Upload
an-ninh-mang
View
215
Download
0
Embed Size (px)
Citation preview
7/30/2019 ng dng ch k s trong bo mt thng tin
1/10
1
ng dng ch k strong bo
mt thng tin
Ths. Hong STng
1. ng dng ch k s
Mt s ng dng trong cuc
sng ng dng ch k s c th k
n nh bo mt my ch web (khi
tin hnh giao dch trn cc website
thngmi in t uy tn. Tt c ccthng tin nhycms c m ha -
a ch web thng c dng https
k s v m ha email); ng nhp t
xa qua VPN, wireless (ch k s lc
ny c s dng thay th phng
php xc thc km an ton nh
username/password).
Mt s giao dch trong ngnh
ngn hng, chng khon hin nay
ang c dng OTP (One Time
Password). y l mt gii php tnh
th do lc dch v chng ch s
cha c mt, trong khi LutGiao dch
in t ra i nm 2005 cng nhngi tr php l ca chng ch s. V
vy, thi gian ti, rt c th cc giao
dch ngn hng qua Internet (Internet
banking) cngs ng dng ch k s.
Tuy nhin, vi cc tchc ngn hng
angng dng OTP, gii php m cc
CA khuyn co l nn c l trnh
chuyni. Bc u c th s dng
song song (chnghn vi nhng giao
dch c gi tr tin thp vn dng
OTP, nhng giao dch c gi tr tin
ln th dng ch k s).
V cnbn, ch k s l mt
loich k in t da trn h thng
mt m khng i xng, cha thng
tin nh danh ngi ch s hu ch
k . Cc thng tin ny c th c
lu tr bng nhiu hnh thc khc
nhau: di dng file v lu tr trn
my tnh; trn cc thit b lu tr c
bit (USB token); trn th (smartcard); thm ch trn sim in thoi
(SIM base CA). Ty nhu cu m mi
khch hng chn nhng hnh thclu
tr khc nhau, tuy nhin, SIM base
CA c nh gi cao tnh di ng,
thun tin do gn lin vi chic in
thoi di ng.
Trn th gii, SIM base CA
c s dng t nhng nm 2001
2002. Quc gia c nhiu SIM base
7/30/2019 ng dng ch k s trong bo mt thng tin
2/10
2
CA l i Loan, Hn Quc. Theo
nh gi ca mt s CA trong nc,
Vit Nam c s lng ngi s dng
in thoi di ng kh ln do th
trng cho SIM base CA kh tim
nng. Tuy nhin, c c dch v
SIM base CA cn s phi hp gia
nh cung cp dch v ch k s v
nh cung cp dch v vin thng.
i vi cc doanh nghip, ch
k s c th c ng dng vo trong
hu ht cc hot ng ca cng ty
nh: ng nhp bng th thng minh
(smart card), windows security logon,
trao i cc ti liu nhy cm, trao i
email, truy cp t xa qua VPN,
Vic trin khai mt h thng PKI i
vi cc doanh nghip nh l rt ngin, v li ch m h thng em li
rt ln so vi chi ph u t ban u.
Quy trnh cp pht chng ch v ng
dng chng ch s cng rt n gin.
Sau y l mt v d vic s
dng chng ch s trao i email
trong doanh nghip. Qu trnh s bao
gm: xin cp pht chng ch t ngi
dng, ngi qun tr cp pht chng
ch, ngi dng nh km chng ch
vo trong cc email gi cho ngi
khc. Trong v d ny vn s dng
m hnh phn lp gm RootCA,
SubCA v RA, tuy nhin trong thc t
n gin v ph hp vi cc doanh
nghip nh, chng ta c th ch cn s
dng mt CA m nhim c chc
nng ca RootCA v RA.
Ban u, ngi dng cn install
chng ch ca RootCA vo my tnh.
Hnh 1: Install Certificate
Ngi dng truy cp vo trang
public ca RA to mt yu cu xin
cp pht chng ch
7/30/2019 ng dng ch k s trong bo mt thng tin
3/10
3
Hnh 2:Ngi dng xin cp pht
chng ch
Hnh 3:Chn Browser Certificate
Request
in cc thng tin c bn nh:
First name, Last name, a ch email, y l cc nh danh c gn km
vi ngi s dng chng ch.
Hnh 4: Khai bo cc thng tin cbn
La chn loi chng ch l
dnh cho User (ngi s dng bnh
thng)
Hnh 5: La chn loi chng ch, mc
bo mt,
7/30/2019 ng dng ch k s trong bo mt thng tin
4/10
4
Chn lc k, di ca
kha v m PIN
Hnh 6: Chn lc k, chn m
PIN
Sau khi ng vi tha thun
ngi dng do CA ra, bc tip
theo s khi to kha b mt cho
ngi dng.
Hnh 7: Khi to kha b mt ca
ngi dng
Sau khi ngi dng to xong
yu cu cp pht chng ch, ngi
qun tr s phi truy cp vo trang
https://ra.actvn.net/pki/ra thc hin
vic k vo yu cu ca ngi dng.
Hnh 8: Yu cu xin cp pht chng
chca ngi dng
Hnh 9: RA k vo yu cu ca ngi
dng
7/30/2019 ng dng ch k s trong bo mt thng tin
5/10
5
Hnh 10: Yu cu c k
Sau khi yu cu c k bi
RA, ngi qun tr tip tc chuyn
yu cu sang cho CA, CA thc
hin vic cp pht chng ch
Hnh 11: CA tip nhn yu cu cangi dng tRA
Hnh 12: CA chp nhn cp phtchng chcho ngi dng
Chng ch ca ngi dng
c cp pht, sau ngi qun tr
phi chuyn chng ch c cp
pht v RA Server cng b cho
ngi dng.
Hnh 13: Chng chca ngi dng
c cp pht
7/30/2019 ng dng ch k s trong bo mt thng tin
6/10
6
Khi , ngi s dng truy cp
vo trang https://ra.actvn.net/pki/pub .
S thy c danh sch cc chng ch
m CA cp pht (cc chng ch b
thu hi s khng c trong danh sch
ny)
Hnh 14: Danh sch cc chng ch
c cp pht
Hnh 15: Thng tin chng chca
ngi dng
Ngi dng chn chng ch ca
mnh ti v my. Do mi chng ch
c mt m PIN khc nhau, m m
PIN ny chc ngi to yu cu cp
pht chng ch mi bit, nn nu c
ly chng ch ca ngi khc cng
khng th s dng c.
Hnh 16:Ngi dng ti chng chv
my
Chng ch ny tun th theo
cc chnh sch m CA ra nh:
Policy 1.2.3.3.4, Policy 1.2.3.3.5,
Policy 1.2.3.3.6, Policy 1.2.3.3.7.
Vi chng chny, ngi dngc th dng xc thc i vi cc
Website yu cu xc thc thng qua
TLS, bo vemail hay ng nhp vo
Windows s dng Smartcard.
7/30/2019 ng dng ch k s trong bo mt thng tin
7/10
7
Trong v d ny chng ta s
dng Outlook Express gi th v
nh km ch k s ca ngi dng.
s dng ch k s ta phi install
chng ch ca ngi dng vo my.
Sau la chn chng ch ngi
dng k v m ha email nh hnh
di
Hnh 17: Sdng chng chbo v
Thc hin vic gi email c
km theo ch k s v m ha ni
dung email. Email s c thm 2 biu
tng: ch k v m ha nh hnh
di
Hnh 18: Thc hin vic gi emailkm chk s
Ngi dng c yu cu nhp
kha b mt, m bo rng y l
chng ch ca ngi dng ch khng
phi ca ngi khc.
Hnh 19: Kha b mt ca ngi dng
Ngi nhn s nhn c mt
email vi ni dung b m ha
7/30/2019 ng dng ch k s trong bo mt thng tin
8/10
8
Hnh 20:Email c m ha khi
n ngi nhn
c c ni dung bc th,
ngi nhn phi c c kha cng
khai ca ngi gi.
Hnh 21: Ni dung email c giim
Qua v d trn, chng ta c th
thy vic s dng ch k s rt n
gin v t c hiu qu an ton, bo
mt thng tin cn gi i.
2. Thc trng ng dng ch ks Vit Nam
Ngoi vic l mtphng tin
in t c php lut tha nhn v
tnh php l, ch k s cn l mt
cng ngh m ha v xc thc rt
mnh. N c th gip bo m an
ton, bo mt cao cho cc giao dchtrc tuyn, nht l cc giao dch cha
cc thng tin lin quan n ti chnh.
Hin ti cng ngh ch k s
ti Vit Nam c th s dng trong cc
giao dch mua bn hng trctuyn,
u t chng khon trc tuyn,
chuyn tin ngn hng, thanh ton
trc tuyn. Ngoi ra, B Ti chnh
cng p dng ch k s vo k
khai, np thu trc tuyn qua mng
Internet v cc th tc hi quan in
t nh khai bo hi quan v thng
quan trctuyn m khng phi in cc
t khai, ng du ca cng ty vn c quan thu ch np tkhai
ny.
7/30/2019 ng dng ch k s trong bo mt thng tin
9/10
7/30/2019 ng dng ch k s trong bo mt thng tin
10/10
10
KT LUN
Hin nay, vic p dng mt m
ha kha cng khai v dch v chng
thc int m bo an ton thng
tin trong cc hot ng giao dch in
t l gii php c nhiu quc gia
trn th gii s dng. Vit Nam,
tnh hnh trinkhai c s htng kha
cng khai (PKI) v chng thc int
(CA) c nh gi l i ng
hng v bi bn, nhng tin vn
cn chm.
Thc t VitNam vic trin
khai dch v chng thc in t mi
ch mt s c quan nh nc, c
quan thuc chnh ph. Cn cc doanh
nghip cng c s dng chng thc
in t nhng cn t v u l mua
ca cc t chc cung cp. Vic trin
khai cc dch v cung cp chng thc
intyu cu mtsu t lu di
v nghim tc mi mang li kt qu
nh mong mun. Phn kh khn nht
trong trinkhai dch v ny l khu
t chc thc hin v thay i nhn
thcca con ngi. Tnh php l ca
ch k s v dch v chng thc in
t cng l mt vn ang c t
ra.
Ti liu tham kho
1. Carlisle Adams and Steve Lloyd:
Understanding PKI second edition:
Concepts, Standards, and Deployment
Considerations
2.Website http://www.openca.org
3.Website http://www.openca.info