My Github address

Notes on data Structures and Algorithms

Notes for geek Time iOS Developer Class

IOS large factory interview high frequency algorithm summary

Summary of iOS interview materials

Network security

Four security threats in network communication

• Intercept: To intercept the contents of communications
• Interrupt: Interrupts network communication
• Tamper: Tamper with communication content
• Forgery: Forging the content of a communication

Network layer -ARP spoofing

• ARP spoofing is also known as ARP poisoning, ARP viruses, and ARP attacks
• Effect of ARP spoofing
  • Allows attackers to obtain data packets on the LAN and even tamper with data packets
  • Software that disables communication between specific computers on a network (e.g., software such as network enforcer)
  • Allow traffic destined for a particular IP address to be mistakenly sent to a place where the attacker is taking its place

Examples of core steps

• Assuming that the hostCIt’s the attacker, the mainframeA,BIt’s the victim
  • CAs long as it’s receivedA,BThe ARP request that is sent will be ownedA,BCan be spoofing activities
  • CSends an ARP response toB, set the source IP address of the response packet to THE IP address of A and the source MAC address toCThe MAC address of the
  • BAfter receiving an ARP response, it updates its ARP table and puts theAChange MAC address (IP_A, MAC_A) to (IP_A, MAC_C)
  • whenBTo send A packet to A, it encapsulates the header of the packet according to the ARP table and sets the destination MAC address to MAC_C rather than MAC_A
  • When the switch receivesBSent to theAAccording to the destination MAC address of the packet (MAC_C)C
  • COnce the packet is received, it can be saved before being sent toATo achieve the effect of eavesdropping.CYou can also tamper with data before sending packets toA

protective

• Static ARP
• DHCP Snooping
  • Network devices can use DHCP to reserve MAC addresses of computers on the network and detect forged ARP packets
• Use some software to detect abnormal changes in ARP

DoS and DDoS

• Denial-of-service attack
  • Deplete the network or system resources of the target computer, causing services to be temporarily interrupted or stopped so that normal users cannot access the computer
• Distributed denial-of-service attacks
  • Hackers use two or more compromised computers on the network as “zombies” to launch DoS attacks on specific targets. * In March 2018, GitHub was hit by the largest DDoS attack to date
• DoS attacks fall into two categories
  • Bandwidth consuming :UDP flood attacks and ICMP flood attacks
  • Resource-consuming mode :SYN flood attack and LAND attack

Transport layer -SYN flood attack

• SYN flooding Attack
  • The attacker sends a series of SYN requests to the target, and then makes the target wait for no ACK(third handshake), consuming resources
• Attack methods
  • Skip sending the last ACK message
  • Change the source IP address so that the target sends syn-ACK to the forged IP address, so the target can never receive an ACK(third handshake)

Transport-layer LAND attack

• LAND attack (Local Area Network Denial attack)
  • By continuously sending spoofed packets with the same source address and target address, the target tries to establish a connection with itself, consuming system resources until it crashes
• Some systems have design flaws that allow devices to accept and respond to packets from the network that claim to come from the device itself, leading to circular replies
• protective
  • Most firewalls can block similar attack packets to protect the system
  • Some operating systems have fixed the vulnerability by issuing security patches
  • The router should be configured with both upstream and downstream filters to block all packets whose source IP address is the same as the destination IP address

DoS and DDoS defense

• The defense modes are intrusion detection, traffic filtering, and multiple authentication
  • Traffic that blocks the network bandwidth is filtered out, but normal traffic can pass through
• A firewall
  • Firewalls can set rules, such as allowing or denying specific communication protocols, ports, or IP addresses
  • When an attack originates from a few abnormal IP addresses, you can simply use the reject rule to block all traffic originating from the source IP address of the attack
  • Complex attacks cannot be blocked by simple rules. For example, when port 80 is attacked, all traffic on the port cannot be denied because legitimate traffic is blocked
  • Firewalls may be located later in the network architecture, and routers may be affected by malicious traffic before it reaches the firewall
• Switches: Most switches have some speed limits and access control capabilities
• Routers: Like switches, routers have certain speed limits and access control capabilities
• A black hole to guide
  • Avoid a major disruption by sending all traffic from compromised computers to a “black hole” (an empty interface or nonexistent computer address) or network equipment vendors with enough capacity to handle the flood
• Flow cleaning
  • When traffic is sent to the anti-ddos cleaning center, anti-ddos software is used to distinguish normal traffic from malicious traffic
  • Normal traffic is injected back to the customer’s website

Application layer -DNS hijacking

• DNS hijacking  An attacker modifies the resolution result of a domain name so that the IP address of the domain name is changed into another ONE
  • Causing access to the corresponding url to be hijacked to another unreachable or fake url
  • So as to achieve the purpose of stealing user information illegally or destroying normal network services
• To prevent DNS hijacking, use a more reliable DNS server, such as 114.114.114.114
  • Google :8.8.8.8, 8.8.4.4
  • Microsoft :4.2.2.1, 4.2.2.2
  • Baidu: 180.76.76.76
  • Ali :223.5.5.5, 223.6.6.6
• HTTP hijacking: Intercepting HTTP packets, such as inserting JS code
  • For example, when you visit some website, there is an inexplicable pop-up AD in the bottom right corner

HTTP protocol security issues

• The HTTP protocol is transmitted in plaintext by default, so it has great security risks
  • A common method to improve security is to encrypt communication content before transmission
• Common encryption methods include
  • The irreversible
    • One-way hash functions :MD5, SHA, etc
  • reversible
    • Symmetric encryption :DES, 3DES, AES, etc
    • Asymmetric encryption :RSA, etc
  • other
    • Hybrid cryptosystem
    • A digital signature
    • certificate

One-way hash function

• A one-way hash function that can calculate the hash value based on the message content
• The length of the hash value is independent of the length of the message. Whether the message is 1bit, 10M, or 100G, the one-way hash function will calculate a fixed length hash value
• The characteristics of
  • A fixed-length hash value is calculated based on a message of arbitrary length
  • Fast calculation speed, can quickly calculate the hash value
  • The hash value varies from message to message
  • Unidirectional
• Unidirectional hash functions, also known as
  • Message digest function
  • The hash function
• The hash value of the output, also known as
  • The message digest
  • The fingerprint

Several common one-way hash functions

• MD4, MD5
• SHA-1
• SHA-2
• SHA-3

Application: How to prevent data tampering

Hash values are not used

Use hash values

Application: Password encryption

• Prevent database password leakage

Symmetric/asymmetric encryption

How to encrypt and decrypt?

Symmetric encryption

• In symmetric encryption, the same key is used for encryption and decryption
• Common symmetric encryption algorithms are
  • DES
  • 3DES
  • AES

DES

3DES

AES

Key distribution problem

• When symmetric encryption is used, the key distribution problem is always encountered
• If Alice sends Bob a message that has been symmetrically encrypted
  • Bob can only complete decryption if he sends the key to him
  • The key is being sent
    • Eve could steal the key
    • And finally Eve can do it

How to solve the key distribution problem

• Pre-shared key
• Key distribution center
• Diffie-hellman key exchange
• Asymmetric encryption

Asymmetric encryption

• In asymmetric encryption, keys are classified into encryption keys and decryption keys, which are different
• Encryption key: Generally public, so the key is calledThe public key
  • Therefore, asymmetric encryption is also known as public key cryptography
• Decryption key: It is kept by the recipient and cannot be made public, so it is also calledThe private key

Public key and private key

• The public and private keys are one-to-one and cannot be generated separately
  • A pair of public and private keys is called a key pair
• The ciphertext encrypted by the public key can be decrypted only by using the private key corresponding to the public key
• The ciphertext encrypted by the private key can be decrypted only by using the public key corresponding to the private key

Solve the key distribution problem

• A pair of public and private keys is generated by the receiver of the message
• Sends the public key to the sender of the message
• The sender of the message encrypts the message using a public key
• Asymmetric encryptionEncryption and decryption speed ratioSymmetric encryptionslower

Hybrid cryptosystem

• Symmetric encryptionThe disadvantages of the
  • – Not a good solution to key distribution (keys can be eavesdropped)
• Asymmetric encryptionThe disadvantages of the
  • The encryption and decryption speed is slow
• Hybrid cryptosystem: yes willSymmetric encryptionandAsymmetric encryptionThe advantages of combining methods
  • To solve theAsymmetric encryptionSlow speed
  • And through theAsymmetric encryptionTo solve theSymmetric encryptionKey distribution problem of
• Used for cryptographic communication over the networkSSL/TLSBoth use a hybrid cryptographic system

Mixed key – encryption

• The session key
  • Temporary key randomly generated for this communication
  • As aSymmetric encryptionThe key is used to encrypt messages and increase speed
• Encryption step (send message)
  1. First, the message sender has the public key of the message receiver
  2. Generates the session key asSymmetric encryptionTo encrypt the message
  3. The session key is encrypted with the message receiver’s public key
  4. Send the encryption result generated in the previous step to the receiver
• The content sent out includes
  • Message encrypted with session key (encryption method:Symmetric encryption)
  • Session key encrypted with public key (encryption method:Asymmetric encryption)

Mixed key – decryption

• Decryption step (received message)
  1. The message receiver decrypts the session key with its own private key
  2. Then use the session key decrypted in step 1 to decrypt the message

Mixed key – encryption and decryption process

• Alice -> Bob
  • Sending process (encryption process)
    • Mr. Bob is a pair of public and private keys
    • Bob shares the public key with Alice
    • Alice randomly generates a session key (temporary key)
    • Alice encrypts the message that needs to be sent with the session key (usingSymmetric encryption)
    • Alice encrypts the session key with Bob’s public key (usingAsymmetric encryption)
    • Alice sends the encrypted results of steps 4 and 5
  • Receiving process (decryption process)
    • Decrypt the session key using its own private key (usingAsymmetric encryptionalgorithmDecryption)
    • Decrypt the sent message using the session key (usingSymmetric encryptionAlgorithm for decryption)

A digital signature

• Why a digital signature?

  • It’s possible that what Alice sends has been tampered with, or that someone is pretending to be Alice, or that Alice sent it, but she can deny it
  • How do you determine the authenticity of this message? How to identify tampering, disguise, denial?
  • This requires the use of digital signatures

• In digital signature technology, there are the following two behaviors

  • To generate the signature
    • This is done by the sender of the message and is generated through the signature key
  • Verify the signature
    • This is done by the receiver of the message and authenticated by the Authentication key

• How can I be sure that this signature is signed by the sender himself?

  • Sign with the private key of the message sender

Digital signature – Process

Digital Signature – Summary

Validity of public Key

• If there’s a man-in-the-middle attack, then
  • The public key will probably be forged
• How do I verify the validity of a public key?
  • certificate

certificate

• In cryptography, a Public key Certificate (PKC) is similar to a driver’s license
  • It contains personal information such as name, email address, and the person’s public key
  • And by the Certificate Authority (CA) digital signature
• A CA is an individual or organization that can determine that “the public key really belongs to this person” and generate a digital signature
  • There are international organizations, governmental organizations
  • There are businesses that make money by providing certification services
  • Individuals can also set up certification bodies

Certificates – Use

• The public key of each CA is built into the browser and operating system by default