Antoanmang

I HC QUC GIA H NI
TRNG I HC CNG NGH
AN TON MNG
TS. Nguyn i Th
B mn Mng & Truyn thng My tnh
Khoa Cng ngh Thng tin

thond_cn@vnu.edu.vn
Nm hc 2007-2008
Nguyn i Th
An ton Mng
Ti liu tham kho

Sch tham kho chnh
William Stallings. Cryptography and Network Security : Principles
and Practice, Fourth Edition. Prentice Hall, 2005.
Sch tham kho ph

Charlie Kaufman, Radia Perlman, Mike Speciner. Network
Security: Private Communication in a Public World, Second
Edition. Prentice Hall, 2002.
Matt Bishop. Computer Security: Art and Science. Addison
Wesley, 2002.
Man Young Rhee. Internet Security: Cryptographic principles,
algorithms and protocols. John Wiley & Sons, 2003.
Website
http://williamstallings.com
Nguyn i Th
An ton Mng
Chng 1
Gii thiu
Nguyn i Th
An ton Mng
Bi cnh
Nhu cu m bo an ton thng tin c nhng
bin i ln
Trc y
Ch cn cc phng tin vt l v hnh chnh
T khi c my tnh
Cn cc cng c t ng bo v tp tin v cc thng tin khc
lu tr trong my tnh
T khi c cc phng tin truyn thng v mng

Cn cc bin php bo v d liu truyn trn mng
Nguyn i Th
An ton Mng
Cc khi nim
An ton thng tin
Lin quan n cc yu t ti nguyn, nguy c, hnh
ng tn cng, yu im, v iu khin
An ton my tnh
Cc cng c bo v d liu v phng chng tin tc
An ton mng
Cc bin php bo v d liu truyn trn mng
An ton lin mng

Cc bin php bo v d liu truyn trn mt tp hp
cc mng kt ni vi nhau
Nguyn i Th
An ton Mng
Mc tiu mn hc
Ch trng an ton lin mng
Nghin cu cc bin php ngn cn, phng
chng, pht hin v khc phc cc vi phm an
ton lin quan n truyn ti thng tin
Nguyn i Th
An ton Mng
Kin trc an ton OSI

Kin trc an ton cho OSI theo khuyn ngh
X.800 ca ITU-T
nh ra mt phng thc chung cho vic xc
nh cc nhu cu v an ton thng tin
Cung cp mt ci nhn tng quan v cc khi
nim mn hc s cp n
Ch trng n cc hnh ng tn cng,cc c
ch an ton, v cc dch v an ton
Nguyn i Th
An ton Mng
Hnh ng tn cng
L hnh ng ph hoi an ton thng tin ca
mt t chc
An ton thng tin l nhng cch thc ngn nga
cc hnh ng tn cng, nu khng c th
pht hin v khc phc hu qu
Cc hnh ng tn cng c nhiu v a dng
Ch cn tp trung vo nhng th loi chung nht
Lu : nguy c tn cng v hnh ng tn cng
thng c dng ng ngha vi nhau
Nguyn i Th
An ton Mng
Cc hnh ng tn cng
Cc hnh ng tn cng th ng
Nghe trm ni dung thng tin truyn ti
Gim st v phn tch lung thng tin lu chuyn
Cc hnh ng tn cng ch ng
Gi danh mt thc th khc

Pht li cc thng bo trc
Sa i cc thng bo ang lu chuyn
T chi dch v
Nguyn i Th
An ton Mng
Dch v an ton
L mt dch v nng cao an ton ca cc h
thng x l thng tin v cc cuc truyn d liu
trong mt t chc
Nhm phng chng cc hnh ng tn cng
S dng mt hay nhiu c ch an ton
C cc chc nng tng t nh m bo an
ton ti liu vt l
Mt s c trng ca ti liu in t khin vic
cung cp cc chc nng m bo an ton kh
khn hn
Nguyn i Th
An ton Mng
10
Cc dch v an ton
Theo X.800
Dch v an ton l dch v cung cp bi mt tng giao
thc ca cc h thng m kt ni nhm m bo an
ton cho cc h thng v cc cuc truyn d liu
C 5 loi hnh
Theo RFC 2828

Dch v an ton l dch v x l hoc truyn thng
cung cp bi mt h thng bo v ti nguyn theo
mt cch thc nht nh
Nguyn i Th
An ton Mng
11
Cc dch v an ton X.800

Xc thc
m bo thc th truyn thng ng l n
iu khin truy nhp

Ngn khng cho s dng tri php ti nguyn
Bo mt d liu
Bo v d liu khi b tit l tri php
Ton vn d liu
m bo nhn d liu ng nh khi gi
Chng chi b
Ngn khng cho bn lin quan ph nhn hnh ng
Nguyn i Th
An ton Mng
12
C ch an ton
L c ch nh ra pht hin, ngn nga v
khc phc mt hnh ng tn cng
Khng mt c ch n l no c th h tr tt c
cc chc nng m bo an ton thng tin
C mt yu t c bit hu thun nhiu c ch
an ton s dng hin nay l cc k thut mt m
Mn hc s ch trng lnh vc mt m
Nguyn i Th
An ton Mng
13
Cc c ch an ton X.800
Cc c ch an ton chuyn bit
M ha, ch k s, iu khin truy nhp, ton vn d
liu, trao i xc thc, n tin truyn, iu khin nh
tuyn, cng chng
Cc c ch an ton ph qut
Tnh nng ng tin, nhn an ton, pht hin s kin,
du vt kim tra an ton, khi phc an ton
Nguyn i Th
An ton Mng
14
M hnh an ton mng

Bn th ba ng tin
Bn gi
Bn nhn
Chuyn i
lin quan
n an ton
Thng bo
Knh
thng tin
Thng bo an ton
Thng tin
b mt
Thng bo an ton
Thng bo
Chuyn i
lin quan
n an ton
Thng tin
b mt
i th
Nguyn i Th
An ton Mng
15
M hnh an ton mng

Yu cu
Thit k mt gii thut thch hp cho vic chuyn i
lin quan n an ton
To ra thng tin b mt (kha) i km vi gii thut
Pht trin cc phng php phn b v chia s thng
tin b mt
c t mt giao thc s dng bi hai bn gi v nhn
da trn gii thut an ton v thng tin b mt, lm c
s cho mt dch v an ton
Nguyn i Th
An ton Mng
16
M hnh an ton truy nhp mng

Cc ti nguyn tnh ton
(b x l, b nh, ngoi
vi)
i th
- Con ngi
Knh truy nhp
D liu
Cc tin trnh
- Phn mm
Phn mm
Chc nng
gc cng
Nguyn i Th
An ton Mng
Cc iu khin an ton
bn trong
17
M hnh an ton truy nhp mng

Yu cu
La chn cc chc nng gc cng thch hp nh
danh ngi dng
Ci t cc iu khin an ton m bo ch
nhng ngi dng c php mi c th truy nhp
c vo cc thng tin v ti nguyn tng ng
Cc h thng my tnh ng tin cy c th dng

ci t m hnh ny
Nguyn i Th
An ton Mng
18
Chng 2
M HA I XNG
Nguyn i Th
An ton Mng
19
Hai k thut m ha ch yu
M ha i xng
Bn gi v bn nhn s dng chung mt kha
Cn gi l
M ha truyn thng
M ha kha ring / kha n / kha b mt
L k thut m ha duy nht trc nhng nm 70

Hin vn cn c dng rt ph bin
M ha kha cng khai (bt i xng)

Mi bn s dng mt cp kha
Mt kha cng khai + Mt kha ring
Cng b chnh thc nm 1976

Nguyn i Th
An ton Mng
20
Mt s cch phn loi khc

Theo phng thc x l
M ha khi
Mi ln x l mt khi nguyn bn v to ra khi bn m tng
ng (chng hn 64 hay 128 bit)
M ha lung
X l d liu u vo lin tc (chng hn mi ln 1 bit)
Theo phng thc chuyn i

M ha thay th
Chuyn i mi phn t nguyn bn thnh mt phn t bn
m tng ng
M ha hon v
B tr li v tr cc phn t trong nguyn bn
Nguyn i Th
An ton Mng
21
M hnh h m ha i xng
Kha b mt dng chung
bi bn gi v bn nhn
Kha b mt dng chung

bi bn gi v bn nhn
Bn m
truyn i
Nguyn bn
u vo
Nguyn i Th
Gii thut m ha
Gii thut gii m
M ha
Gii m
Y = EK(X)
X = DK(Y)
An ton Mng
Nguyn bn
u ra
22
M hnh h m ha i xng
Gm c 5 thnh phn
Nguyn bn
Gii thut m ha
Kha b mt
Bn m
Gii thut gii m
An ton ph thuc vo s b mt ca kha,

khng ph thuc vo s b mt ca gii thut
Nguyn i Th
An ton Mng
23
Ph m
L n lc gii m vn bn c m ha
khng bit trc kha b mt
C hai phng php ph m
Vt cn
Th tt c cc kha c th
Thm m
Khai thc nhng nhc im ca gii thut
Da trn nhng c trng chung ca nguyn bn hoc mt
s cp nguyn bn - bn m mu
Nguyn i Th
An ton Mng
24
Phng php ph m vt cn
V l thuyt c th th tt c cc gi tr kha cho
n khi tm thy nguyn bn t bn m
Da trn gi thit c th nhn bit c nguyn
bn cn tm
Tnh trung bnh cn th mt na tng s cc
trng hp c th
Thc t khng kh thi nu di kha ln
Nguyn i Th
An ton Mng
25
Thi gian tm kim trung bnh

Kch thc
kha (bit)
S lng kha
Thi gian cn thit

(1 gii m/s)
32
56
128
168
26 k t
(hon v)
2 = 4,3 x 10
256 = 7,2 x 1016
2128 = 3,4 x 1038
2168 = 3,7 x 1050
26! = 4 x 1026
231 s = 35,8 pht

255 s = 1142 nm
2127 s = 5,4 x 1024 nm
2167 s = 5,9 x 1036 nm
2 x 1026 s =
6,4 x 1012 nm
32
Kha DES di 56 bit

Kha AES di 128+ bit
Kha 3DES di 168 bit
Nguyn i Th
Thi gian cn thit

(106 gii m/s)
2,15 ms
10,01 gi
5,4 x 1018 nm
5,9 x 1030 nm
6,4 x 106 nm
Tui v tr : ~ 1010 nm
An ton Mng
26
Cc k thut thm m
Ch c bn m
Ch bit gii thut m ha v bn m hin c
Bit nguyn bn
Bit thm mt s cp nguyn bn - bn m
Chn nguyn bn
Chn 1 nguyn bn, bit bn m tng ng
Chn bn m
Chn 1 bn m, bit nguyn bn tng ng
Chn vn bn
Kt hp chn nguyn bn v chn bn m
Nguyn i Th
An ton Mng
27
An ton h m ha
An ton v iu kin
Bn m khng cha thng tin xc nh duy nht
nguyn bn tng ng, bt k vi s lng bao nhiu
v tc my tnh th no
Ch h m ha n mt ln l an ton v iu kin
An ton tnh ton

Tha mn mt trong hai iu kin
Chi ph ph m vt qu gi tr thng tin
Thi gian ph m vt qu tui th thng tin
Thc t tha mn hai iu kin

Khng c nhc im
Kha c qu nhiu gi tr khng th th ht
Nguyn i Th
An ton Mng
28
M ha thay th c in
Cc ch ci ca nguyn bn c thay th bi
cc ch ci khc, hoc cc s, hoc cc k hiu
Nu nguyn bn c coi nh mt chui bit th
thay th cc mu bit trong nguyn bn bng cc
mu bit ca bn m
Nguyn i Th
An ton Mng
29
H m ha Caesar
L h m ha thay th xut hin sm nht v n
gin nht
S dng u tin bi Julius Caesar vo mc ch
qun s
Dch chuyn xoay vng theo th t ch ci
Kha k l s bc dch chuyn
Vi mi ch ci ca vn bn
t p = 0 nu ch ci l a, p = 1 nu ch ci l b,...
M ha : C = E(p) = (p + k) mod 26
Gii m : p = D(C) = (C - k) mod 26
V d : M ha "meet me after class" vi k = 3

C = phhw ph diwhu fodvv
Nguyn i Th
An ton Mng
30
Ph m h m ha Caesar
Phng php vt cn
Kha ch l mt ch ci (hay mt s gia 1 v 25)
Th tt c 25 kha c th
D dng thc hin
Ba yu t quan trng
Bit trc cc gii thut m ha v gii m
Ch c 25 kha th
Bit v c th d dng nhn ra c ngn ng ca
nguyn bn
V d : Ph m "GCUA VQ DTGCM"
// th ht 25 ch ci
Nguyn i Th
An ton Mng
31
H m ha n bng
Thay mt ch ci ny bng mt ch ci khc
theo trt t bt k sao cho mi ch ci ch c mt
thay th duy nht v ngc li
Kha di 26 ch ci
V d
Kha
a b cd e fg h i j k l mnopqr st u vw x y z
M N B V C X Z AS D F G H J K LP O I U YT R E W Q
Nguyn bn
i love you => C= S GKTC WKY
Nguyn i Th
An ton Mng
32
Ph m h m ha n bng
Phng php vt cn
Kha di 26 k t
S lng kha c th = 26! = 4 x 1026
Rt kh thc hin

Bit r tn s cc ch ci ting Anh
C th suy ra cc cp ch ci nguyn bn - ch ci bn m
V d : ch ci xut hin nhiu nht c th tng ng vi 'e'
C th nhn ra cc b i v b ba ch ci
V d b i : 'th', 'an', 'ed'
V d b ba : 'ing', 'the', 'est'
Nguyn i Th
An ton Mng
33
Cc tn s ch ci ting Anh
Tn s tng i (%)
Nguyn i Th
An ton Mng
34
V d ph m h n bng
Cho bn m
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
Tnh tn s ch ci tng i
on P l e, Z l t
on ZW l th v ZWP l the
Tip tc on v th, cui cng c
it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in moscow
Nguyn i Th
An ton Mng
35
H m ha Playfair (1)
L mt h m ha nhiu ch
Gim bt tng quan cu trc gia bn m v
nguyn bn bng cch m ha ng thi nhiu ch
ci ca nguyn bn
Pht minh bi Charles Wheatstone vo nm

1854, ly tn ngi bn Baron Playfair
S dng 1 ma trn ch ci 5x5 xy dng trn
c s 1 t kha
in cc ch ci ca t kha (b cc ch trng)
in nt ma trn vi cc ch khc ca bng ch ci
I v J chim cng mt ca ma trn
Nguyn i Th
An ton Mng
37
H m ha Playfair (2)
V d ma trn vi t kha MONARCHY
M O N
C H Y
E F G
L P Q
U V W
A
B
I/J
S
X
R
D
K
T
Z
M ha 2 ch ci mt lc
Nu 2 ch ging nhau, tch ra bi 1 ch in thm

Nu 2 ch nm cng hng, thay bi cc ch bn phi
Nu 2 ch nm cng ct, thay bi cc ch bn di
Cc trng hp khc, mi ch ci c thay bi ch
ci khc cng hng, trn ct ch ci cng cp
Nguyn i Th
An ton Mng
38
Ph m h m ha Playfair
An ton m bo hn nhiu h m ha n ch
C 26 x 26 = 676 cp ch ci
Vic gii m tng cp kh khn hn
Cn phn tch 676 tn s xut hin thay v 26
Tng c qun i Anh, M s dng rng ri

Bn m vn cn lu li nhiu cu trc ca
nguyn bn
Vn c th ph m c v ch c vi trm cp
ch ci cn gii m
Nguyn i Th
An ton Mng
39
H m ha Vigenre
L mt h m ha a bng
S dng nhiu bng m ha
Kha gip chn bng tng ng vi mi ch ci
Kt hp 26 h Ceasar (bc dch chuyn 0 - 25)

Kha K = k1k2...kd gm d ch ci s dng lp i lp li
vi cc ch ci ca vn bn
Ch ci th i tng ng vi h Ceasar bc chuyn i
V d
Kha :
deceptivedeceptivedeceptive
Nguyn bn : wearediscoveredsaveyourself
Bn m :
ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Nguyn i Th
An ton Mng
40
The Modern Vigenre
Ph m h m ha Vigenre
Phng php vt cn
Kh thc hin, nht l nu kha gm nhiu ch ci

Cu trc ca nguyn bn c che y tt hn h
Playfair nhng khng hon ton bin mt
Ch vic tm di kha sau ph m tng h Ceasar
Cch tm di kha
Nu di kha nh so vi di vn bn, c th pht hin 1
dy vn bn lp li nhiu ln
Khong cch gia 2 dy vn bn lp l 1 bi s ca di kha
T suy ra di kha
Nguyn i Th
An ton Mng
42
H m ha kha t ng
Vigenre xut t kha khng lp li m c
gn vo u nguyn bn
Nu bit t kha s gii m c cc ch ci u tin
S dng cc ch ci ny lm kha gii m cc ch
cc tip theo,...
V d :
Kha :
deceptivewearediscoveredsav
nguyn bn : wearediscoveredsaveyourself
M ha :
ZICVTWQNGKZEIIGASXSTSLVVWLA
Vn c th s dng k thut thng k ph m

Kha v nguyn bn c cng tn s cc ch ci
Nguyn i Th
An ton Mng
43
n mt ln
L h m ha thay th khng th ph c
xut bi Joseph Mauborgne
Kha ngu nhin, di bng di vn bn,
ch s dng mt ln
Gia nguyn bn v bn m khng c bt k
quan h no v thng k
Vi bt k nguyn bn v bn m no cng tn
ti mt kha tng ng
Kh khn vic to kha v m bo phn phi
kha an ton
Nguyn i Th
An ton Mng
44
M ha hon v c in
Che y ni dung vn bn bng cch sp xp li
trt t cc ch ci
Khng thay i cc ch ci ca nguyn bn
Bn m c tn s xut hin cc ch ci ging nh
nguyn bn
Nguyn i Th
An ton Mng
45
H m ha hng ro
Vit cc ch ci theo ng cho trn mt s
hng nht nh
Sau c theo tng hng mt
V d
Nguyn bn : attack at midnight
M ha vi cao hng ro l 2
t
t
c
a
a
k
m
t
d
i
i
n
h
g
Bn m : ATCAMDIHTAKTINGT
Nguyn i Th
An ton Mng
46
H m ha hng
Vit cc ch ci theo hng vo 1 s ct nht nh

Sau hon v cc ct trc khi c theo ct
Kha l th t c cc ct
V d
Kha :
4 3 1 2 5 6 7
Nguyn bn: a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
attack postponed until two am xyz
Bn m :
TTNAAPTMTSUOAODWCOIXKNLYPETZ
Nguyn i Th
An ton Mng
47
M ha tch hp
Cc h m ha thay th v hon v khng an ton
v nhng c im ca ngn ng
Kt hp s dng nhiu h m ha s khin vic
ph m kh hn
Hai thay th to nn mt thay th phc tp hn
Hai hon v to nn mt hon v phc tp hn
Mt thay th vi mt hon v to nn mt h m ha
phc tp hn nhiu
L cu ni t cc h m ha c in n cc h
m ha hin i
Nguyn i Th
An ton Mng
48
M ha khi
So vi m ha lung
M ha khi x l thng bo theo tng khi
M ha lung x l thng bo 1 bit hoc 1 byte mi ln
Ging nh thay th cc k t rt ln ( 64 bit)

Bng m ha gm 2n u vo (n l di khi)
Mi khi u vo ng vi mt khi m ha duy nht
Tnh thun nghch
di kha l n x 2n bit qu ln
Xy dng t cc khi nh hn
Hu ht cc h m ha khi i xng da trn cu
trc h m ha Feistel
Nguyn i Th
An ton Mng
49
Mng S-P
Mng thay th (S) - hon v (P) xut bi Claude
Shannon vo nm 1949
L c s ca cc h m ha khi hin i
Da trn 2 php m ha c in
Php thay th : Hp S
Php hon v : Hp P
an xen cc chc nng

Khuch tn : Hp P (kt hp vi hp S)
Pht ta cu trc thng k ca nguyn bn khp bn m
Gy ln : Hp S
Lm phc tp ha mi quan h gia bn m v kha
Nguyn i Th
An ton Mng
50
Hp S
u vo
3 bit
0
1
0
0
1
2
3
4
5
6
7
0
1
2
3
4
5
6
7
u ra
3 bit
1
1
0
Lu : Hp S c tnh thun nghch

Nguyn i Th
An ton Mng
51
Hp P
u vo
4 bit
1
0
1
0
Lu : Hp P c tnh thun nghch

Nguyn i Th
An ton Mng
52
M ha Feistel
xut bi Horst Feistel da trn khi nim h
m ha tch hp thun nghch ca Shannon
Phn mi khi di 2w bit thnh 2 na L0 v R0
X l qua n vng
Chia kha K thnh n kha con K1, K2,..., Kn
Ti mi vng i
Thc hin thay th na bn tri Li-1 bng cch XOR
n vi F(Ki, Ri-1)
F thng gi l hm chuyn i hay hm vng
Hon v hai na Li v Ri
Nguyn i Th
An ton Mng
53
Nguyn bn (2w bit)

w bit
L0
+
Vng 1
. . .
w bit
L1
K1
. . .
+
Vng n
R0
R1
Kn
Ln
Rn
Ln+1
Rn+1
Bn m (2w bit)
Nguyn i Th
An ton Mng
54
Cc c trng h Feistel
di khi
Khi cng ln cng an ton (thng 64 bit)
di kha
Kha cng di cng an ton (thng 128 bit)
S vng
Cng nhiu vng cng an ton (thng 16 vng)
Gii thut sinh m con

Cng phc tp cng kh ph m
Hm vng
Cng phc tp cng kh ph m
nh hng n ci t v phn tch

Nguyn i Th
An ton Mng
55
Gii m Feistel
Ging gii thut m ha, ch khc
Bn m l d liu u vo
Cc kha con c dng theo th t ngc li
Ti mi vng kt qu u ra chnh l cc d liu

u vo ca qu trnh m ha
i vi qu trnh m ha
Li = Ri-1
Ri = Li-1 F(Ri-1, Ki)
i vi qu trnh gii m
Ri-1 = Li
Li-1 = Ri F(Li, Ki)
Nguyn i Th
An ton Mng
56
Chun m ha d liu
DES (Data Encryption Standard) c cng nhn
chun nm 1977
Phng thc m ha c s dng rng ri nht
Tn gii thut l DEA (Data Encryption Algorithm)
L mt bin th ca h m ha Feistel, b xung
thm cc hon v u v cui
Kch thc khi : 64 bit
Kch thc kha : 56 bit
S vng : 16
Tng gy nhiu tranh ci v an ton
Nguyn i Th
An ton Mng
57
Gii thut m ha DES

Kha 56 bit
Nguyn bn (64 bit)
giao hon
giao hon thun

vng 1
vng 2
K1
giao hon
dch vng tri
K2
giao hon
dch vng tri
giao hon
dch vng tri
. . .
vng n
Kn
. . .
hon i 32 bit
giao hon nghch
Bn m (64 bit)
Nguyn i Th
An ton Mng
58
Mt vng DES
<-----32 bit------>
Li-1
<-----32 bit------>
Ri-1
m rng g/hon
x
hp S
giao hon
--- 48 bit
K
i
--- 48 bit
--- 32 bit
--- 32 bit
x
Li
Nguyn i Th
Ri
An ton Mng
59
Ph m DES
Kha 56 bit c 256 = 7,2 x 1016 gi tr c th
Phng php vt cn t ra khng thc t
Tc tnh ton cao c th ph c kha
1997 : 70000 my tnh ph m DES trong 96 ngy
1998 : Electronic Frontier Foundation (EFF) ph m
DES bng my chuyn dng (250000$) trong < 3 ngy
1999 : 100000 my tnh ph m trong 22 gi
Vn cn phi nhn bit c nguyn bn

Thc t DES vn c s dng khng c vn
Nu cn an ton hn : 3DES hay chun mi AES
Nguyn i Th
An ton Mng
60
H m ha 3DES
S dng 3 kha v chy 3 ln gii thut DES
M ha : C = EK3[DK2[EK1[p]]]
Gii m : p = DK1[EK2[DK3[C]]]
di kha thc t l 168 bit

Khng tn ti K4 = 56 sao cho C = EK4(p)
V sao 3 ln : trnh tn cng "gp nhau gia"

C = EK2(EK1(p)) X = EK1(p) = DK2(C)
Nu bit mt cp (p, C)
M ha p vi 256 kha v gii m C vi 256 kha
So snh tm ra K1 v K2 tng ng
Kim tra li vi 1 cp (p, C) mi; nu OK th K1 v K2 l kha
Nguyn i Th
An ton Mng
61
Chun m ha tin tin

AES (Advanced Encryption Standard) c cng
nhn chun mi nm 2001
Tn gii thut l Rijndael (Rijmen + Daemen)
An ton hn v nhanh hn 3DES
Kch thc khi : 128 bit
Kch thc kha : 128/192/256 bit
S vng : 10/12/14
Cu trc mng S-P, nhng khng theo h Feistel
Khng chia mi khi lm i
Nguyn i Th
An ton Mng
62
Cc h m ha khi khc (1)

IDEA (International Data Encryption Algorithm)
Khi 64 bit, kha 128 bit, 8 vng
Theo cu trc mng S-P, nhng khng theo h Feistel
Mi khi chia lm 4
Rt an ton
Bn quyn bi Ascom nhng dng min ph
Blowfish
Khi 64 bit, kha 32-448 bit (ngm nh 128 bit), 16 vng

Theo cu trc h Feistel
An ton, kh nhanh v gn nh
T do s dng
Nguyn i Th
An ton Mng
63
Cc h m ha khi khc (2)

RC5
Pht trin bi Ron Rivest

Khi 32/64/128 bit, kha 0-2040 bit, 0-255 vng
n gin, thch hp cc b x l c rng khc nhau
CAST-128
Pht trin bi Carlisle Adams v Stafford Tavares

Khi 64 bit, kha 40-128 bit, 12/16 vng
C 3 loi hm vng dng xen k
Bn quyn bi Entrust nhng dng min ph
Nguyn i Th
An ton Mng
64
Cc phng thc m ha khi

ECB (Electronic Codebook)
M ha tng khi ring r
CBC (Cipher Block Chaining)
Khi nguyn bn hin thi c XOR vi khi bn m

trc
CFB (Cipher Feedback)
M phng m ha lung (n v s bit)
s bit m ha trc c a vo thanh ghi u vo hin thi
OFB (Output Feeback)
s bit tri u ra trc c a vo thanh ghi u vo hin thi
CTR (Counter)
XOR mi khi nguyn bn vi 1 gi tr thanh m m

ha
Nguyn i Th
An ton Mng
65
Phng thc ECB

p1
K
M ha
p2
K
C1
M ha
pN
...
C2
M ha
CN
M ha
C1
K
Gii m
p1
C2
K
Gii m
p2
CN
...
Gii m
pN
Gii m
Nguyn i Th
An ton Mng
66
nh gi ECB
Nhng khi lp li trong nguyn bn c th thy
c trong bn m
Nu thng bo di, c th
Gip phn tch ph m
To c hi thay th hoc b tr li cc khi
Nhc im do cc khi c m ha c lp
Ch yu dng gi thng bo c t khi
V d gi kha
Nguyn i Th
An ton Mng
67
Phng thc CBC

M ha
M ha
pN
...
CN-1
K
M ha
C1
C2
CN
C1
M ha
C2
CN
Gii m
p2
p1
IV
Gii m
...
Gii m
CN-1
IV
p1
p2
pN
Gii m
Nguyn i Th
An ton Mng
68
nh gi CBC
Mi khi m ha ph thuc vo tt c cc khi
nguyn bn trc
S lp li cc khi nguyn bn khng th hin trong bn
m ha
Thay i trong mi khi nguyn bn nh hng n tt
c cc khi bn m v sau
Cn 1 gi tr u IV bn gi v bn nhn u bit
Cn c m ha ging kha
Nn khc nhau i vi cc thng bo khc nhau
Cn x l c bit khi nguyn bn khng y

cui cng
Dng m ha d liu ln, xc thc
Nguyn i Th
An ton Mng
69
M ha CFB
CM-1
IV
Thanh ghi dch
64-s bit | s bit
Thanh ghi dch

64-s bit | s bit
64
M ha
64
M ha
64
Chn
s bit
p1
B i
64-s bit
Thanh ghi dch

64-s bit | s bit
...
64
M ha
64
Chn
s bit
p2
B i
64-s bit
64
Chn
s bit
pM
s
B i
64-s bit
s
C1
Nguyn i Th
C2
CM
An ton Mng
70
Gii m CFB
CM-1
IV
Thanh ghi dch
64-s bit | s bit
Thanh ghi dch

64-s bit | s bit
64
M ha
64
Chn
s bit
64
p1
Nguyn i Th
...
M ha
64
M ha
64
s
Chn
s bit
B i
64-s bit
Thanh ghi dch

64-s bit | s bit
s
C1
64
Chn
s bit
B i
64-s bit
s s
C2
B i
64-s bit
CM
pM
p2
An ton Mng
71
nh gi CFB
Thch hp khi d liu nhn c theo tng n
v bit hay byte
Khng cn n thng bo lm trn khi
Cho php s lng bit bt k
K hiu CFB-1, CFB-8, CFB-64,...
L phng thc lung ph bin nht

Dng gii thut m ha ngay c khi gii m
Li xy ra khi truyn 1 khi m ha s lan rng
sang cc khi tip sau
Nguyn i Th
An ton Mng
72
M ha OFB
OM-1
IV
Thanh ghi dch
64-s bit | s bit
Thanh ghi dch

64-s bit | s bit
64
M ha
64
M ha
64
Chn
s bit
p1
s
Chn
s bit
p2
s
C1
Nguyn i Th
...
64
M ha
64
B i
64-s bit
Thanh ghi dch

64-s bit | s bit
64
Chn
s bit
B i
64-s bit
pM
B i
64-s bit
s
s
C2
CM
An ton Mng
73
Gii m OFB
OM-1
IV
Thanh ghi dch
64-s bit | s bit
Thanh ghi dch

64-s bit | s bit
64
64
M ha
64
Chn
s bit
64
M ha
64
B i
64-s bit
...
M ha
Thanh ghi dch

64-s bit | s bit
Chn
s bit
64
B i
64-s bit
Chn
s bit
B i
64-s bit
s
s
p1
Nguyn i Th
C1
C2
p2
CM
pM
An ton Mng
74
nh gi OFB
Tng t CFB ch khc l phn hi ly t u ra
gii thut m ha, c lp vi thng bo
Khng bao gi s dng li cng kha v IV
Li truyn 1 khi m ha khng nh hng n
cc khi khc
Thng bo d b sa i ni dung
Ch nn dng OFB-64
C th tit kim thi gian bng cch thc hin
gii thut m ha trc khi nhn c d liu
Nguyn i Th
An ton Mng
75
Phng thc CTR

Bin m
M ha
Bin m + 1
M ha
...
C1
M ha
pN
C2
M ha
Bin m + 1
Bin m
M ha
K
C2
C1
p1
M ha
p2
p1
Bin m + N - 1
CN
Bin m + N - 1
...
M ha
K
CN
p2
pN
Gii m
Nguyn i Th
An ton Mng
76
nh gi CTR
Hiu qu cao
C th thc hin m ha (hoc gii m) song song
C th thc hin gii thut m ha trc nu cn
C th x l bt k khi no trc cc khi khc

An ton khng km g cc phng thc khc
n gin, ch cn ci t gii thut m ha,
khng cn n gii thut gii m
Khng bao gi s dng li cng gi tr kha v
bin m (tng t OFB)
Nguyn i Th
An ton Mng
77
B tr cng c m ha
Gii php hu hiu v ph bin nht chng li cc
mi e da n an ton mng l m ha
thc hin m ha, cn xc nh
M ha nhng g
Thc hin m ha u
C 2 phng n c bn
M ha lin kt
M ha u cui
Nguyn i Th
An ton Mng
78
M ha lin kt
Cng c m ha c sp t 2 u ca mi
lin kt c nguy c b tn cng
m bo an ton vic lu chuyn thng tin trn
tt c cc lin kt mng
Cc mng ln cn n rt nhiu cng c m ha
Cn cung cp rt nhiu kha
Nguy c b tn cng ti mi chuyn mch
Cc gi tin cn c m ha mi khi i vo mt
chuyn mch gi c c a ch phn u
Thc hin tng vt l hoc tng lin kt

Nguyn i Th
An ton Mng
79
M ha u cui
Qu trnh m ha c thc hin 2 h thng
u cui
m bo an ton d liu ngi dng
Ch cn mt kha cho 2 u cui
m bo xc thc mc nht nh
Mu lu chuyn thng tin khng c bo v
Cc phn u gi tin cn c truyn ti tng minh
Thc hin tng mng tr ln

Cng ln cao cng t thng tin cn m ha v cng an
ton nhng cng phc tp vi nhiu thc th v kha
Nguyn i Th
An ton Mng
80
Kt hp cc phng n m ha
Cng c m ha u cui
Cng c m ha lin kt
Nguyn i Th
An ton Mng
PSN : Packet-switching node

81
Qun l kha b mt
Vn i vi m ha i xng l lm sao phn
phi kha an ton n cc bn truyn tin
Thng h thng mt an ton l do khng qun l tt
vic phn phi kha b mt
Phn cp kha
Kha phin (tm thi)
Dng m ha d liu trong mt phin kt ni
Hy b khi ht phin
Kha ch (lu di)

Dng m ha cc kha phin, m bo phn phi chng
mt cch an ton
Nguyn i Th
An ton Mng
82
Cc cch phn phi kha

Kha c th c chn bi bn A v gi theo
ng vt l n bn B
Kha c th c chn bi mt bn th ba, sau
gi theo ng vt l n A v B
Nu A v B c mt kha dng chung th mt
bn c th gi kha mi n bn kia, s dng
kha c m ha kha mi
Nu mi bn A v B u c mt knh m ha
n mt bn th ba C th C c th gi kha theo
cc knh m ha n A v B
Nguyn i Th
An ton Mng
83
Phn phi kha t ng

1.
2.
3.
4.
Host gi gi tin yu cu kt ni
FEP m gi tin; hi KDC kha phin
KDC phn phi kha phin n 2 host
Gi tin m c truyn i
FEP = Front End Processor

KDC = Key Distribution Center
Nguyn i Th
An ton Mng
84
Chng 3
MT M KHA CNG KHAI
Nguyn i Th
An ton Mng
85
Gii thiu
Nhng hn ch ca mt m i xng
Vn phn phi kha
Kh m bo chia s m khng lm l kha b mt
Trung tm phn phi kha c th b tn cng
Khng thch hp cho ch k s

Bn nhn c th lm gi thng bo ni nhn c t bn gi
Mt m kha cng khai xut bi Whitfield

Diffie v Martin Hellman vo nm 1976
Khc phc nhng hn ch ca mt m i xng
C th coi l bc t ph quan trng nht trong lch
s ca ngnh mt m
B xung ch khng thay th mt m i xng
Nguyn i Th
An ton Mng
86
c im mt m kha cng
khai
Cn gi l mt m hai kha hay bt i xng

Cc gii thut kha cng khai s dng 2 kha
Mt kha cng khai
Ai cng c th bit
Dng m ha thng bo v thm tra ch k
Mt kha ring
Ch ni gi c bit
Dng gii m thng bo v k (to ra) ch k
C tnh bt i xng
Bn m ha khng th gii m thng bo
Bn thm tra khng th to ch k
Nguyn i Th
An ton Mng
87
M ha kha cng khai

Cc kha cng khai
Ted
Joy
Mike
Alice
Kha cng khai
ca Alice
Kha ring
ca Alice
Bn m
truyn i
Nguyn bn
u vo
Nguyn i Th
Gii thut
gii m
Gii thut
m ha
An ton Mng
Nguyn bn
u ra
88
Xc thc
Cc kha cng khai
Ted
Joy
Mike
Bob
Kha cng khai
ca Bob
Kha ring
ca Bob
Bn m
truyn i
Nguyn bn
u vo
Nguyn i Th
Gii thut
gii m
Gii thut
m ha
An ton Mng
Nguyn bn
u ra
89
ng dng mt m kha cng khai

C th phn ra 3 loi ng dng
M ha/gii m
m bo s b mt ca thng tin
Ch k s
H tr xc thc vn bn
Trao i kha
Cho php chia s kha phin trong m ha i xng
Mt s gii thut kha cng khai thch hp cho

c 3 loi ng dng; mt s khc ch c th dng
cho 1 hay 2 loi
Nguyn i Th
An ton Mng
90
M hnh m bo b mt
K
ph m
ch B
Ngun A
Ngun
th. bo
Gii thut
gii m
Gii thut
m ha
ch
th. bo
Ngun
cp kha
Nguyn i Th
An ton Mng
91
M hnh xc thc
K
ph m
ch B
Ngun A
Ngun
th. bo
Gii thut
gii m
Gii thut
m ha
ch
th. bo
Ngun
cp kha
Nguyn i Th
An ton Mng
92
M hnh kt hp
ch B
Ngun A
Ngun
th. bo
G. thut
m ha
G. thut
m ha
G. thut
gii m
G. thut
gii m
ch
th. bo
Ngun
cp kha
Ngun
cp kha
Nguyn i Th
An ton Mng
93
Trao i kha
Kha ngu nhin
Kha ngu nhin
Alice
Bob
M ha
Gii m
Kha cng khai ca Bob
Kha ring ca Bob
Nguyn i Th
An ton Mng
94
Cc iu kin cn thit
Bn B d dng to ra c cp (KUb, KRb)
Bn A d dng to ra c C = EKUb(M)
Bn B d dng gii m M = DKRb(C)
i th khng th xc nh c KRb khi bit KUb
i th khng th xc nh c M khi bit KUb
v C
Mt trong hai kha c th dng m ha trong khi
kha kia c th dng gii m
M = DKRb(EKUb(M)) = DKUb(EKRb(M))
Khng thc s cn thit
Nguyn i Th
An ton Mng
95
H m ha RSA
xut bi Ron Rivest, Adi Shamir v Len
Adleman (MIT) vo nm 1977
H m ha kha cng khai ph dng nht
M ha khi vi mi khi l mt s nguyn < n
Thng kch c n l 1024 bit 309 ch s thp phn
ng k bn quyn nm 1983, ht hn nm 2000

An ton v chi ph phn tch tha s ca mt s
nguyn ln l rt ln
Nguyn i Th
An ton Mng
96
To kha RSA
Mi bn t to ra mt cp kha cng khai - kha
ring theo cc bc sau :
Chn ngu nhin 2 s nguyn t ln p q
Tnh n = pq
Tnh (n) = (p-1)(q-1)
Chn ngu nhin kha m ha e sao cho 1 < e < (n)
v gcd(e, (n)) = 1
Tm kha gii m d n tha mn e.d 1 mod (n)
Cng b kha m ha cng khai KU = {e, n}

Gi b mt kha gii m ring KR = {d, n}
Cc gi tr b mt p v q b hy b
Nguyn i Th
An ton Mng
97
Thc hin RSA

m ha 1 thng bo nguyn bn M, bn gi
thc hin
Ly kha cng khai ca bn nhn KU = {e, n}
Tnh C = Me mod n
gii m bn m C nhn c, bn nhn thc

hin
S dng kha ring KR = {d, n}
Tnh M = Cd mod n
Lu l thng bo M phi nh hn n
Phn thnh nhiu khi nu cn
Nguyn i Th
An ton Mng
98
V sao RSA kh thi

Theo nh l Euler
a, n : gcd(a, n) = 1 a(n) mod n = 1
(n) l s cc s nguyn dng nh hn n v nguyn
t cng nhau vi n
i vi RSA c
n = pq vi p v q l cc s nguyn t
(n) = (p - 1)(q - 1)
ed 1 mod (n) s nguyn k : ed = k(n) + 1
M<n
C th suy ra
Cd mod n = Med mod n = Mk(n) + 1 mod n = M mod n = M
Nguyn i Th
An ton Mng
99
V d to kha RSA
Chn 2 s nguyn t p = 17 v q = 11
Tnh n = pq = 17 11 = 187
Tnh (n) = (p - 1)(q - 1) = 16 10 = 160
Chn e : gcd(e, 160) = 1 v 1 < e < 160; ly e = 7
Xc nh d : de 1 mod 160 v d 187
Gi tr d = 23 v 23 7 = 161 = 1 160 + 1
Cng b kha cng khai KU = {7, 187}
Gi b mt kha ring KR = {23, 187}
Hy b cc gi tr b mt p = 17 v q = 11
Nguyn i Th
An ton Mng
100
V d thc hin RSA

M ha
Nguyn
bn
Nguyn i Th
Gii m
Bn
m
An ton Mng
Nguyn
bn
101
Chn tham s RSA

Cn chn p v q ln
Thng chn e nh
Thng c th chn cng gi tr ca e cho tt c
ngi dng
Trc y khuyn ngh gi tr ca e l 3, nhng
hin nay c coi l qu nh
Thng chn e = 216 - 1 = 65535
Gi tr ca d s ln v kh on
Nguyn i Th
An ton Mng
102
An ton ca RSA
Kha 128 bit l mt s gia 1 v mt s rt ln
340.282.366.920.938.000.000.000.000.000.000.000.000
C bao nhiu s nguyn t gia 1 v s ny

n / ln(n) = 2128 / ln(2128)
3.835.341.275.459.350.000.000.000.000.000.000.000
Cn bao nhiu thi gian nu mi giy c th tnh

c 1012 s
Hn 121,617,874,031,562,000 nm (khong 10 triu ln
tui ca v tr)
An ton nhng cn phng nhng im yu

Nguyn i Th
An ton Mng
103
Ph m RSA
Phng php vt cn
Th tt c cc kha ring c th
Ph thuc vo di kha
Phng php phn tch ton hc

Phn n thnh tch 2 s nguyn t p v q
Xc nh trc tip (n) khng thng qua p v q
Xc nh trc tip d khng thng qua (n)
Phng php phn tch thi gian

Da trn vic o thi gian gii m
C th ngn nga bng cch lm nhiu
Nguyn i Th
An ton Mng
104
Phn tch tha s RSA

An ton ca RSA da trn phc tp ca vic
phn tch tha s n
Thi gian cn thit phn tch tha s mt s
ln tng theo hm m vi s bit ca s
Mt nhiu nm khi s ch s thp phn ca n vt
qu 100 (gi s lm 1 php tnh nh phn mt 1 s)
Kch thc kha ln m bo an ton cho RSA

T 1024 bit tr ln
Gn y nht nm 1999 ph m c 512 bit (155
ch s thp phn)
Nguyn i Th
An ton Mng
105
H trao i kha Diffie-Hellman

Gii thut mt m kha cng khai u tin
xut bi Whitfield Diffie v Martin Hellman
vo nm 1976
Malcolm Williamson (GCHQ - Anh) pht hin trc
my nm nhng n nm 1997 mi cng b
Ch dng trao i kha b mt mt cch an

ton trn cc knh thng tin khng an ton
Kha b mt c tnh ton bi c hai bn
An ton ph thuc vo phc tp ca vic tnh
log ri rc
Nguyn i Th
An ton Mng
106
Thit lp Diffie-Hellman
Cc bn thng nht vi nhau cc tham s chung
q l mt s nguyn t ln
l mt nguyn cn ca q
mod q, 2 mod q,..., q-1 mod q l cc s nguyn giao hon
ca cc s t 1 n q - 1
Bn A
Chn ngu nhin lm kha ring XA < q
Tnh kha cng khai YA = XA mod q
Bn B
Chn ngu nhin lm kha ring XB < q
Tnh kha cng khai YB = XB mod q
Nguyn i Th
An ton Mng
107
Trao i kha Diffie-Hellman

Tnh ton kha b mt
Bn A bit kha ring XA v kha cng khai YB
K = YBXA mod q
Bn B bit kha ring XB v kha cng khai YA
K = YAXB mod q
Chng minh
YAXB mod q = (XA mod q)XB mod q
= XAXB mod q
= XBXA mod q
= (XB mod q)XA mod q
= YBXA mod q
Nguyn i Th
An ton Mng
108
V d Diffie-Hellman
Alice v Bob mun trao i kha b mt
Cng chn q = 353 v = 3
Chn ngu nhin cc kha ring
Alice chn XA = 97, Bob chn XB = 233
Tnh ton cc kha cng khai

YA = 397 mod 353 = 40 (Alice)
YB = 3233 mod 353 = 248 (Bob)
Tnh ton kha b mt chung

K = YBXA mod 353 = 24897 mod 353 = 160
K = YAXB mod 353 = 40233 mod 353 = 160
Nguyn i Th
An ton Mng
(Alice)
(Bob)
109
Hn ch ca kha cng khai

Tc x l
Cc gii thut kha cng khai ch yu dng cc php
nhn chm hn nhiu so vi cc gii thut i xng
Khng thch hp cho m ha thng thng
Thng dng trao i kha b mt u phin truyn tin
Tnh xc thc ca kha cng khai

Bt c ai cng c th to ra mt kha cng b l
ca mt ngi khc
Chng no vic gi mo cha b pht hin c th c
c ni dung cc thng bo gi cho ngi kia
Cn m bo nhng ngi ng k kha l ng tin
Nguyn i Th
An ton Mng
110
Chng 4
XC THC & CH K S
Nguyn i Th
An ton Mng
111
Vn xc thc
Cc tiu chun cn xc minh
Thng bo c ngun gc r rng chnh xc
Ni dung thng bo ton vn khng b thay i
Thng bo c gi ng trnh t v thi im
Mc ch chng li hnh thc tn cng ch

ng (xuyn tc d liu v giao tc)
Cc phng php xc thc thng bo
M ha thng bo
S dng m xc thc thng bo (MAC)
S dng hm bm
Nguyn i Th
An ton Mng
112
Xc thc bng cch m ha

S dng m ha i xng
Thng bo gi t ng ngun v ch c ngi gi
mi bit kha b mt dng chung
Ni dung khng th b thay i v nguyn bn c cu
trc nht nh
Cc gi tin c nh s th t v m ha nn
khng th thay i trnh t v thi im nhn c
S dng m ha kha cng khai

Khng ch xc thc thng bo m cn to ch k s
Phc tp v mt thi gian hn m ha i xng
Nguyn i Th
An ton Mng
113
M xc thc thng bo (MAC)

Khi kch thc nh c nh gn vo thng bo
to ra t thng bo v kha b mt chung
Bn nhn thc hin cng gii thut trn thng bo
v kha so xem MAC c chnh xc khng
Gii thut to MAC ging nh gii thut m ha
nhng khng cn nghch c
C th nhiu thng bo cng c chung MAC
Nhng nu bit mt thng bo v MAC ca n, rt kh
tm ra mt thng bo khc c cng MAC
Cc thng bo c cng xc sut to ra MAC
p ng 3 tiu chun xc thc

Nguyn i Th
An ton Mng
114
ch B
Ngun A
So snh
a) Xc thc thng bo
So snh
b) Xc thc thng bo v bo mt; MAC gn vo nguyn bn
So snh
c) Xc thc thng bo v bo mt; MAC gn vo bn m

Nguyn i Th
An ton Mng
115
V sao dng MAC

Nhiu trng hp ch cn xc thc, khng cn
m ha tn thi gian v ti nguyn
Thng bo h thng
Chng trnh my tnh
Tch ring cc chc nng bo mt v xc thc

s khin vic t chc linh hot hn
Chng hn mi chc nng thc hin mt tng ring
Cn m bo tnh ton vn ca thng bo trong

sut thi gian tn ti khng ch khi lu chuyn
V thng bo c th b thay i sau khi gii m
Nguyn i Th
An ton Mng
116
MAC da trn DES (DAC)
M ha
M ha
M ha
M ha
(16 - 64 bits)
Nguyn i Th
An ton Mng
117
Hm bm
To ra mt gi tr bm c kch thc c nh t
thng bo u vo (khng dng kha)
h = H(M)
Hm bm khng cn gi b mt
Gi tr bm gn km vi thng bo dng
kim tra tnh ton vn ca thng bo
Bt k s thay i M no d nh cng to ra mt
gi tr h khc
Nguyn i Th
An ton Mng
118
Ngun A
ch B
So snh
a) Xc thc thng bo v bo mt; m bm gn vo nguyn bn
So snh
b) Xc thc thng bo; m bm c m ha s dng phng php i xng
So snh
c) Xc thc thng bo; m bm c m ha s dng phng php kha cng khai

Nguyn i Th
An ton Mng
119
Ngun A
ch B
So snh
d) Xc thc bng m ha kha cng khai v bo mt bng m ha i xng
So snh
e) Xc thc khng cn m ha nh hai bn chia s mt gi tr b mt chung
So snh
f) Xc thc nh mt gi tr b mt chung; bo mt bng phng php i xng

Nguyn i Th
An ton Mng
120
Yu cu i vi hm bm
C th p dng vi thng bo M c di bt k
To ra gi tr bm h c di c nh
H(M) d dng tnh c vi bt k M no
T h rt kh tm c M sao cho H(M) = h
Tnh mt chiu
T M1 rt kh tm c M2 sao cho H(M2) = H(M1)

Tnh chng xung t yu
Rt kh tm c (M1, M2) sao cho H(M1) = H(M2)

Tnh chng xung t mnh
Nguyn i Th
An ton Mng
121
Cc hm bm n gin
16 bit
XOR dch vng tri 1XOR

bit mi khi 16 bit
Nguyn i Th
An ton Mng
122
Kiu tn cng ngy sinh

Nghch l ngy sinh
Trong 23 ngi, xc sut tm ra 1 ngi khc c cng
ngy sinh vi A l 6%
Xc sut 2 trong 23 ngi c cng ngy sinh l 50%
Cch thc tn cng m bm m bit

To ra 2m/2 bin th ng ngha ca thng bo hp l
To ra 2m/2 bin th ca thng bo gi mo
So snh 2 tp thng bo vi nhau tm ra 1 cp c cng
m bm (xc sut > 0,5 theo nghch l ngy sinh)
ngi gi k bin th hp l, ri dng ch k gn
vo bin th gi mo
Nguyn i Th
An ton Mng
123
An ton hm bm v MAC
Kiu tn cng vt cn
Vi hm bm, n lc ph thuc di m ca m bm
phc tp ca tnh mt chiu v tnh chng xung t yu
l 2m; ca tnh chng xung t mnh l 2m/2
128 bit c th ph c, thng dng 160 bit
Vi MAC, n lc ph thuc vo di k ca kha v

di n ca MAC
phc tp l min(2k, 2n)
t nht phi l 128 bit
Kiu thm m
Hm bm thng gm nhiu vng nh m ha khi
nn c th tp trung khai thc im yu hm vng
Nguyn i Th
An ton Mng
124
Ch k s
Xc thc thng bo khng c tc dng khi bn
gi v bn nhn mun gy hi cho nhau
Bn nhn gi mo thng bo ca bn gi
Bn gi chi l gi thng bo n bn nhn
Ch k s khng nhng gip xc thc thng bo

m cn bo v mi bn khi bn kia
Chc nng ch k s
Xc minh tc gi v thi im k thng bo
Xc thc ni dung thng bo
L cn c gii quyt tranh chp
Nguyn i Th
An ton Mng
125
Yu cu i vi ch k s
Ph thuc vo thng bo c k
C s dng thng tin ring ca ngi gi
trnh gi mo v chi b
Tng i d to ra
Tng i d nhn bit v kim tra
Rt kh gi mo
Bng cch to thng bo khc c cng ch k s
Bng cch to ch k s theo mun cho thng bo
Thun tin trong vic lu tr

Nguyn i Th
An ton Mng
126
Ch k s trc tip
Ch lin quan n bn gi v bn nhn
Vi mt m kha cng khai
Dng kha ring k ton b thng bo hoc gi tr bm
C th m ha s dng kha cng khai ca bn nhn
Quan trng l k trc m ha sau
Ch c tc dng khi kha ring ca bn gi c

m bo an ton
Bn gi c th gi v mt kha ring
Cn b xung thng tin thi gian v bo mt kha kp thi
Kha ring c th b mt tht

K cp c th gi thng bo vi thng tin thi gian sai lch
Nguyn i Th
An ton Mng
127
Ch k s gin tip
C s tham gia ca mt bn trng ti
Nhn thng bo c ch k s t bn gi, kim tra
tnh hp l ca n
B xung thng tin thi gian v gi n bn nhn
An ton ph thuc ch yu vo bn trng ti

Cn c bn gi v bn nhn tin tng
C th ci t vi m ha i xng hoc m
ha kha cng khai
Bn trng ti c th c php nhn thy hoc
khng ni dung thng bo
Nguyn i Th
An ton Mng
128
Cc k thut ch k s gin tip

(a) M ha i xng, trng ti thy thng bo
(1) X A : M EKXA[IDX H(M)]
(2) A Y : EKAY[IDX M EKXA[IDX H(M)] T]
(b) M ha i xng, trng ti khng thy thng bo

(1) X A : IDX EKXY[M] EKXA[IDX H(EKXY[M])]
(2) A Y : EKAY[IDX EKXY[M] EKXA[IDX H(EKXY[M])] T]
(c) M ha kha cng khai, trng ti khng thy thng bo

(1) X A : IDX EKRX[IDX EKUY[EKRX[M]]]
(2) A Y : EKRA[IDX EKUY[EKRX[M]] T]
K hiu : X = Bn gi
M = Thng bo
Y = Bn nhn T = Nhn thi gian
A = Trng ti
Nguyn i Th
An ton Mng
129
Chng 5
CC NG DNG XC THC
Nguyn i Th
An ton Mng
130
Gii thiu
Mc ch ca cc ng dng xc thc l h tr
xc thc v ch k s mc ng dng
Phn lm 2 loi chnh
Da trn m ha i xng
Dch v Kerberos
Giao thc Needham-Schroeder
Da trn kha cng khai c chng thc

Dch v X.509
H thng PGP
Nguyn i Th
An ton Mng
131
Kerberos
H thng dch v xc thc pht trin bi MIT
Nhm i ph vi cc him ha sau
Ngi dng gi danh l ngi khc
Ngi dng thay i a ch mng ca client
Ngi dng xem trm thng tin trao i v thc hin
kiu tn cng lp li
Bao gm 1 server tp trung c chc nng xc

thc ngi dng v cc server dch v phn tn
Tin cy server tp trung thay v cc client
Gii phng chc nng xc thc khi cc server dch v
v cc client
Nguyn i Th
An ton Mng
132
K hiu
C : Client
AS : Server xc thc
V : Server dch v
IDC : Danh tnh ngi dng trn C
IDV : Danh tnh ca V
PC : Mt khu ca ngi dng trn C
ADC : a ch mng ca C
KV : Kha b mt chia s bi AS v V
: Php ghp
TGS : Server cp th (ticket granting server)
TS : Nhn thi gian
Nguyn i Th
An ton Mng
133
Mt hi thoi xc thc n gin

Giao thc
(1) C AS : IDC PC IDV
(2) AS C : Th
(3) C V : IDC Th
Th = EKV[IDC ADC IDV]
Hn ch
Mt khu truyn t C n AS khng c bo mt
Nu th ch s dng c mt ln th phi cp th
mi cho mi ln truy nhp cng mt dch v
Nu th s dng c nhiu ln th c th b ly cp
s dng trc khi ht hn
Cn th mi cho mi dch v khc nhau
Nguyn i Th
An ton Mng
134
Hi thoi xc thc Kerberos 4

(a) Trao i vi dch v xc thc : c th cp th
(1) C AS : IDC IDtgs TS1
(2) AS C : EKC[KC,tgs IDtgs TS2 Hn2 Thtgs]
Thtgs = EKtgs[KC,tgs IDC ADC IDtgs TS2 Hn2]
(b) Trao i vi dch v cp th : c th dch v

(3) C TGS : IDV Thtgs DuC
(4) TGS C : EKC,tgs[KC,V IDV TS4 ThV]
ThV = EKV[KC,V IDC ADC IDV TS4 Hn4]
DuC = EKC,tgs[IDC ADC TS3]
(c) Trao i xc thc client/server : c dch v

(5) C V : ThV DuC
(6) V C : EKC,V[TS5 + 1]
DuC = EKC,V[IDC ADC TS5]
Nguyn i Th
An ton Mng
135
M hnh tng quan Kerberos

Mi phin
ngi dng
mt ln
Client
cu
Yu p th
th c
hin
p
a
+ kh
h
T
d ch v
h
t
u
Yu c
n
a ph i
h
k
+
Th
AS
TGS
Mi dch v
mt ln
Y
uc
u
G
id
Mi phin
dch v
mt ln
Nguyn i Th
ser
dc
hv
Server
dch v
ver
An ton Mng
136
Phn h Kerberos
Mt phn h Kerberos bao gm
Mt server Kerberos cha trong CSDL danh tnh v
mt khu bm ca cc thnh vin
Mt s ngi dng ng k lm thnh vin
Mt s server dch v, mi server c mt kha b mt
ring ch chia s vi server Kerberos
Mi phn h Kerberos thng tng ng vi

mt phm vi hnh chnh
Hai phn h c th tng tc vi nhau nu 2
server chia s 1 kha b mt v ng k vi nhau
iu kin l phi tin tng ln nhau
Nguyn i Th
An ton Mng
137
Phn h A
1
3
2
1. Yu cu th cho TGS cc b
2. Th cho TGS cc b
3. Yu cu th cho TGS xa
4. Th cho TGS xa
5. Yu cu th cho server xa
6. Th cho server xa
7. Yu cu dch v xa
Phn h B
Nguyn i Th
An ton Mng
138
Kerberos 5
Pht trin vo gia nhng nm 1990 (sau
Kerberos 4 vi nm) c t trong RFC 1510
C mt s ci tin so vi phin bn 4
Khc phc nhng khim khuyt ca mi trng
Ph thuc gii thut m ha, ph thuc giao thc mng, trt
t byte thng bo khng theo chun, gi tr hn dng th c
th qu nh, khng cho php y nhim truy nhp, tng tc
a phn h da trn qu nhiu quan h tay i
Khc phc nhng thiu st k thut

M ha hai ln c mt ln tha, phng thc m ha PCBC
m bo tnh ton vn khng chun d b tn cng, kha
phin s dng nhiu ln c th b khai thc tn cng lp
li, c th b tn cng mt khu
Nguyn i Th
An ton Mng
139
Dch v xc thc X.509

Nm trong lot khuyn ngh X.500 ca ITU-T
nhm chun ha dch v th mc
Servers phn tn lu gi CSDL thng tin ngi dng
nh ra mt c cu cho dch v xc thc

Danh b cha cc chng thc kha cng khai
Mi chng thc bao gm kha cng khai ca ngi
dng k bi mt bn chuyn trch chng thc ng tin
nh ra cc giao thc xc thc

S dng mt m kha cng khai v ch k s
Khng chun ha gii thut nhng khuyn ngh RSA
Nguyn i Th
An ton Mng
140
Khun dng X.509
Nguyn i Th
An ton Mng
141
Nhn chng thc

C c kha cng khai ca CA (c quan chng
thc) l c th xc minh c chng thc
Ch CA mi c th thay i chng thc
Chng thc c th t trong mt th mc cng khai
Cu trc phn cp CA
Ngi dng c chng thc bi CA ng k
Mi CA c hai loi chng thc
Chng thc thun : Chng thc CA hin ti bi CA cp trn
Chng thc nghch : Chng thc CA cp trn bi CA hin ti
Cu trc phn cp CA cho php ngi dng xc

minh chng thc bi bt k CA no
Nguyn i Th
An ton Mng
142
Phn cp X.509
Nguyn i Th
An ton Mng
143
Thu hi chng thc

Mi chng thc c mt thi hn hp l
C th cn thu hi chng thc trc khi ht hn
Kha ring ca ngi dng b tit l
Ngi dng khng cn c CA chng thc
Chng thc ca CA b xm phm
Mi CA phi duy tr danh sch cc chng thc b

thu hi (CRL)
Khi nhn c chng thc, ngi dng phi
kim tra xem n c trong CRL khng
Nguyn i Th
An ton Mng
144
Cc th tc xc thc
Nguyn i Th
An ton Mng
145
Chng 6
AN TON TH IN T
Nguyn i Th
An ton Mng
146
Gii thiu
Th in t l dch v mng ph dng nht
Hin nay cc thng bo khng c bo mt
C th c c ni dung trong qu trnh thng bo di
chuyn trn mng
Nhng ngi dng c quyn c th c c ni
dung thng bo trn my ch
Thng bo d dng b gi mo bi mt ngi khc
Tnh ton vn ca thng bo khng c m bo
Cc gii php xc thc v bo mt thng dng

PGP (Pretty Good Privacy)
S/MIME (Secure/Multipurpose Internet Mail Extensions)
Nguyn i Th
An ton Mng
147
PGP
Do Phil Zimmermann pht trin vo nm 1991
Chng trnh min ph, chy trn nhiu mi
trng khc nhau (phn cng, h iu hnh)
C phin bn thng mi nu cn h tr k thut
Da trn cc gii thut mt m an ton nht

Ch yu ng dng cho th in t v file
c lp vi cc t chc chnh ph
Bao gm 5 dch v: xc thc, bo mt, nn,
tng thch th in t, phn v ghp
Ba dch v sau trong sut i vi ngi dng
Nguyn i Th
An ton Mng
148
Xc thc ca PGP
Ngun A
ch B
So snh
M = Thng bo gc
H = Hm bm
= Ghp
Z = Nn
Z-1 = Ci nn
Nguyn i Th
EP = M ha kha cng khai

DP = Gii m kha cng khai
KRa = Kha ring ca A
KUa = Kha cng khai ca A
An ton Mng
149
Bo mt ca PGP
Ngun A
ch B
EC = M ha i xng
DC = Gii m i xng
Ks = Kha phin
Nguyn i Th
An ton Mng
150
Xc thc v bo mt ca PGP
Ngun A
Nguyn i Th
ch B
An ton Mng
151
Nn ca PGP
PGP nn thng bo s dng gii thut ZIP
K trc khi nn
Thun tin lu tr v kim tra, nu k sau khi nn th
Cn lu phin bn nn vi ch k, hoc
Cn nn li thng bo mi ln mun kim tra
Gii thut nn khng cho kt qu duy nht

Mi phin bn ci t c tc v t l nn khc nhau
Nu k sau khi nn th cc chng trnh PGP cn s dng
cng mt phin bn ca gii thut nn
M ha sau khi nn
t d liu s khin vic m ha nhanh hn
Thng bo nn kh ph m hn thng bo th
Nguyn i Th
An ton Mng
152
Tng thch th in t ca PGP

PGP bao gi cng phi gi d liu nh phn
Nhiu h thng th in t ch chp nhn vn
bn ASCII (cc k t c c)
Th in t vn ch cha vn bn c c
PGP dng gii thut c s 64 chuyn i d liu

nh phn sang cc k t ASCII c c
Mi 3 byte nh phn chuyn thnh 4 k t c c
Hiu ng ph ca vic chuyn i l kch thc

thng bo tng ln 33%
Nhng c thao tc nn b li
Nguyn i Th
An ton Mng
153
Bng chuyn i c s 64
Nguyn i Th
An ton Mng
154
Phn v ghp ca PGP

Cc giao thc th in t thng hn ch
di ti a ca thng bo
V d: thng l 50 KB
PGP phn thng bo qu ln thnh nhiu thng

bo nh
Vic phn on thng bo thc hin sau tt c
cc cng on khc
Bn nhn s ghp cc thng bo nh trc khi
thc hin cc cng on khc
Nguyn i Th
An ton Mng
155
Danh tnh kha PGP

Vi mt thng bo nht nh cn xc nh s
dng kha no trong nhiu kha cng khai /
kha ring
C th gi kha cng khai cng vi thng bo nhng
lng ph ng truyn khng cn thit
Gn cho mi kha mt danh tnh ring

Gm 64 bit bn phi ca kha
Xc sut cao l mi kha c mt danh tnh duy nht
S dng danh tnh kha trong ch k

Nguyn i Th
An ton Mng
156
Qun l kha PGP

Thay v da trn cc CA (c quan chng thc),
i vi PGP mi ngi dng l mt CA
C th chng thc cho nhng ngi dng quen bit
To nn mt mng li tin cy
Tin cc kha c chng thc
Mi kha c mt ch s tin cy
Ngi dng c th thu hi kha ca bn thn
Nguyn i Th
An ton Mng
157
S/MIME
Nng cp t chun khun dng th in t
MIME c thm tnh nng an ton thng tin
MIME khc phc nhng hn ch ca SMTP
(Simple Mail Transfer Protocol)
Khng truyn c file nh phn (chng trnh, nh,...)

Ch gi c cc k t ASCII 7 bit
Khng nhn thng bo vt qu kch thc cho php
...
S/MIME c xu hng tr thnh chun cng

nghip s dng trong thng mi v hnh chnh
PGP dng cho c nhn
Nguyn i Th
An ton Mng
158
Cc chc nng ca S/MIME

Bao bc d liu
M ha ni dung thng bo v cc kha lin quan
K d liu
Ch k s to thnh nh m ha thng tin tng hp
thng bo s dng kha ring ca ngi k
Thng bo v ch k s c chuyn i c s 64
K v nguyn d liu
Ch ch k s c chuyn i c s 64
K v bao bc d liu
Kt hp k v bao bc d liu
Nguyn i Th
An ton Mng
159
X l chng thc S/MIME

S/MIME s dng cc chng thc kha cng
khai theo X.509 v3
Phng thc qun l kha lai ghp gia cu
trc phn cp CA theo ng X.509 v mng li
tin cy ca PGP
Mi ngi dng c mt danh sch cc kha ca
bn thn, danh sch cc kha tin cy v danh
sch thu hi chng thc
Chng thc phi c k bi CA tin cy
Nguyn i Th
An ton Mng
160
Chng 7
AN TON IP
Nguyn i Th
An ton Mng
161
Gii thiu
L do cn IPSec
C nhng vn an ton cn gii quyt mc thp
hn tng ng dng
c bit cc hnh thc tn cng tng IP rt ph bin nh
gi mo IP, xem trm gi tin
An ton mc IP s m bo an ton cho tt c cc

ng dng
Bao gm nhiu ng dng cha c tnh nng an ton
Cc c ch an ton ca IPSec
Xc thc
Bo mt
Qun l kha
Nguyn i Th
An ton Mng
162
Cc ng dng ca IPSec
Xy dng mng ring o an ton trn Internet
Tit kim chi ph thit lp v qun l mng ring
Truy nhp t xa an ton thng qua Internet

Tit kim chi ph i li
Giao tip an ton vi cc i tc

m bo xc thc, bo mt v cung cp c ch trao
i kha
Tng cng an ton thng mi in t

H tr thm cho cc giao thc an ton c sn ca
cc ng dng Web v thng mi in t
Nguyn i Th
An ton Mng
163
Minh ha ng dng IPSec
Nguyn i Th
An ton Mng
164
ch li ca IPSec
Ti tng la hoc b nh tuyn, IPSec m
bo an ton cho mi lung thng tin vt bin
Ti tng la, IPSec ngn chn thm nhp tri
php t Internet vo
IPSec nm di tng giao vn, do vy trong
sut vi cc ng dng
IPSec c th trong sut vi ngi dng cui
IPSec c th p dng cho ngi dng n l
IPSec bo v an ton kin trc nh tuyn
Nguyn i Th
An ton Mng
165
Kin trc an ton IP

c t IPSec kh phc tp
nh ngha trong nhiu ti liu
Bao gm RFC 2401 (tng quan kin trc), RFC 2402
(m t m rng xc thc), RFC 2406 (m t m rng
m ha), RFC 2408 (c t kh nng trao i kha)
Cc ti liu khc c chia thnh 7 nhm
Vic h tr IPSec l bt buc i vi IPv6, ty

chn i vi IPv4
IPSec c ci t nh cc phn u m rng
sau phn u IP
Phn u m rng cho xc thc l AH
Phn u m rng cho m ha l ESP
Nguyn i Th
An ton Mng
166
Tng quan ti liu IPSec
Nguyn i Th
An ton Mng
167
Cc dch v IPSec
Bao gm
iu khin truy nhp

Ton vn phi kt ni
Xc thc ngun gc d liu
T chi cc gi tin lp
Mt hnh thc ca ton vn th t b phn
Bo mt (m ha)
Bo mt lung tin hu hn
S dng mt trong hai giao thc

Giao thc xc thc (ng vi AH)
Giao thc xc thc/m ha (ng vi ESP)
Nguyn i Th
An ton Mng
168
Cc lin kt an ton
Khi nim lin kt an ton (SA)
L quan h mt chiu gia bn gi v bn nhn, cho
bit cc dch v an ton i vi lung tin lu chuyn
Mi SA c xc nh duy nht bi 3 tham s

Ch mc cc tham s an ton (SPI)
a ch IP ch
nh danh giao thc an ton
Cc tham s khc lu trong CSDL SA (SAD)

S th t, cc thng tin AH v ESP, thi hn,...
CSDL chnh sch an ton (SPD) cho php iu

chnh mc p dng IPSec
Nguyn i Th
An ton Mng
169
Phn u xc thc
m bo ton vn v xc thc cc gi IP
Cho php mt h thng u cui hay mt thit b
mng xc thc ngi dng hoc ng dng
Trnh gi mo a ch
Chng li hnh thc tn cng lp li
S dng m xc thc thng bo

Bn gi v bn nhn phi c mt kha b mt
dng chung
Nguyn i Th
An ton Mng
170
Khun dng AH
Nguyn i Th
An ton Mng
171
Ch giao vn v ng hm
Nguyn i Th
An ton Mng
172
Phn u ESP
m bo bo mt ni dung v bo mt lung tin
hu hn
C th cung cp cc dch v xc thc ging nh
vi AH
Cho php s dng nhiu gii thut m ha,
phng thc m ha, v cch n khc nhau
DES, 3DES, RC5, IDEA, CAST,...
CBC,...
n cho trn kch thc khi, kch thc trng, che
du lu lng lung tin
Nguyn i Th
An ton Mng
173
Khun dng ESP
Nguyn i Th
An ton Mng
174
Giao vn v ng hm ESP
Ch giao vn ESP dng m ha v c th
c thm chc nng xc thc d liu IP
Ch m ha d liu khng m ha phn u
D b phn tch lu lng nhng hiu qu
p dng cho truyn ti gia hai im cui
Ch ng hm m ha ton b gi tin IP
Phi b xung phn u mi cho mi bc chuyn
p dng cho cc mng ring o, truyn ti thng qua
cu ni
Nguyn i Th
An ton Mng
175
Kt hp cc lin kt an ton
Mi SA ch c th ci t mt trong hai giao thc
AH v ESP
ci t c hai cn kt hp cc SA vi nhau
To thnh mt gi lin kt an ton
C th kt thc ti cc im cui khc nhau hoc
ging nhau
Kt hp theo 2 cch
Gn vi giao vn
To ng hm theo nhiu bc
Cn xem xt th t xc thc v m ha
Nguyn i Th
An ton Mng
176
V d kt hp cc SA
Nguyn i Th
An ton Mng
177
Qun l kha
C chc nng sn sinh v phn phi kha
Hai bn giao tip vi nhau ni chung cn 4 kha
Mi chiu cn 2 kha: 1 cho AH, 1 cho ESP
Hai ch qun l kha

Th cng
Qun tr h thng khai bo cc kha khi thit lp cu hnh
Thch hp vi cc mi trng nh v tng i tnh
T ng
Cho php to kha theo yu cu cho cc SA
Thch hp vi cc h phn tn ln c cu hnh lun thay i
Gm cc thnh phn Oakley v ISAKMP
Nguyn i Th
An ton Mng
178
Oakley
L mt giao thc trao i kha da trn gii
thut Diffie-Hellman
Bao gm mt s ci tin quan trng
S dng cookie ngn tn cng gy qu ti
Cookie cn ph thuc vo cc bn giao tip, khng th sinh
ra bi mt bn khc vi bn sinh cookie, c th sinh v kim
tra mt cch nhanh chng
H tr vic s dng cc nhm vi cc tham s DiffieHellman khc nhau

S dng cc gi tr nonce chng tn cng lp li
Xc thc cc trao i Diffie-Hellman chng tn
cng ngi gia
Nguyn i Th
An ton Mng
179
ISAKMP
Vit tt ca Internet Security Association and
Key Management Protocol
Cung cp mt c cu cho vic qun l kha
nh ngha cc th tc v cc khun dng thng
bo cho vic thit lp, tha thun, sa i, v
hy b cc lin kt an ton
c lp vi giao thc trao i kha, gii thut
m ha, v phng php xc thc
Nguyn i Th
An ton Mng
180
Cc khun dng ISAKMP
Nguyn i Th
An ton Mng
181
Chng 8
AN TON WEB
Nguyn i Th
An ton Mng
182
Vn an ton Web (1)

Web c s dng rng ri bi cc cng ty, t
chc, v cc c nhn
Cc vn c trng i vi an ton Web
Web d b tn cng theo c hai chiu
Tn cng Web server s gy tn hi n danh ting
v tin bc ca cng ty
Cc phn mm Web thng cha nhiu li an ton
Web server c th b khai thc lm cn c tn
cng vo h thng my tnh ca mt t chc
Ngi dng thiu cng c v kin thc i ph vi
cc him ha an ton
Nguyn i Th
An ton Mng
183
Vn an ton Web (2)

Cc him ha i vi an ton Web
Tnh ton vn
Tnh bo mt
T chi dch v
Xc thc
Cc bin php an ton Web
Nguyn i Th
An ton Mng
184
SSL
L mt dch v an ton tng giao vn
Do Netscape khi xng
Phin bn 3 c cng b di dng bn tho
Internet
Tr thnh chun TLS
Phin bn u tin ca TLS SSLv3.1 tng thch
ngc vi SSLv3
S dng TCP cung cp dch v an ton t

u cui ti u cui
Gm 2 tng giao thc
Nguyn i Th
An ton Mng
185
M hnh phn tng SSL
Nguyn i Th
An ton Mng
186
Kin trc SSL (1)

Kt ni SSL
Lin kt giao tip t im nt ti im nt

Mang tnh nht thi
Gn vi mt phin giao tc
Cc tham s xc nh trng thi kt ni
Cc s ngu nhin chn bi server v client

Kha MAC ca server
Kha MAC ca client
Kha m ha ca server
Kha m ha client
Cc vector khi to
Cc s th t
Nguyn i Th
An ton Mng
187
Kin trc SSL (2)

Phin SSL
Lin kt gia client v server

To lp nh giao thc bt tay
C th bao gm nhiu kt ni
Xc lp mt tp cc tham s an ton s dng bi tt
c cc kt ni trong phin giao tc
nh danh phin
Chng thc im nt
Phng php nn
c t m ha
Kha b mt ch
C c th tip tc hay khng
Nguyn i Th
An ton Mng
188
Giao thc bn ghi SSL

Cung cp cc dch v bo mt v xc thc
Kha b mt chung do giao thc bt tay xc lp
Nguyn i Th
An ton Mng
189
Khun dng bn ghi SSL
Nguyn i Th
An ton Mng
190
Giao thc i c t m ha SSL

Mt trong ba giao thc chuyn dng SSL s
dng giao thc bn ghi SSL
Ch gm mt thng bo cha mt byte d liu
c gi tr l 1
Khin cho trng thi treo tr thnh trng thi
hin thi
Cp nht c t m ha cho kt ni
Nguyn i Th
An ton Mng
191
Giao thc bo ng SSL

Dng chuyn ti cc bo ng lin quan n
SSL ti cc thc th im nt
Mi thng bo gm 2 byte
Byte th nht ch mc nghim trng
Cnh bo : c gi tr l 1
Tai ha : c gi tr l 2
Byte th hai ch ni dung bo ng

Tai ha : unexpected_message, bad_record_mac,
decompression_failure, handshake_failure, illegal_parameter
Cnh bo : close_notify, no_certificate, bad_certificate,
unsupported_certificate, certificate_revoked,
certificate_expired, certificate_unknown
Nguyn i Th
An ton Mng
192
Giao thc bt tay SSL

Cho php server v client
Xc thc ln nhau
Tha thun cc gii thut m ha v MAC
Tha thun cc kha mt m s c s dng
Gm mt chui cc thng bo trao i gia

client v server
Mi thng bo gm 3 trng
Kiu (1 byte)
di (3 byte)
Ni dung ( 0 byte)
Nguyn i Th
An ton Mng
193
TLS
L phin bn chun Internet ca SSL
M t trong RFC 2246 rt ging vi SSLv3
Mt s khc bit nh so vi SSLv3
S phin bn trong khun dng bn ghi SSL
S dng HMAC tnh MAC
S dng hm gi ngu nhin khai trin cc gi
tr b mt
C thm mt s m bo ng
Khng h tr Fortezza
Thay i trong trao i chng thc
Thay i trong vic s dng d liu m
Nguyn i Th
An ton Mng
194

Antoanmang

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Antoanmang

Uploaded by

Copyright:

Available Formats

I HC QUC GIA H NI

TRNG I HC CNG NGH

Khoa Cng ngh Thng tin

Ti liu tham kho

Sch tham kho ph

T khi c cc phng tin truyn thng v mng

An ton lin mng

Kin trc an ton OSI

Gi danh mt thc th khc

Theo RFC 2828

Cc dch v an ton X.800

iu khin truy nhp

M hnh an ton mng

M hnh an ton mng

M hnh an ton truy nhp mng

Knh truy nhp

M hnh an ton truy nhp mng

Cc h thng my tnh ng tin cy c th dng

L k thut m ha duy nht trc nhng nm 70

M ha kha cng khai (bt i xng)

Cng b chnh thc nm 1976

Mt s cch phn loi khc

Theo phng thc chuyn i

Kha b mt dng chung

Gii thut gii m

An ton ph thuc vo s b mt ca kha,

Thi gian tm kim trung bnh

Thi gian cn thit

231 s = 35,8 pht

Kha DES di 56 bit

Thi gian cn thit

An ton tnh ton

Thc t tha mn hai iu kin

V d : M ha "meet me after class" vi k = 3

Khai thc nhng nhc im ca gii thut

Pht minh bi Charles Wheatstone vo nm

Nu 2 ch ging nhau, tch ra bi 1 ch in thm

Tng c qun i Anh, M s dng rng ri

Kt hp 26 h Ceasar (bc dch chuyn 0 - 25)

The Modern Vigenre

Khai thc nhng nhc im ca gii thut

Vn c th s dng k thut thng k ph m

Vit cc ch ci theo hng vo 1 s ct nht nh

Ging nh thay th cc k t rt ln ( 64 bit)

an xen cc chc nng

Lu : Hp S c tnh thun nghch

Lu : Hp P c tnh thun nghch

Nguyn bn (2w bit)

Gii thut sinh m con

nh hng n ci t v phn tch

Ti mi vng kt qu u ra chnh l cc d liu

Gii thut m ha DES

Nguyn bn (64 bit)

giao hon thun

dch vng tri

dch vng tri

dch vng tri

Vn cn phi nhn bit c nguyn bn

di kha thc t l 168 bit

V sao 3 ln : trnh tn cng "gp nhau gia"

Chun m ha tin tin

Cc h m ha khi khc (1)

Khi 64 bit, kha 32-448 bit (ngm nh 128 bit), 16 vng

Cc h m ha khi khc (2)