Something about network security
Created#More Posted time:Dec 12, 2016 16:17 PM
There are a lot of traps and complexities in the network security sector. I have read many materials now and then, but always feel the sector is dimly discernible. It may be because I primarily engage in application development, with limited chances to set foot in real practical cryptography and security designs.
I. How to ensure communication security?
This is an ancient topic and the experience of ancestors tells us a watchword can ensure communication security. As a result, all sorts of watchwords came about. As a matter of fact, the watchword serves to encrypt the message, being a cover of the original information. Into the modern time, encryption develops into a discipline and many classic stories about encryption/decryption fights appear.
So the encryption as a way of ensuing communication security is feasible and stands the tests of history.
II. Cryptography’s extension into the network
Conventional encryption is mostly symmetric, that is, the same key is used for both the locking and unlocking. But the internet environment is born to be insecure, and a message of “my credit card num is 110945110945” will go through countless routers, switches all the way from Shanghai to Beijing. During the communication, if some bad guy (man in the middle) wants to steal your data, it will be just like picking it up in his bag. So encrypt the message. But if you adopt the symmetric approach, and this key is owned by everybody, it is no different from no encryption.
The solution is asymmetric encryption. For details, see the above reference.
III. How to ensure data integrity?
Okay. Afterasymmetric encryption, we don’t need to worry about our communication data being intercepted by some middle man. But a new problem emerges (humankind are always in pursuit of excellence and perfection instinctively). How can I know this message hasn’t been tampered with and is authentic and valid?
We can use Digital Signature to judge whether the message has been tampered or not. It is very easy. The sender adopts a one-way hashing algorithm to generate the source data abstract. This algorithm ensures that all the changes to the source data will generate different abstracts. The sender sends the source data and abstract together to the receiver which generates the abstract again with the same algorithm after the message receipt, and compares it with the version sent from the sender. If the two match, it can be deemed that the message has never been changed.
IV. How to ensure the identity authenticity of communicators?
The digital signature ensures the data integrity, so how can you ensure that the identity of the communicator on the other side is authentic? This identity authentication must be performed by a third party, because you cannot testify for yourself. Everybody can declare they are the CMB (China Merchants Bank), but why should I trust your declaration? But if CBRC (China Banking Regulatory Commission) says, yes he is CMB indeed, you will be convinced and feel safe to tell your bank password to CMB. Isn’t it? This solution addressing the trust issue is the Digital Certificate. And the third party is called CA (Certificate Authority). By authority, we feel the authoritativeness. Although it may not always be the CBRC, it is absolutely reliable and trustable. Well-known CAs include VeriSign which was purchased by Symantec. Our company is using it.
V. Authentication, authorization and access
Enter the user name, password to log in to the system. Oops do not forget the verification code. This is the mode adopted by the internet in the early stage, including a majority of current applications. But with internet evolution, more and more service providers start to open their services to third-party applications, which demand has become so strong with the popularity of social networks in particular that it is almost a standard of large websites.
How can we allow third-party applications to access user resources without accessing the user’s sensitive information?
If we adopt conventional login method using the user name and password, it means that third-party application will inevitably access the user name and password, which is obviously not in line with our demand. What should we do? A group of smart guys carefully studied the entire verification process and split and abstracted the process into three steps, that is, authentication, authorization and access. This reminds me of the old saying that “In the world of computers, any problems can be solved by adding a layer.” Yes. After the access layer is added, the above-mentioned requirement can be met. For details on the implementation, see below.
After the process is split, the access resources are decoupled with the authentication and authorization. That is to say, the authentication and authorization are performed first somewhere. After they are completed, an access token is issued, and the requester can access the resources with this access token. Of course the resource server should be responsible for verifying the validity of the token. How is the verification performed? There are many methods, with the most common one being using the token as the reference ID to get related information from the authorization server.
In this way, the third-party application only need to guide the user to complete the authentication and authorization without touching the user credential information (username, password), and then the application can access the resource server with the access token it obtains in the above step. This is also the working procedure of OAuth.