M kho cng khai trong mng ring o (PKI v VPN)

http://www.kilobooks.com/threads/43862-m%C3%A3-h%C3%B3a-th%C3%B4ng-tin-thu%E1%BA %ADt-to%C3%A1n-b%C4%83m-MD5-thu%E1%BA%ADt-to%C3%A1n-m%C3%A3-h%C3%B3aRSA-v%C3%A0-ch%E1%BB%AF-k%C3%BD-%C4%91i%E1%BB%87n-t%E1%BB%AD-demolien-he-0905596940 => Ti liu n, cn np th mi dowload dc ti liu

Hin nay nhiu mng ring o (VPN) ang th hin s hn ch bi chnh h thng bo mt qu n gin. Trong bi ny chng ta s bn n mt s sa i cn thit c th p ng yu cu pht trin mt mng ring o ln v c tnh bo mt cao. a s cc mng ring o ngy nay ang c khai thc khng s dng s h tr ca c s h tng m kho cng khai (PKI). Cc im kt cui ca cc mng VPN ny (cc cng bo mt hoc cc my khch) nhn thc ln nhau thng qua thit lp cc "ng ngm" IP. Mt cch n gin nht, iu c th thc hin c thng qua vic thit t cu hnh ti c hai u ca ng ngm VPN cng chia s mt b mt chung - mt cp mt khu (password). Phng php gii quyt "th s" ny c th hot ng tt trong mt mng VPN nh nhng s tr nn kng knh, kh iu khin trong mt mng VPN ln khi s lng im truy nhp ln ti hng trm, thm ch hng ngn im. Hy so snh vi mt cu lc b nh, mi ngi u bit nhau v s lng ngi t v hu nh h quen bit nhau t trc. Khng c g kh khn trong vic ghi nh tn v nhn dng ca cc thnh vin trong mt nhm nh. Nhng vi mt cu lc b c hng trm thnh vin th chc chn cn phi c th hi vin. Cc thnh vin mi c th chng minh h l ai khi h xut trnh th hi vin. Vi "h tng" nh vy, hai ngi hon ton khng quen bit c th nhn dng v tin cy nhau n gin l v h tin vo th hi vin ca nhau. Tng t nh vy, hai u cui VPN c th nhn thc nhau thng qua giy chng nhn in t - Mt loi "th hi vin in t" khng th thiu trong cc mng VPN ln. Vy ti sao hin nay khng phi mng VPN ln no cng s dng chng nhn in t? Bi v vic trin khai mng ln khng ch i hi chng nhn in t m yu cu xy dng mt h tng hon thin bao gm: khi cung cp chng nhn in t, phng cch bo m khi to v phn phi chng, cch thc truy xut d dng xc nhn tnh hp l. Ni mt cch ngn gn, chnh l c s h tng m kho cng khai - PKI. Kho cng khai l g v tc dng? hiu c yu cu v cc i hi ca PKI, chng ta cn bit mt s kin thc s lc v kho mt m cng khai. H thng ny xy dng trn c s mt cp kho m c lin h ton hc vi nhau trong mt kho s dng m ho thng ip v ch c kho kia mi gii m c thng ip v ngc li. Khi chng ta c th cng khai ho mt kho trong cp kho ny. Nu ai cn gi cho chng ta cc thng ip bo m, h s c th s dng kho c cung cp cng khai ny m ho thng ip trc khi gi i v bi v chng ta gi b mt kho m cn li nn ch chng ta mi c th gii m c thng ip bo m . Cp kho ny cn dng xc nhn thng ip. Ngi gi s to mt on m bm (hash) ca thng ip - mt dng rt gn ca thng ip nguyn bn - vi mt s thut ton (v d nh MD5, SHA-1 ...). Ngi gi s m ho on m bm bng kho ring ca mnh v ngi nhn s dng kho cng khai ca ngi gi gii on m bm ca ngi gi, sau so snh

vi on m bm ca thng ip nhn c (c to bng cng mt thut ton). Nu trng nhau th ngi nhn c th tin rng thng ip nhn c khng b thay i trong qu trnh truyn ti trn mng v xut pht t ngi gi xc nh. Cch thc hin ny c gi l ch k in t. Nhng cn nhc li l chng ta yu cu khng ch ch k - chng ta cn mt th hi vin in t. Chnh v th m xut hin khi nim giy chng nhn in t. Mt chng nhn in t gn tn ca hi vin hay thit b vi mt cp kho, tng t nh th hi vin gn tn ca hi vin vi ch k v nh ca h. m bo giy chng nhn l hp l, chng ta thng yu cu giy chng nhn phi c cp do mt t chc tin cy. i vi giy chng nhn in t, t chc ny c gi l h thng cung cp chng nhn (CA-Certification Authority) Cc mng VPN s dng chng nhn in t nh th no? Khi ng ngm IP c khi to, cc im kt cui s nhn thc ln nhau thng qua chng nhn in t. V d cng bo mt X s t chng nhn v k (in t) thng ip bng kho m ring ca n. Cng bo mt Y s nhn chng nhn in t ca X v s dng kho cng khai ca X kim tra ch k in t. Nu ng th cng bo mt X c xc nhn v ch k in t ch c th c to ra bng kho m ring c gn lin vi chng nhn in t ca X. Ti sao giy chng nhn in t li c tnh m rng hn kiu chia s kho bo mt chung? R rng chng ta khng cn cn phi cung cp nhng cp m kho chia s cho mi cp thit b VPN. Mi thit b VPN ch cn mt giy chng nhn in t. V chng ta cng khng cn phi thit lp li cu hnh ca tt c cc im c ca VPN mi khi chng ta m thm mt im mi. Thay vo , chng ta c th chng nhn cho mi thit b thng qua h thng th mc cng cng - v d nh qua LDAP. Cao hn na, chng ta c th kt hp hai mng VPN sn c thng qua vic cng tc gia hai CA trong trao i c s d liu v trong vic pht hnh giy chng nhn. iu cng tng t nh vic cng nhn h chiu ca mt nc khc nh l mt giy chng minh hp l vy. Cng nh h chiu, mi giy chng nhn in t cng phi c thi hn hp l v c th b ni pht hnh thu hi khi cn thit. Xut trnh ch k in t lin quan n mt giy chng nhn in t khng hp l, khng tn ti hay b thu hi s dn n vic truy nhp khng thnh cng. Vn ny c th tr nn phc tp nu ngi kim tra (ni nhn) khng thng xuyn kim tra tnh trng hp l ca giy chng nhn ti ni pht hnh giy chng nhn (CA). Thm ch, nu vic kim tra c thc hin th c th danh sch cc giy chng nhn in t b thu hi cng "lc hu". Vy th cn phi kim tra cc danh sch ny hng thng, hng tun hay hng ngy, hng gi? l vn ca thc t khi p dng cc chnh sch bo mt ca mi nh qun tr mng c th. Cc thnh phn ca PKI VPN khng phi l dch v bo mt duy nht ng dng PKI. C rt nhiu yu cu bo mt khc c th c tho mn khi s dng PKI nh th bo mt (email-secured with S/MINE), cc giao dch bo mt ca Web (Web transaction secured with SSL) ... Cc yu cu c th khc nhau do tnh cht ca mi dch v hay ng dng, tt c u da trn mt "C s h tng m kho cng khai - PKI" bao gm cc thnh phn c bn nh Hnh 1- Xy dng m kho cng khai PKT Nn tng ca PKI l CA. CA pht hnh cc giy chng nhn in t. N c th thuc ring v mt doanh nghip hoc thuc mt t chc thuc bn ngoi cc doanh nghip (chuyn cung cp dch v trong lnh vc ny). Cc CA c th u nhim s tin cy cho nhau thng qua kin trc phn cp. CA gc (root CA) l CA cung cp trc tip cc giy chng nhn in t cho doanh nghip, CA ph thuc (subordinate CA) l CA c cng nhn gin tip thng qua mi lin h vi CA gc. CA gc c th mc nhin c cng nhn (i vi ni b doanh nghip). Cc CA ph thuc c cng nhn thng qua chng nhn ca CA gc v to nn chui cc CA u thc. Mi khi to ra mt giy chng nhn in t mi, mt cp kho m c pht ra cho mi thc th - thit b VPN, my ch Web, ngi s dng th in t ... Nhng thc th s gi cc kho ring (private key) dng to ra ch k in t. Cn kho cng khai (public key), tn ca thc th, tn ca CA pht hnh, tt c s c tp hp trong giy chng nhn in t, v tt c s c xc nhn thng qua ch k in t ca chnh CA. Vi mc ch trnh s khng cng nhn ca mi thc th, ch c chnh bn thn h mi c s dng n kho

bo mt ring. Vi cch lm nh vy, cc thc th khng th ph nhn c vic "k" tn vo thng ip v khng ai khc c th "k" nh vy c. Cng chnh v nguyn nhn nh vy, m kho ring ny cn c lu gi an ton. Khi m kho ny b l v mt nguyn nhn no , giy chng nhn in t cn phi c thu hi. thun tin trong vic phn pht, cc giy chng nhn thng c cng b qua h thng u nhim. tng kh nng truy xut, tm kim v an ton ca h thng, cc giy chng nhn trong cc h thng u nhim thng c cng b trong cc "th mc che ph nhiu tng" - (Multiple shadow directories). Do yu cu thit k v nhu cu thc t, c CA u cn phi c bo mt tt nn hai thnh phn ny thng c phn cch khng nhng theo logic m cn phi c phn cch c v tr vt l. Chc nng qun l c giao cho RA - Thnh phn cp quyn ng nhp (Registration Authorities). RA c nhim v qun tr vic ng k tn, khi to hoc lu tr cc cp kho m, xc nhn cc thc th trong giai on ng k, yu cu CA cp chng nhn, chuyn cc kho m n cc thc th, khi to hoc thu hi cc giy chng nhn in t. RA l mt c ch h tr CA rt hiu qu, v cng nh trng hp trn, do yu cu bo mt, RA v CA thng cng c phn cch nhau c v mt vt l v do cc nhm qun tr mng khc nhau chu trch nhim. l cc thnh phn cn bn ca mt h thng PKI. Ngoi ra, trong thc t c th c mt s thnh phn v dch v ph tr khc trong PKI hoc c lin quan n hot ng ca PKI cng nh khng phi mt h PKI no cng c cc thnh phn c bn nh trn. Chng ta cng c hai cch la chn trin khai PKI: S dng dch v t nh cung cp hoc t xy dng nn h thng ca mnh. S dng PKI t nh cung cp dch v Trn mng Internet c rt nhiu nh cung cp h tng PKI, nhng ngi s bn cc giy chng nhn in t. Di y l danh sch mt s nh cung cp nh vy. Cn nhc li l nu bn mun xy dng mt mng VPN s dng cng ngh nhn thc bng giy chng nhn in t th tt c cc thc th trong mng ca bn u cn c chng nhn v nu mng qu ln, chi ph mua giy chng nhn t nh cung cp s l khng nh. Sau cn xy dng cc chnh sch v qun tr, iu hnh v bo mt thch hp. Mt im cn ch khc l bn nn chn nh cung cp VPN c h tr cho thit b VPN ca bn. Xy dng h tng m kho cng khai ca ring bn Nu bn chn phng n PKI ring, di y l mt s sn phm c thng mi ho m bn c th tham kho c. Cc sn phm khc nhau s c cc c trng ring khc nhau, v iu quan trng nht cn phi hiu l vic mua mt sn phm phn mm h tr PKI ch l mt phn nh trong ton b chi ph xy dng mt h PKI. Nn chn mt nhm chuyn gia t vn xy dng chnh sch bo mt v kin trc ca PKI sao cho ph hp vi thc t v nhu cu pht trin trong tng lai. Hu ht cc cng ty cung cp k trn u c th gip bn trong cng vic hoch nh . Kt lun C s h tng m kho cng khai s ng vai tr quan trng trong vic xy dng thnh cng cc mng VPN ln. D cho bn l mt doanh nghip ang tm cch xy dng mng ring o VPN hay mt nh cung cp dch v ang tm cch cung cp dch v VPN cho khch hng ca mnh, by gi chnh l thi im nn bt u nghin cu p dng PKI. Cc sn phm v dch v ban u sn sng v bn c th bt u lm quen vi cng ngh ny. Chc rng hu ht trong chng ta s thy c s quan trng v hiu qu ca vic nghin cu, trin khai cng ngh ny. Nguyn c Kin (Trng i H tr VDC1)

Public Key Infrastructure (PKI) l mt c ch cho mt bn th ba (thng l nh cung cp chng thc s ) cung cp v xc thc nh danh cc bn tham gia vo qu trnh trao i thng tin. C ch ny cng cho php gn cho mi ngi s dng trong h thng mt cp public/private. Cc qu trnh ny thng c thc hin bi mt phn mm t ti trung tm v cc phn mm khc ti cc a im ca ngi dng. Kho cng khai thng c phn phi trong chng thc kha cng 3

khai hay Public Key Infrastructure. Khi nim h tng kho cng khai (PKI) thng c dng ch ton b h thng bao gm c nh cung cp chng thc s (CA) cng cc c ch lin quan ng thi vi ton b vic s dng cc thut ton m ho cng khai trong trao i thng tin. Tuy nhin phn sau c bao gm khng hon ton chnh xc bi v cc c ch trong PKI khng nht thit s dng cc thut ton m ho cng khai. 1.Cc thnh phn ca PKI PKIs da vo mt thit b mt m bo m cc kho cng khai c qun l an ton. Cc thit b ny khng hot ng cng lc c thc hin cc hm mng rng c lin quan n vic qun l phn phi kho, bao gm cc thnh phn sau: -chng thc v ng k mt m u cui -kim tra tnh ton vn ca kho cng khai -chng thc yu cu trong qu trnh bo qun cc kho cng khai -b mt cp pht kho cng cng -hu b kho cng khai khi n khng c gi tr di -duy tr vic thu hi cc thng tin v kho cng cng (CRL) v phn b thng tin (thng qua CRL cp pht hoc p ng n Online Certificate Status Protocol [OCSP] messages). -m bo an ton v ln ca kho. Public Keys Certificates : Mc tiu ca vic trao i kho bt i xng l pht mt cch an ton kho cng khai t ngi gi (m ho) n ngi nhn (gii m). PKI h tr to iu kin cho vic trao i kho an ton m bo xc thc cc bn trao i vi nhau. Public key Certificate c pht bi Certificate Authority(CA ). CA pht public key certificate cho p ng mt m u cui th u cui u tin phi ng k vi CA. Qu trnh ng k gm: s ng k, s kch hot, v s chng nhn ca mt m u cui vi PKI (CAs v RAs). Qu trnh ng k nh sau: omt m u cui ng k vi CA hoc RA. Trong qu trnh ng k, mt m u cui a ra cch nhn bit n CA. CA s xc thc u cui, pht public key n u cui . occ u cui bt u khi to phase bng cch to ra mt public/private keypair v public key ca keypair c chuyn n CA. oCA vit mt hiu ln public key certificate cng vi private key to mt public key certificate cho mt m u cui. oLc ny cc mt m u cui c th yu cu public key certificate t mt m u cui khc. Chng c th s dng CAs public key gii m public key certificate thu c kho thch hp. Registration Authorities: 4

Trong nhiu trng hp, CA s cung cp tt c cc dch v cn thit ca PKI qun l cc public key bn trong mng. Tuy nhin c nhiu trng hp CA c th u nhim lm cng vic ca RA. mt s chc nng m CA c th u nhim thay th cho RA nh: okim tra mt m u cui th ng k public key vi CA c private key m c dng kt hp vi public key. oPht public/private keypairs c dng khi to phase ca qu trnh ng k. oxc nhn cc thng s ca public key. opht gin tip cc certificate Revocation List (CRL). Certificate Authorities : CA dng cp pht chng nhn, xc thc PKI clients, v khi cn thit thu hi li chng nhn. CA i din cho ngun tin cy chnh ca PKI. V CA l yu t duy nht trong PKI m c th pht Public Key Certificates n cc mt m u cui. CA cng lun p ng cho vic duy tr CRL v phc v cc loi nh: CRL Issuer. PKI khng phi ch c 1 CA m PKI c th thit lp nhiu CAs. CAs gip thit lp cho vic nhn dng ca cc thc th giao tip vi nhau c ng n. CAs khng ch chng cho PKI client m cn cho nhng CAs khc bng cch cp pht nhng chng nhn s n chng. Nhng CAs chng nhn ln lt c th chng nhn cho nhng CAs khc cho n khi mi thc th c th u nhim cho nhng thc th khc c lin quan trong qu trnh giao dch. 2.Mc tiu v cc chc nng ca PKI PKI cho php nhng ngi tham gia xc thc ln nhau v s dng cc thng tin t cc chng thc kho cng khai mt m ho v gii m thng tin trong qu trnh trao i. PKI cho php cc giao dch in t c din ra m bo tnh b mt, ton v v xc thc ln nhau m khng cn trao i cc thng tin bo mt t trc. Mc tiu chnh ca PKI l cung cp kho cng khai v xc nh mi lin h gia kho v nh dng ngi dng. Nh vy, ngi dng c th s dng trong mt s ng dng nh : -M ho Email hoc xc thc ngi gi Email -M ho hoc chng thc vn bn -Xc thc ngi dng ng dng -Cc giao thc truyn thng an ton : trao i bng kho bt i xng, m ho bng kho i xng. PKI bao gm cc thnh phn sau y: -Pht sinh mt cp kho ring v kho chung cho PKI client -To v xc nhn ch k in t 5

-cp pht chng nho ngi dng -nh du nhng kho cp pht v bo tr qu trnh s dng ca mi kho -Hy b nhng ng k sai v ht hn -Xc nhn PKI client 3.Mc ch ca PKI PKIc s dng vi cc mc ch : -M ho: gi b mt thng tin v ch c ngi c kho b mt mi gii m c. -To ch k s : cho php kim tra mt vn bn c phi c to vi mt kho b mt no hay khng. -Tho thun kho: cho php thit lp kho dng trao i thng tin bo mt gia 2 bn.
H TNG M KHA CNG KHAI V NG DNG Vi xu th hi nhp cng vi s pht trin khng ngng ca ngnh Cng ngh thng tin nh: Internet, cc chng trnh ng dng, cc cng c x l multimedia mang li nhiu thun li trong vic lu tr d liu, trao i thng tin, sao chp d liu v.vTuy nhin, bn cnh cc iu kin thun li , s pht trin ny cng to ra nhiu th thch trong vn tm ra gii php bo mt d liu, qua chng nhn quyn s hu thng tin ca cc n v, c nhn trong qu trnh trao i thng tin. Ni dung bi bo s trnh by cc khi nim, m hnh, phn tch u, khuyt im ca h m kho cng khai v gii php an ton cho h thng thng tin da trn cu trc h tng m kho cng cng (PKI - Public Key Infrastructure). I. t vn Trong th k ny giy khng cn l phng tin duy nht chng nhn tho thun gia cc i tc. Ti nhiu nc, cc tho thun thng qua h thng thng tin in t gia cc bn c hp php ho v c gi tr tng ng vi cc tho thun thng thng mang tnh php l. S kin ny nh du mt bc nhy vt bi cc d n v h thng chnh ph in t, thng mi in t ca cc Quc gia v Doanh nghip. Tuy nhin cho n nay cc d n ny vn cha c trin khai rng ri, do nhiu nguyn nhn khc nhau. Mt trong nhng nguyn nhn quan trng l ngi dng vn lun cm thy khng an ton khi s dng h thng. Chng hn khi gi mt mu tin c th l: vn bn, ging ni, hnh nh, phim video Ngi nhn c quyn nghi ng: thng tin c phi l ca i tc khng, n c b ai xm phm, v nhng ngi khc c th gii m n c Nhng th thch ny thu ht s ch ca nhiu nh khoa hc trong lnh vc nghin cu bo mt thng tin. II. Cc khi nim Bo mt thng tin l khoa hc nghin cu cc nguyn l v phng php cho php m ho thng tin sao cho ch ngi c kho gii m (b mt) mi c th gii hiu uc thng tin gc.[1] V d: Nu mt ngi bn gi cho ti mt mt m bt u bng "ULFW NZFXZ", da vo kho c ti d dng gii m c thng tin "DEAR THANH" v ch U thay ch D, ch L thay ch E, ch F thay ch A...

Trong bo mt thng tin hai vn cn nghin cu v mt nguyn l ln phng php l: Bo mt (Encryption): Nhm ngn cn khng cho ngi l trch chn thng tin t cc thng ip c gi trn cc knh truyn ph bin. Chng thc (CA Certification Authorit): Nhm m bo ch c ngi nhn ng mi c th c thng ip, ng thi ngi gi khng th ph nhn thng ip mnh gi. C th chia cc h m thnh 2 loi chnh: 1. H m kho b mt: Qu trnh m ho v gii m u s dng mt kho gi l kho b mt, hay cn gi l h m i xng. Trong qu trnh trao i thng tin gia A vi B nu dng h m kho b mt ek. Th A ngi gi s m ho thng ip ca h bng ek ny. V pha B ngi nhn, sau khi nhn thng ip th gii m thng ip cng bng kho ek. Nh vy mt ngi khc nh cp uc kho ek th h s c th gii m v xem c ni dung thng ip ca ngi gi. in hnh thut ton kha b mt l m ho khi vi n Byte u vo thnh mt khi Byte u ra, cc phng php m ho khi c a vo ng dng nh: RC2 (8Byte), DES (8Byte), TRIPPLE DES (24 Byte), RIJINDAEL (32 Byte),thut ton m ho b mt c tc nhanh hn so vi h m kho cng khai. 2. H m kho cng khai: Qu trnh m ho s dng mt kho c th cng khai v khi gii m th s dng mt kho khc. V s sng 1 cp kho trong c mt kho c th c cng b nn gi l h kho cng khai, hay cn gi l h phi i xng.Thc cht h m kho cng khai s dng 2 kho c lin quan vi nhau: - Kho cng khai (Public key) c s dng m ho nhng thng tin m bn mun chia s vi bt c ai. Chnh v vy bn c th t do phn pht n cho bt c ai m bn cn chia s thng tin dng m ho. - Kho ring (Private key) kho ny thuc s hu ring t ca ngi c cp v n c s dng gii m thng tin. III. Nguyn l v m hnh hot ng Nguyn l hot ng ca h m ho cng cng do cc ng Whitfield Diffie v Martin Hellman ngh vo ra nm 1977. Khi hai bn trao i thng tin phi bit kho cng khai (ek) ca nhau. Vic bit kho cng khai (ek) khng cho php tnh ra c kho ring (dk). Nh vy trong h thng mi c th k khi ng k vo h thng c cp 1 cp kha (ek,dk). Trong ek l cha kha lp m, dk l cha kho gii m [2]. M hnh hot ng khi bn A mun gi cho bn B mt vn bn m (hnh 1) th Bn A phi dng kho cng khai ca bn B m ho thng tin, vn bn m ha c k hiu l T= ek(m). Khi bn B nhn c th dng kho ring dk (ca cp ek, dk) gii m khi : dk(T)= dk(ek(m))= m. Nh vy c th nhiu c nhn C, D... cng thc hin giao dch v c kho cng khai ca B, nhng C,D... khng th gii m c m v khng c kho dk d cho chn bt c cc gi thng tin gi i trn mng.[2] Thc ra m hnh ny s dng trong thc t giao dch l s dng chng minh nhn dn nhn qu, tin hoc hng qua bu in, kho cng khai ng vai tr nh: Tn trn giy chng minh th, cn kho c nhn l nh v du vn tay. Nu xem bu phm l thng tin truyn i, c "m ho" bi tn ngi nhn, d c dng chng minh th nht c vn khng c nhn vin bu cc giao bu kin v nh mt v du vn tay khng ging.

IV. Ch k in t vi h m kha cng khai Trong cc giao dch thng qua phng tin in t, cc yu cu v c trng ca ch k tay c th p ng bng hnh thc ch k in t. Ch k in t (Digital Signatures) khng phi l nt v ngon ngo m l mt dy s c to nn bng cc php m ho. Ch k in t tr thnh mt thnh t quan trng trong vn bn in t. Mt trong nhng vn cp thit t ra l v mt cng ngh v php l th ch k in t phi p ng c s an ton v th hin ch r rng ca cc bn v thng tin cha ng trong vn bn in t.

Hnh 1: M hnh m ha vn bn theo h m kho cng khai Vi kh nng bo mt cao ca h m kho cng khai n c ng dng trong vic m ho to ra ch k in t. Nh vy ch k in t c lu tr di dng tp tin v c gi km vi cc vn bn hoc cc thng ip. N xc nhn vn bn, thng ip trn cc h thng thng tin in t thc s c gi bi chnh ngi gi m khng phi l do mt k khc gi mo. H m ho cng khai pht trin thnh chun cng nghip, c chia thnh 3 loi da trn 3 thut ton:[5] Phn tch tha s nguyn t (IFP - Integer Factorization Problem) Logarit ri rc (DLP Discrete Logarithm Problem) Logarit trn ng cong Elip (ECC Elliptic Curve Cryptography) cc thut ton trn c a vo ng dng cho ch k in t v thng mi ho bng cc sn phm nh: H thng RSA (vit tt t 3 nh ton hc Rivest, Shamir v Adleman ging dy ti MIT) da trn thut ton IFP, h thng DSA (Digital Signature Algorithm) da trn thut ton DLP c a vo ng dng rng ri trong cng tc: chuyn tin in t, th in t, phn phi phn mm, h thng ECDSA (Elliptic Curve Digital Signature Algorithm) da trn thut ton ECC, do c kch thc kho nh nn c a vo ng dng m ho cho cc mng khng dy, thit b cm tay, in thoi, my nhn tin V. Cc ng dng h RSA trong ch k in t

Vic ng dng h RSA trong cng tc m ho ch k in t c nhiu chng trnh ng dng nh : 1. PGP (Pretty Good Privacy) for Personal Privacy 9.0: y l phn mm Freeware, phin bn mi nht phn mm PGP Desktop for Windows do Phil Zimmerman pht trin c nhiu ci tin ln so vi nhng n bn PGP trc y. Chng trnh chuyn i mi ti liu sang dng c m ha truyn i trn mng Internet. Ngoi vic cung cp bo mt nhm chng li vic xem ln ni dung, mt vn bn c m ha cng c th l bng chng xc bo cho ngi nhn bit rng ngi gi ti liu l ngi gi thc. PGP 9.0 rt d dng do n t ng a nhng chc nng c bn ca chng trnh vo thc n ca cc chng trnh th in t (PGPmail), x l vn bn (PGPKey), bo v d liu trn a (PGPdisk). Khng ging nh nhng phin bn trc y, bn khng cn phi dng lai v chy ton b ng dng PGP. Chc nng bn trong bo m tnh bo mt PGP chnh l Kha m cng khai (Public Key Cryptography). Bao gi ngi dng cng to ra hai kha, mt l kha cng khai v th hai l kha ring. PGP 9.0 gip n gin ha qu trnh ny bng cch hng dn ngi dng i tng bc mt. Qun l nhng kha ny l mt phn quan trng ca h thng PGP. Tt nhin s c ngi lo lng liu cc kha cng khai chng ta ang gi c phi l kha tht t cc ch nhn chnh thc khng. PGP s hin th cho thy nhng kha no thuc quyn s hu ca ngi s dng c xc thc. Ngi s dng c th download ti a ch: http://www.pcworld.com.vn/pcworld/info/download//PGP810-PF-W.zip m ngun cc phin bn trc c th tham kho trn a ch: www.delphicity.net/catalogue/libraries/encodedecode 2. Phn mm Digital Signature: y l chng trnh ca nhm tc gi Phm Huy in v inh Hu Ton cng tc ti Vin Ton thuc Vin Khoa hc v Cng ngh Vit Nam. Phn mm ny c ng gi di 2 dng Plugins trong MS Word (Hnh 2) v phin bn dnh cho cc ng dng khc trn mi trng Windows

Hnh 2: Plugins ca Digital Signature trn MS Word

Hnh 3: Digital Signature cho cc vn bn khc VI. Kt lun Vic ng dng tin hc vo cc hot ng ca chnh quyn, mang mt ngha ht sc quan trng khi chng ta ang y mnh cng tc ci cch hnh chnh, tng bc xy dng h thng thng tin ly ngi dn lm i tng phc v vi nhiu dch v nh: ng k kinh doanh, trao i vn bn, thanh ton in t... Tuy nhin cc h thng hin ti cn phi bo m tin cy, to s an tm cho ngi dng khi s dng h thng. Bn cnh cc gii php cho vn bo mt ngy cng pht trin th cng xut hin nhiu dng tn cng khc nhau v ngy cng tinh vi hn. Do , vn lm sao a ra mt gii php hiu qu theo thi gian. C s h tng m kho cng cng s ng vai tr quan trng, trong cng tc bo mt ca cc h thng thng tin in t. Tuy nhin vic ng dng ch k s v dch v chng thc in t, theo cng ngh h tng kho cng khai (PKI) cha c trin khai rng ri, trong cc h thng trao i thng tin cc c quan v Doanh nghip, v cha c khung php l r rng. Chnh ph v cc b ngnh ang tng bc xy dng v c th ho lut giao dch in t. Thng 3/2002 Chnh ph c quyt nh s 44/2002/Q-TTg v chp nhn ch k in t trong thanh ton lin ngn hng do Ngn hng Nh nc Vit nam ngh, ngy 7/12/2004 va qua, B Bu chnh, Vin thng t chc Hi tho quc gia ly kin ng gp ca cc b ngnh, cc chuyn gia cho d tho Ngh nh Ch k s v dch v chng thc in t.
1. Khi nim m ha v gii m

Mt m v bo mt trong h thng vin thng l mt lnh vc c nhiu thut ng c th lm cho

10

nhiu ngi "ng ngc": nh "hash function", "one-time pad" hay Rijndael... Thread ny nhm gii thch cc khi nim thng dng trong ngnh mt m hc (cryptography) vi hy vng c th gip ch cho nhng ai mong mun tm hiu v lnh vc ny. Trc tin mt m hc (crypto) l mt ngh thut nhm giu thng tin, bng cch chuyn i (encrypt) thng tin thnh dng thng tin khng c c (cipher text). Ch c nhng ngi gi cha kha (key) b mt mi c th gii m (decrypt) thng tin thnh dng thng tin c th hiu c (plain text). Thng tin i khi b gii m m khng cn bit kha b mt. Ngnh hc nghin cu v vic b kha (attack/crack/hack) ny cn gi l cryptanalysis. (Xem hnh 1)

Hnh 1: S m ha v gii m Cryptosystem (vit tt ca cryptographic system): h thng m ha thng tin, c th l phn mm nh PGP, Ax-Crypt, Truecrypt... giao thc nh SSL, IPsec dng trong Internet... hay n gin l mt thut ton nh DES. Encrypt (encipher, encryption): m ha l qu trnh bin i thng tin t dng ban u c th hiu c thnh dng khng th hiu c, vi mc ch gi b mt thng tin . Decrypt (decipher, decryption): gii m l qu trnh ngc li vi m ha, khi phc li thng tin ban u t thng tin c m ha. Plain text/message: l d liu gc (cha c m ha). Cipher text/message: l d liu c m ha. Cipher (hay cypher): l thut ton dng thc hin qu trnh m ha hay gii m. Trong khun kh bi vit ny gi tt l thut ton. Key: l cha kha chnh l thng tin dng cho qui trnh m ha v gii m.
2. Cc nguyn l c bn ca qu trnh bo mt v m ha :

Tnh b mt (confidentiality/privacy): tnh cht ny m bo thng tin ch c hiu bi nhng ai bit cha kha b mt.

11

 Tnh ton vn (integrity): tnh cht ny m bo thng tin khng th b thay i m khng b pht hin. Tnh cht ny khng m bo thng tin khng b thay i, nhng mt khi n b nghe ln hoc thay i th ngi nhn c thng tin c th bit c l thng tin b nghe ln hoc thay i. Cc hm mt chiu (one-way function) nh MD5, SHA-1, MAC...c dng m bo tnh ton vn cho thng tin. Tnh xc thc (authentication): ngi gi (hoc ngi nhn) c th chng minh ng h. Ngi ta c th dng mt password, mt challenge da trn mt thut ton m ha hoc mt b mt chia s gia hai ngi xc thc. S xc thc ny c th thc hin mt chiu (one-way) hoc hai chiu (multual authentication). Tnh khng chi b (non-repudiation): ngi gi hoc nhn sau ny khng th chi b vic gi hoc nhn thng tin. Thng thng iu ny c thc hin thng qua mt ch k in t (electronic signature). Tnh nhn dng (identification): ngi dng ca mt h thng, mt ti nguyn s hu mt chng minh th (identity) nh l mt cha kha ban u (primary key). identity ny s xc nh nhng chc nng ca ngi dng, gii hn cho php ca ngi dng cng nh cc thuc tnh lin quan (thng gi chung l credential). Identity c th l login, du vn tay, ADN, gin vng mc mt, m thanh... Trong bo mt c mt iu quan trng cn lu l s tin tng ln nhau. chia s b mt b mt cho mt ngi, th phi tin tng vo kh nng duy tr b mt ca ngi . Chng hn, chng ta tin tng hon ton vo i tng m to ra kha ring (private key). S tin tng l mt mi quan h khng c tnh cht c trng: - Tnh i xng: Ti tin tng vo ng bc s, nhng liu ng bc s c tin tng ti khng? - Tnh bt cu: Ti tin tng vo anh A, anh A tin tng vo v anh y (ch B). iu khng c ngha l ti tin tng vo ch B. - Tnh phn x: Ti c tin tng vo chnh mnh khng? (khng phi trong tt c cc lnh vc )
3. Khi nim v cha kho

Password: mt khu, l mt hay nhiu t m ngi dng phi bit c cp quyn truy cp. Trong thc t, mt khu do ngi dng to ra thng khng an ton c dng trc tip trong thut ton. V vy, trong bt c h thng m ha d liu nghim tc no cng phi c bc chuyn i mt khu ban u thnh cha kha c an ton thch hp. Bc to cha kha ny thng c gi l key derivation, key stretching hay key initialization. Key Derivation Function: l mt hm hash (s gii thch r hn phn sau) c thit k sao cho cha an ton hn i vi tn cng kiu brute-force hay c in. Hm ny c thc hin li nhiu ln trn mt khu ban u cng vi mt s ngu nhin to ra mt cha kha c an ton cao hn. S ngu nhin ny gi l salt, cn s ln lp li l iteration. V d mt mt khu l "pandoras B0x", cng vi salt l "230391827", i qua hm hash SHA-1 1000 ln cho kt qu l mt cha kha c di 160 bit nh sau:

12

3BD454A72E0E7CD6959DE0580E3C19F51601C359 (th hin di dng s thp lc phn). Keylength (Keysize): di (hay ln) ca cha kha. Ni mt cha kha c di 128 bit c ngha cha l mt s nh phn c di 128 ch s. Mt thut ton c cha kha cng di th cng c nhiu kh nng chng li tn cng kiu brute-force. Brute-force attack (exhaustive key search): phng php tn cng bng cch th tt c nhng cha kha c th c. y l phng php tn cng th s nht v cng kh khn nht. Theo l thuyt, tt c cc thut ton hin i u c th b nh bi bi brute-force nhng trong thc tin vic ny ch c th thc hin c trong thi gian di. V th c th coi mt thut ton l an ton nu nh khng cn cch no khc tn cng n d hn l brute-force. Ngoi ra chng li tn cng ny, cha kha b mt c thay i mt cch thng xuyn hn.

#3 OFFLINE
Tch cc

giangth

Thnh Vin 476 Bi vit Tin mt: 476 HTD

Gi lc 08:07PM, 27-05-2010
4. Thut ton m ha

a. C in(ci ny ngy nay vn hay dng trong tr chi tm mt th). Substitution: thay th phng php m ha trong tng k t (hoc tng nhm k t) ca vn bn ban u c thay th bng mt (hay mt nhm) k t khc. Tuy khng cn c s dng nhng tng ca phng php ny vn c tip tc trong nhng thut ton hin i Transposition: hon v phng php m ha trong cc k t trong vn bn ban u ch thay i v tr cho nhau cn bn thn cc k t khng h b bin i. b.Hin i b.1. Symmetric cryptography: m ha i xng, tc l c hai qu trnh m ha v gii m u dng mt cha kha. m bo tnh an ton, cha kha ny phi c gi b mt. V th cc

13

thut ton loi ny cn c tn gi khc l secret key cryptography (hay private key cryptography), tc l thut ton m ha dng cha kha ring (hay b mt). Cc thut ton loi ny l tng cho mc ch m ha d liu ca c nhn hay t chc n l nhng bc l hn ch khi thng tin phi c chia s vi mt bn th hai. Gi s nu Alice ch gi thng ip m ha cho Bob m khng h bo trc v thut ton s dng, Bob s chng hiu Alice mun ni g. V th bt buc Alice phi thng bo cho Bob v cha kha v thut ton s dng ti mt thi im no trc y. Alice c th lm iu ny mt cch trc tip (mt i mt) hay gin tip (gi qua email, tin nhn...). iu ny dn ti kh nng b ngi th ba xem trm cha kha v c th gii m c thng ip Alice m ha gi cho Bob.

Hnh 2: Thut ton m ha i xng Bob v Alice c cng mt kha K_{A-B}. Kha ny c xy dng sao cho m=K_{A-B} (K_{A-B}(m)). M ha i xng c th phn thnh hai nhm ph: - Block ciphers: thut ton khi trong tng khi d liu trong vn bn ban u c thay th bng mt khi d liu khc c cng di. di mi khi gi l block size, thng c tnh bng n v bit. V d thut ton 3-Way c kch thc khi bng 96 bit. Mt s thut ton khi thng dng l: DES, 3DES, RC5, RC6, 3-Way, CAST, Camelia, Blowfish, MARS, Serpent, Twofish, GOST... - Stream ciphers: thut ton dng trong d liu u vo c m ha tng bit mt. Cc thut ton dng c tc nhanh hn cc thut ton khi, c dng khi khi lng d liu cn m ha cha c bit trc, v d trong kt ni khng dy. C th coi thut ton dng l thut ton khi vi kch thc mi khi l 1 bit. Mt s thut ton dng thng dng: RC4, A5/1, A5/2, Chameleon b.2. Asymmetric cryptography: m ha bt i xng, s dng mt cp cha kha c lin quan vi nhau v mt ton hc, mt cha cng khai dng m ho (public key) v mt cha b mt dng gii m (private key). Mt thng ip sau khi c m ha bi cha cng khai s ch c th c gii m vi cha b mt tng ng. Do cc thut ton loi ny s dng mt cha kha cng khai (khng b mt) nn cn c tn gi khc l public-key cryptography (thut ton m ha dng cha kha cng khai). Mt s thut ton bt i xng thng dng l : RSA, Elliptic Curve, ElGamal, Diffie Hellman...

14

Quay li vi Alice v Bob, nu Alice mun gi mt thng ip b mt ti Bob, c ta s tm cha cng khai ca Bob. Sau khi kim tra chc chn cha kha chnh l ca Bob ch khng ca ai khc (thng qua chng ch in t digital certificate), Alice dng n m ha thng ip ca mnh v gi ti Bob. Khi Bob nhn c bc thng ip m ha anh ta s dng cha b mt ca mnh gii m n. Nu gii m thnh cng th bc thng ip ng l dnh cho Bob. Alice v Bob trong trng hp ny c th l hai ngi cha tng quen bit. Mt h thng nh vy cho php hai ngi thc hin c giao dch trong khi khng chia s trc mt thng tin b mt no c.

Hnh 3: Thut ton m ha bt i xng Trong v d trn ta thy kha public v kha private phi p ng m=K^-_B(K^+_B(m)) v t kha public K^+_B ngi ta khng th tm ra c kha private. Mt trong nhng hn ch ca cc thut ton m ha bt i xng l tc chm, do trong thc t ngi ta thng s dng mt h thng lai tp trong d liu c m ha bi mt thut ton i xng, ch c cha dng thc hin vic m ha ny mi c m ha bng thut ton bt i xng. Hay ni mt cch khc l ngi ta dng thut ton bt i xng chia s cha kha b mt ri sau dng thut ton i xng vi cha kha b mt trn truyn thng tin.
5. Mt s thut ton ni ting

a. One-time Pad (OTP): OTP xut hin t u th k 20 v cn c tn gi khc l Vernam Cipher, OTP c mnh danh l ci chn thnh ca ngnh m ha d liu. OTP l thut ton duy nht chng minh c v l thuyt l khng th ph c ngay c vi ti nguyn v tn (tc l c th chng li kiu tn cng brute-force). c th t c mc bo mt ca OTP, tt c nhng iu kin sau phi c tha mn: - di ca cha kha phi ng bng di vn bn cn m ha. - Cha kha ch c dng mt ln.

15

- Cha kha phi l mt s ngu nhin thc. Mi nghe qua c v n gin nhng trong thc t nhng iu kin ny kh c th tha mn c. Gi s Alice mun m ha ch 10MB d liu bng OTP, c ta phi cn mt cha kha c di 10MB. to ra mt s ngu nhin ln nh vy Alice cn mt b to s ngu nhin thc (TRNG - True Random Number Generator). Cc thit b ny s dng ngun ngu nhin vt l nh s phn r ht nhn hay bc x nn v tr. Hn na vic lu tr, chuyn giao v bo v mt cha kha nh vy cng ht sc kh khn. D dng hn, Alice cng c th dng mt b to s ngu nhin o (PRNG - Pseudo Random Number Generator) nhng khi mc bo mt gim xung gn bng zero hay cng lm ch tng ng vi mt thut ton dng nh RC4 m thi. Do c nhng kh khn nh vy nn vic s dng OTP trong thc t l khng kh thi. b. DES (Data Encryption Standard). DES l mt thut ton khi vi kch thc khi 64 bit v kch thc cha 56 bit. Tin thn ca n l Lucifer, mt thut ton do IBM pht trin. Cui nm 1976, DES c chn lm chun m ha d liu ca nc M, sau c s dng rng ri trn ton th gii. DES cng vi m ha bt i xng m ra mt thi k mi cho ngnh m ha thng tin. Trc DES, vic nghin cu v s dng m ha d liu ch gii hn trong chnh ph v qun i. T khi c DES, cc sn phm s dng n trn ngp th trng. ng thi, vic nghin cu m ha thng tin cng khng cn l b mt na m tr thnh mt ngnh khoa hc my tnh bnh thng. Trong khong 20 nm sau , DES tri qua nhiu kho st, phn tch k lng v c cng nhn l an ton i vi cc dng tn cng (tt nhin, ngoi tr brute-force). Di y l hnh minh ha 16 bc thc hin m ha DES.

16

Hnh 4: 16 bc trong qu trnh m ha bng DES c. AES (Advance Encryption Standard) Thng 12 nm 1997, vin tiu chun v cng ngh M (NIST National Institute of Standard and Technology) ku gi pht trin mt thut ton mi thay th cho 3DES (mt bin th an ton hn ca DES vi cha kha di 112 bit). Thut ton c chn phi l thut ton khi c kch thc khi l 128 bit, h tr cha kha c kch thc 128 bit, 192 bit v 256 bit. 15 thut ton c gi n t nhiu ni trn th gii, 5 thut ton lt vo vng hai: Rijndael, Twofish, Serpent, RC6 v MARS. Thng 11 nm 2001, Rijndael uc chn lm AES (mt phn nh c tc nhanh hn so vi cc i th), chnh thc thay th DES trong vai tr chun m ha d liu. AES ngay nay c s dng rng ri v d trong 802.11i (xem thm thng tin lung ny) d. RSA: l mt thut ton m ha bt i xng c s dng rt rng ri trong giao dch in t.

17

Ci tn RSA c ngun gc t ba ch ci u ca tn ba ngi ng thit k ra n: Ronald Rivest, Adi Shamir v Leonard Adleman.

#4 OFFLINE
K.I.S.S

c PC

Thnh Vin 1048 Bi vit Tin mt: 44 HTD

Gi lc 08:17PM, 27-05-2010 i ci bi em ang cn y ri.cm n anh Giang nha,em ang tm kim ti liu nghin cu v cc thut ton m ha,m tm c my cun nhng kh hiu qu.c bi ca anh hay v em thy c phn no d tip thu lm.em cm n anh nha. NG PHC THI TRANG
SPU FASHION Chuyn sn xut o phng ng phc,o i,o t sng to Mobile: 094.685.1538 - 0972.527.029 website: www.dongphucthoitrang.vn

#5 OFFLINE
Tch cc

giangth

18

Thnh Vin 476 Bi vit Tin mt: 476 HTD

Gi lc 12:23PM, 28-05-2010
6. Hm hash

Hm hash (hash function) l hm mt chiu m nu a mt lng d liu bt k qua hm ny s cho ra mt chui c di c nh u ra. V d, t "Illuminatus" i qua hm SHA-1 cho kt qu E783A3AE2ACDD7DBA5E1FA0269CBC58D. Ta ch cn i "Illuminatus" thnh "Illuminati" (chuyn "us" thnh "i") kt qu s tr nn hon ton khc (nhng vn c di c nh l 160 bit) A766F44DDEA5CACC3323CE3E7D73AE82. Hai tnh cht quan trng ca hm ny l: Tnh mt chiu: khng th suy ra d liu ban u t kt qu, iu ny tng t nh vic bn khng th ch da vo mt du vn tay l m suy ra ai l ch ca n c. Tnh duy nht: xc sut c mt v va chm (hash collision), tc l hai thng ip khc nhau c cng mt kt qu hash, l cc k nh. Mt s ng dng ca hm hash: Chng v pht hin xm nhp: chng trnh chng xm nhp so snh gi tr hash ca mt file vi gi tr trc kim tra xem file c b ai thay i hay khng. Bo v tnh ton vn ca thng ip c gi qua mng bng cch kim tra gi tr hash ca thng ip trc v sau khi gi nhm pht hin nhng thay i cho d l nh nht. To cha kha t mt khu. To ch k in t. SHA-1 v MD5 l hai hm hash thng dng nht v c s dng trong rt nhiu h thng bo mt. Vo thng 8 nm 2004, ti hi ngh Crypto 2004, ngi ta tm thy va chm i vi MD5 v SHA-0, mt phin bn yu hn ca hm hash SHA-1. Khng bao lu sau , vo khong gia thng 2 nm 2005, mt nhm ba nh mt m hc ngi Trung Quc pht hin ra mt phng php c th tm thy va chm i vi SHA-1 ch trong vng 269 bc tnh ton (tc

19

l c th nhanh hn brute-force vi nghn ln). Ngi dng bnh thng cng khng cn phi hong s trc nhng pht hin ny bi v t nht phi mt vi nm na ngi ta mi c kh nng mang nhng kt qu vo trong thc t. Tuy vy, cc chuyn gia vn khuyn nn bt u chuyn sang cc hm hash an ton hn nh SHA256, SHA-384 hay SHA-512.
7. Cch to ra kha public v private trong RSA

Phn ny s trnh by s qua nguyn l to kha cng khai v b mt trong cch m ha RSA da trn l thuyt cc s nguyn t. Trc tin xin nhc li cc c tnh ca m ha cng khai l (public key crypto): - C 2 loi kha l kha cng khai (public) v kha b mt (private). Kha cng khai th c th cng khai cho mi ngi, cn kha b mt th ch c ngi to ra n c bit. - Thng tin c m ho bng kha cng khai th ch c th gii m bng kho b mt. - Thng tin c m ha bng kha b mt th ch c th gii m bng kha cng khai. Cc bc to kha cng khai v b mt 1. Dng 2 s nguyn t khc nhau (s nguyn t ln), ta gi l p v q. t N l tch ca chng N=p*q 2. Tm bi s chung nh nht L ca (p-1) v (q-1) 3. Tm s nguyn dng bt k e sao cho e v L l 2 s nguyn t cng nhau. (c chung ca e v L = 1) 4. Tm s nguyn dng d sao cho e*d chia cho L c s d l 1 Tm li l e v L, d v L u l nguyn t cng nhau. Nh vy, ta s c: Kha cng khai: e, n Kha b mt: d c im: t e, n tm ra d th cc k kh khn. ta gi Thng tin cha m ha: M Thng tin m ha: C M ha: C = M^e modn

20

Gii m: C = C^d modn mod l php chia ly s d. Ta c th m ha cc thng tin mang m nh hn n (0~n-1) v khi chia cho n, s nhn c s d t 0 -> n-1

Nguy c b thay i, sao chp hoc mt d liu trn mng tht s l mt tr ngi trong giao dch in t. V th, bo m tnh ton vn d liu l mt phn trong cc bin php m bo an ton thng tin theo chun ISO 17799. Th no l mt h thng an ton thng tin? Thanh ton bng th tn dng qua dch v web c th gp cc ri ro nh: Thng tin truyn t trnh duyt web ca khch hng dng thun vn bn nn c th b lt vo "con mt" ngi khc . Trnh duyt web ca khch hng khng th xc nh my ch m mnh trao i thng tin l tht hay gi mo. Khng th m bo c thng tin truyn i c b thay i hay khng. V vy cn phi c mt c ch bo m an ton trong qu trnh giao dch in t. Mt h thng thng tin trao i d liu an ton phi p ng cc yu cu sau: H thng phi m bo d liu trong qu trnh truyn i khng b nh cp. H thng phi c kh nng xc thc, trnh trng hp gi danh, mo nhn. H thng phi c kh nng kim tra tnh ton vn d liu. Giao thc SSL Giao thc SSL (Secure Socket Layer) t hp nhiu gii thut m ha nhm m bo qu trnh trao i thng tin trn mng c bo mt. Vic m ha d liu din ra mt cch trong sut, h tr nhiu giao thc khc chy trn nn giao thc TCP. C ch hot ng ca giao thc SSL da trn nn tng cc ng dng m ha c kim chng nh: gii thut m ha i xng v bt i xng, gii thut bm (hash) mt chiu, gii thut to ch k s, v.v... Phng php m ha d liu

21

M ha kha b mt Phng php m ha kha b mt (secret key cryptography) cn c gi l m ha i xng (symmetric cryptography). Vi phng php ny, ngi gi v ngi nhn s dng chung mt kha m ha v gii m d liu. Trc khi m ha d liu truyn i trn mng, hai bn gi v nhn phi c kha v phi thng nht thut ton dng m ha v gii m. C nhiu thut ton ng dng cho m ha kha b mt nh: DES - Data Encrytion Standard, 3DES - triplestrength DES, RC2 - Rons Cipher 2 v RC4, v.v... Nhn xt: Nhc im chnh ca phng php ny l kha c truyn trn mi trng mng nn tnh bo mt khng cao. u im l tc m ha v gii m rt nhanh. M ha kha cng khai Phng php m ha kha cng khai (public key cryptography) gii quyt c vn ca phng php m ha kha b mt l s dng hai kha public key v private key. Public key c gi cng khai trn mng, trong khi private key c gi kn. Public key v private key c vai tr tri ngc nhau, mt kha dng m ha v kha kia s dng gii m. Phng php ny cn c gi l m ha bt i xng (asymmetric cryptography) v n s dng hai kha khc nhau m ha v gii m d liu. Phng php ny s dng thut ton m ha RSA (tn ca ba nh pht minh ra n: Ron Rivest, Adi Shamir v Leonard Adleman) v thut ton DH (Diffie-Hellman). Gi s B mun gi cho A mt thng ip b mt s dng phng php m ha kha cng khai. Ban u, A c c private key v public key. A s gi private key ni an ton v gi public key cho B. B m ha v gi cho A thng ip m ha bng public key nhn c ca A. Sau A s gii m thng ip bng private key ca mnh. Ngc li nu A mun gi thng ip cho B th A phi m ha thng ip bng public key ca B. Nhn xt: Phng php cho php trao i kha mt cch d dng v tin li. Tuy nhin, tc m ha kh chm nn ch c s dng cho mu d liu nh. T chc chng nhn kha cng khai Hy xem v d A mun gi thng ip cho B v m ha theo phng php kha cng khai. Lc ny A cn phi m ha thng ip bng public key ca B. Trng hp public key b gi mo th sao? Hacker c th t sinh ra mt cp kha public key/private key, sau a cho A kha public key ny v ni y l kha public key ca B. Nu A dng public key gi ny m tng l ca B th dn n h qu mi thng tin A truyn i u b hacker c c. Vn ny c gii quyt nu c mt bn th ba c tin cy, gi l C, ng ra chng nhn public key. Nhng public key c C chng nhn gi l chng nhn in t (public key certificate hay digital certificate).

22

Mt chng nhn in t c th c xem nh l mt h chiu hay chng minh th. N c mt t chc tin cy (nh VeriSign, Entrust, CyberTrust, v.v...) to ra. T chc ny c gi l t chc chng nhn kha cng khai Certificate Authority (CA). Mt khi public key c CA chng nhn th c th dng kha trao i d liu trn mng vi mc bo mt cao. Cu trc ca mt chng nhn in t gm cc thnh phn chnh nh sau: Issuer: tn ca CA to ra chng nhn. Period of validity: ngy ht hn ca chng nhn. Subject: bao gm nhng thng tin v thc th c chng nhn. Public key: kha cng khai c chng nhn. Signature: do private key ca CA to ra v m bo gi tr ca chng nhn. Ch k in t Ch k in t (digital signature) l on d liu ngn nh km vi vn bn gc chng thc tc gi ca vn bn v gip ngi nhn kim tra tnh ton vn ca ni dung vn bn gc. Ch k in t c to ra bng cch p dng thut ton bm mt chiu trn vn bn gc to ra bn phn tch vn bn (message digest) hay cn gi l fingerprint, sau m ha bng private key to ra ch k s nh km vi vn bn gc gi i. khi nhn, vn bn c tch lm 2 phn, phn vn bn gc c tnh li fingerprint so snh vi fingerprint c cng c phc hi t vic gii m ch k s. Cc bc m ha: 1. Dng gii thut bm thay i thng ip cn truyn i. kt qu ta c mt message digest. dng gii thut md5 (message digest 5) ta c digest c chiu di 128-bit, dng gii thut sha (secure hash algorithm) ta c chiu di 160-bit. 2. S dng kha private key ca ngi gi m ha message digest thu c bc 1. thng thng bc ny ta dng gii thut rsa. kt qu thu c gi l digital signature ca message ban u. 3. Gp digital signature vo message ban u. cng vic ny gi l k nhn vo message. sau khi k nhn vo message, mi s thay i trn message s b pht hin trong giai on kim tra. ngoi ra, vic k nhn ny m bo ngi nhn tin tng message ny xut pht t ngi gi ch khng phi l ai khc. Cc bc kim tra:

23

1. Dng public key ca ngi gi (kha ny c thng bo n mi ngi) gii m ch k s ca message. 2. Dng gii thut (md5 hoc sha) bm message nh km. 3. So snh kt qu thu c bc 1 v 2. nu trng nhau, ta kt lun message ny khng b thay i trong qu trnh truyn v message ny l ca ngi gi. Nhn xt v ng dng ch k in t Ch k in t l m hnh m bo an ton d liu khi truyn trn mng v c s dng to chng nhn in t trong cc giao dch in t qua mng Internet. V d A gi n t chc Certificate Authority yu cu cp chng nhn in t km theo kha cng khai ca h. T chc CA s k nhn vo v cp digital certificate cho A. Khch hng ny s thng bo certificate ca mnh trn mng. Gi s c B mun gi cho A mt message th cng vic u tin B s ly certificate ca A v kim tra tnh hp l ca certificate. Nu hp l, B s ly public key trong digital certificate m ha d liu v gi cho A.

Hot ng
M t s lc
Thut ton RSA c hai kha: kha cng khai (hay kha cng cng) v kha b mt (hay kha ring). Mi kha l nhng s c nh s dng trong qu trnh m ha v gii m. Kha cng khai c cng b rng ri cho mi ngi v c dng m ha. Nhng thng tin c m ha bng kha cng khai ch c th c gii m bng kha b mt tng ng. Ni cch khc, mi ngi u c th m ha nhng ch c ngi bit kha ring (b mt) mi c th gii m c. Ta c th m phng trc quan mt h mt m kho cng khai nh sau : Bob mun gi cho Alice mt thng tin mt m Bob mun duy nht Alice c th c c. lm c iu ny, Alice gi cho Bob mt chic hp c kha m sn v gi li cha kha. Bob nhn chic hp, cho vo mt t giy vit th bnh thng v kha li (nh loi kho thng thng ch cn sp cht li, sau khi sp cht kha ngay c Bob cng khng th m li c-khng c li hay sa thng tin trong th c na). Sau Bob gi chic hp li cho Alice. Alice m hp vi cha kha ca mnh v c thng tin trong th. Trong v d ny, chic hp vi kha m ng vai tr kha cng khai, chic cha kha chnh l kha b mt.

To kha
Gi s Alice v Bob cn trao i thng tin b mt thng qua mt knh khng an ton (v d nh Internet). Vi thut ton RSA, Alice u tin cn to ra cho mnh cp kha gm kha cng khai v kha b mt theo cc bc sau:

1. Chn 2 s nguyn t ln v vi

, la chn ngu nhin v c lp.

24

2. 3. 4. 5.

Tnh:

. . v l s nguyn t cng nhau vi . .

Tnh: gi tr hm s le Chn mt s t nhin sao cho Tnh: sao cho

Mt s lu :

Cc s nguyn t thng c chn bng phng php th xc sut. Cc bc 4 v 5 c th c thc hin bng gii thut Euclid m rng (xem thm: s hc mun). Bc 5 c th vit cch khc: Tm s t nhin sao cho cng l s t nhin. Khi s dng gi tr . thay cho T bc 3, PKCS#1 v2.1 s dng ).

Kha cng khai bao gm:

n, mun, v e, s m cng khai (cng gi l s m m ha).

Kha b mt bao gm:

n, mun, xut hin c trong kha cng khai v kha b mt, v d, s m b mt (cng gi l s m gii m).

Mt dng khc ca kha b mt bao gm:

p and q, hai s nguyn t chn ban u, d mod (p-1) v d mod (q-1) (thng c gi l dmp1 v dmq1), (1/q) mod p (thng c gi l iqmp)

Dng ny cho php thc hin gii m v k nhanh hn vi vic s dng nh l s d Trung Quc (ting Anh: Chinese Remainder Theorem - CRT). dng ny, tt c thnh phn ca kha b mt phi c gi b mt. Alice gi kha cng khai cho Bob, v gi b mt kha ring ca mnh. y, p v q gi vai tr rt quan trng. Chng l cc phn t ca n v cho php tnh d khi bit e. Nu khng s dng dng sau ca kha b mt (dng CRT) th p v q s c xa ngay sau khi thc hin xong qu trnh to kha.

M ha

25

Gi s Bob mun gi on thng tin M cho Alice. u tin Bob chuyn M thnh mt s m < n theo mt hm c th o ngc (t m c th xc nh li M) c tha thun trc. Qu trnh ny c m t phn #Chuyn i vn bn r. Lc ny Bob c m v bit n cng nh e do Alice gi. Bob s tnh c l bn m ha ca m theo cng thc:

Hm trn c th tnh d dng s dng phng php tnh hm m (theo mun) bng (thut ton bnh phng v nhn) Cui cng Bob gi c cho Alice.

Gii m
Alice nhn c t Bob v bit kha b mt d. Alice c th tm c m t c theo cng thc sau:

Bit m, Alice tm li M theo phng php tha thun trc. Qu trnh gii m hot ng v ta c . Do ed 1 (mod p-1) v ed 1 (mod q-1), (theo nh l Fermat nh) nn:

Do p v q l hai s nguyn t cng nhau, p dng nh l s d Trung Quc, ta c: . hay: .

V d
Sau y l mt v d vi nhng s c th. y chng ta s dng nhng s nh tin tnh ton cn trong thc t phi dng cc s c gi tr ln.

26

Ly: p = 61 q = 53 n = pq = 3233 e = 17 d = 2753 s nguyn t th nht (gi b mt hoc hy sau khi to kha) s nguyn t th hai (gi b mt hoc hy sau khi to kha) mun (cng b cng khai) s m cng khai s m b mt

Kha cng khai l cp (e, n). Kha b mt l d. Hm m ha l: encrypt(m) = me mod n = m17 mod 3233 vi m l vn bn r. Hm gii m l: decrypt(c) = cd mod n = c2753 mod 3233 vi c l vn bn m. m ha vn bn c gi tr 123, ta thc hin php tnh: encrypt(123) = 12317 mod 3233 = 855 gii m vn bn c gi tr 855, ta thc hin php tnh: decrypt(855) = 8552753 mod 3233 = 123 C hai php tnh trn u c th c thc hin hiu qu nh gii thut bnh phng v nhn.

Chuyn i vn bn r
Trc khi thc hin m ha, ta phi thc hin vic chuyn i vn bn r (chuyn i t M sang m) sao cho khng c gi tr no ca M to ra vn bn m khng an ton. Nu khng c qu trnh ny, RSA s gp phi mt s vn sau:

Nu m = 0 hoc m = 1 s to ra cc bn m c gi tr l 0 v 1 tng ng Khi m ha vi s m nh (chng hn e = 3) v m cng c gi tr nh, gi tr cng nhn gi tr nh (so vi n). Nh vy php mun khng c tc dng v c th d dng tm c m bng cch khai cn bc e ca c (b qua mun). RSA l phng php m ha xc nh (khng c thnh phn ngu nhin) nn k tn cng c th thc hin tn cng la chn bn r bng cch to ra mt bng tra gia bn r v bn m. Khi gp mt bn m, k tn cng s dng bng tra tm ra bn r tng ng.

Trn thc t, ta thng gp 2 vn u khi gi cc bn tin ASCII ngn vi m l nhm vi k t ASCII. Mt on tin ch c 1 k t NUL s c gn gi tr m = 0 v cho ra bn m l 0 bt k gi

27

tr ca e v N. Tng t, mt k t ASCII khc, SOH, c gi tr 1 s lun cho ra bn m l 1. Vi cc h thng dng gi tr e nh th tt c k t ASCII u cho kt qu m ha khng an ton v gi tr ln nht ca m ch l 255 v 2553 nh hn gi tr n chp nhn c. Nhng bn m ny s d dng b ph m. trnh gp phi nhng vn trn, RSA trn thc t thng bao gm mt hnh thc chuyn i ngu nhin ha m trc khi m ha. Qu trnh chuyn i ny phi m bo rng m khng ri vo cc gi tr khng an ton. Sau khi chuyn i, mi bn r khi m ha s cho ra mt trong s kh nng trong tp hp bn m. iu ny lm gim tnh kh thi ca phng php tn cng la chn bn r (mt bn r s c th tng ng vi nhiu bn m tu thuc vo cch chuyn i). Mt s tiu chun, chng hn nh PKCS, c thit k chuyn i bn r trc khi m ha bng RSA. Cc phng php chuyn i ny b sung thm bt vo M. Cc phng php chuyn i cn c thit k cn thn trnh nhng dng tn cng phc tp tn dng kh nng bit trc c cu trc ca bn r. Phin bn ban u ca PKCS dng mt phng php c ng (ad-hoc) m v sau c bit l khng an ton trc tn cng la chn bn r thch ng (adaptive chosen ciphertext attack). Cc phng php chuyn i hin i s dng cc k thut nh chuyn i m ha bt i xng ti u (Optimal Asymmetric Encryption Padding - OAEP) chng li tn cng dng ny. Tiu chun PKCS cn c b sung cc tnh nng khc m bo an ton cho ch k RSA (Probabilistic Signature Scheme for RSA - RSA-PSS).

To ch k s cho vn bn
Thut ton RSA cn c dng to ch k s cho vn bn. Gi s Alice mun gi cho Bob mt vn bn c ch k ca mnh. lm vic ny, Alice to ra mt gi tr bm (hash value) ca vn bn cn k v tnh gi tr m d mod n ca n (ging nh khi Alice thc hin gii m). Gi tr cui cng chnh l ch k in t ca vn bn ang xt. Khi Bob nhn c vn bn cng vi ch k in t, anh ta tnh gi tr m e mod n ca ch k ng thi vi vic tnh gi tr bm ca vn bn. Nu 2 gi tr ny nh nhau th Bob bit rng ngi to ra ch k bit kha b mt ca Alice v vn bn khng b thay i sau khi k. Cn ch rng cc phng php chuyn i bn r (nh RSA-PSS) gi vai tr quan trng i vi qu trnh m ha cng nh ch k in t v khng c dng kha chung cho ng thi cho c hai mc ch trn.

An ninh
an ton ca h thng RSA da trn 2 vn ca ton hc: bi ton phn tch ra tha s nguyn t cc s nguyn ln v bi ton RSA. Nu 2 bi ton trn l kh (khng tm c thut ton hiu qu gii chng) th khng th thc hin c vic ph m ton b i vi RSA. Ph m mt phn phi c ngn chn bng cc phng php chuyn i bn r an ton. Bi ton RSA l bi ton tnh cn bc e mun n (vi n l hp s): tm s m sao cho me=c mod n, trong (e, n) chnh l kha cng khai v c l bn m. Hin nay phng php trin vng nht gii bi ton ny l phn tch n ra tha s nguyn t. Khi thc hin c iu ny, k tn cng s

28

tm ra s m b mt d t kha cng khai v c th gii m theo ng quy trnh ca thut ton. Nu k tn cng tm c 2 s nguyn t p v q sao cho: n = pq th c th d dng tm c gi tr (p-1)(q-1) v qua xc nh d t e. Cha c mt phng php no c tm ra trn my tnh gii bi ton ny trong thi gian a thc (polynomial-time). Tuy nhin ngi ta cng cha chng minh c iu ngc li (s khng tn ti ca thut ton). Xem thm phn tch ra tha s nguyn t v vn ny. Ti thi im nm 2005, s ln nht c th c phn tch ra tha s nguyn t c di 663 bt vi phng php phn tn trong khi kha ca RSA c di t 1024 ti 2048 bt. Mt s chuyn gia cho rng kha 1024 bt c th sm b ph v (cng c nhiu ngi phn i vic ny). Vi kha 4096 bt th hu nh khng c kh nng b ph v trong tng lai gn. Do , ngi ta thng cho rng RSA m bo an ton vi iu kin n c chn ln. Nu n c di 256 bt hoc ngn hn, n c th b phn tch trong vi gi vi my tnh ring dng cc phn mm c sn. Nu n c di 512 bt, n c th b phn tch bi vi trm my tnh ti thi im nm 1999. Mt thit b l thuyt c tn l TWIRL do Shamir v Tromer m t nm 2003 t ra cu hi v an ton ca kha 1024 bt. V vy hin nay ngi ta khuyn co s dng kha c di ti thiu 2048 bt. Nm 1993, Peter Shor cng b thut ton Shor ch ra rng: my tnh lng t (trn l thuyt) c th gii bi ton phn tch ra tha s trong thi gian a thc. Tuy nhin, my tnh lng t vn cha th pht trin c ti mc ny trong nhiu nm na. Nm 2010, cc nh khoa hc thuc i hc Michigan cng b pht hin mt k h trong h thng mt m ho RSA. Cch ph v h thng, ly kho b mt RSA 1024 bit ch trong vi ngy thay v vi nm nu tn cng theo cch thng thng - tn cng bng brute force (d tm ln lt). Cc nh khoa hc to mt in th ln gy li h thng, t gip tm ra kho b mt. Vic tn cng c thc hin trn mt FPGA. Bo co c trnh by ti hi ngh DATE 2010 din ra ti Dresden, c thng 3 nm 2010.

Xem thm: Bi ton phn tch RSA

Cc vn t ra trong thc t
Qu trnh to kha
Vic tm ra 2 s nguyn t ln p v q thng c thc hin bng cch th xc sut cc s ngu nhin c ln ph hp (dng php kim tra nguyn t cho php loi b hu ht cc hp s). p v q cn cn c chn khng qu gn nhau phng trng hp phn tch n bng phng php phn tch Fermat. Ngoi ra, nu p-1 hoc q-1 c tha s nguyn t nh th n cng c th d dng b phn tch v v th p v q cng cn c th trnh kh nng ny.

29

Bn cnh , cn trnh s dng cc phng php tm s ngu nhin m k tn cng c th li dng bit thm thng tin v vic la chn (cn dng cc b to s ngu nhin tt). Yu cu y l cc s c la chn cn ng thi ngu nhin v khng d on c. y l cc yu cu khc nhau: mt s c th c la chn ngu nhin (khng c kiu mu trong kt qu) nhng nu c th d on c d ch mt phn th an ninh ca thut ton cng khng c m bo. Mt v d l bng cc s ngu nhin do tp on Rand xut bn vo nhng nm 1950 c th rt thc s ngu nhin nhng k tn cng cng c bng ny. Nu k tn cng on c mt na ch s ca p hay q th chng c th d dng tm ra na cn li (theo nghin cu ca Donald Coppersmith vo nm 1997) Mt im na cn nhn mnh l kha b mt d phi ln. Nm 1990, Wiener ch ra rng nu gi tr ca p nm trong khong q v 2q (kh ph bin) v d < n1/4/3 th c th tm ra c d t n v e. Mc d e tng c gi tr l 3 nhng hin nay cc s m nh khng cn c s dng do c th to nn nhng l hng ( cp phn chuyn i vn bn r). Gi tr thng dng hin nay l 65537 v c xem l ln v cng khng qu ln nh hng ti vic thc hin hm m.

Tc
RSA c tc thc hin chm hn ng k so vi DES v cc thut ton m ha i xng khc. Trn thc t, Bob s dng mt thut ton m ha i xng no m ha vn bn cn gi v ch s dng RSA m ha kha gii m (thng thng kha ngn hn nhiu so vi vn bn). Phng thc ny cng to ra nhng vn an ninh mi. Mt v d l cn phi to ra kha i xng tht s ngu nhin. Nu khng, k tn cng (thng k hiu l Eve) s b qua RSA v tp trung vo vic on kha i xng.

Phn phi kha

Cng ging nh cc thut ton m ha khc, cch thc phn phi kha cng khai l mt trong nhng yu t quyt nh i vi an ton ca RSA. Qu trnh phn phi kha cn chng li c tn cng ng gia (man-in-the-middle attack). Gi s Eve c th gi cho Bob mt kha bt k v khin Bob tin rng l kha (cng khai) ca Alice. ng thi Eve c kh nng c c thng tin trao i gia Bob v Alice. Khi , Eve s gi cho Bob kha cng khai ca chnh mnh (m Bob ngh rng l kha ca Alice). Sau , Eve c tt c vn bn m ha do Bob gi, gii m vi kha b mt ca mnh, gi 1 bn copy ng thi m ha bng kha cng khai ca Alice v gi cho Alice. V nguyn tc, c Bob v Alice u khng pht hin ra s can thip ca ngi th ba. Cc phng php chng li dng tn cng ny thng da trn cc chng thc kha cng khai (digital certificate) hoc cc thnh phn ca h tng kha cng khai (public key infrastructure - PKI).

Tn cng da trn thi gian

30

Vo nm 1995, Paul Kocher m t mt dng tn cng mi ln RSA: nu k tn cng nm thng tin v phn cng thc hin m ha v xc nh c thi gian gii m i vi mt s bn m la chn th c th nhanh chng tm ra kha d. Dng tn cng ny c th p dng i vi h thng ch k in t s dng RSA. Nm 2003, Dan Boneh v David Brumley chng minh mt dng tn cng thc t hn: phn tch tha s RSA dng mng my tnh (My ch web dng SSL). Tn cng khai thc thng tin r r ca vic ti u ha nh l s d Trung quc m nhiu ng dng thc hin. chng li tn cng da trn thi gian l m bo qu trnh gii m lun din ra trong thi gian khng i bt k vn bn m. Tuy nhin, cch ny c th lm gim hiu sut tnh ton. Thay vo , hu ht cc ng dng RSA s dng mt k thut gi l che mt. K thut ny da trn tnh nhn ca RSA: thay v tnh cd mod n, Alice u tin chn mt s ngu nhin r v tnh (rec)d mod n. Kt qu ca php tnh ny l rm mod n v tc ng ca r s c loi b bng cch nhn kt qu vi nghch o ca r. i vi mi vn bn m, ngi ta chn mt gi tr ca r. V vy, thi gian gii m s khng cn ph thuc vo gi tr ca vn bn m.

Tn cng la chn thch nghi bn m

Nm 1981, Daniel Bleichenbacher m t dng tn cng la chn thch nghi bn m (adaptive chosen ciphertext attack) u tin c th thc hin trn thc t i vi mt vn bn m ha bng RSA. Vn bn ny c m ha da trn tiu chun PKCS #1 v1, mt tiu chun chuyn i bn r c kh nng kim tra tnh hp l ca vn bn sau khi gii m. Do nhng khim khuyt ca PKCS #1, Bleichenbacher c th thc hin mt tn cng ln bn RSA dng cho giao thc SSL (tm c kha phin). Do pht hin ny, cc m hnh chuyn i an ton hn nh chuyn i m ha bt i xng ti u (Optimal Asymmetric Encryption Padding) c khuyn co s dng. ng thi phng nghin cu ca RSA cng a ra phin bn mi ca PKCS #1 c kh nng chng li dng tn cng ni trn.

H mt m bt i xng (hay cn gi l mt m kha cng khai) : Hay cn gi l h mt m cng khai, cc h mt ny dng mt kho m ho sau dng mt kho khc gii m, ngha l kho m ho v gii m l khc nhau. Cc kho ny to nn tng cp chuyn i ngc nhau v khng 31

c kho no c th suy c t kho kia. Kho dng m ho c th cng khai nhng kho dng gii m phi gi b mt. Ngoi ra nu da vo thi gian a ra h mt m ta cn c th phn lm hai loi: Mt m c in (l h mt m ra i trc nm 1970) v mt m hin i (ra i sau nm 1970). Cn nu da vo cch thc tin hnh m th h mt m cn c chia lm hai loi l m dng (tin hnh m tng khi d liu, mi khi li da vo cc kha khc nhau, cc kha ny c sinh ra t hm sinh kha, c gi l dng kha ) v m khi (tin hnh m tng khi d liu vi kha nh nhau) Tiu chun nh gi h mt m c, Phn phi kha: Mt h mt m ph thuc vo kha, kha ny c truyn cng khai hay truyn kha b mt. Phn phi kha b mt th chi ph s cao hn so vi cc h mt c kha cng khai. V vy y cng l mt tiu ch khi la chn h mt m. 1.7. Tiu chun nh gi h mt m nh gi mt h mt m ngi ta thng nh gi thng qua cc tnh cht sau: a, an ton: Mt h mt c a vo s dng iu u tin phi c an ton cao. u im ca mt m l c th nh gi c an ton thng qua an ton tnh ton m khng cn phi ci t. Mt h mt c coi l an ton nu ph h mt m ny phi dng n php ton. M gii quyt n php ton cn thi gian v cng ln, khng th chp nhn c. Mt h mt m c gi l tt th n cn phi m bo cc tiu chun sau: - Chng phi c phng php bo v m ch da trn s b mt ca cc kho, cng khai thut ton. - Khi cho kho cng khai eK v bn r P th chng ta d dng tnh c eK(P) = C. Ngc li khi cho dK v bn m C th d dng tnh c dK(M)=P. Khi khng bit dK th khng c kh nng tm c M t C, ngha l khi cho hm f: X Y th vic tnh y=f(x) vi mi x X l d cn vic tm x khi 32

bit y li l vn kh v n c gi l hm mt chiu. - Bn m C khng c c cc c im gy ch , nghi ng. b, Tc m v gii m: Khi nh gi h mt m chng ta phi ch n tc m v gii m. H mt tt th thi gian m v gii m nhanh. Chng 4: Mt m cng khai 4.1. Gii thiu v h mt m kha cng khai. 4.1.1. Gii thiu. Trong m hnh mt m c in m cho ti nay vn cn ang c nghin cu Alice (ngi gi) v Bob (ngi nhn) bng cch chn mt kho b mt K. Sau Alice dng kho K m ho theo lut eK v Bod dng kho K gii m theo lut gii dK . Trong h mt ny, dK hoc ging nh eK hoc d dng nhn c t n v qu trnh gii m hon ton tng t nh qu trnh m, nhng th tc kho th ngc li. Nhc im ln ca h mt ny l nu ta l eK th lm cho h thng mt an ton, chnh v vy chng ta phi to cho cc h mt ny mt knh an ton m kinh ph to mt knh an ton khng phi l r. tng xy dng mt h mt kho cng khai l tm mt h mt khng c kh nng tnh ton xc nh dK nu bit c eK. Nu thc hin c nh vy th quy tc m eK c th c cng khai bng cch cng b n trong danh b, v khi Alice (ngi gi) hoc bt c mt ai mun gi mt bn tin cho Bob (ngi nhn) th ngi khng phi thng tin trc vi Bob (ngi nhn) v kho mt, m ngi gi s m ho bn tin bng cch dng lut m cng khai eK. Khi bn tin ny c chuyn cho Bob (ngi nhn) th ch c duy nht Bob mi c th gii c bn tin ny bng cch s dng lut gii m b mt dK. tng v h mt kho cng khai c Diffie v Heliman a ra vo nm 1976. Cn vic thc hin h mt kho cng khai th li c Rivest. Shamin v Adieman a ra u tin vo nm 1977. H to nn 33

h mt RSA ni ting. K t c mt s h mt c cng b, mt ca tng h da trn cc bi ton tnh ton khc nhau. Trong quan trng nht l cc h mt sau: H mt RSA bo mt ca h RSA da trn kh ca vic phn tch ra tha s nguyn t cc s nguyn t ln. H mt xp bal Merkle Hellman. H ny v cc h c lin quan da trn tnh kh gii ca bi ton tng cc tp con. H mt McEliece H mt nan da trn l thuyt m i s v vn c coi l an ton. H mt McEliece da trn bi ton gii m cho cc m tuyn tnh. H mt ElGamal H ElGamal da trn tnh kh gii ca bi ton Logarit ri rc trn cc trng hu hn. H mt Chor Rivest H mt Chor Rivest cng c xem nh mt loi h mt xp bal. Tuy nhin h mt ny vn cn c coi l h mt an ton. H mt trn cc ng cong Elliptic. Cc h ny l bin tng ca h mt khc, chng lm vic trn cc ng cong Elliptic ch khng phi trn cc trng hu hn. H mt ny m bo mt v kho s nh hn cc h mt kho cng khai khc. Mt ch quan trng l mt h mt kho cng khai khng bao gi c th bo m c mt tuyt i (an ton v in kin). S d vy v i phng nghin cu mt bn m C c th m ln lt cc bn r c th bng lut m cng khai eK cho ti khi anh ta tm c mt bn r duy nht P bo m C = eK(P). Bn r P ny chnh l kt qu gii m ca C. Bi vy ta ch nghin cu mt v mt tnh ton ca h ny. Mt ch quan trng v c ch khi nghin cu na l khi nim v 34

hm ca sp mt chiu. Ta nh ngha khi nim ny mt cch khng hnh thc. nh ngha: Hm f: X Y c gi l hm mt chiu nu tnh y=f(x) vi mi x X l d nhng vic tm x khi bit y li l vn kh. Thc ra pht biu trn ch l nh ngha phi hnh thc (do thut ng kh c dng n l khng nh lng v thm ch sau ny chng ta bit l ngay c khi nh lng bng s khng tn ti thut ton gii bi ton ngc trong phm vi a thc th khi nim kh nu trn c tn ti hay khng cng cha c ai khng nh r rng) v iu ng tic hn na l tt c cc hm ng c vin cho khi nim ny cho n nay ch mi c coi l mt chiu. Chng ta d dng thng nht c vi nhau l ch ring hm mt chiu l khng xy dng thnh mt lut m theo kiu cng khai hm m ho do v chnh bn thn ch nhn ca bc in mt cng gp phi hon cnh tng t nh ngi khc. Nh vy c th gii m mt cch hu hiu th ngi gii m phi c mt hiu bit tuyt mt no v kho gii (mt hiu bit theo kiu nu bit n th cch gii d dng) hiu bit tuyt mt ny c gi l ca sp. Hm mt chiu nh trn c gi l hm mt chiu c ca sp. D nhin d khng bit ca sp th ngi thm m vn c th s dng hiu bit v hm f ln lt tnh tt c cc gi tr f(x) cho mi bn r x cho ti khi tm c bn r tho mn y=f(x). Bn r tm c trn chnh l kt qu gii m ca y. Ngoi ra ngi thm m cn c th s dng nhiu phng php tn cng khc nhm vo c th ring ca tng hm f tm ra bn r trong cc trng hp ring r khc ch khng nht thit phi gii bi ton ngc. Tm li c an ton ca h mt kho cng khai khng ch ph thuc vo kh ca vic gii bi ton ngc m tnh bn ca s an ton ny cn ph thuc vo cc phng php tn cng ca cc thm m, v li nh trnh by 35

 trn th ton b cc h kho mt cng khai ang c s dng u cha c s khng nh v tnh kh m ngay c khi c s m bo ny th c s tin b khng ngng ca cng ngh tnh ton tgh hin nhin nhiu vn cha th chp nhn c trong hin ti s c chp nhn trong tng lai. Thc t khng ch i vi cc h mt kho cng khai do vy quan nim mi v tnh an ton tng i m vi n ny sinh ra cc h mt kho cng khai ng thi cng t cho chng ta nhiu bi ton nghim tc phi gii quyt khi s dng h mt ny. Chng ny gii thiu c th mt s h mt cng khai m vi n s an ton cng nh kh nng ng dng ca n c cc b c v trn th gii tha nhn l h mt kho cng khai sng gi nht, l h mt kho cng khai RSA. Hm m cng khai ek ca Bob phi l mt hm d tnh ton. Song vic tnh hm ngc (tc l hm gii m) phi rt kh khn (i vi bt k ai khng phi l Bob). c tnh d tnh ton nhng kh tnh ngc thng c gi l c tnh mt chiu. Bi vy iu cn thit l ek phi l mt hm mt chiu. Cc hm mt chiu ng mt vai tr trng yu trong mt m hc: Chng rt quan trng trong vic xy dng cc h mt kho cng khai v trong nhiu lnh vc khc. ng tic l, mc d c rt nhiu hm c coi l hm mt chiu nhng cho ti nay vn khng tn ti c mt hm no c th chng minh c l mt hm mt chiu. Sau y l mt v d v mt hm c coi l hm mt chiu. Gi s n l tch ca hai s nguyn p v q, gi s b l mt s nguyn dng. Khi ta xc nh nh x f:Zn Zn l f(x)=xb mod n. (vi b v n c chn thch hp th y chnh l hm m RSA). xy dng mt h mt kho cng khai th vic tm mt hm mt chiu vn cha . Ta khng mun ek l mt hm mt chiu i vi Bob v 36

anh ta phi c kh nng gii m cc bn tin nhn c c hiu qu. iu cn thit l Bob phi c mt ca sp cha thng tin b mt cho php d dng tm ngc ca ek. Nh vy Bob c th gii m mt cch hu hiu v anh ta c mt hiu bit tuyt mt no v K. Bi vy mt hm c gi l ca sp mt chiu nu n l hm mt chiu v n s tr nn d tnh ngc nu bit mt ca sp nht nh. 4.1.2. Nhc li mt s kin thc s hc lin quan nh ngha: Hm Phi Euler ca s nguyn dng n l s cc s nguyn t cng nhau vi n nh hn n.K hiu (n) V d: (6)=2, (26)=12 Tnh cht ca hm Phi euler: 1. Nu n l s nguyn t th (n) = n-1 V d: (7)=6 2. Nu p, q l 2 s nguyn t cng nhau thi: (p*q)=(p)*(q) v d (26)=(2*13)=(2)*(13)=1*12=12 3. Nu p l s nguyn t thi: (pr )=(p-1)*pr-1 nh l: Nu a, n l nguyn t cng nhau thi a(n) =1 mod n 4.2. H mt RSA 4.2.1. Thut ton RSA RSA l tn vit tt ca ba tc gi Rivest, Sharmir, Adleman ca trng MIT ra h mt m cng khai. H mt ny c xut nm 1977, da trn c s tnh cc lu tha trong s hc. an ton ca h mt da trn 37

kh ca vic phn tch thnh tha s nguyn t ca cc s nguyn ln. Nhiu h mt kho cng khai sau ny c pht trin nhng u thua km h RSA. Cc h balo ca sp b ph v v cho n nay, ngoi h RSA, cha c mt h no khc cung cp c c an ton v ch k s. a. Thut ton to kho Bc 1: B (ngi nhn) to hai s nguyn t ln ngu nhin p v q (p<>q) Bc 2: B tnh n=p*q v (n) = (p-1)(q-1) Bc 3: B chn mt s ngu nhin e (0 < e < (n)) sao cho CLN(b,(n))=1 Bc 4: B tnh d=e -1 bng cch dng thut ton Euclide Bc 5: B cng b n v e trong danh b lm kho cng khai (public key), cn d lm kho b mt (private key). b. Thut ton m ho v gii m + M ho:
VI. Kt lun Vic ng dng tin hc vo cc hot ng ca chnh quyn, mang mt ngha ht sc quan trng khi chng ta ang y mnh cng tc ci cch hnh chnh, tng bc xy dng h thng thng tin ly ngi dn lm i tng phc v vi nhiu dch v nh: ng k kinh doanh, trao i vn bn, thanh ton in t... Tuy nhin cc h thng hin ti cn phi bo m tin cy, to s an tm cho ngi dng khi s dng h thng. Bn cnh cc gii php cho vn bo mt ngy cng pht trin th cng xut hin nhiu dng tn cng khc nhau v ngy cng tinh vi hn. Do , vn lm sao a ra mt gii php hiu qu theo thi gian. C s h tng m kho cng cng s ng vai tr quan trng, trong cng tc bo mt ca cc h thng thng tin in t. Tuy nhin vic ng dng ch k s v dch v chng thc in t, theo cng ngh h tng kho cng khai (PKI) cha c trin khai rng ri, trong cc h thng trao i thng tin cc c quan v Doanh nghip, v cha c khung php l r rng. Chnh ph v cc b ngnh ang tng bc xy dng v c th ho lut giao dch in t. Thng 3/2002 Chnh ph c quyt nh s 44/2002/Q-TTg v chp nhn ch k in t trong thanh ton lin ngn hng do Ngn hng Nh nc Vit nam ngh, ngy 7/12/2004 va qua, B Bu chnh, Vin thng t chc Hi tho quc gia ly kin ng gp ca cc b ngnh, cc chuyn gia cho d tho Ngh nh Ch k s v dch v chng thc in t.

38

2. H m kho cng khai: Qu trnh m ho s dng mt kho c th cng khai v khi gii m th s dng mt kho khc. V s sng 1 cp kho trong c mt kho c th c cng b nn gi l h kho cng khai, hay cn gi l h phi i xng.Thc cht h m kho cng khai s dng 2 kho c lin quan vi nhau: - Kho cng khai (Public key) c s dng m ho nhng thng tin m bn mun chia s vi bt c ai. Chnh v vy bn c th t do phn pht n cho bt c ai m bn cn chia s thng tin dng m ho. - Kho ring (Private key) kho ny thuc s hu ring t ca ngi c cp v n c s dng gii m thng tin. I. t vn Trong th k ny giy khng cn l phng tin duy nht chng nhn tho thun gia cc i tc. Ti nhiu nc, cc tho thun thng qua h thng thng tin in t gia cc bn c hp php ho v c gi tr tng ng vi cc tho thun thng thng mang tnh php l. S kin ny nh du mt bc nhy vt bi cc d n v h thng chnh ph in t, thng mi in t ca cc Quc gia v Doanh nghip. Tuy nhin cho n nay cc d n ny vn cha c trin khai rng ri, do nhiu nguyn nhn khc nhau. Mt trong nhng nguyn nhn quan trng l ngi dng vn lun cm thy khng an ton khi s dng h thng. Chng hn khi gi mt mu tin c th l: vn bn, ging ni, hnh nh, phim video Ngi nhn c quyn nghi ng: thng tin c phi l ca i tc khng, n c b ai xm phm, v nhng ngi khc c th gii m n c Nhng th thch ny thu ht s ch ca nhiu nh khoa hc trong lnh vc nghin cu bo mt thng tin. III. Nguyn l v m hnh hot ng Nguyn l hot ng ca h m ho cng cng do cc ng Whitfield Diffie v Martin Hellman ngh vo ra nm 1977. Khi hai bn trao i thng tin phi bit kho cng khai (ek) ca nhau. Vic bit kho cng khai (ek) khng cho php tnh ra c kho ring (dk). Nh vy trong h thng mi c th k khi ng k vo h thng c cp 1 cp kha (ek,dk). Trong ek l cha kha lp m, dk l cha kho gii m [2]. M hnh hot ng khi bn A mun gi cho bn B mt vn bn m (hnh 1) th Bn A phi dng kho cng khai ca bn B m ho thng tin, vn bn m ha c k hiu l T= ek(m). Khi bn B nhn c th dng kho ring dk (ca cp ek, dk) gii m khi : dk(T)= dk(ek(m))= m. Nh vy c th nhiu ring C, D... cng thc hin giao dch v c kho cng khai ca B, nhng C,D... khng th gii m c m v khng c kho dk d cho chn bt c cc gi thng tin gi i trn mng.[2] Thc ra m hnh ny s dng trong thc t giao dch l s dng chng minh nhn dn nhn qu, tin hoc hng qua bu in, kho cng khai ng vai tr nh: Tn trn giy chng minh th, cn kho ring l nh v du vn tay. Nu xem bu phm l thng tin truyn i, c "m ho" bi tn ngi nhn, d c dng chng minh th nht c vn khng c nhn vin bu cc giao bu kin v nh mt v du vn tay khng ging.

39