信息保障与安全doc.docx

1、信息保障与安全doc1. This book focuses on two broad areas: cryptographic algorithms and protocols, which have a broad range of applications; and network and Internet security, which rely heavily on cryptographic techniques.这本书主要集中在两大领域：加密算法与协议，具有广泛的应用范围；网络和网络安全，这很大程度上依赖于加密技术。 Cryptographic algorithms and pr

2、otocols can be grouped into four main areas:加密算法与协议可以分为四个主要部分： Symmetric encryption: Used to conceal the contents of blocks or streams of data of any size, including messages, files, encryption keys, and passwords.对称加密：用来隐藏任何大小的数据块和数据流，包括消息、文件、加密密钥和密码。 Asymmetric encryption: Used to conceal small bl

3、ocks of data, such as encryption keys and hash function values, which are used in digital signatures.非对称加密：用来隐藏小数据块，如加密密钥和散列函数值，这是用于数字签名。 Data integrity algorithms: Used to protect blocks of data, such as messages, from alteration ,:ltrein.数据完整性算法：通常保护数据块，比如信息的变化。 Authentication protocols: These are

4、 schemes based on the use of cryptographic algorithms designed to authenticate the identity of entities.认证协议：这些都是基于密码算法设计实体的身份认证方案的使用。10 09 2. COMPUTER SECURITY: The NIST Computer Security Handbook NIST95 defines the term computer security as follows:The protection afforded to an automated informati

5、on system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware固件, information/ data, and telecommunications通信). This definition introduces three key objectives that are at th

6、e heart of computer security:计算机安全：NIST计算机安全手册 nist95 计算机安全术语定义如下：给一个自动保护信息系统以达到保存完整，适用的目标的可用性，保密的信息系统资源（包括硬件、软件、固件、信息、数据和通信）。这个定义了计算机安全核心的三个关键目标：1) Confidentiality(机密性，保密性): Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and

7、proprietary information. A loss of confidentiality is the unauthorized disclosure of information. This term covers two related concepts: Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals. Privacy: Assures that indivi

8、duals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.1）保密性：保存授权限制访问和公开信息，包括保护个人隐私和机密信息的方法。保密性损失就是保密信息XX而被公开。这个术语涵盖了两个相关的概念：数据机密性：确保私人或机密信息不可用或泄露给未授权的人。隐私：确保可以被收集和储存或者可能会被公开的涉及个人控制或影响的相关信息。2) Integrity(完整性) i

9、nterti : Guarding against improper information modification or destruction破坏, including ensuring information nonrepudiation and authenticity.确保消息的不可否认性和真实性. A loss of integrity is the unauthorized modification or destruction of information. This term covers two related concepts: Data integrity: Assu

10、res that information and programs are changed only in a specified and authorized manner. System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.2）完整性：防止不良信息的修改和破坏，包括确保信息不可否认性性和真实性。损失完

11、整性是信息的XX的修改或破坏。这个术语涵盖了两个相关的概念：数据完整性：确保信息和程序只能在一个指定的授权方式下改变。系统的完整性：确保一个系统在一个未受损害的方式执行其预定的功能，免受有意或无意的XX的操作系统。3) Availability,veilbilti(可用性，有效性): Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information

12、system. Assures that systems work promptly and service is not denied to authorized users.These three concepts form what is often referred to as the CIA triad traid ;The three concepts embody the fundamental security objectives for both data and for information and computing services. 3）可用性：确保及时、可靠地访

13、问和使用信息。损失有效性是访问或使用信息或信息系统的中断。保证系统工作的及时和服务不拒绝授权的用户。这三个概念的形式通常被称为CIA的三元组。这三个概念体现了对数据和信息以及计算机安全的基本安全目标。3. we use three levels of impact on organizations or individuals should there be a breach of security (i.e., a loss of confidentiality,integrity, or availability). These levels are defined in FIPS PUB

14、 199: Low level Moderatemdrit level High level we use three levels of impact on organizations or individuals should there be a breach of security (i.e., a loss of confidentiality,integrity, or availability). These levels are defined in FIPS PUB 199: Low level Moderatemdrit level High level 我们使用三个级别的

15、影响组织或者个人的违反安全的行为（破坏机密性、完整性、可获得性）。这些级别在FIPS PUB 199定义为：低级、中级、高级Low level: The loss could be expected to have a limited adverse effect on organizational operations, organizational assets set资产, or individuals. A limited adverse effect means that, for example, the loss of confidentiality, integrity, or

16、 availability, might：(i) cause a degradation ,degrde()n in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; (ii) result in minorman damage to organizational assets; (iii) result

17、in minor financial loss; or (iv) result in minor harm to individuals.低级：低水平的损失可能会对机构的运行、机构资产或个体产生有限的不利影响；有限的不利影响，例如，保密性，完整性，可用性的损失，可能是：引起完成任务的能力的程度和持续时间有所退化，组织能够执行其主要功能，但功能性明显减少；导致少量组织资产损失；导致小的经济损失；或导致轻微的个人伤害。Moderate: The loss could be expected to have a serioussiris adverse effect on organizationa

18、l operations, organizational assets, or individuals. A serious adverse effect means that, for example, the loss might： (i) cause a significant degradation degrde()n in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness o

19、f the functions is significantly reduced; (ii) result in significant damage to organizational assets; (iii) result in significant financial loss; or (iv) result in significant harm to individuals that does not involve loss of life or serious, life-threatening injuries.中级：对机构的运行、机构资产或个体的有严重的不良效应。这些影响

20、就是，比如：引起完成任务的能力的程度和持续时间有很大退化，机构能够完成其主要功能，但是功能性显著降低。 导致重大机构资产的损失；导致重大经济损失；或者导致重大个人损失，这不涉及人身安全或者危及生命的伤害。 High: The loss could be expected to have a severesv or catastrophic adverse effect on organizational operations, organizational assets, or individuals. A severesv or catastrophic adverse effect mea

21、ns that, for example, the loss might: (i) cause a severesv degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions; (ii) result in major damage to organizational assets; (iii) result in major financial l

22、oss; or (iv) result in severe or catastrophic harm to individuals involving loss of life or serious, life-threatening injuries.高级：对机构的运行、机构资产或个体的有严重的或者灾难性的不利影响。这些严重的或者灾难性的负面影响，比如：引起完成任务能力的程度和持续时间按有严重的退化或丧失，机构不能够执行一个或者多个主要功能。导致更加重大机构资产的损失；导致更加重大经济损失；或者导致更加重大个人损失，这会涉及人身安全或者受到生命威胁的伤害。09一、The bookCrypto

23、graphy and Network Security: PRINCIPLES AND PRACTICE is organized into four broad categories，please give a introduction about the main areas covered. Answer：密码学与网络安全：原理与实践这本书可以分成四大类，请给出有关的主要领域及内容。回答：1) Cryptographic algorithms: This is the study of techniques for ensuring the secrecy and/or authenti

24、city of information. The three main areas of study in this category are: (1) symmetric encryption, (2) asymmetric encryption, and(3) cryptographic hash functions, with the related topics of message authentication codes and digital signatures.1）加密算法：这是保证信息的保密性和真实性的技术研究。这类研究的三个主要领域是：（1）对称加密（2）非对称加密（3）

25、加密哈希函数，和与相关的消息认证码和数字签名。2) Mutual trust: This is the study of techniques and algorithms for providing mutual trust in two main areas. First, key management and distribution deals with establishing trust in the encryption keys used between two communicating entities. Second, user authentication deals

26、with establishing trust in the identity of a communicating partner.3) Network security: This area covers the use of cryptographic algorithms in network protocols and network applications.4) Computer security: In this book, we use this term to refer to the security of computers against intruders (e.g

27、., hackers) and malicious software (e.g.,viruses). Typically, the computer to be secured is attached to a network, and the bulk of the threats arise from the network.2）交互互信：这是在两个主要领域提供相互信任技术和算法的研究。首先，密钥管理和分配是处理建立在两个通信实体之间使用加密密钥的信任。第二，用户认证是处理建立在通信伙伴的身份信任。3）网络安全：涵盖网络协议和网络应用的加密算法的使用。4）计算机安全：在这本书中，我们用这个

28、词来指计算机的安全防范入侵者（例如，黑客和恶意软件）（例如，病毒）。通常情况下，计算机安全和网络有关，计算机的大部分威胁都是来自网络。09二、Cryptographic algorithms have a broad range of applications and Internet security rely heavily on these cryptographic techniques. The cryptographic algorithms can be grouped into four main areas, please make an explanation about

29、these four sides .Answer:加密算法具有广泛的应用，互联网的安全性依赖于这些加密技术。加密算法可以分为四个主要领域，请对这四方面进行解释。Cryptographic algorithms and protocols can be grouped into four main areas:加密算法与协议可以分为四个主要领域：1) Symmetric encryption: Used to conceal the contents of blocks or streams of data of any size, including messages, files, encr

30、yption keys, and passwords. Symmetric encryption, also referred to as conventional encryption or single-key encryption, was the only type of encryption in use prior to the development of public-key encryption. . If both sender and receiver use the same key, the system is referred to as symmetric, si

31、ngle-key, secret-key, or conventional encryption. key encryption in the 1970s. It remains by far the most widely used of the two types of1）对称加密：用来隐藏任何尺寸的数据块和数据流，包括消息、文件、加密密钥和密码。对称加密，也称为常规加密或单密钥加密，它是公共密钥加密技术被使用之前的唯一加密类型。如果发送方和接收方使用相同的密钥，该系统被称为对称的、单密钥、密钥、或常规加密。上世纪70年代密钥加密，它仍然是目前使用最广泛的两种类型之一。2) Asymmet

32、ric encryption: Used to conceal small blocks of data, such as encryption keys and hash function values, which are used in digital signatures. If the sender and receiver use different keys, the system is referred to as asymmetric, two-key, or public-key encryption. Asymmetric encryption is a form of cryptosystem in which encryption and decryption are performe