55625419-anninhmangk13mtt-1226419598367568-8

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

1/204

Nguyn i Th An ninh Mng 1

AN NINH MNG

TS. Nguyn i ThB mn Mng & Truyn thng My tnh

Khoa Cng ngh Thng [email protected]

Nm hc 2007-2008

I HC QUC GIA H NI

TRNG I HC CNG NGH

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

2/204

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

3/204


Bi cnh

Nhu cu m bo an ninh thng tin c nhngbin i ln Trc y

Ch cn cc phng tin vt l v hnh chnh

T khi c my tnh Cn cc cng c t ng bo v tp tin v cc thng tin khc

lu tr trong my tnh

T khi c cc phng tin truyn thng v mng Cn cc bin php bo v d liu truyn trn mng

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

4/204


Cc khi nim

An ninh thng tin Lin quan n cc yu t ti nguyn, nguy c, hnh

ng tn cng, yu im, v iu khin An ninh my tnh

Cc cng c bo v d liu v phng chng tin tc An ninh mng

Cc bin php bo v d liu truyn trn mng

An ninh lin mng Cc bin php bo v d liu truyn trn mt tp hpcc mng kt ni vi nhau

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

5/204


Mc tiu mn hc

Ch trng an ninh lin mng Nghin cu cc bin php ngn cn, phng

chng, pht hin v khc phc cc vi phm anninh lin quan n truyn ti thng tin

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

6/204


m bo an ninh thng tin

thc hin c hiu qu cn ra mt phngthc chung cho vic xc nh cc nhu cu v anninh thng tin

Phng thc a ra s xt theo 3 mt Hnh ng tn cng C ch an ninh Dch v an ninh

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

7/204


Dch v an ninh

L mt dch v nng cao an ninh ca cc hthng x l thng tin v cc cuc truyn d liutrong mt t chc

Nhm phng chng cc hnh ng tn cng

S dng mt hay nhiu c ch an ninh C cc chc nng tng t nh m bo an

ninh ti liu vt l

Mt s c trng ca ti liu in t khin viccung cp cc chc nng m bo an ninh khkhn hn

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

8/204


C ch an ninh

L c ch nh ra pht hin, ngn nga vkhc phc mt hnh ng tn cng Khng mt c ch n l no c th h tr tt c

cc chc nng m bo an ninh thng tin C mt yu t c bit hu thun nhiu c ch

an ninh s dng hin nay l cc k thut mt m Mn hc s ch trng lnh vc mt m

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

9/204


Hnh ng tn cng

L hnh ng ph hoi an ninh thng tin camt t chc

An ninh thng tin l nhng cch thc ngn nga

cc hnh ng tn cng, nu khng c thpht hin v khc phc hu qu Cc hnh ng tn cng c nhiu v a dng Ch cn tp trung vo nhng th loi chung nht Lu : nguy c tn cng v hnh ng tn cng

thng c dng ng ngha vi nhau

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

10/204


Kin trc an ninh OSI

Kin trc an ninh cho OSI theo khuyn nghX.800 ca ITU-T

nh ra mt phng thc chung cho vic xc

nh cc nhu cu v an ninh thng tin Cung cp mt ci nhn tng quan v cc khinim mn hc s cp n

Ch trng n cc dch v an ninh, cc c chan ninh v cc hnh ng tn cng

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

11/204


Cc dch v an ninh

Theo X.800 Dch v an ninh l dch v cung cp bi mt tng giaothc ca cc h thng m kt ni nhm m bo anninh cho cc h thng v cc cuc truyn d liu

C 5 loi hnh Theo RFC 2828

Dch v an ninh l dch v x l hoc truyn thngcung cp bi mt h thng bo v ti nguyn theo

mt cch thc nht nh

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

12/204


Cc dch v an ninh X.800

Xc thc m bo thc th truyn thng ng l n iu khin truy nhp

Ngn khng cho s dng tri php ti nguyn

Bo mt d liu Bo v d liu khi b tit l tri php

Ton vn d liu

m bo nhn d liu ng nh khi gi Chng chi b

Ngn khng cho bn lin quan ph nhn hnh ng

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

13/204


Cc c ch an ninh X.800

Cc c ch an ninh chuyn dng M ha, ch k s, iu khin truy nhp, ton vn dliu, trao i xc thc, n tin truyn, iu khin nhtuyn, cng chng

Cc c ch an ninh ph qut Tnh nng ng tin, nhn an ninh, pht hin s kin,

du vt kim tra an ninh, khi phc an ninh

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

14/204


Cc hnh ng tn cng

Cc hnh ng tn cng th ng Nghe trm ni dung thng tin truyn ti Gim st v phn tch lung thng tin lu chuyn

Cc hnh ng tn cng ch ng Gi danh mt thc th khc Pht li cc thng bo trc Sa i cc thng bo ang lu chuyn

T chi dch v

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

15/204


M hnh an ninh mng

Th

ngb

oa

nt

on

Thng tinb mt

Chuyn ilin quan

n an ninh

Thngb

o

Thngb

o

Thng tinb mt

Chuyn ilin quan

n an ninh

Th

ngb

oa

nt

on

i th

Bn th ba ng tin

Bn gi Bn nhn

Knhthng tin

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

16/204


M hnh an ninh mng

Yu cu Thit k mt gii thut thch hp cho vic chuyn i

lin quan n an ninh To ra thng tin b mt (kha) i km vi gii thut Pht trin cc phng php phn b v chia s thng

tin b mt c t mt giao thc s dng bi hai bn gi v nhn

da trn gii thut an ninh v thng tin b mt, lm cs cho mt dch v an ninh

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

17/204


M hnh an ninh truy nhp mng

Cc ti nguyn tnhton (b x l, b nh,ngoi vi)

D liu

Cc tin trnh

Phn mm

Knh truy nhp

Chc nnggc cng

Cc iu khin an ninhbn trong

i th

- Con ngi

- Phn mm

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

18/204


M hnh an ninh truy nhp mng

Yu cu La chn cc chc nng gc cng thch hp nhdanh ngi dng

Ci t cc iu khin an ninh m bo ch

nhng ngi dng c php mi c th truy nhpc vo cc thng tin v ti nguyn tng ng

Cc h thng my tnh ng tin cy c th dng ci t m hinh ny

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

19/204


Chng 2

M HA I XNG

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

20/204


Hai k thut m ha ch yu M ha i xng

Bn gi v bn nhn s dng chung mt kha Cn gi l

M ha truyn thng M ha kha ring / kha n / kha b mt

L k thut m ha duy nht trc nhng nm 70 Hin vn cn c dng rt ph bin

M ha kha cng khai (bt i xng)

Mi bn s dng mt cp kha Mt kha cng khai + Mt kha ring

Cng b chnh thc nm 1976

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

21/204


Mt s cch phn loi khc Theo phng thc x l

M ha khi Mi ln x l mt khi nguyn bn v to ra khi bn m tng

ng (chng hn 64 hay 128 bit)

M ha lung X l d liu u vo lin tc (chng hn mi ln 1 bit)

Theo phng thc chuyn i M ha thay th

Chuyn i mi phn t nguyn bn thnh mt phn t bn mtng ng

M ha hon v B tr li v tr cc phn t trong nguyn bn

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

22/204


M hnh h m ha i xngKha b mt dng chungbi bn gi v bn nhn

Kha b mt dng chungbi bn gi v bn nhn

Gii thut m ha Gii thut gii m

Nguyn bnu vo

Nguyn bnu ra

Bn m

truyn i

M ha

Y = EK(X)

Gii m

X = DK(Y)

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

23/204


M hnh h m ha i xng

Gm c 5 thnh phn Nguyn bn Gii thut m ha Kha b mt

Bn m Gii thut gii m

An ninh ph thuc vo s b mt ca kha,

khng ph thuc vo s b mt ca gii thut

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

24/204


Ph m

L n lc gii m vn bn c m hakhng bit trc kha b mt C hai phng php ph m

Vt cn

Th tt c cc kha c th Thm m

Khai thc nhng nhc im ca gii thut Da trn nhng c trng chung ca nguyn bn hoc mt

s cp nguyn bn - bn m mu

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

25/204


V l thuyt c th th tt c cc gi tr kha chon khi tm thy nguyn bn t bn m Da trn gi thit c th nhn bit c nguyn

bn cn tm

Tnh trung bnh cn th mt na tng s cctrng hp c th

Thc t khng kh khi nu di kha ln

Phng php ph m vt cn

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

26/204


Thi gian tm kim trung bnh

Kch thckha (bit)

S lng kha Thi gian cn thit(1 gii m/s)

Thi gian cn thit(106gii m/s)

3256

12816826 k t(hon v)

232 = 4,3 x 109

256 = 7,2 x 1016

2128

= 3,4 x 1038

2168 = 3,7 x 1050

26! = 4 x 1026

231s = 35,8 pht255s = 1142 nm

2127

s = 5,4 x 1024

nm2167s = 5,9 x 1036nm2 x 1026s =

6,4 x 1012nm

2,15 ms10,01 gi

5,4 x 1018

nm5,9 x 1030nm6,4 x 106nm

Tui v tr : ~ 1010nmKha DES di 56 bitKha AES di 128+ bitKha 3DES di 168 bit

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

27/204


Cc k thut thm m Ch c bn m

Ch bit gii thut m ha v bn m hin c

Bit nguyn bn Bit thm mt s cp nguyn bn - bn m

Chn nguyn bn Chn 1 nguyn bn, bit bn m tng ng

Chn bn m

Chn 1 bn m, bit nguyn bn tng ng Chn vn bn Kt hp chn nguyn bn v chn bn m

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

28/204


An ninh h m ha An ninh v iu kin

Bn m khng cha thng tin xc nh duy nhtnguyn bn tng ng, bt k vi s lng baonhiu v tc my tnh th no

Ch h m ha n mt ln l an ninh v iu kin

An ninh tnh ton Tha mn mt trong hai iu kin

Chi ph ph m vt qu gi tr thng tin Thi gian ph m vt qu tui th thng tin

Thc t tha mn hai iu kin Khng c nhc im Kha c qu nhiu gi tr khng th th ht

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

29/204


M ha thay th c in

Cc ch ci ca nguyn bn c thay th bicc ch ci khc, hoc cc s, hoc cc k hiu Nu nguyn bn c coi nh mt chui bit th

thay th cc mu bit trong nguyn bn bng ccmu bit ca bn m

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

30/204

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

31/204


Ph m h m ha Caesar

Phng php vt cn Kha ch l mt ch ci (hay mt s gia 1 v 25) Th tt c 25 kha c th D dng thc hin

Ba yu t quan trng Bit trc cc gii thut m ha v gii m Ch c 25 kha th

Bit v c th d dng nhn ra c ngn ng canguyn bn

V d : Ph m "GCUA VQ DTGCM"

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

32/204


H m ha n bng

Thay mt ch ci ny bng mt ch ci khctheo trt t bt k sao cho mi ch ci ch c mtthay th duy nht v ngc li

Kha di 26 ch ci

V d Kha

a b c d e f g h i j k l m n o p q r s t u v w x y zM N B V C X Z A S D F G H J K L P O I U Y T R E W Q

Nguyn bni love you

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

33/204


Ph m h m ha n bng

Phng php vt cn

Kha di 26 k t S lng kha c th = 26! = 4 x 1026

Rt kh thc hin

Khai thc nhng nhc im ca gii thut Bit r tn s cc ch ci ting Anh

C th suy ra cc cp ch ci nguyn bn - ch ci bn m V d : ch ci xut hin nhiu nht c th tng ng vi 'e'

C th nhn ra cc b i v b ba ch ci V d b i : 'th', 'an', 'ed' V d b ba : 'ing', 'the', 'est'

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

34/204


Cc tn s ch ci ting Anh

Tns

tng

i(%)

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

35/204

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

36/204


H m ha Playfair (1) L mt h m ha nhiu ch

Gim bt tng quan cu trc gia bn m vnguyn bn bng cch m ha ng thi nhiu chci ca nguyn bn

Pht minh bi Charles Wheatstone vo nm1854, ly tn ngi bn Baron Playfair

S dng 1 ma trn ch ci 5x5 xy dng trnc s 1 t kha

in cc ch ci ca t kha (b cc ch trng) in nt ma trn vi cc ch khc ca bng ch ci I v J chim cng mt ca ma trn

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

37/204


H m ha Playfair (2) V d ma trn vi t kha MONARCHY

M O N A R

C H Y B DE F G I/J KL P Q S T

U V W X Z M ha 2 ch ci mt lc

Nu 2 ch ging nhau, tch ra bi 1 ch in thm Nu 2 ch nm cng hng, thay bi cc ch bn phi

Nu 2 ch nm cng ct, thay bi cc ch bn di Cc trng hp khc, mi ch ci c thay bi ch

ci khc cng hng, trn ct ch ci cng cp

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

38/204


Ph m h m ha Playfair An ninh m bo hn nhiu h m ha n ch C 26 x 26 = 676 cp ch ci

Vic gii m tng cp kh khn hn Cn phn tch 676 tn s xut hin thay v 26

Tng c qun i Anh, M s dng rng ri Bn m vn cn lu li nhiu cu trc ca

nguyn bn

Vn c th ph m c v ch c vi trm cpch ci cn gii m

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

39/204

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

40/204


Ph m h m ha Vigenre

Phng php vt cn

Kh thc hin, nht l nu kha gm nhiu ch ci

Khai thc nhng nhc im ca gii thut Cu trc ca nguyn bn c che y tt hn h

Playfair nhng khng hon ton bin mt Ch vic tm di kha sau ph m tng h Ceasar Cch tm di kha

Nu di kha nh so vi di vn bn, c th pht hin 1

dy vn bn lp li nhiu ln Khong cch gia 2 dy vn bn lp l 1 bi s ca di kha T suy ra di kha

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

41/204

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

42/204

Nguyn i Th

An ninh Mng42

n mt ln L h m ha thay th khng th ph c xut bi Joseph Mauborgne Kha ngu nhin, di bng di vn bn,

ch s dng mt ln

Gia nguyn bn v bn m khng c bt kquan h no v thng k

Vi bt k nguyn bn v bn m no cng tn

ti mt kha tng ng Kh khn vic to kha v m bo phn phikha an ninh

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

43/204

Nguyn i Th

An ninh Mng43

M ha hon v c in

Che y ni dung vn bn bng cch sp xp litrt t cc ch ci Khng thay i cc ch ci ca nguyn bn Bn m c tn s xut hin cc ch ci ging nh

nguyn bn

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

44/204

H h h

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

45/204

Nguyn i Th

An ninh Mng45

H m ha hng Vit cc ch ci theo hng vo 1 s ct nht nh

Sau hon v cc ct trc khi c theo ct Kha l th t c cc ct V d

Kha : 4 3 1 2 5 6 7 Nguyn bn : a t t a c k p

o s t p o n ed u n t i l t

w o a m x y z Bn m :

TTNAAPTMTSUOAODWCOIXKNLYPETZ

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

46/204

M h khi

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

47/204

Nguyn i Th

An ninh Mng47

M ha khi So vi m ha lung

M ha khi x l thng bo theo tng khi M ha lung x l thng bo 1 bit hoc 1 byte mi ln

Ging nh thay th cc k t rt ln ( 64 bit) Bng m ha gm 2nu vo (n l di khi) Mi khi u vo ng vi mt khi m ha duy nht

Tnh thun nghch

di kha l n x 2nbit qu ln

Xy dng t cc khi nh hn Hu ht cc h m ha khi i xng da trn cutrc h m ha Feistel

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

48/204

Nguyn i Th

An ninh Mng48

Mng S-P Mng thay th (S) - hon v (P) xut bi Claude

Shannon vo nm 1949 L c s ca cc h m ha khi hin i Da trn 2 php m ha c in

Php thay th : Hp S Php hon v : Hp P

an xen cc chc nng Khuch tn : Hp P (kt hp vi hp S)

Pht ta cu trc thng k ca nguyn bn khp bn m

Gy ln : Hp S Lm phc tp ha mi quan h gia bn m v kha

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

49/204

Nguyn i Th

An ninh Mng49

Hp S

01234567

u vo

3 bit

0

1

0

0123

4567

1

1

0

u ra

3 bit

Lu : Hp S c tnh thun nghch

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

50/204


Hp P

Lu : Hp P c tnh thun nghch

u vo

4 bit

11

0

1

10

1

1

11

0

1

10

1

1

M h F i t l

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

51/204


M ha Feistel xut bi Horst Feistel da trn khi nim h

m ha tch hp thun nghch ca Shannon Phn mi khi di 2w bit thnh 2 na L0 v R0 X l qua n vng

Chia kha K thnh n kha con K1, K2,..., Kn Ti mi vng i

Thc hin thay th na bn tri Li-1bng cch XORn vi F(Ki, Ri-1)

F thng gi l hm chuyn i hay hm vng Hon v hai na Li v Ri

N b (2 bit)

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

52/204


Nguyn bn (2w bit)

w bit w bitL0 R0

Vng 1

K1

L1 R1

F+

Kn

Ln Rn

F+Vng n. . .

. . .

Ln+1 Rn+1

Bn m (2w bit)

Cc c trng h Feistel

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

53/204


Cc c trng h Feistel di khi

Khi cng ln cng an ninh (thng 64 bit) di kha

Kha cng di cng an ninh (thng 128 bit)

S vng Cng nhiu vng cng an ninh (thng 16 vng)

Gii thut sinh m con Cng phc tp cng kh ph m

Hm vng Cng phc tp cng kh ph m

nh hng n ci t v phn tch

Gii F i t l

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

54/204


Gii m Feistel Ging gii thut m ha, ch khc

Bn m l d liu u vo Cc kha con c dng theo th t ngc li

Ti mi vng kt qu u ra chnh l cc d liu

u vo ca qu trnh m ha i vi qu trnh m ha Li = Ri-1 Ri = Li-1 F(Ri-1, Ki)

i vi qu trnh gii m Ri-1 = Li Li-1 = Ri F(Li, Ki)

Ch h d li

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

55/204


Chun m ha d liu DES (Data Encryption Standard) c cng nhn

chun nm 1977 Phng thc m ha c s dng rng ri nht Tn gii thut l DEA (Data Encryption Algorithm)

L mt bin th ca h m ha Feistel, b xungthm cc hon v u v cui

Kch thc khi : 64 bit

Kch thc kha : 56 bit S vng : 16 Tng gy nhiu tranh ci v an ninh

Gii thut m ha DES

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

56/204


Gii thut m ha DESNguyn bn (64 bit)

giao hon thun

vng 1K1

vng 2K2

vng nKn

giao hon nghch

Bn m (64 bit)

hon i 32 bit

Kha 56 bit

. . .

giao hon

dch vng trigiao hon

dch vng trigiao hon

dch vng trigiao hon

. . .

Mt vng DES

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

57/204


Mt vng DES

Li-1

m rng g/hon

hp S

giao hon

Ri-1

x Ki

xLi Ri

--- 48 bit

--- 48 bit

--- 32 bit

--- 32 bit

Ph DES

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

58/204


Ph m DES Kha 56 bit c 256 = 7,2 x 1016gi tr c th Phng php vt cn t ra khng thc t Tc tnh ton cao c th ph c kha

1997 : 70000 my tnh ph m DES trong 96 ngy

1998 : Electronic Frontier Foundation (EFF) ph mDES bng my chuyn dng (250000$) trong < 3 ngy

1999 : 100000 my tnh ph m trong 22 gi

Vn cn phi nhn bit c nguyn bn Thc t DES vn c s dng khng c vn Nu cn an ninh hn : 3DES hay chun mi AES

H h 3DES

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

59/204


H m ha 3DES S dng 3 kha v chy 3 ln gii thut DES

M ha : C = EK3[DK2[EK1[p]]] Gii m : p = DK1[EK2[DK3[C]]]

di kha thc t l 168 bit

Khng tn ti K4 = 56 sao cho C = EK4(p) V sao 3 ln : trnh tn cng "gp nhau gia"

C = EK2(EK1(p)) X = EK1(p) = DK2(C) Nu bit mt cp (p, C)

M ha p vi 256kha v gii m C vi 256 kha So snh tm ra K1 v K2tng ng Kim tra li vi 1 cp (p, C) mi; nu OK th K1 v K2 l kha

Ch h ti ti

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

60/204


Chun m ha tin tin AES (Advanced Encryption Standard) c cng

nhn chun mi nm 2001 Tn gii thut l Rijndael (Rijmen + Daemen) An ninh hn v nhanh hn 3DES

Kch thc khi : 128 bit Kch thc kha : 128/192/256 bit S vng : 10/12/14

Cu trc mng S-P, nhng khng theo h Feistel Khng chia mi khi lm i

C h h khi kh (1)

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

61/204


Cc h m ha khi khc (1) IDEA (International Data Encryption Algorithm)

Khi 64 bit, kha 128 bit, 8 vng Theo cu trc mng S-P, nhng khng theo h Feistel

Mi khi chia lm 4

Rt an ninh Bn quyn bi Ascom nhng dng min ph

Blowfish Khi 64 bit, kha 32-448 bit (ngm nh 128 bit), 16 vng

Theo cu trc h Feistel An ninh, kh nhanh v gn nh T do s dng

Cc h m ha khi khc (2)

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

62/204


Cc h m ha khi khc (2) RC5

Pht trin bi Ron Rivest Khi 32/64/128 bit, kha 0-2040 bit, 0-255 vng n gin, thch hp cc b x l c rng khc nhau Theo cu trc h Feistel

CAST-128 Pht trin bi Carlisle Adams v Stafford Tavares Khi 64 bit, kha 40-128 bit, 12/16 vng

C 3 loi hm vng dng xen k Theo cu trc h Feistel Bn quyn bi Entrust nhng dng min ph

Cc phng thc m ha khi

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

63/204


Cc phng thc m ha khi ECB (Electronic Codebook)

M ha tng khi ring r CBC (Cipher Block Chaining)

Khi nguyn bn hin thi c XOR vi khi bn mtrc

CFB (Cipher Feedback) M phng m ha lung (n v s bit) s bit m ha trc c a vo thanh ghi u vo hin thi

OFB (Output Feeback) s bit tri u ra trc c a vo thanh ghi u vo hin thi

CTR (Counter) XOR mi khi nguyn bn vi 1 gi tr thanh m m

ha

Phng thc ECB

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

64/204


Phng thc ECB

M ha

p1

C1

K M ha

p2

C2

K M ha

pN

CN

K...

M ha

Gii m

C1

p1

K Gii m

C2

p2

K Gii m

CN

pN

K...

Gii m

nh gi ECB

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

65/204


nh gi ECB Nhng khi lp li trong nguyn bn c th thy

c trong bn m Nu thng bo di, c th

Gip phn tch ph m

To c hi thay th hoc b tr li cc khi Nhc im do cc khi c m ha c lp Ch yu dng gi thng bo c t khi

V d gi kha

Phng thc CBC

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

66/204


Phng thc CBC

M ha

p1

C1

K M ha

C2

K M ha

CN

K...

M ha

Gii m

C1

p1

K Gii m

C2

p2

K Gii m

CN

pN

K...

Gii m

p2 pNIV

CN-1

CN-1IV

nh gi CBC

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

67/204


nh gi CBC Mi khi m ha ph thuc vo tt c cc khi

nguyn bn trc S lp li cc khi nguyn bn khng th hin trongbn m ha

Thay i trong mi khi nguyn bn nh hng n tt

c cc khi bn m v sau Cn 1 gi tr u IV bn gi v bn nhn u bit Cn c m ha ging kha Nn khc nhau i vi cc thng bo khc nhau

Cn x l c bit khi nguyn bn khng y cui cng Dng m ha d liu ln, xc thc

M ha CFB

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

68/204


M ha CFB

Thanh ghi dch64-s bit | s bit

M ha

Chns bit

B i64-s bitp1

K

64

64

ss

C1

IVThanh ghi dch64-s bit | s bit

M ha

Chns bit

B i64-s bitp2

K

64

64

ss

C2


M ha

Chns bit

B i64-s bitpM

K

64

64

ss

CM

...

s

CM-1

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

69/204

nh gi CFB

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

70/204


nh gi CFB Thch hp khi d liu nhn c theo tng n

v bit hay byte Khng cn n thng bo lm trn khi Cho php s lng bit bt k

K hiu CFB-1, CFB-8, CFB-64,... L phng thc lung ph bin nht Dng gii thut m ha ngay c khi gii m

Li xy ra khi truyn 1 khi m ha s lan rngsang cc khi tip sau

M ha OFB

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

71/204


M ha OFB


M ha

Chns bit

B i64-s bit

p1

K

64

64

ss

C1

IVThanh ghi dch64-s bit | s bit

M ha

Chns bit

B i64-s bit

K

64

64


M ha

Chns bit

B i64-s bit

K

64

64

...

s

OM-1

p2 ss

C2

pM ss

CM

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

72/204

nh gi OFB

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

73/204


nh gi OFB Tng t CFB ch khc l phn hi ly t u ra

gii thut m ha, c lp vi thng bo Khng bao gi s dng li cng kha v IV Li truyn 1 khi m ha khng nh hng n

cc khi khc Thng bo d b sa i ni dung Ch nn dng OFB-64

C th tit kim thi gian bng cch thc hingii thut m ha trc khi nhn c d liu

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

74/204

nh gi CTR

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

75/204


nh gi CTR Hiu qu cao

C th thc hin m ha (hoc gii m) song song C th thc hin gii thut m ha trc nu cn

C th x l bt k khi no trc cc khi khc

An ninh khng km g cc phng thc khc n gin, ch cn ci t gii thut m ha,

khng cn n gii thut gii m

Khng bao gi s dng li cng gi tr kha vbin m (tng t OFB)

B tr cng c m ha

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

76/204


B tr cng c m ha Gii php hu hiu v ph bin nht chng li cc

mi e da n an ninh mng l m ha thc hin m ha, cn xc nh

M ha nhng g

Thc hin m ha u C 2 phng n c bn

M ha lin kt M ha u cui

M ha lin kt

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

77/204


M ha lin kt Cng c m ha c sp t 2 u ca mi

lin kt c nguy c b tn cng m bo an ninh vic lu chuyn thng tin trn

tt c cc lin kt mng

Cc mng ln cn n rt nhiu cng c m ha Cn cung cp rt nhiu kha Nguy c b tn cng ti mi chuyn mch

Cc gi tin cn c m ha mi khi i vo mtchuyn mch gi c c a ch phn u

Thc hin tng vt l hoc tng lin kt

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

78/204

Kt hp cc phng n m ha

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

79/204


Kt hp cc phng n m ha

PSN : Packet-switching nodeCng c m ha u cui

Cng c m ha lin kt

Qun l kha b mt

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

80/204


Qun l kha b mt Vn i vi m ha i xng l lm sao phn

phi kha an ninh n cc bn truyn tin Thng h thng mt an ninh l do khng qun l tt

vic phn phi kha b mt

Phn cp kha Kha phin (tm thi) Dng m ha d liu trong mt phin kt ni Hy b khi ht phin

Kha ch (lu di) Dng m ha cc kha phin, m bo phn phi chngmt cch an ninh

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

81/204

Phn phi kha t ng

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

82/204


Phn phi kha t ng1. Host gi gi tin yu cu kt ni2. FEP m gi tin; hi KDC kha phin3. KDC phn phi kha phin n 2 host4. Gi tin m c truyn i

FEP = Front End Processor

KDC = Key Distribution Center

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

83/204


Chng 3

MT M KHA CNG KHAI

Gii thiu

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

84/204


Gii thiu Nhng hn ch ca mt m i xng

Vn phn phi kha Kh m bo chia s m khng lm l kha b mt Trung tm phn phi kha c th b tn cng

Khng thch hp cho ch k s

Bn nhn c th lm gi thng bo ni nhn c t bn gi Mt m kha cng khai xut bi Whitfield

Diffie v Martin Hellman vo nm 1976 Khc phc nhng hn ch ca mt m i xng

C th coi l bc t ph quan trng nht trong lchs ca ngnh mt m

B xung ch khng thay th mt m i xng

c im mt m kha cng khai

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

85/204


c im mt m kha cng khai Cn gi l mt m hai kha hay bt i xng Cc gii thut kha cng khai s dng 2 kha

Mt kha cng khai Ai cng c th bit Dng m ha thng bo v thm tra ch k

Mt kha ring Ch ni gi c bit Dng gii m thng bo v k (to ra) ch k

C tnh bt i xng Bn m ha khng th gii m thng bo Bn thm tra khng th to ch k

M ha kha cng khai

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

86/204


M ha kha cng khaiCc kha cng khai

Nguyn bnu vo

Nguyn bnu ra

Bn mtruyn i

Gii thutm ha

Gii thutgii m

Kha cng khaica Alice

Kha ringca Alice

Ted

AliceMike

Joy

Xc thc

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

87/204


Xc thcCc kha cng khai

Nguyn bnu vo

Nguyn bnu ra

Bn mtruyn i

Gii thutm ha

Gii thutgii m

Kha ringca Bob

Kha cng khaica Bob

Ted

BobMike

Joy

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

88/204

M hnh m bo b mt

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

89/204


M hnh m bo b mt

Ngunth. bo Gii thutm ha Gii thutgii m chth. bo

Nguncp kha

K

ph m

Ngun A ch B

M hnh xc thc

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

90/204


M hnh xc thc

Ngunth. bo Gii thutm ha Gii thutgii m chth. bo

Nguncp kha

K

ph m

Ngun A ch B

M hnh kt hp

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

91/204


M hnh kt hp

Ngunth. bo

G. thutm ha

G. thutgii m

chth. bo

Nguncp kha

Ngun A ch B

G. thutm ha

G. thutgii m

Nguncp kha

Trao i kha

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

92/204


Trao i kha

Alice Bob

M ha Gii m

Kha cng khai ca Bob Kha ring ca Bob

Kha ngu nhin Kha ngu nhin

Cc iu kin cn thit

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

93/204


Cc iu kin cn thit Bn B d dng to ra c cp (KUb, KRb) Bn A d dng to ra c C = EKUb(M) Bn B d dng gii m M = DKRb(C) i th khng th xc nh c KRbkhi bit KUb

i th khng th xc nh c M khi bit KUbv C

Mt trong hai kha c th dng m ha trong khi

kha kia c th dng gii m M = DKRb(EKUb(M)) = DKUb(EKRb(M)) Khng thc s cn thit

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

94/204

To kha RSA

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

95/204


To kha RSA Mi bn t to ra mt cp kha cng khai - kha

ring theo cc bc sau : Chn ngu nhin 2 s nguyn t ln p q Tnh n = pq Tnh (n) = (p-1)(q-1) Chn ngu nhin kha m ha e sao cho 1 < e < (n)

v gcd(e, (n)) = 1 Tm kha gii m d n tha mn e.d 1 mod (n)

Cng b kha m ha cng khai KU = {e, n} Gi b mt kha gii m ring KR = {d, n} Cc gi tr b mt p v q b hy b

Thc hin RSA

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

96/204


Thc hin RSA

m ha 1 thng bo nguyn bn M, bn githc hin Ly kha cng khai ca bn nhn KU = {e, n} Tnh C = Me mod n

gii m bn m C nhn c, bn nhn thchin S dng kha ring KR = {d, n} Tnh M = Cd mod n

Lu l thng bo M phi nh hn n Phn thnh nhiu khi nu cn

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

97/204

V d to kha RSA

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

98/204


V d to kha RSA

Chn 2 s nguyn t p = 17 v q = 11 Tnh n = pq = 17 11 = 187 Tnh (n) = (p - 1)(q - 1) = 16 10 = 160 Chn e : gcd(e, 160) = 1 v 1 < e < 160; ly e = 7 Xc nh d : de 1 mod 160 v d 187

Gi tr d = 23 v 23 7 = 161 = 1 160 + 1 Cng b kha cng khai KU = {7, 187} Gi b mt kha ring KR = {23, 187}

Hy b cc gi tr b mt p = 17 v q = 11

V d thc hin RSA

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

99/204


V d thc hin RSA

M ha Gii mNguyn

bnNguyn

bn

Bnm

Chn tham s RSA

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

100/204


Chn tham s RSA

Cn chn p v q ln

Thng chn e nh Thng c th chn cng gi tr ca e cho tt c

ngi dng

Trc y khuyn ngh gi tr ca e l 3, nhnghin nay c coi l qu nh

Thng chn e = 216 - 1 = 65535

Gi tr ca d s ln v kh on

An ninh ca RSA

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

101/204


An ninh ca RSA Kha 128 bit l mt s gia 1 v mt s rt ln

340.282.366.920.938.000.000.000.000.000.000.000.000

C bao nhiu s nguyn t gia 1 v s ny n / ln(n) = 2128 / ln(2128)

3.835.341.275.459.350.000.000.000.000.000.000.000 Cn bao nhiu thi gian nu mi giy c th tnhc 1012sHn 121,617,874,031,562,000 nm (khong 10 triu ln

tui ca v tr) An ninh nhng cn phng nhng im yu

Ph m RSA

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

102/204


S Phng php vt cn

Th tt c cc kha ring c th Ph thuc vo di kha

Phng php phn tch ton hc

Phn n thnh tch 2 s nguyn t p v q

Xc nh trc tip (n) khng thng qua p v q Xc nh trc tip d khng thng qua (n)

Phng php phn tch thi gian

Da trn vic o thi gian gii m C th ngn nga bng cch lm nhiu

Phn tch tha s RSA

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

103/204


Phn tch tha s RSA

An ninh ca RSA da trn phc tp ca vicphn tch tha s n Thi gian cn thit phn tch tha s mt s

ln tng theo hm m vi s bit ca s

Mt nhiu nm khi s ch s thp phn ca nvtqu 100 (gi s lm 1 php tnh nh phn mt 1 s)

Kch thc kha ln m bo an ninh cho RSA T 1024 bit tr ln Gn y nht nm 1999 ph m c 512 bit

(155 ch s thp phn)

H trao i kha Diffie-Hellman

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

104/204


a Gii thut mt m kha cng khai u tin xut bi Whitfield Diffie v Martin Hellman

vo nm 1976 Malcolm Williamson (GCHQ -Anh) pht hin trc

my nm nhng n nm 1997 mi cng b Ch dng trao i kha b mt mt cch anninh trn cc kch thng tin khng an ninh

Kha b mt c tnh ton bi c hai bn An ninh ph thuc vo phc tp ca vic tnh

log ri rc

Thit lp Diffie-Hellman

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

105/204


p Cc bn thng nht vi nhau cc tham s chung

q l mt s nguyn t ln l mt nguyn cn ca q

mod q, 2 mod q,..., q-1mod q l cc s nguyn giao honca cc s t 1 n q - 1

Bn A Chn ngu nhin lm kha ring XA < q Tnh kha cng khai YA =

XA mod q

Bn B Chn ngu nhin lm kha ring XB < q Tnh kha cng khai YB =

XB mod q

Trao i kha Diffie-Hellman

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

106/204


Tnh ton kha b mt

Bn A bit kha ring XA v kha cng khai YBK = YB

XA mod q Bn B bit kha ring XB v kha cng khai YA

K = YAXB mod q

Chng minhYA

XB mod q = (XA mod q)XB mod q= XAXB mod q

= XBXA

mod q= (XB mod q)XA mod q= YB

XA mod q

V d Diffie-Hellman

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

107/204


Alice v Bob mun trao i kha b mt

Cng chn q = 353 v = 3 Chn ngu nhin cc kha ring

Alice chn XA= 97, Bob chn XB = 233

Tnh ton cc kha cng khai YA = 397 mod 353 = 40 (Alice) YB = 3233 mod 353 = 248 (Bob)

Tnh ton kha b mt chung

K = YBXA mod 353 = 24897 mod 353 = 160 (Alice)

K = YAXB mod 353 = 40233 mod 353 = 160 (Bob)

Hn ch ca kha cng khai

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

108/204


g Tc x l

Cc gii thut kha cng khai ch yu dng cc phpnhn chm hn nhiu so vi cc gii thut i xng

Khng thch hp cho m ha thng thng Thng dng trao i kha b mt u phin truyn tin

Tnh xc thc ca kha cng khai Bt c ai cng c th to ra mt kha cng b l

ca mt ngi khc

Chng no vic gi mo cha b pht hin c th cc ni dung cc thng bo gi cho ngi kia Cn m bo nhng ngi ng k kha l ng tin

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

109/204


Chng 4

XC THC & CH K S

Vn xc thc

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

110/204


Cc tiu chun cn xc minh

Thng bo c ngun gc r rng chnh xc Ni dung thng bo ton vn khng b thay i Thng bo c gi ng trnh t v thi im

Mc ch chng li hnh thc tn cng chng (xuyn tc d liu v giao tc) Cc phng php xc thc thng bo

M ha thng bo S dng m xc thc thng bo (MAC) S dng hm bm

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

111/204

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

112/204

Ngun A ch B

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

113/204


a) Xc thc thng bo

b) Xc thc thng bo v bo mt; MAC gn vo nguyn bn

c) Xc thc thng bo v bo mt; MAC gn vo bn m

So snh

So snh

So snh

V sao dng MAC

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

114/204


g Nhiu trng hp ch cn xc thc, khng cn

m ha tn thi gian v ti nguyn Thng bo h thng Chng trnh my tnh

Tch ring cc chc nng bo mt v xc thcs khin vic t chc linh hot hn Chng hn mi chc nng thc hin mt tng ring

Cn m bo tnh ton vn ca thng bo trongsut thi gian tn ti khng ch khi lu chuyn V thng bo c th b thay i sau khi gii m

MAC da trn DES (DAC)

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

115/204


MAC da trn DES (DAC)

M ha M ha M ha M ha

(16 - 64 bits)

Hm bm

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

116/204


To ra mt gi tr bm c kch thc c nh tthng bo u vo (khng dng kha)h = H(M)

Hm bm khng cn gi b mt Gi tr bm gn km vi thng bo dng

kim tra tnh ton vn ca thng bo Bt k s thay i M no d nh cng to ra mt

gi tr h khc

Ngun A ch B

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

117/204


So snh

So snh

So snh

a) Xc thc thng bo v bo mt; m bm gn vo nguyn bn

b) Xc thc thng bo; m bm c m ha s dng phng php i xng

c) Xc thc thng bo; m bm c m ha s dng phng php kha cng khai

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

118/204

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

119/204

Cc hm bm n gin

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

120/204


16 bit

XOR dch vng tri 1 bit XOR mi khi 16 bit

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

121/204

An ninh hm bm v MAC

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

122/204


Kiu tn cng vt cn

Vi hm bm, n lc ph thuc di m ca m bm phc tp ca tnh mt chiu v tnh chng xung t yu

l 2m; ca tnh chng xung t mnh l 2m/2

128 bit c th ph c, thng dng 160 bit

Vi MAC, n lc ph thuc vo di k ca kha v di n ca MAC phc tp l min(2k, 2n) t nht phi l 128 bit

Kiu thm m Hm bm thng gm nhiu vng nh m ha khinn c th tp trung khai thc im yu hm vng

Ch k s

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

123/204


Xc thc thng bo khng c tc dng khi bngi v bn nhn mun gy hi cho nhau Bn nhn gi mo thng bo ca bn gi Bn gi chi l gi thng bo n bn nhn

Ch k s khng nhng gip xc thc thng bom cn bo v mi bn khi bn kia Chc nng ch k s

Xc minh tc gi v thi im k thng bo

Xc thc ni dung thng bo L cn c gii quyt tranh chp

Yu cu i vi ch k s

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

124/204


Ph thuc vo thng bo c k

C s dng thng tin ring ca ngi gi trnh gi mo v chi b

Tng i d to ra

Tng i d nhn bit v kim tra Rt kh gi mo

Bng cch to thng bo khc c cng ch k s

Bng cch to ch k s theo mun cho thng bo Thun tin trong vic lu tr

Ch k s trc tip

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

125/204


Ch lin quan n bn gi v bn nhn

Vi mt m kha cng khai Dng kha ring k ton b thng bo hoc gi tr bm C th m ha s dng kha cng khai ca bn nhn

Quan trng l k trc m ha sau

Ch c tc dng khi kha ring ca bn gi cm bo an ninh Bn gi c th gi v mt kha ring

Cn b xung thng tin thi gian v bo mt kha kp thi Kha ring c th b mt tht

K cp c th gi thng bo vi thng tin thi gian sai lch

Ch k s gin tip

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

126/204


C s tham gia ca mt bn trng ti Nhn thng bo c ch k s t bn gi, kim tra

tnh hp l ca n B xung thng tin thi gian v gi n bn nhn

An ninh ph thuc ch yu vo bn trng ti Cn c bn gi v bn nhn tin tng C th ci t vi m ha i xng hoc m

ha kha cng khai

Bn trng ti c th c php nhn thy hockhng ni dung thng bo

Cc k thut ch k s gin tip

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

127/204


(a) M ha i xng, trng ti thy thng bo

(1) X A : M EKXA[IDX H(M)](2) A Y : EKAY[IDX M EKXA[IDX H(M)] T]

(b) M ha i xng, trng ti khng thy thng bo(1) X A : IDX EK

XY

[M] EKXA

[IDX H(EKXY

[M])]

(2) A Y : EKAY[IDX EKXY[M] EKXA[IDX H(EKXY[M])] T]

(c) M ha kha cng khai, trng ti khng thy thng bo(1) X A : IDX EKRX[IDX EKUY[EKRX[M]]](2) A Y : EKRA[IDX EKUY[EKRX[M]] T]

K hiu : X = Bn gi M = Thng boY = Bn nhn T = Nhn thi gian

A = Trng ti

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

128/204


Chng 5

CC NG DNG XC THC

Gii thiu

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

129/204


Mc ch ca cc ng dng xc thc l h trxc thc v ch k s mc ng dng

Phn lm 2 loi chnh

Da trn m ha i xng

Dch v Kerberos Giao thc Needham-Schroeder

Da trn kha cng khai c chng thc Dch v X.509 H thng PGP

Kerberos

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

130/204


H thng dch v xc thc pht trin bi MIT

Nhm i ph vi cc him ha sau Ngi dng gi danh l ngi khc Ngi dng thay i a ch mng ca client Ngi dng xem trm thng tin trao i v thc hin

kiu tn cng lp li Bao gm 1 server tp trung c chc nng xc

thc ngi dng v cc server dch v phn tn

Tin cy server tp trung thay v cc client Gii phng chc nng xc thc khi cc server dch vv cc client

K hiu

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

131/204


C : Client

AS : Server xc thc V : Server dch v IDC: Danh tnh ngi dng trn C IDV: Danh tnh ca V

PC: Mt khu ca ngi dng trn C ADC: a ch mng ca C KV: Kha b mt chia s bi AS v V

: Php ghp

TGS : Server cp th TS : Nhn thi gian

Mt hi thoi xc thc n gin

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

132/204


Giao thc

(1) C AS : IDC PC IDV(2) AS C : Th(3) C V : IDC Th

Th = EKV[IDC ADC IDV]

Hn ch Mt khu truyn t C n AS khng c bo mt Nu th ch s dng c mt ln th phi cp th

mi cho mi ln truy nhp cng mt dch v

Nu th s dng c nhiu ln th c th b ly cp s dng trc khi ht hn Cn th mi cho mi dch v khc nhau

Hi thoi xc thc Kerberos 4( ) T i i d h th th th

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

133/204


(a) Trao i vi dch v xc thc : c th cp th(1) C AS : IDC IDtgs TS1(2) AS C : EKC[KC,tgs IDtgs TS2 Hn2 Thtgs]

Thtgs = EKtgs[KC,tgs IDC ADC IDtgs TS2 Hn2]

(b) Trao i vi dch v cp th : c th dch v(3) C TGS : IDV Thtgs DuC(4) TGS C : EKC,tgs[KC,V IDV TS4 ThV]

ThV = EKV[KC,V IDC ADC IDV TS4 Hn4]DuC = EKC,tgs[IDC ADC TS3]

(c) Trao i xc thc client/server : c dch v(5) C V : ThV DuC(6) V C : EKC,V[TS5 + 1]

DuC = EKC,V[IDC ADC TS5]

M hnh tng quan Kerberos

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

134/204


Mi phinngi dng

mt ln

Mi dch vmt ln

Mi phindch vmt ln

AS

TGS

Client

Serverdch v

Phn h Kerberos

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

135/204


Mt phn h Kerberos bao gm

Mt server Kerberos cha trong CSDL danh tnh vmt khu bm ca cc thnh vin

Mt s ngi dng ng k lm thnh vin Mt s server dch v, mi server c mt kha b mt

ring ch chia s vi server Kerberos Mi phn h Kerberos thng tng ng vi

mt phm vi hnh chnh

Hai phn h c th tng tc vi nhau nu 2server chia s 1 kha b mt v ng k vi nhau iu kin l phi tin tng ln nhau

1

Phn h A

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

136/204


1

23

4

567

Phn h B

1. Yu cu th cho TGS cc b

2. Th cho TGS cc b

3. Yu cu th cho TGS xa

4. Th cho TGS xa

5. Yu cu th cho server xa

6. Th cho server xa

7. Yu cu dch v xa

Kerberos 5

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

137/204


Pht trin vo gia nhng nm 1990 (sau

Kerberos 4 vi nm) c t trong RFC 1510 C mt s ci tin so vi phin bn 4

Khc phc nhng khim khuyt ca mi trng Ph thuc gii thut m ha, ph thuc giao thc mng, trt

t byte thng bo khng theo chun, gi tr hn dng th cth qu nh, khng cho php y nhim truy nhp, tng tca phn h da trn qu nhiu quan h tay i

Khc phc nhng thiu st k thut M ha hai ln c mt ln tha, phng thc m ha PCBC

m bo tnh ton vn khng chun d b tn cng, khaphin s dng nhiu ln c th b khai thc tn cng lpli, c th b tn cng mt khu

Dch v xc thc X.509

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

138/204


Nm trong lot khuyn ngh X.500 ca ITU-T

nhm chun ha dch v th mc Servers phn tn lu gi CSDL thng tin ngi dng

nh ra mt c cu cho dch v xc thc

Danh b cha cc chng thc kha cng khai Mi chng thc bao gm kha cng khai ca ngidng k bi mt bn chuyn trch chng thc ng tin

nh ra cc giao thc xc thc

S dng mt m kha cng khai v ch k s Khng chun ha gii thut nhng khuyn ngh RSA

Khun dng X.509

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

139/204


Nhn chng thc

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

140/204


C c kha cng khai ca CA (c quan chng

thc) l c th xc minh c chng thc Ch CA mi c th thay i chng thc Chng thc c th t trong mt th mc cng khai

Cu trc phn cp CA Ngi dng c chng thc bi CA ng k Mi CA c hai loi chng thc

Chng thc thun : Chng thc CA hin ti bi CA cp trn Chng thc nghch : Chng thc CA cp trn bi CA hin ti

Cu trc phn cp CA cho php ngi dng xcminh chng thc bi bt k CA no

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

141/204

Thu hi chng thc

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

142/204


Mi chng thc c mt thi hn hp l

C th cn thu hi chng thc trc khi ht hn Kha ring ca ngi dng b tit l Ngi dng khng cn c CA chng thc

Chng thc ca CA b xm phm Mi CA phi duy tr danh sch cc chng thcb thu hi (CRL)

Khi nhn c chng thc, ngi dng phikim tra xem n c trong CRL khng

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

143/204

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

144/204

Gii thiu

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

145/204


Th in t l dch v mng ph dng nht

Hin nay cc thng bo khng c bo mt C th c c ni dung trong qu trnh thng bo di

chuyn trn mng Nhng ngi dng c quyn c th c c ni

dung thng bo trn my ch Thng bo d dng b gi mo bi mt ngi khc Tnh ton vn ca thng bo khng c m bo

Cc gii php xc thc v bo mt thng dng

PGP (Pretty Good Privacy) S/MIME (Secure/Multipurpose Internet Mail Extensions)

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

146/204

Xc thc ca PGP

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

147/204


Ngun A

ch B

So snh

M = Thng bo gc EP = M ha kha cng khaiH = Hm bm DP = Gii m kha cng khai

= Ghp KRa= Kha ring ca AZ = Nn KUa= Kha cng khai ca AZ-1= Ci nn

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

148/204

Xc thc v bo mt ca PGP

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

149/204


Ngun A ch B

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

150/204

Tng thch th in t ca PGP

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

151/204


PGP bao gi cng phi gi d liu nh phn

Nhiu h thng th in t ch chp nhn vnbn ASCII (cc k t c c) Th in t vn ch cha vn bn c c

PGP dng gii thut c s 64 chuyn i d liunh phn sang cc k t ASCII c c Mi 3 byte nh phn chuyn thnh 4 k t c c

Hiu ng ph ca vic chuyn i l kch thcthng bo tng ln 33% Nhng c thao tc nn b li

Bng chuyn i c s 64

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

152/204


Phn v ghp ca PGP

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

153/204


Cc giao thc th in t thng hn ch di ti a ca thng bo V d thng l 50 KB

PGP phn thng bo qu ln thnh nhiu thng

bo nh Vic phn on thng bo thc hin sau tt c

cc cng on khc

Bn nhn s ghp cc thng bo nh trc khithc hin cc cng on khc

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

154/204

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

155/204

Kha cng khai/kha ring PGP

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

156/204


Ngi dng c th c nhiu cp kha cngkhai/kha ring Nhu cu thay i cp kha hin thi Giao tip vi nhiu nhm i tc khc nhau

Hn ch lng thng tin m ha vi mi kha nngcao an ton

Cn ch ra kha cng khai no c s dng m ha kha phin

Cn ch ra ch k ca bn gi tng ng vikha cng khai no

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

157/204

Khun dng thng bo PGP

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

158/204


8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

159/204

Cu trc cc vng kha PGP

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

160/204


8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

161/204

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

162/204

Qun l kha PGP

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

163/204


Thay v da trn cc CA (c quan chng thc),i vi PGP mi ngi dng l mt CA C th k cho nhng ngi dng quen bit trc tip

To nn mt mng li tin cy

Tin cc kha c chnh bn thn k C th tin cc kha nhng ngi dng khc k nuc mt chui cc ch k ti chng

Mi kha c mt ch s tin cy

Cc ngi dng c th thu hi kha ca h

M hnh tin cy PGP (1)

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

164/204


Vi mi kha cng khai ngi dng n nh tin cy vo ch nhn ca n trong trngOwner trust Gi tr ultimate trustc t ng gn nu kha cng

khai c trong vng kha ring Gi tr ngi dng c th gn l unknown, untrusted,

marginally trusted, hay completely trusted

Gi tr cc trng Signature trustc sao

chp t cc trng Owner trusttng ng Nu khng c th c gn gi tr unknown user

M hnh tin cy PGP (2)

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

165/204


Xc nh gi tr ca trng Key legitimacy Nu kha cng khai c t nht mt ch k vi gi tr

Signature trust l ultimateth Key legitimacy lultimate

Nu khng, Key legitimacyc tnh bng tng ctrng s cc gi tr Signature trust

Cc ch k completely trustedc trng s l 1/X Cc ch k marginally trustedc trng s l 1/Y Xv Yl cc tham s do ngi dng xc nh

Nu tng s t hoc vt ngng 1 th Key legitimacyc gn gi tr complete

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

166/204

Thu hi kha cng khai L do thu hi kha cng khai

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

167/204


L do thu hi kha cng khai

ch th bit nguyn bn kha ring ch th bit bn m kha ring v mt khu Trnh s dng cng mt kha trong mt thi gian di

Quy trnh thu hi kha cng khai Ch s hu pht hnh chng thc thu hi kha

Cng khun dng nh chng thc bnh thng nhng baogm ch du thu hi kha cng khai

Chng thc c k vi kha ring tng ng kha cng

khai cn thu hi Mau chng pht tn chng thc mt cch rng ri

cc i tc kp thi cp nht vng kha cng khai

S/MIME Nng cp t chun khun dng th in t

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

168/204


Nng cp t chun khun dng th in t

MIME c thm tnh nng an ninh thng tin MIME khc phc nhng hn ch ca SMTP(Simple Mail Transfer Protocol) Khng truyn c file nh phn (chng trnh, nh,...)

Ch gi c cc k t ASCII 7 bit Khng nhn thng bo vt qu kch thc cho php ...

S/MIME c xu hng tr thnh chun cngnghip s dng trong thng mi v hnh chnh PGP dng cho c nhn

Cc chc nng ca S/MIMEB b d li

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

169/204


Bao bc d liu M ha ni dung thng bo v cc kha lin quan

K d liu Ch k s to thnh nh m ha thng tin tng hp

thng bo s dng kha ring ca ngi k Thng bo v ch k s c chuyn i c s 64

K v nguyn d liu Ch ch k s c chuyn i c s 64

K v bao bc d liu Kt hp k v bao bc d liu

X l chng thc S/MIME

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

170/204


S/MIME s dng cc chng thc kha cngkhai theo X.509 v3 Phng thc qun l kha lai ghp gia cu

trc phn cp CA theo ng X.509 v mng li

tin cy ca PGP Mi ngi dng c mt danh sch cc kha ca

bn thn, danh sch cc kha tin cy v danh

sch thu hi chng thc

Chng thc phi c k bi CA tin cy

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

171/204

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

172/204

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

173/204

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

174/204

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

175/204

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

176/204

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

177/204

Cc dch v IPSec Bao gm

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

178/204


g

iu khin truy nhp Ton vn phi kt ni Xc thc ngun gc d liu T chi cc gi tin lp

Mt hnh thc ca ton vn th t b phn Bo mt (m ha) Bo mt lung tin hu hn

S dng mt trong hai giao thc Giao thc xc thc (ng vi AH) Giao thc xc thc/m ha (ng vi ESP)

Cc lin kt an ninh Khi nim lin kt an ninh (SA)

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

179/204


( )

L quan h mt chiu gia bn gi v bn nhn, chobit cc dch v an ninh i vi lung tin lu chuyn

Mi SA c xc nh duy nht bi 3 tham s Ch mc cc tham s an ninh (SPI)

a ch IP ch nh danh giao thc an ninh

Cc tham s khc lu trong CSDL SA (SAD) S th t, cc thng tin AH v ESP, thi hn,...

CSDL chnh sch an ninh (SPD) cho php iuchnh mc p dng IPSec

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

180/204

Khun dng AH

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

181/204


Ch giao vn v ng hm

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

182/204


8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

183/204

Khun dng ESP

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

184/204


Giao vn v ng hm ESP

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

185/204


Ch giao vn ESP dng m ha v c thc thm chc nng xc thc d liu IP Ch m ha d liu khng m ha phn u D b phn tch lu lng nhng hiu qu

p dng cho truyn ti gia hai im cui Ch ng hm m ha ton b gi tin IP

Phi b xung phn u mi cho mi bc chuyn

p dng cho cc mng ring o, truyn ti thng quacu ni

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

186/204

V d kt hp cc SA

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

187/204


8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

188/204

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

189/204

ISAKMP

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

190/204


Vit tt ca Internet Security Association andKey Management Protocol Cung cp mt c cu cho vic qun l kha nh ngha cc th tc v cc khun dng thng

bo cho vic thit lp, tha thun, sa i, vhy b cc lin kt an ninh

c lp vi giao thc trao i kha, gii thut

m ha, v phng php xc thc

Cc khun dng ISAKMP

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

191/204


8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

192/204

Vn an ninh Web (1) Web c s dng rng ri bi cc cng ty, t

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

193/204


g g g y

chc, v cc c nhn Cc vn c trng i vi an ninh Web Web d b tn cng theo c hai chiu Tn cng Web server s gy tn hi n danh ting

v tin bc ca cng ty Cc phn mm Web thng cha nhiu li an ninh Web server c th b khai thc lm cn c tn

cng vo h thng my tnh ca mt t chc Ngi dng thiu cng c v kin thc i ph vi

cc him ha an ninh

Vn an ninh Web (2) Cc him ha i vi an ninh Web

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

194/204


Tnh ton vn Tnh bo mt T chi dch v Xc thc

Cc bin php an ninh Web

SSL L mt dch v an ninh tng giao vn

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

195/204


g g

Do Netscape khi xng Phin bn 3 c cng b di dng bn tho

Internet

Tr thnh chun TLS Phin bn u tin ca TLS SSLv3.1 tng thchngc vi SSLv3

S dng TCP cung cp dch v an ninh t

u cui ti u cui Gm 2 tng giao thc

M hnh phn tng SSL

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

196/204


Kin trc SSL (1) Kt ni SSL

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

197/204


Lin kt giao tip t im nt ti im nt Mang tnh nht thi Gn vi mt phin giao tc Cc tham s xc nh trng thi kt ni

Cc s ngu nhin chn bi server v client Kha MAC ca server Kha MAC ca client Kha m ha ca server

Kha m ha client Cc vector khi to Cc s th t

Kin trc SSL (2) Phin SSL

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

198/204


Phin SSL Lin kt gia client v server To lp nh giao thc bt tay C th bao gm nhiu kt ni Xc lp mt tp cc tham s an ninh s dng bi tt

c cc kt ni trong phin giao tc nh danh phin Chng thc im nt Phng php nn c t m ha Kha b mt ch C c th tip tc hay khng

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

199/204

Khun dng bn ghi SSL

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

200/204


Giao thc i c t m ha SSL

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

201/204


Mt trong ba giao thc chuyn dng SSL sdng giao thc bn ghi SSL Ch gm mt thng bo cha mt byte d liu

c gi tr l 1

Khin cho trng thi treo tr thnh trng thihin thi Cp nht c t m ha cho kt ni

Giao thc bo ng SSL Dng chuyn ti cc bo ng lin quan n

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

202/204


SSL ti cc thc th im nt Mi thng bo gm 2 byte Byte th nht ch mc nghim trng

Cnh bo : c gi tr l 1

Tai ha : c gi tr l 2 Byte th hai ch ni dung bo ng

Tai ha : unexpected_message, bad_record_mac,decompression_failure, handshake_failure, illegal_parameter

Cnh bo : close_notify, no_certificate, bad_certificate,unsupported_certificate, certificate_revoked,certificate_expired, certificate_unknown

Giao thc bt tay SSL Cho php server v client

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

203/204


Cho php server v client Xc thc ln nhau Tha thun cc gii thut m ha v MAC Tha thun cc kha mt m s c s dng

Gm mt chui cc thng bo trao i giaclient v server Mi thng bo gm 3 trng

Kiu (1 byte)

di (3 byte) Ni dung ( 0 byte)

TLS L phin bn chun Internet ca SSL

8/2/2019 55625419-anninhmangk13mtt-1226419598367568-8

204/204

M t trong RFC 2246 rt ging vi SSLv3 Mt s khc bit nh so vi SSLv3 S phin bn trong khun dng bn ghi SSL S dng HMAC tnh MAC

S dng hm gi ngu nhin khai trin cc gitr b mt

C thm mt s m bo ng Khng h tr Fortezza

55625419-anninhmangk13mtt-1226419598367568-8

Documents