头图

In a perfect world, no one needs a password. Everyone is highly self-disciplined and has no evil intentions; every express can be accurately delivered to the recipient without interception; and every sender is trustworthy. But we do not live in such a perfect world. In the past few decades, cryptography has been developed to not only ensure confidentiality through encryption, but also ensure the integrity, identity verification, and non-repudiation of the message-everything is to ensure that the message is private, authentic and reliable .

If your system has implemented a strong and effective password policy, this may make you think that it is no longer necessary to verify that it is the user by biometrics. In order to understand why it is so important to verify that the user is physically present in cryptography, let us look at the successes and shortcomings of several methods in cryptography in turn. As a result, as a provider of high-end services such as banking systems or medical systems, you can understand why you may need to further implement biometric-based authentication functions on the basis of password policies.

Encryption alone cannot defend against certain types of attacks

You can compare encryption to a function, such as E. This function receives two parameters, a message m and a key k, and generates a ciphertext c from it. People often regard this ciphertext as encryption in life, but in fact encryption refers to an algorithm that can generate scrambled information that cannot be read by an attacker, and the final scrambled information is the ciphertext.

c = E(m,k)

As long as the key k is long enough, it is almost impossible to derive the key k when you only know part of m or c. However, the attacker can tamper with the message without decrypting it. The attacker may be able to edit the ciphertext, delete the ciphertext, or resend a message containing the ciphertext by replaying.

Not all attackers want to steal your data; they may just want to inconvenience you. Imagine an attacker who just replayed the encrypted transaction that you paid $2,000 to Computer City to buy a laptop. Suppose he is an attacker who has no contact with the Computer City, so he did not steal anything. Of course, you can ask the store for a refund through some appeal methods, but you have suffered a loss of time and are not in a good mood. To make matters worse, some attackers who are proficient in this way may replace the bank account of Computer City with other bank accounts-all of which do not need to decrypt the ciphertext you transmit.

Of course, these just touched on the fur. There are many more well-known cases of attacks against pure encryption schemes. Even if your encryption algorithm adequately protects against known attacks, it may still be insufficient. Simply put, you cannot guarantee the privacy of your messages forever. Even with the blessing of the best cryptography strategy, the current technological development speed can only keep your messages private for 30 years, or maybe 50 years with good luck. Therefore, encryption alone cannot compete with attackers who destroy the integrity of the message. You also need to use authentication methods, which are the issues to be discussed in the next section.

through message identity authentication to ensure that the message is not tampered with

In some sensitive situations, misrepresentation of deceptive information can cause devastating effects. This important fact inspired security engineers to create Message Authentication Code (MAC or HMAC). If the sender transmits the MAC while sending the message, the attacker can no longer modify the content and pretend that this is the original message. At the same time, an attacker cannot replay a message that has already been sent. The most an attacker can do is delete the sent message and cause the communication to fail.

What is MAC? MAC a is similar to the ciphertext calculated by the message and the key. Essentially, the sender can generate the MAC by passing the message m and the key k into the function h for calculation. Subsequently, the sender sends the message and MAC to the recipient at the same time.

m,a = h(m,k)

MAC and a single message are not the only correspondence. This is due to the principle of pigeon cages, which roughly means that if you have more pigeons than pigeon cages, then some pigeon cages have more than one pigeon. The length of the MAC is determined in advance, so the number of messages will be more than the number of corresponding MACs. However, because the search field is too large, it is difficult for an attacker to guess the MAC corresponding to the modified message without knowing the key. Therefore, the reason why MAC can effectively prevent the message from being modified is that only the sender and target recipient know the key. If the attacker wants to modify the sent message, then he must replace the MAC to match the change. But this is almost impossible without knowing the key. Since two consecutive calculations of m,a = h(m,k) will generate two different MACs, the message replay attack will also fail. This is because there is usually a third strictly increased parameter t in practice: so the formula is written as m,a = h(m,k,t). As a result, the MAC function can help legitimate recipients easily verify whether they have encountered a message replay attack.

The MAC mechanism essentially requires an attacker to crack the key. Due to the existence of MAC, it is no longer feasible to imitate the original message. The integrity of the message is fundamentally guaranteed. Although the MAC mechanism is very practical, it still has limitations in terms of confidentiality, which is also a problem to be explained in the following chapters.

signed but not encapsulated

It is worth noting that MAC only signs the message without encapsulating it—that is, it has no confidentiality. Attackers can still read the content of the message; it's just that they cannot easily tamper with the content. But it is not difficult to sign and package at the same time. We no longer use m,a = h(m,kₐ), instead we get c,a = h(c,kₐ) through algebraic substitution, where c is calculated by c = E(m,k𝒸).

A good cryptographic algorithm is like a good house. They can stand for more than 30 years in violent storms, rather than collapse in just one day. Especially for cryptographers, this means that they need to foresee that in the next 10 or 30 years, attackers will use uninvented technologies to crack encryption algorithms, rather than just considering whether the attack will happen tomorrow or next. Occurred in months. Therefore, MAC does not make encryption unbreakable. It just increases the difficulty of the attacker's cracking. 30 years later, an attacker may use birthday attack , midway encounter attack to guess the MAC value of the tampered message, so that the recipient will receive a fake message.

asymmetric encryption makes the expansion more calm

So far, we have talked about how cryptographers can combine encryption and MAC to generate signed and encapsulated messages. We also talked about the most that an attacker can do is delete these messages; otherwise, the messages will be delivered to the recipient successfully, privately and completely. It sounds like this is all we need, but there is more. Before we start talking about "more", let's talk about scalability.

Most of the techniques we have discussed so far are collectively referred to as symmetric cryptography . In short, they require that both the sender and the recipient use the exact same key to encrypt or decrypt the message, and to create or verify the MAC. The problem with this method is that if the entire group has 10 members, each member needs to share and store 9 different keys so that any two members can send encrypted messages to each other. In this way, there are 45 keys in the entire group. If there are 20 people, there are 190 keys; in general, n people have (n-1)n/2 keys. Imagine, what if you need to use a separate mobile phone number to contact everyone in the contact list? In this way, you cannot send a number to all contacts, and every time you make new friends, you need to buy a new mobile phone number! This is the problem with symmetric encryption. Difficult to expand. Fortunately, asymmetric encryption is also available.

asymmetric cryptography uses the views in number theory (especially finite field theory and injective function ) to achieve its technical elegance. Essentially, everyone creates a public key and a private key. Anyone who wants to communicate with you can use your public key to encrypt information, but only your private key can decrypt it.

The intention here is to discuss asymmetric encryption, not to delve into number theory. To support non-repudiation, you must use asymmetric encryption, which is the next cryptographic attribute we will discuss next.

Necessary non-repudiation

Non-repudiation is the professional term for "unbreakable". The e-commerce revolution has brought this simple principle of fair trade to the forefront and center of the field of cryptography.

In the case of using a symmetric key, the person who receives the message (such as Bob) cannot prove to the judge that the sender (such as Alice) is the one who actually sent the message. This is because Alice and Bob use the same key to communicate. Maybe Alice really sent the original message, but Bob tampered with it, or Alice was lying. The referee has no way of judging the situation.

However, when using an asymmetric key, only the person holding the private key can sign the message. Anyone in the world can read the content of the message, after all, the public key is public. So there will be this situation: when Alice needs to buy something from Bob, she will use Bob's public key to encrypt the transaction, and use her own private key to sign. Then when Bob receives the transaction information, he can use Alice's public key to determine whether the name is really signed with Alice's private key, and then use his own private key to decrypt the message. This shows that signatures are used to provide non-repudiation. MAC and signature are essentially the same, but the former is a concept of symmetric encryption, while the latter belongs to asymmetric encryption.

Brief review

Let's review it now. Cryptography is used to encrypt and authenticate messages and provide non-repudiation. When the correct technology is used, both the authenticity and encryption of the message are difficult to crack-they both rely on more complex mathematical methods, such as integer factorization, discrete logarithm, and elliptic curve algorithms. These methods were subsequently applied to limited Domain issue. It needs to be pointed out that it may be difficult to obtain the encryption key through mathematical analysis, but there are still other ways to break into the security system, such as social engineering, that is, people may be induced to leak secrets. In addition, we did not talk about the process of key generation and authentication, because we have already made it very clear: As an engineering discipline, the cryptographic society continues to evolve according to the development of the times, and tries to stay ahead of the attackers.

Unlike encryption and identity authentication, non-repudiation is a bit more difficult to deal with, because user identity verification can add another layer of difficulty to attackers.

The importance of user presence

So far we have learned that cryptography is studying the level of security: for an attacker, how high the cost (time, money, and physical strength) of disrupting communication is. Nevertheless, there is still a major problem: Merely sending messages to my own device and signed by my private key does not mean that I sent the message myself. It is also possible that a virus or an unauthorized user sent the message. For these and similar reasons, even though digital signatures have been incorporated into the international legal system, such as ESIGN , many multinational trading organizations still do not trust it, because it is difficult to guarantee non-repudiation without the user’s presence. The responsibility is borne by the merchant.

In order to enhance the confidence of businesses in non-repudiation, the industry introduced two-factor authentication (2FA) . Because cybercriminals often good enough to crack that only user name and password-protected online account, 2FA leads to let legitimate users claiming to be an agent to provide one more information concepts. mentioned here is more than one kind of information , which usually refers to one of the following three categories: something you know, something you own, or who you are. The goal of 2FA is to give merchants the confidence to believe that the user is actually making a transaction. Two common forms of 2FA are electronic key fobs and verification codes usually sent by SMS. The use of electronic key chains or similar hardware tokens has the problem of being easily lost or stolen. And when the lost or stolen device is the device that receives SMS or push notifications, using SMS verification code as 2FA will not be able to resist. Therefore, today's most advanced form of 2FA is only a part of your body. Biometric authentication is an example of this enhanced 2FA.

Using biometrics in the implementation of your security strategy to verify whether it is the user can make your application more secure, and non-repudiation has become a reliable feature in your business model. For medical care or hotel service applications, this can ensure a more realistic user registration or cancellation of appointments. For e-commerce and banking applications, this allows your customer service team to spend less time dealing with unexpected purchases and refunds from customers’ children, thereby allowing more time to make customers happy in more satisfying ways .

The fundamental reason that makes biometric authentication an additional obstacle to deter attackers in your security system is: Although biometrics and cryptography are completely independent measures, they both make it difficult for attackers to break. Therefore, the combination of the two can make it more difficult for an attacker to succeed.

For example, in Android, biometrics is like a one-way street. The user's biometric information will never leave the device, and it will never be shared with the app. When users decide to enter their biometric information into an Android device, they must go through the system's settings application. If users want to use fingerprint or face recognition, they need to put their finger on the sensor, and the sensor will send the fingerprint image directly to the restricted area of the Android device. This area is called trusted execution area (TEE ). Later, when your application needs to verify the user's operation through biometrics, the Android framework and the biometric system running in the TEE will handle the entire "user presence" verification process for your application. Since the Android framework makes it very difficult to impersonate the biometrics of the device owner, you can give the user full confidence in his verification.

You can read our article " Combining BiometricPrompt and CryptoObject " to learn more about how biometric verification on Android systems uses non-repudiation to enhance the security of your application.

summary

You learned in this article:

  • Why a good password policy implementation needs to emphasize privacy, authenticity and non-repudiation.
  • Why using encryption alone is not enough to protect messages from attacks.
  • Why MAC or HMAC can effectively prevent messages from being tampered with.
  • Why asymmetric encryption is easier to scale up than symmetric encryption.
  • Why in real life, it is difficult to achieve non-repudiation without using biometric verification.
  • Why biometric verification can be achieved through user presence verification to enhance encryption.
  • Where can I learn how to implement biometric verification in your application.

We have also written many articles covering engineering best practices, design guidelines, and techniques for integrating biometric verification into your application:

Happy programming!


Android开发者
404 声望2k 粉丝

Android 最新开发技术更新,包括 Kotlin、Android Studio、Jetpack 和 Android 最新系统技术特性分享。更多内容,请关注 官方 Android 开发者文档。