通信安全考试什么是零知识证明？解释Ali-Baba’s Cave零知识的经典例子。零知识证明指的是一方（证明者）向另一

以下资源的科学性仅限于这门课的同学。

密码分析

Cryptanalysis

Cryptanalysis is the study of taking encrypted data, and trying to unencrypt it without use of the key.

密码分析是对加密数据的研究，并试图在不使用密钥的情况下对其进行解密。

信息安全

Information security

Information security, often referred to as InfoSec, refers to the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection. Safe-guarding an organization's data from unauthorized access or modification to ensure its availability, confidentiality, and integrity.

信息安全，通常称为 InfoSec，是指为保护敏感业务信息免遭修改、中断、破坏和检查而设计和部署的流程和工具。保护组织的数据免受未经授权的访问或修改，以确保其可用性、机密性和完整性。

数字签名

Digital signature

A digital code that can be attached to an electronically transmitted message that uniquely identifies the sender. Like a written signature, the purpose of a digital signature is to guarantee that the individual sending the message really is who he or she claims to be. Digital signatures are especially important for electronic commerce and are a key component of most authentication schemes. To be effective, digital signatures must be unforgetable. There are a number of different encryption techniques to guarantee this level of security.

数字代码，可以附加到电子传输的消息中，用于唯一标识发件人。与书面签名一样，数字签名的目的是确保发送消息的人确实是他或她声称的那个人。数字签名对于电子商务尤为重要，并且是大多数身份验证方案的关键组成部分。为了有效，数字签名必须是不可忘记的。有许多不同的加密技术可以保证这种安全级别。

访问控制

Access control

Access Control is the practice of monitoring and controlling access to a building or property using modern electronic means, as opposed to old-fashioned locks and keys. Lost, stolen or duplicated keys create a monumental challenge to the security of a facility and weigh heavily on maintenance costs, due to frequent re-keying. Not to be overlooked, are the legal challenges posed by users in possession of keys that have been duplicated without authorization. Modern access control utilizes electronic credentials or biometric recognition to grant or deny access to a facility. This gives an administrator the immediate ability to add or remove entry privileges to any individual through the click of a computer mouse. Credential types may be simple keyfobs, credit card style access devices, mobile phone recognition, facial recognition, fingerprints, PIN numbers, and a host of emerging technologies.

访问控制是使用现代电子手段监视和控制对建筑物或财产的访问的做法，而不是老式的锁和钥匙。由于频繁重新输入密钥，丢失、被盗或重复的密钥对设施的安全性构成了巨大挑战，并严重影响了维护成本。不容忽视的是，拥有未经授权复制的密钥的用户所带来的法律挑战。现代访问控制利用电子凭证或生物特征识别来授予或拒绝对设施的访问。这使管理员能够通过单击计算机鼠标立即为任何个人添加或删除进入权限。凭证类型可能是简单的钥匙扣、信用卡式访问设备、手机识别、面部识别、指纹、PIN 码和许多新兴技术。

密码学

Cryptography

Cryptography is the science of providing security for information. It has been used historically as a means of providing secure communication between individuals, government agencies, and military forces. Today, cryptography is a cornerstone of the modern security technologies used to protect information and resources on both open and closed networks.

密码学是为信息提供安全性的科学。它在历史上一直被用作在个人、政府机构和军队之间提供安全通信的一种手段。今天，密码学是现代安全技术的基石，用于保护开放和封闭网络上的信息和资源。

消息验证码

MAC

A message authentication code (MAC) is a small block of data attached to a message that is used by the recipient to verify the integrity of the message. One could think of it as akin to the wax seals that used to be placed on letters and formal correspondence to verify the identify of the sender and confirm that the message had not been opened. Such codes are used when certain types of encrypted or secured data are sent so the sender can check to confirm that the message has not been compromised. Message authentication codes can appear on messages such as electronic funds transfers and emails.

消息验证码 (MAC) 是附加到消息的一小块数据，接收者使用它来验证消息的完整性。人们可以认为它类似于过去放在信件和正式信件上的蜡封，以验证发件人的身份并确认邮件没有被打开。当发送某些类型的加密或安全数据时使用此类代码，以便发送者可以检查以确认消息没有被泄露。消息验证码可以出现在诸如电子资金转账和电子邮件之类的消息中。

身份验证

Authentication

The process of identifying an individual, usually based on a username and password. In security systems, authentication is distinct from authorization , which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual.

个体识别的过程，通常基于用户名和密码。在安全系统中，身份验证与授权不同，授权是根据个人身份授予个人访问系统对象的过程。身份验证仅确保个人是他或她自称的人，但没有说明个人的访问权限。

AAA

What is AAA? Explain them?

Authentication Users and administrators must prove that they are who they say they are. Authentication can be established using username and password combinations, challenge and response questions, token cards, and other methods. For example: "I am user 'student'. I know the password to prove that I am user student."
Authorization After the user is authenticated, authorization services determine which resources the user can access and which operations the user is allowed to perform. An example is "User 'student' can access host serverXYZ using Telnet only."
Accounting and auditing Accounting records what the user does, including what is accessed, the amount of time the resource is accessed, and any changes that were made. Accounting keeps track of how network resources are used. An example is "User 'student' accessed host serverXYZ using Telnet for 15 minutes."

身份验证：用户和管理员必须证明他们是他们所说的人。可以使用用户名和密码组合、质询和响应问题、令牌卡和其他方法来建立身份验证。例如："我是用户'学生'。我知道证明我是用户学生的密码。"
授权：用户通过身份验证后，授权服务确定用户可以访问哪些资源以及允许用户执行哪些操作。例如"用户'学生'只能使用 Telnet 访问主机 serverXYZ。"
记帐和审计：记帐记录用户所做的事情，包括访问的内容、访问资源的时间量以及所做的任何更改。记帐跟踪网络资源的使用方式。例如"用户'学生'使用 Telnet 访问主机 serverXYZ 15 分钟"。

信息安全五特点

What are five characteristics of information Security? Explain them.

Confidentiality The information is not leaked to the person, or entity unauthorized process according to the given requirements, or provide the advantage of features, which put an end to the useful information leaked to unauthorized individuals or entities, emphasizing the useful information only authorized feature objects use.
Integrity The information exchange, in the transmission, storage and processing remain unmodified, non destructive and non loss property, maintain information as is, so that information can be generated correctly, storage, transmission, this is the most basic security features.
Availability Refers to the network of information authorized entities can properly access, and normal use or can recover the use of features in abnormal conditions according to the requirements, which can correctly access the required information in the operation of the system, when the system is under attack or failure, can quickly recover and put into use. Usability is a security measure of network performance of the user oriented information svstem.
Controllability Refer to information dissemination of the circulation in the network system and specific content can realize effective control, namely any information network system should be controlled in a certain range and storage space. In addition to the conventional communication and dissemination of the contents of this form of site monitoring, the most typical example password managed policy, when the eneryption algorithm by third party management, must be strictly in accordance with the provisions of the controllable execution.
Non-Repudiation The both sides of communication in the information interaction process, make sure the participants themselves, as well as provide participants with information true identity, that all participants can not be denied or deny my true identity, and provide information on the original and complete the operation and commitment.

保密性：信息不泄露给未经授权的个人或实体，按照给定的要求处理，或提供特征的优势，杜绝了有用的信息泄露给未经授权的个人或实体，强调有用信息只有授权的特征对象使用。
完整性：信息交换，在传输、存储和处理过程中保持不变、无损、不丢失的特性，保持信息原样，使信息能够正确生成、存储、传输，这是最基本的安全特性。
可用性：网络中的信息被授权实体可以正常访问，并根据要求正常使用或在异常情况下可以恢复使用功能，在系统运行过程中，当系统受到攻击时，能够正确访问所需信息或故障，可迅速恢复并投入使用。可用性是面向用户的信息系统的网络性能的安全度量。
可控性：信息传播在网络系统中的流通和具体内容能够实现有效控制，即任何信息网络系统都应控制在一定的范围和存储空间内。这种形式的站点监控除了常规的内容传播和传播外，最典型的例子是密码管理策略，当加密算法由第三方管理时，必须严格按照规定可控执行。
不可否认性：沟通双方在信息交互过程中，确保参与者本人，以及向参与者提供信息的真实身份，使所有参与者不能否认或否认本人真实身份，并提供信息原件并完成操作和承诺。

网络安全的基本目标

What are the primary goals of network Security?

Confidentiality The function of confidentiality is to protect precious business data from unauthorized persons. Confidentiality part of network security makes sure that the data is available only to the intended and authorized persons.
Integrity This goal means maintaining and assuring the accuracy and consistency of data. The function of integrity is to make sure that the data is reliable and is not changed by unauthorized persons.
Availability The function of availability in Network Security is to make sure that the data, network resources/services are continuously available to the legitimate users, whenever they require it.

保密性：保密性的功能是保护珍贵的商业数据不被未经授权的人使用。网络安全的保密性部分确保数据仅对预期和授权人员可用。
完整性：这一目标意味着维护和确保数据的准确性和一致性。完整性的功能是确保数据是可靠的并且不会被未经授权的人更改。
可用性：网络安全中可用性的功能是确保合法用户在需要时可以持续使用数据、网络资源/服务。

主被动攻击

what is active and passive attacks in network security? Explain the difference between Active and Passive Attack。

Active attack Active attacks are the attacks in which the attacker tries to modify the information or creates a false message. The prevention of these attacks is quite difficult because of a broad range of potential physical, network and software vulnerabilities. Instead of prevention, it emphasizes on the detection of the attack and recovery from any disruption or delay caused by it.
Passive attack Passive attacks are the attacks where the attacker indulges in unauthorized eavesdropping, just monitoring the transmission or gathering information. The eavesdropper does not make any changes to the data or the system.
Difference The major difference between active and passive attacks is that in active attacks the attacker intercepts the connection and modifies the information. Whereas, in a passive attack, the attacker intercepts the transit information with the intention of reading and analyzing the information not for altering it.

主动攻击：攻击者试图修改信息或创建虚假消息的攻击。由于存在广泛的潜在物理、网络和软件漏洞，因此预防这些攻击非常困难。它不是预防，而是强调检测攻击并从由它引起的任何中断或延迟中恢复。
被动攻击：攻击者着眼于未经授权的窃听，只是监视传输或收集信息的攻击。窃听者不会对数据或系统进行任何更改。
区别：主动攻击和被动攻击的主要区别在于，在主动攻击中，攻击者会拦截连接并修改信息。而在被动攻击中，攻击者拦截传输信息的目的是读取和分析信息，而不是更改信息。

云安全

What are the three features that are essential for cloud security?

Confidentiality Transparent encryption, keys managed by the Intercloud
Integrity Data authenticity from cryptographic protection
Resilience Replication tolerates data loss/corruption in a fraction of clouds

机密性，透明加密，由内部云管理密钥；
完整性，来自加密保护的数据真实性；
弹性，复制可以容忍一小部分云中的数据丢失/损坏

IPSec

Explain how IPSec provides security?

Two operations:IPsec Communication & Internet Key Exchange
IPsec Communication is typically associated with standard IPsec functionality. It involves encapsulation, encryption, and hashing the IP datagrams and handling all packet processes. It is responsible for managing the communication according to the available Security Associations (SAs) established between communicating parties. It uses security protocols such as Authentication Header (AH) and Encapsulated SP (ESP).
Internet Key Exchange (IKE) is a standard protocol used to set up a secure and authenticated communication channel between two parties via a virtual private network. The protocol ensures security for VPN negotiation, remote host and network access.

两种操作：IPsec Communication&Internet Key Exchange

IPsec Communication 通常与标准 IPsec 功能相关联。它涉及 IP 数据报的封装、加密和散列以及处理所有数据包过程。它负责根据通信双方之间建立的可用安全关联 (SA) 来管理通信。它使用安全协议，例如身份验证标头 (AH) 和封装 SP (ESP)。

Internet 密钥交换 (IKE) 是一种标准协议，用于通过虚拟专用网络在两方之间建立安全且经过身份验证的通信通道。该协议确保了 VPN 协商、远程主机和网络访问的安全性。

DoS攻击和DDoS攻击

What is a DoS attack and explain the difference of a DDoS attack?

Denial Of Service(DOS)Attack

Attempt to make a machine or network resource unavailable to its intended users.

Purpose is to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

Methods to carry out this attack may varySaturating the target with external communications requests,such that it can’t respond to legitimate traffic SERVER OVERLOAD,May include malware to max out target resources (such as CPU), trigger errors, or crash the operating system
DDoS attacks are more dynamic and comes from a broader range of attackers

拒绝服务(DoS)攻击

尝试使机器或网络资源对其预期用户不可用。
目的是暂时或无限期地中断或暂停连接到互联网的主机的服务。
执行这种攻击的方法可能会有所不同，用外部通信请求饱和目标（使它无法响应合法流量），服务器过载，可能包括恶意软件来最大限度地输出目标资源(如CPU)、触发错误或使操作系统崩溃。

DDoS攻击更动态，来自更广泛的攻击者。

对称密钥和非对称密钥

What is the difference between a Symmetric Key and Asymmetric Algorithm?

Symmetric Key Algorithm uses a single key to both encrypt and decrypt information . Also known as a secret-key algorithm . The key must be kept a "secret" to maintain security . This key is also known as a private key.
Asymmetric Key Algorithm also called public-key cryptography-Keep private key private , anyone can see public keys , separate keys for encryption and decryption (public and private key pairs)

对称密钥加密，又称私钥加密，即信息的发送方和接收方用一个密钥去加密和解密数据。它的最大优势是加/解密速度快，适合于对大数据量进行加密，但密钥管理困难。
非对称密钥加密系统，又称公钥加密。它需要使用一对密钥来分别完成加密和解密操作，一个公开发布，即公钥，另一个由用户自己秘密保存，即私钥。信息发送者用公钥去加密，而信息接收者则用私钥去解密。公钥机制灵活，但加密和解密速度却比对称密钥加密慢得多。

四类攻击（密码分析）

What are four types of attacks in Cryptanalysis? Explain them.

Ciphertext-only attack：here we need to work only from the ciphertext.
Know-plaintext attack：With this procedure, the cryptanalyst has knowledge of a portion of the plaintext from the ciphertext.
Chosen-plaintext attack：The cryptanalyst is able to have any plaintext encrypted with a key and obtain the resulting ciphertext, but the key itself is not known.
Chosen-Ciphertext attack：chosen-ciphertext attack is one in which cryptanalyst may choose a piece of ciphertext and attempt to obtain the corresponding decrypted plaintext.

惟密文攻击：仅知道密文的情况下进行攻击
已知明文攻击：攻击者已经掌握了某段明文和其相应的密文，比如截取信息前段，通过该类型攻击获取加密方式，从而便于破解后段密文。
选择明文攻击：攻击者还可以任意创造一条明文比如Excited，并得到其加密后的密文。比如用一定的手段渗透Sharon的系统，但是不能直接攻破秘钥，于是只能以她的身份发Excited，然后用抓包或者别的方法得到她发送出来的加密的消息。
选择密文攻击：除了已知明文攻击的基础，攻击者还可以任意制造或者选择一些密文，并得到其解密后的明文。比如用一定的手段在通信过程中伪造消息替换真实消息，然后窃取Sharon获得并解密的结果，有可能正好发现随手伪造的密文解密结果是有意义的，比如naive。

防火墙

什么是防火墙？防火墙有什么作用？防火墙类型分为哪三类？

Broadly speaking, a computer firewall is a software program that prevents unauthorized access to or from a private network. Firewalls are tools that can be used to enhance the security of computers connected to a network, such as LAN or the Internet. They are an integral part of a comprehensive security framework for your network.

Basically, firewalls need to be able to perform the following tasks:

Defend resources

Validate access

Manage and control network traffic

Record and report on events

Act as an intermediary Firewall is categorized into three basic types:

Packet filter (Stateless & Stateful)

Application-level gateway

Circuit-level gateway

从广义上讲，计算机防火墙是一种软件程序，可防止未经授权或来自专用网络的访问。防火墙是可用于增强连接到网络（例如 LAN 或 Internet）的计算机安全性的工具。它们是网络综合安全框架的组成部分。

基本上，防火墙需要能够执行以下任务：

保护资源
验证访问
管理和控制网络流量
记录和报告事件
充当中间人

防火墙分为三种基本类型：

包过滤型（无状态和有状态）
应用级网关
电路级网关

零知识证明

什么是零知识证明？解释Ali-Baba’s Cave零知识的经典例子。

A zero-knowledge proof is a way that a "prover" can prove possession of a certain piece of information to a "verifier" without revealing it. This is done by manipulating data provided by the verifier in a way that would be impossible without the secret information in question.The classic example of Zero-Knowledge is Ali-Baba’s Cave.
Alice wants to prove to Bob that she knows the secret words that will open the portal at CD in the cave, but she does not wish to reveal the secret to Bob. In this scenario, Alice's commitment is to go to C or D.A typical round in the proof proceeds as follows: Bob goes to A and waits there while Alice goes to C or D. Bob then goes to B and shouts to ask Alice to appear from either the right side or the left side of the tunnel. If Alice does not know the secret words (e.g."Open Sesame"), there is only a 50% chance that she will come out from the right tunnel. Bob will repeat this round as many times as he desires until he is certain that Alice knows the secret words.No matter how many times that the proof repeats, Bob does not learn the secret words.

零知识证明指的是一方（证明者）向另一方（检验者）证明某命题的方法，特点是过程中除“该命题为真”之事外，不泄露任何资讯。因此，可理解成“零泄密证明”。[1]例如，欲向人证明自己拥有某情报，则直接公开该情报即可，但如此则会将该细节亦一并泄露；零知识证明的精粹在于，如何证明自己拥有该情报而不必透露情报内容。这也是零知识证明的难点。[2]，讲白了就是你知道我知道，但你不知道我知道什么。

Ali-Baba’s Cave是零知识的典型例子，阿里巴巴想说服警官有这么一条秘密通道，但是前提是阿里巴巴不能告诉警官开门的密钥是芝麻开门，不过警官对于这个说法表示怀疑，（xswl，请不要计较故事的真实性），现在的问题是如何在警官不知道密钥的情况下，向他证明密道的存在呢？

以上图为例

警官和阿里巴巴都站在洞外A
阿里巴巴进入洞穴选择了一个岔路口并到了C/D的跟前
警官进入洞穴并在岔路口B等候（警官此时并不知道阿里巴巴进了哪条岔路）
警官随机传唤阿里巴巴从哪条路回到B
阿里巴巴随即（必要时通过密道）沿着警官指定的岔路回到B

如果阿里巴巴真的知道密钥，他准确返回的概率为100%，相比而言，如果他并不知道，准确返回的概率为50%。所以，他们试了很多次，而阿里巴巴都可以准确地返回，足以让警官相信阿里巴巴口中密道的存在，同时这期间，阿里巴巴也未曾透露任何额外信息。

以上故事诠释了证明者（阿里巴巴）向验证者（警官）提供证明，该证明在不向验证者透露知识（密钥）的前提下将证明的真实陈述公之于众。

什么是流密码？什么是分组密码？流密码和分组密码有什么区别？

What is a stream cipher? What is a block cipher? What is the difference between a stream cipher and a block cipher?

Stream ciphers belong to the family of symmetric key ciphers. Stream ciphers combine plain-text bits with a pseudorandom cipher bits stream with the use of XOR (exclusive-or) operation. Stream ciphers encrypt plain-text digits one at a time with varying transformations for successive digits. Because the encryption of each digit depends on the current state of the cipher engine, stream ciphers are also known as state ciphers. Typically, single bits/bites are used as single digits. A block cipher is another symmetric key cipher. Block ciphers operate on blocks (groups of bits) with fixed-length. Block ciphers use a fixed (unvarying) transformation for all digits in the block. For example, when an x-bit block plain-text (along with a secret key) is provided as input to the block cipher engine, it produces the corresponding x-bit block of ciphertext. The actual transformation is dependent on the secret key. Similarly, the decryption algorithm recovers the original x-bit block of plaintext using the x-bit block of ciphertext and the above secret key as the input. In case the input message is too long compared to the size of the block, it will be broken down to blocks and these blocks will be (individually) encrypted using the same key. However, because the same key is used, each repeated sequence in the plain-text becomes the same repeated sequence in the cipher-text, and this could cause security concerns. Popular block ciphers are DES (Data Encryption Standard) and AES (Advanced Encryption Standard). Although both stream ciphers and block ciphers belong to the family of symmetric encryption ciphers, there are some key differences. Block ciphers encrypt fixed length blocks of bits, while stream ciphers combine plain-text bits with a pseudorandom cipher bits stream using XOR operation. Even though block ciphers use the same transformation, stream ciphers use varying transformations based on the state of the engine. Stream ciphers usually execute faster than block ciphers. In terms of hardware complexity, stream ciphers are relatively less complex. Stream ciphers are the typical preference over block ciphers when the plain-text is available in varying quantities (for e.g. a secure wifi connection), because block ciphers cannot operate directly on blocks shorter than the block size. But sometimes, the difference between stream ciphers and block ciphers is not very clear. The reason is that, when using certain modes of operation, a block cipher can be used to act as a stream cipher by allowing it to encrypt the smallest unit of data available.

流密码属于对称密钥密码家族。流密码通过使用XOR（独占-或）操作，将纯文本位与伪随机密码位流相结合。流密码一次加密一个纯文本数字，并对连续的数字进行不同的转换。因为每个数字的加密都取决于密码引擎的当前状态，所以流密码也被称为状态密码。通常，单个比特数/比特数被用作个位数。块密码是另一个对称的密钥密码。块密码操作于固定长度的块（比特组）。块密码对块中的所有数字使用固定的（不变的）转换。例如，当提供一个x位块纯文本（连同一个密钥）作为块密码引擎的输入时，它会生成相应的x位密文块。实际的转换依赖于密钥。同样，解密算法利用密文的x位块和上述密钥作为输入，恢复原始的x位块。如果输入消息与块的大小相比太长，它将被分解为块，这些块将使用相同的密钥（单独）加密。但是，由于使用了相同的密钥，所以纯文本中的每个重复序列都变成了密码文本中的相同的重复序列，这可能会引起安全问题。流行的块密码是DES（数据加密标准）和AES（高级加密标准）。虽然流密码和块密码都属于对称加密密码家族，但也存在一些关键的区别。块密码加密固定长度的比特块，而流密码使用XOR操作将纯文本位与伪随机密码位流结合起来。即使块密码使用相同的转换，流密码也会根据引擎的状态使用不同的转换。流密码通常比块密码执行得更快。在硬件复杂性方面，流密码相对不那么复杂。当纯文本以不同的数量可用(例如一个安全的wifi连接)时，流密码是对块密码的典型偏好，因为块密码不能直接在小于块大小的块上操作。但有时，流密码和块密码之间的区别并不是很清楚。原因是，当使用某些操作模式时，块密码可以作为流加密，允许它加密可用的最小数据单元。

什么是SSL？SSL是如何工作的。

What is SSL? How SSL works.

Secure Sockets Layer (SSL) was the most widely deployed cryptographic protocol to provide security over internet communications before it was preceded by TLS (Transport Layer Security) in 1999. SSL provides a secure channel between two machines or devices operating over the internet or an internal network.

When a browser visits a website, provided the site has an SSL/ TLS certificate, the two begin what is known as the SSL handshake.

The first step of the SSL handshake involves the browser checking the validity of the SSL certificate, making sure it is authenticated by a legitimate party and therefore trustworthy.

Every SSL certificate has two keys, an associated public key and a private key. Separately, their job is to handle encryption and decryption to communicate securely during the SSL handshake.

After the browser (the client) confirms the SSL certificate is valid, the client and website (the server) create what’s known as a session key, this is a third key. The third key (the symmetric key) is used for the remained of the secure connection.

The handshake takes places over a few hundred milliseconds. Once a secure connection is established, the client and server are communicating safely.

安全套接字层(SSL)是此之前最广泛部署的加密协议，以提供互联网通信的安全在TLS之前（运输层安全）在1999年。SSL在通过互联网或内部网络运行的两台机器或设备之间提供了一个安全的通道。

当浏览器访问一个网站时，如果该网站有一个SSL/TLS证书，这两个网站就会开始进行所谓的SSL握手。
SSL握手的第一步涉及到浏览器检查SSL证书的有效性，以确保它是由一个合法的当事方进行身份验证的，因此是可信的。
每个SSL证书都有两个密钥，一个关联的公钥和一个私钥。另外，他们的工作是处理加密和解密，以便在SSL握手期间进行安全的通信。
在浏览器（客户端）确认SSL证书有效后，客户端和网站（服务器）创建一个称为会话密钥，这是第三个密钥。第三个键（对称键）用于保留的安全连接。
握手的时间超过几百毫秒。一旦建立了安全连接，客户端和服务器就可以安全地进行通信。

电子邮件使用什么安全协议？

Email uses what security protocol ?

Pretty Good Privacy (PGP) is an e-mail encryption scheme. It has become the de-facto standard for providing security services for e-mail communication. As discussed above, it uses public key cryptography, symmetric key cryptography, hash function, and digital signature. It providesPrivacy Sender Authentication Message Integrity Non-repudiation
S/MIME stands for Secure Multipurpose Internet Mail Extension. S/MIME is a secure e-mail standard. It is based on an earlier non-secure e-mailing standard called MIME.
and so on ...

PGP和OpenPGP 是一种电子邮件加密方案。它已成为为电子邮件通信提供安全服务的事实标准。如上所述，它使用公钥密码术、对称密钥密码术、散列函数和数字签名。它提供隐私 发件人身份验证 消息完整性 不可否认性
用S/MIME实现端到端加密 S/MIME 代表安全多用途 Internet 邮件扩展。 S/MIME 是一种安全的电子邮件标准。它基于称为 MIME 的早期非安全电子邮件标准。
用SSL和TLS保护邮件安全
Opportunistic TLS和Forced TLS
数字证书
用发送方策略框架实现域名欺骗保护
DKIM保护邮件安全
DMARC

通信安全考试