CSIT328 网络安全 — 考试复习笔记

Table of Contents / 目录

Lecture 1 — Introduction / 第一讲 — 简介
Lecture 2 — Attacks on the Network / 第二讲 — 网络攻击

Lecture 1 — Introduction

第一讲 — 简介

1. What is the Web? / 什么是网络？

English: The Web is a collection of services that deliver content over the Internet, including email, search, instant messaging, videos, photo sharing, personal services, security services, telecom and data management.

中文： 网络（Web）是通过互联网传递内容的一系列服务的集合，包括电子邮件、搜索、即时通讯、视频、照片分享、个人服务、安全服务、电信及数据管理等。

Simple Web Model / 简单网络模型

Component / 组件	Role / 角色
Client / 客户端	Uses the application / 使用应用程序
Server / 服务器	Provides the application / 提供应用程序
HTTP/HTTPS/FTP	Data transfer protocol / 数据传输协议

Key Point / 要点： Client ↔ Data Transfer (HTTP/HTTPS/FTP) ↔ Server, connected via a shared Application layer (cloud). 客户端通过 HTTP/HTTPS/FTP 与服务器进行数据传输，共同访问应用层。

2. Introduction to Web Security / 网络安全简介

What is Web Security? / 什么是网络安全？

English: Web security ensures that websites and web applications are secure. It covers three domains:

Browser security / 浏览器安全
Server-side security / 服务器端安全
Client-side security / 客户端安全

中文： 网络安全旨在确保网站和网络应用程序的安全，涵盖三个主要领域：浏览器安全、服务器端安全和客户端安全。

"Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences." — Michal Zalewski, The Tangled Web

「现代网络应用程序建立在随时间发展并随意拼凑在一起的各种技术之上。从 HTTP 请求到浏览器端脚本，网络应用栈的每一个部分都带来了重要而微妙的安全后果。」

Browser Security / 浏览器安全

English:

Content isolation: Security assurances isolate documents based on their origin (来源).
Restricts access to specific data areas — e.g., Same-Origin Policy (SOP) / 同源策略
Context navigation policy / 上下文导航策略
Security policy for cookies: Domain, Special cookie flags / Cookie 安全策略：域名、特殊标志

中文： 浏览器安全的核心是内容隔离，根据文档的来源（origin）进行隔离，防止不同来源的内容相互干扰。同源策略（SOP）是最典型的访问控制机制。

Client-Side Security / 客户端安全

English:

Goal: Prevent web clients from being attacked while using web applications.
Attackers aim to exploit client-side and web vulnerabilities to gain unauthorized access to sensitive information (e.g., bank accounts, passwords, cookies, private information).

中文：

目标：防止网络客户端在使用网络应用程序时遭受攻击。
攻击者利用客户端及网络漏洞，非法获取敏感信息（如银行账户、密码、Cookie、隐私信息等）。

Server-Side Security / 服务器端安全

English:

Goal: Prevent web servers from being attacked.
Attackers attempt to exploit services or gain control over the server machine.
Attackers can send anything to a server through arbitrary HTTP clients.
Important: Authorized clients may also be attackers.

中文：

目标：防止网络服务器遭受攻击。
攻击者试图利用服务漏洞或取得服务器控制权。
攻击者可通过任意 HTTP 客户端向服务器发送任意内容。
重点：经过认证的客户端也可能是攻击者。

Real-world example / 真实案例： British Airways website breach — a cross-site scripting (XSS) flaw led to the theft of financial and personal details of 380,000 customers between 21 August and 5 September. Files were loaded from seven external domains. 英国航空网站漏洞——通过 XSS 攻击，21 万至9月5日期间造成 38万客户 的财务与个人信息被盗。

3. Basic Security Components (CIA) / 基本安全组件（CIA 三角）

The intersection of Confidentiality, Integrity, and Availability = Secure 保密性、完整性、可用性三者的交集 = 安全

Confidentiality / 保密性 (C)

English:

Prevent assets from being accessed by unauthorized parties.
Supported by access control mechanisms: cryptography (keys), encryption.
Applies to existence of data too (sometimes more revealing than the data itself).
Resource hiding: Sites conceal configuration and what systems they use.
Assumptions and trust underlie confidentiality mechanisms.

中文：

防止资产被未经授权的个人、组织或政府访问。
通过访问控制机制支撑，例如密码学（密钥）、加密。
也适用于数据的存在性（有时比数据本身更具泄露价值）。
资源隐藏：站点隐藏其配置及所使用的系统信息。

Integrity / 完整性 (I)

English:

Data integrity: the content of information is correct.
Origin integrity: the source of the data (= authentication / 认证).

Two classes of integrity mechanisms:

Mechanism / 机制	Description / 描述	Example / 示例
Prevention / 预防	Block unauthorized changes / 阻止未授权修改	Access control / 访问控制
Detection / 检测	Report data integrity violations / 报告完整性违规	Digital signatures, MAC / 数字签名、消息认证码

Key distinction vs. Confidentiality:

With confidentiality, data is either compromised or not. But integrity includes both correctness and trustworthiness of data — it also depends on the origin of data, protection in transit, and protection at the current machine. Thus, evaluating integrity is often difficult.

中文： 完整性包括数据完整性（内容正确）和来源完整性（数据来源可信，即认证）。与保密性不同，完整性需要同时考虑正确性和可信性，评估往往更为困难。

Availability / 可用性 (A)

English:

Linked to reliability and system design — an unavailable system is as bad as no system at all.
Deliberate denial of access = Denial-of-Service (DoS) attacks / 拒绝服务攻击
DoS attacks are hard to detect: unusual patterns may be deliberate manipulation or just atypical events.
Statistical models of network traffic are important.

中文：

与可靠性和系统设计密切相关——系统不可用等同于没有系统。
故意阻断访问 = 拒绝服务（DoS）攻击。
DoS 攻击难以检测：异常访问模式可能是蓄意操作，也可能只是非典型事件。

4. More Security Properties / 更多安全属性

Property / 属性	Definition / 定义	Example / 示例
Authentication / 认证	Know who you are communicating with / 确认通信对象身份	Check validity of secret values / 验证秘密值
Authorization / 授权	Users access only entitled resources / 用户只能访问其权限范围内的资源	Access control models / 访问控制模型
Non-repudiation / 不可否认性	Sender cannot deny sending a message / 发送方无法否认已发送消息（有法律意义）	Digital signature / 数字签名

5. Vulnerabilities, Attacks, Threats and Risks / 漏洞、攻击、威胁与风险

Key Definitions / 核心定义

Term / 术语	English Definition	中文定义
Vulnerability / 漏洞	A weakness in the system that could be exploited to harm it	系统中可被利用来造成危害的弱点（如过于简单的密码、错误配置）
Attack / 攻击	Exploitation of vulnerabilities using specific techniques to cause damage	利用特定技术对一个或多个漏洞进行利用，造成破坏
Threat / 威胁	A potential danger that might exploit vulnerabilities	可能利用漏洞的潜在危险（即使未发生也构成威胁）
Risk / 风险	Potential for loss when a threat exploits a vulnerability	威胁利用漏洞时造成损失的可能性

Formula / 公式： Risk = Threats + Vulnerabilities 风险 = 威胁 + 漏洞

An attacker/adversary is the one who causes the attack.
A threat agent damages or steals information.
The violation need not occur for there to be a threat — the possibility is enough.

中文重点： 威胁不需要实际发生，可能性本身就构成威胁。

6. OWASP Top 10

OWASP = Open Web Application Security Project / 开放网络应用安全项目

#	Risk (2021) / 风险（2021）
A01	Broken Access Control / 失效的访问控制
A02	Cryptographic Failures / 加密机制失效
A03	Injection / 注入攻击
A04	Insecure Design / 不安全设计
A05	Security Misconfiguration / 安全配置错误
A06	Vulnerable and Outdated Components / 使用易受攻击或过时的组件
A07	Identification and Authentication Failures / 身份识别和认证失败
A08	Software and Data Integrity Failures / 软件和数据完整性故障
A09	Security Logging and Monitoring Failures / 安全日志和监控故障
A10	Server-side Request Forgery / 服务端请求伪造（SSRF）

Examples of Threats by Layer / 按层级划分的威胁示例

Layer / 层级	Threats / 威胁
User Layer / 用户层	Phishing / 钓鱼攻击
Application Layer / 应用层	SQL Injection, XSS, CSRF, Authentication Failure
Server Layer / 服务器层	Denial-of-Service (DoS) / 拒绝服务
Network Layer / 网络层	Man-in-the-Middle, Packet-sniffing, DNS hijacking

Web Security Goals / 网络安全目标

Securing web applications / 保护网络应用程序安全 — same properties as traditional apps
Security Invariants / 安全不变量 — new platform elements must not violate existing security invariants
Safely browsing / 安全浏览 — clients visit websites without being attacked
Session Integrity / 会话完整性 — attackers cannot cause honest servers to undertake sensitive actions

Web application security is hard because of: complex execution environment, multi-layer architecture, security flaws, implementation issues, and misconfiguration. 网络应用安全困难的原因：复杂的执行环境、多层架构、安全缺陷、实现问题和错误配置。

7. Overview of Traditional Web Technologies / 传统网络技术概览

URL Structure / URL 结构

http://example.com:8080/a/b.html?user=Bob#information
 ↑         ↑        ↑      ↑        ↑         ↑
Protocol  Hostname  Port   Path    Query    Fragment
协议       主机名    端口   路径    查询参数   片段标识
[Required / 必填]        [Optional / 可选]

Required / 必填: Protocol, Hostname, Path Optional / 可选: Port, Query, Fragment

HTTP / 超文本传输协议

English:

HTTP = Hypertext Transfer Protocol — core transfer mechanism of the Web.
Preferred method for exchanging URL-referenced documents between servers and clients.

Common HTTP Requests / 常见请求方法：

Method / 方法	Purpose / 用途
GET	Retrieve a resource (html, image, audio) / 获取资源
POST	Submit a form (username, password) / 提交表单数据

中文： HTTP 是 Web 的核心传输机制，用于服务器与客户端之间交换 URL 引用的文档。

DNS — Domain Name System / 域名系统

English: DNS translates domain names to IP addresses so browsers can fetch resources.

DNS Resolution Process (8 steps) / DNS 解析过程（8步）：

Client requests DNS Recursive Resolver to look up hostname (e.g., example.com)
Recursive Resolver queries DNS Root Nameserver
Root Nameserver responds with TLD Nameserver IP address (e.g., .com)
Recursive Resolver queries TLD Nameserver for example.com
TLD Nameserver responds with IP of Authoritative Nameserver
Recursive Resolver queries Authoritative Nameserver for example.com
Authoritative Nameserver returns the IP address of example.com
Recursive Resolver responds to the client with the IP address

中文： DNS 将域名转换为 IP 地址，使浏览器能够获取资源。解析过程依次经过：递归解析器 → 根域名服务器 → 顶级域服务器（TLD）→ 权威域名服务器，最终返回 IP 地址给客户端。

HTML / 超文本标记语言

English:

HTML = HyperText Markup Language
Gives content structure and meaning (headings, paragraphs, images)
NOT a programming language — it is a markup language
Uses tags to define elements: <head>, <title>, <script>, <img>, etc.

中文： HTML 是超文本标记语言，通过标签为内容提供结构和语义（标题、段落、图像等），是一种标记语言而非编程语言。

CSS — Cascading Style Sheets / 层叠样式表

English:

Text-based page appearance description language.
Separates content from style: better designer control, better site-wide appearance management.
Cascading: browsers apply multiple rules to override default styles; some styles may not be supported by all browsers.

中文： CSS 是基于文本的页面外观描述语言，将内容与样式分离。"层叠"指浏览器应用多条规则来覆盖默认样式，部分样式可能不被所有浏览器支持。

DOM — Document Object Model / 文档对象模型

English:

HTML DOM = a tree of objects representing the HTML document.
Provides a programming interface (APIs) to access and manipulate HTML elements.

中文： DOM 是将 HTML 文档表示为对象树结构，提供编程接口（API）来访问和操作 HTML 元素。

Document
  └── Root element <html>
        ├── Element <head>
        │     └── Element <title> → Text "DOM example"
        └── Element <body>
              ├── Element <h1> → Text "Demo"
              └── Element <img> → Attribute "src"

JavaScript

English:

Scripting language developed by Netscape / 由 Netscape 开发的脚本语言
Aims to process client-side HTML documents
Code can be embedded in HTML or included as external file
Browsers interpret JS code and return immediate feedback
No installation or development environment needed

JavaScript can dynamically modify / JS 可动态修改：

HTML elements / HTML 元素
Style / 样式
Input/output / 输入输出
Cookies
Data processing / 数据处理
HTTP requests / HTTP 请求

<!-- Inline / 内联 -->
<script>
    document.write("Hello, Web!");
</script>
 
<!-- External file / 外部文件 -->
<script src="/path/to/script.js"></script>

Security note / 安全注意： Because JavaScript can access Cookies and make HTTP requests, it is a major attack surface for XSS (Cross-Site Scripting). 由于 JavaScript 可访问 Cookie 并发出 HTTP 请求，它是 XSS（跨站脚本）攻击的主要攻击面。

Authentication and Authorization / 认证与授权

English:

Prevents unauthorized clients from accessing web services (both static and dynamic).
HTTP provides Authentication request headers (WWW-Authenticate) for credentials.
Permissions are decided based on user credentials.
Credentials are attached to every subsequent request to the origin.

Two HTTP authentication methods / 两种 HTTP 认证方法：

Method / 方法	How it works / 工作原理	Security / 安全性
Basic	Encodes credentials as Base64 string	NOT secure — easy to decode, vulnerable to replay attacks
Digest	Encodes using cryptographic hash functions + nonces to prevent replay	Still vulnerable to dictionary attacks & impersonation — no longer secure

Basic Auth Example / Basic 认证示例：

alice:kta9De@i3  →  YWxpY2U6a3RhOURlQGkz  (Base64)

中文重点： Basic 认证将凭据 Base64 编码，不安全（易解码、易被重放攻击）。Digest 认证使用哈希和 Nonce，但仍不够安全，现已不再推荐使用。

HTTPS / 安全超文本传输协议

English:

HTTP over TLS (Transport Layer Security)
Uses port 443 (vs. port 80 for HTTP)
Encrypts: URL, document contents, browser form data, cookies, HTTP headers

中文： HTTPS 是基于 TLS（传输层安全）的 HTTP，使用 443 端口（HTTP 使用 80 端口），对 URL、文档内容、表单数据、Cookie 及 HTTP 头进行加密传输。

Session Management / 会话管理

Problems with HTTP Authentication / HTTP 认证的问题：

Cannot log out unless closing the browser / 无法登出（除非关闭浏览器）
Limits on personalized client experience / 限制个性化体验
Security issues / 安全问题

Solution / 解决方案：

Session Management: Server-side session object associates multiple requests from the same user.
HTTP Cookie: Stores and manages stateful information of a user; created by the web server.

中文： 会话管理机制提供服务端会话对象，将同一用户的多个请求与该对象关联。HTTP Cookie 由服务器创建，用于存储和管理用户的有状态信息。

Browser Extensions and Plugins / 浏览器扩展与插件

Feature	Plugins / 插件	Extensions / 扩展
Purpose	Handle services browsers don't natively support	Extend core browser functionality
Example	Adobe Flash Player	Toolbar, ad blockers, etc.
Security	Basic browser policies may no longer work; malicious code risk	Privacy concerns; browser-specific
Implementation	Various	APIs, JavaScript, HTML, CSS

8. Web Threat Models / 网络威胁模型

Definition / 定义

English: A threat model is a structured representation that gives all the information affecting the security of an application. Attackers are given particular capabilities and assumptions.

中文： 威胁模型是一种结构化表示，提供影响应用程序安全的所有信息。攻击者在特定能力和假设下发动攻击。

Four Threat Models / 四种威胁模型

1. Forum Poster / 论坛发帖者

English:

A user of an existing web application who does not register domains or host content.
Can post active content within provided features of the application.
Cannot create HTTP(S) requests other than those triggered from the browser.

中文： 不注册域名也不托管内容的现有网络应用用户，只能在应用程序提供的功能范围内发布活跃内容，无法创建浏览器以外的 HTTP 请求。

2. Web Attacker / 网络攻击者

English:

A malicious principal who operates a website visited by the user.
Controls at least one web server; controls DNS names (e.g., attacker.com).
Can obtain SSL/TLS certificate for own domain (enabling HTTPS).
No special network privileges (no eavesdropping, forgery, etc.).
Has access to browser's Web APIs (e.g., window.open()).
Can maintain a persistent thread of control in the user's browser.

中文： 运营被用户访问的网站的恶意主体。控制至少一台服务器和 DNS 名称，可获取自身域名的 TLS 证书，但无特殊网络权限（无法窃听或伪造）。可访问浏览器 Web API，并在用户浏览器中保持持续控制线程。

3. Gadget Attacker / 工具攻击者

English:

Has all abilities of a web attacker + ability to inject limited content into honest websites.
Injection attacks include: SQL injection, Command injection, Cross-site scripting (XSS)

中文： 具备网络攻击者的所有能力，并额外能够向正规网站注入有限类型的内容（如 SQL 注入、命令注入、XSS）。

4. Network Attacker / 网络攻击者（网络层）

English:

Has all abilities of a web attacker + network-level capabilities:
- Passive: read content (eavesdropping / 窃听)
- Active: read, control, and block content (evil router, DNS poisoning / DNS 投毒)
Can only work with unencrypted traffic — cannot read/modify HTTPS without keys.

中文： 具备网络攻击者的所有能力，并额外拥有网络层能力：被动（窃听）和主动（控制/阻断内容，如恶意路由器、DNS 投毒）。只能处理未加密流量，无法在没有密钥的情况下读取或修改 HTTPS 内容。

Attacker Capabilities Summary / 攻击者能力汇总

Capability / 能力	Forum Poster	Web Attacker	Gadget Attacker	Passive Network	Active Network
Send requests to application / 发送请求	▲	▲	▲	▲	▲
Register own domain / 注册域名		▲	▲	▲	▲
Register valid TLS certificate / 注册TLS证书		▲	▲	▲	▲
Host content under own domain / 托管内容		▲	▲	▲	▲
Respond to requests from own domain / 响应请求		▲	▲	▲	▲
Manipulate target's domain-based data / 操控域数据			▲	△	△
Manipulate target's client-side context / 操控客户端			▲	△	△
Eavesdrop on network traffic / 窃听网络流量				▲	▲
Generate network traffic / 生成网络流量					▲
Intercept & manipulate traffic / 拦截并操控流量					▲

▲ = Has the capability / 具备该能力 △ = May have the capability / 可能具备该能力

User Behaviour Assumptions / 用户行为假设

English:

The user might visit any website, including the attacker's.
The user does not confuse the attacker's website with an honest one.
User correctly interprets browser's security indicators (location bar, connection status).
Phishing attacks are not considered under this model.

中文： 用户可能访问任何网站（包括攻击者的网站），但被假设不会将攻击者网站误认为合法网站，能正确理解浏览器安全指示（地址栏、连接状态）。钓鱼攻击不在此模型考虑范围内。

Quick Review — Key Terms / 快速复习——关键术语

Term / 术语	Quick Definition / 快速定义
CIA Triad / CIA 三角	Confidentiality + Integrity + Availability
SOP / 同源策略	Same-Origin Policy — restricts cross-origin data access
DoS	Denial-of-Service — blocks availability of a service
XSS	Cross-Site Scripting — injects malicious scripts into web pages
CSRF	Cross-Site Request Forgery — tricks users into unintended actions
SQL Injection	Malicious SQL queries via user input fields
DNS Hijacking	Redirecting DNS queries to malicious servers
MitM	Man-in-the-Middle — intercepts communications between client & server
TLS/HTTPS	Encrypted communication between client and server
Base64	Encoding scheme (not encryption!) used in Basic Auth
Nonce	Number used once — prevents replay attacks
OWASP	Open Web Application Security Project

Notes compiled from: CSIT328 Web Security Lecture 1 — Introduction (April 2026) 笔记整理自：CSIT328 网络安全第1讲 — 简介（2026年4月）

Lecture 2 — Attacks on the Network

第二讲 — 网络攻击

1. Network Attacks and Threats / 网络攻击与威胁

Four Types of Network Attacks / 四种网络攻击类型

Type / 类型	Description / 描述
Interruption / 中断	Communication is blocked — packet never arrives / 通信被阻断，数据包无法到达目的地
Interception / 截获	Attacker copies the transmitted data / 攻击者截取并复制传输中的数据
Modification / 篡改	Attacker alters data in transit / 攻击者修改传输中的数据
Fabrication / 伪造	Attacker injects fake data into the channel / 攻击者向信道注入伪造数据

Passive vs. Active Attacks / 被动攻击 vs. 主动攻击

Category / 类别	Examples / 示例
Passive Attacks / 被动攻击	Eavesdropping（窃听通信）、Traffic analysis（流量分析：身份、位置、内容）
Active Attacks / 主动攻击	Replay（重放）、Impersonation（冒充）、DoS（拒绝服务）、MitM（中间人）

中文： 被动攻击只监听不修改，主动攻击则直接干预、修改或阻断通信。被动攻击隐蔽性强，主动攻击破坏性大。

2. Eavesdropping & Cryptography / 窃听与密码学

Eavesdropping / 窃听

English:

Attacker listens to network traffic and obtains what is transmitted.
It is a passive attack and easy to implement via: Wi-Fi/cable access, routers/gateways/proxies, ISP.
Steals clear-text content: usernames & passwords, cookies, credentials.

中文： 攻击者监听网络，获取明文传输的内容（用户名、密码、Cookie、凭证）。属于被动攻击，实施门槛低。

Mitigation — Encryption / 缓解措施：加密

English: Encrypt content before sending to the network.

Symmetric-key encryption: AES, ChaCha20
Shared session key establishment: Diffie-Hellman (DH) Key Exchange / 密钥协商协议

中文： 在发送到网络前对内容加密，使用对称加密算法（如 AES、ChaCha20），通过 Diffie-Hellman 密钥交换协议建立共享会话密钥。

⚠️ Problem / 问题： If attacker obtains the server's master (private) key, they can reproduce all session keys and decrypt past traffic. 若攻击者获取服务器的主密钥（私钥），则可重新推导出所有历史会话密钥，解密历史流量。

Cryptography Concepts / 密码学基本概念

Concept / 概念	Definition / 定义
Key / 密钥	A data unit used for encryption/decryption / 用于加解密的数据单元
Encryption / 加密	Converts plaintext to ciphertext interpretable only by key holders / 将明文转换为只有持有密钥者才能读取的密文
Digital Signature / 数字签名	Electronic analogy of handwritten signature; ensures message integrity and origin authenticity / 数字手写签名的类比，确保消息完整性和来源真实性
Session Key / 会话密钥	A key generated and used for one session only / 仅在一个会话中生成并使用的密钥

Symmetric-key vs. Public-key Cryptography / 对称与非对称密码学

Type / 类型	Key Usage / 密钥使用	Examples / 示例
Symmetric-key / 对称密钥	Same key for both encryption & decryption; shared with all authorized users / 加密解密使用同一密钥，与所有授权用户共享	AES, DES, ChaCha20
Public-key / 公钥（非对称）	Public key (everyone) for encryption; Private key (one user only) for decryption / 公钥（所有人）加密，私钥（仅本人）解密	RSA, ECC; used for digital signatures, certificates

中文： 对称加密速度快但密钥分发困难；非对称加密解决了密钥分发问题，常用于数字签名和证书认证，但速度较慢。

3. Forward Secrecy & SSL/TLS

Forward Secrecy / 前向保密性

English:

A key agreement protocol provides forward secrecy (also called perfect forward secrecy) if old session keys remain secure even when long-term (private) keys of participants are compromised.
How achieved on the Web? → SSL/TLS with ephemeral key exchange (e.g., DHE, ECDHE).
Forward secrecy was optional in TLS 1.1/1.2, but is mandatory in TLS 1.3.

中文： 前向保密（完美前向保密）指即使长期私钥泄露，历史会话密钥仍然安全。在 Web 上通过 SSL/TLS 的临时密钥交换（如 DHE、ECDHE）实现。TLS 1.3 已将其作为强制要求。

Key Idea / 核心思路：

Master Key (server) → Authenticate → Temporary Key
Temporary Key → Derive → Session Key (per session)
[If Master Key is leaked, session keys remain safe because Temp Keys are discarded]
主密钥仅用于认证临时密钥；临时密钥派生会话密钥；
每次会话结束后临时密钥销毁，即使主密钥泄露历史会话也安全

SSL/TLS Basics / SSL/TLS 基础

English:

Creates a secure and reliable communication channel.
The connection is private: symmetric encryption used after the initial handshake.
Mutual authentication possible between sender and receiver.

SSL/TLS Protocol Stack / 协议栈：

┌──────────────┬─────────────────┬────────────┬──────┐
│  Handshake   │ Change Cipher   │   Alert    │ HTTP │  ← Client-Server Auth + Key negotiation
│  Protocol    │ Spec Protocol   │  Protocol  │      │
├──────────────┴─────────────────┴────────────┴──────┤
│              Record Protocol                        │  ← Confidentiality + Integrity
├─────────────────────────────────────────────────────┤
│              TCP                                    │
├─────────────────────────────────────────────────────┤
│              IP                                     │
└─────────────────────────────────────────────────────┘

中文： SSL/TLS 创建安全可靠的通信信道：握手协议完成双向认证与密钥协商；记录协议提供加密（保密性）和完整性保护；底层仍是 TCP/IP。

SSL/TLS Handshake / 握手过程

English:

Authenticate server and client via certificates.
Negotiate encryption algorithm, MAC algorithm, and cryptographic keys (cipher suites + Diffie-Hellman).
Executed before any application data is transmitted.

中文： 握手过程先交换证书完成身份认证，协商加密套件和密钥，最后才传输应用数据。

4. Certificate / 证书

What is a Certificate? / 什么是证书？

English:

A publicly verifiable record that associates a user/server with a public key.
Generated by a trusted Certificate Authority (CA) — carries CA's digital signature.
Certificate verification checks if the received public key is authentic.
Certificate is a critical component to set up HTTPS.

中文： 证书是将用户/服务器与公钥关联起来的公开可验证记录，由受信任的证书颁发机构（CA）签发（附有 CA 的数字签名）。证书是建立 HTTPS 的关键组件。

How a Browser Verifies a Certificate / 浏览器如何验证证书

English (4 checks):

Subject match: Domain name in certificate must match the server's domain.
Expiry check: Certificate must not be expired.
Trusted CA: Must be issued by a CA in the browser's trusted list → verify CA's digital signature + certificate chain.
Other requirements: Extension fields (e.g., intended usage must be server authentication).

⚠️ It is very important to ensure the validity of server's certificate. 确保服务器证书的有效性至关重要。

中文（四项验证）：

主体信息是否与服务器域名一致
证书是否已过期
是否由受信任的 CA 签发（验证 CA 数字签名 + 证书链）
其他要求（如扩展字段中的用途字段）

5. Same-Origin Policy (SOP) / 同源策略

Definition / 定义

English:

The basic security model enforced in browsers.
Prevents scripts on one website from accessing data/resources of another website.
Origin = Protocol + Hostname + Port
Two URLs have the same origin if and only if all three components are identical.

中文： 浏览器中强制执行的基本安全模型，防止一个网站的脚本访问另一个网站的数据/资源。源 = 协议 + 主机名 + 端口，三者完全相同才是同源。

SOP Access Rules — Example / SOP 访问规则示例

Base URL: https://example.com/CSIT328

Target URL / 目标 URL	Allowed? / 允许？	Reason / 原因
`https://victim.com:443/CSIT328`	❌ No	Different hostname / 主机名不同
`https://example.com:400/CSIT328`	❌ No	Different port / 端口不同
`http://example.com:443/CSIT328`	❌ No	Different protocol / 协议不同
`https://example.com:443/CSCI361`	✅ Yes	Same origin, different path only / 同源，仅路径不同

Same-Origin Full Access Includes / 同源完全访问包含

Full network access / 完整网络访问
Read/Write DOM / 读写 DOM
Storage access (cookies, localStorage) / 存储访问

SOP Exceptions / SOP 例外

English: SOP does NOT apply to HTML embedding tags such as <img>, <script src="..."> (dynamically loaded scripts), <link>, <iframe src="..."> (load only, access to content blocked).

<!-- Allowed by SOP — can embed from different origin / 允许跨源嵌入 -->
<script src='https://staff.example.com/CSIT328/myScript.js'></script>
<img src='https://apt.victim.com/image.png'>
 
<!-- NOT Allowed — reading iframe content from different origin / 不允许读取跨源 iframe 内容 -->
<script>
  const iframe = document.createElement('iframe');
  iframe.src = 'https://staff.example.com/CSIT328';
  document.body.appendChild(iframe);
  // Access NOT allowed:
  iframe.contentDocument.body.style.backgroundColor = 'red';
</script>

中文： SOP 不适用于 HTML 嵌入标签（如 <img>、<script src>）——可以跨域加载，但不能跨域读取内容（如 iframe 内容）。

SOP Problems / SOP 的问题

English:

May not be enforced on older browsers / 旧版浏览器可能不强制执行
Too wide: example.com/CSIT328 and example.com/CSCI368 (same origin) can access each other's DOM — undesirable if they are independent apps.
Too narrow: login.example.com and shop.example.com (different subdomains) cannot exchange data — inconvenient for legitimate cross-subdomain communication.
Can be bypassed by XSS attacks.

中文： SOP 有时过于宽泛（同源不同路径可互访），有时又过于狭窄（不同子域之间无法合法共享数据）。此外可被 XSS 攻击绕过。

6. Man-in-the-Middle (MitM) Attacks / 中间人攻击

What is MitM? / 什么是中间人攻击？

English:

An attacker positions themselves between the victim and the target application.
Can inspect and modify all traffic passing through.
Primarily breaks integrity of data.
Confidentiality can remain if traffic is encrypted via TLS — but TLS itself can be targeted.

中文： 攻击者将自己插入受害者与目标应用之间，可查看并篡改所有流量。主要破坏完整性。若流量用 TLS 加密，保密性依然可以维持，但攻击者可以针对 TLS 本身发起攻击。

General Defence / 通用防御措施

English:

Implement secure authentication mechanisms between user and application:
- Symmetric-key: Pre-shared key authentication, Message Authentication Code (MAC)
- Public-key: Certificate-based authentication, Authenticated key exchange

中文： 本质上是在用户与应用间实现安全认证机制——对称密钥方案（预共享密钥、MAC）或公钥方案（基于证书的认证、认证密钥交换）。

7. SSL Strip & HSTS

HTTPS Upgrade / HTTPS 升级

English:

Web servers redirect HTTP to HTTPS (HTTP 301 Moved Permanently).
Problem: Attackers can intercept the first HTTP request before redirection and prevent HTTPS.

GET http://www.uow.edu.au → HTTP/1.1 301 Moved Permanently → Location: https://www.uow.edu.au/

中文： 服务器通过 301 重定向将 HTTP 升级为 HTTPS，但攻击者可在第一次 HTTP 请求被重定向之前截获流量，阻止 HTTPS 升级。

SSL Strip Attack / SSL 剥离攻击

English (How it works / 工作原理):

Attacker intercepts network traffic (e.g., via ARP spoofing) — traffic routed through attacker.
Intercepts clear-text HTTP request before HTTPS redirection.
Modifies HTTP response so it looks normal to the victim (victim stays on HTTP).
Attacker connects to the real server via HTTPS.
Attacker sees all plaintext from victim; forwards (possibly modified) data to server.

中文（步骤）：

攻击者通过 ARP 欺骗等方式截获网络流量。
在 HTTPS 重定向之前截获明文 HTTP 请求。
修改 HTTP 响应，使受害者看起来连接正常（停留在 HTTP）。
攻击者自己通过 HTTPS 连接真实服务器。
攻击者以明文查看所有流量，SSL/TLS 被剥离。

HTTP Strict Transport Security (HSTS) / HTTP 严格传输安全

English:

Server instructs browser to always use HTTPS regardless of user-specified protocol.
Browser automatically rewrites http:// to https://.
Invalid certificates on the HTTPS site cannot be bypassed.

Strict-Transport-Security: max-age=31536000; includeSubDomains
                             ↑ Expire time (seconds)  ↑ Apply to all subdomains

中文： 服务器通过响应头告知浏览器始终使用 HTTPS，浏览器自动将 http:// 改写为 https://，且 HTTPS 证书无效时无法绕过警告。

HSTS Weakness / HSTS 的弱点

English:

HSTS is set on the first visit (Trust-on-First-Use / TOFU).
Attacker can still launch SSL Strip before HSTS is established (on first visit).

中文： HSTS 在首次访问时才建立（首次信任机制），因此攻击者仍可在 HSTS 建立前的第一次访问时发起 SSL 剥离攻击。

HSTS Preload List / HSTS 预加载列表

English:

Browser hardcodes a list of sites that must always be HTTPS-only (see: https://hstspreload.org/).
Site operators apply to be added; once in, the browser enforces HTTPS before any connection.

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

中文： 浏览器内置"必须使用 HTTPS"的站点列表，无需等待首次访问即可强制 HTTPS，从根本上防止 SSL 剥离攻击。

HSTS Limitations / HSTS 的局限性

Limitation / 局限	Detail / 详情
All-or-nothing for subdomains	`includeSubDomains` must apply uniformly — no exceptions / 必须对所有子域统一应用，无法例外
Cannot revoke HSTS	Once cached, HSTS cannot be recalled until `max-age` expires / 缓存后无法撤销，直到过期
Hard to remove from preload list	Once hardcoded, very difficult to remove / 一旦硬编码入浏览器，移除极为困难
Privacy abuse	HSTS can be abused for web tracking even in private browsing mode / 可被滥用于私密浏览模式下的网络追踪

中文： HSTS 的主要局限包括：子域必须全部适用无法例外、无法提前撤销、预加载列表难以移除、以及可被滥用于隐私追踪。

8. Rogue Certificate, HPKP & Certificate Transparency / 流氓证书

Rogue Certificate Attack / 流氓证书攻击

English:

A CA can issue a certificate for any domain.
If a CA is compromised, attacker can obtain a valid certificate for any site (e.g., example.com).
Attacker runs a fake server with a certificate from a valid CA.
Attacker performs MitM — two separate TLS sessions (victim↔attacker, attacker↔real server).
Both sessions are encrypted, but the attacker sees all plaintext.

中文： CA 可以为任意域名签发证书。若 CA 被攻陷，攻击者可获取合法证书并搭建假服务器，与受害者和真实服务器分别建立 TLS 会话，以"合法"身份执行中间人攻击。

Defence 1 — HTTP Public Key Pinning (HPKP) / 防御1：公钥固定

English:

Defined in RFC 7469: browser remembers (pins) the public key hash of a site's certificate.
An attacker must obtain the specific private key, not just any CA-signed certificate.
TOFU mechanism: pinning info is sent over HTTPS on first visit.
Weakness: If attacker passes validation on first visit → hostile pinning → DoS attack.
Solution attempt: Hardcode list of trusted CA public key hashes in browser.
HPKP is now deprecated due to misuse and replaced by Certificate Transparency.

中文： HPKP（RFC 7469）让浏览器记住站点证书的公钥哈希，攻击者必须获取特定私钥才能伪造。但因实施困难（首次信任机制、可被恶意固定导致 DoS）且误用频繁，现已废弃，由证书透明度（CT）取代。

Defence 2 — Certificate Transparency (CT) / 防御2：证书透明度

English:

Goal: Detect malicious certificates by providing publicly auditable, append-only logs of all issued certificates.
Does not prevent CA from issuing rogue certs, but makes them detectable.

CT 7-Step Process / CT 7步流程：

Web server operator requests a certificate from CA.
CA generates a precertificate and sends it to log servers.
Log server adds it to an append-only, publicly auditable, cryptographically assured log.
Log server returns a Signed Certificate Timestamp (SCT) to the CA.
CA embeds SCTs in the certificate and sends it to the domain owner.
When browser visits, it checks SCTs with log servers (via inclusion proofs) to verify.
Monitors check logs periodically and ensure consistency.

中文（7步流程）：

服务器运营商向 CA 申请证书。
CA 生成预证书发送给日志服务器。
日志服务器将其记录到只追加、公开可审计、密码学保证的日志中。
日志服务器返回**签名证书时间戳（SCT）**给 CA。
CA 将 SCT 嵌入证书后发给域名所有者。
浏览器访问时通过包含证明验证 SCT，确认证书已被记录。
监控方定期检查日志一致性。

Signed Certificate Timestamp (SCT) / 签名证书时间戳

English:

SCT is a log's promise to incorporate the certificate in the Merkle Tree within the Maximum Merge Delay (MMD).
Delivered via: embedded in certificate / OCSP / TLS handshake.
Major browsers (Chrome, Safari) require at least two SCTs for verification.

中文： SCT 是日志服务器承诺在最大合并延迟（MMD）内将证书纳入 Merkle 树的凭证。主流浏览器（Chrome、Safari）要求至少两个 SCT 才接受证书。

Merkle Tree & Inclusion Proof / Merkle 树与包含证明

English:

Certificate logs are stored in a Merkle hash tree for efficient and tamper-evident verification.
Inclusion proof: proves a certificate (leaf) is included in the Merkle tree by providing the path to reconstruct the root.
Key properties / 关键属性:
- Unique path from leaf to root / 叶子到根唯一路径
- Same root = same view of all certificates / 相同根哈希 = 相同证书视图
- Guarantees integrity if hash function is secure / 哈希函数安全则保证完整性
- Verify a leaf in O(log N) / O(log N) 验证一个叶节点
- New tree can grow by combining two old trees / 新树可通过合并两棵旧树生成

Root: H(H(H(Cert1)||H(Cert2)) || H(H(Cert3)||H(Cert4)))
              /                         \
H(H(Cert1)||H(Cert2))       H(H(Cert3)||H(Cert4))
       /      \                    /        \
  H(Cert1) H(Cert2)          H(Cert3)   H(Cert4)
  [leaf]   [leaf]             [leaf]     [leaf]

H = hash function;  || = concatenation
Inclusion proof for Cert1: {H(Cert2), H(H(Cert3)||H(Cert4))}

中文： Merkle 树以哈希树形式存储证书日志，包含证明通过提供从叶节点到根节点的路径来高效（O(log N)）验证某张证书是否被记录。

CT Privacy Concern / CT 隐私问题

English:

SCT contains domain name info — log server may learn which TLS servers a browser visits.
CT v2.0 allows embedding inclusion proofs in certificates, so browser doesn't need to contact log servers directly.

中文： SCT 包含域名信息，若浏览器直接向日志服务器获取包含证明，日志服务器就能知道用户访问了哪些网站。CT 2.0 允许将包含证明嵌入证书，避免此隐私问题。

9. Protocol Level Attacks / 协议级攻击

Overview / 概述

English:

Network attacks can target security protocol implementations or the protocols themselves.
Attacks on HTTPS implementation: Heartbleed
Attacks on TLS protocol: Lucky-13, BEAST, CRIME, POODLE, …

中文： 网络攻击可针对安全协议的实现漏洞（如 Heartbleed）或协议设计本身（如 Lucky-13、BEAST、CRIME、POODLE）。

Heartbeat Extension / 心跳扩展

English:

Defined in RFC 6250; keeps a TLS connection alive without renegotiation.
Web server responds with an exact copy of the payload received from client.

Client → HeartbeatRequest  (Payload_len: 17, Payload: "Hello, I am Alice")
Server → HeartbeatResponse (Payload_len: 17, Payload: "Hello, I am Alice")

中文： 心跳扩展（RFC 6250）通过让服务器回显客户端发送的 payload，保持 TLS 连接活跃，无需重新握手。

Heartbleed Attack / Heartbleed 攻击

English:

Cause: OpenSSL (versions 1.0.1 ~ 1.0.1f) failed to validate that the declared payload length matches the actual payload length.
Effect: Server returns the declared length of memory (attacker-specified), leaking server memory content.
Leaked data: Private keys, session cookies, credentials, etc.
Difficult to detect — attack leaves no trace on server logs.

Attack Example / 攻击示例：

Attacker → HeartbeatRequest  (Payload_len: 65535, Payload: "Hi")
Server   → HeartbeatResponse (Payload_len: 65535, Payload: "Hi" + [64KB of server memory])
                                                                    ↑ Contains private keys, cookies, etc.

中文： Heartbleed 漏洞因 OpenSSL 未检查声明的 payload 长度与实际长度是否一致，攻击者通过伪造大长度的请求可获取服务器内存中的敏感数据（私钥、Cookie 等），且难以被服务器察觉。受影响版本：OpenSSL 1.0.1 ~ 1.0.1f。

Summary Table: Network Attack Defences / 网络攻击防御汇总

Attack / 攻击	Defence / 防御
Eavesdropping / 窃听	TLS/HTTPS encryption + cipher suites with forward secrecy / 使用支持前向保密的 TLS 加密
SSL Strip / SSL 剥离	HSTS + HSTS Preload List / HSTS 及预加载列表
Rogue Certificate / 流氓证书	Certificate Transparency (CT) + HPKP (deprecated) / 证书透明度
Heartbleed / 心脏出血	Update OpenSSL to patched version / 升级 OpenSSL 至修复版本
MitM (general) / 中间人（通用）	Mutual authentication + encrypted channel / 双向认证 + 加密信道

Notes compiled from: CSIT328 Web Security Lecture 1 — Introduction & Lecture 2 — Attacks on the Network (April 2026) 笔记整理自：CSIT328 网络安全第1讲 — 简介 & 第2讲 — 网络攻击（2026年4月）