ứng dụng chữ ký số trong bảo mật thông tin

7/30/2019 ng dng ch k s trong bo mt thng tin

1/10

1

ng dng ch k strong bo

mt thng tin

Ths. Hong STng

1. ng dng ch k s

Mt s ng dng trong cuc

sng ng dng ch k s c th k

n nh bo mt my ch web (khi

tin hnh giao dch trn cc website

thngmi in t uy tn. Tt c ccthng tin nhycms c m ha -

a ch web thng c dng https

k s v m ha email); ng nhp t

xa qua VPN, wireless (ch k s lc

ny c s dng thay th phng

php xc thc km an ton nh

username/password).

Mt s giao dch trong ngnh

ngn hng, chng khon hin nay

ang c dng OTP (One Time

Password). y l mt gii php tnh

th do lc dch v chng ch s

cha c mt, trong khi LutGiao dch

in t ra i nm 2005 cng nhngi tr php l ca chng ch s. V

vy, thi gian ti, rt c th cc giao

dch ngn hng qua Internet (Internet

banking) cngs ng dng ch k s.

Tuy nhin, vi cc tchc ngn hng

angng dng OTP, gii php m cc

CA khuyn co l nn c l trnh

chuyni. Bc u c th s dng

song song (chnghn vi nhng giao

dch c gi tr tin thp vn dng

OTP, nhng giao dch c gi tr tin

ln th dng ch k s).

V cnbn, ch k s l mt

loich k in t da trn h thng

mt m khng i xng, cha thng

tin nh danh ngi ch s hu ch

k . Cc thng tin ny c th c

lu tr bng nhiu hnh thc khc

nhau: di dng file v lu tr trn

my tnh; trn cc thit b lu tr c

bit (USB token); trn th (smartcard); thm ch trn sim in thoi

(SIM base CA). Ty nhu cu m mi

khch hng chn nhng hnh thclu

tr khc nhau, tuy nhin, SIM base

CA c nh gi cao tnh di ng,

thun tin do gn lin vi chic in

thoi di ng.

Trn th gii, SIM base CA

c s dng t nhng nm 2001

2002. Quc gia c nhiu SIM base


2/10

2

CA l i Loan, Hn Quc. Theo

nh gi ca mt s CA trong nc,

Vit Nam c s lng ngi s dng

in thoi di ng kh ln do th

trng cho SIM base CA kh tim

nng. Tuy nhin, c c dch v

SIM base CA cn s phi hp gia

nh cung cp dch v ch k s v

nh cung cp dch v vin thng.

i vi cc doanh nghip, ch

k s c th c ng dng vo trong

hu ht cc hot ng ca cng ty

nh: ng nhp bng th thng minh

(smart card), windows security logon,

trao i cc ti liu nhy cm, trao i

email, truy cp t xa qua VPN,

Vic trin khai mt h thng PKI i

vi cc doanh nghip nh l rt ngin, v li ch m h thng em li

rt ln so vi chi ph u t ban u.

Quy trnh cp pht chng ch v ng

dng chng ch s cng rt n gin.

Sau y l mt v d vic s

dng chng ch s trao i email

trong doanh nghip. Qu trnh s bao

gm: xin cp pht chng ch t ngi

dng, ngi qun tr cp pht chng

ch, ngi dng nh km chng ch

vo trong cc email gi cho ngi

khc. Trong v d ny vn s dng

m hnh phn lp gm RootCA,

SubCA v RA, tuy nhin trong thc t

n gin v ph hp vi cc doanh

nghip nh, chng ta c th ch cn s

dng mt CA m nhim c chc

nng ca RootCA v RA.

Ban u, ngi dng cn install

chng ch ca RootCA vo my tnh.

Hnh 1: Install Certificate

Ngi dng truy cp vo trang

public ca RA to mt yu cu xin

cp pht chng ch


3/10

3

Hnh 2:Ngi dng xin cp pht

chng ch

Hnh 3:Chn Browser Certificate

Request

in cc thng tin c bn nh:

First name, Last name, a ch email, y l cc nh danh c gn km

vi ngi s dng chng ch.

Hnh 4: Khai bo cc thng tin cbn

La chn loi chng ch l

dnh cho User (ngi s dng bnh

thng)

Hnh 5: La chn loi chng ch, mc

bo mt,


4/10

4

Chn lc k, di ca

kha v m PIN

Hnh 6: Chn lc k, chn m

PIN

Sau khi ng vi tha thun

ngi dng do CA ra, bc tip

theo s khi to kha b mt cho

ngi dng.

Hnh 7: Khi to kha b mt ca

ngi dng

Sau khi ngi dng to xong

yu cu cp pht chng ch, ngi

qun tr s phi truy cp vo trang

https://ra.actvn.net/pki/ra thc hin

vic k vo yu cu ca ngi dng.

Hnh 8: Yu cu xin cp pht chng

chca ngi dng

Hnh 9: RA k vo yu cu ca ngi

dng


5/10

5

Hnh 10: Yu cu c k

Sau khi yu cu c k bi

RA, ngi qun tr tip tc chuyn

yu cu sang cho CA, CA thc

hin vic cp pht chng ch

Hnh 11: CA tip nhn yu cu cangi dng tRA

Hnh 12: CA chp nhn cp phtchng chcho ngi dng

Chng ch ca ngi dng

c cp pht, sau ngi qun tr

phi chuyn chng ch c cp

pht v RA Server cng b cho

ngi dng.

Hnh 13: Chng chca ngi dng

c cp pht


6/10

6

Khi , ngi s dng truy cp

vo trang https://ra.actvn.net/pki/pub .

S thy c danh sch cc chng ch

m CA cp pht (cc chng ch b

thu hi s khng c trong danh sch

ny)

Hnh 14: Danh sch cc chng ch

c cp pht

Hnh 15: Thng tin chng chca

ngi dng

Ngi dng chn chng ch ca

mnh ti v my. Do mi chng ch

c mt m PIN khc nhau, m m

PIN ny chc ngi to yu cu cp

pht chng ch mi bit, nn nu c

ly chng ch ca ngi khc cng

khng th s dng c.

Hnh 16:Ngi dng ti chng chv

my

Chng ch ny tun th theo

cc chnh sch m CA ra nh:

Policy 1.2.3.3.4, Policy 1.2.3.3.5,

Policy 1.2.3.3.6, Policy 1.2.3.3.7.

Vi chng chny, ngi dngc th dng xc thc i vi cc

Website yu cu xc thc thng qua

TLS, bo vemail hay ng nhp vo

Windows s dng Smartcard.


7/10

7

Trong v d ny chng ta s

dng Outlook Express gi th v

nh km ch k s ca ngi dng.

s dng ch k s ta phi install

chng ch ca ngi dng vo my.

Sau la chn chng ch ngi

dng k v m ha email nh hnh

di

Hnh 17: Sdng chng chbo v

email

Thc hin vic gi email c

km theo ch k s v m ha ni

dung email. Email s c thm 2 biu

tng: ch k v m ha nh hnh

di

Hnh 18: Thc hin vic gi emailkm chk s

Ngi dng c yu cu nhp

kha b mt, m bo rng y l

chng ch ca ngi dng ch khng

phi ca ngi khc.

Hnh 19: Kha b mt ca ngi dng

Ngi nhn s nhn c mt

email vi ni dung b m ha


8/10

8

Hnh 20:Email c m ha khi

n ngi nhn

c c ni dung bc th,

ngi nhn phi c c kha cng

khai ca ngi gi.

Hnh 21: Ni dung email c giim

Qua v d trn, chng ta c th

thy vic s dng ch k s rt n

gin v t c hiu qu an ton, bo

mt thng tin cn gi i.

2. Thc trng ng dng ch ks Vit Nam

Ngoi vic l mtphng tin

in t c php lut tha nhn v

tnh php l, ch k s cn l mt

cng ngh m ha v xc thc rt

mnh. N c th gip bo m an

ton, bo mt cao cho cc giao dchtrc tuyn, nht l cc giao dch cha

cc thng tin lin quan n ti chnh.

Hin ti cng ngh ch k s

ti Vit Nam c th s dng trong cc

giao dch mua bn hng trctuyn,

u t chng khon trc tuyn,

chuyn tin ngn hng, thanh ton

trc tuyn. Ngoi ra, B Ti chnh

cng p dng ch k s vo k

khai, np thu trc tuyn qua mng

Internet v cc th tc hi quan in

t nh khai bo hi quan v thng

quan trctuyn m khng phi in cc

t khai, ng du ca cng ty vn c quan thu ch np tkhai

ny.


9/10


10/10

10

KT LUN

Hin nay, vic p dng mt m

ha kha cng khai v dch v chng

thc int m bo an ton thng

tin trong cc hot ng giao dch in

t l gii php c nhiu quc gia

trn th gii s dng. Vit Nam,

tnh hnh trinkhai c s htng kha

cng khai (PKI) v chng thc int

(CA) c nh gi l i ng

hng v bi bn, nhng tin vn

cn chm.

Thc t VitNam vic trin

khai dch v chng thc in t mi

ch mt s c quan nh nc, c

quan thuc chnh ph. Cn cc doanh

nghip cng c s dng chng thc

in t nhng cn t v u l mua

ca cc t chc cung cp. Vic trin

khai cc dch v cung cp chng thc

intyu cu mtsu t lu di

v nghim tc mi mang li kt qu

nh mong mun. Phn kh khn nht

trong trinkhai dch v ny l khu

t chc thc hin v thay i nhn

thcca con ngi. Tnh php l ca

ch k s v dch v chng thc in

t cng l mt vn ang c t

ra.

Ti liu tham kho

1. Carlisle Adams and Steve Lloyd:

Understanding PKI second edition:

Concepts, Standards, and Deployment

Considerations

2.Website http://www.openca.org

3.Website http://www.openca.info

Documents

ứng dụng chữ ký số trong bảo mật thông tin