基本介紹
- 書名:網際安全技術構架:基於標識鑑別的可信系統
- 原版名稱:Cyber Security Technical Framework:Trusting system based on identity Authentication
- ISBN:9787121113796, 7121113791
- 頁數:248頁
- 出版社:電子工業出版社
- 出版時間:2010年8月1日
- 裝幀:平裝
- 開本:16
- 正文語種: 英語
內容簡介,目錄,
內容簡介
《網際安全技術構架:基於標識鑑別的可信系統(英文版)》討論了未來“網際安全”的關鍵技術――基於標識鑑別的可信系統,也討論了與此相關的自證性公鑰體制、信任邏輯,以及信任邏輯在可信接入、可信計算、可信交易、可信物流。網路管理中的套用,以及在網際網路和物聯網構成的網際空間中建立互信的基本技術,也討論了新一代信息安全的概念和下一代綠色網路安全的發展方向。
目錄
FOREWORD
CONTENTS
PART ONE
AUTHENTICATION TECHNIQUE
CHAPTER 1
BASIC CONCEPTS
1.1 PHYSICAL WORLD AND DIGITAL WORLD
1.2 A WORLD WITH ORDER AND WITHOUT ORDER
1.3 SELF-ASSURED PROOF AND 3RD PARTY PROOF
1.4 CERTIFICATION CHAIN AND TRUST CHAIN
1.5 CENTRALIZED AND DECENTRALIZED MANAGEMENT
1.6 PHYSICAL SIGNATURE AND DIGITAL SIGNATURE
CHAPTER 2
AUTHENTICATION LOGIC
2.1 BELIEF LOGIC
2.2 STANDARD PROTOCOL
2.3 TRUST RELATIONSHIP
2.3.1 Direct Trust
2.3.2 Axiomatic Trust
2.3.3 Inference Trust
2.4 TRUST LOGIC
2.4.1 The requirement of Trust Logic
2.3.2 The Progress in Public Key
2.4.3 Entity Authenticity
2.4.4 The Characteristics of Trust Logic
2.5 CPK PROTOCOL
2.5.1 One-way Protocol
2.5.2 Two-way Protocol
CHAPTER 3
IDENTITY AUTHENTICATION
3.1 COMMUNICATION IDENTITY AUTHENTICATION
3.2 SOFTWARE IDENTITY AUTHENTICATION
3.3 ELECTRONIC TAG AUTHENTICATION
3.4 NETWORK MANAGEMENT
3.5 HOLISTIC SECURITY
PART TWO
CRYPTO-SYSTEMS
CHAPTER 4
COMBINED PUBLIC KEY (CPK)
4.1 INTRODUCTION
4.2 ECC COMPOUND THEOREM
4.3 IDENTITY-KEY
4.3.1 Combining Matrix
4.3.2 Mapping from Identity to Matrix Coordinates
4.3.3 Computation of Identity-Key
4.4. KEY COMPOUNDING
4.4.1 The Compounding of Identity-Key and Accompanying-Key
4.4.2 The Compounding of Identity-Key and Separating-key
4.5 CPK DIGITAL SIGNATURE
4.5.1 Signing with Accompanying-Key
4.5.2 Signing with Separating-key
4.6 CPK KEY EXCHANGE
4.6.1 Key Exchange with Separating-key
4.6.2 Key Exchange with Accompanying-Key
4.7 CONCLUSION
CHAPTER 5
SELF-ASSURED AND 3RD PARTY PUBLIC KEY
5.1 NEW REQUIREMENTS OF THE CRYPTO-SYSTEM
5.2 DEVELOPMENT OF CRYPTO-SYSTEMS
5.3 DIGITAL SIGNATURE MECHANISM
5.3.1 IBC Signature Scheme
5.3.2 CPK Signature with Separating-key
5.3.3 CPK Signature with Accompanying-Key
5.3.4 PKI Signature Scheme
5.3.5 IB-RSA Signature Scheme
5.3.6 mRSA Signature Scheme
5.3.7 Comparison of Schemes
5.4 KEY EXCHANGE SCHEME
5.4.1 IBE Key Exchange
5.4.2 CPK Key Exchange
5.4.3 Other Key Exchange Schemes
5.4.4 Performance Comparison
5.5 DISCUSSION ON TRUST ROOT
CHAPTER 6
BYTES ENCRYPTION
6.1 TECHNICAL BACKGROUND
6.2 CODING STRUCTURE
6.2.1 Transposition Table (disk)
6.2.2 Substitution Table (subst)
6.3 8-BIT OPERATION
6.3.1 Assumptions
6.3.2 Key Derivation
6.3.3 Combination of Data and Keys
6.3.4 Left Shift Accumulation
6.3.5 Transposition Conversion
6.3.6 Single Substitution Conversion
6.3.7 Re-combination of Data and Keys
6.3.8 Right Shift Accumulation
6.3.9 Re-transposition
6.4 7-BIT OPERATION
6.4.1 Given Conditions
6.4.2 Key Derivation
6.4.3 Combination of Data and Key
6.4.4 Left Shift Accumulation
6.4.5 Transposition Conversion
6.4.6 Single Substitution Conversion
6.4.7 Re-combination of Data and Key
6.4.8 Right Shift Accumulation
6.4.9 Re-composition
6.5 SAFETY EVALUATION
6.5.1 Key Granularity
6.5.2 Confusion and Diffusion
6.5.3 Multiple-level Product Conversion
PART THREE
CPK SYSTEM
CHAPTER 7
CPK KEY MANAGEMENT
7.1 CPK KEY DISTRIBUTION
7.1.1 Authentication Network
7.1.2 Communication Key
7.1.3 Classification of Keys
7.2 CPK SIGNATURE
7.2.1 Digital Signature and Verification
7.2.2 Signature Format
7.3 CPK KEY EXCHANGE
7.4 CPK DATA ENCRYPTION
7.5 KEY PROTECTION
7.5.1 Password Verification
7.5.2 Password Change
CHAPTER 8
CPK-CHIP DESIGN
8.1 BACKGROUND
8.2 MAIN TECHNOLOGY
8.3 CHIP STRUCTURE
8.4 MAIN FUNCTIONS
8.4.1 Digital Signature
8.4.2 Data Encryption
CHAPTER 9
CPK ID-CARD
9.1 BACKGROUND
9.2 ID-CARD STRUCTURE
9.2.1 The Part of Main Body
9.2.2 The Part of Variables
9.3 ID-CARD DATA FORMAT
9.4 ID-CARD MANAGEMENT
9.4.1 Administrative Organization
9.4.2 Application for ID-Card
9.4.3 Registration Department
9.4.4 Production Department
9.4.5 Issuing Department
PART FOUR
TRUST COMPUTING
CHAPTER 10
SOFTWAREID AUTHENTICATION
10.1 TECHNICAL BACKGROUND
10.2 MAIN TECHNOLOGY
10.3 SIGNING MODULE
10.4 VERIFYING MODULE
10.5 THE FEATURE OF CODE SIGNING
CHAPTER 11
CODE SIGNING OF WINDOWS
11.1 INTRODUCTION
11.2 PE FILE
11.3 MINI-FILTER
11.3.1 NT I/O Subsystem
11.3.2 File Filter Driving
11.3.3 Minifilter
11.4 CODE AUTHENTICATION OF WINDOWS
11.4.1 The System Framework
11.4.2 Characteristics Collecting
11.5 CONCLUSION
CHAPTER 12
CODE SIIGNING OF LINUX
12.1 GENERAL DESCRIPTION
12.2 ELF FILE
12.3 LINUX SECURITY MODULE (LSM) FRAMEWORK
12.4 IMPLEMENTATION
PART FIVE
TRUST CONNECTING
CHAPTER 13
PHONE TRUST CONNECTING
13.1 MAIN TECHNOLOGIES
13.2 CONNECTING PROCEDURE
13.3 DATA ENCRYPTION
13.4 DATA DECRYPTION
CHAPTER 14
SOCKET LAYER TRUST CONNECTING
14.1 LAYERS OF COMMUNICATION
14.2 SECURE SOCKET LAYER (SSL)
14.3 TRUSTED SOCKET LAYER (TSL)
14.4 TSL WORKING PRINCIPLE
14.5 TSL ADDRESS AUTHENTICATION
14.6 COMPARISON
CHAPTER 15
ROUTER TRUST CONNECTING
15.1 PRINCIPLE OF ROUTER
15.2 REQUIREMENTS OF TRUSTED CONNECTION
15.3 FUNDAMENTAL TECHNOLOGY
15.4 ORIGIN ADDRESS AUTHENTICATION
15.5 ENCRYPTION FUNCTION
15.5.1 Encryption Process
15.5.2 Decryption Process
15.6 REQUIREMENT OF HEADER FORMAT
15.7 TRUSTED COMPUTING ENVIRONMENT
15.7.1 Evidence of Software Code
15.7.2 Authentication of Software Code
PART SIX
TRUST E-COMMERCE
CHAPTER 16
E-BANK AUTHENTICATION
16.1 BACKGROUND
16.2 COUNTER BUSINESS
16.3 BUSINESS LAYER
16.4 BASIC TECHNOLOGY
16.5 BUSINESS AT ATM
16.6 COMMUNICATION BETWEEN ATM AND PORTAL
16.7 THE ADVANTAGES
CHAPTER 17
E-BILL AUTHENTICATION
17.1 BILL AUTHENTICATION NETWORK
17.2 MAIN TECHNOLOGIES
17.3 APPLICATION FOR BILLS
17.4 CIRCULATION OF BILLS
17.5 VERIFICATION OF CHECK
PART SEVEN
TRUST LOGISTICS
CHAPTER 18
E-TAG AUTHENTICATION
18.1 BACKGROUND
18.2 MAIN TECHNOLOGY
18.3 EMBODIMENT (Ⅰ)
18.4 EMBODIMENT (Ⅱ)
CHAPTER 19
THE DESIGN OF MYWALLET
19.1 TWO KINDS OF AUTHENTICATION CONCEPT
19.2 SYSTEM CONFIGURATION
19.3 TAG STRUCTURE
19.3.1 Structure of Data Region
19.3.2 Structure of Control Region
19.4 TAG DATA GENERATION AND AUTHENTICATION
19.4.1 KMC
19.4.2 Enterprise
19.4.3 Writer and Reader
19.5 PROTOCOL DESIGN
19.6 CONCLUSION
PART EIGHT
FILE & NETWORK MANAGEMENT
CHAPTER 20
E-MAIL AUTHENTICATION
20.1 MAIN TECHNOLOGIES
20.2 SENDING PROCESS
20.3 RECEIVING PROCESS
CHAPTER 21
DATA STORAGE AUTHENTICATION
21.1 SECURITY REQUIREMENTS
21.2 BASIC TECHNOLOGY
21.3 FILE UPLOADING PROTOCOL
21.4 FILE DOWNLOADING PROTOCOL
21.5 DATA STORING
21.5.1 Establishment of Key File
21.5.2 Storage of Key File
21.5.3 Documental Database Encryption
21.5.4 Relational Database Encryption
CHAPTER 22
SECURE FILE BOX
22.1 BACKGROUND
22.2 SYSTEM FRAMEWORK
22.3 FEATURES OF THE SYSTEM
22.4 SYSTEM IMPLEMENTATION
CHAPTER 23
E-SEAL OF CLASSIFICATION
23.1 BACKGROUND TECHNOLOGY
23.2 MAIN TECHNOLOGIES
23.3 WORKING FLOW
23.4 EMBODIMENT
23.5 EXPLANATION
CHAPTER 24
WATER-WALL FOR INTRANET
24.1 BACKGROUND
24.2 WORKING PRINCIPLES
24.3 THE DIAGRAM OF INTRANET WATER-WALL
24.4 WATER-WALL FOR INDIVIDUAL PC
24.5 GUARDING POLICY
CHAPTER 25
DIGITAL RIGHT AUTHENTICATION
25.1 TECHNICAL BACKGROUND
25.2 MAIN TECHNOLOGIES
25.3 MANUFACTURER'S DIGITAL RIGHT
25.4 ENTERPRISE'S RIGHT OF OPERATION
25.5 CLIENT'S RIGHT OF USAGE
REFERENCES
APPENDICES
APPENDIX A
WALK OUT OF MYSTERIOUS “BLACK CHAMBER”
APPENDIX B
IDENTITY AUTHENTICATION OPENING A NEW LAND FOR INFORMATION SECURITY
APPENDIX C
SEARCHING FOR SAFE “SILVER BULLET”
APPENDIX D
“ELECTRONIC ID CARD” ATTRACTS INTERNATIONAL ATTENTION
APPENDIX E
CPK SYSTEM GOES TO THE WORLD
APPENDIX F
IDENTITY AUTHENTICATION BASED ON CPK SYSTEM