信息安全研究 ›› 2019, Vol. 5 ›› Issue (1): 14-22.
林璟锵,荆继武
收稿日期:
2019-01-08
出版日期:
2019-01-15
发布日期:
2019-01-08
通讯作者:
林璟锵
作者简介:
林璟锵
博士,研究员,主要研究方向为应用密码学、网络与系统安全.
linjingqiang@iie.ac.cn
荆继武
研究员,主要研究方向为网络空间安全、身份管理与网络信任技术、系统安全理论与技术.
jing@is.ac.cn
Received:
2019-01-08
Online:
2019-01-15
Published:
2019-01-08
摘要: 密码学是网络空间安全技术的重要组成,发挥了基础性的核心作用.在计算机和网络系统中应用密码学原理,设计和实现安全服务,极大地提高了网络空间的安全性.在网络空间中应用密码算法和密码协议,需要从计算机和网络系统的角度来考虑密码技术,在严谨而抽象的密码学与复杂而具体的信息系统之间建立联系.从数据、系统、实体等之间关系的角度出发,初次尝试探讨密码应用安全的技术体系;即在密码学理论已经完备的前提下,在计算机和网络系统中应用密码学原理,应该重点解决哪些方面的技术问题,列出了密码应用安全研究中需要完成的工作:1)选择合适的密码算法、工作模式和密码协议;2)维护合理的密钥参数;3)产生安全的随机数;4)以正确的方式实现和使用密码协议;5)绑定密钥与实体;6)确保密钥安全;7)实施密码计算的使用控制.结合已有的公开研究成果,详细论述了每一方面研究的问题和内容.
林璟锵 荆继武. 密码应用安全的技术体系探讨[J]. 信息安全研究, 2019, 5(1): 14-22.
[1] Wang X, Yu H. How to Break MD5 and Other Hash Functions[G] // LNCS 3494: Advances in Cryptology – EUROCRYPT. Berlin: Springer, 2005:19-35 [2] Wang X, Yin Y L, Yu H. Finding Collisions in the Full SHA-1[G] // LNCS 3621: Advances in Cryptology – CRYPTO. Berlin: Springer, 2005:17-36 [3] Holz R, Braun L, Kammenhuber N, et al. The SSL landscape:a thorough analysis of the x.509 PKI using active and passive measurements[C] //Proc of the 11th ACM SIGCOMM Internet Measurement Conf. New York: ACM, 2011:427-444 [4] Holz R, Amann J, Mehani O, et al. TLS in the wild: an Internet-wide analysis of TLS-based protocols for electronic communication[C]. Proc of the 23rd Annual Network and Distributed System Security Symp, Virginia: ISOC, 2016 [5] Knockel J, Ristenpart T, Crandall J. When Textbook RSA is Used to Protect the Privacy of Hundreds of Millions of Users[EB/OL]. [2018-02-09]. https://arxiv.org/abs/1802.03367 [6] Aviram N, Schinzel S, Somorovsky J,et al. DROWN: Breaking TLS using SSLv2[C] //Proc of the 25th USENIX Security Symp. Berkeley : USENIX, 2016 [7] Ball M V, Guyot C, Hughes J P, et al. The XTS-AES Disk Encryption Algorithm and the Security of Ciphertext Stealing.[J]. Cryptologia, 2012, 36(1):70-79 [8] Adrian D, Bhargavan K, Durumeric Z, et al. Imperfect Forward Secrecy:How Diffie-Hellman Fails in Practice[C] //Proc of the ACM Conference on Computer and Communications Security 2015. New York:ACM, 2015:5-17 [9] Arjen K. Lenstra, Eric R. Verheul. Selecting Cryptographic Key Sizes[J]. Cryptology, 2001, 14(4):446-465 [10] NESSIE Consortium. Portfolio of recommended cryptographic primitives[EB/OL]. [2003-03-27].http://cgi.di.uoa.gr/~halatsis/Crypto/Bibliografia/Systems&Standards/Nessie/decision-final.pdf [11] Kaliski B. TWIRL and RSA Key Size[EB/OL]. [2003-05-06], http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.77.4447&rep=rep1&type=pdf [12] Orman H, Hoffman P. IETF RFC 3766: Determining strengths for public keys used for exchanging symmetric keys[DB/OL]. https://tools.ietf.org/html/rfc3766 [13] Barker E, Barker W, Burr W, et al. Recommendation for key management part 1: General (revision 3)[R]. Gaithersburg:NIST special publication, 2012 [14] Goldberg I, Wagner D. Randomness and the Netscape browser[J]. Dr Dobb's Journal-Software Tools for the Professional Programmer, 1996, 21(1): 66-71 [15] Gutmann P. Software Generation of Practically Strong Random Numbers[C] //Proc of the 7th USENIX Security Symp, Berkeley:USENIX, 1998:243-257 [16] Dorrendorf L, Gutterman Z, Pinkas B. Cryptanalysis of the windows random number generator[C] //Proc of the ACM Conf on Computer and Communications Security. New York:ACM, 2007:476-485 [17] Barker E B, Kelsey J M. Recommendation for random number generation using deterministic random bit generators (revised)[EB/OL].[2015-06-24]. https://www.nist.gov/publications/recommendation-random-number-generation-using-deterministic-random-bit-generators-2 [18] Rukhin A, Soto J, Nechvatal J, et al. A statistical test suite for random and pseudorandom number generators for cryptographic applications[DB/OL]. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-22r1a.pdf [19] Checkoway S, Fredrikson M, Niederhagen R, et al. On the Practical Exploitability of Dual EC DRBG in TLS Implementations[C] //Proc of the 23rd USENIX Security Symp. Berkeley:USENIX, 2014:319-335 [20] Kelsey J, Schneier B, Wagner D, et al. Cryptanalytic Attacks on Pseudorandom Number Generators[C] //Proc of the International Workshop on Fast Software Encryption. Berlin: Springer, 1998:168-188 [21] Zhu S, Ma Y, Lin J, et al. More Powerful and Reliable Second-Level Statistical Randomness Tests for NIST SP 800-22[C] //Proc of the Int Conf on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2016:307-329 [22] Zhu S, Ma Y, Chen T, et al. Analysis and Improvement of Entropy Estimators in NIST SP 800-90B for Non-IID Entropy Sources[J]. IACR Trans on Symmetric Cryptology, 2017(3): 151-168 [23] Lenstra A K, Hughes J P, Augier M, et al. Public Keys[M] //Berlin: Springer, 2012:626-642 [24] Heninger N, Durumeric Z, Wustrow E, et al. Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices[C] //Proc of the 21st USENIX Security Symp. Berkeley : USENIX, 2012, 8: 1 [25] Fahl S, Acar Y, Perl H, et al. Why eve and mallory (also) love webmasters:a study on the root causes of SSL misconfigurations[C] //Proc of the 9th ACM Symp on Information, Computer and Communications Security. New York: ACM, 2014:507-512 [26] Krombholz K, Mayer W, Schmiedecker M, Weippl E. I Have No Idea What I’m Doing - On the Usability of Deploying HTTPS[C]// Proc of the USENIX Security Symp. Berkeley:USENIX, 2017:1339-1356 [27] de Carnavalet X C, Mannan M. Killed by proxy: Analyzing client-end TLS interception software[C] //Proc of the Network and Distributed System Security Symp. Virginia: ISOC, 2016 [28] Somorovsky J, Mayer A, Schwenk J, et al. On Breaking SAML: Be Whoever You Want to Be[C] //Proc of the 21st USENIX Security Symp. Berkeley : USENIX, 2012 [29] Li W, Mitchell C J. Analysing the security of Google’s implementation of OpenID Connect[C] //Proc of the Int Conf on Detection of Intrusions and Malware, and Vulnerability Assessment. Berlin:Springer, 2016: 357-376 [30] Zhou Y, Evans D. SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities[C] //Proc of the 23rd Usenix Security Symp, Berkeley : USENIX, 2014 [31] R. Wang, S. Chen, X. Wang. Signing Me onto Your Accounts through Facebook and Google: A Traffic-Guided Security Study of Commercially Deployed Single-Sign-On Web Services[C] //Proc of the IEEE Symp on Security and Privacy, Piscataway, IEEE, 2012 [32] Wang H, Zhang Y, Li J, et al. Vulnerability Assessment of OAuth Implementations in Android Applications[C] //Proc of the 31st Annual Computer Security Applications Conf. New York: ACM, 2015:61-70 [33] Georgiev M, Iyengar S, Jana S, et al. The most dangerous code in the world:validating SSL certificates in non-browser software[C] //Proc of the ACM Conf on Computer and Communications Security. New York: ACM, 2012:38-49 [34] Fahl S, Harbach M, Muders T, et al. Why eve and mallory love android:an analysis of android SSL (in)security[C] //Proc of the ACM Conf on Computer and Communications Security. New York: ACM, 2012:50-61 [35] Brubaker C, Jana S, Ray B, et al. Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations[C] //Proc of the 2014 IEEE Symp on Security and Privacy. Piscataway: IEEE, 2014:114-129 [36] Chau S Y, Chowdhury O, Hoque E, et al. SymCerts: Practical Symbolic Execution for Exposing Noncompliance in X.509 Certificate Validation Implementations[C] //Proc of the 2017 IEEE Symp on Security and Privacy. Piscataway: IEEE, 2017:503-520 [37] Chen C, Tian C, Duan Z, et al. RFC-directed differential testing of certificate validation in SSL/TLS implementations[C] //Proc of the 40th Int Conf on Software Engineering. New York: ACM, 2018: 859-870 [38] Evans C, Palmer C, Sleevi R. IETF RFC 7469: Public key pinning extension for HTTP. [DB/OL]. https://tools.ietf.org/html/rfc7469 [39] Dukhovni V, Hardaker W. IETF RFC 7671: The DNS-Based Authentication of Named Entities (DANE) Protocol: Updates and Operational Guidance[DB/OL]. https://tools.ietf.org/html/rfc7671 [40] Szalachowski P, Matsumoto S, Perrig A. PoliCert: Secure and Flexible TLS Certificate Management[J]. Proc of the 2014 ACM SIGSAC Conf on Computer and Communications Security , New York: ACM, 2014:406-417 [41] Laurie B, Langley A, Kasper E. Certificate transparency[DB/OL] .https://www.certificate-transparency.org/ [42] Basin D, Cremers C, Kim H J, et al. ARPKI: Attack Resilient Public-Key Infrastructure[C] //Proc of the 2014 ACM SIGSAC Conf on Computer and Communications Security. New York: ACM, 2014:382-393 [43] Wendlandt D, Andersen D, Perrig A. Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing[C] //Proc of the 2008 USENIX Annual Technical Conf, Berkeley: USENIX, 2009:321-334 [44] Kasten J, Wustrow E, Halderman J A. CAge: Taming Certificate Authorities by Inferring Restricted Scopes[G] //LNCS:7859: Proc of the Int Conf on Financial Cryptography and Data Security. Berlin: Springer, 2013 [45] Soghoian C, Stamm S. Certified lies: Detecting and defeating government interception attacks against SSL (short paper)[C] //Proc of the Int Conf on Financial Cryptography and Data Security. Berlin: Springer, 2011: 250-259 [46] Gullasch D, Bangerter E, Krenn S. Cache games--Bringing access-based cache attacks on AES to practice[C] //Proc of the Security and Privacy , Piscataway: IEEE, 2011: 490-505 [47] Yarom Y, Falkner K. FLUSH+ RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack[C] //Proc of the USENIX Security Symp. Berkeley : USENIX , 2014, 1: 22-25 [48] Liu F, Yarom Y, Ge Q, et al. Last-Level Cache Side-Channel Attacks are Practical[C] //Proc of the IEEE Symp on Security and Privacy. New York, IEEE, 2015:605-622 [49] Zhang Y, Juels A, Reiter M K, et al. Cross-VM side channels and their use to extract private keys[C] //Proc of the ACM Conf on Computer and Communications Security. New York:ACM2012, 2012:305-316 [50] C. Disselkoen, D. Kohlbrenner, L. Porter, D. Tullsen. Prime+Abort: A Timer-free High-precision L3 Cache Attack using Intel TSX[C]. //Proc of 2017 USENIX Security. Berkeley : USENIX, 2017 [51] Genkin D, Pachmanov L, Pipman I, et al. ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels[C] //Proc of the 2016 ACM SIGSAC Conf on Computer and Communications Security. New York:ACM, 2016:1626-1638 [52] Genkin D, Pachmanov L, Pipman I, et al. Stealing Keys from PCs Using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation[C] //Proc of the Int Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2015:207-228 [53] Genkin D, Pipman I, Tromer E. Get your hands off my laptop: physical side-channel key-extraction attacks on PCs[J]. Journal of Cryptographic Engineering, 2015, 5(2):95-112 [54] Genkin D, Shamir A, Tromer E. RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis[C] //Proc of the 34th Annual Cryptology Conf. Berlin: Springer, 2014:444-461 [55] Halderman J A, Schoen S D, Heninger N, et al. Lest we remember: cold-boot attacks on encryption keys[J]. Communications of the ACM, 2009, 52(5): 91-98 [56] Stewin P, Bystrov I. Understanding DMA Malware[C] //LNCS 7591: Proc of the Detection of Intrusions and Malware, and Vulnerability Assessment - 9th Int Conf. Berlin: Springer, 2013:21-41 [57] Blass E O, Robertson W. TRESOR-HUNT:attacking CPU-bound encryption[C] //Proc of the 28th Annual Computer Security Applications Conf. New York: ACM 2012, 2012:71-78 [58] Harrison K, Xu S. Protecting cryptographic keys from memory disclosure attacks[C] //Proc of the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, Piscataway: IEEE. 2007: 137-143 [59] Chow J, Pfaff B, Garfinkel T, et al. Understanding data lifetime via whole system simulation[C] //Proc of the USENIX Security Symp. Berkeley : USENIX , 2004: 321-336 [60] Intel I. Software Guard Extensions Programming Reference, Revision 2[DB/OL]. https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf [61] Müller U. Software Grand Exposure:SGX Cache Attacks Are Practical[C] //Proc of the 11th USENIX Workshop on Offensive Technologies. Berkeley:USENIX, 2017 [62] Xu Y, Cui W, Peinado M. Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems[C] //Proc of the 36th IEEE Symposium on Security and Privacy. Piscataway: IEEE, 2015:640-656 [63] Shinde S, Chua Z L, Narayanan V, et al. Preventing your faults from telling your secrets: Defenses against pigeonhole attacks[DB/OL]. https://arxiv.org/abs/1506.04832 [64] Lee J, Jang J, Jang Y, et al. Hacking in Darkness: Return-oriented Programming against Secure Enclaves[C] //Proc of 26th USENIX Security Symp, Berkeley:USENIX, 2017 [65] Weichbrodt N , Kurmus A , Pietzuch P , et al. AsyncShock: Exploiting Synchronisation Bugs in Intel SGX Enclaves[G] //LNCS 9878:Proc of the European Symp on Research in Computer Security. Berlin: Springer, 2016 [66] Lipp M, Schwarz M, Gruss D, et al. Meltdown[EB/OL]. https://arxiv.org/abs/1801.01207 [67] Kocher P, Genkin D, Gruss D, et al. Spectre Attacks: Exploiting Speculative Execution[EB/OL]. https://arxiv.org/abs/1801.01203 [68] Dan B, Ding X, Tsudik G, et al. A method for fast revocation of public key certificates and security capabilities[C] //Proc of the 10th USENIX Security Symp. Berkeley:USENIX, 2001:22 [69] Ding X, Mozzacchi D, Tsudik G. Experimenting with server-aided signatures[C] //Proc of the Network and Distributed System Security Symp, NDSS 2002, Virginia:ISOC, 2002 [70] 林璟锵, 马原, 荆继武. 适用于云计算的基于SM2算法的签名及解密方法和系统. 中国发明专利ZL2014104375995[P], 2017.11.03 [71] Jiang F, Cai Q, Guan L, et al. Enforcing Access Controls for the Cryptographic Cloud Service Invocation Based on Virtual Machine Introspection[C] //Proc of the Information Security - 21st International Conference. Berlin: Springer, 2018:213-230 [72] Perrig A, Perrig A, Perrig A. CASTLE: CA signing in a touch-less environment[C] //Proc of the 32nd Annual Conf on Computer Security Applications. New York:ACM, 2016:546-557 |
[1] | 杨鹏飞 罗奇伟 李尧. 数字政府网络安全指数评估体系研究[J]. 信息安全研究, 2021, 7(3): 257-262. |
[2] | 门嘉平 肖扬文 马涛. 社会工程学攻击之钓鱼邮件分析[J]. 信息安全研究, 2021, 7(2): 166-170. |
[3] | 王逸鹤 黄亦芃. 面向网络安全防御防护的大数据平台架构研究[J]. 信息安全研究, 2021, 7(1): 75-80. |
[4] | 寇春静 刘志娟 张弛 雷灵光. 中国大陆信息网络安全学术研究的影响力分析[J]. 信息安全研究, 2020, 6(9): 0-0. |
[5] | 吉梁. 央企商密网分类分域安全防护体系设计与思考[J]. 信息安全研究, 2020, 6(9): 0-0. |
[6] | 邱勤 张滨 吕欣. 5G安全需求与标准体系研究[J]. 信息安全研究, 2020, 6(8): 673-679. |
[7] | 段伟伦 韩晓露 吕欣 李阳. 美国5G安全战略分析及启示[J]. 信息安全研究, 2020, 6(8): 688-693. |
[8] | 崔枭飞 樊晓贺. 新基建浪潮下5G mMTC业务场景安全问题研究[J]. 信息安全研究, 2020, 6(8): 710-715. |
[9] | 张彦 司群 冯凤娟. 铁路网络安全测评体系研究[J]. 信息安全研究, 2020, 6(8): 738-743. |
[10] | 张泽 樊江伟 周南. 基于MEA-LVQ的网络态势预测模型 [J]. 信息安全研究, 2020, 6(6): 0-0. |
[11] | 肖喜生 彭凯飞 龙春 魏金侠 赵静. 基于人工智能的安全态势预测技术研究综述[J]. 信息安全研究, 2020, 6(6): 0-0. |
[12] | 李憧 刘鹏 蔡国庆. 基于流量感知的动态网络资产监测研究[J]. 信息安全研究, 2020, 6(6): 0-0. |
[13] | 刘思博 刘鹏. 态势感知在电子政务信息安全中的应用[J]. 信息安全研究, 2020, 6(6): 0-0. |
[14] | 蔡国庆 刘鹏 李憧. 政务网站流量安全基线分析研究[J]. 信息安全研究, 2020, 6(6): 0-0. |
[15] | 刘蓓 程浩 包丽娜 文博. 远程移动办公安全标准研究与实践[J]. 信息安全研究, 2020, 6(4): 282-288. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||