摘要
密码学是网络空间安全技术的重要组成,发挥了基础性的核心作用.在计算机和网络系统中应用密码学原理,设计和实现安全服务,极大地提高了网络空间的安全性.在网络空间中应用密码算法和密码协议,需要从计算机和网络系统的角度来考虑密码技术,在严谨而抽象的密码学与复杂而具体的信息系统之间建立联系.从数据、系统、实体等之间关系的角度出发,初次尝试探讨密码应用安全的技术体系;即在密码学理论已经完备的前提下,在计算机和网络系统中应用密码学原理,应该重点解决哪些方面的技术问题,列出了密码应用安全研究中需要完成的工作:1)选择合适的密码算法、工作模式和密码协议;2)维护合理的密钥参数;3)产生安全的随机数;4)以正确的方式实现和使用密码协议;5)绑定密钥与实体;6)确保密钥安全;7)实施密码计算的使用控制.结合已有的公开研究成果,详细论述了每一方面研究的问题和内容.
Cryptography plays an important fundamental role in cyber security.Applying cryptography in computer and network systems to implement security services has improved the security of cyber space.The application of cryptography in cyber space,requires the consideration of the view of cryptography from the point of view of computer and network security,to establish the relationship between rigorous but abstract cryptography and complex but concrete information systems.This paper discusses the taxonomy of the secure application of cryptography,by analyzing the influences among data,systems,and entities.We attempt to answer the question:when cryptography theory is ready,which technical issues shall be solved towards the secure application of cryptography in computer and network systems?We list the following issues:1)choose suitable cryptographic algorithms,work modes and cryptographic protocols,2)maintain reasonable cryptographic keys,3)generate secure random numbers,4)implement and deploy cryptographic protocols correctly,5)bind cryptographic keys to entities,6)ensure the security of cryptographic keys,and 7)enforce the use control of cryptographic computations.Based on the related works,we describe each of these technical issues detailedly.
作者
林璟锵
荆继武
Lin Jingqiang;Jing Jiwu(Data Assurance and Communications Security Research Center,Chinese Academy of Sciences,Beijing 100093;State Key Laboratory of Information Security (Institute of Information Engineering,Chinese Academy of Sciences),Beijing 100093;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049)
出处
《信息安全研究》
2019年第1期14-22,共9页
Journal of Information Security Research
基金
国家自然科学基金项目(61772518)
国家重点研发计划网络空间安全重点专项(2017YFB0802100)
关键词
应用密码学
网络安全
系统安全
网络空间安全
密钥安全
applied cryptography
network security
system security
cyber security
cryptographic key security
