信息安全综合实践.docx
《信息安全综合实践.docx》由会员分享,可在线阅读,更多相关《信息安全综合实践.docx(55页珍藏版)》请在冰点文库上搜索。
信息安全综合实践
目录
实验一网络通信安全
1.1实验目的
1.2实验内容
1.3相关知识
1.4实验成果
1.5实验小结
实验二网络攻防
2.1实验目的
2.2实验内容
2.3实验原理
2.4实验步骤
2.5实验小结
实验三Web服务器配置
3.1实验目的
3.2实验要求
3.3实验内容
3.4实验小结
实验四信息系统安全
4.1实验目的
4.2实验内容
4.3开发环境
4.4系统实现
4.5实验小结
通过本章的学习,使学生掌握密码学在通信安全中的具体应用。
基本要求能够实现客户服务器通信,能够使用AES算法实现消息的加密与解密,对优秀的学生要求能够实现数字签名的生成与验证
(1)实现客户服务器之间的通信;
(2)发送方传输的消息使用AES加密,接收方对消息解密获取明文;
(3)发送方传输的消息使用HMAC处理,接收方验证消息的完整性;
(4)发送方对传输的消息使用RSA进行签名,接收方验证数字签名。
1.3.1对称密码AES
1997年美国国家标准和技术委员会NIST宣布征集一个新的对称密钥分组密码算法,以取代DES作为新的加密标准,新的算法被命名为高级加密标准AES。
经过角逐,由比利时密码学家Daemen和Rijment共同设计的Rijndael算法成为最后赢家。
目前的AES算法是一个迭代型分组密码,其分组长度和密钥长度都可变,各自支持128比特、192比特、256比特。
与DES相同,AES也是由最基本的变换单位——“轮”多次迭代而成的,当分组长度和密钥分组长度均为128bit时,轮数为N=10。
AES的轮(除最后一轮)变换由四个不同的变换组成,这些变化被称之为内部轮函数,可以表示成如下形式:
Round(State,RoundKey){
SubBytes(State);
ShiftRows(State);
MixColumns(State);
AddRoundKey(State,RoundKey);}
State表示消息矩阵;RoundKey表示轮密钥矩阵;SubBytes(State)为字节代替变换、ShiftRows(State)为行移位变换、MixColumns(State)为列混合变换、AddRoundKey(State,RoundKey)为与子密钥异或。
最后一轮略微不同,将其记为FinalRoundKey(State,RoundKey),相当于前面的Round(State,RoundKey)去掉MixColumns(State)。
对于加密来说,输入到第一轮的State就是明文消息矩阵,最后一轮输出的State就是对应的密文消息矩阵。
AES的解密变换和加密变换时互逆的,轮函数也分为4层,分别为InvShiftRow(State)逆行移位变换、InvByteSub(State)逆字节代替变换、AddRoundKey(State,RoundKey)与子密钥位异或和InvMixColumn(State)逆列混合变换,可表示为:
InvRound(State,RoundKey){
InvShiftRow(State);
InvByteSub(State);
AddRoundKey(State,RoundKey);
InvMixColumn(State);}
AES加密过程
1.3.2公钥密码RSA
RSA公钥加密算法是1977年由RonRivest、AdiShamirh和LenAdleman在(美国麻省理工学院)开发的。
RSA取名来自开发他们三者的名字。
RSA是目前最有影响力的公钥加密算法,它能够抵抗到目前为止已知的所有密码攻击,已被ISO推荐为公钥数据加密标准。
RSA算法基于一个十分简单的数论事实:
将两个大素数相乘十分容易,但那时想要对其乘积进行因式分解却极其困难,因此可以将乘积公开作为加密密钥。
算法描述:
(1)密钥的产生
选择两个保密的大素数p和q;计算n=p*q,φ(n)=(p-1)(q-1),其中,φ(n)是n的欧拉函数值;选一整数e,满足1(2)加密加密时首先将明文比特串分组,是的每个分组对应的十进制数小于n,然后对每个明文分组m,做加密运算:c=mmodn。(3)解密对密文分组的解密运算为:m=cmodn。RSA是被研究得最广泛的公钥算法,从提出到现在已近二十年,经历了各种攻击的考验,逐渐为人们接受,普遍认为是目前最优秀的公钥方案之一。1.4实验成果我们使用JAVA语言(eciple工具)完成实验。1.4.1代码分析思路分析:首先完成客户服务器通信模块,然后插入加密模块下面贴出部分代码以供分析发送部分:packagekehuduan;//客户端的程序代码importjava.awt.BorderLayout;import.*;importjavax.crypto.Cipher;importjavax.crypto.spec.SecretKeySpec;importjavax.swing.JPanel;importjavax.swing.JFrame;importjava.awt.Panel;importjava.awt.Rectangle;importjava.awt.GridBagLayout;importjavax.swing.JLabel;importjavax.swing.JTextField;importjavax.swing.JButton;import.DatagramPacket;import.DatagramSocket;import.InetAddress;importjava.security.Key;publicclassKehuduanextendsJFrame{privatestaticfinallongserialVersionUID=1L;privateJPaneljContentPane=null;privateJLabeljLabel=null;privateJTextFieldjTextField=null;privateJTextFieldjTextField1=null;privateJButtonjButton=null;privateJLabeljLabel1=null;publicKehuduan(){super();initialize();}privatevoidinitialize(){this.setSize(398,258);this.setContentPane(getJContentPane());this.setTitle("客户端");}privateJPanelgetJContentPane(){if(jContentPane==null){jLabel1=newJLabel();jLabel1.setBounds(newRectangle(21,61,116,21));jLabel1.setText("输入发送的消息:");jLabel=newJLabel();jLabel.setBounds(newRectangle(20,12,115,25));jLabel.setText("服务器的ip地址:");jContentPane=newJPanel();jContentPane.setLayout(null);jContentPane.add(jLabel,null);jContentPane.add(getJTextField(),null);jContentPane.add(getJTextField1(),null);jContentPane.add(getJButton(),null);jContentPane.add(jLabel1,null);}returnjContentPane;}privateJTextFieldgetJTextField(){if(jTextField==null){jTextField=newJTextField();jTextField.setBounds(newRectangle(152,12,208,26));}returnjTextField;}privateJTextFieldgetJTextField1(){if(jTextField1==null){jTextField1=newJTextField();jTextField1.setBounds(newRectangle(22,98,341,67));}returnjTextField1;}publicstaticStringEncrypt(StringsSrc,StringsKey)throwsException//加密函数{if(sKey==null){System.out.print("Key为空null");returnnull;}//判断Key是否为16位if(sKey.length()!=16){System.out.print("Key长度不是16位");returnnull;}byte[]raw=sKey.getBytes("ASCII");SecretKeySpecskeySpec=newSecretKeySpec(raw,"AES");Ciphercipher=Cipher.getInstance("AES");cipher.init(Cipher.ENCRYPT_MODE,skeySpec);byte[]encrypted=cipher.doFinal(sSrc.getBytes());returnbyte2hex(encrypted).toLowerCase();}publicstaticStringbyte2hex(byte[]b){Stringhs="";Stringstmp="";for(intn=0;n{stmp=(java.lang.Integer.toHexString(b[n]&0XFF));if(stmp.length()==1){hs=hs+"0"+stmp;}else{hs=hs+stmp;}}returnhs.toUpperCase();}privateJButtongetJButton(){if(jButton==null){jButton=newJButton();jButton.setBounds(newRectangle(130,178,115,35));jButton.setText("发送");jButton.addMouseListener(newjava.awt.event.MouseAdapter(){publicvoidmouseClicked(java.awt.event.MouseEvente){//System.out.println("mouseDragged()");//TODOAuto-generatedEventstubmouseDragged()Stringip=jTextField.getText();Stringmiyao="1234567890abcDEF";Stringmingwen=jTextField1.getText();Stringentring=null;try{entring=Kehuduan.Encrypt(mingwen,miyao);}catch(Exceptione1){//TODOAuto-generatedcatchblocke1.printStackTrace();}try{DatagramSocketDS=newDatagramSocket();DatagramPacketDP=newDatagramPacket(entring.getBytes(),entring.getBytes().length,InetAddress.getByName(ip),3333);DS.send(DP);DS.close();}catch(Exceptionexcep){}}});}returnjButton;}}接收部分:packagefuwuqi;//服务器端的程序代码importjava.awt.BorderLayout;importjavax.swing.JPanel;importjavax.swing.JFrame;importjavax.swing.JLabel;importjava.awt.Rectangle;importjavax.swing.JTextField;importjavax.swing.JButton;import.DatagramPacket;import.DatagramSocket;importjavax.crypto.*;importjavax.crypto.spec.*;publicclassFuwuqiextendsJFrameimplementsRunnable{privatestaticfinallongserialVersionUID=1L;privateJPaneljContentPane=null;privateJLabeljLabel=null;privateJLabeljLabel1=null;privateJTextFieldjTextField=null;privateJButtonjButton=null;privateJTextFieldjTextField1=null;publicFuwuqi(){super();initialize();}privatevoidinitialize(){this.setSize(376,260);this.setContentPane(getJContentPane());this.setTitle("服务器");this.setVisible(true);}privateJPanelgetJContentPane(){if(jContentPane==null){jLabel1=newJLabel();jLabel1.setBounds(newRectangle(24,156,56,44));jLabel1.setText("明文:");jLabel=newJLabel();jLabel.setBounds(newRectangle(25,27,54,41));jLabel.setText("密文:");jContentPane=newJPanel();jContentPane.setLayout(null);jContentPane.add(jLabel,null);jContentPane.add(jLabel1,null);jContentPane.add(getJTextField(),null);jContentPane.add(getJButton(),null);jContentPane.add(getJTextField1(),null);}returnjContentPane;}privateJTextFieldgetJTextField(){if(jTextField==null){jTextField=newJTextField();jTextField.setBounds(newRectangle(101,11,242,71));}returnjTextField;}privateJButtongetJButton(){if(jButton==null){jButton=newJButton();jButton.setBounds(newRectangle(122,96,70,26));jButton.setText("解密");jButton.addMouseListener(newjava.awt.event.MouseAdapter(){publicvoidmouseClicked(java.awt.event.MouseEvente){//System.out.println("actionPerformed()");//TODOAuto-generatedEventstubactionPerformed()Stringdrc=jTextField.getText();Stringmiyao="1234567890abcDEF";//给定的密钥Stringsrc=null;try{src=Decrypt(drc,miyao);//根据发送过来的加密内容以及密钥进行相应的解密工作}catch(Exceptione1){//TODOAuto-generatedcatchblocke1.printStackTrace();}jTextField1.setText(src.trim());}});}returnjButton;}publicvoidrun()//真正的执行函数{while(true){byte[]buf=newbyte[100];try{DatagramSocketDS=newDatagramSocket(3333);DatagramPacketDP=newDatagramPacket(buf,buf.length);DS.receive(DP);jTextField.setText(newString(DP.getData()).trim());DS.close();Thread.sleep(200);}catch(Exceptionexcep){}}}publicstaticStringDecrypt(StringsSrc,StringsKey)throwsException{//解密的函数try{//判断Key是否正确if(sKey==null){System.out.print("Key为空null");returnnull;}//判断Key是否为16位if(sKey.length()!=16){System.out.print("Key长度不是16位");returnnull;}byte[]raw=sKey.getBytes("ASCII");SecretKeySpecskeySpec=newSecretKeySpec(raw,"AES");Ciphercipher=Cipher.getInstance("AES");cipher.init(Cipher.DECRYPT_MODE,skeySpec);byte[]encrypted1=hex2byte(sSrc);try{byte[]original=cipher.doFinal(encrypted1);StringoriginalString=newString(original);returnoriginalString;}catch(Exceptione){System.out.println(e.toString());returnnull;}}catch(Exceptionex){System.out.println(ex.toString());returnnull;}}publicstaticbyte[]hex2byte(Stringstrhex){if(strhex==null){returnnull;}intl=strhex.length();if(l%2==1){returnnull;}byte[]b=newbyte[l/2];for(inti=0;i!=l/2;i++){b[i]=(byte)Integer.parseInt(strhex.substring(i*2,i*2+2),16);}returnb;}privateJTextFieldgetJTextField1(){if(jTextField1==null){jTextField1=newJTextField();jTextField1.setBounds(newRectangle(107,139,237,76));}
(2)加密
加密时首先将明文比特串分组,是的每个分组对应的十进制数小于n,然后对每个明文分组m,做加密运算:
c=mmodn。
(3)解密
对密文分组的解密运算为:
m=cmodn。
RSA是被研究得最广泛的公钥算法,从提出到现在已近二十年,经历了各种攻击的考验,逐渐为人们接受,普遍认为是目前最优秀的公钥方案之一。
我们使用JAVA语言(eciple工具)完成实验。
1.4.1代码分析
思路分析:
首先完成客户服务器通信模块,然后插入加密模块
下面贴出部分代码以供分析
发送部分:
packagekehuduan;//客户端的程序代码
importjava.awt.BorderLayout;
import.*;
importjavax.crypto.Cipher;
importjavax.crypto.spec.SecretKeySpec;
importjavax.swing.JPanel;
importjavax.swing.JFrame;
importjava.awt.Panel;
importjava.awt.Rectangle;
importjava.awt.GridBagLayout;
importjavax.swing.JLabel;
importjavax.swing.JTextField;
importjavax.swing.JButton;
import.DatagramPacket;
import.DatagramSocket;
import.InetAddress;
importjava.security.Key;
publicclassKehuduanextendsJFrame{
privatestaticfinallongserialVersionUID=1L;
privateJPaneljContentPane=null;
privateJLabeljLabel=null;
privateJTextFieldjTextField=null;
privateJTextFieldjTextField1=null;
privateJButtonjButton=null;
privateJLabeljLabel1=null;
publicKehuduan(){
super();
initialize();
}
privatevoidinitialize(){
this.setSize(398,258);
this.setContentPane(getJContentPane());
this.setTitle("客户端");
privateJPanelgetJContentPane(){
if(jContentPane==null){
jLabel1=newJLabel();
jLabel1.setBounds(newRectangle(21,61,116,21));
jLabel1.setText("输入发送的消息:
");
jLabel=newJLabel();
jLabel.setBounds(newRectangle(20,12,115,25));
jLabel.setText("服务器的ip地址:
jContentPane=newJPanel();
jContentPane.setLayout(null);
jContentPane.add(jLabel,null);
jContentPane.add(getJTextField(),null);
jContentPane.add(getJTextField1(),null);
jContentPane.add(getJButton(),null);
jContentPane.add(jLabel1,null);
returnjContentPane;
privateJTextFieldgetJTextField(){
if(jTextField==null){
jTextField=newJTextField();
jTextField.setBounds(newRectangle(152,12,208,26));
returnjTextField;
privateJTextFieldgetJTextField1(){
if(jTextField1==null){
jTextField1=newJTextField();
jTextField1.setBounds(newRectangle(22,98,341,67));
returnjTextField1;
publicstaticStringEncrypt(StringsSrc,StringsKey)throwsException
//加密函数
{
if(sKey==null){
System.out.print("Key为空null");
returnnull;
//判断Key是否为16位
if(sKey.length()!
=16)
{System.out.print("Key长度不是16位");
returnnull;}
byte[]raw=sKey.getBytes("ASCII");
SecretKeySpecskeySpec=newSecretKeySpec(raw,"AES");
Ciphercipher=Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE,skeySpec);
byte[]encrypted=cipher.doFinal(sSrc.getBytes());
returnbyte2hex(encrypted).toLowerCase();
publicstaticStringbyte2hex(byte[]b)
{Stringhs="";
Stringstmp="";
for(intn=0;n{stmp=(java.lang.Integer.toHexString(b[n]&0XFF));if(stmp.length()==1){hs=hs+"0"+stmp;}else{hs=hs+stmp;}}returnhs.toUpperCase();}privateJButtongetJButton(){if(jButton==null){jButton=newJButton();jButton.setBounds(newRectangle(130,178,115,35));jButton.setText("发送");jButton.addMouseListener(newjava.awt.event.MouseAdapter(){publicvoidmouseClicked(java.awt.event.MouseEvente){//System.out.println("mouseDragged()");//TODOAuto-generatedEventstubmouseDragged()Stringip=jTextField.getText();Stringmiyao="1234567890abcDEF";Stringmingwen=jTextField1.getText();Stringentring=null;try{entring=Kehuduan.Encrypt(mingwen,miyao);}catch(Exceptione1){//TODOAuto-generatedcatchblocke1.printStackTrace();}try{DatagramSocketDS=newDatagramSocket();DatagramPacketDP=newDatagramPacket(entring.getBytes(),entring.getBytes().length,InetAddress.getByName(ip),3333);DS.send(DP);DS.close();}catch(Exceptionexcep){}}});}returnjButton;}}接收部分:packagefuwuqi;//服务器端的程序代码importjava.awt.BorderLayout;importjavax.swing.JPanel;importjavax.swing.JFrame;importjavax.swing.JLabel;importjava.awt.Rectangle;importjavax.swing.JTextField;importjavax.swing.JButton;import.DatagramPacket;import.DatagramSocket;importjavax.crypto.*;importjavax.crypto.spec.*;publicclassFuwuqiextendsJFrameimplementsRunnable{privatestaticfinallongserialVersionUID=1L;privateJPaneljContentPane=null;privateJLabeljLabel=null;privateJLabeljLabel1=null;privateJTextFieldjTextField=null;privateJButtonjButton=null;privateJTextFieldjTextField1=null;publicFuwuqi(){super();initialize();}privatevoidinitialize(){this.setSize(376,260);this.setContentPane(getJContentPane());this.setTitle("服务器");this.setVisible(true);}privateJPanelgetJContentPane(){if(jContentPane==null){jLabel1=newJLabel();jLabel1.setBounds(newRectangle(24,156,56,44));jLabel1.setText("明文:");jLabel=newJLabel();jLabel.setBounds(newRectangle(25,27,54,41));jLabel.setText("密文:");jContentPane=newJPanel();jContentPane.setLayout(null);jContentPane.add(jLabel,null);jContentPane.add(jLabel1,null);jContentPane.add(getJTextField(),null);jContentPane.add(getJButton(),null);jContentPane.add(getJTextField1(),null);}returnjContentPane;}privateJTextFieldgetJTextField(){if(jTextField==null){jTextField=newJTextField();jTextField.setBounds(newRectangle(101,11,242,71));}returnjTextField;}privateJButtongetJButton(){if(jButton==null){jButton=newJButton();jButton.setBounds(newRectangle(122,96,70,26));jButton.setText("解密");jButton.addMouseListener(newjava.awt.event.MouseAdapter(){publicvoidmouseClicked(java.awt.event.MouseEvente){//System.out.println("actionPerformed()");//TODOAuto-generatedEventstubactionPerformed()Stringdrc=jTextField.getText();Stringmiyao="1234567890abcDEF";//给定的密钥Stringsrc=null;try{src=Decrypt(drc,miyao);//根据发送过来的加密内容以及密钥进行相应的解密工作}catch(Exceptione1){//TODOAuto-generatedcatchblocke1.printStackTrace();}jTextField1.setText(src.trim());}});}returnjButton;}publicvoidrun()//真正的执行函数{while(true){byte[]buf=newbyte[100];try{DatagramSocketDS=newDatagramSocket(3333);DatagramPacketDP=newDatagramPacket(buf,buf.length);DS.receive(DP);jTextField.setText(newString(DP.getData()).trim());DS.close();Thread.sleep(200);}catch(Exceptionexcep){}}}publicstaticStringDecrypt(StringsSrc,StringsKey)throwsException{//解密的函数try{//判断Key是否正确if(sKey==null){System.out.print("Key为空null");returnnull;}//判断Key是否为16位if(sKey.length()!=16){System.out.print("Key长度不是16位");returnnull;}byte[]raw=sKey.getBytes("ASCII");SecretKeySpecskeySpec=newSecretKeySpec(raw,"AES");Ciphercipher=Cipher.getInstance("AES");cipher.init(Cipher.DECRYPT_MODE,skeySpec);byte[]encrypted1=hex2byte(sSrc);try{byte[]original=cipher.doFinal(encrypted1);StringoriginalString=newString(original);returnoriginalString;}catch(Exceptione){System.out.println(e.toString());returnnull;}}catch(Exceptionex){System.out.println(ex.toString());returnnull;}}publicstaticbyte[]hex2byte(Stringstrhex){if(strhex==null){returnnull;}intl=strhex.length();if(l%2==1){returnnull;}byte[]b=newbyte[l/2];for(inti=0;i!=l/2;i++){b[i]=(byte)Integer.parseInt(strhex.substring(i*2,i*2+2),16);}returnb;}privateJTextFieldgetJTextField1(){if(jTextField1==null){jTextField1=newJTextField();jTextField1.setBounds(newRectangle(107,139,237,76));}
{stmp=(java.lang.Integer.toHexString(b[n]&0XFF));
if(stmp.length()==1)
{hs=hs+"0"+stmp;}
else
{hs=hs+stmp;}
returnhs.toUpperCase();
privateJButtongetJButton(){
if(jButton==null){
jButton=newJButton();
jButton.setBounds(newRectangle(130,178,115,35));
jButton.setText("发送");
jButton.addMouseListener(newjava.awt.event.MouseAdapter(){publicvoidmouseClicked(java.awt.event.MouseEvente){
//System.out.println("mouseDragged()");//TODOAuto-generatedEventstubmouseDragged()
Stringip=jTextField.getText();
Stringmiyao="1234567890abcDEF";
Stringmingwen=jTextField1.getText();
Stringentring=null;
try{
entring=Kehuduan.Encrypt(mingwen,miyao);
}catch(Exceptione1){
//TODOAuto-generatedcatchblock
e1.printStackTrace();
DatagramSocketDS=newDatagramSocket();
DatagramPacketDP=newDatagramPacket(entring.getBytes(),entring.getBytes().length,
InetAddress.getByName(ip),3333);
DS.send(DP);
DS.close();}
catch(Exceptionexcep){}}
});
returnjButton;}
接收部分:
packagefuwuqi;//服务器端的程序代码
importjavax.crypto.*;
importjavax.crypto.spec.*;
publicclassFuwuqiextendsJFrameimplementsRunnable{
publicFuwuqi(){
this.setSize(376,260);
this.setTitle("服务器");
this.setVisible(true);}
jLabel1.setBounds(newRectangle(24,156,56,44));
jLabel1.setText("明文:
jLabel.setBounds(newRectangle(25,27,54,41));
jLabel.setText("密文:
jContentPane.add(getJTextField1(),null);}
jTextField.setBounds(newRectangle(101,11,242,71));}
jButton.setBounds(newRectangle(122,96,70,26));
jButton.setText("解密");
jButton.addMouseListener(newjava.awt.event.MouseAdapter(){
publicvoidmouseClicked(java.awt.event.MouseEvente){
//System.out.println("actionPerformed()");//TODOAuto-generatedEventstubactionPerformed()
Stringdrc=jTextField.getText();
Stringmiyao="1234567890abcDEF";//给定的密钥
Stringsrc=null;
src=Decrypt(drc,miyao);
//根据发送过来的加密内容以及密钥进行相应的解密工作
e1.printStackTrace();}
jTextField1.setText(src.trim());
returnjButton;
publicvoidrun()//真正的执行函数
{while(true)
byte[]buf=newbyte[100];
DatagramSocketDS=newDatagramSocket(3333);
DatagramPacketDP=newDatagramPacket(buf,buf.length);
DS.receive(DP);
jTextField.setText(newString(DP.getData()).trim());
DS.close();
Thread.sleep(200);
}catch(Exceptionexcep){}
publicstaticStringDecrypt(StringsSrc,StringsKey)throwsException
{//解密的函数
try{//判断Key是否正确
if(sKey==null)
{System.out.print("Key为空null");
cipher.init(Cipher.DECRYPT_MODE,skeySpec);
byte[]encrypted1=hex2byte(sSrc);
byte[]original=cipher.doFinal(encrypted1);
StringoriginalString=newString(original);
returnoriginalString;
}catch(Exceptione){
System.out.println(e.toString());
}catch(Exceptionex){
System.out.println(ex.toString());
publicstaticbyte[]hex2byte(Stringstrhex)
{if(strhex==null){returnnull;}
intl=strhex.length();
if(l%2==1){returnnull;}
byte[]b=newbyte[l/2];
for(inti=0;i!
=l/2;i++)
{b[i]=(byte)Integer.parseInt(strhex.substring(i*2,i*2+2),16);}
returnb;
jTextField1.setBounds(newRectangle(107,139,237,76));}
copyright@ 2008-2023 冰点文库 网站版权所有
经营许可证编号:鄂ICP备19020893号-2
升级会员 