標識鑑別：網際安全技術基礎

本書討論了未來“網際安全”的關鍵技術――基於標識鑑別的可信系統，也討論了與此相關的自證性公鑰體制、信任邏輯，以及信任邏輯在可信接入、可信計算、可信交易、可信物流。網路管理中的套用，以及在網際網路和物聯網構成的網際空間中建立互信的基本技術，也討論了新一代信息安全的概念和下一代綠色網路安全的發展方向

Contents

Part OneAuthentication Technology

Chapter 1Basic Concepts

1?1Physical World and Digital World

1?2A World with Order and without Order

1?3Self?assured Proof and 3rd Party Proof

1?4Certification Chain and Trust Chain

1?5Centralized and Decentralized Management

1?6Physical Signature and Digital Signature

Chapter 2Authentication Logics

2?1Belief Logic

2?1?1The Model

2?1?2The Formulae

2?1?3The Characteristics of Belief Logic

2?2Trust Logic

2?2?1Direct Trust

2?2?2Axiomatic Trust

2?2?3Inference Trust

2?2?4Behavior Based Trust

2?2?5Characteristics of Trust Logic

2?3Truth Logic

2?3?1The Needs of Truth Logic

2?3?2Entity Authenticity

2?3?3The Characteristics of Truth Logic

2?4Authentication Protocols

2?4?1Standard Protocol

2?4?2CPK Protocol

2?5Authentication Systems

2?5?1PKI Certification System

2?5?2CPK Authentication System

Chapter 3Identity Authentication

3?1Communication Identity Authentication

3?2Software Identity Authentication

3?3Electronic Tag Authentication

3?4Network Management

3?5Holistic Security

Part TwoCryptosystems

Chapter 4Combined Public Key (v6?0)

4?1Introduction

4?2Mapping Function

4?3Computation of Keys

4?3?1Computation of Identity?Key

4?3?2Computation of Separating?key

4?3?3Computation of General?key

4?3?4Computation of District?key

4?4Digital Signature and Key Delivery

4?4?1Digital Signature

4?4?2Key Delivery

4?5Security

Conclusion

Chapter 5Cryptosystem and Authentication

5?1New Requirements for Cryptosystem

5?2Development of Cryptosystems

5?3Identity Authentication Schemes

5?3?1Identity Authentication with IBC

5?3?2Identity Authentication with CPK

5?3?3Identity Authentication with PKI

5?3?4Identity Authentication with IB?RSA

5?3?5Identity Authentication with mRSA

5?3?6Comparison of Schemes

5?4Key Delivery Schemes

5?4?1IBE Key Delivery

5?4?2CPK Key Delivery

5?4?3Other Key Delivery Schemes

5?4?4Performance Comparison

5?5Related Discussions

5?5?1Discussion on Trust Root

5?5?2Discussion on Quantum Attack

Chapter 6Bytes Encryption

6?1Coding Structure

6?1?1Permutation Table (disk)

6?1?2Substitution Table (subst)

6?1?3Key Structure

6?2Working Flow

6?2?1Given Conditions

6?2?2Key Derivation

6?2?3Data Expansion

6?2?4Compound of Data and Key

6?2?5Left Shift Accumulation

6?2?6Permutation

6?2?7Right Shift Accumulation

6?2?8Data Concentration

6?2?9Single Substitution

6?2?10Compound of Data and Key

6?3Security Analysis

Part ThreeCPK System

Chapter 7CPK Key Management

7?1CPK Key Distribution

7?1?1Authentication Network

7?1?2Communication Key

7?1?3Classification of Keys

7?2CPK Signature

7?2?1Digital Signature and Verification

7?2?2Signature Format

7?3CPK Key Delivery

7?4CPK Data Encryption

7?5Key Protection

7?5?1Password Verification

7?5?2Password Change

Chapter 8CPK?chip Design

8?1Background

8?2Main Technology

8?3Chip Structure

8?4Main Functions

8?4?1Digital Signature

8?4?2Data Encryption

Chapter 9CPK ID?card

9?1Background

9?2ID?card Structure

9?2?1The Part of Main Body

9?2?2The Part of Variables

9?3ID?card Data Format

9?4ID?card Management

9?4?1Administrative Organization

9?4?2Application for ID?card

9?4?3Registration Department

9?4?4Production Department

9?4?5Issuing Department

Part FourCode Authentication

Chapter 10Software ID Authentication

10?1Technical Background

10?2Main Technology

10?3Signing Module

10?4Verifying Module

10?5The Feature of Code Signing

Chapter 11Windows Code Authentication

11?1Introduction

11?2PE File

11?3Mini?filter

11?3?1NT I/O Subsystem

11?3?2File Filter Driving

11?3?3Mini?filter

11?4Code Authentication of Windows

11?4?1The System Framework

11?4?2Characteristics Collecting

11?5Conclusion

Chapter 12Linux Code Authentication

12?1General Description

12?2ELF File

12?3Linux Security Module (LSM) Framework

12?4Implementation

Part FiveCommunication Authentication

Chapter 13Phone Authentication

13?1Main Technologies

13?2Connecting Procedure

13?3Data Encryption

13?4Data Decryption

Chapter 14SSL Communication Authentication

14?1Layers of Communication

14?2Secure Socket Layer (SSL)

14?3Authenticated Socket Layer (ASL)

14?4TSL Working Principle

14?5ASL Address Authentication

14?6Comparison

Chapter 15Router Communication Authentication

15?1Principle of Router

15?2Requirements of Authenticated Connection

15?3Fundamental Technology

15?4Origin Address Authentication

15?5Encryption Function

15?5?1Encryption Process

15?5?2Decryption Process

15?6Requirement of Header Format

15?7Computing Environment

15?7?1Evidence of Software Code

15?7?2Authentication of Software Code

Conclusion

Part Sixe?Commerce Authentication

Chapter 16e?Bank Authentication

16?1Background

16?2Counter Business

16?3Business Layer

16?4Basic Technology

16?5Business at ATM

16?6Communication Between ATM and Portal

16?7The Advantages

Chapter 17e?Bill Authentication

17?1Bill Authentication Network

17?2Main Technologies

17?3Application for Bills

17?4Circulation of Bills

17?5Verification of Check

Part SevenLogistics Authentication

Chapter 18e?Tag Authentication

18?1Background

18?2Main Technology

18?3Embodiment (Ⅰ)

18?4Embodiment (Ⅱ)

Chapter 19e?Wallet Authentication

19?1Two Kinds of Authentication Concept

19?2System Configuration

19?3Tag Structure

19?3?1Structure of Data Region

19?3?2Structure of Control Region

19?4Tag Data Generation and Authentication

19?4?1KMC

19?4?2Enterprise

19?4?3Writer and Reader

19?5Protocol Design

19?6Conclusion

Part EightStored File Authentication

Chapter 20Storage Authentication

20?1Security Requirements

20?2Basic Technology

20?3File Uploading Protocol

20?4File Downloading Protocol

20?5Data Storing

20?5?1Establishment of Key File

20?5?2Storage of Key File

20?5?3Documental Database Encryption

20?5?4Relational Database Encryption

Chapter 21Secure File Box

21?1Background

21?2System Framework

21?3Features of the System

21?4System Implementation

·ⅩⅦ·Chapter 22Classification Seal Authentication

22?1Background Technology

22?2Main Technologies

22?3Working Flow

22?4Embodiment

22?5Explanation

Part NineMoving Data Authentication

Chapter 23e?Mail Authentication

23?1Main Technologies

23?2Sending Process

23?3Receiving Process

Chapter 24Digital Right Authentication

24?1Technical Background

24?2Main Technologies

24?3Manufacturer′s Digital Right

24?4Enterprise′s Right of Operation

24?5Client′s Right of Usage

Part TenNetwork Authentication

Chapter 25Pass Authentication

25?1Background

25?2Working Principles

25?3The Diagram of Gate?guard

25?4Gate?guard for Individual PC

25?5Guarding Policy

·ⅩⅧ·Chapter 26Address Authentication

26?1Background

26?2Main Problems

26?3Technical Approach

26?3?1CPK Cryptosystem

26?3?2New Routing Protocol

26?3?3Computing Environment

26?4New Prototype of Router

PostscriptNew Trend of Information Security

Appendices

·ⅩⅦ·Appendix A

Walk Out of Mysterious "Black Chamber"

Appendix B

Identity Authentication Opening a New Land for Information Security

Appendix C

Searching for Safe "Silver Bullet"

Appendix D

"Electronic?ID Card" Attracts International Attention

Appendix E

CPK System Goes to the World

Appendix F

Identity Authentication Based on CPK System

Appendix G

CPK Cryptosystem

References

Glossary

Technical Terms

Symbols