Çe–LtlùÐRSA®š Server_key_ request –Le˯Çùdð#œÔ Certificate_ Server_hell o_done ¨ hello message© Y¼Ã¹ Certificate Kg ljÒL©Çq–Ltl Client_key_ex ÒL—ËÔ¯ÇdÒÔ–L change Certificate_ve tlÐ*[˜ÃĘô–L ø#œ˜RSA rify ®š–LW dҐԯÇÇ Change_ciphe r_spec K, ljÓ Finish PÙ*[ô–Ld »WdÓeÓ her_spec X› Change_cip Finish
TLS (Transport Layer Security) • SSLõ1999Ë—IETFŸad»¤‰TLS 1.0 H (RFC2246) dTLS*‰SSLYƒX› f • TLS«™~ SSL v3.1X›;÷Sud%*ƒÅ …L·f • TLS§õTCP4~Ð4˜œdd6Âi4ø j˜÷WÌe…ÇeÆÌÄŒÌf • øÐõTelneteFTPeHTTPqe‰ X›f
Secure Shell (SSH) • SSH‰SÊd6ÄŒÌÃLî]~BvÿY X›~ûÌf • SSH ¹ÞÀ@WÁªd6ÇeÂiY÷WÌ ~ÆÌÄŒÌf • HIjv1 ~ v2 • SSHv1 J‰Y_þYtelnete rloginershe rexec”ÄŒYî]¿ÂiÙ, • SSHv2‰SSHv1X›Y 3~vd4” Y–LtlÚSe03YE”ÚS(d6YÄ ŒÌYæéÂi~¹Ÿ=7Ô
f
SSH
 ÄŒÌYÃLî] ÄŒÌBÃLvÿ ssh ssh host command ôÚ ÒL ÒL ssh vÿ ôÚ p X11 DISPLAY ing Po rt F orward ssh ssh ÒL ôÚ ÒL ôÚ (3) X11 Forwarding ÄŒÌYæéÂi Vncho st:59 00 Localhost Text :5900 Port 22 ssh vncviewer vnchost (5) Port Forwarding ssh -L 5900:localhost :5900 vnchost
SSH X›~W¦” • ;Diffie Hellman Ð telnetercpershe RSA tl÷W–L rlogineftp • SSH;IDEAe ”ÄŒYÂi BlowfisheAES Ð 3DES ÁHQ,W • 4 RSAeDSA ®š– L¦”Ç ÄŒYÂi • Õj PKIYÇ~¬ÆÙ sshesftpescp Ì
IPSec § • IPSecJIETF(Internet Engineering TaskForce) Ôô¬ïIpv6YSÅ…f • IPSec›ÈØWeÆÌdÇ~–LM #ø½­c)ÂiÄŒÌ(confidentiality e integrityeauthenticatione~key management) f • IPSecЯOSI|Ìc)4dò­ÇÔÞIP Ø «J ÄŒYþ~j4BYÐûÌ~ ¾@Y)_œÌëf
IPSec Y´Ã • šóYˆ8z_(IETF) dõIPv4qIPv6 • ½­ÂiY÷WÌeÆÌ~P£ÇYÄŒ ̐b • ÀüÌ jIPSec‰c)4ÄŒÌX›d~4 k¿j4ÐûÌÌëf • A̐bj IPSec¯ôÚœYÄŒÂi j(transport mode)dpÐõclœYÄ ŒÂÈ(Tunneling mode)d(d60}Y4 ¿M#AÌf
IPsec X› (1/3) IPSEC Vô IPSEC Vô IKE IKE AH AH ESP ESP IPSEC DOI IPSEC DOI ÇQ, ÇQ, WQ, WQ,
IPSec X› (2/3) • ð}

Recommended

網路攻擊技術分析
網路攻擊技術分析網路攻擊技術分析
網路攻擊技術分析David Liao
 
穏やかにファイルを削除する
穏やかにファイルを削除する穏やかにファイルを削除する
穏やかにファイルを削除する鉄次 尾形
 
wreewrer
wreewrerwreewrer
wreewrerJohnHotyn
 
Representing Material Culture Online: Historic Clothing in Omeka
Representing Material Culture Online: Historic Clothing in OmekaRepresenting Material Culture Online: Historic Clothing in Omeka
Representing Material Culture Online: Historic Clothing in OmekaArden Kirkland
 
Social Network Analysis With R
Social Network Analysis With RSocial Network Analysis With R
Social Network Analysis With RDavid Chiu
 
Bluemix Meetup Seoul: Cloud Native 애플리케이션
Bluemix Meetup Seoul: Cloud Native 애플리케이션Bluemix Meetup Seoul: Cloud Native 애플리케이션
Bluemix Meetup Seoul: Cloud Native 애플리케이션JeongSeok HONG
 
Using Phing for Fun and Profit
Using Phing for Fun and ProfitUsing Phing for Fun and Profit
Using Phing for Fun and ProfitNicholas Jansma
 
Prelude to halide_public
Prelude to halide_publicPrelude to halide_public
Prelude to halide_publicFixstars Corporation
 

Recommended

網路攻擊技術分析
網路攻擊技術分析網路攻擊技術分析
網路攻擊技術分析David Liao
 
穏やかにファイルを削除する
穏やかにファイルを削除する穏やかにファイルを削除する
穏やかにファイルを削除する鉄次 尾形
 
wreewrer
wreewrerwreewrer
wreewrerJohnHotyn
 
Representing Material Culture Online: Historic Clothing in Omeka
Representing Material Culture Online: Historic Clothing in OmekaRepresenting Material Culture Online: Historic Clothing in Omeka
Representing Material Culture Online: Historic Clothing in OmekaArden Kirkland
 
Social Network Analysis With R
Social Network Analysis With RSocial Network Analysis With R
Social Network Analysis With RDavid Chiu
 
Bluemix Meetup Seoul: Cloud Native 애플리케이션
Bluemix Meetup Seoul: Cloud Native 애플리케이션Bluemix Meetup Seoul: Cloud Native 애플리케이션
Bluemix Meetup Seoul: Cloud Native 애플리케이션JeongSeok HONG
 
Using Phing for Fun and Profit
Using Phing for Fun and ProfitUsing Phing for Fun and Profit
Using Phing for Fun and ProfitNicholas Jansma
 
Prelude to halide_public
Prelude to halide_publicPrelude to halide_public
Prelude to halide_publicFixstars Corporation
 
27th Bluemix Meetup Seoul
27th Bluemix Meetup Seoul27th Bluemix Meetup Seoul
27th Bluemix Meetup SeoulJeongSeok HONG
 
Додаток 3
Додаток 3Додаток 3
Додаток 3ymcmb_ua
 
17. pengantar teknik pondasi
17. pengantar teknik pondasi17. pengantar teknik pondasi
17. pengantar teknik pondasiKHRISTIAN MAUKO
 
Petunjuk pengisian lhkpn model a
Petunjuk pengisian lhkpn model aPetunjuk pengisian lhkpn model a
Petunjuk pengisian lhkpn model aGolden Saragih
 
Шпаргалки
ШпаргалкиШпаргалки
ШпаргалкиFr3net1c
 
Solutions manual for operations research an introduction 10th edition by taha...
Solutions manual for operations research an introduction 10th edition by taha...Solutions manual for operations research an introduction 10th edition by taha...
Solutions manual for operations research an introduction 10th edition by taha...ricmka
 
محاسبة البنوك
محاسبة البنوكمحاسبة البنوك
محاسبة البنوكJouhar119
 
Hebrew Bible as Data: Laboratory, Sharing, Lessons
Hebrew Bible as Data: Laboratory, Sharing, LessonsHebrew Bible as Data: Laboratory, Sharing, Lessons
Hebrew Bible as Data: Laboratory, Sharing, LessonsDirk Roorda
 
Tercera parte parte del Cuaderno de Ingles
Tercera parte parte del Cuaderno de InglesTercera parte parte del Cuaderno de Ingles
Tercera parte parte del Cuaderno de InglesRicardo Aguilar
 
The smiley dictionary
The smiley dictionaryThe smiley dictionary
The smiley dictionaryadindayeti
 
Real Life Uses of a Program (Tik Tok Toy Game) useing by C Programming
Real Life Uses of a Program (Tik Tok Toy Game) useing by C Programming Real Life Uses of a Program (Tik Tok Toy Game) useing by C Programming
Real Life Uses of a Program (Tik Tok Toy Game) useing by C Programming Badhon Biswas
 
Flow of events during Media Player creation in Android
Flow of events during Media Player creation in AndroidFlow of events during Media Player creation in Android
Flow of events during Media Player creation in AndroidSomenath Mukhopadhyay
 
5800 survey-program
5800 survey-program5800 survey-program
5800 survey-programpanama321
 
Hangman Game Programming in C (coding)
Hangman Game Programming in C (coding)Hangman Game Programming in C (coding)
Hangman Game Programming in C (coding)hasan0812
 
An integrated-approach-to-intermediate-japanese
An integrated-approach-to-intermediate-japaneseAn integrated-approach-to-intermediate-japanese
An integrated-approach-to-intermediate-japaneseIto Ree
 
Original N-Channel Mosfet IPP60R380E6 60R380E6 6R380E6 380E6 650V 10.6A TO220...
Original N-Channel Mosfet IPP60R380E6 60R380E6 6R380E6 380E6 650V 10.6A TO220...Original N-Channel Mosfet IPP60R380E6 60R380E6 6R380E6 380E6 650V 10.6A TO220...
Original N-Channel Mosfet IPP60R380E6 60R380E6 6R380E6 380E6 650V 10.6A TO220...AUTHELECTRONIC
 
Apache Menu Zh Cn
Apache Menu Zh CnApache Menu Zh Cn
Apache Menu Zh Cnzyhuacnic
 
SLES11で構築するXen仮想化+HAクラスタ入門
SLES11で構築するXen仮想化+HAクラスタ入門SLES11で構築するXen仮想化+HAクラスタ入門
SLES11で構築するXen仮想化+HAクラスタ入門VirtualTech Japan Inc.
 
Global money
Global moneyGlobal money
Global moneygabz28
 
직장인을 위한 GTD 시작하기 (How To Start GTD)
직장인을 위한 GTD 시작하기 (How To Start GTD)직장인을 위한 GTD 시작하기 (How To Start GTD)
직장인을 위한 GTD 시작하기 (How To Start GTD)Jinho Jung
 
Dopon!
Dopon!Dopon!
Dopon!Hiroyuki Takahashi
 
책한권 써보기
책한권 써보기책한권 써보기
책한권 써보기Jinho Jung
 

More Related Content

What's hot

27th Bluemix Meetup Seoul
27th Bluemix Meetup Seoul27th Bluemix Meetup Seoul
27th Bluemix Meetup SeoulJeongSeok HONG
 
Додаток 3
Додаток 3Додаток 3
Додаток 3ymcmb_ua
 
17. pengantar teknik pondasi
17. pengantar teknik pondasi17. pengantar teknik pondasi
17. pengantar teknik pondasiKHRISTIAN MAUKO
 
Petunjuk pengisian lhkpn model a
Petunjuk pengisian lhkpn model aPetunjuk pengisian lhkpn model a
Petunjuk pengisian lhkpn model aGolden Saragih
 
Шпаргалки
ШпаргалкиШпаргалки
ШпаргалкиFr3net1c
 
Solutions manual for operations research an introduction 10th edition by taha...
Solutions manual for operations research an introduction 10th edition by taha...Solutions manual for operations research an introduction 10th edition by taha...
Solutions manual for operations research an introduction 10th edition by taha...ricmka
 
محاسبة البنوك
محاسبة البنوكمحاسبة البنوك
محاسبة البنوكJouhar119
 
Hebrew Bible as Data: Laboratory, Sharing, Lessons
Hebrew Bible as Data: Laboratory, Sharing, LessonsHebrew Bible as Data: Laboratory, Sharing, Lessons
Hebrew Bible as Data: Laboratory, Sharing, LessonsDirk Roorda
 
Tercera parte parte del Cuaderno de Ingles
Tercera parte parte del Cuaderno de InglesTercera parte parte del Cuaderno de Ingles
Tercera parte parte del Cuaderno de InglesRicardo Aguilar
 
The smiley dictionary
The smiley dictionaryThe smiley dictionary
The smiley dictionaryadindayeti
 
Real Life Uses of a Program (Tik Tok Toy Game) useing by C Programming
Real Life Uses of a Program (Tik Tok Toy Game) useing by C Programming Real Life Uses of a Program (Tik Tok Toy Game) useing by C Programming
Real Life Uses of a Program (Tik Tok Toy Game) useing by C Programming Badhon Biswas
 
Flow of events during Media Player creation in Android
Flow of events during Media Player creation in AndroidFlow of events during Media Player creation in Android
Flow of events during Media Player creation in AndroidSomenath Mukhopadhyay
 
5800 survey-program
5800 survey-program5800 survey-program
5800 survey-programpanama321
 
Hangman Game Programming in C (coding)
Hangman Game Programming in C (coding)Hangman Game Programming in C (coding)
Hangman Game Programming in C (coding)hasan0812
 
An integrated-approach-to-intermediate-japanese
An integrated-approach-to-intermediate-japaneseAn integrated-approach-to-intermediate-japanese
An integrated-approach-to-intermediate-japaneseIto Ree
 
Original N-Channel Mosfet IPP60R380E6 60R380E6 6R380E6 380E6 650V 10.6A TO220...
Original N-Channel Mosfet IPP60R380E6 60R380E6 6R380E6 380E6 650V 10.6A TO220...Original N-Channel Mosfet IPP60R380E6 60R380E6 6R380E6 380E6 650V 10.6A TO220...
Original N-Channel Mosfet IPP60R380E6 60R380E6 6R380E6 380E6 650V 10.6A TO220...AUTHELECTRONIC
 

What's hot (16)

27th Bluemix Meetup Seoul
27th Bluemix Meetup Seoul27th Bluemix Meetup Seoul
27th Bluemix Meetup Seoul
 
Додаток 3
Додаток 3Додаток 3
Додаток 3
 
17. pengantar teknik pondasi
17. pengantar teknik pondasi17. pengantar teknik pondasi
17. pengantar teknik pondasi
 
Petunjuk pengisian lhkpn model a
Petunjuk pengisian lhkpn model aPetunjuk pengisian lhkpn model a
Petunjuk pengisian lhkpn model a
 
Шпаргалки
ШпаргалкиШпаргалки
Шпаргалки
 
Solutions manual for operations research an introduction 10th edition by taha...
Solutions manual for operations research an introduction 10th edition by taha...Solutions manual for operations research an introduction 10th edition by taha...
Solutions manual for operations research an introduction 10th edition by taha...
 
محاسبة البنوك
محاسبة البنوكمحاسبة البنوك
محاسبة البنوك
 
Hebrew Bible as Data: Laboratory, Sharing, Lessons
Hebrew Bible as Data: Laboratory, Sharing, LessonsHebrew Bible as Data: Laboratory, Sharing, Lessons
Hebrew Bible as Data: Laboratory, Sharing, Lessons
 
Tercera parte parte del Cuaderno de Ingles
Tercera parte parte del Cuaderno de InglesTercera parte parte del Cuaderno de Ingles
Tercera parte parte del Cuaderno de Ingles
 
The smiley dictionary
The smiley dictionaryThe smiley dictionary
The smiley dictionary
 
Real Life Uses of a Program (Tik Tok Toy Game) useing by C Programming
Real Life Uses of a Program (Tik Tok Toy Game) useing by C Programming Real Life Uses of a Program (Tik Tok Toy Game) useing by C Programming
Real Life Uses of a Program (Tik Tok Toy Game) useing by C Programming
 
Flow of events during Media Player creation in Android
Flow of events during Media Player creation in AndroidFlow of events during Media Player creation in Android
Flow of events during Media Player creation in Android
 
5800 survey-program
5800 survey-program5800 survey-program
5800 survey-program
 
Hangman Game Programming in C (coding)
Hangman Game Programming in C (coding)Hangman Game Programming in C (coding)
Hangman Game Programming in C (coding)
 
An integrated-approach-to-intermediate-japanese
An integrated-approach-to-intermediate-japaneseAn integrated-approach-to-intermediate-japanese
An integrated-approach-to-intermediate-japanese
 
Original N-Channel Mosfet IPP60R380E6 60R380E6 6R380E6 380E6 650V 10.6A TO220...
Original N-Channel Mosfet IPP60R380E6 60R380E6 6R380E6 380E6 650V 10.6A TO220...Original N-Channel Mosfet IPP60R380E6 60R380E6 6R380E6 380E6 650V 10.6A TO220...
Original N-Channel Mosfet IPP60R380E6 60R380E6 6R380E6 380E6 650V 10.6A TO220...
 

Similar to 密瑪學原理與技術

Apache Menu Zh Cn
Apache Menu Zh CnApache Menu Zh Cn
Apache Menu Zh Cnzyhuacnic
 
SLES11で構築するXen仮想化+HAクラスタ入門
SLES11で構築するXen仮想化+HAクラスタ入門SLES11で構築するXen仮想化+HAクラスタ入門
SLES11で構築するXen仮想化+HAクラスタ入門VirtualTech Japan Inc.
 
Global money
Global moneyGlobal money
Global moneygabz28
 
직장인을 위한 GTD 시작하기 (How To Start GTD)
직장인을 위한 GTD 시작하기 (How To Start GTD)직장인을 위한 GTD 시작하기 (How To Start GTD)
직장인을 위한 GTD 시작하기 (How To Start GTD)Jinho Jung
 
책한권 써보기
책한권 써보기책한권 써보기
책한권 써보기Jinho Jung
 
半導體製程風險評估
半導體製程風險評估半導體製程風險評估
半導體製程風險評估5045033
 
オラクルのエバンジェリスト2人が考えるクラウド・プラットフォーム
オラクルのエバンジェリスト2人が考えるクラウド・プラットフォームオラクルのエバンジェリスト2人が考えるクラウド・プラットフォーム
オラクルのエバンジェリスト2人が考えるクラウド・プラットフォームKazuki Nakajima
 
Prediksi nomor togel hongkong kamis 5 juli 2018 buka nomor
Prediksi nomor togel hongkong kamis 5 juli 2018 buka nomorPrediksi nomor togel hongkong kamis 5 juli 2018 buka nomor
Prediksi nomor togel hongkong kamis 5 juli 2018 buka nomordestisepti1998
 
Zh solaris-11-whatsnew-201111-1388248
Zh solaris-11-whatsnew-201111-1388248Zh solaris-11-whatsnew-201111-1388248
Zh solaris-11-whatsnew-201111-1388248wayne huang
 
창의력 향상을 위한 마인드맵 활용하기
창의력 향상을 위한 마인드맵 활용하기창의력 향상을 위한 마인드맵 활용하기
창의력 향상을 위한 마인드맵 활용하기Jinho Jung
 
SK컴즈 행복화실 9주 과정 전체
SK컴즈 행복화실 9주 과정 전체SK컴즈 행복화실 9주 과정 전체
SK컴즈 행복화실 9주 과정 전체Jinho Jung
 
Mindmap At Works
Mindmap At WorksMindmap At Works
Mindmap At WorksJinho Jung
 
☣ ppencode ♨
☣ ppencode ♨☣ ppencode ♨
☣ ppencode ♨Audrey Tang
 
Diving Into The Yahoo Open Stack
Diving Into The Yahoo Open StackDiving Into The Yahoo Open Stack
Diving Into The Yahoo Open StackDustin Whittle
 
Yahoo Innovation Culture And Hacker
Yahoo Innovation Culture And HackerYahoo Innovation Culture And Hacker
Yahoo Innovation Culture And HackerJinho Jung
 
The Yahoo Open Stack
The Yahoo Open StackThe Yahoo Open Stack
The Yahoo Open StackMegan Eskey
 
彩蝶儿童贴第一期
彩蝶儿童贴第一期彩蝶儿童贴第一期
彩蝶儿童贴第一期mingxia
 

Similar to 密瑪學原理與技術 (20)

Apache Menu Zh Cn
Apache Menu Zh CnApache Menu Zh Cn
Apache Menu Zh Cn
 
SLES11で構築するXen仮想化+HAクラスタ入門
SLES11で構築するXen仮想化+HAクラスタ入門SLES11で構築するXen仮想化+HAクラスタ入門
SLES11で構築するXen仮想化+HAクラスタ入門
 
Global money
Global moneyGlobal money
Global money
 
직장인을 위한 GTD 시작하기 (How To Start GTD)
직장인을 위한 GTD 시작하기 (How To Start GTD)직장인을 위한 GTD 시작하기 (How To Start GTD)
직장인을 위한 GTD 시작하기 (How To Start GTD)
 
Dopon!
Dopon!Dopon!
Dopon!
 
책한권 써보기
책한권 써보기책한권 써보기
책한권 써보기
 
半導體製程風險評估
半導體製程風險評估半導體製程風險評估
半導體製程風險評估
 
オラクルのエバンジェリスト2人が考えるクラウド・プラットフォーム
オラクルのエバンジェリスト2人が考えるクラウド・プラットフォームオラクルのエバンジェリスト2人が考えるクラウド・プラットフォーム
オラクルのエバンジェリスト2人が考えるクラウド・プラットフォーム
 
Prediksi nomor togel hongkong kamis 5 juli 2018 buka nomor
Prediksi nomor togel hongkong kamis 5 juli 2018 buka nomorPrediksi nomor togel hongkong kamis 5 juli 2018 buka nomor
Prediksi nomor togel hongkong kamis 5 juli 2018 buka nomor
 
Zh solaris-11-whatsnew-201111-1388248
Zh solaris-11-whatsnew-201111-1388248Zh solaris-11-whatsnew-201111-1388248
Zh solaris-11-whatsnew-201111-1388248
 
창의력 향상을 위한 마인드맵 활용하기
창의력 향상을 위한 마인드맵 활용하기창의력 향상을 위한 마인드맵 활용하기
창의력 향상을 위한 마인드맵 활용하기
 
SK컴즈 행복화실 9주 과정 전체
SK컴즈 행복화실 9주 과정 전체SK컴즈 행복화실 9주 과정 전체
SK컴즈 행복화실 9주 과정 전체
 
Mindmap At Works
Mindmap At WorksMindmap At Works
Mindmap At Works
 
☣ ppencode ♨
☣ ppencode ♨☣ ppencode ♨
☣ ppencode ♨
 
Diving Into The Yahoo Open Stack
Diving Into The Yahoo Open StackDiving Into The Yahoo Open Stack
Diving Into The Yahoo Open Stack
 
Thesis
ThesisThesis
Thesis
 
Yahoo Innovation Culture And Hacker
Yahoo Innovation Culture And HackerYahoo Innovation Culture And Hacker
Yahoo Innovation Culture And Hacker
 
The Yahoo Open Stack
The Yahoo Open StackThe Yahoo Open Stack
The Yahoo Open Stack
 
彩蝶儿童贴第一期
彩蝶儿童贴第一期彩蝶儿童贴第一期
彩蝶儿童贴第一期
 
Ha Jakob J De
Ha Jakob J DeHa Jakob J De
Ha Jakob J De
 

Recently uploaded

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Recently uploaded (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

密瑪學原理與技術

  • 1. C05-101 WÁªa#~¦” (ÁHÌ~¢ÁHÌWÁ¦”)
  • 3. WWÁª • _Ž³Ö “kryptos” (¯) q “graphein” (3¿) ÓdþŒ¯Y¿ f • WÁª‰SG;pªÙ,8ÁØWq WYŪf WQ, WQ, W–L W–L üÖ üÖ -------------- WÖ -------------- ABCDE ------------- ABCDE abcdef #@%$/ abcdef 123456 [~^%$) 123456 W W (Encrypt) (Decipher)
  • 4. WÁª?I¤Z (1/2) • WÁûUJ_üÖeWQ,e–Le WQ,¿WÖ¥þÓf • üÖ (Plaintext) – WÃYaØd‰WQ,Yi]dW Q,Yif • WÖ (Ciphertext) – W˜YØd‰WQ,YidW Q,Yi]f
  • 5. WÁª?I¤Z (2/2) • WQ, (Encryption Algorithm) – ;WLÁüÖ†WYÜÁ*YQ,f • WQ, (Decryption Algorithm) – ;–LÁWÖ†WYÁ*YQ,f • W (Decipher) – ZWÖ”a‰üÖY@ûf • WÁN (Cryptanalysis) – ”ê¾_W–LÐ4ý¿–LCDZWÖ a”‰üÖH˜f
  • 6. ‰¡ÿêWÁª(Why Cryptography) • ½­ÃY÷WÌ (Confidentiality) • d6ÇÆ9 (Authentication) • »ØJI—”…Y· (Integrity) • d6ÃÂÔ8UeŸ×fYÐtøYÇü (Non-repudiation )
  • 7. WÁªYfY WÁªYfY WÁªYfY ÷WÌ ÷WÌ ©Ç ©Ç (Privacy) (Privacy) (Authenticity) (Authenticity) ù ù ÂÔk ÂÔk (Message) (Message) (Sender) (Sender) ÆÌ ÆÌ ”I©Ì ”I©Ì …Ç …Ç (Integrity) (Integrity) (Non-repudiation) (Non-repudiation) (Authentication) (Authentication)
  • 8. W¦”Yv • W¦”Yv8YJWÁNÔê€lY Ûœ~Uf • W¦”vY÷-·lQhYªoj – Q,v – –L­ÚS – –LY— • Kerckhoff Principle – WÁûUYČ̔¯Q,Y­WdþJ_Ôõ –LY­WÚSf
  • 9. –L (Key) • Sª–LJ8qWÁQ,*[$›WÖY Lî¿fI/jd–LJS´…—Yp ¿ÐLî¿dI}ƒ·lø©(bit)‰ f • –LlJQ,Æ«YSH pdÔø”Y –L6*[”SuYWÖf • 1WÁªþ d–L—s—dWÖ1s­Wf
  • 10. QjYÄŒ • QjYÄŒ (Computationally Secure) • WÁûUYÄŒ~IYEŽz_¯õNkê €lµÇÛœø¿µÇÓI‘DNf • QjYÄŒ – NÔêYÓI÷õùY= – NÔêYÛœt@–LYªv
  • 11. WÁN¦” (1/2) • %]WÖN (Ciphertext Only Attack) – Nk_Ž«ÔސYWÖø¬üÖЖLf • Š]üÖN (Known Plaintext Attack) – Nk_Š]YüÖ~I´ÁÐYWÖø¬– Lf • o¿üÖN (Chosen Plaintext Attack) – ¸Øk;$ÿÙ,ZüÖïÔÂÔLdŽ_ Ôk_{WYWÖ (CNkø›SüÖ~ I´ÁÐYWÖ) dø¬W–Lf
  • 12. WÁN¦” (2/2) • o¿WÖN (Chosen Ciphertext Attack) – ¸Øk;$ÿÙ,ZWÖïÔŸ×LdŽ_Ÿ ×k_{WYüÖ(CNkø›SWÖ~ I´ÁÐYüÖ) dø¬W–Lf • sbN, (Brute-Force Attack) – Nk“ ÔސY÷W–L8¸ØWÁûUf
  • 13. ©2jWÁªóè WÁª±ó
  • 14. WÁª±ó • WÁªûU·løì½gG”YHÃ8 ±ój – ZüÖ7l‰WÖÔ46QÙ,jY¨.j • _þ (substitution) • Äl (transposition) • ´1 (product) – 4–LHpY¨.j • ÷WL(secret-key)dÐÂUWûU • ¢ÁHÌЮšLWûU • O« (HASH) – ˆ#üÖÙ,jY¨.j • ØlW, (block cipher) • ØtW, (stream cipher)
  • 15. W?I6Q • _þ(substitution) – _þ8YJüÖ•YÊSH©o Ç—ÁÐQ$SH©of • Äl(transposition) – ÄlJZüÖ•Y©o -°f • ´1 (Product) – ø_þ~Äl‰?þôÓY O _þ ¥dø:Q» OY´1Öf Äl ´1
  • 16. –LY4Hp • ÁHÌWÁª – W~W4Sª–LH˜dfH‰ SÐ÷ WL(secret-key)dÐÂUWûUf • ¢ÁHÌЮšLWûU – W~W4SÁ–LH˜ • ”ê–LYW¦”H‰O« (HASH)
  • 17. lW vs. ØtW • ˜ØlW (block cipher)™ – ZüÖ±ÓpHnH¿©Ð©Yld(òÁÊ SHlØдYQ,ÆqLdpªÌ Œj‰ (M‰üÖd±òÓM1eM2…Mnl) • E(M,K)=E(M1,K)E(M2,K)…..E(Mn,K) • ˜ØtW (stream cipher)™ – ØtW(”6ZüÖ²±‰ldþJSã WØtYSH©ÐJ©flY*,JZ 0õYWL·Ó‰Ì—e'¾ÁYS— –Lt(keystream)dŽZ–LtqaØ €plain text¾@XOR6Qd*[WÖØ €cipher textf
  • 18. JW¦” • ZüÖ•Y¿©I4Y¿©ÐLî8þ • Caesar W, – ðØòð Y_þW,d_©Ã50˯õ¬ Julius Caesar® – ZÊH¿NIYKgH¿N8_þf7½j • üÖjATTACK AT DAWN • WÖjDWWDFN DW GCZQ • Caesar WQ,jC=E(P) = (P+k) mod (26) • Caesar WQ,jP=D(C) = (C-k) mod (26) • JW¦”‰_þeÁHÌWÙ, • Q,@õ ò–LÄõdø—N
  • 20. ÁHW¦” Data h ÁHÌWÁªfH‰ÂU ÐdW–L (Symmetric Encryption , Secret Key W Encryption, conventional Encryption) y ùYWqW®´ Y–L y êÂÔqŸ×PÙi¹ dW–L Þ´YSª–L W Data
  • 21. ÁHW¦”Y´yà • ´Ãj – 0žº – ½4D}Y–LdZíøNf • yÃj – êÞSHÄŒÌÚSZ–LÄŒÌY±Ôtø YPÙf – d6÷WÌ(Confidential)YČ̐bdÌ,d6 ”I©Yb
  • 22. ¢ÁHÌW¦” • ¢ÁHÌWÁª Data Data (Asymmetric EncryptioniPublic Key Encryption) W W – ÊH4k¹ÞSÁ ®š–L –L-®š–Lq÷ W–L(public key and a private key)d ù_I•Sª–L Wd@ê_$S ª–LšøWd® š–Lø—?9Y W W ï1dþ÷W–L@ ÷W–L ê¯WYø­Àf Data Data
  • 23. ¢ÁHW¦”Y´yà • ´Ãj – ®šLø®š±Ô – d6 ÷WÌeÇ~”I©Ì • yÃj – Ö0¨ ´Ã yÃ
  • 24. ÁHÌW, vs.¢ÁHÌW, ÁHÌW, ¢ÁHÌW, I4¤H dW–LW, ®š–LW, WYkeyJ ´ ” I´ ®šLø®š keyI®š ”®š ÷ÞL”®š ½~NH[tlù, Ì~µÇ[tlùd key­M*Z ê­M»NªWL %ê­M‰Y÷WL Wº ž Ô lõW—0—YØdlõW—0õYØe Ð 7jemail p¦Ý
  • 25. YÁHW~¢ÁHW¦” • ¢ÁHÌW¦”(¢8_þÁHÌ W¦”dþJ8ÎþI”(vÄŒÌf • Zk¢Þ´•d¼j¾l¥;4f Secret Private Public
  • 27. lÁHÌWQ,Æ • Data Encryption Standard (DES) • Triple DES (3DES) • IDEA • BlowfishiTwofish • RC4eRC5eRC6 • AESj(Advanced Encryption Standard)j Rijndael
  • 30. 1JZüÖ7lÓI4Yud+–LqWÖë·‹Ž O· – ÒsJ8üÖ•Y‚SHƒ®ÙY »ÇZ6ÒsB¤QW ÖY¢Å… • DES®56©Y–L8Á64©YØl† Wdê¾16«¥Y6Qf • ôyÃj56©Y–L—ÄõdøfÃeØYQ bd·l%ê€lS,Ûœ¬DES–Lf
  • 31. Triple DES • 1992Ëd¼ú[pï$DESøÀ'48# vdªäTriple DESÐ6þ[f(6Q48« ¥) • 3DESø4ZªÐgª–Ld½JZªd ÆK1qK3JSuYdK2J” • 168©–L • âI4Q,0Ô • óèjDES-EEE3eDES-EDE3eDES-EEE2e DES-EDE2 • fÃÞ¢µc)ÐûU®3DESd½PGPe S/MIME
  • 32. 3DES 6* ¡ DES-EDE36*|Ì üÖ K1–L K2–L K3–L †DES †DES †DES WÖ W W W WÖ K3–L K2–L K1–L †DES †DES †DES üÖ W W W
  • 33. † Wz_ (1/2) • † Wz_ (AESiAdvanced Encryption Standard) f • NIST‰Y_þDESõ1997Ë4ÜMÌ®SD ËhSþYïWÁœAESdø­½ (sensitive)(¢ÚW(unclassified)YLØf • 2000Ë10ÜdNIST18â;Û(Belgium) YGWÁªkJoan DaemeneVincent RijmenÔdYRijndaelQ,J{µ°D oz(*‰-SþYWz_f
  • 34. † Wz_ (2/2) • RijdaelYv÷eG¥õ÷ºc)(ò™ø ¯÷j¼*f • AES‰lÌW¦”d4Yï}ƒ‰ 128©dþ–L}ƒ‰128e192e256© gGo¿f 4 üÖï© ïW WÖï© –L— ©
  • 35. ÁHWQ,â0 DES 3DES AES Øï 64 © 64 © 128 © –L— 56 © 168 © 128/192/256© 6Q 10/12/14ã 16 ã 48ã ãp (‡–L—þ.)
  • 36. ®š–LQ, • Deffie-Hellman Key Exchange – SG+GH·Ã¼X qÔ›WLYÙ,d DHd6Y–L·@”ÄŒc)YÙ,f • RSA – 1978 ËdRiveseShamir ¿ Adleman gªk; ±}/pYbíÔdY¢ÁHÌ–LQ ,dJfÃðwAY®š–LW, f • ÕåÜÞWÁª (Elliptic CurveiECC ) – -SþY®š–LQ,d_õECC%ê40õ Y–L—1:Q~0—–LYRSAQ,v S›dÔø¢lG¥¯7½}FYUÞ ¤h4f
  • 37. O«Lp(Hash Function) (1/2) • O«LpZ‚—Yùi]øâ5d 7lþÓ‰SH—0õòx›Yidä iù‰O«= (Hash Value)ÐÃ¹Ü (Message Digest)f • Ðj – ½­ØÂÔYÆÌ – p¦Ç – WÁ·À – ù½©
  • 38. O«Lp(Hash Function) (2/2) • O«Lp$Ì – £YH›Lp (One way transformation)dÌ ,_iÀªIai]=€”ÀՁ – ¤ Ì (collision resistance) • O«=ê‡üÖ· þ • í¬ZH”YցHÞ´YO«= • l—H‰˜p8m™(Digital Fingerprint) – ÒuÌ (Diffusion) • 8üÖ•Y‚SHƒ®ÙY »ÇZ6ÒsB¤Q WÖY¢Å…
  • 39. lYO«Q,(Hash Algorithms) • MD2eMD4eMD5 • Secure Hash Algorithm (SHA) • RIPEMD-160
  • 40. Message Digest 5 (MD5) • 1991Ë Ron Rivest £YMD5‰ MD4Y· HId0MD4 OþÄŒd(ùÔf • MD5 6Z 512 ©ï±Ó 16 H 32 ©Y ïd8ˆ#i]Ö¿f • i]‰SH512 ©Yïdi‰SH128 ©YùÜf • UNIX/Linux YshadowWÁ1JäGW¦”f
  • 41. SHAe SHA-1 • ÄŒO«Q, (Secure Hash Algorithm )‰7 •z_~¦”X6(NIST)Ôï8dfY‰ Õjp¦Ýz_(DSS)ÔêYO«Q,f • i]Yù”t@ 264H©d6—±ÓµH 512©Yl8ˆ#f • SHA*[160©YO«= • âMD5Dk#sb¸Ø (ª‰µY32©) • SHA-1‰ SHAY·HI • ]¤Ye‰ÄŒÌX›PGP1J4äG Q,f
  • 43. O«Q,â0 MD5 SHA-1 RIPEMD-160 Ü— 128© 160© 160© ˆ#?I 512© 512© 512© É7pf 64 80 160 (4H16HÉ (4H20HÉ (2;Y5H16H 7Y«¥) 7Y«¥) É7Y«¥) ù— 8 264 -1 © Ü ´Á֐* 32.4Mbps 14.4Mbps 13.6Mbps • * jYJS¯Pentium 266MHzYÚœjÔ{ (http://www.eskimo.com/~weidai/benchmarks.txt)
  • 45. W PKI • PKIJSG¢ÁHÌ WÁªe´qc) ¯ÇM Õj PKI YÆ¥¦”dô #•Ð ÐûÌ J8dº­æc )·ÃqetøY ÄŒÌf PKI • PKI pJSGÕjp ¯Çq®š–L¢ ¢ÁH °z_ÐX›YÄŒ f} ÌW ÌÆ¥~Vôf
  • 46. ‰4 PKI • PKI d6Y±Ô®š–LY¼¦” • äh껵4q»÷ÄŒÌYtø ÚSf – êâÂUWÁûU»
  • 48. ®š–LWa# ŠWYؾ_ ŠWYؾ_ c)ÂÔ c)ÂÔ Data Data 8A48 8A48 1 1 ug4îžY®š ug4îžY®š –L(public Key)Z –L(public Key)Z ÂÔYØW ÂÔYØW Data 3A78 3A78 îž4‰Y÷W îž4‰Y÷W –L(Private Key) –L(Private Key) ðWYØ ðWYØ
  • 49. ®š–LÇa# ¦ÝYؾ_c ¦ÝYؾ_c )ÂÔ )ÂÔ ~*~*~*~ ~*~*~*~ ~*~*~*~ ug4‰Y÷ ug4‰Y÷ W–L¦Ýê W–L¦Ýê ÈYù ÈYù ~*~*~*~ ~*~*~*~ îž;ugY®š–L îž;ugY®š–L ½©¦¹Jïug ½©¦¹Jïug
  • 50. *[p¦Ç p ¦ Ç aÃ¹ MD5 SHA RSA aÃ¹ O« Ü= ÂÔk Q, ÷W–L ¦ÇYù
  • 51. Çp¦Ç Ç p ¦ Ç MD5 aÃ¹ SHA O« O«=S â0ZH ðZk´ Q, O«= ǼYÆ Ìe”I RSA ©Ì ÂÔk O«=Z ¦ÇYù ®š–L
  • 52. p¦ (Digital Envelope) ÂÔÙ Ÿ×Ù ÁHÌûUW ÁHÌW ¢ÁHÌW d d W W Ø – Ø – L L × ÁHÌûUW Ù ® dW–L ×Ù®L dW–L L • 8eց®ÁH–LW*[WÖdŽ × ;×ÖkY®š–LZÁH–LW­d Ù ÷ ZWÖ~W˜ÁH–LÂÔŸ×kd L ø:QdW·Ã˜fYkf
  • 53. PKI 4Í • d6ÃLÀ_ûU¿UY…ÇÚS (vs. WÁ­ûU) • ½­¢GØõc)jÂÔY÷WÌ (confidentiality)qÆÌ(integrity) • ´¦Ý (Code Signature) • ÄŒÌY¢°etø – «Å®Öe· – e – c)Õ – c)h
  • 54. ¯ÇM#•Ð(Certification Authority) • ‰Y4®š–LWÁûU{ø±;6*d@ê £,aW¥(ÇüTSª®š–L½¼‰T [ÐT Ô¹Þd+ü[Ì,ÿ½eý¿f ÔÙ,J|w™àÇüYÙÌd_¦`Y KgkÐÚô(Trusted Third Parity)8…*® L¬Æ dø¦ï®Le¯ÇYÙÌ8Ç ü®LYÖbf • CA1JSH8d6ïeÞVM#¯ÇY f • _A´e 8Úô(½verisigneThawte Consulting)Ð
  • 56. ¯Ç (Certificates) • p¯ÇJS…¾_CA ¦ÝYeցf version • 8Çü®š–Lq$ Serial Number ›YH[Ð (¹Þk) Subject Y¹©ë·f Issuer Public Key • z_jITU-T X.509øÌ Validity Period Extensions • ¯Ç«™ 4k¤ CA Signature He®š–LeïÇk (issuer)e[ÖqQ‚Ú ‚e¹Þk….Ãf
  • 57. ¯Ç«™ HI ¯Çïk ¯ÇY ¯Ç5Þk ÞÖ‚ ®š–L
  • 58. X.509p¯ÇøÌ • X.509p¯ÇWøASN.1LîŒj, (Abstract Syntax Notation 1)›Èd Z¾1 YÓp¯ÇYZ†Øf • ASN.1øµGÙÌøÜÁd$¦z_µ ‰4 YDER (Distinguished Encoding Rules)dø*[Z†p¯ÇdBASE64 *[Ö¿|ÌÜÁøÌf
  • 59. p¯ÇYÜÁ«™ • p¯Ç·løBase64ÜÁd*[½hÔ YASCII«™Öj -----BEGIN CERTIFICATE----- MIICWDCCAgICAQAwDQYJKoZIhvcNAQEEBQAwgbYxCzAJBgNVBAYTAlpBMRUw EwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEdMBsGA 1UEChMUVGhhd3RlIENvbnN1bHRpbmcgY2MxHzAdBgNVBAsTFkNlcnRpZmljYXRp b24gU2VydmljZXMxFzAVBgNVBAMTDnd3dy50aGF3dGUuY29tMSMwIQYJKoZIhvc NAQkBFhR3ZWJtYXN0ZXJAdGhhd3RlLmNvbTAeFw05NjExMTQxNzE1MjVaFw05Nj EyMTQxNzE1MjVaMIG2MQswCQYDVQQGEwJaQTEVMBMGA1UECBMMV2VzdGV ybiBDYXBlMRIwEAYD VQQHEwlDYXBlIFRvd24xHTAbBgNVBAoTFFRoYXd0ZSBDb25zdWx0aW5nIGNjMR 8wHQYDVQQLExZDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzMRcwFQYDVQQDEw53d3 cudGhhd3RlLmNvbTEjMCEGCSqGSIb3DQEJARYUd2VibWFzdGVyQHRoYXd0ZS5j b20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAmpIl7aR3aSPUUwUrHzpVMrsm3gp I2PzIwMh39l1h/RszI0/0qC2WRMlfwm5FapohoyjTJ6ZyGUUenICllKyKZwIDAQABMA0 GCSqGSIb3DQEBBAUAA0EAfI57WLkOKEyQqyCDYZ6reCukVDmAe7nZSbOyKv6K UvTCiQ5ce5L4y3c/ViKdlou5BcQYAbxA7rwO/vz4m51w4w== -----END CERTIFICATE-----
  • 60. ¯ÇM#•Ðï¯Ç 1 _k£W•Ðd 3 6…¿aÇü 2 W•ÐÇ¯Ç 2 Ë[˜±d(¬Æ ¯ÇM#•Ð $8¦ï¯ÇdÛ (Certificate pZ¯ÇËÄŒ® Authority) 4  $ W•Ð (Registration Authority) 3 ¯ÇM#•Ð*[( 1 ¦Ça[¯Ç Repository 4 ¯ÇM#•ÐÄŒY Z¯ÇÂÔa[ ak (Z4·ÀõØ« •
  • 61. A´Ú뮚–L?þ£(GPKI) • fÃA´Ú뮚 A´Ú뮚–L?þ£ GPKI –L?þ£ (Government Public Key Infrastructure, A´¯Ç e¯Ç GPKI)YVô½¡ M#•Ð ªƒ Ôj • GPKIYï¿Ä ÙÌýGRCAc «AÅ
  • 62. ¿ gj  ¯Ç ¯Ç http://grca.nat.gov.tw M#•Ð M#•Ð A´» ¯Ç ˆ ¯Ç M#•Ð A´¯Ç M#•Ð M#•Ð
  • 64. «YÐï9ødºYÄ ŒÌ • PKI ¥´~÷:Ó÷YÄŒÌË • ºpˆM½4¯ÇYH – a¯Ç – M#~ê…¯Ç
  • 66. lYÄŒÌX› Ð4 SET, S/MIME, Ð4 Ð4 Œ:4 PGP….. 64 SSL, SSH Âi4 Âi4 Âi4 IPSec cç4 cç4 c)4 ع4 c)§ c)§ ¼4
  • 67. SSL(Secure Sockets Layer ) • U1994ËnetscapedSGVô¯TCP ˜jYČ̷ ÃX› • SSL‰fÃð?9ÐYc+ÂiÄŒÌX›dC HTTP+SSL=HTTPS • SSLÕjYÄŒÌj – Ç (Authentication) j4RSAeDSSqX.509¯Ç®š–L W¦” – ÂiYÚWÌ (Confidentiality)j4IDEAe3DESeRC4 ÁHÌ W¦” – ÆÌ(Integrity)j4MD5eSHAO«‰?þYù½©Á (MAC) • SSL Ì,d6˜”I©Ì™Çü
  • 68. SSL X› • SSL eÓX›jXDPÙÄŒ·ÃYpd ©Ç…e Q,~–Ltl • SSL ¾}X›j…PÙ:ÓÄŒXDd;¾}X›† ·ÃdI
  • 69. ‰ZIj4YØø±ðeÀ5e] ùÇÁ~WÂÈTCP4f • SSL FSX›jª.K1YFSùf • SSL »WøX›j·]ÁÙ· Wø Ð4 (HTTPeLDAPeSMTP….) Z SSL SSL » SSL 4 eÓX› WøX› FSX› ……. X › SSL ¾}X› TCP 4 IP 4
  • 70. SSL eÓX›tû ÒL #L KS ljmÄŒÚS Client_hello X›HIe6Æ9ÁeW Server_hello –LtlÐ*[Ù, eÀ5Ù,dΐ¾p Certificate KZ lj#œ½©q–Ltl exchange #œÔ¯Çe–LtlùÐRSA®š Server_key_ request –Le˯Çùdð#œÔ Certificate_ Server_hell o_done ¨ hello message© Y¼Ã¹ Certificate Kg ljÒL©Çq–Ltl Client_key_ex ÒL—ËÔ¯ÇdÒÔ–L change Certificate_ve tlÐ*[˜ÃĘô–L ø#œ˜RSA rify ®š–LW dҐԯÇÇ Change_ciphe r_spec K, ljÓ Finish PÙ*[ô–Ld »WdÓeÓ her_spec X› Change_cip Finish
  • 71. TLS (Transport Layer Security) • SSLõ1999Ë—IETFŸad»¤‰TLS 1.0 H (RFC2246) dTLS*‰SSLYƒX› f • TLS«™~ SSL v3.1X›;÷Sud%*ƒÅ …L·f • TLS§õTCP4~Ð4˜œdd6Âi4ø j˜÷WÌe…ÇeÆÌÄŒÌf • øÐõTelneteFTPeHTTPqe‰ X›f
  • 72. Secure Shell (SSH) • SSH‰SÊd6ÄŒÌÃLî]~BvÿY X›~ûÌf • SSH ¹ÞÀ@WÁªd6ÇeÂiY÷WÌ ~ÆÌÄŒÌf • HIjv1 ~ v2 • SSHv1 J‰Y_þYtelnete rloginershe rexec”ÄŒYî]¿ÂiÙ, • SSHv2‰SSHv1X›Y 3~vd4” Y–LtlÚSe03YE”ÚS(d6YÄ ŒÌYæéÂi~¹Ÿ=7Ô
  • 73. f
  • 74. SSH
  • 75.  ÄŒÌYÃLî] ÄŒÌBÃLvÿ ssh ssh host command ôÚ ÒL ÒL ssh vÿ ôÚ p X11 DISPLAY ing Po rt F orward ssh ssh ÒL ôÚ ÒL ôÚ (3) X11 Forwarding ÄŒÌYæéÂi Vncho st:59 00 Localhost Text :5900 Port 22 ssh vncviewer vnchost (5) Port Forwarding ssh -L 5900:localhost :5900 vnchost
  • 76. SSH X›~W¦” • ;Diffie Hellman Ð telnetercpershe RSA tl÷W–L rlogineftp • SSH;IDEAe ”ÄŒYÂi BlowfisheAES Ð 3DES ÁHQ,W • 4 RSAeDSA ®š– L¦”Ç ÄŒYÂi • Õj PKIYÇ~¬ÆÙ sshesftpescp Ì
  • 77. IPSec § • IPSecJIETF(Internet Engineering TaskForce) Ôô¬ïIpv6YSÅ…f • IPSec›ÈØWeÆÌdÇ~–LM #ø½­c)ÂiÄŒÌ(confidentiality e integrityeauthenticatione~key management) f • IPSecЯOSI|Ìc)4dò­ÇÔÞIP Ø «J ÄŒYþ~j4BYÐûÌ~ ¾@Y)_œÌëf
  • 78. IPSec Y´Ã • šóYˆ8z_(IETF) dõIPv4qIPv6 • ½­ÂiY÷WÌeÆÌ~P£ÇYÄŒ ̐b • ÀüÌ jIPSec‰c)4ÄŒÌX›d~4 k¿j4ÐûÌÌëf • A̐bj IPSec¯ôÚœYÄŒÂi j(transport mode)dpÐõclœYÄ ŒÂÈ(Tunneling mode)d(d60}Y4 ¿M#AÌf
  • 79. IPsec X› (1/3) IPSEC Vô IPSEC Vô IKE IKE AH AH ESP ESP IPSEC DOI IPSEC DOI ÇQ, ÇQ, WQ, WQ,
  • 82. f – –LtlX› (IKE) • ªmÄŒL(SA)~tl–Lf – AH(Authentication Headerd©ÇŒ˜) • ôd6©ÇY
  • 83. jM½kÆ Y8Ud’5 Ô Ú¸Øf • ­IP YÆÌj½©IP ¯ÂÔÄ•J€J·f • ½©IP ïÔkY…f – W: ©Ç(Ì,#ßc)jYKgk# «™
  • 84. IPSec X› (3/3) – ESP(Encapsulating Security PayloaddØ W) • ôd6WY
  • 86. f • mIPSec¹Þ4S›64–LtlX›d õAH~ESPÆJø ù4dÐJGk ¥;4f
  • 87. IPSec Transport Mode 9c) 9c) Host B )_œ )_œ Internet cçc) Host A IPSec between Hosts IPSec between Hosts AH z˜ aIPz˜ aØl (IP Header) or (IP Payload) ESPz˜
  • 88. IPSec Tunnel Mode IPSec ÄX IPSec ÄY Host B Host A cçc) W W 9c) 1 IPSec between Gateways 9c) 2 aIPz˜ aØl aIPz˜ aØl (IP Header) (IP Payload) (IP Header) (IP Payload) -YIP AHÐESP aIPz˜ aØl ESP ESP z˜ z˜ (IP Header) (IP Payload) Trailer ©Ç
  • 90. S/MIME • MIMEJSH›Èe‰Ã¹Y8¢z_øÌ • S/MIMEÆJČ̵Äcçc)‰·$Y 53 (Secure/Multipurpose Internet Mail Extension) dµJcçc)j4W¦”8 ÈÄŒe‰YSH·ÃX›z_f • ®ÿ¥YWûU – X.509 p¯Ç – DESeTriple-DESeRC2 • Õj‰Ã¹YÂi÷WÌ, ÆÌeÇÌe ø¿”I©Ì
  • 91. Pretty Good Privacy (PGP) • PGPJ_Õ7[Phil Zimmermannõ1991ËÔ `3Y‰¿æé·ÀYÄŒÌX›f • PGPd6e‰W
  • 93. +W¦” – IDEAeRSAeSHA-1e MD5... • ®ZIPÀ5ŽWÂÈÙÌ f • ‰S5le®vbÜÁQ,òùm6* ”aA´Å˜›SYÄŒÌX› f • http://www.pgpi.org/
  • 94. SET (Secure Electronic Transaction) • 1995Ë_VISAqMastercardZ}¦®! ªYcçc) 8tøz_f • Я¦˜œtø@ûY­WÙf • SET45ke ³Y¯Ç¿p¦Ç† ”I©YÇd½© lke •˜…Y M½Ì f • 4p¦Ç½­ØÂiYÆÌ f • SET4DES*‰ù›ÃYWˆ#Ù,d (ò4RSA*–Ltlqp¦ÝdSHA-1 d6ÆÌf • ®P ¦ÇÚS(Dual Signature)ø©+ •Ì ,{] lkênîØd× Ì,_{ lk Øf
  • 95. SET ¤Vô ez cçc) $Ò ³ 5[ ( lk) ³#œ ¯ÇM#•Ð cçc) $ ù›˜ 5[ VisaNet Ø« ïÕ × Õ
  • 96. § • WÁª‰ÃÄŒY?þŪf • WÁªJ:ÓÃÄŒÔËYÇ (Authentication)e ÷WÌ(Confidentiality)eÆÌ(Integrity)e”I© Ì(Non-repudiation)ÄŒÌÔ@êY¦”f • ªf(YÁHÌe¢ÁHÌWÁª~O«Lp¯ ÃÄŒjYÐJ$þÄ[p@êY¦”f • Dµ;ÄŒÌX›8X?Ð_þ”ÄŒYf • 4W¦”êÛýŽÖ~Ù©ÌY_µ*Zf