bao mat TT

8/6/2019 bao mat TT

1/84

I HC THI NGUYNKHOA CNG NGH THNG TIN-----------------------------------

V ANH TUN

BO MT V AN TON THNG TIN TRONGTHNG MI IN T

LUN VN THC S KHOA HCCNG NGH THNG TIN

Chuyn ngnh : Khoa hc my tnhM s : 60 . 48 . 01

Ngi hng dn khoa hc:PGS.TS NGUYN GIA HIU

THI NGUYN 2008

8/6/2019 bao mat TT

2/84

S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn 2

Mc lc

Ni dung Trang

Li ni u................................................................................................ 2

I. Ni dung nghin cu ca ti ......................................................... 31. Mc tiu v nhim v nghin cu ca ti............................. ........ 32. ngha khoa hc ca ti................................................................. 33. Phng php nghin cu.................................................................... 34. Phm vi nghin cu............................................................................. 35. Cc kt qu nghin cu d kin cn t c.................................. 4II. B cc ca lun vn............................................................................ 5Chng I : CC KHI NIM V TMT V CC C TRNG CA

TMT

6

1. Khi nim v TMT........................................................................... 62. Li ch ca thng mi int........................ ...................................

6

3. Cc c trng c bn ca TMT....................................................... 84. Cc loi th trng in t.................................................................. 95. Cc h thng thanh tontrong TMT.............................................. 106. Cng ngh thanh ton in t............................................................ 117. Quy trnh thanh ton in t............................................................. 12Ch- ng II : h mt m, m kho i xng, m kho cngkhai, ch k s

14

I. tng quan v cc h mt m.................................................................. 141. Mt m hc c in.............................................................................. 142. Mt m hc hin i............................................................................ 153. Thut ng............................................................................................ 164. Tiu chun mt m............................................................................. 17ii. cc phng php m ho 19

1. M ho i xng (m ho kho b mt)............................................ 192. M ha khng i xng (M ha kha cng khai)........................... 29iii. CHK S 361. Ch k s.............................................................................................. 362. Phn loi cc s ch k s.............................................................. 373. Mt s s ch k c bn........................................ .........................3.1. S ch k RSA.............................................................................3.2. S ch k DSA (Digital Signature Standard).............................

404042

4. Cc s ch k s kh thi................................................................. 46

8/6/2019 bao mat TT

3/84


Ni dung Trang

5. Cc cch tn cng ch k in t........................................................ 47Ch- ng III : bo mt v an ton thng tin trong tmt 49i. vn an ton thng tin.......................................................................... 49II. chng ch s v c ch m ho..................................................... 511. Gii thiu v chng ch s................................................................... 512. Xc thc nh danh............................................................................. 523. Chng ch kha cng khai................................................................... 544. M hnh CA.......................................................................................... 575. Mt s giao thc bo mt ng dng trong TMT........................... 57CHNG IV: ci t bo mt v an ton thng tin trnwebsite mua bn cc linh kin my tnh trn mng internet

74

I. Cc chc nng c bn v hot ng ca h thng website 741. T chc d liu.................................................................................... 742. Qun tr thng tin............................................................................... 753. M ha RSA v p dng trong h thng........................................... 754. Thc hin mua hng........................................................................... 755.Cch thc thc hin m ha v gii m.............................................. 76II. ci t cc chc nng bo mt v an ton thng tin trnweb site mua bn linh kin my tnh

77

1. Th tc ng k thnhvin ................................................................ 772. Khch hng la chn v mua hng trn website............................. 79kt lun................................................................................................. 82Ti liu tham kho............................................................................. 83

8/6/2019 bao mat TT

4/84


li ni u

Vi s pht trin mang tnh ton cu ca mng Internet v TMT, conngi c th mua bn hng ho v dch v thng qua mng my tnh ton cumt cch d dng trong mi lnh vc thng mi rng ln . Tuy nhin i

vi cc giao dch mang tnh nhy cm ny cn phi c nhng c ch m bobo mt v an ton v vy vn bo mt v an ton thng tin trong thngmi in t l mt vn ht sc quan trng. ti s cp n cc kthut chnh ca lnh vc Bo mt v an ton thng tin trong thng mi int.

Hin nay vn Bo mt v an ton thng tin trong TMT v angc p dng ph bin v rng ri Vit Nam v trn phm vi ton cu. Vth vn Bo mt v an ton ang c nhiu ngi tp trung nghin cuv tm mi gii php m bo Bo mt v an ton cho cc h thng thngtin trn mng. Tuy nhin cng cn phi hiu rng khng c mt h thngthng tin no c bo mt 100% bt k mt h thng thng tin no cng cnhng l hng v bo mt v an ton m cha c pht hin ra

Vn bo mt v an ton thng tin trong TMT phi m bo bn yucu sau y:

- m bo tin cy : Cc ni dung thng tin khng b theo di hoc saochp bi nhng thc th khng c u thc.

- m bo ton vn : Cc ni dung thng tin khng b thay i bi nhngthc th khng c u thc- S chng minh xc thc : Khng ai c th t tr hnh nh l bn hp

php trong qu trnh trao i thng tin- Khng th thoi thc trch nhim : Ngi gi tin khng th thoi thc v

nhng s vic v nhng ni dung thng tin thc t gi i

Xut pht t nhng kh nng ng dng trong thc t v nhng ng dng c t cc kt qu ca nghin cu trc y v lnh vc Bo mt v an ton

trong TMT. ti s i su nghin cu cc k thut v cc phng phpBo mt v an ton thng tin trong thng mi in t

8/6/2019 bao mat TT

5/84


I. Ni dung nghin cu ca ti

1.Mc tiu v nhim v nghin cu ca ti- ti nghin cu cc k thut v phng php thc hin nhim v

Bo mt v an ton trong thng mi in t, qu trnh thc hin v cckin thc khoa hc v thut ton lin quan nh: Xc thc, Bo mt, Boton d liu, Mt m, Ch k s...

- pdng cc kt qu nghin cu trin khai h thng Bo mt v anton trong TMT

2. ngha khoa hc ca ti p dng cc kt qu nghin cu xy dng cc k thut Bo mt v

an ton trong thng mi in t vi mt s tnh nng c bn nh: Hthng chng thc, Cc c ch phn b kho t ng, M ho cc thngtin cn thit, k thut ngn nga cc rui ro trong TMT.

Vn Bo mt v an ton trn mng l mt trong nhng vn nng hitrong hot ng thc tin ca TMT, gii quyt tt vn bo mt v anton trong TMT s mang li ngha ht sc to ln nh: Lm cho khchhng tin tng khi thc hin cc giao dch trn mng, v cc nh cung cpdch v giao dch trc tuyn cng nh cc ISP m bo c nhng thngtin ca khch hng giao dch trn mng c an ton.

3.Phng php nghin cu Thu thp, phn tch cc ti liu v nhng thng tin lin quan n ti. Tm hiu cc giao dch trong thng mi in t ca mt s Website

trong v ngoi nc, thu thp cc thng tin v bo mt cc giao dch thng mi in t c.

Kt hp cc nghin cu c trc y ca cc tc gi trong nc cngvi s ch bo, gp ca thy hng dn hon thnh ni dung nghincu

4.Phm vi nghin cu Cc vn v bo mt chng thc trong thng mi in t Hm bm,

cc thut ton m ho i xng DES v v bt i xng nh m khocng khai RSA, s dng ch k s DSA v RSA, cc giao thc bo mttrn mng nh: SSL, TLS, SET...

Cc k thut s dng v cc phng php kt hp cc h mt m trongbo mt.

8/6/2019 bao mat TT

6/84


Do c nhng hn ch nht nh v c s vt cht v iu kin tip cnthc t vi lnh vc an ton v bo mt trong thng mi in t nn vicci tcc ng dng ch yu mang tnh th nghim.

5. Cc kt qu nghin cu d kin cn t c Cc vn v bo mt chng thc trong thng mi in t, s dng ch

k s, Cc k thut s dng v cc phng php kt hp cc h mt mtrong bo mt.

Ci t th nghim vn v bo mt v an ton trong thng mi in t nghin cu.

8/6/2019 bao mat TT

7/84


II, B cc ca lun vnChng I : CC KHI NIM VTMT V CC C TRNG CA

TMT1. Khi nim v TMT2. Li ch ca thng mi in t3. Cc c trng c bn ca TMT4. Cc loi th trng in t.5. Cc h thng thanh ton trong TMT6. Cng ngh thanh ton in t7. Quy trnh thanh ton in t

Chng II : H MT M, M KHO I XNG, M KHO CNGKHAI, CH K S

I, Tng quan v cc h mt m1. M ho kho i xng: Thut ton v qu trnh to kho

2. M ho kho cng khai: Hot ng, to kho, m ho, gii m,chuyn i vn bn rII, Ch k s

1. Khi nim ch k s2. Phn loi ch k s3. Mt s s ch k s c bn4. nh gi tnh an ton ca cc s ch k s

Chng III : BO MT V AN TON TRONG TMT1. An ton thng tin2.

C ch m ho3. Chng thc s ho

4. Mt s giao thc bo mt ng dng trong TMT- Cc vn bo mt ng dng WEB- C ch bo mt SSL v TSL- C ch bo mt SET

Chng IV: CI T V PHT TRIN CC NG DNG- Ci t ng dng bo mt v an ton thng tin, chng thc s ho, ch k

strn WEBSITE mua bn my tnh trn mng INTERNETKt lun

8/6/2019 bao mat TT

8/84


chng i : cc khi nim v TMT v cc c tr- ngca TMT

1. Khi nim v TMT

Thng mi in t l hnh thc mua bn hng ho v dch v thng quamng my rnh ton cu. TMT theo ngha rng c nh ngha trong lut muv thng mi in t ca U ban LHQ v lut thng mi quc t:

Thut ng thng mi cn c din gii theo ngha rng bao qutcc vn pht sinh t mi quan h mang tnh cht thng mi d c haykhng c hp ng. Cc quan h mang tnh cht thng mi bao gm cc giaodch sau y: Bt c giao dch no v thng mi no v cung cp hoc traoi hng ho hoc dch v, tho thun phn phi, i din hoc i l thng

mi, u thc hoa hng, cho thu di hn, xy dng cc cng trnh, t vn, kthut cng trnh, u t, cp vn, ngn hng, bo him, tho thun khai thchoc t nhng, lin doanh cc hnh thc khc v hp tc cng nghip hockinh doanh, chuyn ch hng ho hay hnh khch bng ng bin, ngkhng, ng st hoc ng b

Nh vy, c th thy rng phm vi ca Thng mi in t rt rng, baoqut hu ht cc lnh vc hot ng kinh t, vic mua bn hng ho v dch vch l mt trong hng ngn lnh vc p dng ca Thng mi in t. Theongha hp TMT ch gm cc hot ng thng mi c tin hnh trn mng

my tnh m nh Internet. Trn thc t chnh cc hot ng thng mi thngqua mng Internet lm pht sinh thut ng Thng mi in t.

Thng mi in t gm cc hot ng mua bn hng ho v dch v quaphng tin in t, giao nhn cc ni dung k thut s trn mng, chuyn tinin t, mua bn c phiu in t, vn n n in t, u gi thng mi, hptc thit k, ti nguynmng, mua sm cng cng, tip th trc tuyn ti ngitiu dng v cc dch v sau bn hng. Thng mi in t c thc hin ivi c thng mi hng ho (v d nh hng tiu dng, cc thit b y t chuyn

dng) v thng mi dch v (v d nh dch v cung cp thng tin, dch vphp l, ti chnh). Cc hot ng truyn thng nh chm sc sc kho, giodc v cc hot ng mi (nh siu th o). Thng mi in t ang tr thnhmt cuc cch mng lm thay i cch thc mua sm ca con ngi.

2. Lich ca TMT

Xut pht t nhng kinh nghim thc t trong qu trnh hot ng cathng mi in t th TMT mang li cho con ngi v x hi cc li chsau:

8/6/2019 bao mat TT

9/84


2.1. Thu thp c nhiu thng tin

TMT gip cho mi c nhn khi tham gia thu c nhiu thng tin v thtrng, i tc, gim chi ph tip th v giao dch, rt ngn thi gian sn xut,

to dng v cng c quan h bn hng. Cc doanh nghip nm c cc thngtin phong ph v kinh t th trng, nh c th xy dng c chin lc snxut v kinh doanh thch hp vi xu th pht trin ca th trng trong nc,trong khu vc v quc t. iu ny c bit c ngha i vi cc doanh nghipva v nh, hin nay ang c nhiu nc quan tm coi l mt trong nhngng lc pht trin kinh t.

2.2. Gim chi ph sn xut

TMT gip gim chi ph sn xut, trc ht l chi ph vn phng. Cc vnphng khng giy t chim din tch nh hn rt nhiu, chi ph tm kim chuyngiao ti liu gim nhiu ln trong khu in n gn nh b hn. Theo s liuca hng General Electricity ca M tit kim trn lnh vc ny t ti 30 %.iu quan trng hn, vi gc chin lc l cc nhn vin c nng lc cgii phng khi nhiu cng on s v v c th tp trung vo nghin cu phttrin, s a nnhng li ch to ln lu di.

2.3. Gim chi ph bn hng, tip th v giao dch

TMT gip gim thp chi ph bn hng v chi ph tip th. Bng phngtin Internet / Web mt nhn vin bn hng c th giao dch vi rt nhiu khchhng, catalogue in t trn web phong ph hn nhiu so vi catalogue in n chc khun kh gii hn v lun lun li thi, trong khi catalogue in t trnweb c cp nht thng xuyn.

TMT qua Internet / Web gip ngi tiu th v cc doanh nghip gimng k thi gian v chi ph giao dch. Thi gian giao dch qua Internet ch bng7% thi gian giao dch qua FAX, v bng khong 0.5 phn nghn thi gian giaodch qua bu in chuyn pht nhanh, chi ph thanh ton in t qua Internet ch

bng 10% n 20% chi ph thanh ton theo li thng thng.

2.4. Xy dng quan h i tc

Thng mi in t to iu kin cho vic thit lp v cng c mi quanh gia cc thnh vin tham gia qu trnh thng mi thng qua mng Internetcc thnh vin tham gia c th giao tip trc tip (lin lc trc tuyn) v lin tcvi nhau, c cm gic nh khng c khong cch v a l v thi gian na, nh s hp tc v qun l u c tin hnh nhanh chng mt cch lin tc, cc

bn hng mi, cc c hi kinh doanh mi c pht hin nhanh chng trnphm vi ton th gii v c nhiu c hi la chn hn.

8/6/2019 bao mat TT

10/84


2.5. To iu kin sm tip cn kinh t tri thc

Trc ht TMT s kch thch s pht trin ca nghnh CNTT to c s

cho pht trin kinh t tri thc. Li ch ny c mt ngha ln i vi cc ncang pht trin, nu khng nhanh chng tip cn nn kinh t tri thc th saukhong mt thp k na nc ang pht trin c th b b ri hon ton. Khacnh li ch ny mang tnh chin lc cng ngh v tnh chnh sch pht trincn cho cc nc cng nghip ho.

3. Cc c trng c bn ca TMT

So vi cc hot ng thng mi truyn thng, TMT c mt s cc c

trng c bn sau:

3.1. Cc bn tin hnh giao dch trong thng mi in t khng tip xctrc tip vi nhau v khng i hi phi bit nhau t trc.

Trong thng mi truyn thng cc bn thng gp g nhau trc tip tin hnh giao dch. Cc giao dch c thc hin ch yu theo nguyn tc vt lnh chuyn tin, sc, ho n, vn n, gi bo co. Cc phng tin vinthng nh: Fax, telex,... ch c s dng chao i s liu kinh doanh. Tuynhin vic s dng cc phng tin in t trong thng mi truyn thng ch chuyn ti thng tin mt cch trc tip gia 2 i tc ca cng mt giao dch.

Thng mi in t cho php tt c mi ngi cng tham gia t cc vngxa xi ho lnh n cc khu vc th rng ln, to iu kin cho tt c mingi khp mi ni u c c hi ngang nhau tham gia vo th trng giaodch ton cu v khng i hi nht thit phi c mi quen bit vi nhau.

3.2. Cc giao dch thng mi truyn thng c thc hin vi s tn ti cakhi nim bin gii quc gia, cn thng mi in t c thc hin trongmt th trng khng c bin gii (th trng thng nht ton cu). Thngmi in t trc tip tc ng ti mi trng cnh tranh ton cu.

Thng mi in t cng pht trin th my tnh c nhn tr thnh ca scho doanh nghip hng ra th trng trn khp th gii. Vi TMT mt doanhnhn d mi thnh lp c th kinh doang Nht Bn, c v Chi l..., mkhng h phi bc ra khi nh, mt cng vic trc kia phi mt nhiu nm.

3.3. Trong hot ng giao dch TMT u c s tham gia ca t nht ba chth, trong c mt bn khng th thiu c l ngi cung cpdch vmng, cc c quan chng thc.Trong TMT ngoi cc ch th tham gia quan h giao dch ging nh giao dch

thng mi truyn thng xut hin mt bn th 3 l nh cung cp dch vmng, cc c quan chng thc... l nhng ngi to mi trng cho cc giao

8/6/2019 bao mat TT

11/84


dch thng mi in t. Nh cung cp dch v mng v c quan chng thc cnhim v chuyn i, lu gi cc thng tin gia cc bn tham gia giao dchTMT, ng thi h cng xc nhn tin cy ca cc thng tin trong giao dchTMT.

3.4. i vi thng mi truyn thng th mng li thng tin ch l phngtin trao i d liu, cn i vi TMT th mng li thng tin chnh l thtrng

Thng qua TMT nhiu loi hnh kinh doanh mi c hnh thnh. Vd: Cc dch v gia tng gi tr trn mng my tnh hnh thnh nn cc nh trunggian o lm cc dch v mi gii cho gii kinh doanh v tiu dng, cc siu tho c hnh thnh cung cp hng ho v dch v trn mng my tnh. Ccch ca hng thng thng ngy nay cng ang ua nhau a thng tin ln Web tin ti khai thc mng th trng rng ln trn Web bng cch m ca hng

o.

4. Cc loi th trng in t

Tu thuc vo i tc kinh doanh m ngi ta gi l th trng B2B,B2C, C2B hay C2C. Th trng m l nhng th trng m tt c mi ngi cth ng k v tham gia. Ti mt th trng ng ch c mt s thnh vin nhtnh c mi hay cho php tham gia. Mt th trng ngang tp trung vo mtquy trnh kinh doanh ring l nht nh, v d nh lnh vc cung cp: nhiudoanh nghip c th t cc nghnh khc nhau tham gia nh l ngi mua v linh vi mt nhm nh cung cp. Ngc li th trng dc m phng nhiu quytrnh kinh doanh khc nhau ca mt nghnh duy nht hay mt nhm ngi dngduy nht.

Sau khi ln sng lc quan v TMT ca nhng nm 1990 qua i, thigian m xut hin nhiu th trng in t, ngi ta cho rng sau mt qutrnh tp trung ch c mt s t th trng ln l s tip tc tn ti. Th nhng

bn cnh l ngy cng nhiu nhng th trng chuyn mn nh.Ngy nay tnh hnh khc hn i, cng ngh thc hin mt th trng

in t r i rt nhiu. Thm vo l xu hng kt ni nhiu thng tin cho

hng khc nhau thng qua cc giao din lp trnh ng dng thnh lp mt thtrng chung c mt cho hng cao. Ngoi ra cc th trng c lp trcy cn c tch hp ngy cng nhiu bng cc gii php phn mm cho mtcng Web ton din.

Thng mi in t c phn loi theo t cch ca ngi tham gia giaodch nh sau:

Ngi tiu dng:

C2C (ConsumerToConsumer): Ngi tiu dng vi ngi tiu dng

C2B (ConsummerToBusiness): Ngi tiu dng vi doanh nghipC2G (ConsumerToGovernment): Ngi tiu dng vi chnh ph

8/6/2019 bao mat TT

12/84


Doanh nghip:B2C (BussinessToConsumer): Doanh nghip vi ngi tiu dngB2B (BussinessToBusiness ): Doanh nghip vi doanh nghipB2G (BussinessToGovernment): Doanh nghip vi chnh ph

B2E (BussinessToEmployee): Doanh nghip vi nhn vin Chnh phG2C (GovernmentToConsumer): Chnh ph vi ngi tiu dngG2B (GovernmentToBusiness): Chnh ph vi doanh nghipG2G (GovernmentToGovernment): Chnh ph vi chnh ph

5. Cc h thng thanh ton trong TMT

Thanh ton in t lmt khu quan trng trong TMT. Hiu mt cch

khi qut th thanh ton in t l mt qu trnh thanh ton tin gia ngi muav ngi bn. im ct li ca vn ny l vic ng dng cc cng ngh thanhton ti chnh (v d nh m ho s th tin dng,sc in t, hoc tin in t)gia ngn hng, nh trung gian v cc bn tham gia hot ng thng mi. Ccngn hng v t chc tn dng hin nay s dng cc phng php ny nhmmc ch nng cao hiu qu hot ng trong bi cnh pht trin ca nn kinh ts, vi mt s li ch nh gim chi ph x l, chi ph cng ngh v tng cngthng mi trc tuyn.

Thanh ton in t l vic tr tin thng qua cc thng ip in t thayv trao tay trc tip. Vic tr lng bng cch chuyn tin vo ti khon ngnhng, tr tin mua hng bng th tn dng, bng th mua hng... thc cht cngl nhng v d n gin ca thanh ton in t.

Hnh thc thanh ton in t c mt s h thng thanh ton c bn sau:

Thanh ton bng th tn dng:Thc t cho thy, khchhng trn mng khngth tr tin hoc sc thanh ton. iu cn thit l Website bn hng cn phito ra c cc hnh thc thanh ton trn mng. H thng thanh ton ph binhin nay trn mng l thanh ton bng th tn dng. Mt s th tn dng ph binhin nay l Visa, MasterCard, American Express, JBC. tin hnh giao dch

th tn dng t Website bn hng cn thit phi lin kt ti mt dch v tinhnh thanh ton th tn dng trn mng nh CyberCard hay PaymentNet,... Dchv thanh ton ny cung cp phn mm nh v trn my ch dch v an ton tidc v thc hin thanh ton. Dch v thc hin thanh ton xc nhn thng quath tn dng c th hon tt giao dch vi khch hng. Sau chuyn n b

phn xc nhn. Dch v thanh ton bng th tn dng m bo rng tin cthc hin ti khon ngn hng. tin hnh s dng dch v thanh ton bngth tn dng trn Website cn ng k mt ti khon giao dch Internet vi ngnhng (acquier). Hin ti khng phi ngn hng no cng cung cp dch v ti

khon giao dch trn Internet. Ti khon giao dch Internet c thit k cho

8/6/2019 bao mat TT

13/84


php nh kinh doanh thc hin giao dch thanh ton qua th tn dng trnInternet thng qua dch v th tn dng trn mng.

Thanh ton vi in t (Electronic Cash MicroPayment): c s dng chonhng giao dch qu nh i vi yu cu thanh ton qua th tn dng (di 10

USD). Micropayment vi thanh ton c duy tr qua bin nhn in t, khchhng m ti khon vi my cung cp bin nhn in t t ng. My cung cpbin nhn in t t ng. My cung cp bin nhn in t t ng s cp chokhch hng tin k thut s (digital money), do khch hng c th mua trctip t Website. Trc khi khch hng thanh ton tin k thut s n ngi

bn, n xc nhn c ngi mua v my bn hng t ng m bo rng tini n ng ni cung cp tin in t Cyberrcash.

Chi phiu in t (Electronic Check) :y l mt dch v cho php khch hng

trc tip chuyn tin in t t ngn hng n ngi bn hng. Chi phiu in tc s dng thanh ton ho n nh k. Cc cng ty nh in, nc, ga, inthoi... a ra hnh thc thanh ton ny ci thin t l thu, gim chi ph v ddng hn cho khch hng trong vic qun l ho n. T trin vng ca khchhng khi mt khch hng ng k vi nh cung cp th khch hng s nhn cthng tin thanh ton (s ti khon, ngn hng...). Khch hng vi tn ng k sdng v mt khu h c th truy nhp vo Website ca cng ty pht hnh chi

phiu kim tra s d ca h. Khch hng cng c th nhn nhng ho nin t v gi th in t thng bo nhn c ho n in t t cng tycung cp gi n. Khi khch hng truy cp ho n ca mnh trn Internet saukhi xem xt tt c cc ho n khch hng c th chn thanh ton t tin camnh trong ti khon ti ngn hng. Qu trnh thanh ton c thc hin thngqua dch v nh dch v thanh ton chi phiu in t trn Cybercashs Paynow(thanh ton nhanh) ca Cybercash.

Th in t (Email): C th dng cho php i tc kinh doanh nhnthanh ton t ti khon khch hng hoc lp ti khon vi nh cung cp.

Vi nhng li ch nu trn, tng cng kh nng thanh ton in t s l

mt gii php ct gim ng k cc chi ph hot ng. Theo tnh ton ca ccngn hng thvic giao dch bng tin v sc rt tn km, do h tm kim ccgii php khc vi chi ph thp hn. Hin nay M th cc giao dch bng tinmt chim khong 54% v bng sc l 29% cc giao dch in t chim khong17%. D bo con s ny s tng lntrong thi gian ti.

6. Cng ngh thanh ton in t

Cc cng ngh thanh ton in t bt u pht trin vi dch v chuyn

tin bng in t v d nh dch v chuyn tin ca Western Union gip mt cnhn c th chuyn tin cho ngi no a im khc thng qua lnh

8/6/2019 bao mat TT

14/84


chuyn tin ca h t mt quy cung cp dch v ca Western Union. Tin chc th chuyn giao cho khch hng sau khi p ng c cc yu cu nhn in.Trong trng hp ny, khng c s tham gia ca bt k ngn hng no c,Western ch n thun l mt cng ty in tn. S an ton ph thuc vo khnng ti chnh ca hng, v s an ton ca dch v ny c kim sot qua cc

thng ip gi i trong tng giao dch ring l. Cc thng tin ny khng ccng b rng ri m ch khch hng v ngi nhn c bit khon tin cchuyn. Ch k c s dng nh mt cng c xc nhn nhm mc ch cho

bit qu trnh chuyn giao hon thnh khi khch hng nhn c tin.Cc sng kin trong thanh ton in t hin nay u nhm mc ch to ra

mt cch thc n gin, thun li cho khch hng trong giao dch thanh ton vmang tnh tc thi. Trong mt giao dch in t, cc khu kim tra hi oi, tinhnh th tc thanh ton s din ra ngay lp tc khi khch hng gi lnh yu cuchuyn tin thanh ton cho mt giao dch mua bn trn mng.

H thng thanh ton in t dnh cho khch hng pht trin rt nhanh chng.7. Quy trnh thanh ton in t

Mt quy trnh thanh ton in t bao gm c 6 cng on cbn sau:1. Khch hng, t mt my tnh ti mt ni no , in nhng thng tin

thanh ton v a ch lin h vo n t hng (Order Form) ca Website bnhng. Doanh nghip nhn c yu cu mua hng ho hay dch v ca khchhng v phn hi xc nhn tm tt li nhng thng tin cn thit nhmt hng chn, a ch giao nhn v s phiu t hng

2. Khch hng kim tra li cc thng tin v click chn t hng, githng tin tr v cho Doanh nghip.

3. Doanh nghip nhn v lu tr thng tin t hng ng thi chuyn tipthng tin thanh ton (s th tn dng, ngy o hn, ch th) c m hon my ch (Server, thit b x l d liu) ca Trung tm cung cp dch v xl th trn mng Internet. Vi qu trnh m ho cc thng tin thanh ton c akhch hng c bo mt an ton nhm chng gian ln trong cc giao dch(ngay c doanh nghip s khng bit c thng tin v th tn dng ca khchhng).

4. Khi Trung tm x l th tn dng nhn c thng tin thanh ton, s giim thng tin v x l giao dch ng sau tng la (Fire Wall) v tch ri mngInternet (off the Internet), nhm mc ch bo mt tuyt i cho cc giao dchthng mi, nh dng li giao dch v chuyn tip thng tin thanh ton n

Ngn hng ca Doanh nghip (Acquirer) theo mt ng dy thu bao ring(mt ng truyn s liu ring bit).

5. Ngn hng ca Doanh nghip gi thng in in t yu cu thanh ton(authorization request) n ngn hng hoc Cng ty cung cp th tn dng cakhch hng (Issuer). V t chc ti chnh ny s phn hi l ng hoc t chi

thanh ton n trung tm x l th tn dng trn mng Internet.

8/6/2019 bao mat TT

15/84


6. Trung tm x l th tn dng trn Internet s tip tc chuyn tip nhngthng tin phn hi trn n doanh nghip v tu theo doanh nghip thngbocho khch hng c r l n t hng s c thc hin hay khng.

chng II : h mt m, m kho i xng m kho

cng khai, ch k si. tng quan v cc h mt m

Mt m hc l mt linh vc lin quan vi cc k thut ngn ng v tonhc m bo an ton thng tin, c th l thng tin lin lc. V phng dinlch s, mt m hc gn lin vi qu trnh m ha; iu ny c ngha l n gnvi cc cch thc chuyn i thng tin t dng ny sang dng khc nhng y l t dng thng thng c th nhn thc c thnh dng khng th nhnthc c, lm cho thng tin tr thnh dng khng th c c nu nh khng

c cc kin thc b mt. Qu trnh m ho c s dng ch yu m botnh b mt ca cc thng tin quan trng , chng hn trong cng tc tnh bo,qun s hay ngoi giao cng nh cc b mt v kinh t, thng mi. Trongnhng nm gn y, lnh vc hot ng c mt m ho dc m rng; mtm ho hin i cung cp c ch nhiu hot ng hn l ch duy nht vic gi bmt v c mt lot cc ng dng nh : chng thc kho cng khai, ch k s,

bu c in t hay tin in t. Ngoi ra nhng ngi khng c nhu cu thityu c bit v tnh b mt cng s dng cc cng ngh mt m ho, thng

thng c thit k v to lp sn trong cc c s h tng ca cng ngh tnhton v lin lc vin thng.

Mt m hc l mt nghnh c lch s t hng nghn nm nay. Trong phnln thi gian pht trin ca mnh ( ngoi tr vi thp k tr li y ), lch s mtm hc chnh l lch s ca nhng phng php mt m hc c in cc

phng php mt m ho vi bt v giy, i khi c h tr t nhng dng c ckh n gin. Vo u th k 20, s xut hin ca cc c cu c kh v in c,chng hn nh my Enigma, cung cp nhng nhng c ch phc tp v hiu

qu hn cho vic mt m ho. S ra i v pht trin mnh m ca ngnh int v my tnh trong thp nin gn y to iu kin mt m hc pht trinnhy vt ln mt tm cao mi.

1. Mt m hc c in

Nhng bng chng sm nht v s dng mt m hc l cc ch tng hnhkhng tiu chun tm thy trn cc bc tng Ai Cp c i (cch y khong4500). Nhng k hiu t ra khng phi phc v mc ch truyn thng tin bmt m c v nh l nhm mc ch gi nn nhng iu thn b, tr t m hoc

thm tr to s thch th cho ngi xem. Ngoi ra cn rt nhiu v d khc v

8/6/2019 bao mat TT

16/84


nhng ng dng ca mt m hc hoc l nhng iu tng t. Mun hn, cchc gi v ting Hebrew c s dng mt phng php m ho thay th bng chci n gin chng hn nh mt m ho Atbash ( khong nm 500 n nm600). Mt m hc t lu c s dng trong cc tc phm tn gio chegiu thng tin vi chnh quyn hoc nn vn ho thng tr. V d tiu chun nht

l s ch k th ca cha (Ting Anh number of the beast) xut hin trongkinh Tn c ca c c gio. y s 666 c th l cch m ho ch n ch La M hoc l n hong nero ca ch ny. Vic khng cp trctip s gy rc ri khi chnh sch b chnh quyn ch . i vi c c giochnh thng thi vic che du ny kt thc khi constantine ci o v chp nhno c c l chnh thng ca ch.

Hnh 1: Scytale, mt thit b mt m ha c i

Ngi Hy Lp c i cng c bit n l s dng cc k thut mt m (chnghn nh mt m scytale ). Cng c nhng bng chng t ngi La M nm ccc k thut mt m (mt m caesar v cc bin th). Thm tr c nhng cp n mt cun sch ni v mt m trong qun i La M, tuy nhin cunsch ny tht truyn.

2. Mt m hc hin i

Nhiu ngi cho rng k nguyn ca mt m hc hin i c bt uvi Claude Shannon, ngi c coi l cha ca mt m ton hc. Nm 1949ng d cng b bi l thuyt v truyn trhng trong cc h thng bo mt(Communication Theory of secrecy system ) trn tp san bell system technical

journal _ tp san k thut ca h thng bell_ v mt thi gian ngn sau , trongcun mathematical theory of communication _ l thuyt ton hc trong truynthng _ cng vi tc gi warren weaver. Nhng cng trnh ny, cng vi nhngcng trnh nghin cu khc ca ng v l thuyt v tin hc v truyn thng (information and communication theory), thit lp mt nn tng l thuyt c

bn cho mt m hc v thm m hc.Vi nh hng , mt m hc hu nh b

thu tm bi cc c quan truyn thng mt ca chnh ph, chng hn nh NSA,

8/6/2019 bao mat TT

17/84


v bin mt khi tm hiu bit ca cng chng. Rt t cc cng trnh c tiptc cng b, cho n thi k gia thp nin 1970, khi mi sc thay i.

3. Thut ng

Vic nghin cu tm cc phng thc ph v vic s dng mt mc gi l phn tch mt m, hay ph m. Mt m ho v phn tch mt m ikhi c nhm li cng nhau di tn gi chung mt m hc, n bao bc ton

b cc ch lin quan n mt m. Trong thc t, thut ng mt m ho thngthng c s dng ni n ngnh ny mt cch tng th.

Trong mt s ngn ng nh ting anh n l cryptography, c ngun gct ting Hy Lp kryptos tc l "n" v graphein, "vit ra". Vic s dng t"cryptography" ln u tin c l din ra trong bi din thuyt ca Sir Thomas

Browne nm 1658 c tn gi The garden of cyrus: "The strange cryptography ofgaffarel in his starrie booke of heaven".

Mt m ho l qu trnh chuyn i cc thng tin thng thng (vn bnthng hay vn bn r ) thnh dng khng c trc tip c, l vn bn m.Gii mt m, l qu trnh ngc li, phc hi li vn bn thng t vn bn m.Mt m l thut ton mt m ho v gii mt m. Hot ng chnh xc camt m thng thng oc kim sot bi kho _ mt on thng tin b mt no cho php tu bin cch thc to ra vn bn m. Cc giao thc mt m ch r

cc chi tit v vic mt m (v cc nn tng mt m ho khc) c s dng nhth no thu c cc nhim v c th. Mt b cc giao thc, thut ton, cchthc qun l kho v cc hnh ng quy nh trc bi ngi s dng thi hnhcng nhau nh mt h thng to ra h thng mt m.

Trong cch ni thng thng, "m" b mt thng thng c s dngng ngha vi "mt m". Trong mt m hc, thut ng ny c ngha k thutc bit: Cc m l cc phng php lch s tham gia vo vic thay th cc nv vn bn ln hn, thng thng l cc t hay cu (v d, "qua tao" thay th cho

"tan cong luc rang dong"). Ngc li, mt m ho c in thong thng thay thhoc sp xp li cc ch ring bit (hoc mt nhm nh cc ch ci) v d, "tancong luc rang dong" tr thnh "ubo dpoh mvd sboh epoh" bng cch thay th.

Thm m:Mc tiu ca thm m(ph m ) l tm nhng im yu hockhng an ton trong phng th mt m ho. Thm m c th c thc hin

bi nhng k tn cng c , nhm lm hng h thng; hoc bi nhng ngithit k ra h thng (hoc nhng ngi khc ) vi nh nh gi an ton cah thng.

8/6/2019 bao mat TT

18/84


C rt nhiu loi hnh tn cng thm m, v chung c th c phn loitheo nhiu cch khc nhau. Mt trong nhng c im lin quan l nhng ngitn cng c th bit v lm nhng g hiu c thng tin b mt. V d,nhng ngi thm m ch truy cp c vn bn m ho khng ? hoc thm ch:Anh ta c chn la cc vn bn ngu nhin m ho ? Cc kch bn ny tng

ng vi tn cng vn bn m, tn cng bit bn r v tn cng chn la bn r.

Trong cng vic thm m thun tu s dng cc im yu trong cc thutton mt m ho, nhng cuc tn cng khc li da trn s thi hnh, c bitn nh l cc tn cng side _channel. Nu ngi thm m bit lng thi gianm thut ton cn m ho mt lng bn r no , anh ta c th s dng

phng thc tn cng thi gian m ho m nu khng th chng chu cphp thm m. Ngi tn cng cng c th nghin cu cc mu v di cathng ip rt ra cc thng tin hu ch cho vic ph m; iu ny c bit

n nh l thm mlu thng.

Nu nh h thng mt m s dng kho xut pht t mt khu, chng cnguy s b tn cng kiu duyt ton b (brute force ), v kch thc khng lncng nh thiu tnh ngu nhin ca mt khu. y l im yu chung trong hthng mt m. i vi cc ng dng mng, giao thc tho thun kho chngthc mt khu c th gim i mt s cc gii hn ca mt khu. i vi cc ngdng c lp, hoc l bin php an ton lu tr cc d liu cha mt khuv/hoc cc cm t kim soat truy cp thngthng c gi nn s dng.

Thm m tuyn tnh v Thm m vi phn l cc phng php chung chomt m ho khoa i xng. Khi mt m ho da vo cc vn ton tin nh kh NP, ging nh trong trng hp ca thut ton kho i xng, cc thutton nh phn tch ra tha s nguyn t tr thnh cng c tim nng cho thmm.

4. Tiu chun mt m

Thi k gia thp nin k 1970 c chng kin hai tin b cong chnh

ln ( cng khai ). u tin l s cng xut tiu chun mt m ho d liu(data encryption standard) trong "cng bo lin bang " ( federal register ) ncM vo ngy 17 thng 3 nm 1975. Vi c ca cc tiu chun quc gia(national bureau of standards _NBS ), (hin l NIST ), bn xut DES ccng ty IBM ( international business machines ) trnh tr thnh mt trongnhng c gng trong vic xy dng cc cng c tin ch cho thng mi,nhcho cc nh bng v cho cc t chc ti chnh ln. Sau nhng ch o v thayi ca NSA, vo nm 1977, n c chp thun v c pht hnh di citn bn cng b v tiu chun x l thng tin ca lin bang (federal information

processing standard publication _FIPS) (phin bn hin nay l FIPS 46_3). DES

8/6/2019 bao mat TT

19/84


l phng thc mt m cng khai u tin c mt c quan quc gia nh NSA"tn sng". S pht hnh bn c t ca n bi NBS khuyn khch s quantm ch ca cng chng cng nh ca cc t chc nghin cu v mt m hc.

Nm 2001, DES chnh thc c thay th bi AES ( vit tt ca advancedencryption standard _ tiu chun m ho tin tin) khi NIST cng b phin bn

FIPF 197. Sau mt cuc thi t chc cng khai, NIST chn Rijndael, do hainh mt m ngi B trnh, v n tr thnh AES v mt s bin th ca nnh tam phn DES (Triple Des), vn cn c s dng, do trc y n cgn lin vi nhiu tiu chun quc gia v cc t chc. vi chiu di kho ch l56 bit, n c chng minh l khng sc chng li nhng tn cng kiuvt cn (brute force attack- tn cng dng bo lc). Mt trong nhng kiu tncng loi nyc thc hin bi nhm nhn quyn cyber (cyber civil- rightsgroup) tn l t chc tin tuyn in t (electronic frontier foundation) vo nm

1997, v ph m thnh cng trong 56 ting ng h- cu truyn ny cnhc n trong cun cracking DES( ph v DES), c sut bn bi Oreillyand Associates. Do kt qu ny m hin nay vic s dng phng php mt mho DES nguyn dng, c th c khng nh mt cch khng nghi ng, l mtvic lm mo him, khng an ton v nhng thng ip di sbo v canhng h thng m ho trc y dng DES, cng nh tt c cc thng ipc truyn gi t nm 1976 tr i s dng DES, u tronh tnh trng rt nglo ngi. Bt chp cht lng vn c ca n, mt s s kin sy ra trong nm1976, c bit l s kin cng khai nht ca Whitfield Diffie, ch ra rngchiudi kho m DES s dng (56-bit) l mt kho qu nh). c mt s nghi ngxut hin ni rng mt s cc t chc ca chnh ph, ngay ti thi im by gi,cng c cng sut my tnh ph m cc thng dip dng DES; r rngl nhng c quan khc cng c kh nng lm vic nay ri.

Mt m ho c s dng m bo an ton cho thng tin lin lc.Ccthuc tnh c yu cu l: Tnh b mt: ch c ngi nhn xc thc c th ly ra c ni dung ca

thng tin cha ng trong dng mt m ho ca n. Ni khc i, n khng

th cho php thu lm c bt k thng tin ng k no v ni dung cathng ip. Nguyn vn: ngi nhn cn c kh nng xc nh c thng tin c b thay

i trong qu trnh truyn hay khng. Tnh xc thc: ngi nhn cn c kh nng xc nh ngi gi v kim tra

xem ngi gi c thc s gi tin i hay khng. Khng b t chi: ngi gi khng b (khng th) t chi vic gi thng

tin i. Chng lp li: khng cho php bn th ba copy li vn bn v gi nhiu ln

n ngi nhn m ngi gi khng h hay bit.Mt m hc c th cung cp c ch gip thc hin iu ny.Tuy nhin,

8/6/2019 bao mat TT

20/84


mt s mc tiu khng phi bao gi cng l cn thit, trong ngha cnh ca thct hay mong mun. V d, ngi gi thng tin c th mong mun gi mnh lnc danh; trong trng hp ny s khng t chi thc hin r rng l khngthch hp.ii. cc phng php m ho

1. M ho i xng (m ho kho b mt)1.1. nh ngha

Thut ton i xng hay l thut ton m ti kho m ho c th tnh tonra c t kho gii m.Trong rt nhiu trng hp, kho m ho v kho giim l ging nhau. Thut ton ny cn c nhiu tn gi khc nh thut ton kho

b mt, thut ton kho ngin, thut ton mt kho. Thut ton ny yu cungi gi v ngi nhn phi tho thun mt kho trc khi thng bo c gii, v kho ny phi c ct gi b mt. an ton ca thut ton ny ph

thuc vo kho, nu l ra kho ny ngha l bt k ngi no cng c th mho v gii m thng bo trong h thng m ho. S m ho v gii m ca thutton i xng biu th bi:

EK(K) = C v DK(C ) = P

Hnh2: M ho vi kho m v gii m ging nhau

1.2. Cc vn i vi phng php m ha i xng

Phng m ha i xng i hi ngi m ha v ngi gii m phi

cng chung mt kha. Khi kha phi c gi b mt tuyt i, do vy ta ddng xc nh mt kha nu bit kha kia.

H m ha i xng khng an ton nu kha b l vi xc sut cao. Trongh ny, kha phi c gi i trn knh an ton.

Vn qun l v phn phi kha l kh khn v phc tp khi s dng hm ha i xng. Ngi gi v nhn phi lun thng nht vi nhau v kha.Vic thay i kha l rt kh v d b l

8/6/2019 bao mat TT

21/84


Khuynh hng cung cp kho di m n phi c thay i thng xuyncho mi ngi trong khi vn duy tr c tnh an ton ln hiu qu chi ph s cntr rt nhiu ti h mt m ny.

1.3 chun m ho d liu DES.

a, Gii thiu

Ngy 15.5.1973. u ban tiu chun quc gia M cng b mt khuynngh cho cc h trong H s qun l lin bang. iu ny cui cng dn ns pht trin ca chun m d liu (ES) v n tr thnh mt h mt c sdng rng ri nht trn th gii. DES c IBM pht trin v c xem nh l

mt ci bin ca h mt LUCIPHER. Ln u tin DES c cng b trong Hs lin bang vo ngy 17.3.1975. Sau nhiu cuc tranh lun cng khai, DES c chp nhn lm chun cho cc ng dng khng c coi l mt vo5.1.197. K t c 5 nm mt ln,DES li c u ban tiu chun quc giaxem xt li.

DES l thut ton m ho khi (block algorithm), n m ho mt khi dliu 64 bit bng mt kho 56 bit. Mt khi bn r 64 bit a vo thc hin, saukhi m ho d liu ra l mt khi bn m 64 bit. C m ho v gii m u sdng cng mt thut ton v kho.

Nn tng xy dng khi ca DES l s kt hp n gin ca cc k thutthay th v hon v bn r da trn kho, l cc vng lp. DES s dng 16vng lp p dng cng mt kiu kt hp cc k thut trn khi bn r.

Thut ton ch s dng cc php ton s hc v lgic thng thng trn ccs 64 bit, v vy n r rng th hin vo nhng nm 1970 trong iu kin vcng ngh lc by gi. Ban u, s thc hin cc phn mm kiu ny rt th s,nhng hin ti vic tt hn, v vi c tnh lp i lp li ca thut ton

to nn tng s dng chip vi mc ch ny c bit ny.b. M t

M t y ca DES c nu trong cng b s 64 v cc chun x lthngtin lin bang (M) vo 15.1.1977. DES m ho mt su bit x ca r di64 bng mt kho 56 bit. Bn m nhn c cng l mt xu bit c di 64.Trc ht ta m t mc cao ca h thng.

Thut ton tin hnh theo 3 giai on:

1. Vi bn r trc x, mt su bit x0s c xy dng bng cch hon v ccbit ca x theo php hon v c nh ban uIP.

8/6/2019 bao mat TT

22/84


Ta vit:x0 = IP (X)= L0R0, trong L0gm 32 bit u v R0l 32 bit cui.

2. sau tnh ton 16 ln lp theo mt hm xc nh.Ta s tnh L1R1,1 i 16 theo qui tc sau:

L1=Ri-1

R1 = Li-1 f(Ri-1,Ki)

Trong k hiu php hoc loi tr ca hai xu bit ( cng theo modun 2). F lmt hm ta x m t sau, cn K1,K2,...,K16 l cc su bit di 48 c tnhnh hm ca kho Ki l mt php chn hon v bt trong K). K1,K2,...,K16s tothnh bng kho. Mt vng ca php m ho c m t trn hnh 2.

3. p dng php hon v IP-1(R16L16). Ch th t c o ca R16 va L16 .

Hnh 3 : Mt vng ca DES

Hm f c hai bin vo: bin th nht A l xu bit di 32, bin th hai j lmt xu bit di 48. u ra ca f l mt xu bit di 32.

Cc bc thc hin:

Bin th nht A c m rng thnh mt xu bit di 48 theo mt hm mrng c nh E. E9A) gm 32 bit ca A (c hon v theo cch c nh ) vi 16

bit xut hin hai ln.

- -

+

Li-1

K i

8/6/2019 bao mat TT

23/84


Tnh E(A) j v vit kt qu thnh mt chui 8 xu 6 bit = B1B2B3B4B5B6B7B8Bc tip theo dng 8 bng S1,S2,,S8( c gi tt l ci hp S). Vi mi Sil mt bng 46 c nh c cc hng l cc s nguyn t 0 n 15. Vi xu bitc di 6 (K hiu B1 = b1b2b3b4b5b6), ta tnh Si(Bi) nh sau: Hai bit b1b2xcnh biu din

nh phn ca hng r ca Si ( 0 r3) v 4 bit (b2b3b4b5) xc nh biu din nh phn ca ct c ca Si (0 c 15) . Khi Si (Bi) s xc nh phn t Si(r,c);phn t ny vit di dng nh phn l mt xaau bit c di 4. (Bi vy , miSi c th c coi l mt hm m m u vo l mt xu bit c di 2 v mtxu bit c di 4, cn u ra l mt xu bit c di4). Bng cch tng ttnh cc Ci = Si (Bi) , 1 i 8 .

Xu bit C = C1C2C8c di 32 c hon v theo php hon v c nh P.

Xu kt qu l P(C) c xc nh l f(A,J).Hm f c m t trong hnh 1.3. Ch yu n gm mt php th (s dng hpS), tip sau l php hon v P .

Hnh 4: .Hm f ca DES

Cui cng ta cn m t vic tnh ton bng kho t kho K. Trn thc t , K lmt xu bit di 64 , tring 56 bit l kho v 5 bit kim tra tnh chn lnhm phat hin sai. Cc bit cc v tr 8, 16, .,64 c xc nh sao cho mi

byte cha mt s l cc s 1. Bi vy mt sai st n l c th pht hin ctrong mi nhm 8 bit.

Cc bit kim trab b qua trong qu trnh tnh ton bng kho.

8/6/2019 bao mat TT

24/84


1. Vi mt kho K 64 bit cho trc , ta loi b cc bit kim tra tnh chn l vhon v c bit cn li ca K theo php hon v c nh PC-1 (K) = C0D0.

2. Vi i thay i t 1 n 16:

Ci = LSi(Ci-1)

Di = LSi (Di-1)

V Ki = PC-2 (CiDi). LSi th hin s dch sang tri 1 hoc 2 bit , ph thuc vogi tr ca i:dch 1v trs nui = 1,2,9 hoc 16 v dch 2 v tr trong cc trnghp cn li . PC-2 l mt hon v c nh khc.

Vic tnh bng kho c m t trn hnh 1.4

Hnh 5: Tnh bng kho DES

c. Gii m DES

Sau khi thay i , hon v ,, v dch vng , bn c th ngh rng thut tongii m hon ton khc v phc tp , kh hiu nh thut ton m ho . Tri li ,DES s dng cng thut ton lm vic cho c m ho v gii m.

Vi DES , c th s dng cng chc nng gii m ho mt khi. Ch c skhc nhau l cc kho phi c s dng theo th t ngc li . Ngha l ,nu cc kho m ho cho mi vng l k1,k2,k3,.,k15,k16 th cc kho gii lk16,k15,.,k3,k2,k1. Thut tan ding sinh kho c s dng cho mi vngtheo kiu vng quanh . Kho c dch phi , v s nhng v tr c c tnht cui ca bng ln, thay v t trn xung .

d. Tranh lun v DES

Khi DES c xut nh mt chun mt m , c rt nhiu kin phphn . Mt l do phn i DES c lin quan n cc hp S . Mi tnh tonlin

8/6/2019 bao mat TT

25/84


quan n DES ngoi tr cc hp S u tuyn tnh , tc vic tnh php hoc loitr ca hai u ra cng ging nh php hoc loi tr ca hai u vo ri tnhton u ra . Cc hp S- cha ng thnh phn phi tuyn ca ca h mt l yut quan trng nht i vi mt ca h thng. Tuy nhin tiu chun xy dngcc hp S khng c bit y . Mt s ngi gi l cc hp S phi cha

cc ca sp c du kn, cho php C An ninh quc gia M (NSA) gii msc cc thng bo nhng vn gi c mc an ton ca DES. D nhin takhng th bc b c khng nh ny, tuy nhin khng c mt chng c noc a ras chng t rng trong thc t c cc ca sp nh vy.Nm 1976 NSA khng nh rng, tnh cht sau ca hp S l tiu chun thit

k:Mi hng trong mi hp S l mt hon v ca cc s nguyn 0, 1, 15.Khng mt hp S no l mt hm Affine hoc tuyn tnh cc u vo ca n.Vic thay i mt bit vo ca S phi to nn s thay i t nht l hai bit ra. i vi hp S bt k vi u vo x bt k S (s) v S(x 001100) phi khc

nhau ti thiu l hai bit (trong x l xu bit dai 6).Hai tnh cht khc nhau sau y ca cc hp S c th coi l c rt ra t tiu

chun thit k ca NSA.Vi hp S bt k, u vo x bt k vi e, f {0,1}:

S(x) S(x 11 ef00).Vi hp S bt k, nu c nh mt bit vo v xem xt gi tr ca mt bit u ra

c nh th cc mu vo bit ra ny bng 0 s xp x bng s mu ra bit bng 1. (Ch rng, nu c nh gi tr bit vo th nht hoc bit vo th 6 th c16 mu vo lm mt bit ra c th bng 0 v c 16 mu vo lm cho bit ny bng1. Vi cc bit vo t bt th hai n bit th 5 th iu ny khng cn dng na.Tuy nhin phn b kt qu vn gn vi phn b u. Chnh xc hn, vi mthp S bt k, nu ra c nh gi tr ca mt bit vo bt k th s my vo lm chomt bit ra c nh no c gi tr 0 hoc lun nm trong khong 13 n 19).

Ngi ta khng bits r l liu cn mt chun thit k bo y hn cdng trong vic xy dng hp S hay khng.

S phn i xc ng nht v DES chnh l kch thc ca khng gian kho :2

56l qu nh m bo an ton thc s. Nhiu thit b chuyn dng c

xut nhm phc v cho vic tn cng vi bn r bit. Php tn cng nych yu thc hin tm kho theo phng php vt cn. Tc ci bn r x64 bt v

bn m y tng ng, mi kho u c th c kim tra cho ti khi tm cmt kho K tho mns ek(x) = y. Cn ch l c th nhiu hn mt kho K nhvy.

Ngay t nm 1977, Diffie v Hellman gi rng c th xy dng mtchp VLSI (mch tch hp mt ln) c kh nng kim tra c 106kho/giy.Mt my c th tm ton b khng gian kho c 10 6trong khong 1 ngy. Hc tnh chi ph to mt my nh vy khong 2.107$.

8/6/2019 bao mat TT

26/84


Trong cuc hi tho ti hi ngh CRYPTO93, Michael Wiener a ramt thit k rt c th v my tm kho. My ny xy dng trn mt chp tmkho, c kh nng thc hin ng thi 16 php m v tc ti 5.107kho/giy.Vi cng ngh hin nay, chi ph ch to khong 10,5$/ chip. Gi ca mt khungmy cha 5760 chp vo khong 100.000$ v nh vy n c kh nng tm ra

mt kho ca DES trong khong 1,5v ngy. Mt thit b dng 10 khung mynh vy c gi chng 106$ s gim thi gian tm kim kho trung bnh xungcn 3,5 gi.e. ng dng ca DES

Mc d vic m t DES kh di song ngi ta c th thc hin DES rt huhiu bng c phn cng ln phn mm. Cc php ton duy nht cn c thchin l php hoc loi tr xu bit. Hm m rng E, cc hp S, cc hon v IP vP v vic tnh ton cc gi tr K1., K16u c th thc hin c cng lc

bng tra bng (trong phn mm) hoc bng cch ni cng chng thnh mt

mch.Cc ng dng phn cng hin thi c th t c tc m ho cc nhanh.Nm 1991 c 45s ng dng phn cng v chng trnh c s ca DES cu ban tiu chun quc gia M (NBS) chp thun.

Mt ng dng quan trngs ca DES l trong giao dch ngn hng M -(ABA) DES c dng m ho cc s nh danh c nhn (PIN) v vicchuyn khon bng my th qu t ng (ATM). DES cng c h thng chitr gia cc nh bng ca ngn hng hi oi (CHIPS) dng xc thc ccgiao dch. DES cn c s dng rng ri trong cc t chc chnh ph. Chnghn nh b nng lng, B t php v H thng d tr lin bang.

1.4. H m ha AES

Trong mt m hc, AES ( vit tt ca t ting Anh: Advanced EncryptionStandard, hay tiu chun m ha tin tin) l mt thut ton m ha khi cchnh ph Hoa K p dng lm tiu chun m ha. Ging nh tiu chun tinnhin DES, AES c k vng p dng trn phm vi th gii v c nghincu rt k lng. AES c chp thun lm tiu chun lin bang bi vin tiu

chun v cng ngh quc gia Hoa K (NIST ) sau mt qu trnh tiu chun hako di 5 nm.Thut ton c thit k bi hai nh mt m hc ngi B: Joan Daemen

v Vincent Rijmen (ly tn chung l Rijnadael khi tham gia cuc tthit kAES).

Thng tin chungTc gi Vincent Rijmen v Joan Daemen

Nm cng b 1998Pht trin t Square (m ha)

Cc thut ton da trn Crypton (m ha), Anubis (m

8/6/2019 bao mat TT

27/84


ha),GRAND CRUChi tit thut tonKhi d liu 128 bit di kha 128,192 hoc 256 bitCu trc Mng thay th- hon v

S chu trnh 10,12 hoc 14 (ty theo di kha)

Thut ton c da vo bng thit k Square c trc ca Daemen vRijmen; cn Square li c thit k da trn Shark.

Khc vi DES s dng mng Feistel, Rijndael s dng mng thay th- honv, AES c th d dng thc hin v t cao bng phn mm hoc phn cngv khng i hi nhiu bnh. Do AES l mt tiu chun m ha mi, n angc s dng rng ri trong nhiu ng dng.M t thut ton

Trong bc addRoundKey, mi byte c thit k vi mt byte trong khacon ca chu trnh s dng php ton XOR ().

Trong bc Subyte, mibyte c thay th bng mt byte theo bang tra, S; b ij=S(aij )

8/6/2019 bao mat TT

28/84


Trong bc ShiftRows,cc byte trong mi hng c dch vng tri. S v trdch chuyn ty thuc tng bng.

Trong bc MixColumns, mi ct c nhn vi h s c nh c(x)

Mc d 2 tnAES v Rijndael vn thng c thay th cho nhau nhngtrn thc t th 2 thut ton khng hon ton ging nhau. AES ch lm vic vikhi d liu 128 bt v kha c di 128, 192 hoc 256 bt trong khi Rijndaelc th lm vic vi khi d liu v khac di bt k l bi s ca 32 bt nmtrong khong t 128 ti 256 bt.

Cc kha con s dng trong cc chu trnh c to ra bi qu trnh tokha con Rijndael.

Hu ht cc php ton trong thut ton AES u c thc hin trong mt

trng hu hn.

AES lm vic vi tng khi d liu 44 byte (ting Anh: state, khi trongRijndael c th thm mt ct). Qu trnh m ha bao gm 4 bc:

1. AddRoundKey __mi byte ca khi c kt hp vi kha con, cckha con ny c to ra t qu trnh to kha con Rijndael.

2. SubBytes__y l php th (phi tuyn) trong mi byte s c thbng mt byte khc theo bng tra (Rijndael-box).

3. ShiftRows__i ch, cc hng trong khi c dch vng.

8/6/2019 bao mat TT

29/84


4. MixColumns__qu trnh trn lm vic theo cc ct trong khitheo mtphp bin i tuyn tnh.

Ti chu trnh cui th bc MixColumns c thay th bng bcAddRoundKey.

Bc AddRoundKeyTi bc ny, kha con c kt hp vi cc khi. Kha con trong mi chu

trnh c to ra t kha chnh vi qu trnh to kha con Rijndael; mi khacon c di ging nh cc khi. Qu trnh kt hp c thc hin bng cchXOR tng bt ca kha con vi khi d liu.

BcSubBytes

Cc bc c th thng qua bng tra S- box. y chnh l qu trnh phi

tuyn ca thut ton.Hp S-box ny c to ra t mt php nghch o trongtrng hu hn GF (28) c tnh cht phi tuyn. chng li cc tn cng datrn cc c tnh i s, hp S-box ny c to nn bng cch kt hp phpnghch o vi mt php bin i kh nghch.Hp S-box ny cng c chn trnh cc im c nh (fixed point).

BcShiftRows

Cc hng c dch vng mt s v tr nht nh. i vi AES, hng uc gi nguyn. Mi byte ca hng th 2 c dch tri mt v tr. Tng t

cc hng th 3 v 4 c dch 2 v 3 v tr. Do vy, mi ct khi u ra cabc ny s bao gm cc byte 4 ct khi u vo. i vi Rijndael vi di khi khc nhau th s v tr dch chuyn cng khc nhau.

BcMixColumns

Mi ct c kt hp li theo mt php bin i tuyn tnh kh nghch. Mikhi 4 byte u vo s cho mt khi 4 byte u ra vi tnh cht l mi byte u vo u nh hng ti c 4 byte u ra. Cng vi bc ShiftRows,MixColumns to ra tnh cht khuyn tn cho thut ton. Mi ct c xem

nh mt a thc trong trng hu hn v c nhn (modun x4+1) vi a thcc(x) = 3x

3+ x

2+ x + 2. V th, bc ny c th c xem l php nhn ma trn

trong trng hu hn.

Ti u ha

i vi cc h thng 32 bt hoc ln hn, ta c th tng tc thchinthut ton bng cch chuyn i cc bc Subbytes, ShiftRowsv MixColumnsthnh dng bng. Mi boc s tng ng vi 4 bng vi 256 mc, mi mc l 1t 32 bt v chim 4096 byte trong b nh. Khi , mi chu trnh s c bao

8/6/2019 bao mat TT

30/84


gm 16 ln tra bng v12 ln thc hin php XOR 32 bt cng vi 4 php XORtrong bcAddRoundKey.

Trong trng hp kch thc cc bng vn ln hn so vi thit b thc hinth cc bc tra bng s thc hin ln lt vi tng bng theo vng trn.

2. M ha khng i xng(M ha kha cng khai)2.1. nh ngha

Thut ton m ha cng khai l thut ton c thit k sao cho kha mhal khc so vi kha gii m. M kha gii m ha khng th tnh ton ct kha m ha .Kha m ha gi l kha cng khai (public key ), kha gii mc gi l kha ring(private key)

Hnh 6:M ha vi kha m v gii m khc nhau

c trng ni bt ca h m ha cng khai l c kha cng khai (public key) v bn tin m ha (ciphertext) u c thgi i trn mt knh thng tin khngan ton

2.2.Cc iu kin ca mt h m ha cng khai

Vic tnh ton ra cp kha cng khai KBv b mt kBda trn c s cciu kin ban u phi c thc hin mt cch d dng, ngha l thc hintrong thi gian a thc .

Ngi gi A c c kha cng khai ca ngi nhn B v c bn tin Pcn gi i c th d dng to ra c bn m C.

C =EKB(P) = EB (P)Cng vic ny cng trong thi gian a thc .

Ngi nhn B khi nhn c bn tin m ha C vi kha b mt kBth cth gii m bn tin trong thi gian a thc

Bn r Gii m Bn r

Kha m Kha gii

Bn m

8/6/2019 bao mat TT

31/84


P =DkB (C) = DB [EB(M)]Nu k ch bit kha cng khai KBc gng tnh ton kha b mt th khi

chng phi ng u vi trng hp nan gii, trng hp ny i hi nhiuyu cu khng kh thi v thi gian

Nu k ch bit c cp (KB,C) v c gng tnh ton ra bn r P th gii

quyt bi ton kh vi s php th v cng ln, do khng kh thi

2.3. Thut ton m ha RSA

a. Khi nim h m ha RSA

Khi nim h mt m RSA c ra i nm 1976 bi cc tc giR.RivetsK,A.Shamir , v L.Adleman. H m ha ny da trn c s ca hai biton

Bi ton Logarith ri rc Bi ton phn tch thnh tha s

Trong h m ha RSA cc bn r, cc bn m v cc kha (public key v private key) l thuc tp s nguyn ZN ={1,,N-1}. Trong tp ZN vi N=pxq l cc s nguyn t khc nhau cnh vi php cng, php nhn moun Nto ra moun s hc N

Kha m ha EKB l cp s nguyn (N, KB) v kha gii m DkBl cp snguyn (N, kB), cc s l rt ln, s N c th ln ti hng trm ch s

Cc phng php m ha v gii m ha l rt d dng.Cng vic m ha l s bin i bn r P (Plaintext) thnh bn m C

(ciphertext) da trn cp kha cng khai KBv bn r P theo cng thc sau yC = EKB(P) = p

KB(mod N) (1)

Cng vic giI ma l s bin i ngc li bn m C thnh bn r P datrn cp kha b mt kB, moun N theo cng thc sau :

P =DkB(C) =CkB (mod N) (2)

D thy rng, bn r ban u cn c bin i mt cch thch hp thnh

bn m, sau c th ti to li bn r ban u t chnh bn m :P =DkB (EKB(P)) (3)

Thay th (1) vo (2) ta c:( PKB)kB =P (mod N) (4)

Ta thy N =pxq vi p, q l s nguyn t. Trong ton hc chng minhc rng, nu N l s nguyn t th cng thc (4) s c li gii khi v ch khi:

KB.kB1 (mod(N)) (5)

Trong (N) =LCM(p-1, q-1 ).(Lest Common Multiple) l bi s chung nh nht .

8/6/2019 bao mat TT

32/84


Ni mt cch khc, u tin ngi nhn B la chn mt kha cng khai KBmt cchngu nhin. Khi kha b mt kBc tnh ra bng cng thc (5).iu ny hon ton tnh c v khi B bit c cp s nguyn t (p, q) th stnh c (N).

HnhHnh 7:S cc bc thc hin m ha theo thut ton RSA

V d:N=11413=101x113, (N) =100x112 =11200 =2

6x52x7. KB phi chn sao chokhng chia ht cho 2,5, 7. Chn, chng hn KB =3533 khi kB =KB

-1

=6579mod11200. V ta c kha cng khai l (N,KB)=(11413,3533) kha b mtl 6759. Php lp m v gii m l

EKB(P) =PKB (mod N) =P3533 (mod 11413)

DkB(C) =CkB (mod N) =C6579 (mod 11413)

Chng hn vi PC =9726, ta c C =5761

b. an ton ca h RSAMt nhn nh chung l tt c cc cuc tn cng gii m u mang mc

ch khng tt. Tnh bo mt ca RSA ch yu da vo vic gi b mt khagii m hay gi b mt cc tha s p, q ca N. Ta th xt mt vi phng thc

Chn kha kB

Bn m c

Bn r P

KB

kB

Tnh N=pxq

Chn p v q

C=PKB (mod N)Chn kha KB

Tnh (N)

Bn r gc

P= Bkc (mod N)

8/6/2019 bao mat TT

33/84


tn cng in hnh ca k ch nhm gii m trong thut ton ny (nhm xmphm ti cc yu t b mt ).Trng hp 1: chng ta xt ntrng hp khi k ch no bit c moun

N, kha cng khai KBv bn tin m ha C, khi k ch s tm ra bn tin gc

(Plaintext) nh th no. lm c iu k ch thng tn cngvo hthng mt m bng hai phng thc sau y:

Phng thc th nht:Trc tin da vo phn tch tha s m un N. Tip theo sau chng s tm

cch tnh ton ra hai s nguyn t p v q, v c kh nng thnh cng khi stnh c (N) + (p-1) (q-1) v kho b mt KB. Ta thy N cn phi l tch ca

hai s nguyn t, v nu N l tch ca hai s nguyn t th thut ton phn tchtha s n gin cn ti a N1/2bc, bi v c mt s nguyn t nh hn N1/2.Mt khc, nu N l tch ca n s nguyn t, th thut ton phn tch tha s ngin cn ti a N1/nbc.

Phng thc th hai:Phng thc tn cng th hai vo h m ha RSA l c th khi u bng

cch gii quyt trng hp thch hp ca bi ton logarit ri rc. Trng hpny k ch c trong tay bn m C v kha cng khai KB tc l c cp (KB,C).

Trng hp 2: Chng ta xt trng hp khi k ch no bit c moun Nv (N), khi k ch s tm ra bn tin gc (Plaintext) bng cch sau:Bit (N) th c th tnh p, q theo h phng trnh:

P * q = N, (p -1) (q-1) = (N)Do p v q l nghim ca phng trnh bc hai:

x2- (n - (N) +1 ) + n = 0.

V d: n = 84773093, v bit (N) = 84754668. Gii phng trnh bc hai tngng ta s c hai nghim p = 9539 v q = 8887.

c. Mt s tnh cht ca h RSATrong cc h mt m RSA, mt bn tin c th c m ha trong thi thi

gian tuyn tnh.i vi cc bn tin di, di ca cc s c dng cho cc kha c th

c coi nh l hng. Tng t nh vy, nng mt s ln ly tha c thchin trong thi gian hng. Thc ra tham s ny che du nhieeuf chi tit ci tc lin quan n vic tnh ton vi cc con s di, chi ph ca cc php ton thcs l mt yu t ngn cn s ph bin ng dng ca phng php ny. Phn

quan trng nht ca vic tnh ton c lin quan n vic m ho bn tin. Nhng

8/6/2019 bao mat TT

34/84


chc chn l s khng c h m ho no ht nu khng tnh ra c cc khaca chng l cc s ln.Cc kha cho h m ha RSA c th c to ra m khng phi tnh ton qunhiu.

Mt ln na, ta li ni n cc phng php kim tra s nguyn t. Mi s

nguyn t ln c th c pht sinh bng cch u tin to ra mt s ngu nhinln, sau kim tra cc s k tip cho ti khi tm c mt s nguyn t. Mtphng php n gin thc hin mt php tnh trn mt con s ngu nhin, vixc sut 1/2 s chng minh rng s c kim tra khng phi nguyn t. Bccui cng l tnh p da vo thut ton Euclid.

Nh phn trn trnh by trong h m ha cng khai th kha gii m(Privatekey) KBv cc tha s p, q l c gi b mt v s thnh cng ca

phng php l tu thuc vo k ch c kh nng tm ra c gi tr ca KB haykhng nu cho trc N v KB. Rt kh c th tm ra c KBt KB, cn bit v

p v q. Nh vy cn phn tch N ra thnh tha s tnh p v q. Nhng vicphn tch ra tha s l mt vic lm tn rt nhiu thi gian, vi k thut hin ingy nay th cnti hng triu nm phn tch mt s c 200 ch s ra thas.

an ton ca thut ton RSA da trn c s nhng kh khn ca vic xcnh cc tha s nguyn t ca mt s ln. Bng di y cho bit cc thi giand on, gi s rng mi phpton thc hin trong mt micro giy.

S cc ch s trongs c phn tch

Thi gian phn tch

50 4 gi75 104 gi

100 74 nm200 4.000.000 nm300 5 * 10

15nm

500 4 *1025nm

Bng: Thi gian d on thc hin php tnh.

d. ng dng ca RSA.H m ha RSA c ng dng rng ri ch yu cho web v cc chngtrnh email. Ngy nay, RSA cn c s dng rng ri trong cc cng ngh bomt s dng cho thng mi in t (v d nh cng ngh bo mt SSL v).

2.4. Hm bm.Chng ta c th thy rng cc s ch k ni chung ch cho php k cc

bc in nh. Thng thng khi s dng mt s ch k, ch k c sinh rac di ln hn so vi vn bn k, do vy kch thc vn bn sau khi k s

tng ln rt nhiu. V trn thc t ta cn k trn cc bc in rt di, chng hn,mt ti liu v php lut c th di nhiu Megabyte.

8/6/2019 bao mat TT

35/84

8/6/2019 bao mat TT

36/84


T i din vn bn khng th suy ra c d liu gc l g, chnhv iu ny m ngi ta gi l one -way.

Nh cp trong phn m ha kha kha cng khai, n c th s dng khab mt ca bn chovic m ha v kha kha cng khai cho vic gii m. Cchs dng cp kha nh vy khng c dng khi cn c s b mt thng tin, m

ch yu n dng k cho d liu. Thay vo vic i m ha d liu, cc phnmm k to ra message digest ca d liu v s dng kha b mt m ha idin . Hnh 1.8 a ra m hnh n gin ha vic ch k s c s dng nhth no kim tra tnh ton vn ca d liu c k.

Trong hnh 1.8 c hai phn c gi cho ngi nhn: D liu gc v ch ks. kim tra tnh ton vn ca d liu, ngi nhn trc tin s dng khakha cng khai ca ngi k gii m i din vn bn (Message digest) c m ha v kha b mt ca ngi k. Da vo thng tin v thut ton bmtrong ch k s, ngi nhn sto ra i din vn bn t d liu gc v mi.

Nu cc i din ny ging nhau tc l d liu khng b thay i t lc c k.Nu khng ging nhau c ngha l d liu b gi mo iu ny cng c thxy ra khi s dng hai kha kho kha cng khai v kha b mt khng tngng.

CompareK K

a, Using conventional encryption

CompareKprivate Kpublic

Message

Message

Message

E

H

D

H

Message

Message

Message

E

H

D

H

8/6/2019 bao mat TT

37/84


b, Using public-key encryption

Hnh 9:S dng ch k s kim tra tnh ton vn ca d liu.

Nu nh hai i din vn bn ging nhau, ngi nhn c th chc chn rngkha kha cng khai c s dng gii m ch k s l tng ng vi kha

b mt c s dng to ra ch k s. xc thc nh danh ca mt itng cng cn phi xc thc kha kha cng khai ca i tng .Trong mt vi trng hp, ch k s c nh gi l c th thay th ch k

bng tay. Ch k sch c th m bo khi kha b mt khng b l. Khi kha bmt b l th ngi s hu ch k khng th ngn chn c vic b gi mo ch

k.

iii. CH K S

ch k ca mt ngi trn mt ti liu (thng t cui bn tin ) xcnhn ngun gc hay trch nhim vi ti liu .

Vi ti liu s ho (in t),nu ch k cng t cui bn tin, th vicsao chp li ch k s l hon tond dng v khng th phn bit dc bngc vi bn saov ch k s l cc s 0,1.

Vy mt ch k s t cui ti liu loi s khng th chu trchnhim i vi ton b ni dung vn bn . Ch k s th hin trch nhim ivi ton b ti liu phi l ch k trn tng bit ca ti liu .

Trong chng ny, em trnh by cc vn c bn nht v ch k s, cckhi nim, cc tnh cht, cc s k hin ang c s dng.

Chng ta khng th k trn bt k ti liu no vi di tu , v nh vych k s c di rt ln, t nht cng di bng di ca ti liu c k. Viti liu di, ngi ta k trn i din ca n. i din ca bn tin c thit lpqua Hm bm.

1. Ch k s

Vi ch k thng thng, n l mt phn vt l ca ti liu.Tuy nhin, mtch k s khng gn theo kiu vt l vo bc in nn thut ton c dng phikhng nhn thy theo cch no trn bc in.

Th hai l vn v kim tra .Ch k thng thng c kim tra bngcch so snh n vi cc ch k xc thc khc. V d, ai k mt tm sc mua hng,ni bn phi so snh ch k trn mnh giy vi ch k nm mt sucath tn dng kim tra .D nhin, y khng phi l phng php an tonvn d dng gi mo. Mt khc,cc ch k s c th c kim tra nh dng mt

8/6/2019 bao mat TT

38/84

8/6/2019 bao mat TT

39/84


Ch k km thng ip: i hi thng ip ban u l u vo gii thutkim tra .

Ch k khi phc thng ip: thng ip ban u c sinh ra t bn thnch k.

8/6/2019 bao mat TT

40/84

8/6/2019 bao mat TT

41/84


b. Gii thut sinh v xc nhn ch k:

Thc th Ato mt ch k s vo n x M v c xc nhn bi thc th B.

Qu trnh sinh ch k

Chn mt ch k k thuc R Tnh hm bm m=h(m) v s*=SA,k(m) Ch k ca A cho m l s*.Cp m v s* dng xc nhn

Qu trnh xc nhn ch k

Nhn kho cng khai nh danh choA v vA Tnh hm bm m=h(m)v u=vA(m,s*) Chp nhn ch k ca A cho m l s* nu u=TRUE.

2.2.S ch k khi phc thng ipc trng cho s ny l thng ip c th c khi phc t chnh bn

thn ch k .Trong thc t s kiu ny thng c k cho cc thng ipngn .

SA,kM h

a) Tin trnh k thng ip

Mh x S VATRU

FALSE

b) Tin trnh xc nhn ch k

8/6/2019 bao mat TT

42/84


nh ngha

Mt s k c gi l c khi phc thng ipkhi v ch khi n l s m vi n mc hiu bit v thng dip l khng i hi trong qu trnh xcnhn ch k.V d v cc s ch k c khi phc thng ip trong thc t l

:RSA,Rabin ,NyberRueppel vi kho chung .a. Thut ton sinh khoMi mt thc th A phi chn mt tp hp SA={SA,k:k thuc R} mi SA,kxc

nh mt nh x 1-1 t khng gian Mhvao khng gian kho S goi l dangchuyn i ch k.

SA xc nh mt nh x tng ng(corresponding mapping) VA sao choVA* SA,knh x xc nh MS cho tt c k thuc R.

VAl kho cng khai ca A, SAl kho ring ca A.b. Thut ton sinh ch k v xc nhn ch k

Tin trnh sinh ch k: Thc th phI lm theo cc bc sau: Chn mt s k R Tnh m' = R(m) v s * = S A,k(m'). (R l hm redundancy) Ch k ca A l s *

Tin trnh xc nhn ch k: Thc th B phI lm nh sau: Nhn kho cng khai ca A l VA Tnh m' = VA(s*) Xc nhn m' MR(Nu m' MRth t chi ch k) Khi phc m t m' bng cch tnh R-1(m')

SA,kR

Hnh 12: S ch k khi phc thng ip3. Mt s s ch k c bn

Sau y chng ta s nghin cu cc s ch k c bn nht v c ngdng rng ri cng nh ng tin cy nht hin nay .3.1. S ch k RSA

Chng ta s nghin cu n s ch k RSA v cc s tng t .c im ca cc s ch k ny l mc tnh ton ph thuc hon ton vo ln ca gii thut gii quyt cc bi ton nhn s nguyn bi ton lu tha .

S ch k bao gm c hai loi km thng ip v khi phc thng ip . S

S

s*=SA,k(m')

M

'

M

'

MR

'

8/6/2019 bao mat TT

43/84


ch k RSA c pht minh bi 3 nh nghin cu Rivest, Shamir vAdleman, y l s c ng dng thc t rng ri nht da trn cng ngh sdng kho chung. Cc phng php tn cng RSA u tin (multicative

property) v cc vn khc lin quan ti ch k RSA c a ra bi Davia,Jonge v Chaum.

a. Thut ton sinh kho:Thc th A to kho cng khai RSA v kho ring tng ng theo phng thcsau:

Sinh ra hai s nguyn t ln ngu nhin p v q cng kch thc bit Tnh n = p.q v = (p-1)(q-1) Chn mt s t nhin ngu nhin a tho mn iu kin sau: 1< a

8/6/2019 bao mat TT

44/84


Thc th A chn s nguyn t p =7927 v q =6997. Tnh n =pq =5546521 v=7926.6996 =55450296.

A chn a =5 v gii ab =5.b1 (mod 55450296) c b = 44360237.Sinh ch k: k thng ip m =31229978, A tnh m1 =H(m) =31229978.

Ch k s = m1b

=mod n =312299784430237

mod 55465219 =30729435Xc nhn ch k:B tnh m2

= s

amod n = 30729435

5mod 55465219 =31229978

B chp nhn ch k v m2= m1

.

3.2. S ch k DSA (Digital Signature Standard)

Trong phn ny ni dung chnh l nghin cu cc s ch k in t

DSA v lp cc ch k tng t, c im ca nhng gii thut ny l u sdng ch k theo kiu chn la ngu nhin. Tt c cc s DSA km thng

ip u c th ci bin thnh cc s k khi phc thng ip .c bit, s i

su vo chun ch k in t DSS(Digital Signature Standard) do kh nng ci

t thc t ca n

a. Gii thiuS ch k DSS da trn giI thut k in t DSA (Digital Signature

Algorithm). Ch k dng DSS l mt dng ch k km thng ip, iu c

ngha l ch k phi c gi km vi thng ip m bn thn ch k khng

cha (hoc khng sinh ra) thng ip, thng thng nhng ch k dng ny

u i hi c mt hm bm trn thng ip (do ni dung thng ip c di

khng xc nh). Hm bm ny c s dng trong qu trnh sinh ch k xy

dng mt dng nn ca d liu (condensed version of data). D liu ny gi l

i din vn bn (message digest). Phn i din vn bn ny l u vo ca gi i

thut sinh ch k. Ngi xc nhn ch k cng s dng hm bm ny xy

dng phng php xc nhn ch k. i vi s ch k DSS hm bm l

security Hash Algorithm (SHA) c miu t trong FIPS 186, hm bm ny to

ra mt gi tr s nguyn 160 bt ctrng cho mt thng ip, iu ny lm hn

ch mt trong cc gi tr tham s ca DSS phI l 160 bit. Ngoi ra, chun ny

yu cu vic sinh ch k phi s dng mt kha ring cho mi ngi k, ngc

8/6/2019 bao mat TT

45/84


li xc nhn ch k, ngi xc nhn phi c mt kha cng khai tng ng

vi kha ring ca ngi gi

Hnh 13:Ch k DSAb. Cc gii thut c bn ca DSA

Thut ton sinh khaMi thc th to mt kha cng khai v mt kha mt tng ng theo cch sau:1. Chn mt s nguyn t q sao cho 2159 < q < 2160

2. Chn mt s nguyn t p sao cho 2511+64t < p < 2512+64t t [0,8]3. Chn s nh sau:

Chn g l mt s nguyn bt k nh hn p, =g(p-1)/q mod p khc 1

4. Chn s nguyn a sao cho: 1 1 qa 5. Tnh a mod p

6. Kha ring ca thc th l a, kha cng khai l b (p,q, )Thut ton sinh ch k

Khi cn sinh ch k cho mt thng ip x thc th phI lm nhng vicnh sau:

1. Chn mt s nguyn mt k, 0 < k

8/6/2019 bao mat TT

46/84


Khi cn xc nhn ch k cho mt thng ip m thc th phi lm nhngvic nh sau:

1. Dnh ly kho cng khai ca thc th k (p, q, a, )2.Nu iu kin: 0 < d,? < q khng tho mn th t chi ch k3. Tnh w = d-1 mod q v h(x)4. Tnh e1 = w.h(x) mod q v e2 =?w mod q5. Tnh v = (ae1.e2 mod p) mod q6.Nu v = ? th chp nhn ch k ngoi ra th t chi.

c. Tm tt lc ch k s DSS

V d:Ga s q = 101, p = 78q + 1 = 78793 l phn t nguyn thu trong Z7879nn ta c th ly: a = 3

78mod 7879 = 170

Ga s a = 75, khi = aa mod 7879 = 4576Mun k bc in x = 1234, ta chn s ngu nhin k = 50V th c k-1mod 101 = 99, khi c:? = (17030 mod 7879) mod 101

= 2518 mod 101= 94

V d = (1234 + 75*94)*99 mod 101 = 96Ch k (94, 97) trn bc in 1234 c xc minh bng cc tnh ton sau:d-1 = 97-1 mod 101 = 25

e1 = 1234*25 mod 101 = 45e2 = 94*25 mod 101 = 27

C (17045

.4567

27

mod 7879) mod 101 = 2518 mod 101 = 94

Gi s p l s nguyn t 512 bt sao cho bi ton logarit ri rc trong Zpl khgii.Cho p l s nguyn t160 bt l c ca (p-1).Ga thit a? Zpl cn bc q ca mt modulo pCho p thuc Zp v a = Zq Zpv nh ngha:

A = {(p, q , a, a, ): trng a a (mod p)}Cc s p, q , a, cng khai, c a mt.Vi K = (p, q , a, a, ) v vi mt s ngu nhin (mt) k, 1 = k = q -1, ta nhngha:Qa trnh k s sigk(x, k) = (?,d) trong :

? = (akmod p) mod q v

d = (x + a ?)k-1

mod q vi x? Zpv?, d ? ZqQa trnh xc minh s hon thnh sau cc tnh ton:

e1 = xd-1

mod q

e2 =?d-1

mod qver(x, g, d) = true (ae1e2 mod p) mod q =?

8/6/2019 bao mat TT

47/84


V th ch k hp l.

d. Tnh cht ca ch k DSA

an ton

an ton ca ch k ph thuc vo b mt ca kho ring. Ngis dng phi c bo v trc v kho ring ca mnh. Nu kho ring m

bo an ton tuyt i th ch k cng c mc an ton hu nh tuyt i. Mtkhc, vi kho ring l cng khai, ch k DSA l an ton khi t kho cng khaikhng th tm c kho ring. Tht vy, ta c:

Cho p l mt s nguyn t rt ln, phng trnh ton hc sau l khngth gii c: y = axmod p (1) vi y, a = g(p-1)/qv khc 1. xem xt iu nytrc ht ta nhn xt phng trnh (1) c nghim x duy nht thuc khong [1,q]. Tht vy, gi s c hai nghim x1 v x2, t (1) ta c:y = a

x1 mod p v y = ax2 mod pKhng mt tnh tng qut ta gi s x1 < x2t y ta suy ra:

ax1chia ht cho p (khng tho mn do p nguyn t) Tn ti k nh hn p sao cho ak 1 (mod p). Vi gi tr a c dnga = g

(p-1)/qth iu ny khng th xy ra khi g < p.

Trong nhiu trng hp, thng ip c th m v gii m ch mt ln nnn ph hp cho vic dng vi h mt bt k (an ton ti thi im c

m). Song trn thc t, nhiu khi mt bc in c lm mt ti liu ichng, chng hn nh bn hp ng hay mt chc th v v th cn xcminh ch k sau nhiu nm k t khi bc in c k. Bi vy, iu quantrng l c phng n d phng lin quan n s an ton ca s ch kkhi i mt vi h thng m. V s Elgamal khng an ton hn bi tonlogarithm ri rc nn cn dng modulo p ln hn chng hn 512 bit tr ln. Tuy nhin di ch k theo s Elgamal l gp i s bit ca p m vinhiu ng dng dng th thng minh th cn ch k ngn hn nn gii phpsa i l: mt mt dng p vi di biu din t 512 n 1024 bit, mt

khc trong ch k (?,d), cc s?,d c di biu bin ngn, chng hn l160 bit Khi di ch k l 320 bit. iu ny thc hin bng cchdng nhm con Cyclic Zq* ca Zp* thay cho chnh bn thn Zp*, do mitnh ton vn c thc hin trong Zp* nhng d liu v thnh phn chkli thuc Zq*.

Tnh hp l:Tnh hp l ca ch k DSA da trn hai nh l sau:

nh l 1: Cho p, q l hai s nguyn t tho mn iu kin q \ (p - 1).h l mt s nguyn dng bt k tho mn h < p. Nu:g h

(p - 1) / qmod p th gq 1 mod p

8/6/2019 bao mat TT

48/84


Tht vy gq (h(p - 1)/q)q hp1mod p (theo nh l Fecma nht).nh l 2: Vi g, p, q xc nh nh trn ta lun c:

nu m n mod p th gm gn mod p.Tht vy khng mt tnh tng qut ta t m = n + kqTh gm gn + kq (gn mod p).(gkq mod p) gn mod p

iu phi chng minh.

Nhc im:

Mt kin cho rng, vic x l la chn ca NIST l khng cng khai.Tiu chun c cc an ninh quc gia pht trin m khng c s tham giaca khi cng nghip M. Cn nhng ch trch v mt k thut th ch yu l vkch thc modulo p c nh = 512 bt. Nhiu ngi mun kch thc ny cth thay i c nu cn, c th dng kch c ln hn. p ng nhng iu

kin ny, NIST chn tiu chun cho php c nhiu kch c modulo bt kchia htcho 64 trong phm vi t 512 n 1024 bt.

Mt phn nn na v DSA l ch k c to ra nhanh hn vic xc minhn. Trong khi , nu dng RSA lm s ch k vi s m xc minh cng khainh hn (chng hn = 3) th c th xc minh nhanh hn nhiu so vi vic lpch k. iu ny dn n hai vn lin quan n nhng nh dng ca s ch k:

Bc in ch c k mt ln, xong nhiu khi li phi xc minh ch knhiu ln trong nhiu nm. iu ny to gi nhu cu c thut ton xcminh nhanh hn.

Nhng kiu my tnh no c th dng k v xc minh? Nhiu ngdng, chng hn cc th thng minh c kh nng x l hn ch lin lc vimy tnh nhanh hn. V th c nhu cu nhng thit k mt s c ththc hin trn th mt s tnh ton. Tuy nhin c mt s tnh hung cnh thng minh to ch k, trong nhng tnh hung khc li cn th thngminh xc minh ch k. V th c th a ra gii php xc nh y.

S p ng ca NIST i vi yu cu v s ln to xc minh ch k thcra khng c yu cug ngoi yu cu v tc , min l c hai th thc hinnhanh.

4. Cc s ch k s kh thi

Trong cc s ch k in t ngi ta thng s dng hai s ch kl DSA v RSA bi v mt s nguyn nhn sau:

C hai s u c chnh ph M thng qua trong Chun ch k s(DSS) . C hai gii thut DSA v RSA u c cng b trong H s

8/6/2019 bao mat TT

49/84

8/6/2019 bao mat TT

50/84


Keyonly attacks (tn cng vi kho): K tn cng ch bit kho chungca ngi k.

Message attacks (tn cng vo thng ip): ay ktn cng c kh nngkim tra cc ch k khc hau c ph hp vi thng ip c trc hay

khng. y l kiu tn cng rt thng dng, trong thc t n thng cchia lm ba lp:

o Knownmessage attack (tn cng vi thng ip bit): K tncng c chk cho mt lp cc thng ip.

o Chosen message attack (tn cng la chn thng ip): K tncng dnh c cc ch k ng cho mt danh sch cc sthng iptrc khi tin hnh hoath ng ph hu ch k, cch tn cng ny lnonadaptive (khng mang tnh ph hp) bi v thng ip c

chn trc khi bt k mth ch k no c gi i.

o Adaptive chosen message attack (tn cng la chn thng ipch ng): K tn cng c php s dng ngi k nh l mt bnng tin cy, k tn cng c th yu cu ch k cho cc thng ipm cc thng ip ny ph thuc vo kho cng khai ca ngi k,nh vy k tn cng c th yu cu ch k ca cc thng ip phthuc vo ch k v thng ip dnh c trrc y v qua tnhc ch k.

8/6/2019 bao mat TT

51/84


CHNG IIIbo mt v an ton thng tin trong tmt

i. vn an ton thng tin

Ngy nay, vi s pht trin mnh m ca cng ngh thng tin vic ng dngcng ngh mng my tnh tr nn v cng ph cp v cn thit. Cng nghmng my tnh mang li li ch to ln.S xut hin mng Internet cho phpmi ngi c th truy cp, chia s v khai thc thng tin mt cch d dng vhiu qu. S pht trin mnh m ca Internet xt v mt bn cht chnh l vicp ng li s gia tng khng ngng ca nhu cu giao dch trc tuyn trn h

thng mng ton cu. Cc giao dch trc tuyn trn Internet pht trin t nhnghnh thc s khai nh trao i thng tin ( email, message, v.v), qung b (web-publishing) n nhng giao dch phc tp th hin qua cc h thngchnh

ph in t, thng mi in t ngy cng pht trin mnh m trn khp thgii.Tuy nhin li ny sinh cc vn an ton thng tin, Internet c nhng k thutcho php mi ngi truy nhp, khai thc, chia s thng tin. Nhng n cng lnguy c chnh dn n vic thng tin ca bn b h hng hoc ph hu honton. S d c l do l v vic truyn thng tin qua mng Internet hin nay

ch yu s dng giao thc TCP /IP. TCP/IP cho php cc thng tin c gi tmt my tnh ny ti mt my tnh khc m i qua mt lot cc my tnh trunggian hoc mng ring bit trc khi n c th i ti c ch. Chnh v imny, giao thc TCP /IP to c hi cho "bn th ba" c th thc hin cc hnhng gy mt mt an ton thng tin trong giao dch.

Theo s liu ca CERT (Computer Emegency Response Team - "i cpcu my tnh"), s lng cc v tn cng trn internet c thng bo cho tchc ny l t hn 200 vo nm 1989, khong 400 vo nm 1991, 1400 vo nm1993, v 2241 vo nm 1994. Nhng v tn cng ny nhm vo tt c cc mytnh c mt trn Internet, cc my tnh ca tt c cc cng ty ln nh AT &T,IBM, cc trng i hc, cc c quan nh nc, cc t chc qun s nh bngMt s v tn cng c quy m khng l (c ti 100.000 my tnh b tncng).Hn na, nhng con s ny ch l phn ni ca tng bng. Mt phn rt ln ccv tn cng khng c thng bo, v nhiu l do, trong c th k n ni lo

b mt uy tn, hoc n gin nhng ngi qun tr h thng khng h hay bitnhng cuc tn cng nhm vo h thng ca h.

Khng ch s lng cc cuc tn cng tng ln nhanh chng, m cc

phng php tn cng cng lin tc c hon thin. iu mt phn do cc

8/6/2019 bao mat TT

52/84


nhn vin qun tr h thng c kt ni vi Internet ngy cng cao cnhgic. Cng theo CERT, nhng cuc tn cng thi k 1988-1989 ch yu ontn ngi s dng mt khu (UserID-password) hoc s dng mt s li cacc chng trnh v h iu hnh (security hole) lm v hiu ha h thng bov, tuy nhin cc cuc tn cng vo thi gian gn y bao gm c cc thao tc

nh gi mo a ch IP, theo di thng tin truyn qua mng, chim cc phin lmvic t xa (telnet hoc rlogin). Mt s vn an ton i vi nhiu mng hinnay:

Nghe trm (Eavesdropping): Thng tin khng h b thay i, nhng s bmt ca n th khng cn. V d, mt ai c th bit c s th tn dng, haycc thng tin cn bo mt ca bn.

Gi mo (Tampering): Cc thng tin trong khi truyn trn mng b thayi hay b thay i trc khi n ngi nhn. V d, mt ai c th sa i nidung ca mt n t hng hoc thay i l lch ca mt c nhn trc khi ccthng tin i n ch.

Mo danh (Impersonation): Mt c nhn c th da vo thng tin cangi khc trao i vi mt i tng. C hai hnh thc mo danh sau:

o Bt trc (Spoofing): Mt c nhn c th gi v nh mt ngikhc. V d, dng a ch mail ca mt ngi khc hoc gi mo mt tn minca mt trang Wed.

o Xuyn tc (Misrepresentation): Mt c nhn hay mt t chc c thgi v nh mt i tng, hay a ra nhng thng tin v mnh m khng ngnh vy. V d, c mt trang chuyn v thit b ni tht m c s dng th tndng, nhng thc t l mt trang chuyn nh cp th tn dng.

Chi ci ngun gc: Mt c nhn c th chi l khng gi ti liu khixy ra tranh chp. V d, khi gi email thng thng, ngi nhn s khng thkhng nh ngi gi l chnh xc.

va m bo tnh bo mt ca thng tin li khng lm gim s pht trin cavic trao i thng tin qung btrn ton cu th chng ta cn c cc gii php

ph hp. Hin ti c rt nhiu gii php cho vn an ton thng tin trn mngnh m ho thng tin, ch k in t (chng ch kho kho cng khai) Sauy chng ta ln lt tm hiu cc khi nim cn bn v m ho thng tin v isu vo vic s dng ch k s cho vic xc thc trn mng.

Cc b mt bo m an ton cho giao dch in t

8/6/2019 bao mat TT

53/84


Th no l mt h thng an ton thng tin? An ton trc cc cuc tn cng lmt vn m cc h thng giao dch trc tuyn cn gii quyt. Thng tintruyn trn mng gp rt nhiu ri ro v nguy c b mt thng tin l thngxuyn. Chng hn vic thanh ton bng th tn dng thng qua dch v wed sgp mt s ri ro sau:

o Thng tin t trnh duyt wed ca khch hng dng thun vn bn nnc th b lt vo tay k tn cng.

o Trnh duyt wed ca khch hng khng th xc nh c my ch mmnh trao i thng tin c phi l tht hay mt wed gi mo.

o Khng ai c th n bo d liu truyn i c b thay i hay khng.

V vy cc h thng cn phi c mt c ch m bo an ton trong qu trnhgiao dch in t. Mt h thng thng tin trao i d liu an ton phi p ngmt s yu cu sau:

o H thng phi m bo d liu trong qu trmh truyn i l khng bnh cp.

o H thng phi c kh nng xc thc, trnh trng hp gi danh, gimo.

Do vy, cn tp trung vo vic bo v cc ti sn khi chng c chuyn tipgia my khch v my ch t xa. Vic cung cp knh thng mi an ton ngngha vi vic m bo tnh ton vn ca thng bo v tnh sn sng ca knh.Thm vo , mt k hoch an ton y cn bao gm c tnh xc thc.

Cc k thut m bo cho an ton giao dch in t chnh l s dng cc hmt m, cc chng ch s v s dng ch k s trong qu trmh thc hin ccgiao dch.

II. chng ch s v c ch m ho

1. Gii thiu v chng ch s

Vic s dng m ha hay k s ch gii quyt uc vn bo mt thng ipv xc thc. Tuy nhin khng c th m bo rng i tc khng th b gimo, trong nhiu trng hp cn thit phi chng minh bng phng tinin t danh tnh ca ai .Chng ch sl mt tp tin in t c s dng nhn din mt c nhn, mt

my dch v, mt t chc, n gn nh danh ca i tng vi mtkhacng khai, ging nh bng li xe, h chiu, chng minh th.

8/6/2019 bao mat TT

54/84


C mt ni c th chng nhn cc thng tin ca bn l ng, c gi l cquan xc thc chng ch (Certificate Authority-CA). l mt n v c thmquyn xc nhn nh danh v cp cc chng ch s.CA c th l mt i tc th

ba ng c lp hoc c cc t chc t vn hnh mt h thng t cp cc chngch cho ni b ca h.Cc phng php xc nh nh danh ph thuc vo

cc chnh sch m CA t ra.Chnh sch lp ra phi m bovic cp chng chs phi ng n, ai c cp v mc ch dng vo vic g.Thng thng,trc khi cp mt chng ch s, CA s cng b cc th tc cn thit phi thchin cho cc loi chng ch s.Trong chng ch s cha mt kha cng khai c gn vi mt tn duy nht camt i tng (nh tn ca mt nhn vin hoc my dch v).Cc chng ch sgip ngn chn vic s dng kha cng khai cho vic gi mo.Ch c kha cngkhai c chng thc bi chng ch s s lm vic vi kha b mt tng ng,nc s hu bi i tng c nh danh nm trong chng ch s.

Ngoi kha cng khai, chng ch s cn cha thng tin v i tng nh tn mn nhn din.hn dng, tn ca CA cp chng ch s, m siu quan trngnht l chng ch s phi c ch k sca CA cp chng ch s .N cho

php chng ch s nh c ng du ngi s dng c th kim tra.

2. Xc thc nh danh

Vic giao tip trn mng in hnh l gia mt my khch (Client nh trnhduyt trn my c nhn) v mt my dch v (Server nh my chWebsite).Vic chng thc c th c thc hin c hai pha.My dch v cth tin tng vo my khch v ngc li.Vic xc thc y khng ch c ngha mt chiu i vi ngi gi, tc lngi gi mun ngi nhn tin tng vo mnh.Khi mt ngi gi thngip c km theo ch k s ca mnh (cng vi chng ch s), th khng thchi ci: khng phi l thng ip ca anh ta.C hai hnh thc xc thc my khch: Xc thc da trn tn truy nhp v mt khu (Username v Password).Tt ccc my dch v cho php ngi dng nhp mt khu, c th truy nhp voh thng.My dch v s qun l danh sch cc Username v Password ny. Xc thc da trn chng ch s. l mt phn ca giao thc bo mtSSL.My khch k s vo d liu, sau gi c ch k s v c chng ch squa mng.My dch v s dng k thut m ha kha cng khai kim tra chk v xc nh tnh hp l ca chng ch s.

Xc thc da trn mt khu.Khi xc thc ngi dng theo phng php nyK, ngi dng quyt nh tintng vo my dch v (c th khng c bo mt theo giao thc SSLc).My dchv phi xc thc ngi s dng trc khi cho php h truy nhp ti nguyn ca

h thng.

8/6/2019 bao mat TT

55/84


Hnh 14: S dng mt khu xc thc my khch kt ni ti my dch v.Cc bc trong hnh trn nh sau:Bc 1: p li yu cu xc thc t my dch v, my khch s hin hpthoi yu cu nhp mt khu.Ngi phi dng nhp mt khu cho mi my dchv khc nhau trong cng mt phin lm vic.Bc 2: My khch gi mt khu qua mng, khng cn mt hnh thc m hano.Bc 3: My dch v tm kim mt khu trong c s d liu.Bc 4: My dch v xc nh xem mt khu c quyn truy cp vo nhngti nguyn no ca h thng.

Khi s dng loi xc thc ny, ngi dng phi nhp mt khu cho mimy dch v khc nhau, n lu li du vt ca cc mt khu ny cho mi ngidng.

Xc thc da trn chng ch s.Chng ch s c th thay th 3 bc u chng thc bng mt khu vi c chcho php ngi dung ch phi nhp mt khu mt ln v khng phi truyn qua

mng, ngi qun tr c th iu khin quyn truy nhp mt cch tp trung.

My khch

1.Ng i dng nhp tn v mtkhu cho xc th c.

3.My dch v dng mt khu xc nhn nh danh ng i dng

1.Ng i dng nhp tn vmt khu cho xc thc.

My khch

4.My dch v dng mt khu xc nhn nh danh ng idng

5..My dch vxc nhn quyntruy nhp vo

nhng ti nguynno chong idng.

My dch v

3.My khch gi chng ch vch k qua mng.

My dch v

2.My khch gi tn v mtkhu qua mng.

4.My dch v xc nhnquyn truy nhp vonhng ti nguyn nocho ng i dng.

8/6/2019 bao mat TT

56/84


Hnh 15: Chng ch s chng thc cho may khch kt ni timy dch v.

Giao dch hnh trn c dng giao thc bo mt SSL.My khch phi c chngch s cho my dch v nhn din.S dng chng ch s chng thc c li

th hn khi dng mt khu.Bi v n da trn nhng g m ngi s dng c:Kha b mtv mt khu bo v kha b mt.iu cn ch l ch c ch my khch mi c php truy nhp vo mykhch, phi nhp mt khu vo c s d liu ca chng trnh c s dngkha b mt (mt khu ny c th phi nhp li trong khong thi gian nh kcho trc).C hai c ch xc thc trn u pha truy nhp mc vt l ti cc my cnhn.M ha kha cng khai ch c th kim tra vic s dng kha b mt tngng vi kha cng khjai trong chng ch s.N khng m nhn trch nhim

bo v mc vt l v mt khu s dng kha b mt.Trch nhim ny thuc vngi dng.

Cc bc trong hnh trn nh sau:

Bc 1: Phn mm my khch(v d nh Communicator) qun l c s d liuv cc cp kha b mt v kha cng khai.My khch s yu cu nhp mt khu truy nhp vo c s d liu ny ch mt ln hoc theo nh k.Khi my khch truy nhp vo my dch v c s dng SSL, xc thc mykhch da trn chng ch s, ngi dng ch phi nhp mt khu mt ln, hkhng phi nhp li khi cn truy cp ln th hai.Bc 2: My khch dng kha b mt tng ng vi kha cng khai ghi trongchng ch, v k ln d liu c to ra ngu nhin cho mc ch chng thc tc pha my khch v my dch v.D liu ny v ch k s thit lp mt bngchng xc nh tnh hp l ca kha b mt.Ch k s c th oc kim tra

bng kha cng khai tng ng vi kha b mt dng k, n l duy nhttrong mi phin lm vic ca giao thc SSL.Bc 3: My khch gi c chng ch v bng chng (mt phn d liu c tongu nhin v c k) qua mng.

Bc 4: My dch v s dng chng ch s v bng chng xc thc ngidng.Bc 5: My dch v c th thc hin ty chn cc nhim v xc thc khc, nhviec xem chng ch ca my khch c trong c s d liu lu tr v qun lcc chng ch s.My dch v tip tc xc nh xem ngi s dng c quyn gi vi ti nguyn ca h thng.

3. Chng ch kha cng khai

Gii thiu chng ch kha cng khai

8/6/2019 bao mat TT

57/84


Khi mt ngi mun dng k thut m ha kha cng khai m ha mt thng

ip v gi cho ngi nhn, ngi gi cn mt bn sao kha cng khai ca

ngi nhn.Khi mt thnh vin bt k mun kim tra ch k s, anh ta cn c

mt bn sao kha cng khai ca thnh vin k.Chng ta gi c hai thnh vin

m ha thng ip v thnh vin kim tra ch k s l nhng ngi s dng

kha cng khai.

Khi kha cng khai c gi n cho ng s dng, th khng cn thit

phi gi b mt kha cng khai ny.Tuy nhin, ngi dng kha cng khai phi

m bo rng kha cng khai c dng,ng l dnh cho thnh vin khc (c

th l ngi nhn thng ip c ch nh hoc b sinh ch k s c yu

cu).Nu k ph hoi dng kha cng khai khc thay th kha cng khai hp l,

ni dung cc thng ip m ha c th b l.Nh vy nhng thnh vin khng

ch nh khc s bit oc cc thng ip hay cc ch k s c th b lm

gi.Ni cch khc, cch bo v (c to ra t cc k thut ny) s b nh hng

nu k truy nhp thay th cc kha cng khai khng xc thc.

i vi cc nhm thnh vin nh yu cu ny c th c tha mn d dng.V

d trng hai ngi quen bit nhau, khi ngi ny mun truyn thng an ton

vi ngi kia, h c th c bn sao kha cng khai ca nhau bng cch trao

i cc a nh c ghi cc kha cng khai ca tng ngi.Nh vy m bo

rng cc kha cng khai c lu gi an ton trn mi h thng cc b ca tng

ngi.y chnh l hnh thcphn phi kha cng khai th cng.

Tuy nhin hnh thc phn phi kha cng khai kiu ny b coi l khng thc t

hoc khng tha ng trong phn ln cc lnh vc ng dng kha cng khai, cbit khi s lng s dng tr nn qu ln hoc phn tn.Cc chng ch kha

cng khai gip cho vic phn phi kha cng khai tr nn c h thng.

H thng cp chng ch kha cng khai lm vic nh sau:

Mt CA pht hnh cc chng ch cho nhng ngi nm gi cc cp kha cng

khai v kha ring.Mt chng ch gm kha cng khai v thng tin nhn

dng duy nht ch th (Subject) ca chng ch.Ch th ca chng ch c th l

8/6/2019 bao mat TT

58/84


mt ngi, thit b, hoc mt thc th khc c nm gi kha ring tng

ng.Khi ch th ca chng ch l mt ngi hoc mt thc th hp php no ,

ch th thng c nhc n nh l mt thc th (Subscriber) ca CA.Chng

ch c CA k bng kha ring ca h.

Hnh 16: Chng ch kha cng khai da trn CA

Mt khi h thng cc chng ch c thit lp, cng vic ca ngi dng cngkhai rt ngin.Ngi dng cn kha cng khai ca mt trong cc thu bao caCA, h ch cn ly bn sao chng ch ca CA, ly ra kha cng khai, kim trach k ca CA c trn chng ch hay khng.Ngi dng kha cng khai s dng

cc chng ch nh trn c coi l thnh vin tin cy.Kiu h thng ny tngi n gin v kinh t khi thit lp trn din rng v theo hnh thc t ng biv mt trong cc c tnh quan trng ca chng ch l:Cc chng ch c th c pht hnh m khng cn phi bo v thng qua ccdch v an ton truyn thng m bo s tin cn xc thc v ton vn.

Chng ta khng cn gi b mt kha cng khai, nh vy cc chng chkhng phi l b mt.Hn na, y khng i hi cc yu cu v tnh xc thcv ton vn do cc chng ch t bo v (ch k s ca CA c trong chng chcung cp bo v xc thc v ton vn).Mt k truy nhp tri php nh lm gi

chng ch khi n ny ang c pht hnh cho nhng ngi s dng kha cngkhai, nhng ngi dng ny s pht hin ra vic lm gi v ch k s ca CA

Kha ring ca CA

Sinh ch k s

Thng tin i t ng

Kha cng khaica i t ng

Tn CA

Ch k CA

8/6/2019 bao mat TT

59/84


c kim tra chnh xc.Chnh v th cc chng ch kha cng khai c phthnh theo cch khng an ton, v d nh: thng qua cc my ch, h thng thmc, cc giao thc truyn thng khng an ton.

Li ch c bn ca h thng cp chng ch l: mt ngi s dng khacng khai c th c c s lng ln kha cng khai ca cc thnh vin khc

mt cch tin cy, nh khacng khai ca CA.Lu rng chng ch s ch huch khi ngi dng kha cng khai tin cy CA pht hnh cc chng ch hp l.

4. M hnh CA

Nu vic thit lp mt CA (c th pht hnh cc chng ch kho cng khai chott c nhng ngi nm gi cp kh

Documents

bao mat TT