anninhmangk13mtt-1226419598367568-8

5/22/2018 anninhmangk13mtt-1226419598367568-8

1/204

Nguyn i Th An ninh Mng 1

AN NINH MNG

TS. Nguyn i ThB mn Mng & Truyn thng My tnh

Khoa Cng ngh Thng [email protected]

Nm hc 2007-2008

I HC QUC GIA H NI

TRNG I HC CNG NGH

5/22/2018 anninhmangk13mtt-1226419598367568-8

2/204


Chng 1

Gii thiu

5/22/2018 anninhmangk13mtt-1226419598367568-8

3/204


Bi cnh

Nhu cu m bo an ninh thng tin c nhngbin i ln Trc y

Ch cn cc phng tin vt l v hnh chnh

T khi c my tnh Cn cc cng c t ng bo v tp tin v cc thng tin khc

lu tr trong my tnh

T khi c cc phng tin truyn thng v mng Cn cc bin php bo v d liu truyn trn mng

5/22/2018 anninhmangk13mtt-1226419598367568-8

4/204


Cc khi nim

An ninh thng tin Lin quan n cc yu t ti nguyn, nguy c, hnh

ng tn cng, yu im, v iu khin An ninh my tnh

Cc cng c bo v d liu v phng chng tin tc An ninh mng

Cc bin php bo v d liu truyn trn mng

An ninh lin mng Cc bin php bo v d liu truyn trn mt tp hpcc mng kt ni vi nhau

5/22/2018 anninhmangk13mtt-1226419598367568-8

5/204


Mc tiu mn hc

Ch trng an ninh lin mng Nghin cu cc bin php ngn cn, phng

chng, pht hin v khc phc cc vi phm anninh lin quan n truyn ti thng tin

5/22/2018 anninhmangk13mtt-1226419598367568-8

6/204


m bo an ninh thng tin

thc hin c hiu qu cn ra mt phngthc chung cho vic xc nh cc nhu cu v anninh thng tin

Phng thc a ra s xt theo 3 mt Hnh ng tn cng C ch an ninh Dch v an ninh

5/22/2018 anninhmangk13mtt-1226419598367568-8

7/204


Dch v an ninh

L mt dch v nng cao an ninh ca cc hthng x l thng tin v cc cuc truyn d liutrong mt t chc

Nhm phng chng cc hnh ng tn cng

S dng mt hay nhiu c ch an ninh C cc chc nng tng t nh m bo an

ninh ti liu vt l

Mt s c trng ca ti liu in t khin viccung cp cc chc nng m bo an ninh khkhn hn

5/22/2018 anninhmangk13mtt-1226419598367568-8

8/204


C ch an ninh

L c ch nh ra pht hin, ngn nga vkhc phc mt hnh ng tn cng Khng mt c ch n l no c th h tr tt c

cc chc nng m bo an ninh thng tin C mt yu t c bit hu thun nhiu c ch

an ninh s dng hin nay l cc k thut mt m Mn hc s ch trng lnh vc mt m

5/22/2018 anninhmangk13mtt-1226419598367568-8

9/204


Hnh ng tn cng

L hnh ng ph hoi an ninh thng tin camt t chc

An ninh thng tin l nhng cch thc ngn nga

cc hnh ng tn cng, nu khng c thpht hin v khc phc hu qu Cc hnh ng tn cng c nhiu v a dng Ch cn tp trung vo nhng th loi chung nht Lu : nguy c tn cng v hnh ng tn cng

thng c dng ng ngha vi nhau

5/22/2018 anninhmangk13mtt-1226419598367568-8

10/204


Kin trc an ninh OSI

Kin trc an ninh cho OSI theo khuyn nghX.800 ca ITU-T

nh ra mt phng thc chung cho vic xc

nh cc nhu cu v an ninh thng tin Cung cp mt ci nhn tng quan v cc khinim mn hc s cp n

Ch trng n cc dch v an ninh, cc c chan ninh v cc hnh ng tn cng

5/22/2018 anninhmangk13mtt-1226419598367568-8

11/204


Cc dch v an ninh

Theo X.800 Dch v an ninh l dch v cung cp bi mt tng giaothc ca cc h thng m kt ni nhm m bo anninh cho cc h thng v cc cuc truyn d liu

C 5 loi hnh Theo RFC 2828

Dch v an ninh l dch v x l hoc truyn thngcung cp bi mt h thng bo v ti nguyn theo

mt cch thc nht nh

5/22/2018 anninhmangk13mtt-1226419598367568-8

12/204


Cc dch v an ninh X.800

Xc thc m bo thc th truyn thng ng l n iu khin truy nhp

Ngn khng cho s dng tri php ti nguyn

Bo mt d liu Bo v d liu khi b tit l tri php

Ton vn d liu

m bo nhn d liu ng nh khi gi Chng chi b

Ngn khng cho bn lin quan ph nhn hnh ng

5/22/2018 anninhmangk13mtt-1226419598367568-8

13/204


Cc c ch an ninh X.800

Cc c ch an ninh chuyn dng M ha, ch k s, iu khin truy nhp, ton vn dliu, trao i xc thc, n tin truyn, iu khin nhtuyn, cng chng

Cc c ch an ninh ph qut Tnh nng ng tin, nhn an ninh, pht hin s kin,

du vt kim tra an ninh, khi phc an ninh

5/22/2018 anninhmangk13mtt-1226419598367568-8

14/204


Cc hnh ng tn cng

Cc hnh ng tn cng th ng Nghe trm ni dung thng tin truyn ti Gim st v phn tch lung thng tin lu chuyn

Cc hnh ng tn cng ch ng Gi danh mt thc th khc Pht li cc thng bo trc Sa i cc thng bo ang lu chuyn

T chi dch v

5/22/2018 anninhmangk13mtt-1226419598367568-8

15/204


M hnh an ninh mng

Th

ngb

oa

nt

on

Thng tin

b mt

Chuyn ilin quan

n an ninh

Thngb

o

Thngb

o

Thng tin

b mt

Chuyn ilin quan

n an ninh

Th

ngb

oa

nt

on

i th

Bn th ba ng tin

Bn gi Bn nhn

Knh

thng tin

5/22/2018 anninhmangk13mtt-1226419598367568-8

16/204


M hnh an ninh mng

Yu cu Thit k mt gii thut thch hp cho vic chuyn i

lin quan n an ninh To ra thng tin b mt (kha) i km vi gii thut Pht trin cc phng php phn b v chia s thng

tin b mt c t mt giao thc s dng bi hai bn gi v nhn

da trn gii thut an ninh v thng tin b mt, lm cs cho mt dch v an ninh

5/22/2018 anninhmangk13mtt-1226419598367568-8

17/204


M hnh an ninh truy nhp mng

Cc ti nguyn tnh

ton (b x l, b nh,ngoi vi)

D liu

Cc tin trnh

Phn mm

Knh truy nhp

Chc nnggc cng

Cc iu khin an ninhbn trong

i th

- Con ngi

- Phn mm

5/22/2018 anninhmangk13mtt-1226419598367568-8

18/204


M hnh an ninh truy nhp mng

Yu cu La chn cc chc nng gc cng thch hp nhdanh ngi dng

Ci t cc iu khin an ninh m bo ch

nhng ngi dng c php mi c th truy nhpc vo cc thng tin v ti nguyn tng ng

Cc h thng my tnh ng tin cy c th dng ci t m hinh ny

5/22/2018 anninhmangk13mtt-1226419598367568-8

19/204


Chng 2

M HA I XNG

5/22/2018 anninhmangk13mtt-1226419598367568-8

20/204


Hai k thut m ha ch yu M ha i xng

Bn gi v bn nhn s dng chung mt kha Cn gi l

M ha truyn thng M ha kha ring / kha n / kha b mt

L k thut m ha duy nht trc nhng nm 70 Hin vn cn c dng rt ph bin

M ha kha cng khai (bt i xng)

Mi bn s dng mt cp kha Mt kha cng khai + Mt kha ring

Cng b chnh thc nm 1976

5/22/2018 anninhmangk13mtt-1226419598367568-8

21/204


Mt s cch phn loi khc Theo phng thc x l

M ha khi Mi ln x l mt khi nguyn bn v to ra khi bn m tng

ng (chng hn 64 hay 128 bit)

M ha lung X l d liu u vo lin tc (chng hn mi ln 1 bit)

Theo phng thc chuyn i M ha thay th

Chuyn i mi phn t nguyn bn thnh mt phn t bn mtng ng

M ha hon v B tr li v tr cc phn t trong nguyn bn

5/22/2018 anninhmangk13mtt-1226419598367568-8

22/204


M hnh h m ha i xngKha b mt dng chungbi bn gi v bn nhn

Kha b mt dng chungbi bn gi v bn nhn

Gii thut m ha Gii thut gii m

Nguyn bnu vo

Nguyn bnu ra

Bn m

truyn i

M ha

Y = EK(X)

Gii m

X = DK(Y)

5/22/2018 anninhmangk13mtt-1226419598367568-8

23/204


M hnh h m ha i xng

Gm c 5 thnh phn Nguyn bn Gii thut m ha Kha b mt

Bn m Gii thut gii m

An ninh ph thuc vo s b mt ca kha,

khng ph thuc vo s b mt ca gii thut

5/22/2018 anninhmangk13mtt-1226419598367568-8

24/204


Ph m

L n lc gii m vn bn c m hakhng bit trc kha b mt C hai phng php ph m

Vt cn

Th tt c cc kha c th Thm m

Khai thc nhng nhc im ca gii thut Da trn nhng c trng chung ca nguyn bn hoc mt

s cp nguyn bn - bn m mu

5/22/2018 anninhmangk13mtt-1226419598367568-8

25/204


V l thuyt c th th tt c cc gi tr kha chon khi tm thy nguyn bn t bn m Da trn gi thit c th nhn bit c nguyn

bn cn tm

Tnh trung bnh cn th mt na tng s cctrng hp c th

Thc t khng kh khi nu di kha ln

Phng php ph m vt cn

5/22/2018 anninhmangk13mtt-1226419598367568-8

26/204


Thi gian tm kim trung bnh

Kch thckha (bit)

S lng kha Thi gian cn thit(1 gii m/s)

Thi gian cn thit(106gii m/s)

32

56

128168

26 k t(hon v)

232= 4,3 x 109

256= 7,2 x 1016

2128

= 3,4 x 1038

2168= 3,7 x 1050

26! = 4 x 1026

231s = 35,8 pht255s = 1142 nm

2127

s = 5,4 x 1024

nm2167s = 5,9 x 1036nm2 x 1026s =

6,4 x 1012nm

2,15 ms

10,01 gi

5,4 x 1018

nm5,9 x 1030nm6,4 x 106nm

Tui v tr : ~ 1010nmKha DES di 56 bitKha AES di 128+ bitKha 3DES di 168 bit

5/22/2018 anninhmangk13mtt-1226419598367568-8

27/204


Cc k thut thm m Ch c bn m

Ch bit gii thut m ha v bn m hin c

Bit nguyn bn Bit thm mt s cp nguyn bn - bn m

Chn nguyn bn Chn 1 nguyn bn, bit bn m tng ng

Chn bn m

Chn 1 bn m, bit nguyn bn tng ng Chn vn bn Kt hp chn nguyn bn v chn bn m

5/22/2018 anninhmangk13mtt-1226419598367568-8

28/204


An ninh h m ha An ninh v iu kin

Bn m khng cha thng tin xc nh duy nhtnguyn bn tng ng, bt k vi s lng baonhiu v tc my tnh th no

Ch h m ha n mt ln l an ninh v iu kin

An ninh tnh ton Tha mn mt trong hai iu kin

Chi ph ph m vt qu gi tr thng tin Thi gian ph m vt qu tui th thng tin

Thc t tha mn hai iu kin Khng c nhc im Kha c qu nhiu gi tr khng th th ht

5/22/2018 anninhmangk13mtt-1226419598367568-8

29/204


M ha thay th c in

Cc ch ci ca nguyn bn c thay th bicc ch ci khc, hoc cc s, hoc cc k hiu Nu nguyn bn c coi nh mt chui bit th

thay th cc mu bit trong nguyn bn bng ccmu bit ca bn m

5/22/2018 anninhmangk13mtt-1226419598367568-8

30/204


H m ha Caesar L h m ha thay th xut hin sm nht v

n gin nht S dng u tin bi Julius Caesar vo mc ch

qun s

Dch chuyn xoay vng theo th t ch ci Kha k l s bc dch chuyn Vi mi ch ci ca vn bn

t p = 0 nu ch ci l a, p = 1 nu ch ci l b,...

M ha : C = E(p) = (p + k) mod 26 Gii m : p = D(C) = (C - k) mod 26

V d : M ha "meet me after class" vi k = 3

5/22/2018 anninhmangk13mtt-1226419598367568-8

31/204


Ph m h m ha Caesar

Phng php vt cn Kha ch l mt ch ci (hay mt s gia 1 v 25) Th tt c 25 kha c th D dng thc hin

Ba yu t quan trng Bit trc cc gii thut m ha v gii m Ch c 25 kha th

Bit v c th d dng nhn ra c ngn ng canguyn bn

V d : Ph m "GCUA VQ DTGCM"

5/22/2018 anninhmangk13mtt-1226419598367568-8

32/204


H m ha n bng

Thay mt ch ci ny bng mt ch ci khctheo trt t bt k sao cho mi ch ci ch c mtthay th duy nht v ngc li

Kha di 26 ch ci

V d Kha

a b c d e f g h i j k l m n o p q r s t u v w x y z

M N B V C X Z A S D F G H J K L P O I U Y T R E W Q

Nguyn bni love you

5/22/2018 anninhmangk13mtt-1226419598367568-8

33/204


Ph m h m ha n bng

Phng php vt cn

Kha di 26 k t S lng kha c th = 26! = 4 x 1026

Rt kh thc hin

Khai thc nhng nhc im ca gii thut Bit r tn s cc ch ci ting Anh

C th suy ra cc cp ch ci nguyn bn - ch ci bn m V d : ch ci xut hin nhiu nht c th tng ng vi 'e'

C th nhn ra cc b i v b ba ch ci V d b i : 'th', 'an', 'ed' V d b ba : 'ing', 'the', 'est'

5/22/2018 anninhmangk13mtt-1226419598367568-8

34/204


Cc tn s ch ci ting Anh

Tns

tng

i(%)

5/22/2018 anninhmangk13mtt-1226419598367568-8

35/204


V d ph m h n bng Cho bn m

UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX

EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Tnh tn s ch ci tng i on P l e, Z l t on ZW l th v ZWP l the Tip tc on v th, cui cng c

it was disclosed yesterday that several informal butdirect contacts have been made with political

representatives of the viet cong in moscow

5/22/2018 anninhmangk13mtt-1226419598367568-8

36/204


H m ha Playfair (1) L mt h m ha nhiu ch

Gim bt tng quan cu trc gia bn m vnguyn bn bng cch m ha ng thi nhiu chci ca nguyn bn

Pht minh bi Charles Wheatstone vo nm1854, ly tn ngi bn Baron Playfair

S dng 1 ma trn ch ci 5x5 xy dng trnc s 1 t kha

in cc ch ci ca t kha (b cc ch trng) in nt ma trn vi cc ch khc ca bng ch ci I v J chim cng mt ca ma trn

5/22/2018 anninhmangk13mtt-1226419598367568-8

37/204


H m ha Playfair (2) V d ma trn vi t kha MONARCHY

M O N A R

C H Y B D

E F G I/J K

L P Q S T

U V W X Z M ha 2 ch ci mt lc

Nu 2 ch ging nhau, tch ra bi 1 ch in thm Nu 2 ch nm cng hng, thay bi cc ch bn phi

Nu 2 ch nm cng ct, thay bi cc ch bn di Cc trng hp khc, mi ch ci c thay bi ch

ci khc cng hng, trn ct ch ci cng cp

5/22/2018 anninhmangk13mtt-1226419598367568-8

38/204


Ph m h m ha Playfair An ninh m bo hn nhiu h m ha n ch C 26 x 26 = 676 cp ch ci

Vic gii m tng cp kh khn hn Cn phn tch 676 tn s xut hin thay v 26

Tng c qun i Anh, M s dng rng ri Bn m vn cn lu li nhiu cu trc ca

nguyn bn

Vn c th ph m c v ch c vi trm cpch ci cn gii m

5/22/2018 anninhmangk13mtt-1226419598367568-8

39/204


H m ha Vigenre L mt h m ha a bng

S dng nhiu bng m ha Kha gip chn bng tng ng vi mi ch ci

Kt hp 26 h Ceasar (bc dch chuyn 0 - 25)

Kha K = k1k2...kdgm d ch ci s dng lp i lp livi cc ch ci ca vn bn Ch ci th i tng ng vi h Ceasar bc chuyn i

V d

Kha : deceptivedeceptivedeceptive Nguyn bn : wearediscoveredsaveyourself Bn m : ZICVTWQNGRZGVTWAVZHCQYGLMGJ

5/22/2018 anninhmangk13mtt-1226419598367568-8

40/204


Ph m h m ha Vigenre

Phng php vt cn

Kh thc hin, nht l nu kha gm nhiu ch ci

Khai thc nhng nhc im ca gii thut Cu trc ca nguyn bn c che y tt hn h

Playfair nhng khng hon ton bin mt Ch vic tm di kha sau ph m tng h Ceasar Cch tm di kha

Nu di kha nh so vi di vn bn, c th pht hin 1

dy vn bn lp li nhiu ln Khong cch gia 2 dy vn bn lp l 1 bi s ca di kha T suy ra di kha

H h kh

5/22/2018 anninhmangk13mtt-1226419598367568-8

41/204


H m ha kha t ng Vigenre xut t kha khng lp li m c

gn vo u nguyn bn Nu bit t kha s gii m c cc ch ci u tin S dng cc ch ci ny lm kha gii m cc ch

cc tip theo,...

V d : Kha : deceptivewearediscoveredsav nguyn bn : wearediscoveredsaveyourself

M ha : ZICVTWQNGKZEIIGASXSTSLVVWLA Vn c th s dng k thut thng k ph m

Kha v nguyn bn c cng tn s cc ch ci

5/22/2018 anninhmangk13mtt-1226419598367568-8

42/204

Nguyn i Th

An ninh Mng 42

n mt ln L h m ha thay th khng th ph c xut bi Joseph Mauborgne Kha ngu nhin, di bng di vn bn,

ch s dng mt ln

Gia nguyn bn v bn m khng c bt kquan h no v thng k

Vi bt k nguyn bn v bn m no cng tn

ti mt kha tng ng Kh khn vic to kha v m bo phn phikha an ninh

5/22/2018 anninhmangk13mtt-1226419598367568-8

43/204

Nguyn i Th

An ninh Mng 43

M ha hon v c in

Che y ni dung vn bn bng cch sp xp litrt t cc ch ci Khng thay i cc ch ci ca nguyn bn Bn m c tn s xut hin cc ch ci ging nh

nguyn bn

H h h

5/22/2018 anninhmangk13mtt-1226419598367568-8

44/204

Nguyn i Th

An ninh Mng 44

H m ha hng ro Vit cc ch ci theo ng cho trn mt s

hng nht nh Sau c theo tng hng mt V d

Nguyn bn : attack at midnight M ha vi cao hng ro l 2

a t c a m d i h

t a k t i n g t

Bn m : ATCAMDIHTAKTINGT

H h h

5/22/2018 anninhmangk13mtt-1226419598367568-8

45/204

Nguyn i Th

An ninh Mng 45

H m ha hng Vit cc ch ci theo hng vo 1 s ct nht nh

Sau hon v cc ct trc khi c theo ct Kha l th t c cc ct V d

Kha : 4 3 1 2 5 6 7 Nguyn bn : a t t a c k p

o s t p o n e

d u n t i l t

w o a m x y z Bn m :

TTNAAPTMTSUOAODWCOIXKNLYPETZ

M h t h h

5/22/2018 anninhmangk13mtt-1226419598367568-8

46/204

Nguyn i Th

An ninh Mng 46

M ha tch hp Cc h m ha thay th v hon v khng an ton

v nhng c im ca ngn ng Kt hp s dng nhiu h m ha s khin vic

ph m kh hn

Hai thay th to nn mt thay th phc tp hn Hai hon v to nn mt hon v phc tp hn Mt thay th vi mt hon v to nn mt h m ha

phc tp hn nhiu

L cu ni t cc h m ha c in n cc hm ha hin i

M h khi

5/22/2018 anninhmangk13mtt-1226419598367568-8

47/204

Nguyn i Th

An ninh Mng 47

M ha khi So vi m ha lung

M ha khi x l thng bo theo tng khi M ha lung x l thng bo 1 bit hoc 1 byte mi ln

Ging nh thay th cc k t rt ln (64 bit) Bng m ha gm 2nu vo (n l di khi) Mi khi u vo ng vi mt khi m ha duy nht

Tnh thun nghch

di kha l n x 2nbit qu ln

Xy dng t cc khi nh hn Hu ht cc h m ha khi i xng da trn cutrc h m ha Feistel

5/22/2018 anninhmangk13mtt-1226419598367568-8

48/204

Nguyn i Th

An ninh Mng 48

Mng S-P Mng thay th (S) - hon v (P) xut bi Claude

Shannon vo nm 1949 L c s ca cc h m ha khi hin i Da trn 2 php m ha c in

Php thay th : Hp S Php hon v : Hp P

an xen cc chc nng Khuch tn : Hp P (kt hp vi hp S)

Pht ta cu trc thng k ca nguyn bn khp bn m

Gy ln : Hp S Lm phc tp ha mi quan h gia bn m v kha

5/22/2018 anninhmangk13mtt-1226419598367568-8

49/204

Nguyn i Th

An ninh Mng 49

Hp S

0123

4567

u vo

3 bit

0

1

0

0123

4567

1

1

0

u ra3 bit

Lu : Hp S c tnh thun nghch

5/22/2018 anninhmangk13mtt-1226419598367568-8

50/204


Hp P

Lu : Hp P c tnh thun nghch

u vo

4 bit

11

0

1

10

1

1

11

0

1

10

1

1

M h F i t l

5/22/2018 anninhmangk13mtt-1226419598367568-8

51/204


M ha Feistel xut bi Horst Feistel da trn khi nim h

m ha tch hp thun nghch ca Shannon Phn mi khi di 2w bit thnh 2 na L0v R0 X l qua n vng

Chia kha K thnh n kha con K1, K2,..., Kn Ti mi vng i

Thc hin thay th na bn tri Li-1bng cch XORn vi F(Ki, Ri-1)

F thng gi l hm chuyn i hay hm vng Hon v hai na Liv Ri

N b (2 bit)

5/22/2018 anninhmangk13mtt-1226419598367568-8

52/204


Nguyn bn (2w bit)

w bit w bitL0 R0

Vng 1

K1

L1 R1

F+

Kn

Ln Rn

F+Vng n. . .

. . .

Ln+1 Rn+1

Bn m (2w bit)

Cc c trng h Feistel

5/22/2018 anninhmangk13mtt-1226419598367568-8

53/204


Cc c trng h Feistel di khi

Khi cng ln cng an ninh (thng 64 bit) di kha

Kha cng di cng an ninh (thng 128 bit)

S vng Cng nhiu vng cng an ninh (thng 16 vng)

Gii thut sinh m con Cng phc tp cng kh ph m

Hm vng Cng phc tp cng kh ph m

nh hng n ci t v phn tch

Gii F i t l

5/22/2018 anninhmangk13mtt-1226419598367568-8

54/204


Gii m Feistel Ging gii thut m ha, ch khc

Bn m l d liu u vo Cc kha con c dng theo th t ngc li

Ti mi vng kt qu u ra chnh l cc d liu

u vo ca qu trnh m ha i vi qu trnh m ha Li= Ri-1 Ri= Li-1F(Ri-1, Ki)

i vi qu trnh gii m Ri-1= Li Li-1= RiF(Li, Ki)

Ch h d li

5/22/2018 anninhmangk13mtt-1226419598367568-8

55/204


Chun m ha d liu DES (Data Encryption Standard) c cng nhn

chun nm 1977 Phng thc m ha c s dng rng ri nht Tn gii thut l DEA (Data Encryption Algorithm)

L mt bin th ca h m ha Feistel, b xungthm cc hon v u v cui

Kch thc khi : 64 bit

Kch thc kha : 56 bit S vng : 16 Tng gy nhiu tranh ci v an ninh

Gii thut m ha DES

5/22/2018 anninhmangk13mtt-1226419598367568-8

56/204


Gii thut m ha DESNguyn bn (64 bit)

giao hon thun

vng 1K1

vng 2K2

vng nKn

giao hon nghch

Bn m (64 bit)

hon i 32 bit

Kha 56 bit

. . .

giao hon

dch vng trigiao hon

dch vng trigiao hon

dch vng trigiao hon

. . .

Mt vng DES

5/22/2018 anninhmangk13mtt-1226419598367568-8

57/204


Mt vng DES

Li-1

m rng g/hon

hp S

giao hon

Ri-1

x Ki

xLi Ri

--- 48 bit

--- 48 bit

--- 32 bit

--- 32 bit

Ph DES

5/22/2018 anninhmangk13mtt-1226419598367568-8

58/204


Ph m DES Kha 56 bit c 256= 7,2 x 1016gi tr c th Phng php vt cn t ra khng thc t Tc tnh ton cao c th ph c kha

1997 : 70000 my tnh ph m DES trong 96 ngy

1998 : Electronic Frontier Foundation (EFF) ph mDES bng my chuyn dng (250000$) trong < 3 ngy

1999 : 100000 my tnh ph m trong 22 gi

Vn cn phi nhn bit c nguyn bn Thc t DES vn c s dng khng c vn Nu cn an ninh hn : 3DES hay chun mi AES

H h 3DES

5/22/2018 anninhmangk13mtt-1226419598367568-8

59/204


H m ha 3DES S dng 3 kha v chy 3 ln gii thut DES

M ha : C = EK3[DK2[EK1[p]]] Gii m : p = DK1[EK2[DK3[C]]]

di kha thc t l 168 bit

Khng tn ti K4= 56 sao cho C = EK4(p) V sao 3 ln : trnh tn cng "gp nhau gia"

C = EK2(EK1(p)) X = EK1(p) = DK2(C) Nu bit mt cp (p, C)

M ha p vi 256kha v gii m C vi 256kha So snh tm ra K1v K2tng ng Kim tra li vi 1 cp (p, C) mi; nu OK th K1v K2l kha

Ch h ti ti

5/22/2018 anninhmangk13mtt-1226419598367568-8

60/204


Chun m ha tin tin AES (Advanced Encryption Standard) c cng

nhn chun mi nm 2001 Tn gii thut l Rijndael (Rijmen + Daemen) An ninh hn v nhanh hn 3DES

Kch thc khi : 128 bit Kch thc kha : 128/192/256 bit S vng : 10/12/14

Cu trc mng S-P, nhng khng theo h Feistel Khng chia mi khi lm i

C h h khi kh (1)

5/22/2018 anninhmangk13mtt-1226419598367568-8

61/204


Cc h m ha khi khc (1) IDEA (International Data Encryption Algorithm)

Khi 64 bit, kha 128 bit, 8 vng Theo cu trc mng S-P, nhng khng theo h Feistel

Mi khi chia lm 4

Rt an ninh Bn quyn bi Ascom nhng dng min ph

Blowfish Khi 64 bit, kha 32-448 bit (ngm nh 128 bit), 16 vng

Theo cu trc h Feistel An ninh, kh nhanh v gn nh T do s dng

Cc h m ha khi khc (2)

5/22/2018 anninhmangk13mtt-1226419598367568-8

62/204


Cc h m ha khi khc (2) RC5

Pht trin bi Ron Rivest Khi 32/64/128 bit, kha 0-2040 bit, 0-255 vng n gin, thch hp cc b x l c rng khc nhau Theo cu trc h Feistel

CAST-128 Pht trin bi Carlisle Adams v Stafford Tavares Khi 64 bit, kha 40-128 bit, 12/16 vng

C 3 loi hm vng dng xen k Theo cu trc h Feistel Bn quyn bi Entrust nhng dng min ph

Cc phng thc m ha khi

5/22/2018 anninhmangk13mtt-1226419598367568-8

63/204


Cc phng thc m ha khi ECB (Electronic Codebook)

M ha tng khi ring r CBC (Cipher Block Chaining)

Khi nguyn bn hin thi c XOR vi khi bn mtrc

CFB (Cipher Feedback) M phng m ha lung (n v s bit) s bit m ha trc c a vo thanh ghi u vo hin thi

OFB (Output Feeback) s bit tri u ra trc c a vo thanh ghi u vo hin thi

CTR (Counter) XOR mi khi nguyn bn vi 1 gi tr thanh m m

ha

Phng thc ECB

5/22/2018 anninhmangk13mtt-1226419598367568-8

64/204


Phng thc ECB

M ha

p1

C1

K M ha

p2

C2

K M ha

pN

CN

K...

M ha

Gii m

C1

p1

K Gii m

C2

p2

K Gii m

CN

pN

K...

Gii m

nh gi ECB

5/22/2018 anninhmangk13mtt-1226419598367568-8

65/204


nh gi ECB Nhng khi lp li trong nguyn bn c th thy

c trong bn m Nu thng bo di, c th

Gip phn tch ph m

To c hi thay th hoc b tr li cc khi Nhc im do cc khi c m ha c lp Ch yu dng gi thng bo c t khi

V d gi kha

Phng thc CBC

5/22/2018 anninhmangk13mtt-1226419598367568-8

66/204


Phng thc CBC

M ha

p1

C1

K M ha

C2

K M ha

CN

K...

M ha

Gii m

C1

p1

K Gii m

C2

p2

K Gii m

CN

pN

K...

Gii m

p2 pNIV

CN-1

CN-1IV

nh gi CBC

5/22/2018 anninhmangk13mtt-1226419598367568-8

67/204


nh gi CBC Mi khi m ha ph thuc vo tt c cc khi

nguyn bn trc S lp li cc khi nguyn bn khng th hin trongbn m ha

Thay i trong mi khi nguyn bn nh hng n tt

c cc khi bn m v sau Cn 1 gi tr u IV bn gi v bn nhn u bit Cn c m ha ging kha Nn khc nhau i vi cc thng bo khc nhau

Cn x l c bit khi nguyn bn khng y cui cng Dng m ha d liu ln, xc thc

M ha CFB

5/22/2018 anninhmangk13mtt-1226419598367568-8

68/204


M ha CFB

Thanh ghi dch64-s bit | s bit

M ha

Chns bit

B i64-s bitp1

K

64

64

ss

C1

IVThanh ghi dch64-s bit | s bit

M ha

Chns bit

B i64-s bitp2

K

64

64

ss

C2


M ha

Chns bit

B i64-s bitpM

K

64

64

ss

CM

...

s

CM-1

Gii m CFB

5/22/2018 anninhmangk13mtt-1226419598367568-8

69/204


Gii m CFB


M ha

Chns bit

B i64-s bit

p1

K

64

64

s

s


M ha

Chns bit

B i64-s bit

p2

K

64

64

s sC2


M ha

Chns bit

B i64-s bit

pM

K

64

64

s sCM

...

s

CM-1

C1

nh gi CFB

5/22/2018 anninhmangk13mtt-1226419598367568-8

70/204


nh gi CFB Thch hp khi d liu nhn c theo tng n

v bit hay byte Khng cn n thng bo lm trn khi Cho php s lng bit bt k

K hiu CFB-1, CFB-8, CFB-64,... L phng thc lung ph bin nht Dng gii thut m ha ngay c khi gii m

Li xy ra khi truyn 1 khi m ha s lan rngsang cc khi tip sau

M ha OFB

5/22/2018 anninhmangk13mtt-1226419598367568-8

71/204


M ha OFB


M ha

Chns bit

B i64-s bit

p1

K

64

64

ss

C1


M ha

Chns bit

B i64-s bit

K

64

64


M ha

Chns bit

B i64-s bit

K

64

64

...

s

OM-1

p2 ss

C2

pM ss

CM

Gii m OFB

5/22/2018 anninhmangk13mtt-1226419598367568-8

72/204


Gii m OFB


M ha

Chns bit

B i64-s bit

p1

K

64

64

s

s


M ha

Chns bit

B i64-s bit

K

64

64


M ha

Chns bit

B i64-s bit

K

64

64

...

s

OM-1

C1

p2

sC2

pM

sCM

nh gi OFB

5/22/2018 anninhmangk13mtt-1226419598367568-8

73/204


nh gi OFB Tng t CFB ch khc l phn hi ly t u ra

gii thut m ha, c lp vi thng bo Khng bao gi s dng li cng kha v IV Li truyn 1 khi m ha khng nh hng n

cc khi khc Thng bo d b sa i ni dung Ch nn dng OFB-64

C th tit kim thi gian bng cch thc hingii thut m ha trc khi nhn c d liu

Phng thc CTR

5/22/2018 anninhmangk13mtt-1226419598367568-8

74/204


Phng thc CTR

M ha

M ha

Bin m

p1

K M ha

Bin m + 1

p2

K M ha

Bin m + N - 1

pN

K...

Gii m

C1 C2 CN

M ha

Bin m

C1

K M ha

Bin m + 1

C2

K M ha

Bin m + N - 1

CN

K

...p1 p2 pN

nh gi CTR

5/22/2018 anninhmangk13mtt-1226419598367568-8

75/204


nh gi CTR Hiu qu cao

C th thc hin m ha (hoc gii m) song song C th thc hin gii thut m ha trc nu cn

C th x l bt k khi no trc cc khi khc

An ninh khng km g cc phng thc khc n gin, ch cn ci t gii thut m ha,

khng cn n gii thut gii m

Khng bao gi s dng li cng gi tr kha vbin m (tng t OFB)

B tr cng c m ha

5/22/2018 anninhmangk13mtt-1226419598367568-8

76/204


B tr cng c m ha Gii php hu hiu v ph bin nht chng li cc

mi e da n an ninh mng l m ha thc hin m ha, cn xc nh

M ha nhng g

Thc hin m ha u C 2 phng n c bn

M ha lin kt M ha u cui

M ha lin kt

5/22/2018 anninhmangk13mtt-1226419598367568-8

77/204


M ha lin kt Cng c m ha c sp t 2 u ca mi

lin kt c nguy c b tn cng m bo an ninh vic lu chuyn thng tin trn

tt c cc lin kt mng

Cc mng ln cn n rt nhiu cng c m ha Cn cung cp rt nhiu kha Nguy c b tn cng ti mi chuyn mch

Cc gi tin cn c m ha mi khi i vo mtchuyn mch gi c c a ch phn u

Thc hin tng vt l hoc tng lin kt

M ha u cui

5/22/2018 anninhmangk13mtt-1226419598367568-8

78/204


M ha u cui Qu trnh m ha c thc hin 2 h thng

u cui m bo an ninh d liu ngi dng Ch cn mt kha cho 2 u cui

m bo xc thc mc nht nh Mu lu chuyn thng tin khng c bo v

Cc phn u gi tin cn c truyn ti tng minh

Thc hin tng mng tr ln Cng ln cao cng t thng tin cn m ha v cng anninh nhng cng phc tp vi nhiu thc th v kha

Kt hp cc phng n m ha

5/22/2018 anninhmangk13mtt-1226419598367568-8

79/204


Kt hp cc phng n m ha

PSN : Packet-switching nodeCng c m ha u cui

Cng c m ha lin kt

Qun l kha b mt

5/22/2018 anninhmangk13mtt-1226419598367568-8

80/204


Qun l kha b mt Vn i vi m ha i xng l lm sao phn

phi kha an ninh n cc bn truyn tin Thng h thng mt an ninh l do khng qun l tt

vic phn phi kha b mt

Phn cp kha Kha phin (tm thi) Dng m ha d liu trong mt phin kt ni Hy b khi ht phin

Kha ch (lu di) Dng m ha cc kha phin, m bo phn phi chngmt cch an ninh

Cc cch phn phi kha

5/22/2018 anninhmangk13mtt-1226419598367568-8

81/204


Cc cch phn phi kha Kha c th c chn bi bn A v gi theo

ng vt l n bn B Kha c th c chn bi mt bn th ba, sau

gi theo ng vt l n A v B

Nu A v B c mt kha dng chung th mtbn c th gi kha mi n bn kia, s dngkha c m ha kha mi

Nu mi bn A v B u c mt knh m han mt bn th ba C th C c th gi kha theocc knh m ha n A v B

Phn phi kha t ng

5/22/2018 anninhmangk13mtt-1226419598367568-8

82/204


Phn phi kha t ng1. Host gi gi tin yu cu kt ni2. FEP m gi tin; hi KDC kha phin3. KDC phn phi kha phin n 2 host4. Gi tin m c truyn i

FEP = Front End Processor

KDC = Key Distribution Center

5/22/2018 anninhmangk13mtt-1226419598367568-8

83/204


Chng 3

MT M KHA CNG KHAI

Gii thiu

5/22/2018 anninhmangk13mtt-1226419598367568-8

84/204


Gii thiu Nhng hn ch ca mt m i xng

Vn phn phi kha Kh m bo chia s m khng lm l kha b mt Trung tm phn phi kha c th b tn cng

Khng thch hp cho ch k s

Bn nhn c th lm gi thng bo ni nhn c t bn gi Mt m kha cng khai xut bi Whitfield

Diffie v Martin Hellman vo nm 1976 Khc phc nhng hn ch ca mt m i xng

C th coi l bc t ph quan trng nht trong lchs ca ngnh mt m

B xung ch khng thay th mt m i xng

c im mt m kha cng khai

5/22/2018 anninhmangk13mtt-1226419598367568-8

85/204


c im mt m kha cng khai Cn gi l mt m hai kha hay bt i xng Cc gii thut kha cng khai s dng 2 kha

Mt kha cng khai Ai cng c th bit Dng m ha thng bo v thm tra ch k

Mt kha ring Ch ni gi c bit Dng gii m thng bo v k (to ra) ch k

C tnh bt i xng Bn m ha khng th gii m thng bo Bn thm tra khng th to ch k

M ha kha cng khai

5/22/2018 anninhmangk13mtt-1226419598367568-8

86/204


M ha kha cng khaiCc kha cng khai

Nguyn bnu vo

Nguyn bnu ra

Bn mtruyn i

Gii thutm ha

Gii thutgii m

Kha cng khai

ca AliceKha ring

ca Alice

Ted

AliceMike

Joy

Xc thc

5/22/2018 anninhmangk13mtt-1226419598367568-8

87/204


Xc thcCc kha cng khai

Nguyn bnu vo

Nguyn bnu ra

Bn mtruyn i

Gii thutm ha

Gii thutgii m

Kha ring

ca BobKha cng khai

ca Bob

Ted

BobMike

Joy

ng dng mt m kha cng khai

5/22/2018 anninhmangk13mtt-1226419598367568-8

88/204


ng dng mt m kha cng khai C th phn ra 3 loi ng dng

M ha/gii m m bo s b mt ca thng tin

Ch k s H tr xc thc vn bn

Trao i kha Cho php chia s kha phin trong m ha i xng

Mt s gii thut kha cng khai thch hp choc 3 loi ng dng; mt s khc ch c th dngcho 1 hay 2 loi

M hnh m bo b mt

5/22/2018 anninhmangk13mtt-1226419598367568-8

89/204


M hnh m bo b mt

Ngunth. bo Gii thut

m ha Gii thutgii m chth. bo

Nguncp kha

K

ph m

Ngun A ch B

M hnh xc thc

5/22/2018 anninhmangk13mtt-1226419598367568-8

90/204


M hnh xc thc

Ngunth. bo Gii thutm ha Gii thutgii m chth. bo

Nguncp kha

K

ph m

Ngun A ch B

M hnh kt hp

5/22/2018 anninhmangk13mtt-1226419598367568-8

91/204


M hnh kt hp

Ngunth. bo

G. thutm ha

G. thutgii m

chth. bo

Nguncp kha

Ngun A ch B

G. thutm ha

G. thutgii m

Nguncp kha

Trao i kha

5/22/2018 anninhmangk13mtt-1226419598367568-8

92/204


Trao i kha

Alice Bob

M ha Gii m

Kha cng khai ca Bob Kha ring ca Bob

Kha ngu nhin Kha ngu nhin

Cc iu kin cn thit

5/22/2018 anninhmangk13mtt-1226419598367568-8

93/204


Cc iu kin cn thit Bn B d dng to ra c cp (KUb, KRb) Bn A d dng to ra c C = EKUb(M) Bn B d dng gii m M = DKRb(C) i th khng th xc nh c KRbkhi bit KUb

i th khng th xc nh c M khi bit KUbv C

Mt trong hai kha c th dng m ha trong khi

kha kia c th dng gii m M = DKRb(EKUb(M)) = DKUb(EKRb(M)) Khng thc s cn thit

H m ha RSA

5/22/2018 anninhmangk13mtt-1226419598367568-8

94/204


H m ha RSA xut bi Ron Rivest, Adi Shamir v Len

Adleman (MIT) vo nm 1977 H m ha kha cng khai ph dng nht M ha khi vi mi khi l mt s nguyn < n

Thng kch c n l 1024 bit 309 ch s thp phn ng k bn quyn nm 1983, ht hn nm 2000 An ninh v chi ph phn tch tha s ca mt s

nguyn ln l rt ln

To kha RSA

5/22/2018 anninhmangk13mtt-1226419598367568-8

95/204


To kha RSA Mi bn t to ra mt cp kha cng khai - kha

ring theo cc bc sau : Chn ngu nhin 2 s nguyn t ln p q Tnh n = pq Tnh (n) = (p-1)(q-1) Chn ngu nhin kha m ha e sao cho 1 < e < (n)

v gcd(e, (n)) = 1

Tm kha gii m d n tha mn e.d 1 mod (n)

Cng b kha m ha cng khai KU = {e, n} Gi b mt kha gii m ring KR = {d, n} Cc gi tr b mt p v q b hy b

Thc hin RSA

5/22/2018 anninhmangk13mtt-1226419598367568-8

96/204


Thc hin RSA

m ha 1 thng bo nguyn bn M, bn githc hin Ly kha cng khai ca bn nhn KU = {e, n} Tnh C = Memod n

gii m bn m C nhn c, bn nhn thchin S dng kha ring KR = {d, n} Tnh M = Cdmod n

Lu l thng bo M phi nh hn n Phn thnh nhiu khi nu cn

V sao RSA kh thi

5/22/2018 anninhmangk13mtt-1226419598367568-8

97/204


Theo nh l Euler

a, n : gcd(a, n) = 1 a(n)mod n = 1 (n) l s cc s nguyn dng nh hn n v nguyn

t cng nhau vi n

i vi RSA c n = pq vi p v q l cc s nguyn t (n) = (p - 1)(q - 1) ed 1 mod (n) s nguyn k : ed = k(n) + 1

M < n C th suy ra Cdmod n = Medmod n = Mk(n) + 1mod n = M mod n = M

V d to kha RSA

5/22/2018 anninhmangk13mtt-1226419598367568-8

98/204


V d to kha RSA

Chn 2 s nguyn t p = 17 v q = 11 Tnh n = pq = 17 11 = 187 Tnh (n) = (p - 1)(q - 1) = 16 10 = 160 Chn e : gcd(e, 160) = 1 v 1 < e < 160; ly e = 7 Xc nh d : de 1 mod 160 v d 187

Gi tr d = 23 v 23 7 = 161 = 1 160 + 1 Cng b kha cng khai KU = {7, 187} Gi b mt kha ring KR = {23, 187}

Hy b cc gi tr b mt p = 17 v q = 11

V d thc hin RSA

5/22/2018 anninhmangk13mtt-1226419598367568-8

99/204


V d thc hin RSA

M ha Gii mNguyn

bnNguyn

bn

Bnm

Chn tham s RSA

5/22/2018 anninhmangk13mtt-1226419598367568-8

100/204


Chn tham s RSA

Cn chn p v q ln

Thng chn e nh Thng c th chn cng gi tr ca e cho tt c

ngi dng

Trc y khuyn ngh gi tr ca e l 3, nhnghin nay c coi l qu nh

Thng chn e = 216- 1 = 65535

Gi tr ca d s ln v kh on

An ninh ca RSA

5/22/2018 anninhmangk13mtt-1226419598367568-8

101/204


An ninh ca RSA Kha 128 bit l mt s gia 1 v mt s rt ln

340.282.366.920.938.000.000.000.000.000.000.000.000

C bao nhiu s nguyn t gia 1 v s ny n / ln(n) = 2128/ ln(2128)

3.835.341.275.459.350.000.000.000.000.000.000.000 Cn bao nhiu thi gian nu mi giy c th tnhc 1012sHn 121,617,874,031,562,000 nm (khong 10 triu ln

tui ca v tr) An ninh nhng cn phng nhng im yu

Ph m RSA

5/22/2018 anninhmangk13mtt-1226419598367568-8

102/204


Phng php vt cn Th tt c cc kha ring c th

Ph thuc vo di kha

Phng php phn tch ton hc

Phn n thnh tch 2 s nguyn t p v q

Xc nh trc tip (n) khng thng qua p v q Xc nh trc tip d khng thng qua (n)

Phng php phn tch thi gian

Da trn vic o thi gian gii m C th ngn nga bng cch lm nhiu

Phn tch tha s RSA

5/22/2018 anninhmangk13mtt-1226419598367568-8

103/204


Phn tch tha s RSA

An ninh ca RSA da trn phc tp ca vicphn tch tha s n Thi gian cn thit phn tch tha s mt s

ln tng theo hm m vi s bit ca s

Mt nhiu nm khi s ch s thp phn ca nvtqu 100 (gi s lm 1 php tnh nh phn mt 1 s)

Kch thc kha ln m bo an ninh cho RSA T 1024 bit tr ln Gn y nht nm 1999 ph m c 512 bit

(155 ch s thp phn)

H trao i kha Diffie-Hellman

5/22/2018 anninhmangk13mtt-1226419598367568-8

104/204


Gii thut mt m kha cng khai u tin xut bi Whitfield Diffie v Martin Hellman

vo nm 1976 Malcolm Williamson (GCHQ -Anh) pht hin trc

my nm nhng n nm 1997 mi cng b Ch dng trao i kha b mt mt cch anninh trn cc kch thng tin khng an ninh

Kha b mt c tnh ton bi c hai bn An ninh ph thuc vo phc tp ca vic tnh

log ri rc

Thit lp Diffie-Hellman

5/22/2018 anninhmangk13mtt-1226419598367568-8

105/204


p Cc bn thng nht vi nhau cc tham s chung

q l mt s nguyn t ln l mt nguyn cn ca q

mod q, 2mod q,..., q-1mod q l cc s nguyn giao honca cc s t 1 n q - 1

Bn A Chn ngu nhin lm kha ring XA< q Tnh kha cng khai YA=

XAmod q

Bn B Chn ngu nhin lm kha ring XB< q Tnh kha cng khai YB=

XBmod q

Trao i kha Diffie-Hellman

5/22/2018 anninhmangk13mtt-1226419598367568-8

106/204


Tnh ton kha b mt

Bn A bit kha ring XAv kha cng khai YBK = YB

XAmod q

Bn B bit kha ring XBv kha cng khai YAK = YA

XBmod q

Chng minhYA

XBmod q = (XAmod q)XBmod q

= XAXBmod q

= XBXA

mod q= (XBmod q)XAmod q

= YBXAmod q

V d Diffie-Hellman

5/22/2018 anninhmangk13mtt-1226419598367568-8

107/204


Alice v Bob mun trao i kha b mt

Cng chn q = 353 v = 3 Chn ngu nhin cc kha ring

Alice chn XA= 97, Bob chn XB= 233

Tnh ton cc kha cng khai YA= 397mod 353 = 40 (Alice) YB= 3233mod 353 = 248 (Bob)

Tnh ton kha b mt chung

K = YBXAmod 353 = 24897mod 353 = 160 (Alice)

K = YAXBmod 353 = 40233mod 353 = 160 (Bob)

Hn ch ca kha cng khai

5/22/2018 anninhmangk13mtt-1226419598367568-8

108/204


g Tc x l

Cc gii thut kha cng khai ch yu dng cc phpnhn chm hn nhiu so vi cc gii thut i xng

Khng thch hp cho m ha thng thng Thng dng trao i kha b mt u phin truyn tin

Tnh xc thc ca kha cng khai Bt c ai cng c th to ra mt kha cng b l

ca mt ngi khc

Chng no vic gi mo cha b pht hin c th cc ni dung cc thng bo gi cho ngi kia Cn m bo nhng ngi ng k kha l ng tin

5/22/2018 anninhmangk13mtt-1226419598367568-8

109/204


Chng 4

XC THC & CH K S

Vn xc thc

5/22/2018 anninhmangk13mtt-1226419598367568-8

110/204


Cc tiu chun cn xc minh

Thng bo c ngun gc r rng chnh xc Ni dung thng bo ton vn khng b thay i Thng bo c gi ng trnh t v thi im

Mc ch chng li hnh thc tn cng chng (xuyn tc d liu v giao tc) Cc phng php xc thc thng bo

M ha thng bo S dng m xc thc thng bo (MAC) S dng hm bm

Xc thc bng cch m ha

5/22/2018 anninhmangk13mtt-1226419598367568-8

111/204


Xc thc bng cch m ha

S dng m ha i xng Thng bo gi t ng ngun v ch c ngi gi mi bit kha b mt dng chung

Ni dung khng th b thay i v nguyn bn c cu

trc nht nh Cc gi tin c nh s th t v m ha nnkhng th thay i trnh t v thi im nhn c

S dng m ha kha cng khai

Khng ch xc thc thng bo m cn to ch k s Phc tp v mt thi gian hn m ha i xng

M xc thc thng bo (MAC)

5/22/2018 anninhmangk13mtt-1226419598367568-8

112/204


Khi kch thc nh c nh gn vo thng bo

to ra t thng bo v kha b mt chung Bn nhn thc hin cng gii thut trn thng bov kha so xem MAC c chnh xc khng

Gii thut to MAC ging nh gii thut m hanhng khng cn nghch c

C th nhiu thng bo cng c chung MAC Nhng nu bit mt thng bo v MAC ca n, rt kh

tm ra mt thng bo khc c cng MAC Cc thng bo c cng xc sut to ra MAC

p ng 3 tiu chun xc thc

Ngun A ch B

5/22/2018 anninhmangk13mtt-1226419598367568-8

113/204


a) Xc thc thng bo

b) Xc thc thng bo v bo mt; MAC gn vo nguyn bn

c) Xc thc thng bo v bo mt; MAC gn vo bn m

So snh

So snh

So snh

V sao dng MAC

5/22/2018 anninhmangk13mtt-1226419598367568-8

114/204


g Nhiu trng hp ch cn xc thc, khng cn

m ha tn thi gian v ti nguyn Thng bo h thng Chng trnh my tnh

Tch ring cc chc nng bo mt v xc thcs khin vic t chc linh hot hn Chng hn mi chc nng thc hin mt tng ring

Cn m bo tnh ton vn ca thng bo trongsut thi gian tn ti khng ch khi lu chuyn V thng bo c th b thay i sau khi gii m

MAC da trn DES (DAC)

5/22/2018 anninhmangk13mtt-1226419598367568-8

115/204


MAC da trn DES (DAC)

M ha M ha M ha M ha

(16 - 64 bits)

Hm bm

5/22/2018 anninhmangk13mtt-1226419598367568-8

116/204


To ra mt gi tr bm c kch thc c nh tthng bo u vo (khng dng kha)h = H(M)

Hm bm khng cn gi b mt

Gi tr bm gn km vi thng bo dng kim tra tnh ton vn ca thng bo

Bt k s thay i M no d nh cng to ra mt

gi tr h khc

Ngun A ch B

5/22/2018 anninhmangk13mtt-1226419598367568-8

117/204


So snh

So snh

So snh

a) Xc thc thng bo v bo mt; m bm gn vo nguyn bn

b) Xc thc thng bo; m bm c m ha s dng phng php i xng

c) Xc thc thng bo; m bm c m ha s dng phng php kha cng khai

Ngun A ch B

5/22/2018 anninhmangk13mtt-1226419598367568-8

118/204


So snh

So snh

So snh

d) Xc thc bng m ha kha cng khai v bo mt bng m ha i xng

e) Xc thc khng cn m ha nh hai bn chia s mt gi tr b mt chung

f) Xc thc nh mt gi tr b mt chung; bo mt bng phng php i xng

Yu cu i vi hm bm

5/22/2018 anninhmangk13mtt-1226419598367568-8

119/204


C th p dng vi thng bo M c di bt k To ra gi tr bm h c di c nh H(M) d dng tnh c vi bt k M no

T h rt kh tm c M sao cho H(M) = h

Tnh mt chiu

T M1rt kh tm c M2sao cho H(M2) = H(M1) Tnh chng xung t yu

Rt kh tm c (M1, M2) sao cho H(M1) = H(M2) Tnh chng xung t mnh

Cc hm bm n gin

5/22/2018 anninhmangk13mtt-1226419598367568-8

120/204


16 bit

XOR dch vng tri 1 bit XOR mi khi 16 bit

Kiu tn cng ngy sinh

5/22/2018 anninhmangk13mtt-1226419598367568-8

121/204


g g y Nghch l ngy sinh

Trong 23 ngi, xc sut tm ra 1 ngi khc c cngngy sinh vi A l 6%

Xc sut 2 trong 23 ngi c cng ngy sinh l 50%

Cch thc tn cng m bm m bit To ra 2m/2bin th ng ngha ca thng bo hp l To ra 2m/2bin th ca thng bo gi mo So snh 2 tp thng bo vi nhau tm ra 1 cp c cng

m bm (xc sut > 0,5 theo nghch l ngy sinh) ngi gi k bin th hp l, ri dng ch k gn

vo bin th gi mo

An ninh hm bm v MAC

5/22/2018 anninhmangk13mtt-1226419598367568-8

122/204


Kiu tn cng vt cn

Vi hm bm, n lc ph thuc di m ca m bm phc tp ca tnh mt chiu v tnh chng xung t yu

l 2m; ca tnh chng xung t mnh l 2m/2

128 bit c th ph c, thng dng 160 bit

Vi MAC, n lc ph thuc vo di k ca kha v di n ca MAC phc tp l min(2k, 2n) t nht phi l 128 bit

Kiu thm m Hm bm thng gm nhiu vng nh m ha khinn c th tp trung khai thc im yu hm vng

Ch k s

5/22/2018 anninhmangk13mtt-1226419598367568-8

123/204


Xc thc thng bo khng c tc dng khi bngi v bn nhn mun gy hi cho nhau Bn nhn gi mo thng bo ca bn gi Bn gi chi l gi thng bo n bn nhn

Ch k s khng nhng gip xc thc thng bom cn bo v mi bn khi bn kia Chc nng ch k s

Xc minh tc gi v thi im k thng bo

Xc thc ni dung thng bo L cn c gii quyt tranh chp

Yu cu i vi ch k s

5/22/2018 anninhmangk13mtt-1226419598367568-8

124/204


Ph thuc vo thng bo c k

C s dng thng tin ring ca ngi gi trnh gi mo v chi b

Tng i d to ra

Tng i d nhn bit v kim tra Rt kh gi mo

Bng cch to thng bo khc c cng ch k s

Bng cch to ch k s theo mun cho thng bo Thun tin trong vic lu tr

Ch k s trc tip

5/22/2018 anninhmangk13mtt-1226419598367568-8

125/204


Ch lin quan n bn gi v bn nhn

Vi mt m kha cng khai Dng kha ring k ton b thng bo hoc gi tr bm C th m ha s dng kha cng khai ca bn nhn

Quan trng l k trc m ha sau

Ch c tc dng khi kha ring ca bn gi cm bo an ninh Bn gi c th gi v mt kha ring

Cn b xung thng tin thi gian v bo mt kha kp thi Kha ring c th b mt tht

K cp c th gi thng bo vi thng tin thi gian sai lch

Ch k s gin tip

5/22/2018 anninhmangk13mtt-1226419598367568-8

126/204


C s tham gia ca mt bn trng ti Nhn thng bo c ch k s t bn gi, kim tra

tnh hp l ca n B xung thng tin thi gian v gi n bn nhn

An ninh ph thuc ch yu vo bn trng ti Cn c bn gi v bn nhn tin tng C th ci t vi m ha i xng hoc m

ha kha cng khai

Bn trng ti c th c php nhn thy hockhng ni dung thng bo

Cc k thut ch k s gin tip

5/22/2018 anninhmangk13mtt-1226419598367568-8

127/204


(a) M ha i xng, trng ti thy thng bo

(1) X A : M EKXA[IDX H(M)](2) A Y : EKAY[IDX M EKXA[IDX H(M)] T]

(b) M ha i xng, trng ti khng thy thng bo(1) X A : IDX EK

XY

[M] EKXA

[IDX H(EKXY

[M])]

(2) A Y : EKAY[IDX EKXY[M] EKXA[IDX H(EKXY[M])] T]

(c) M ha kha cng khai, trng ti khng thy thng bo(1) X A : IDX EKRX[IDX EKUY[EKRX[M]]](2) A Y : EKRA[IDX EKUY[EKRX[M]] T]

K hiu : X = Bn gi M = Thng boY = Bn nhn T = Nhn thi gian

A = Trng ti

5/22/2018 anninhmangk13mtt-1226419598367568-8

128/204


Chng 5

CC NG DNG XC THC

Gii thiu

5/22/2018 anninhmangk13mtt-1226419598367568-8

129/204


Mc ch ca cc ng dng xc thc l h trxc thc v ch k s mc ng dng

Phn lm 2 loi chnh

Da trn m ha i xng

Dch v Kerberos Giao thc Needham-Schroeder

Da trn kha cng khai c chng thc Dch v X.509 H thng PGP

Kerberos

5/22/2018 anninhmangk13mtt-1226419598367568-8

130/204


H thng dch v xc thc pht trin bi MIT

Nhm i ph vi cc him ha sau Ngi dng gi danh l ngi khc Ngi dng thay i a ch mng ca client Ngi dng xem trm thng tin trao i v thc hin

kiu tn cng lp li Bao gm 1 server tp trung c chc nng xc

thc ngi dng v cc server dch v phn tn

Tin cy server tp trung thay v cc client Gii phng chc nng xc thc khi cc server dch vv cc client

K hiu

5/22/2018 anninhmangk13mtt-1226419598367568-8

131/204


C : Client

AS : Server xc thc V : Server dch v IDC: Danh tnh ngi dng trn C IDV: Danh tnh ca V

PC: Mt khu ca ngi dng trn C ADC: a ch mng ca C KV: Kha b mt chia s bi AS v V

: Php ghp

TGS : Server cp th TS : Nhn thi gian

Mt hi thoi xc thc n gin

5/22/2018 anninhmangk13mtt-1226419598367568-8

132/204


Giao thc

(1) C AS : IDC PC IDV(2) AS C : Th(3) C V : IDC Th

Th = EKV[IDC ADC IDV]

Hn ch Mt khu truyn t C n AS khng c bo mt Nu th ch s dng c mt ln th phi cp th

mi cho mi ln truy nhp cng mt dch v

Nu th s dng c nhiu ln th c th b ly cp s dng trc khi ht hn Cn th mi cho mi dch v khc nhau

Hi thoi xc thc Kerberos 4( ) T i i d h th th th

5/22/2018 anninhmangk13mtt-1226419598367568-8

133/204


(a) Trao i vi dch v xc thc : c th cp th(1) C AS : IDC IDtgs TS1(2) AS C : EKC[KC,tgsIDtgs TS2 Hn2 Thtgs]

Thtgs= EKtgs[KC,tgsIDCADC IDtgs TS2 Hn2]

(b) Trao i vi dch v cp th : c th dch v(3) C TGS : IDV Thtgs DuC(4) TGS C : EKC,tgs[KC,VIDV TS4 ThV]

ThV= EKV[KC,VIDCADC IDV TS4 Hn4]DuC= EKC,tgs[IDCADC TS3]

(c) Trao i xc thc client/server : c dch v(5) C V : ThV DuC(6) V C : EKC,V[TS5+ 1]

DuC= EKC,V[IDCADC TS5]

M hnh tng quan Kerberos

5/22/2018 anninhmangk13mtt-1226419598367568-8

134/204


Mi phinngi dng

mt ln

Mi dch vmt ln

Mi phindch vmt ln

AS

TGS

Client

Server

dch v

Phn h Kerberos

5/22/2018 anninhmangk13mtt-1226419598367568-8

135/204


Mt phn h Kerberos bao gm

Mt server Kerberos cha trong CSDL danh tnh vmt khu bm ca cc thnh vin

Mt s ngi dng ng k lm thnh vin Mt s server dch v, mi server c mt kha b mt

ring ch chia s vi server Kerberos Mi phn h Kerberos thng tng ng vi

mt phm vi hnh chnh

Hai phn h c th tng tc vi nhau nu 2server chia s 1 kha b mt v ng k vi nhau iu kin l phi tin tng ln nhau

1

Phn h A

5/22/2018 anninhmangk13mtt-1226419598367568-8

136/204


1

23

4

567

Phn h B

1. Yu cu th cho TGS cc b

2. Th cho TGS cc b

3. Yu cu th cho TGS xa

4. Th cho TGS xa

5. Yu cu th cho server xa

6. Th cho server xa

7. Yu cu dch v xa

Kerberos 5

5/22/2018 anninhmangk13mtt-1226419598367568-8

137/204


Pht trin vo gia nhng nm 1990 (sau

Kerberos 4 vi nm) c t trong RFC 1510 C mt s ci tin so vi phin bn 4

Khc phc nhng khim khuyt ca mi trng Ph thuc gii thut m ha, ph thuc giao thc mng, trt

t byte thng bo khng theo chun, gi tr hn dng th cth qu nh, khng cho php y nhim truy nhp, tng tca phn h da trn qu nhiu quan h tay i

Khc phc nhng thiu st k thut M ha hai ln c mt ln tha, phng thc m ha PCBC

m bo tnh ton vn khng chun d b tn cng, khaphin s dng nhiu ln c th b khai thc tn cng lpli, c th b tn cng mt khu

Dch v xc thc X.509

5/22/2018 anninhmangk13mtt-1226419598367568-8

138/204


Nm trong lot khuyn ngh X.500 ca ITU-T

nhm chun ha dch v th mc Servers phn tn lu gi CSDL thng tin ngi dng

nh ra mt c cu cho dch v xc thc

Danh b cha cc chng thc kha cng khai Mi chng thc bao gm kha cng khai ca ngidng k bi mt bn chuyn trch chng thc ng tin

nh ra cc giao thc xc thc

S dng mt m kha cng khai v ch k s Khng chun ha gii thut nhng khuyn ngh RSA

Khun dng X.509

5/22/2018 anninhmangk13mtt-1226419598367568-8

139/204


Nhn chng thc

5/22/2018 anninhmangk13mtt-1226419598367568-8

140/204


C c kha cng khai ca CA (c quan chng

thc) l c th xc minh c chng thc Ch CA mi c th thay i chng thc Chng thc c th t trong mt th mc cng khai

Cu trc phn cp CA Ngi dng c chng thc bi CA ng k Mi CA c hai loi chng thc

Chng thc thun : Chng thc CA hin ti bi CA cp trn Chng thc nghch : Chng thc CA cp trn bi CA hin ti

Cu trc phn cp CA cho php ngi dng xcminh chng thc bi bt k CA no

Phn cp X.509

5/22/2018 anninhmangk13mtt-1226419598367568-8

141/204


Thu hi chng thc

5/22/2018 anninhmangk13mtt-1226419598367568-8

142/204


Mi chng thc c mt thi hn hp l

C th cn thu hi chng thc trc khi ht hn Kha ring ca ngi dng b tit l Ngi dng khng cn c CA chng thc

Chng thc ca CA b xm phm Mi CA phi duy tr danh sch cc chng thcb thu hi (CRL)

Khi nhn c chng thc, ngi dng phikim tra xem n c trong CRL khng

Cc th tc xc thc

5/22/2018 anninhmangk13mtt-1226419598367568-8

143/204


5/22/2018 anninhmangk13mtt-1226419598367568-8

144/204


Chng 6

AN TON TH IN T

Gii thiu

5/22/2018 anninhmangk13mtt-1226419598367568-8

145/204


Th in t l dch v mng ph dng nht

Hin nay cc thng bo khng c bo mt C th c c ni dung trong qu trnh thng bo di

chuyn trn mng Nhng ngi dng c quyn c th c c ni

dung thng bo trn my ch Thng bo d dng b gi mo bi mt ngi khc Tnh ton vn ca thng bo khng c m bo

Cc gii php xc thc v bo mt thng dng

PGP (Pretty Good Privacy) S/MIME (Secure/Multipurpose Internet Mail Extensions)

PGPD Phil Zi ht t i 1991

5/22/2018 anninhmangk13mtt-1226419598367568-8

146/204


Do Phil Zimmermann pht trin vo nm 1991

Chng trnh min ph, chy trn nhiu mitrng khc nhau (phn cng, h iu hnh) C phin bn thng mi nu cn h tr k thut

Da trn cc gii thut mt m an ninh nht Ch yu ng dng cho th in t v file c lp vi cc t chc chnh ph Bao gm 5 dch v : xc thc, bo mt, nn,

tng thch th in t, phn v ghp Ba dch v sau trong sut i vi ngi dng

Xc thc ca PGP

5/22/2018 anninhmangk13mtt-1226419598367568-8

147/204


Ngun A

ch B

So snh

M = Thng bo gc EP = M ha kha cng khaiH = Hm bm DP = Gii m kha cng khai

= Ghp KRa= Kha ring ca AZ = Nn KUa= Kha cng khai ca AZ-1= Ci nn

Bo mt ca PGP

5/22/2018 anninhmangk13mtt-1226419598367568-8

148/204


Ngun A

ch B

EC = M ha i xng

DC = Gii m i xngKs= Kha phin

Xc thc v bo mt ca PGP

5/22/2018 anninhmangk13mtt-1226419598367568-8

149/204


Ngun A ch B

Nn ca PGPPGP nn thng bo s dng gii thut ZIP

5/22/2018 anninhmangk13mtt-1226419598367568-8

150/204


PGP nn thng bo s dng gii thut ZIP

K trc khi nn Thun tin lu tr v kim tra, nu k sau khi nn th Cn lu phin bn nn vi ch k, hoc Cn nn li thng bo mi ln mun kim tra

Gii thut nn khng cho kt qu duy nht Mi phin bn ci t c tc v t l nn khc nhau Nu k sau khi nn th cc chng trnh PGP cn s dng

cng mt phin bn ca gii thut nn

M ha sau khi nn t d liu s khin vic m ha nhanh hn Thng bo nn kh ph m hn thng bo th

Tng thch th in t ca PGP

5/22/2018 anninhmangk13mtt-1226419598367568-8

151/204


PGP bao gi cng phi gi d liu nh phn

Nhiu h thng th in t ch chp nhn vnbn ASCII (cc k t c c) Th in t vn ch cha vn bn c c

PGP dng gii thut c s 64 chuyn i d liunh phn sang cc k t ASCII c c Mi 3 byte nh phn chuyn thnh 4 k t c c

Hiu ng ph ca vic chuyn i l kch thcthng bo tng ln 33% Nhng c thao tc nn b li

Bng chuyn i c s 64

5/22/2018 anninhmangk13mtt-1226419598367568-8

152/204


Phn v ghp ca PGP

5/22/2018 anninhmangk13mtt-1226419598367568-8

153/204


Cc giao thc th in t thng hn ch di ti a ca thng bo V d thng l 50 KB

PGP phn thng bo qu ln thnh nhiu thng

bo nh Vic phn on thng bo thc hin sau tt c

cc cng on khc

Bn nhn s ghp cc thng bo nh trc khithc hin cc cng on khc

S x l PGP

5/22/2018 anninhmangk13mtt-1226419598367568-8

154/204


Kha phin PGP

5/22/2018 anninhmangk13mtt-1226419598367568-8

155/204


Cn s dng mt kha phin cho mi thng bo di 56 bit vi DES, 128 bit vi CAST-128 v

IDEA, 168 bit vi 3DES

Cch thc sinh kha phin cho CAST-128

S dng chnh CAST-128 theo phng thc CBC

T mt kha 128 bit v 2 khi nguyn bn 64 bit sinhra 2 khi bn m 64 bit to thnh kha phin 128 bit

Hai khi nguyn bn u vo c sinh ngu nhin

da vo chui cc phm g t ngi dng

Kha u vo c sinh t cc khi nguyn bn uvo v kha phin u ra trc

Kha cng khai/kha ring PGP

5/22/2018 anninhmangk13mtt-1226419598367568-8

156/204


Ngi dng c th c nhiu cp kha cngkhai/kha ring Nhu cu thay i cp kha hin thi Giao tip vi nhiu nhm i tc khc nhau

Hn ch lng thng tin m ha vi mi kha nngcao an ton

Cn ch ra kha cng khai no c s dng m ha kha phin

Cn ch ra ch k ca bn gi tng ng vikha cng khai no

nh danh kha cng khai PGP

5/22/2018 anninhmangk13mtt-1226419598367568-8

157/204


ch ra m cng khai no c s dng cth truyn kha cng khai cng vi thng bo Khng hiu qu

Kha cng khai RSA c th di hng trm ch s thp phn

nh danh gn vi mi kha cng khai l 64 bittrng s nh nht ca n ID ca KUa= KUamod 264

Xc sut cao l mi kha cng khai c mt nh danhduy nht

Khun dng thng bo PGP

5/22/2018 anninhmangk13mtt-1226419598367568-8

158/204


Vng kha PGP

5/22/2018 anninhmangk13mtt-1226419598367568-8

159/204


Mi ngi dng PGP c hai vng kha Vng kha ring cha cc cp kha cng khai/kharing ca ngi dng hin thi

C th c ch mc bi nh danh kha cng khai (Key ID)hoc nh danh ngi dng (User ID)

Kha ring c m ha s dng kha l gi tr bm ca mtkhu nhp trc tip t ngi dng

Vng kha cng khai cha cc kha cng khai canhng ngi dng quen bit vi ngi dng hin thi

C th c ch mc bi nh danh kha cng khai hoc nhdanh ngi dng

Cu trc cc vng kha PGP

5/22/2018 anninhmangk13mtt-1226419598367568-8

160/204


S to thng bo PGP

5/22/2018 anninhmangk13mtt-1226419598367568-8

161/204


S nhn thng bo PGP

5/22/2018 anninhmangk13mtt-1226419598367568-8

162/204


Qun l kha PGP

5/22/2018 anninhmangk13mtt-1226419598367568-8

163/204


Thay v da trn cc CA (c quan chng thc),i vi PGP mi ngi dng l mt CA C th k cho nhng ngi dng quen bit trc tip

To nn mt mng li tin cy

Tin cc kha c chnh bn thn k C th tin cc kha nhng ngi dng khc k nuc mt chui cc ch k ti chng

Mi kha c mt ch s tin cy

Cc ngi dng c th thu hi kha ca h

M hnh tin cy PGP (1)

5/22/2018 anninhmangk13mtt-1226419598367568-8

164/204


Vi mi kha cng khai ngi dng n nh tin cy vo ch nhn ca n trong trngOwner trust Gi tr ultimate trustc t ng gn nu kha cng

khai c trong vng kha ring

Gi tr ngi dng c th gn l unknown, untrusted,marginally trusted, hay completely trusted

Gi tr cc trng Signature trustc sao

chp t cc trng Owner trusttng ng Nu khng c th c gn gi tr unknown user

M hnh tin cy PGP (2)

5/22/2018 anninhmangk13mtt-1226419598367568-8

165/204


Xc nh gi tr ca trng Key legitimacy Nu kha cng khai c t nht mt ch k vi gi tr

Signature trustl ultimateth Key legitimacylultimate

Nu khng, Key legitimacyc tnh bng tng ctrng s cc gi tr Signature trust

Cc ch k completely trustedc trng s l 1/X Cc ch k marginally trustedc trng s l 1/Y Xv Yl cc tham s do ngi dng xc nh

Nu tng s t hoc vt ngng 1 th Key legitimacyc gn gi tr complete

V d m hnh tin cy PGP

5/22/2018 anninhmangk13mtt-1226419598367568-8

166/204


Thu hi kha cng khai L do thu hi kha cng khai

5/22/2018 anninhmangk13mtt-1226419598367568-8

167/204


L do thu hi kha cng khai

ch th bit nguyn bn kha ring ch th bit bn m kha ring v mt khu Trnh s dng cng mt kha trong mt thi gian di

Quy trnh thu hi kha cng khai Ch s hu pht hnh chng thc thu hi kha

Cng khun dng nh chng thc bnh thng nhng baogm ch du thu hi kha cng khai

Chng thc c k vi kha ring tng ng kha cng

khai cn thu hi Mau chng pht tn chng thc mt cch rng ri

cc i tc kp thi cp nht vng kha cng khai

S/MIME Nng cp t chun khun dng th in t

5/22/2018 anninhmangk13mtt-1226419598367568-8

168/204


Nng cp t chun khun dng th in t

MIME c thm tnh nng an ninh thng tin MIME khc phc nhng hn ch ca SMTP(Simple Mail Transfer Protocol) Khng truyn c file nh phn (chng trnh, nh,...)

Ch gi c cc k t ASCII 7 bit Khng nhn thng bo vt qu kch thc cho php ...

S/MIME c xu hng tr thnh chun cngnghip s dng trong thng mi v hnh chnh PGP dng cho c nhn

Cc chc nng ca S/MIMEB b d li

5/22/2018 anninhmangk13mtt-1226419598367568-8

169/204


Bao bc d liu M ha ni dung thng bo v cc kha lin quan

K d liu Ch k s to thnh nh m ha thng tin tng hp

thng bo s dng kha ring ca ngi k Thng bo v ch k s c chuyn i c s 64

K v nguyn d liu Ch ch k s c chuyn i c s 64

K v bao bc d liu Kt hp k v bao bc d liu

X l chng thc S/MIME

5/22/2018 anninhmangk13mtt-1226419598367568-8

170/204


S/MIME s dng cc chng thc kha cngkhai theo X.509 v3 Phng thc qun l kha lai ghp gia cu

trc phn cp CA theo ng X.509 v mng li

tin cy ca PGP Mi ngi dng c mt danh sch cc kha ca

bn thn, danh sch cc kha tin cy v danh

sch thu hi chng thc

Chng thc phi c k bi CA tin cy

5/22/2018 anninhmangk13mtt-1226419598367568-8

171/204


Chng 7

AN TON IP

Gii thiu L do cn IPSec

5/22/2018 anninhmangk13mtt-1226419598367568-8

172/204


C nhng vn an ninh cn gii quyt mc thphn tng ng dng c bit cc hnh thc tn cng tng IP rt ph bin nh

gi mo IP, xem trm gi tin

An ninh mc IP s m bo an ninh cho tt c ccng dng

Bao gm nhiu ng dng cha c tnh nng an ninh

Cc c ch an ninh ca IPSec Xc thc Bo mt Qun l kha

Cc ng dng ca IPSecX d i t t I t t

5/22/2018 anninhmangk13mtt-1226419598367568-8

173/204


Xy dng mng ring o an ton trn Internet Tit kim chi ph thit lp v qun l mng ring

Truy nhp t xa an ton thng qua Internet Tit kim chi ph i li

Giao tip an ton vi cc i tc m bo xc thc, bo mt v cung cp c ch traoi kha

Tng cng an ninh thng mi in t H tr thm cho cc giao thc an ninh c sn ca

cc ng dng Web v thng mi in t

Minh ha ng dng IPSec

5/22/2018 anninhmangk13mtt-1226419598367568-8

174/204


ch li ca IPSec

5/22/2018 anninhmangk13mtt-1226419598367568-8

175/204


Ti tng la hoc b nh tuyn, IPSec mbo an ninh cho mi lung thng tin vt bin

Ti tng la, IPSec ngn chn thm nhp triphp t Internet vo

IPSec nm di tng giao vn, do vy trongsut vi cc ng dng IPSec c th trong sut vi ngi dng cui

IPSec c th p dng cho ngi dng n l

IPSec bo v an ninh kin trc nh tuyn

Kin trc an ninh IP c t IPSec kh phc tp

5/22/2018 anninhmangk13mtt-1226419598367568-8

176/204


p p

nh ngha trong nhiu ti liu Bao gm RFC 2401 (tng quan kin trc), RFC 2402(m t m rng xc thc), RFC 2406 (m t m rngm ha), RFC 2408 (c t kh nng trao i kha)

Cc ti liu khc c chia thnh 7 nhm Vic h tr IPSec l bt buc i vi IPv6, ty

chn i vi IPv4 IPSec c ci t nh cc phn u m rng

sau phn u IP Phn u m rng cho xc thc l AH Phn u m rng cho m ha l ESP

Tng quan ti liu IPSec

5/22/2018 anninhmangk13mtt-1226419598367568-8

177/204


Cc dch v IPSec Bao gm

5/22/2018 anninhmangk13mtt-1226419598367568-8

178/204


g

iu khin truy nhp Ton vn phi kt ni Xc thc ngun gc d liu T chi cc gi tin lp

Mt hnh thc ca ton vn th t b phn Bo mt (m ha) Bo mt lung tin hu hn

S dng mt trong hai giao thc Giao thc xc thc (ng vi AH) Giao thc xc thc/m ha (ng vi ESP)

Cc lin kt an ninh Khi nim lin kt an ninh (SA)

5/22/2018 anninhmangk13mtt-1226419598367568-8

179/204


( )

L quan h mt chiu gia bn gi v bn nhn, chobit cc dch v an ninh i vi lung tin lu chuyn

Mi SA c xc nh duy nht bi 3 tham s Ch mc cc tham s an ninh (SPI)

a ch IP ch nh danh giao thc an ninh

Cc tham s khc lu trong CSDL SA (SAD) S th t, cc thng tin AH v ESP, thi hn,...

CSDL chnh sch an ninh (SPD) cho php iuchnh mc p dng IPSec

Phn u xc thc m bo ton vn v xc thc cc gi IP

5/22/2018 anninhmangk13mtt-1226419598367568-8

180/204


m bo ton vn v xc thc cc gi IP

Cho php mt h thng u cui hay mt thit bmng xc thc ngi dng hoc ng dng

Trnh gi mo a ch nh xem xt s th t Chng li hnh thc tn cng lp li

S dng m xc thc thng bo Bn gi v bn nhn phi c mt kha b mt

dng chung

Khun dng AH

5/22/2018 anninhmangk13mtt-1226419598367568-8

181/204


Ch giao vn v ng hm

5/22/2018 anninhmangk13mtt-1226419598367568-8

182/204


Phn u ESP

b b t i d b t l ti

5/22/2018 anninhmangk13mtt-1226419598367568-8

183/204


m bo bo mt ni dung v bo mt lung tinhu hn

C th cung cp cc dch v xc thc ging nhvi AH

Cho php s dng nhiu gii thut m ha,phng thc m ha, v cch n khc nhau DES, 3DES, RC5, IDEA, CAST,... CBC,...

n cho trn kch thc khi, kch thc trng, chedu lu lng lung tin

Khun dng ESP

5/22/2018 anninhmangk13mtt-1226419598367568-8

184/204


Giao vn v ng hm ESP

5/22/2018 anninhmangk13mtt-1226419598367568-8

185/204


Ch giao vn ESP dng m ha v c thc thm chc nng xc thc d liu IP Ch m ha d liu khng m ha phn u D b phn tch lu lng nhng hiu qu

p dng cho truyn ti gia hai im cui Ch ng hm m ha ton b gi tin IP

Phi b xung phn u mi cho mi bc chuyn

p dng cho cc mng ring o, truyn ti thng quacu ni

Kt hp cc lin kt an ninh

Mi SA h th i t t t h i i th

5/22/2018 anninhmangk13mtt-1226419598367568-8

186/204


Mi SA ch c th ci t mt trong hai giao thcAH v ESP

ci t c hai cn kt hp cc SA vi nhau To thnh mt gi lin kt an ninh

C th kt thc ti cc im cui khc nhau hocging nhau

Kt hp theo 2 cch Gn vi giao vn

To ng hm theo nhiu bc Cn xem xt th t xc thc v m ha

V d kt hp cc SA

5/22/2018 anninhmangk13mtt-1226419598367568-8

187/204


Qun l kha C chc nng sn sinh v phn phi kha

5/22/2018 anninhmangk13mtt-1226419598367568-8

188/204


C chc nng sn sinh v phn phi kha

Hai bn giao tip vi nhau ni chung cn 4 kha Mi chiu cn 2 kha: 1 cho AH, 1 cho ESP

Hai ch qun l kha

Th cng Qun tr h thng khai bo cc kha khi thit lp cu hnh Thch hp vi cc mi trng nh v tng i tnh

T ng

Cho php to kha theo yu cu cho cc SA

Thch hp vi cc h phn tn ln c cu hnh lun thay i Gm cc thnh phn Oakley v ISAKMP

Oakley L mt giao thc trao i kha da trn gii

5/22/2018 anninhmangk13mtt-1226419598367568-8

189/204


thut Diffie-Hellman Bao gm mt s ci tin quan trng S dng cookie ngn tn cng gy qu ti

Cookie cn ph thuc vo cc bn giao tip, khng th sinh

ra bi mt bn khc vi bn sinh cookie, c th sinh v kimtra mt cch nhanh chng

H tr vic s dng cc nhm vi cc tham s Diffie-Hellman khc nhau

S dng cc gi tr nonce chng tn cng lp li

Xc thc cc trao i Diffie-Hellman chng tncng ngi gia

ISAKMP

5/22/2018 anninhmangk13mtt-1226419598367568-8

190/204


Vit tt ca Internet Security Association andKey Management Protocol Cung cp mt c cu cho vic qun l kha nh ngha cc th tc v cc khun dng thng

bo cho vic thit lp, tha thun, sa i, vhy b cc lin kt an ninh

c lp vi giao thc trao i kha, gii thut

m ha, v phng php xc thc

Cc khun dng ISAKMP

5/22/2018 anninhmangk13mtt-1226419598367568-8

191/204


5/22/2018 anninhmangk13mtt-1226419598367568-8

192/204


Chng 8

AN TON WEB

Vn an ninh Web (1) Web c s dng rng ri bi cc cng ty, t

5/22/2018 anninhmangk13mtt-1226419598367568-8

193/204


g g g y

chc, v cc c nhn Cc vn c trng i vi an ninh Web Web d b tn cng theo c hai chiu Tn cng Web server s gy tn hi n danh ting

v tin bc ca cng ty Cc phn mm Web thng cha nhiu li an ninh Web server c th b khai thc lm cn c tn

cng vo h thng my tnh ca mt t chc Ngi dng thiu cng c v kin thc i ph vi

cc him ha an ninh

Vn an ninh Web (2) Cc him ha i vi an ninh Web

5/22/2018 anninhmangk13mtt-1226419598367568-8

194/204


Tnh ton vn Tnh bo mt T chi dch v Xc thc

Cc bin php an ninh Web

SSL L mt dch v an ninh tng giao vn

5/22/2018 anninhmangk13mtt-1226419598367568-8

195/204


g g

Do Netscape khi xng Phin bn 3 c cng b di dng bn tho

Internet

Tr thnh chun TLS Phin bn u tin ca TLS SSLv3.1 tng thchngc vi SSLv3

S dng TCP cung cp dch v an ninh t

u cui ti u cui Gm 2 tng giao thc

M hnh phn tng SSL

5/22/2018 anninhmangk13mtt-1226419598367568-8

196/204


Kin trc SSL (1) Kt ni SSL

5/22/2018 anninhmangk13mtt-1226419598367568-8

197/204


Lin kt giao tip t im nt ti im nt Mang tnh nht thi Gn vi mt phin giao tc Cc tham s xc nh trng thi kt ni

Cc s ngu nhin chn bi server v client Kha MAC ca server Kha MAC ca client Kha m ha ca server

Kha m ha client Cc vector khi to Cc s th t

Kin trc SSL (2) Phin SSL

5/22/2018 anninhmangk13mtt-1226419598367568-8

198/204


Phin SSL

Lin kt gia client v server To lp nh giao thc bt tay C th bao gm nhiu kt ni Xc lp mt tp cc tham s an ninh s dng bi tt

c cc kt ni trong phin giao tc nh danh phin Chng thc im nt Phng php nn c t m ha Kha b mt ch C c th tip tc hay khng

Giao thc bn ghi SSL Cung cp cc dch v bo mt v xc thc

5/22/2018 anninhmangk13mtt-1226419598367568-8

199/204


Kha b mt chung do giao thc bt tay xc lp

Khun dng bn ghi SSL

5/22/2018 anninhmangk13mtt-1226419598367568-8

200/204


Giao thc i c t m ha SSL

5/22/2018 anninhmangk13mtt-1226419598367568-8

201/204


Mt trong ba giao thc chuyn dng SSL sdng giao thc bn ghi SSL Ch gm mt thng bo cha mt byte d liu

c gi tr l 1

Khin cho trng thi treo tr thnh trng thihin thi Cp nht c t m ha cho kt ni

Giao thc bo ng SSL Dng chuyn ti cc bo ng lin quan n

5/22/2018 anninhmangk13mtt-1226419598367568-8

202/204


SSL ti cc thc th im nt Mi thng bo gm 2 byte Byte th nht ch mc nghim trng

Cnh bo : c gi tr l 1

Tai ha : c gi tr l 2 Byte th hai ch ni dung bo ng

Tai ha : unexpected_message, bad_record_mac,decompression_failure, handshake_failure, illegal_parameter

Cnh bo : close_notify, no_certificate, bad_certificate,unsupported_certificate, certificate_revoked,certificate_expired, certificate_unknown

Giao thc bt tay SSL Cho php server v client

5/22/2018 anninhmangk13mtt-1226419598367568-8

203/204


Cho php server v client Xc thc ln nhau Tha thun cc gii thut m ha v MAC Tha thun cc kha mt m s c s dng

Gm mt chui cc thng bo trao i giaclient v server Mi thng bo gm 3 trng

Kiu (1 byte)

di (3 byte) Ni dung (0 byte)

TLS L phin bn chun Internet ca SSL

5/22/2018 anninhmangk13mtt-1226419598367568-8

204/204

M t trong RFC 2246 rt ging vi SSLv3 Mt s khc bit nh so vi SSLv3 S phin bn trong khun dng bn ghi SSL S dng HMAC tnh MAC

S dng hm gi ngu nhin khai trin cc gitr b mt

C thm mt s m bo ng Khng h tr Fortezza

Documents

anninhmangk13mtt-1226419598367568-8