Keywords: network and information security; Information security awareness; Information security technology
With the access of the Internet, the network has become an indispensable part of our life. With the development of computer network, its openness, appreciation and interconnection are constantly expanding, and the importance of the network and its influence on society are increasing. On the other hand, security issues such as viruses, hacker programs, mail bombs and remote interception have gradually become the focus of today's network society. Below, the author makes a simple discussion on information security under the network environment from several aspects.
As we all know, the Internet is the largest computer network communication system in the world today, and the information it provides includes words, data, images, sounds and other forms. Its application has been involved in medicine, economy, politics, science, law, military, physics, sports and other fields of social life. However, with the development of microelectronics, optoelectronics, computers, communication and information services, especially the development of the information industry based on the Internet, the importance of network security has become increasingly prominent. Information may be accessed, tampered with or destroyed without authorization at any time, and may also be blocked and replaced, resulting in incorrect reading, which poses a great threat to the normal operation of the network and even causes network paralysis.
According to the report of June 1993 10 in the United States, due to high-tech crimes, the number of users' satellite communication was intercepted by the detector and then copied and sold. 1in June 1992, the United States had $2 billion in international telephone charges, which caused serious losses to the companies concerned. At present, only bank passwords are stolen by others, and the American banking industry loses billions of dollars every year. At the beginning of 1996, a joint investigation by the San Francisco Computer Security Association and the Federal Bureau of Investigation showed that 53% of enterprises had been attacked by computer viruses, and 42% of enterprises' computer systems had been illegally used in the past 12 months. A Pentagon research team said that the United States was attacked as many as 250,000 times a year.
Although China's network security is still relatively backward, hackers have been in line with international standards. According to the data of the Ministry of Public Security, during the period of 1998, nearly 100 computer hacking cases were cracked nationwide. In China, all kinds of illegal activities using computer networks are increasing at an annual rate of 30%. Hackers' attack methods have gone beyond the types of computer viruses, and there are nearly a thousand kinds in total. In China, the total amount of hacking crimes against banks, securities and other financial fields has reached hundreds of millions of yuan, and hacking crimes against other industries have also occurred from time to time.
The research on computer network security began in the late 1960s. However, due to the backward speed and performance of computers at that time, the research on computer security has been confined to a small scope. After entering the 1980s, the performance of computers has been greatly improved, the application scope has been continuously expanded, and computers have spread all over the world. Especially in 1990s, the explosive development of computer network brought people to a brand-new time and space. At the same time, people rely on computer network almost in all directions, and the information security problem under the network environment appears in front of people again.
Information security is a science that studies the protection, detection and recovery of information and its system in a specific application environment according to a specific security strategy.
The research of information security involves mathematics, computer, communication, law and many other disciplines, which can be roughly divided into three areas: basic theory and application research, applied technology research and security management research. Among them, the basic theory and application research mainly include cryptography theory, identity recognition, access control and authorization, security protocols and so on.
From the perspective of protection, detection and recovery system, information security mainly has six security objectives: confidentiality, integrity, availability, authenticity, non-repudiation and controllability. Their meanings are explained as follows:
Confidentiality: means that information will not be leaked or exposed to unauthorized individuals, organizations or systems. In other words, only authorized users can know the true content of information, and any unauthorized person can't read the true content or use the information even if it is intercepted.
Integrity: the information is complete and consistent. That is, information has not been tampered with or destroyed by unauthorized means in the process of generation, storage, transmission or use.
Non-repudiation: refers to the fact that legal users can't deny that they have sent or received information afterwards, or can't deny their actions in a broad sense.
Authenticity: refers to the fact that the user or subject who wants to pass customs in the process of information interaction is real, not forged or disguised.
Controllability: refers to controlling the access of the subject to the system or data according to certain rules to avoid unauthorized operation or use.
Availability: divided into data availability and system availability. The availability of data means that authorized users can access the information allowed by their rights at any time as needed without interference or hindrance. The availability of a system means that the system carrying information runs according to its predetermined rules and will not turn into a non-stationary state. The availability of system is closely related to the availability of data.
Encryption technology can provide confidentiality for data or communication information flow. At the same time, it plays a leading or auxiliary role in the realization of other security mechanisms.
Encryption algorithm is a coding rule for messages, and the coding and decoding of this rule depend on parameters called keys. Users can use encoding rules to change plaintext messages into ciphertext under key control, and can also use decoding rules to restore ciphertext messages under key control. Without the correct key, encryption and decryption operations cannot be realized, thus making it impossible for unauthorized users to recover confidential information.
According to the characteristics of the key, the current encryption technology is divided into symmetric cryptosystem and asymmetric cryptosystem. Symmetric cryptographic algorithms include DES (Data Encryption Standard) and its variants, IDEA algorithm, AES, RC5, etc. The famous asymmetric cryptographic algorithms include RSA, knapsack cipher, Ditter-HeUman, circular curve algorithm and so on.
(1) symmetric password. In a symmetric key system, the key used must be completely secret, and the encryption key is the same as the decryption key, or the decryption key can be derived from the encryption key, and vice versa. Common encryption standards are DES, etc. When DES is used, users and recipients use 64-bit keys to encrypt and decrypt messages. DES is mainly encrypted by substitution and shift. It encrypts 64-bit binary data blocks with a 56-bit key. Each encryption can encode 64-bit input data 16 rounds. After a series of substitutions and shifts, the input 64-bit original data is converted into completely different 64-bit output data. DES algorithm only uses standard arithmetic and logic operations with a maximum of 64 bits, which is fast and easy to generate keys. It is suitable for most computers to be implemented by software and also on special chips.
(2) Asymmetric password. In asymmetric cryptosystem, every subject (individual, group or system) who uses the cryptosystem has a pair of keys: one key can be made public and is called public key; Another key must be kept secret, called the private key, which cannot be derived from the public key. More asymmetric cryptosystems, namely public key systems, are used in the Internet. The commonly used public key encryption algorithm is lISA algorithm, which has high encryption strength. When sending data, the sender encrypts a piece of data related to the sent data with his own private key as a digital signature, and then encrypts it with the receiver's key. When the receiver receives these ciphertexts, the receiver decrypts the ciphertexts with its own private key to obtain the sent data and the digital signature of the sender, and then decrypts the digital signature with the public key published by the sender. If successful, it is determined that it was sent by the sender. Digital signature is also related to the data and time of each transmission. Because of its high encryption strength, and without the need for both parties to establish a certain trust relationship or * * * to enjoy certain secrets in advance, it is very suitable for Internet use.
Digital signature, also known as electronic signature, has important applications in information security, including identity authentication, data integrity, non-repudiation and anonymity. Digital signature includes two processes: the signer signs with a given data unit and the receiver verifies the signature.
The main working methods of digital signature are as follows: the message sender generates a hash value (or message digest) of 128 bits from the message body, and encrypts this hash value with its own private key to form the sender's digital signature; Then, the digital signature will be sent to the receiver of the message together with the message as an attachment; The message receiver first calculates the hash value (or message digest) of 128 bits from the received original message, and then decrypts the digital signature attached to the message with the sender's public key. If the two hash values are the same, the receiver can confirm that the digital signature belongs to the sender, and the authentication and non-repudiation of the original message can be realized through the digital signature.
Digital signature technology is widely used. For example, digital signature technology is mainly used in applications such as electronic seals and business contracts, and it is also used in key distribution such as virtual private network (VPN) protocol family, e-mail security protocol family, Web security protocol and secure electronic payment protocol.
Identity authentication, also known as authentication or confirmation, is a process of verifying whether the authenticated object meets or is valid by verifying the authenticity and validity of one or more parameters of the authenticated object, thus ensuring the authenticity of data.
Identity authentication plays an important role in the fields of finance, medical care, insurance, customs, telecommunications, public security and so on. With the rapid development of information technology, electronic banking, network security and other application fields urgently need efficient automatic identity authentication technology. The analysis of existing authentication technologies can usually be divided into two categories.
Traditional identity authentication technology Traditional identity card technology can be divided into three categories: (1) Know: What do you know? This is an authentication method based on secret messages. That is, the authenticator authenticates according to the information provided by the authenticated party, such as password, password, code word, etc.
(2) All: What do you have? It is token authentication. The authenticator authenticates the identity according to something provided by the authenticated party, such as tokens, certificates, vouchers, etc.
(3) Characteristics: What are you, that is, the biometric authentication method. The authenticator authenticates the identity according to some characteristics of the authenticated party, such as fingerprint, iris, DNA and so on.
Generally speaking, these three authentication methods have their own advantages and disadvantages, and which authentication method to choose depends on your own situation.
People have studied and understood network security and information security for quite a long time, so the two-factor authentication technology based on dynamic password technology has developed rapidly. In the identity authentication system under the network environment, it is ideal to use dynamic password card as the basis for identity confirmation. Each dynamic password card is a unique device, which can effectively represent the user's identity and ensure a strict one-to-one correspondence between the authenticated object and the identity basis to be verified. Through technical analysis, the use of password card has the advantages of high security, strong confidentiality, anti-denial, anti-replay, anti-exposure, convenience and so on. Therefore, using this two-factor authentication technology now can bring some protection to our network use.
The access control mechanism uses the identity, category or ability of an entity to determine permissions and grant access rights. If an entity tries to make unauthorized access. Will be rejected.
In addition to computer network hardware, network operating system is the most basic component to ensure computer network security. It is the manager of computer network resources, and must have a safe control strategy and protection mechanism to prevent illegal intruders from breaking through the defense and illegally obtaining resources. The core of network operating system security is access control, that is, to ensure that the subject's access to the object can only be authorized, and unauthorized access is not allowed, and its operation is invalid.
Traffic filling refers to the need to send some useless information on idle channels in order to prevent opponents from analyzing traffic, so as to deceive opponents. This mechanism is very important in private communication lines, but it depends on the environment in public channels.
Information hiding is to deceive opponents, hiding a piece of information into a seemingly irrelevant message, and usually it must be combined with a password to ensure that it will not be discovered by opponents.
Routing control is the choice of information flow path, and specifies the path for some important information. For example, through a specific secure subnet, relay station or connecting device, or it may bypass some unsafe subnets, relays or connecting devices. As a recovery method, this routing arrangement can be pre-arranged or dynamically specified by the terminal system. Proper routing control can improve the security of the environment, thus simplifying the complexity of implementing other security mechanisms.
In the communication between two or more parties, the notarization mechanism can provide services such as data integrity, identity identification and time synchronization of the sender and the receiver. The parties to the communication are trusted notaries, called trusted third parties, who keep the necessary information of the communication parties and provide the above services in a verifiable way.
A security label is a label attached to a data source to indicate its security attributes. Security tags are usually transmitted with data in communication, which can be additional data or hidden information related to the transmitted data.
Information security concerns national security and social security. With the development of computer technology and communication technology, computer network will increasingly become an important means of information exchange, and has penetrated into all fields of social life. Therefore, the development of information security technology is an urgent requirement at present. It is very important for us to clearly understand the vulnerability and potential threats of the network and actively adopt effective security strategies to ensure the security of the network. Of course, we should also see that, like other technologies, the methods of intruders are constantly improving. There are no once-and-for-all security measures. Only by constantly improving and perfecting security measures can we ensure that there are no loopholes and ensure the normal operation of the network.