上學期資安課程的整理
略過加密演算法過於理論的部份,來看看一個資安系統在技術上可能牽涉的範疇有那些?
(1) Firewall: packing filtering, stateful inspection, application-level gateway, and circuit-gateway.
(2) Encryption, decryption and authentication based on IP Level: IPSec
(3) Encryption, decryption:(provides confidentaility)
symmetric cipher,such as DES, AES;
public key based cipher, such as RSA, eclipse.
(4) Message Authentication:(provides authentication)
MAC, hashcode.
(5) Digital Signature:(provides non-repudiation)
RSA+hashcode, DSA...
(6) Key Distribution Center.(KDC)
the architecture of distributing keys. The key distributed must be genuine.
期未報告是一個web based secure purchase system. 包含幾個模組
(1) key management
(2) digital signature
(3) encryption and decryption
Key points:
Symmetric cipher performs much better than public key based cipher!
Due to we cannot transmit private key over network, (2)&(3) is done by Applet.(only (1) is done by the web server component, because only public keys are managed by server.)
If we want to do mutual authentication, it probably can be done by the existing mechanism built in ap server. (ie. tomcat)
Implementation:
JCE
沒有留言:
張貼留言