Professional Documents
Culture Documents
BẢO MẬT VÀ AN TOÀN THÔNG TIN TRONG THƯƠNG MẠI ĐIỆN TỬ
BẢO MẬT VÀ AN TOÀN THÔNG TIN TRONG THƯƠNG MẠI ĐIỆN TỬ
1
=H(m) =31229978.
Ch k s = m
1
b
=mod n =31229978
4430237
mod 55465219 =30729435
Xc nhn ch k:
B tnh m
2
= s
a
mod n = 30729435
5
mod 55465219 =31229978
B chp nhn ch k v m
2
= m
1
.
3.2. S ch k DSA (Digital Signature Standard)
Trong phn ny ni dung chnh l nghin cu cc s ch k in t
DSA v lp cc ch k tng t, c im ca nhng gii thut ny l u s
dng ch k theo kiu chn la ngu nhin. Tt c cc s DSA km thng
ip u c th ci bin thnh cc s k khi phc thng ip .c bit, s i
su vo chun ch k in t DSS(Digital Signature Standard) do kh nng ci
t thc t ca n
a. Gii thiu
S ch k DSS da trn giI thut k in t DSA (Digital Signature
Algorithm). Ch k dng DSS l mt dng ch k km thng ip, iu c
ngha l ch k phi c gi km vi thng ip m bn thn ch k khng
cha (hoc khng sinh ra) thng ip, thng thng nhng ch k dng ny
u i hi c mt hm bm trn thng ip (do ni dung thng ip c di
khng xc nh). Hm bm ny c s dng trong qu trnh sinh ch k xy
dng mt dng nn ca d liu (condensed version of data). D liu ny gi l
i din vn bn (message digest). Phn i din vn bn ny l u vo ca gii
thut sinh ch k. Ngi xc nhn ch k cng s dng hm bm ny xy
dng phng php xc nhn ch k. i vi s ch k DSS hm bm l
security Hash Algorithm (SHA) c miu t trong FIPS 186, hm bm ny to
ra mt gi tr s nguyn 160 bt c trng cho mt thng ip, iu ny lm hn
ch mt trong cc gi tr tham s ca DSS phI l 160 bit. Ngoi ra, chun ny
yu cu vic sinh ch k phi s dng mt kha ring cho mi ngi k, ngc
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
45
li xc nhn ch k, ngi xc nhn phi c mt kha cng khai tng ng
vi kha ring ca ngi gi
Hnh 13: Ch k DSA
b. Cc gii thut c bn ca DSA
Thut ton sinh kha
Mi thc th to mt kha cng khai v mt kha mt tng ng theo cch sau:
1. Chn mt s nguyn t q sao cho 2
159
< q < 2
160
2. Chn mt s nguyn t p sao cho 2
511+64t
< p < 2
512+64t
t e[0,8]
3. Chn s o nh sau:
Chn g l mt s nguyn bt k nh hn p, o =g
(p-1)/q
mod p
o khc 1
4. Chn s nguyn a sao cho: 1 1 s s q a
5. Tnh
a
o | = mod p
6. Kha ring ca thc th l a, kha cng khai l b (p,q, o | )
Thut ton sinh ch k
Khi cn sinh ch k cho mt thng ip x thc th phI lm nhng vic
nh sau:
1. Chn mt s nguyn mt k, 0 < k <q-1
2. T nh =(a
k
mod p ) mod q.
3. Tnh k
-1
mod q.
4. Tnh o =k
-1
(h(x)+a ) mod q
5. Ch k ca thc th cho x l cp (o , )
Thut ton xc nhn ch k
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
46
Khi cn xc nhn ch k cho mt thng ip m thc th phi lm nhng
vic nh sau:
1. Dnh ly kho cng khai ca thc th k (p, q, a, )
2. Nu iu kin: 0 < d,? < q khng tho mn th t chi ch k
3. Tnh w = d
-1
mod q v h(x)
4. Tnh e
1
= w.h(x) mod q v e
2
=?w mod q
5. Tnh v = (a
e1
.
e2
mod p) mod q
6. Nu v = ? th chp nhn ch k ngoi ra th t chi.
c. Tm tt lc ch k s DSS
V d:
Ga s q = 101, p = 78q + 1 = 7879
3 l phn t nguyn thu trong Z
7879
nn ta c th ly: a = 3
78
mod 7879 = 170
Ga s a = 75, khi = a
a
mod 7879 = 4576
Mun k bc in x = 1234, ta chn s ngu nhin k = 50
V th c k
-1
mod 101 = 99, khi c:
? = (170
30
mod 7879) mod 101
= 2518 mod 101
= 94
V d = (1234 + 75*94)*99 mod 101 = 96
Ch k (94, 97) trn bc in 1234 c xc minh bng cc tnh ton sau:
d
-1
= 97
-1
mod 101 = 25
e
1
= 1234*25 mod 101 = 45
e
2
= 94*25 mod 101 = 27
C (170
45
.4567
27
mod 7879) mod 101 = 2518 mod 101 = 94
Gi s p l s nguyn t 512 bt sao cho bi ton logarit ri rc trong Z
p
l kh
gii.
Cho p l s nguyn t160 bt l c ca (p-1).
Ga thit a? Z
p
l cn bc q ca mt modulo p
Cho p thuc Z
p
v a = Z
q
Z
p
v nh ngha:
A = {(p, q , a, a, ): trng a
a
(mod p)}
Cc s p, q , a, cng khai, c a mt.
Vi K = (p, q , a, a, ) v vi mt s ngu nhin (mt) k, 1 = k = q -1, ta nh
ngha:
Qa trnh k s sig
k
(x, k) = (?,d) trong :
? = (a
k
mod p) mod q v
d = (x + a ?)k
-1
mod q vi x? Z
p
v?, d ? Z
q
Qa trnh xc minh s hon thnh sau cc tnh ton:
e
1
= xd
-1
mod q
e
2
=?d
-1
mod q
ver(x, g, d) = true (a
e1
e2
mod p) mod q =?
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
47
V th ch k hp l.
d. Tnh cht ca ch k DSA
an ton
an ton ca ch k ph thuc vo b mt ca kho ring. Ngi
s dng phi c bo v trc v kho ring ca mnh. Nu kho ring m
bo an ton tuyt i th ch k cng c mc an ton hu nh tuyt i. Mt
khc, vi kho ring l cng khai, ch k DSA l an ton khi t kho cng khai
khng th tm c kho ring. Tht vy, ta c:
Cho p l mt s nguyn t rt ln, phng trnh ton hc sau l khng
th gii c: y = a
x
mod p (1) vi y, a = g
(p-1)/q
v khc 1. xem xt iu ny
trc ht ta nhn xt phng trnh (1) c nghim x duy nht thuc khong [1,
q]. Tht vy, gi s c hai nghim x
1
v x
2
, t (1) ta c:
y = a
x1
mod p v y = a
x2
mod p
Khng mt tnh tng
qut ta gi s x
1
< x
2
t y ta suy ra:
- a
x1
chia ht cho p (khng tho mn do p nguyn t)
- Tn ti k nh hn p sao cho a
k
1 (mod p). Vi gi tr a c dng
a = g
(p-1)/q
th iu ny khng th xy ra khi g < p.
Trong nhiu trng hp, thng ip c th m v gii m ch mt ln nn
n ph hp cho vic dng vi h mt bt k (an ton ti thi im c
m). Song trn thc t, nhiu khi mt bc in c lm mt ti liu i
chng, chng hn nh bn hp ng hay mt chc th v v th cn xc
minh ch k sau nhiu nm k t khi bc in c k. Bi vy, iu quan
trng l c phng n d phng lin quan n s an ton ca s ch k
khi i mt vi h thng m. V s Elgamal khng an ton hn bi ton
logarithm ri rc nn cn dng modulo p ln hn chng hn 512 bit tr ln.
Tuy nhin di ch k theo s Elgamal l gp i s bit ca p m vi
nhiu ng dng dng th thng minh th cn ch k ngn hn nn gii php
sa i l: mt mt dng p vi di biu din t 512 n 1024 bit, mt
khc trong ch k (?,d), cc s?, d c di biu bin ngn, chng hn l
160 bit Khi di ch k l 320 bit. iu ny thc hin bng cch
dng nhm con Cyclic Z
q
* ca Z
p
* thay cho chnh bn thn Z
p
*, do mi
tnh ton vn c thc hin trong Z
p
* nhng d liu v thnh phn ch k
li thuc Z
q
*.
Tnh hp l:
Tnh hp l ca ch k DSA da trn hai nh l sau:
nh l 1: Cho p, q l hai s nguyn t tho mn iu kin q \ (p - 1).
h l mt s nguyn dng bt k tho mn h < p. Nu:
g h
(p - 1) / q
mod p th g
q
1 mod p
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
48
Tht vy g
q
(h
(p - 1)/q
)q h
p 1
mod p (theo nh l Fecma nht).
nh l 2: Vi g, p, q xc nh nh trn ta lun c:
nu m n mod p th g
m
g
n
mod p.
Tht vy khng mt tnh tng qut ta t m = n + kq
Th g
m
g
n + kq
(g
n
mod p).(g
kq
mod p) g
n
mod p
iu phi chng minh.
Nhc im:
Mt kin cho rng, vic x l la chn ca NIST l khng cng khai.
Tiu chun c cc an ninh quc gia pht trin m khng c s tham gia
ca khi cng nghip M. Cn nhng ch trch v mt k thut th ch yu l v
kch thc modulo p c nh = 512 bt. Nhiu ngi mun kch thc ny c
th thay i c nu cn, c th dng kch c ln hn. p ng nhng iu
kin ny, NIST chn tiu chun cho php c nhiu kch c modulo bt k
chia ht cho 64 trong phm vi t 512 n 1024 bt.
Mt phn nn na v DSA l ch k c to ra nhanh hn vic xc minh
n. Trong khi , nu dng RSA lm s ch k vi s m xc minh cng khai
nh hn (chng hn = 3) th c th xc minh nhanh hn nhiu so vi vic lp
ch k. iu ny dn n hai vn lin quan n nhng nh dng ca s
ch k:
- Bc in ch c k mt ln, xong nhiu khi li phi xc minh ch k
nhiu ln trong nhiu nm. iu ny to gi nhu cu c thut ton xc
minh nhanh hn.
- Nhng kiu my tnh no c th dng k v xc minh? Nhiu ng
dng, chng hn cc th thng minh c kh nng x l hn ch lin lc vi
my tnh nhanh hn. V th c nhu cu nhng thit k mt s c th
thc hin trn th mt s tnh ton. Tuy nhin c mt s tnh hung cn
h thng minh to ch k, trong nhng tnh hung khc li cn th thng
minh xc minh ch k. V th c th a ra gii php xc nh y.
S p ng ca NIST i vi yu cu v s ln to xc minh ch k thc
ra khng c yu cu g ngoi yu cu v tc , min l c hai th thc hin
nhanh.
4. Cc s ch k s kh thi
Trong cc s ch k in t ngi ta thng s dng hai s ch k
l DSA v RSA bi v mt s nguyn nhn sau:
- C hai s u c chnh ph M thng qua trong Chun ch k s
(DSS) . C hai gii thut DSA v RSA u c cng b trong H s
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
49
trong lin bang (FIPS) vo ngy 19/5/94 v c a ra lm chun chnh
thc ca ch k in t vo 1/12/94 mc d n c xut t 8/91.
- Cc s ch k ny u l c s ch k da trn cc phng php m
ho kho kho cng khai vadf u c bo mt rt cao.
- Cc b s liu kim nghim s ng n trong vic ci t cc ch k
ny u c cng khai. Nu trong qu trnh th nghim cc ch k ny
u m bo ng vi b s liu th ch k c coi l an ton.
- C hai s ch k u c th chuyn i t cc ch k km thng ip
thnh ch k khi phc thng ip khng my kh khn vi vic tch hp
thm cc hm c d R (Redundancy Function).
- Trong thc t khi a ra h thng CA server, pha i tc quyt nh la
chn s ch ki DSA l ch k chnh thc cho ton b cc giao dch.
- Thi gian xc nhn ch k ca c hai loi ch k ny u ngn v chp
nhn c trong mi trng mng cng cng.
5. Cc cch tn cng ch k in t
Khi ni n ch k in t chng ta lun t mc tiu an ton ln hng
u, mt ch k in t ch thc s c p dng trong thc t nu nh n
c chng minh l khng h gi mo. Mc tiu ln nht ca nhng k tn
cng cc s ch k l gi mo ch, iu ny c ngha l k tn cng sinh
ra c ch k ca ngi k ln thng ip m ch k ny s c chp nhn
bi ngi xc nhn. Trong thc t cc hnh vi tn cng ch k in t rt a
dng, d dng phn tch mt s ch k l an ton hay khng ngi ta
tin hnh kim nghim an ton ca ch k trc cc s tn cng sau:
Tolal break (tn cng ton b): Mt k gi mo khng nhng tnh c thng
tin v kho ring (private key) m cn c th s dng mt thut ton sinh ch
k tng ng to ra c ch k cho thng ip.
- Selective forgert (gi mo c la chn) : K tn cng c kh nng to ra
c mt tp hp cc ch k cho mt lp cc thng ip nht nh, cc
thng ip ny c k m khng cn phi c kho mt ca ngi k.
- Existential forgert (gi mo vi thng ip bit trc): K tn cng c
khae nng gi mo ch k cho mt thopong ip, k tn cng khng th
hoc c t nht kh nng kim sot thng ip c gi mo ny.
- Ngoi ra, hu ht cc ch k in t u da vo c ch m ho kho cng
khai, cc ch k in t da trn c ch ny c th b tn cng theo cc
phng thc sau:
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
50
- Key only attacks (tn cng vi kho): K tn cng ch bit kho chung
ca ngi k.
- Message attacks (tn cng vo thng ip): ay k tn cng c kh nng
kim tra cc ch k khc hau c ph hp vi thng ip c trc hay
khng. y l kiu tn cng rt thng dng, trong thc t n thng c
chia lm ba lp:
o Known message attack (tn cng vi thng ip bit): K tn
cng c ch k cho mt lp cc thng ip.
o Chosen message attack (tn cng la chn thng ip): K tn
cng dnh c cc ch k ng cho mt danh sch cc sthng ip
trc khi tin hnh hoath ng ph hu ch k, cch tn cng ny l
non adaptive (khng mang tnh ph hp) bi v thng ip c
chn trc khi bt k mth ch k no c gi i.
o Adaptive chosen message attack (tn cng la chn thng ip
ch ng): K tn cng c php s dng ngi k nh l mt bn
ng tin cy, k tn cng c th yu cu ch k cho cc thng ip
m cc thng ip ny ph thuc vo kho cng khai ca ngi k,
nh vy k tn cng c th yu cu ch k ca cc thng ip ph
thuc vo ch k v thng ip dnh c trrc y v qua tnh
c ch k.
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
51
CHNG III
bo mt v an ton thng tin trong tmt
i. vn an ton thng tin
Ngy nay, vi s pht trin mnh m ca cng ngh thng tin vic ng dng
cng ngh mng my tnh tr nn v cng ph cp v cn thit. Cng ngh
mng my tnh mang li li ch to ln.S xut hin mng Internet cho php
mi ngi c th truy cp, chia s v khai thc thng tin mt cch d dng v
hiu qu. S pht trin mnh m ca Internet xt v mt bn cht chnh l vic
p ng li s gia tng khng ngng ca nhu cu giao dch trc tuyn trn h
thng mng ton cu. Cc giao dch trc tuyn trn Internet pht trin t nhng
hnh thc s khai nh trao i thng tin ( email, message, v.v), qung b (
web-publishing) n nhng giao dch phc tp th hin qua cc h thng chnh
ph in t, thng mi in t ngy cng pht trin mnh m trn khp th
gii.
Tuy nhin li ny sinh cc vn an ton thng tin, Internet c nhng k thut
cho php mi ngi truy nhp, khai thc, chia s thng tin. Nhng n cng l
nguy c chnh dn n vic thng tin ca bn b h hng hoc ph hu hon
ton. S d c l do l v vic truyn thng tin qua mng Internet hin nay
ch yu s dng giao thc TCP /IP. TCP/IP cho php cc thng tin c gi t
mt my tnh ny ti mt my tnh khc m i qua mt lot cc my tnh trung
gian hoc mng ring bit trc khi n c th i ti c ch. Chnh v im
ny, giao thc TCP /IP to c hi cho "bn th ba" c th thc hin cc hnh
ng gy mt mt an ton thng tin trong giao dch.
Theo s liu ca CERT (Computer Emegency Response Team - "i cp
cu my tnh"), s lng cc v tn cng trn internet c thng bo cho t
chc ny l t hn 200 vo nm 1989, khong 400 vo nm 1991, 1400 vo nm
1993, v 2241 vo nm 1994. Nhng v tn cng ny nhm vo tt c cc my
tnh c mt trn Internet, cc my tnh ca tt c cc cng ty ln nh AT &T,
IBM, cc trng i hc, cc c quan nh nc, cc t chc qun s nh bng
Mt s v tn cng c quy m khng l (c ti 100.000 my tnh b tn cng).
Hn na, nhng con s ny ch l phn ni ca tng bng. Mt phn rt ln cc
v tn cng khng c thng bo, v nhiu l do, trong c th k n ni lo
b mt uy tn, hoc n gin nhng ngi qun tr h thng khng h hay bit
nhng cuc tn cng nhm vo h thng ca h.
Khng ch s lng cc cuc tn cng tng ln nhanh chng, m cc
phng php tn cng cng lin tc c hon thin. iu mt phn do cc
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
52
nhn vin qun tr h thng c kt ni vi Internet ngy cng cao cnh
gic. Cng theo CERT, nhng cuc tn cng thi k 1988-1989 ch yu on
tn ngi s dng mt khu (UserID-password) hoc s dng mt s li ca
cc chng trnh v h iu hnh (security hole) lm v hiu ha h thng bo
v, tuy nhin cc cuc tn cng vo thi gian gn y bao gm c cc thao tc
nh gi mo a ch IP, theo di thng tin truyn qua mng, chim cc phin lm
vic t xa (telnet hoc rlogin). Mt s vn an ton i vi nhiu mng hin
nay:
- Nghe trm (Eavesdropping): Thng tin khng h b thay i, nhng s b
mt ca n th khng cn. V d, mt ai c th bit c s th tn dng, hay
cc thng tin cn bo mt ca bn.
- Gi mo (Tampering): Cc thng tin trong khi truyn trn mng b thay
i hay b thay i trc khi n ngi nhn. V d, mt ai c th sa i ni
dung ca mt n t hng hoc thay i l lch ca mt c nhn trc khi cc
thng tin i n ch.
- Mo danh (Impersonation): Mt c nhn c th da vo thng tin ca
ngi khc trao i vi mt i tng. C hai hnh thc mo danh sau:
o Bt trc (Spoofing): Mt c nhn c th gi v nh mt ngi
khc. V d, dng a ch mail ca mt ngi khc hoc gi mo mt tn min
ca mt trang Wed.
o Xuyn tc (Misrepresentation): Mt c nhn hay mt t chc c th
gi v nh mt i tng, hay a ra nhng thng tin v mnh m khng ng
nh vy. V d, c mt trang chuyn v thit b ni tht m c s dng th tn
dng, nhng thc t l mt trang chuyn nh cp th tn dng.
- Chi ci ngun gc: Mt c nhn c th chi l khng gi ti liu khi
xy ra tranh chp. V d, khi gi email thng thng, ngi nhn s khng th
khng nh ngi gi l chnh xc.
va m bo tnh bo mt ca thng tin li khng lm gim s pht trin ca
vic trao i thng tin qung b trn ton cu th chng ta cn c cc gii php
ph hp. Hin ti c rt nhiu gii php cho vn an ton thng tin trn mng
nh m ho thng tin, ch k in t (chng ch kho kho cng khai) Sau
y chng ta ln lt tm hiu cc khi nim cn bn v m ho thng tin v i
su vo vic s dng ch k s cho vic xc thc trn mng.
Cc b mt bo m an ton cho giao dch in t
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
53
Th no l mt h thng an ton thng tin? An ton trc cc cuc tn cng l
mt vn m cc h thng giao dch trc tuyn cn gii quyt. Thng tin
truyn trn mng gp rt nhiu ri ro v nguy c b mt thng tin l thng
xuyn. Chng hn vic thanh ton bng th tn dng thng qua dch v wed s
gp mt s ri ro sau:
o Thng tin t trnh duyt wed ca khch hng dng thun vn bn nn
c th b lt vo tay k tn cng.
o Trnh duyt wed ca khch hng khng th xc nh c my ch m
mnh trao i thng tin c phi l tht hay mt wed gi mo.
o Khng ai c th n bo d liu truyn i c b thay i hay khng.
V vy cc h thng cn phi c mt c ch m bo an ton trong qu trnh
giao dch in t. Mt h thng thng tin trao i d liu an ton phi p ng
mt s yu cu sau:
o H thng phi m bo d liu trong qu trmh truyn i l khng b
nh cp.
o H thng phi c kh nng xc thc, trnh trng hp gi danh, gi
mo.
Do vy, cn tp trung vo vic bo v cc ti sn khi chng c chuyn tip
gia my khch v my ch t xa. Vic cung cp knh thng mi an ton ng
ngha vi vic m bo tnh ton vn ca thng bo v tnh sn sng ca knh.
Thm vo , mt k hoch an ton y cn bao gm c tnh xc thc.
Cc k thut m bo cho an ton giao dch in t chnh l s dng cc h
mt m, cc chng ch s v s dng ch k s trong qu trmh thc hin cc
giao dch.
II. chng ch s v c ch m ho
1. Gii thiu v chng ch s
Vic s dng m ha hay k s ch gii quyt uc vn bo mt thng ip
v xc thc. Tuy nhin khng c th m bo rng i tc khng th b gi
mo, trong nhiu trng hp cn thit phi chng minh bng phng tin
in t danh tnh ca ai .
Chng ch s l mt tp tin in t c s dng nhn din mt c nhn, mt
my dch v, mt t chc, n gn nh danh ca i tng vi mt kha
cng khai, ging nh bng li xe, h chiu, chng minh th.
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
54
C mt ni c th chng nhn cc thng tin ca bn l ng, c gi l c
quan xc thc chng ch (Certificate Authority-CA). l mt n v c thm
quyn xc nhn nh danh v cp cc chng ch s.CA c th l mt i tc th
ba ng c lp hoc c cc t chc t vn hnh mt h thng t cp cc chng
ch cho ni b ca h.Cc phng php xc nh nh danh ph thuc vo
cc chnh sch m CA t ra.Chnh sch lp ra phi m bo vic cp chng ch
s phi ng n, ai c cp v mc ch dng vo vic g.Thng thng,
trc khi cp mt chng ch s, CA s cng b cc th tc cn thit phi thc
hin cho cc loi chng ch s.
Trong chng ch s cha mt kha cng khai c gn vi mt tn duy nht ca
mt i tng (nh tn ca mt nhn vin hoc my dch v).Cc chng ch s
gip ngn chn vic s dng kha cng khai cho vic gi mo.Ch c kha cng
khai c chng thc bi chng ch s s lm vic vi kha b mt tng ng,
n c s hu bi i tng c nh danh nm trong chng ch s.
Ngoi kha cng khai, chng ch s cn cha thng tin v i tng nh tn m
n nhn din.hn dng, tn ca CA cp chng ch s, m siu quan trng
nht l chng ch s phi c ch k s ca CA cp chng ch s .N cho
php chng ch s nh c ng du ngi s dng c th kim tra.
2. Xc thc nh danh
Vic giao tip trn mng in hnh l gia mt my khch (Client nh trnh
duyt trn my c nhn) v mt my dch v (Server nh my ch
Website).Vic chng thc c th c thc hin c hai pha.My dch v c
th tin tng vo my khch v ngc li.
Vic xc thc y khng ch c ngha mt chiu i vi ngi gi, tc l
ngi gi mun ngi nhn tin tng vo mnh.Khi mt ngi gi thng
ip c km theo ch k s ca mnh (cng vi chng ch s), th khng th
chi ci: khng phi l thng ip ca anh ta.
C hai hnh thc xc thc my khch:
- Xc thc da trn tn truy nhp v mt khu (Username v Password).Tt c
cc my dch v cho php ngi dng nhp mt khu, c th truy nhp vo
h thng.My dch v s qun l danh sch cc Username v Password ny.
- Xc thc da trn chng ch s. l mt phn ca giao thc bo mt
SSL.My khch k s vo d liu, sau gi c ch k s v c chng ch s
qua mng.My dch v s dng k thut m ha kha cng khai kim tra ch
k v xc nh tnh hp l ca chng ch s.
Xc thc da trn mt khu.
Khi xc thc ngi dng theo phng php nyK, ngi dng quyt nh tin
tng vo my dch v (c th khng c bo mt theo giao thc SSLc).My dch
v phi xc thc ngi s dng trc khi cho php h truy nhp ti nguyn ca
h thng.
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
55
Hnh 14: S dng mt khu xc thc my khch kt ni ti my dch v.
Cc bc trong hnh trn nh sau:
Bc 1: p li yu cu xc thc t my dch v, my khch s hin hp
thoi yu cu nhp mt khu.Ngi phi dng nhp mt khu cho mi my dch
v khc nhau trong cng mt phin lm vic.
Bc 2: My khch gi mt khu qua mng, khng cn mt hnh thc m ha
no.
Bc 3: My dch v tm kim mt khu trong c s d liu.
Bc 4: My dch v xc nh xem mt khu c quyn truy cp vo nhng
ti nguyn no ca h thng.
Khi s dng loi xc thc ny, ngi dng phi nhp mt khu cho mi
my dch v khc nhau, n lu li du vt ca cc mt khu ny cho mi ngi
dng.
Xc thc da trn chng ch s.
Chng ch s c th thay th 3 bc u chng thc bng mt khu vi c ch
cho php ngi dung ch phi nhp mt khu mt ln v khng phi truyn qua
mng, ngi qun tr c th iu khin quyn truy nhp mt cch tp trung.
My khch
1.Ng- i dng nhp tn v mt
khu cho xc thc.
3.My dch v dng mt khu
xc nhn nh danh ng- i dng
1.Ng- i dng nhp tn v
mt khu cho xc thc.
My khch
4.My dch v dng mt khu
xc nhn nh danh ng- i
dng
5..My dch v
xc nhn quyn
truy nhp vo
nhng ti nguyn
no chong- i
dng.
My dch v
3.My khch gi chng ch v
ch k qua mng.
My dch v
2.My khch gi tn v mt
khu qua mng.
4.My dch v xc nhn
quyn truy nhp vo
nhng ti nguyn no
cho ng- i dng.
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
56
Hnh 15: Chng ch s chng thc cho may khch kt ni ti my dch v.
Giao dch hnh trn c dng giao thc bo mt SSL.My khch phi c chng
ch s cho my dch v nhn din.S dng chng ch s chng thc c li
th hn khi dng mt khu.Bi v n da trn nhng g m ngi s dng c:
Kha b mt v mt khu bo v kha b mt.
iu cn ch l ch c ch my khch mi c php truy nhp vo my
khch, phi nhp mt khu vo c s d liu ca chng trnh c s dng
kha b mt (mt khu ny c th phi nhp li trong khong thi gian nh k
cho trc).
C hai c ch xc thc trn u pha truy nhp mc vt l ti cc my c
nhn.M ha kha cng khai ch c th kim tra vic s dng kha b mt tng
ng vi kha cng khjai trong chng ch s.N khng m nhn trch nhim
bo v mc vt l v mt khu s dng kha b mt.Trch nhim ny thuc v
ngi dng.
Cc bc trong hnh trn nh sau:
Bc 1: Phn mm my khch(v d nh Communicator) qun l c s d liu
v cc cp kha b mt v kha cng khai.My khch s yu cu nhp mt khu
truy nhp vo c s d liu ny ch mt ln hoc theo nh k.
Khi my khch truy nhp vo my dch v c s dng SSL, xc thc my
khch da trn chng ch s, ngi dng ch phi nhp mt khu mt ln, h
khng phi nhp li khi cn truy cp ln th hai.
Bc 2: My khch dng kha b mt tng ng vi kha cng khai ghi trong
chng ch, v k ln d liu c to ra ngu nhin cho mc ch chng thc t
c pha my khch v my dch v.D liu ny v ch k s thit lp mt bng
chng xc nh tnh hp l ca kha b mt.Ch k s c th oc kim tra
bng kha cng khai tng ng vi kha b mt dng k, n l duy nht
trong mi phin lm vic ca giao thc SSL.
Bc 3: My khch gi c chng ch v bng chng (mt phn d liu c to
ngu nhin v c k) qua mng.
Bc 4: My dch v s dng chng ch s v bng chng xc thc ngi
dng.
Bc 5: My dch v c th thc hin ty chn cc nhim v xc thc khc, nh
viec xem chng ch ca my khch c trong c s d liu lu tr v qun l
cc chng ch s.My dch v tip tc xc nh xem ngi s dng c quyn g
i vi ti nguyn ca h thng.
3. Chng ch kha cng khai
Gii thiu chng ch kha cng khai
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
57
Khi mt ngi mun dng k thut m ha kha cng khai m ha mt thng
ip v gi cho ngi nhn, ngi gi cn mt bn sao kha cng khai ca
ngi nhn.Khi mt thnh vin bt k mun kim tra ch k s, anh ta cn c
mt bn sao kha cng khai ca thnh vin k.Chng ta gi c hai thnh vin
m ha thng ip v thnh vin kim tra ch k s l nhng ngi s dng
kha cng khai.
Khi kha cng khai c gi n cho ng s dng, th khng cn thit
phi gi b mt kha cng khai ny.Tuy nhin, ngi dng kha cng khai phi
m bo rng kha cng khai c dng, ng l dnh cho thnh vin khc (c
th l ngi nhn thng ip c ch nh hoc b sinh ch k s c yu
cu).Nu k ph hoi dng kha cng khai khc thay th kha cng khai hp l,
ni dung cc thng ip m ha c th b l.Nh vy nhng thnh vin khng
ch nh khc s bit oc cc thng ip hay cc ch k s c th b lm
gi.Ni cch khc, cch bo v (c to ra t cc k thut ny) s b nh hng
nu k truy nhp thay th cc kha cng khai khng xc thc.
i vi cc nhm thnh vin nh yu cu ny c th c tha mn d dng.V
d trng hai ngi quen bit nhau, khi ngi ny mun truyn thng an ton
vi ngi kia, h c th c bn sao kha cng khai ca nhau bng cch trao
i cc a nh c ghi cc kha cng khai ca tng ngi.Nh vy m bo
rng cc kha cng khai c lu gi an ton trn mi h thng cc b ca tng
ngi.y chnh l hnh thc phn phi kha cng khai th cng.
Tuy nhin hnh thc phn phi kha cng khai kiu ny b coi l khng thc t
hoc khng tha ng trong phn ln cc lnh vc ng dng kha cng khai, c
bit khi s lng s dng tr nn qu ln hoc phn tn.Cc chng ch kha
cng khai gip cho vic phn phi kha cng khai tr nn c h thng.
H thng cp chng ch kha cng khai lm vic nh sau:
Mt CA pht hnh cc chng ch cho nhng ngi nm gi cc cp kha cng
khai v kha ring.Mt chng ch gm kha cng khai v thng tin nhn
dng duy nht ch th (Subject) ca chng ch.Ch th ca chng ch c th l
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
58
mt ngi, thit b, hoc mt thc th khc c nm gi kha ring tng
ng.Khi ch th ca chng ch l mt ngi hoc mt thc th hp php no ,
ch th thng c nhc n nh l mt thc th (Subscriber) ca CA.Chng
ch c CA k bng kha ring ca h.
Hnh 16: Chng ch kha cng khai da trn CA
Mt khi h thng cc chng ch c thit lp, cng vic ca ngi dng cng
khai rt ngin.Ngi dng cn kha cng khai ca mt trong cc thu bao ca
CA, h ch cn ly bn sao chng ch ca CA, ly ra kha cng khai, kim tra
ch k ca CA c trn chng ch hay khng.Ngi dng kha cng khai s dng
cc chng ch nh trn c coi l thnh vin tin cy.Kiu h thng ny tng
i n gin v kinh t khi thit lp trn din rng v theo hnh thc t ng bi
v mt trong cc c tnh quan trng ca chng ch l:
Cc chng ch c th c pht hnh m khng cn phi bo v thng qua cc
dch v an ton truyn thng m bo s tin cn xc thc v ton vn.
Chng ta khng cn gi b mt kha cng khai, nh vy cc chng ch
khng phi l b mt.Hn na, y khng i hi cc yu cu v tnh xc thc
v ton vn do cc chng ch t bo v (ch k s ca CA c trong chng ch
cung cp bo v xc thc v ton vn).Mt k truy nhp tri php nh lm gi
chng ch khi n ny ang c pht hnh cho nhng ngi s dng kha cng
khai, nhng ngi dng ny s pht hin ra vic lm gi v ch k s ca CA
Kha ring ca CA
Sinh ch k s
Thng tin i t- ng
Kha cng khai
ca i t- ng
Tn CA
Ch k CA
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
59
c kim tra chnh xc.Chnh v th cc chng ch kha cng khai c pht
hnh theo cch khng an ton, v d nh: thng qua cc my ch, h thng th
mc, cc giao thc truyn thng khng an ton.
Li ch c bn ca h thng cp chng ch l: mt ngi s dng kha
cng khai c th c c s lng ln kha cng khai ca cc thnh vin khc
mt cch tin cy, nh khacng khai ca CA.Lu rng chng ch s ch hu
ch khi ngi dng kha cng khai tin cy CA pht hnh cc chng ch hp l.
4. M hnh CA
Nu vic thit lp mt CA (c th pht hnh cc chng ch kho cng khai cho
tt c nhng ngi nm gi cp kha cng khai v kha ring trn th gii) l
kh thi v khi tt c nhng ngi s dng kha cng khai tin cy vo cc chng
ch c CA ny pht hnh th ta gii quyt vn phn phi kha cng khai.
Rt tic l iu ny khng th thc hin c.n gin v n khng thc t i
vi mt CA.Mt CA khng th c y thng tin v cc mi quan h vi cc
thu bao c th pht hnh cc chng ch c tt c nhng ngi dng kha
cng khai chp nhn.V vy, chng ta cn chp nhn s tn ti ca nhiu CA
trn th gii.
Gi thit khi c nhiu CA, mt ngi dng nm gi kho cng khai ca mt CA
xc nh (CA ny pht hnh chng ch cho thnh vin m ngi s dng kha
cng khai mun truyn thng an ton) mt cch b mt l khng thc t. Tuy
nhin, c c kha cng khai ca CA, ngi dng c th tm v s dng
mt chng ch khc, n cha kha cng khai ca CA ny nhng do CA khc
pht hnh kha cng khai ca CA ny c ngi s dng nm d an ton.
5. Mt s giao thc bo mt ng dng trong TMT
Cc vn bo mt ng dng Web
Word Wide Web c c s ng dng l client/sever chy trn Internet v
cc mng Intranet vi giao thc ICP/IP. Nhng thch thc mi i vi bo mt
Web tr thnh cn thit hn bao gi ht nht l trong cch mng bi cnh cc
mng my tnh v cc dch v s dng Web ngy cng pht trin.
Internet nh con dao hai li. Khng ging nhng mi trng truyn
thng nh nhng h thng in tn, m thoi, fax, cc Web sever lun c nguy
c phi hng chu cc cuc tn cng trn ton b mng Internet.
C nhiu gii php cho vn bo mt ng dng Web cng nh cc Web
sever lin quan u rt d s dng, cu hnh hoc qun l. Ni dung ca cc web
side ny cng ngy cng phong ph, phn nh tnh a dng ca thng tin, v tt
nhin khng loi tr nhng webside khng trc c bi chng n di nhng
lp v c che chn mt cch kho lo. Lch s ngn ngi ca Web c phn
nh bi nhng h thng c nng cp v pht trin mi m vn c nhng
nguy c b tn cng vo cc l hng bo mt.
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
60
C nhiu gii php cho vn bo mt c ua ra, cc nh nghin
cu ch yu tp trung vo vic nghin cu v xem xt nhm ci tin cc dch v
cung cp v cc k thut c s dng, nhng vi mt cch tip c mi
trong gii hn ca giao thc ICP/IP. Hnh 3.1a cho ta thy s khc bit ny,
chnh l vic cung cp c ch bo mt cho IP. Tin b ny ca IPSec th hin
ch n to mt knh thng sut, knh sch,gia ngi s dng cui vi ng
dng nh l mt gii php thng nht.Hn na,IPSec cn cha mt b lc c
bit la chn tuyn giao vn trnh hin tng trn b nh trong qu trnh x
l ca IPSec.
(b) Transport Level (a)Network Level (c) Application
Level
Hnh 17: V tr ca cc phng tin bo mt trong cu trc ca giao thc
TCP/IP
Mt gii php na l ci tin c ch bo mt trn giao thc TCP, mt
trong nhng tng dn dt n s ra i ca giao thc Secure Sockets layer
(SSL) v Transprot layer Security (TLS). tng ny, c hai s la chn l SSL
hoc l TLS, SSL c cung cp nh l mt giao thc h tr nn c hon ton
c th bo mt bt k giao thc ng dng no c xp trn lp TCP mt cch
trong sut.Ngoi ra, SSL cn c th c gn vo cc ng dng nh mt gi c
bit, v d nh cc trnh duyt IE v Netscape u c trang b SSL, cc Web
server cng u c b sung giao thc ny.
Mt c trng khc ca cc dch v bo mt l vic chng c gn bn
trong cc dch v bo mt , hnh 3.1c l mt v d cho kin trc dng ny. S
thay i mi ny th hin ch cc dch v c th thch ng vi cc thnh phn
cn thit nht nh ca ng dng. Trong bi cnh chung ca vn bo mt ng
dng web, SET(Secure Electrolic Transaction) l mt v d tiu biu cho cch
tip cn ny.
5.2 SSL v TLS
Nh cp trn, hai giao thc bo mt quan trng lp vn chuyn
(Layer Transport) c tm quan trng rt ln i vi s bo mt ca cc trnh ng
dng trn web l SSL v TLS .
Cho n nay, c 3 phin bn ca SSL:
- SSL 1.0: c s dng ni b ch bi Netcape Communications 1.0. N
cha mt s khuyt im nghim trng v khng bao gi c tung ra
bn ngoi.
HTT
P
FTP SMTP
00
TCP
IP/IPSPec
SMTP HTTP
TCP
IP
TCP
Kerbero
s
S/MINE PGP SET
IP
HTT
P
SMT
P
FPT
SSL or TLS
UDP
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
61
SSL
Ghandshaks
protocol
SSl change
Cipher Spec
protocol
SSL,
Aliert
protocol
HTTR
SSl Record Layer
TCP
LDAP
cac
- SSL 2.0: c kt nhp vo Netscape Communications 1.0 n 2.x. N
c mt s im yu lin quan n s hin thn c th ca cuc tn cng
ca i tng trung gian.Trong mt n lc nhm dng s khng chc
chn ca cng chng v bo mt ca SSL. Microsoft cng gi thiu
giao thc PCT (Private Communication Technology) cnh trang trong ln
tung ra Internet Explorer u tin ca n vo nm 1996.
- SSL 3.0: Netscape Communications phn ng li s thch thc PCT
ca Microsoft bng cch gii thiu SSL 3.0. Vn gii quyt cc vn
trong SSL 2.0 v thm mt s tnh nng mi. Vo thi im ny
Microsoft nhng b v ng h tr trong tt c cc phin bn phn
mm da vo TCP/IP ca n.
5.2.1 Kin trc ca SSL
Cu trc ca SSL v giao thc ca SSL tng ng c minh ha trong
hnh 1.1. Theo hnh ny, SSL m ch mt lp ( bo mt) trung gian gia lp vn
chuyn (Transport Layer) v lp ng dng (Applycation Layer). SSL c xp
lp ln trn mt dch v vn chuyn nh hng ni kt v ng tin cy, chng
hn nh c cung cp bi TCT. V kh nng n c th cung cp cc dch v
bo mt cho cc giao thc ng dng ty da vo TCP ch khng phi ch
HTTP. Thc t, mt u im chnh ca cc giao thc bo mt lp vn chuyn
(Transport Layer) ni chung v giao thc SSL ni ring l chng c lp vi
ng dng theo ngha l chng c th c s dng bo v bt k giao thc
ng dng c xp lp ln trn TCP mt cch trong sut. Hnh 2.2 minh ha
mt s giao thc ng dng im hnh bao gm NSIIOP, HTTP, FTP, Telnet,
IMAP, IRC, POP3. Tt c chng c th c bo v bng cch xp ln chng
trn SSL (mu t S c thm vo trong cc k ghp giao thc tng ng ch
nh vic s dng SSL). Tuy nhin ch rng SSL c mt nh hng Client-
sever mnh m v tht s khng p ng cc yu cu ca cc giao thc ng
dng ngang hng.
HTTP SMTP
Application
Layer
Transport
Layer
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
62
IP
.............................................................
..............
Internet
Layer
...
Network
Layer
Hnh 18: Kin trc ca SSL
Tm li, giao thc SSL cung cp s bo mt truyn thng vn c 3 c tnh
c bn
1. Cc bn giao tip (ngha l Client v server) c th xc thc nhau bng
cch s dng mt m kha chung.
2. S b mt ca lu lng d liu c bo v v ni kt c m ha trong
sut sau khi mt s thit lp quan h ban u v s thng lng kha
session xy ra.
3. Tnh xc thc v tnh ton vn ca lu lng d liu cng c bo v v
cc thng bo c xc thc v c kim tra tnh ton ton vn mt cch
trong sut bng cch s dng MAC.
Tuy nhin iu quan trng cn lu l SSL khng ngn cc cuc tn
cng phn tch lu lng.v d: bng cch xem xt cc a ch IP ngun v ch
khng c m ho v cc s cng TCP, hoc xem xt lng d liu c
truyn, mt ngi vn phn tch lu lng vn c th xc nh cc bn no dang
tng tc, cc loi dch v no ang c s dng, v i khi ngay c khi dnh
c thng tin v cc mi quan h doanh nghip hoc c nhn. Hn na SSL
khng ngn cc cuc tn cng c nh hng da vo phn thc thi TCP chng
hn nh cc cuc tn cng lm trn ngp TCP SYN hoc cng ot sesion.
s dng s bo v ca SSL c client ln server phi bit rng pha bn kia ang
s dng SSL. Ni chung c ba kh nng gii quyt vn ny :
1. S dng cc s cng chuyn dng c dnh ring bi internet asigned
numbers Authority (IANA) .Trong trng hp ny mt s cng ring bit phi
c gn cho mi iao thc n dng vn s dng SSL.
2. S dng s cng chun cho mi giao thc ng dng v thng lng
cc tu chn bo mt nh l mt phn ca giao thc ng dng .
3. s dng mt tu chn TCP thng lng vic s dng mt giao thc
bo mt, chng hn nh SSL trong sut giai on thit lp ni kt TCP thng
thng.
S thng lng dnh ring cho ng dng ca cc ty chn bo mt
(ngha l kh nng th hai) co khuyt im l i hi mi giao thc ng dng
c chnh sa hiu tin trnh thng lng. Ngoi ra, vic xc nh mt tu
chn TCP (ngha l kh nng th 3) l mt gii php tt, nhng n khng c
Network Access
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
63
tho lun nghim tc cho n by gi. Thc t, cc s cng ring bit c
dnh ring v c gn bi IANA cho mi giao thc ng dng vn c th chy
trn SSL hoc TLS (ngha l kh nng th nht). Tuy nhin, hy ch vic s
dng cc s cng ring bit cng c khuyt im l i hi hai ni kt TCP nu
client khng bit nhng g m server h tr. Trc tin, client phi ni kt vi
cng an ton v sau vi cng khng an ton v ngc li. Rt c th cc giao
thc sau ny s hu b phng php ny v tm kh nng th hai. V d, SALS
(Simple Authentication v Security Layer) xc nh mt ph hp thm s h
tr xc thc vo cc giao thc ng dng da vo kt ni. Theo thng s k thut
SALS, vic s dng cc c ch xc thc c th thng lng gia client v
server ca mt giao thc ng dng cho.
S cng -c gn bi IANA cho cc giao thc ng dng vn vn chy
trn SSL/TLS c tm tt trong bng 2.1. Ngy nay, S ch nh vic s
dng SSL c thm (hu t) nht qun vo cc t ghp ca cc giao thc ng
dng tng ng (trong mt s thut ng ban u, S c s dng v c thm
tin t mt cch khng nht qun v mt s t ghp).
Bng 2.1 : Cc s cng c gn cho cc giao thc ng dng chy trn
TLS/SSL
T kho Cng M t
Nsiiop 261 Dch v tn IIOP trn TLS/SSL
Https 443 HTTP trn TLS/SSL
Smtps 465 SMTP trn TLS/SSL
Nntps 563 SMTP trn TLS/SSL
Ldaps 636 LDAP trn TLS/SSL
Ftps-data 989 FTP (d liu) trn TLS/SSL
Ftps 990 FTP (iu khin) trn TLS/SSL
Tenets 992 TELNET trn TLS/SSL
Imaps 994 INC trn TLS/SSL
Pop3s 995 POP3 trn TLS/SSL
Ni chung, mt session SSL c trng thi v giao thc SSL phi khi
to v duy tr thng tin trng thi mt trong hai pha ca sesion. Cc phn t
thng tin trng thi sesion tng ng bao gm mt session ID, mt chng nhn
ngang hng, mt phng php nn, mt thng s mt m, mt kho mt chnh
v mt c vn ch nh vic sesion c th tip tc li hay khng, c tm tt
trong bng 2.2. Mt session SSL c th c s dng trong mt s kt ni v
ccthnh phn thng tin trng thi ni kt tng ng c tm tt trong bng
2.3 .chng bao gm cc tham s mt m, chng hn nh cc chui byte ngu
nhin server v client cc kho mt MAC ghi server v client, cc kho ghi
server v client, mt vector khi to v mt s chui. trong hai trng hp,
iu quan trng cn lu l cc pha giao tip cn s dng nhiu session SSL
ng thi v cc session c nhiu ni kt ng thi
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
64
Bng 2.2 : Cc thnh phn thng tin trng thi Session SSL
Thnh phn M t
Session ID nh dng c chn bi server nhn dng mt
trng thi session hot ng hoc c th tip tc
li.
Peer certificate Chng nhn X.509 phin bn 3 ca thc th ngang
hng.
Compression
method
Thut ton dng nn d liu trc khi m ha.
Ciphr spec Thng s ca cc thut ton m ho d liu v
MAC.
Mater sercet Kho mt 48 - byte c chia s gia client v
server.
Is resumable C vn biu th session c th c s dng bt
u cc ni kt mi hay khng.
Bng 2.3: Cc thnh phn thng tin trng thi ni kt SSL.
Thnh phn M t
Ngu nhin
server v client
Cc chui byte c chn bi server v client cho
mi ni kt.
Kho mt Kho mt c s dng cho cc hot ng MAC
trn d liu.
MAC ghi
server
c ghi bi server.
Kho mt
MAC ghi client
Kho mt c s dng cho cc hot ng MAC
trn d liu c ghi bi client.
Kho ghi
server
Kho c s dng cho vic m ho d liu bi
server v gii m bi client.
Kho ghi client Kho c s dng cho vic m ho d liu bi
client v gii m bi server.
Initialization
vector
Trng thi khi to cho mt mt m khitong ch
CBC.Trng ny c khi to u tin bi SSL
Handshake player. Sau khi on vn bn mt
m sau cng t mi bn ghi c dnh ring s
dng vi bn ghi sau .
S chui Mi pha duy tr cc s chui ring bit cho cc
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
65
thng bo c chuyn v c nhn cho mi ni
kt.
Giao thc con SSL quan trng nht l SSL Handshake protocol. Ln
lt giao thc ny l mt giao thc xc thc v trao i kho vn c th c
s dng thng lng. Khi to v ng b ho cc tham s bo mt v
thng tin trng thi tng ng c t trong mt hai im cui ca mt
session hoc ni kt SSL.
Sau khi SSL Handshake protocol hon tt d liu ng dng c th
c gi v c nhn bng cch s dng SSL Record protocol v cc tham s
bo mt c thng lng v cc thnh phn thng tin trng thi.
5.2.2 SSL Record protocol :
Hnh 19: Cc bc SSL Record protocol
SSL Record Protocol nhn d liu t cc dao thc con SSL lp cao hn v s l
vic phn on, nn, xc thc v m ho d liu. Chnh xc, giao thc ny ly
mt khi d liu c kch c tu lm d liu nhp v to mt lot cc on d
liu nhp v tao mt lot cc on d liu SSL lm d liu xut (hoc cn c
gi l cc bn ghi) nh hn hoc bng 16,83 byte.
Cc bc khc nhau ca SSL Record Protocol vn i t mt on
d liu th n mt bn ghi SSL Plaintext (bc phn on), SSL Compressed
(bc nn) v SSL ciphertext (bc m ho) c minh ho trong hnh 2.3. Sau
cng, mi bn SSL cha cc bn thng tin sau y:
Application layer
Change
Cipher
Spec
SSL
Alert
Protocol
SSL
Handshake
Protocol
SSL Record protocol
TCP protocol
IP protocol
SSL 3.0
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
66
Loi ni dung: xc nh giao thc lp cao hn vn ophi c s dng
sau x l ln d liu bn ghi SSL (sau khi gii nens v gii m ho
thch hp).
S phin bn ca giao thc: xc nh phin bn SSL ang s dng
(thng l version 3.0)
di;
ln d liu (c nn v c m ho tu ): ln d liu bn ghi
SSL c nn v c m ho theo phng thc nn hin hnh v thng
s mt m c xc nh cho session SSL.
MAC.
Lc u mi session SSL,phng php nn v thng s mt m thng
c xc nh l rng. C hai c xc lp trong xut qu trnh thc thi ban u
SSL Handshake Protocol.Sau cng MAC c thm vo cc bn ghi SSL. N
cung cp cc dich v xc thc ngun gc thng ban\ c\v tnh ton vn d liu.
Tng t nh thut ton m ho, thut ton vn c s dng tnh v xc
nhn MAC c xc nh trong thng s mt m ca trng thi session hin
hnh. Theo mc nh,SSL Record Protocol s dng mt cu trc MAC vn
tng t nhng vn khc vi cu trc HMAC hn. C ba im khc bit chnh
gia cu trc SSL MAC v cu trc HMAC:
1. Cu trc SSL MAC c mt s chui trong thng bo trc khi hash
ngn cc hnh thc tn cng xem li ring bit.
2. Cu trc SSL MAC c chiu di bn ghi.
3. Cu trc SSL MAC s dng cc ton t ghp, trong khi cu trc MAC s
dng module 2.
Tt c cc im khc bit ny hin hu ch yu v cu trc SSL MAC
oc s dng trc cu trc HMAC cng c s dng cho thng s ki thut
giao thc bo mt Internet. Cu trc HMAC cng c s dng cho thng s k
thut giao thc TSL gn y hn.
Nh c minh ho trong hnh 2.3 mt s giao thc con SSL c xp
lp trn SSL Record Protocol. Mi giao thc con c th tham chiu c th thng
bo n cc loi thng bo c th vn c gi bng cch s dng SSL Record
Protocol. Thng s k thut SSL 3.0 xc nh ba giao thc SSL sau y:
Alert Protocol;
Handshake Protocol;
ChangeCipherpec Protocol;
Tm li, SSL Alert Protocol c s dng chuyn cc cnh bo thng
qua SSL Record Protocol. Mi cnh bo gm 2 phn, mt bc nh bo v mt
m t cnh bo.
SSL Handshake Protocol l giao thc con SSl chnh c s dng
h tr xc thc client v server v trao i mt kho session. Do SSL
Handshake Protocol trnh by tng quan v c tho lun trong phn tip theo.
Sau cng, SSL ChangeCipherpec Protocol c s dng thay i
gia mt thng s mt m ny v mt thng s mt m khc. Mc d thng s
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
67
mt m thng c thay i cui mt s thit lp quan h SSL, nhng n
cng c th c thay i vo bt k thi im sau .
Ngoi nhng giao thc con SSL ny, mt SSL Application Data
Protocol c s dng chuyn trc tip d lu ng dng n SSL Record
Protocol.
5.2.3 SSL Handshake Protocol
SSL Handshake Protocol l giao thc con SSL chnh c xp lp trn
SSL Record Protocol. Kt qu, cc thng bo thit lp quan h SSL c cung
cp cho lp bn ghi SSL ni chng c bao bc trong mt hoc nhiu bn ghi
SSL vn c x l v c chuyn nh c xc nh bi phng php nn v
thng s mt m ca session SSL hin hnh v cc kho mt m ca ni kt SSL
tng ng. Mc ch ca SSL Handshake Protocol l yu cu mt slient v
server thit lp v duy tr thng tin trng thi vn c s dng bo v cc
cuc lin lc. C th hn, giao thc phi yu c slient v server chp thun mt
phin bn giao thc SSL chung, chn phng thc nn v thng phc nn v
thng s mt m, tu xc thc nhau v to mt kho mt chnh m t cc
kho ssession khc nhau dnh cho vic xc thc v m ho thng bo c th
c dn xut t .
Tm li, vic thc thi SSL Handshake Protocol gia mt slient C v mt
server S c th c tm tt nh sau (cc thng bo c t trong cc du
ngoc vung th tu ):
Client Server
Client Hello
Server Hello
Server Certificate
Server Hello Done
Client Key Exchange
Change Cipher specification
Hnh 20:
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
68
Handshake Finished
Change Cipher specifications
Khi Client C mun kt ni vi server S, n thit lp mt ni kt TCP vi
cng HTTPS (vn khng c a vo phn m t giao thc) v gi mt thng
bo CLIENTHELLO n server bc 1 ca s thc thi SSL Handshake
Protocol. Client cngx c th gi mt thng bo CLIENT HELLO nhm phn hi
li mt thng bo HELLOREQUEST hoc ch ng thng lng li cc tham
s bo mt ca mt ni kt hin c. Thng bo CLIENTHELLO bao gm cc
trng sau y:
S ca phin bn SSL cao nht c biu hin bi client (thng l
3.0t).
Mt cu trc ngu nhin do client to ra gm mt tem thi gian 32 bit
c dng UNIX chun v mt gi tr 28 byte c to ra bi mt b to s gi
ngu nhin.
Mt nh danh session m client mun s dng cho ni kt ny.
Mt danh sch cc b mt m client h tr.
Mt danh sch cc phng php nn m client h tr.
Ch rng trng session identity (nh danh session) nn rng nu
session SSL hin khng tn ti hoc nu client mun o clientclient ham s bao
mt mi. mt trong hai trng hp, mt trng session identity khng rng l
xclient nh mt session SSL hi c gia client v server (ngha l mt session
c cc tham s bo mt m client mun s dng li). nh danh session c th
bt ngun t mt ni kt trc , ni kt ny hoc mt ni kt ang hot ng.
Cng ch rng danh sch cc b mt m c h tr, c chuyn t client
n server trong thng bo CLIENTHELLO, cha cc t hp thut ton mt m
c h tr bi client theo th t u tin. Mi b mt m xc nh mt thut
ton trao i v mt thut ton trao i kho v mt thng bo mt m. Server
s chn mt b mt m hoc nu cc la chn c th chp nhn c khng
c trnh by, tr v mt thng bo li v ng ni kt mt cch ph hp. Sau
khi gi thng bo CLIENTHELLO. Client i mt thng bo SERVER
HELLO. Bt k thng bo khc c tr v bi server ngoi tr mt thng bo
HELLOREQUEST c xem nh l mt li vo thi im ny.
bc 2, server s l thng bo CLIENTHELLO v p ng bng mt
thng bo li hoc thng bo SERVER HELLO. Tng t nh thng bo
CLIENTHELLO, thng bo SERVER HELLO c cc trng sau y:
Mt s phin bn server cha phin bn thp hn ca phin bn c
ngh bi client trong thng bo CLIENTHELLO v c h tr cao nht bi
Server.
Mt cu trc ngu nhin do server to ra cng gm mt tem thi gian
32 bit c dng UNIX chun v mt gi tr 28 bit c to ra bi mt b to s
ngu nhin.
Mt inh danh session tng ng vi kt ni ny.
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
69
Mt b mt m c chn bi server t danh sch cc b mt m c
h tr bi client.
Mt phng php nn c chn bi server t danh sch cc tht ton
nn c h tr bi client.
Nu nh danh session trong thng bo CLIENTHELLO khng rngN,
server tm trong cache session ca n nhm tm ra mt mc tng hp. Nu mc
tng hp c tm thy v server mun thit lp ni kt bng cch s dng
trng thi session tng ng, server p ng bng cng mt gi tr nh c
cung cp bi client . Ch nh ny l mt session c tip tc li v xc nh
rng c hai pha phi tin hnh trc tip vi cc thng bo
CHANGECIPHESPEC v FINISHED c trnh by thm bn di. Nu
khng, trng ny cha mt gi tr khc nhn bit mt session mi. Server cng
c th tr v mt trng nhjdanh session rng biu th rng session s khng
c lu tr v do khng th c tip tc sau . Cng ch rng thng
bo SERVERHELLO, server c chn mt b mt m v mt phng php
nn t cc danh sch c cung cp bi client trong thng bo CLIENTHELLO
. Cc thut tn trao i kho, xc thc, m ho v xc thc thng bo c xc
nh bi b m c chn bi server v c lm l ra trong thng bo
SERVERHELLO. Cc b mt m vn oc xc nh trong giao thc SSL v
c bn ging nh b mt m xc nh cho TLS
Ngoi thng bo SERVERHELLO, server cng phi gi cc thng bo
khc n client. V d, nu server c s dng s xc thc da vo chng
nhn, server gi chng nhn site c n n client trong mt thng bo
CERTIFICATE tng ng. Chng nhn phi thch hp cho thut ton trao I
kho cua b mt m c chn v thng l mt chng nhn X 509v3. cng
loi thng bo server c s dng sau cho s p ng ca client i vi
thng bo CERTIDICATERequest ca server . Trong trng hp cc chng
nhn X 509v3, mt chng nhn c th thc s tham chiu n ton b mi chui
cc chng nhn, c sp xp theo th t vi chng nhn ca i tng gi trc
tin theo sau l bt k chng nhn CA tin hnh theo tnhf t hng n mt CA
gc (vn c ch nhn bi clientv).
Tip theo, server c th gi thng bo SERVERKEYEXCHANGE n client n
n khng c chng nhn, vn c c s dng ch xc nh cc ch k k
thut s hoc s dng thut ton trao i kho da vo token FORITEZZA
(KEA). R rng thng bo ny khng c yu cu nu chng nhn site gm
mt kho chung RSA vn c th c s dng trong vic m ho.Ngoi ra mt
server khng nc danh c th tu yu cu mt chng nhn c nhn xc nhn
client. Do , n gi mt thng bo CERTIFFICATATERequest n client.
Thng bo ny cha mt danh sch cc loi chng nhn uc yu cu,
c phn loi theo th t u tin ca server cng nh mt danh sch cc tn
yc phn bit cho cc CA c th chp nhn. cui bc 2, server gi mt
thng bo SERVERHELLODone n client ch nh s kt thc
SERVERRHLLO v cc thng bo km.
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
70
Sau khi nhn SERVERHELLO v cc thng tin i km, client xc nhn
rng chng nhn site server (nu c cung cp) l hp l v kim tra nhm bo
m cc thng s bo mt c cung cp trong thng bo SERVERHELLO c
th c chp nhn. Nu server yu cu s xc thc client, client gi mt thng
bo CERTIFICATE vn cha mt chn nhn c nhn cho kho chung ca ngi
dng n server bc 3.
Tip theo, client gi mt thng bo CLIENTKEYEXCHANGE c dng ph
thuc vo thut ton cho mi kho chn bi server.
Nu RSA c s dng cho vic xc thc server v trao i kho, client
to mt kho mt tinchnh 48 byte, m ho n bng m chung c tm thy
trong chng nhn site hoc kho RSA tm thi t thng bo
SERVERKEYEXCHSNGE v gi kt qu troqr v trong thng bo
CLIENTKEYEXCHANGE. ln lt server s dng kho n gi m kho
mt chnh.
Nu cc token FORTEZZA c s dng trao i kho, client dn
xut mt kho m ho token (TEK) bng cch s dng KEA. Cch tm KEA ca
client s dng kho chung t chng nhn server cng vi mt s tham s ring
trong token ca client. Client gi cc tham s chung cn thit cho server cng
to TEK, s dng cc tham s ring ca n. N to mt kho mt chnh, bao bc
n bng cch s dng TEK v gi kt qu cng vi mt s vector khi to n
server nh l mt phn ca thng bo CLIENTKEYEXCHANGE. Ln lt
server c th gii m kho mt chnh mt cch thch hp. Thut ton trao i
kho ny khng c s dng rng ri.
Nu s s xc thc client c yu cu, client cng gi mt thng bo
CERTIFICATEVERIFY n server. Thng bo ny c s dng cung cp
s xc thc r rng nh danh cua ngi da vo chng nhn cc nhn. N ch
c gi theo sau mt chng ch client vn c kh nng to ch k (tt c cc
chng nhn ngoi tr cc chng nhn cha cc tham s Diffehallman c nh).
Sau cng, client hon tt bc 3 bng cch gu 1 thng bo
CHAGECIPHERSPEC v mt thng bo FINIHED tng ng ti server. Thng
bo FINIHED lun c gu ngay lp tc sau thng bo
CHANGERCIPERSPEC xc nhn rng cc tin trnh trao i kho v xc
thc thnh cng. Thc t thng bo FINISHED l thong bo u tin vn
c bo v bng cc thut ton mi uc thng lng v cc kho session.
N ch c th c to v c xc nhn nu nhng kho ny c ci t mt
cch ph hp c hai pha. Khng i hi s bo nhn thng bo FINISHED;
cc pha c th bt u gi d liu c m ho ngay lp tc sau khi gi
thng bo FINISHED. Vic thc thi SSL Handshake Protocol hn tt bng vic
cng yu cu server gI mt thng bo SERVERKEYEXCHANGE v mt
thng vo FINISHED tng ng n client bc 4.
Sau khi thit lp SSL hon tt, mt ni kt an ton c thit lp gia cc
client v server . ni kt ny by gi c th c s dng gi d liu ng
dng vn c bao bc bi SSL Record Protocol. Chnh xc hn, d liu ng
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
71
dng c th c phn on, c nn, hoc c m ho v c xc thc theo
SSL Record Protocol cng nh thng tin trng thI session v ni kt vn by
gi c thit lp (tu thuc vic thc thi SSL Handshake Protocolt)
SSL Handshake Protocol c th c rt ngn nu client v server quyt
nh tip tc li mt session SSL c thit lp trc (v vn c l trv)
hoc lp li mt session SSL hin c. Trong trng hp ny, ch ba dng thng
bo v tng cng su thng bo c yu cu, Cc dng thng bo tng ng c
th tm tt nh sau:
1: C -> S: CLIENTHELLO
2: S-> C: SERVERHELLO
CHANECIPHERSPEC
FINISHES
3: S-> CHANECIPHERSPEC INISHES
bc mt, client gi mt thng bo CLIENTHELLO n server vn c
mc nh danh session cn c tip tc li. Ln lt cc server kim tra cache
session ca n tm mt mc tng hp. Nu mt mc tng hp c tm
thy, server mun tip tc li ni kt bn di trng thI session xc nh, n
tr v mt thng bo SERVERHELLO vi cng mt nh danh session bc
2. Vo thi im ny, c client ln server phogi cc thng bo
CHANECIPHERSPEC v FINISHES n nhau bc 2 v 3. Mt khi vic ti
thit lp session hon tt, client v server c th bt u d liu ng dng.
5.3. Bo mt giao dch in t ( Secure Electronic Transaction SET)
SET l mt phng php bo mt c xy dng nhm bo m an ton
cc giao dch trn internet bng th tn dng. Phin bn hin ti, SET v1, c
chn lm tiu chun bo mt cho cc th tn dng nh Matercard v Visa vo
thng 1 nm 1996. Rt nhiu cng ty tp chung pht trin v xy dng tong
c IBM, Microsoft, Netscape, RSA, Tesia v Versign. T nm 1998 cc sn
phm u tin s dng SET c trin khai.
Bn thn SET khng phi l mt h thng thanh ton, m thc cht n l
tp hp cc giao thc bo mt v nh dng cho php ngi dng s dng cc
thit b lm vic vi th tn dng trn h thng mng nh internet theo nguyn
tc bo mt. V c bn, SET cung cp ba dch v:
- Cung cp mt knh truyn thng an ton tuyt i vi tt c cc thnh
vin trong qu trnh giao dch.
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
72
- S dng tiu chun chng thc s X.509v3 m bo an ton.
- Gi gn s ring t bi cc thng tin ch cung cp cho cc thnh vin
trong giao dch din ra vo thi im hay a im cn thit.
5.3.1.Tng quan v SET
Cc yu cu: Trc tin ta xem xt cc yu cu trong thng mi m
SET cn c cng nh cc thnh phn khc tham gia trong cc giao dch s dng
SET, cc yu cu thng mi m bo an ton cho cc chi tr vi th tn dng
trn Internet cng nh cc mng khc bao gm:
- Cung cp s tin cy cho cc thng tin chi tr v thanh ton: iu ny
cn thit m bo ngi dng th gi gn an ton cc thng tin ca mnh
cng nh cc thng tin n c vi ngi nhn c mong i. S tin cy ny
cng s gim bt cc ri ro I vi cc gian ln trong giao dch vi i tc cng
nh cc thnh vin th ba khng mong mun. SET s dng m ho cc cung
cp tin cy ny.
- m bo tnh ton ton vn i vi mi d liu c truyn : Ngha l
m bo khng c ni dung no b thay i trong sut qu trnh giao dch s
dng SET. Ch k s c s dng cung cp cc ton vn ny.
- Cung cp chng thc i vi ngi s dng th l ngi s dng ti
khon th tn dng hp php: Mt c ch lin kt ngi dng th ti s ti
khon xc nh nhm gim thiu cc gian ln i vi mt qu trnh mua bn chi
tr. Ch k s v c ch chng nhn c s dng xc nhn ngi dng th
l ngi s hu ti khon hp l.
- Cung cp cc chng thc cho php cc nh knh doanh c th chp nhn
cc giao dch s dng th tn dng thng qua mi quan h vi mt t chc ti
chnh: y l s b sung cho cc yu cu c trc. Ngi s dng th cn nhn
bit c u l cc nh kinh doanh c t cch m bo an ton cho cc giao
dch. Mt ln na, ch k s v cc c ch chng nhn c s dng.
- m bo vic s dng mt cch tt nht cc k thut xy dng h
thng v an ton thc t bo v tt c cc thnh vin hp php trong ton
b qu trnh giao dch: SET l mt s kim nghim tt da trn cc thut ton v
cc giao thc m ho an ton cao.
- Xy dng mt giao thc m khng ph thuc vo cc c ch bo mt
giao dch cng nh cc c ch ngn chn khc dng: SET c th thc thi an
ton trn stack ca TCP /IP th. Tuy nhin, SET khng gy tr ngi khi s
dng cc c ch bo mt khc chng hn nh IPSec v SSL /TLS.
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
73
- To iu kin v khuyn khch kh nng gia phn mm v cc nh
cung cp dch v mnh: Cc giao thc v nh dng SET c lp vi h tng
thit b phn cng, h iu hnh v phn mm Wed.
Cc c trng c bn ca SET: Sau khi cp ti yu cu cn c ta thy
SET bao gm cc c trng c bn sau:
- Thng tin cy: Thng tin ti khon v cc thng tin cho vic
chi tr c bo v khi n c truyn I trong mng. Mt iu th v v quan
trng nht c trng ny ca SET l n ngn khng cho nh kinh doanh bt
c s th tn dng ca ngi s dng, m iu ny ch c cung cp cho cc
ngn hng pht hnh. Quy c m ho ny c DES dng cung cp cc tin
cy.
- Ton vn d liu: Thng tin chi tr t ngi s dng th ti cc nh
kinh doanh bao gm cc thng tin thanh ton, d liu c nhn v cc liu cho
vic chi tr. SET m bo vic cc ni dung ca thng ip khng b bin i
trong khi gi i. Ch k s RSA, s dng m bm SHA -1, s m bo tnh
ton vn cc thng ip ny. Cc thng ip ny cng c th c m bo bi
HMAC s dng SHA -1.
- Chng thc cc nh kinh doanh: SET cho php ngi s dng th
xc nhn mt nh kinh doanh c quan h vi mt tt choc ti chnh c kh nng
chp nhn cc th chi tr. Trong trng hp ny SET c s dng chng nhn s
X.509v3 v ch k s RAS.
Ch rng SET khng ging nh IPSec v SSL /TLS, n ch cung cp mt chn
la ng vi mi thut ton m ho. y l mt s khn ngoan bi SET l mt
ng dng n c lp vi m tp hp cc yu cu ring, m c IPSec v
SSL /TLS ng vai tr h tr mt phm vi no ca cc ng dng.
5.3.2.Cc thnh phn tham gia s dng SET.
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
74
- Ngi dng th (cardholder): trong mi trng in t, khch hng hay
mt nhm khch hng c nh hng ti cc nh kinh doanh t nhng
chic my tnh c nhn thng qua internet. Mt ngi s dng th l
ngi c quyn nm gi th thanh ton c cung cp bi nhng nh pht
hnh.
- Nh kinh doanh(Merchant): Mt nh kinh doanh c th l mt c nhn
hay mt t chc c cc dch v bn hng cho ngi dng th. Cc dch v
ny c tin hnh thng qua cc website hoc th in t. Mt nh kinh
doanh chp nhn c cc th thanh ton th buc phi c quan h vi
mt nh trung gian(Acquirer).
- Nh pht hnh(issuer): y l mt t chc ti chnh, chng hn nh ngn
hng, cung cp ti khon ngi dng cng vi th thanh ton. Cc ti
khon c s dng thng qua cc imail c nhn. V c bn, cc nh pht
hnh chu trch nhim chi tr cc khon tin cha tr ca ngi dng th.
- Nh trung gian Ngn hng ca doanh nghip (Acquirer): y l t chc
ti chnh thc hin vic thit lp mt ti khon i vi nh kinh doanh v
chng thc cc qu trnh chi tr bng th. Cc nh kinh doanh thng
chp nhn nhiu hn mt loi th nhng li khng mun quan tm n
nhiu t chc cng nh nhiu c nhn cung cp th no. Trng khi nh
trung gian s cung cp vic chng thc nh kinh doanh bng cch a ra
cho h mt th ti khon tin li v gii hn quyn i vi cc loi th
ny. Nh trung gian cng cung cp cc lun chuyn in t cho vic chi
tr i vi cc ti khon ca cc nh kinh doanh. Sau cng, nh kinh
doanh s c hon li s tin m cc nh pht hnh c c t qu lun
chuyn in t trn mng chi tr.
- Cng chi tr (payment gateway): y l mt chc nng thc hin bi Nh
trung gian hoc c xy dng mt thnh vin th ba nhm x l cc
thng tin chi tr ca nh kinh doanh. Nh trung gian trao i cc thng
ip SET vi cng chi tr thng qua internet, trong khi cng chi tr
hng vo hay kt ni mng ti h thng s l ti chnh ca nh trung
gian.
- Quyn chng nhn (Certification Authority- CA): y l mt thc th
c tin cy cung cp cc chc nhn kho cng khai X.509V3 cho
ngi s dng th, cc nh kinh doanh v cc cng chi tr. Thnh cng
ca SET s ph thuc vo s tn ti ca mt h tng CA c gi tr.
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
75
Di y l m t lc bao gm cho cc s kin c din ra trong mt giao
dch thng mi in t:
1. Khch hng m mt ti khon: khch hng c c th tn dng nh
MasteerCard hay Visa vi mt ngn hng c kh nng h tr chi tr in
t v STE.
2. Khch hng nhn mt chng nhn: Sau khi nhn dng hon tt, khch
hng nhn c mt chng nhn s X.509V3, c k bi ngn
hng.chng nhn ny xc minh cng khai RSA ca khch hng v hn s
dng ca n. N s thit lp mt quan h, c bo m bi ngn hang,
chic cp kho ca khch hng v th tn dng ca anh ta.
3. Nh kinh doanh c ring cc chng nhn ca h: Mt nh kinh doanh
mun chp nhn nhiu loi th th buc phi s hu hai chng nhn i
vi hai kho cng khai ring ca h: Mt cho k nhn thng ip v mt
cho trao i kho. Nh kinh doanh cng cn c mt b sao chng nhn
kho cng khai ca cng chi tr.
4. Khch hng t mt thanh ton: y l mt qu trnh bao gm vic la
chn mt hng trn webside ca nh kinh doanh v xc nh gi c.
Khch hng gi ti nh kinh doanh mt danh sch cc mt hng mun
mua, h nhn c mt mu thanh ton bao gm danh sch mt hng, gi
c, tng tin v s ho n.
5. Nh kinh doanh c xc nhn: Thm vo mi thanh ton, nh kinh
doanh gi mt bn sao chng nhn n, v vy khch hng c th tin tng
rng anh ta c quan h vi mt nh kinh doanh hp php.
6. Vic thanh ton v chi tr c gi i: Khch hng gi ti nh kinh
doanh cc thng tin thanh ton v chi tr cng vi chng nhn khch
hng: Thng tin thanh ton bao gm cc mt hng t trong mu ho
n; thng tin chi tr cha ni dung chi tit ca th tn dng. N c
m ho do vy nh kinh doanh khng th bit c; chng nhn khch
hng cho php nh kinh doanh xc nhn khch hng.
7. Nh kinh doanh yu cu chng thc cc chi tr: nh kinh doanh chuyn
cc thng tin ti cng chi tr, yu cu xc thc thng tin th tn dng ca
khch hng c ph hp vi vic mua cc sn phm t hay khng.
8. Nh kinh doanh xc nhn thanh ton: nh kinh doanh gi xc nhn
thanh ton ti khch hng.
9. Nh kinh doanh cung cp cc mt hng dch v: nh kinh doanh chuyn
hng hoc cung cp dch v ti khch hng.
10. Nh kinh doanh yu cu chi tr: yu cu ny c gi ti cng chi tr
(Qu l tt c qu trnh chi tr).
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
76
CHNG IV
ci t bo mt v an ton thng tin trn website
mua bn cc linh kin my tnh trn mng internet
I. Cc chc nng c bn v hot ng ca h thng website
Nh trnh by trong chng 1, chng 2 v chng 3 ca lun vn khi
nghin cu v cc h mt m kho i xng v kho cng khai cn bn cng
nh vic nghin cu cc giao thc v c ch bo mt thng mi in t s
dng SSL/TLS, SET, tc gi quyt nh la chn h mt m c bn nht l
DES v gii thut ch k s DSA cho phn ci t ng dng ca mnh.
Trong lun vn ny, em khng i su vo vic trnh by v qu trnh phn
tch h thng cho vic xy dng website bn hng trc tuyn m ch trnh by
ngha ca cc phn h thng c xy dng bao gm cc chc nng thng
thng cng nh cc chc nng bo mt c ci t. Cc m t qu trnh
chng thc, bo mt lp c s d liu cng nh qu trnh tng tc gia cc i
tng trong qu trnh chng thc khch hng c m t trong s sau:
1. T chc d liu
- Website bao gm c cc trang:
- Trang ch
- Trang thng tin nhm hng: v d My tnh sch tay, thit b vn phng
- Trang thng tin chi tit sn phm: hin th cc thng tin chi tit v mt sn
phm, qua khch hng thc hin cc thao tc khc nh: chn mua hng
- Trang thng tin n hng: sau khi khch hng la chn mt hoc nhiu
sn phm cn mua, gm cc thng tin nh: m sn phm, tn sn phm,
s lng cn mua s lp thnh mt n hng. Trn trang n hng ny,
khch hng thc hin cc chc nng khc nh :
o Tip tc mua hng: tip tc chn thm cc sn phm khc mun
mua
t hng
Chng thc
khch hng
Khch hng
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
77
o Chp nhn mua hng: gi thng tin v n hng ln h thng, xc
nhn nhu cu mua hng
o Hy n hng: xa b tt c cc sn phm la chn, t chn
li cc sn phm mi
o Cp nht n hng: la chn li s lng mi sn phm trong n
hng, t h thng tnh li gi tin cho tng cng cc sn phm
chn
2. Qun tr thng tin
- Ngi qun tr h thng cp nht cc thng tin v sn phm ln website,
t khc hng c th la chn xem, mua
- Mi sn phm gm cc thng tin quan trng l: M sn phm, gi bn.
Cc thng tin khc ch c ngha cung cp hiu bit cho khch hng
3. M ha RSA v p dng trong h thng
ng k thnh vin
- Mi ngi truy cp vo h thng, mun thc hin vic mua hng, ng k
mua hng u phi ng k tr thnh thnh vin ca website. Qu trnh
ny chnh l vic cp cho khch hng mt tn ng nhp, mt khu
ng nhp v cp kha cng khai kha b mt theo thut ton RSA.
Vi y cc thng tin ny, khch hng c th thc hin c giao dch
mua hng trn website
- Chi tit cc bc ng k thnh vin gm cc bc nh sau:
o ng k thnh vin: cung cp cc thng tin nh: tn ng nhp, a
ch hm th, mt khu
o H thng kim tra tnh duy nht ca Tn ng nhp & a ch th.
Nu c s dng trong h thng, khch hng phi la chn mt
tn khc
o Nu qu trnh cung cp thng tin hon tt v khng gp li no, h
thng thc hin to cp kha b mt cng khai theo thut ton
RSA, sau gi kha b mt di dng file nh km v a ch th
m khch hng cung cp. Kha cng khai c lu tr trong
CSDL
o Cp kha b mt cng khai ny bo m tnh duy nht, khng
trng lp gia tt c cc thnh vin ca h thng
o Khch hng sau khi kim tra a ch th, nhn c y cc
thng tin cn phi thc hin thao tc xc nhn trc khi thc hin
c bt k giao dch no. Thao tc ny l cn thit, trnh
trng hp mo danh, s dng email ca ngi khc mt cch
khng hp l.
o Sau khi thao tc ny hon thnh, khch hng c quyn thc hin
cc giao dch ca mnh, theo nhng chc nng m h thng cung
cp.
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
78
4. Thc hin mua hng
- Khch hng thc hin vic mua hng, cng hon ton ging cc bc
chn hng trong siu th, nhng khc l trn mt h thng in t, siu th
trc tuyn
Thao tc 1: Xem hng v chn hng. Khch hng lt web, xem h thng
cung cp nhng mt hng no, chng loi no, nu tm c hng ph hp
th thc hin thao tc chn mua hng. Sau thao tc ny, mt hng c chn
s nm trong mt n hng, v khch hng c th thay i li n hng
theo cc thao tc nh: khng chn sn phm no , thay i s lng cn
mua ca mi sn phm, hy ton b n hng
Thao tc 2: Chp nhn mua hng. Sau khi chn xong cc sn phm, khch
hng thc hin thao tc Chp nhn mua hng. Chc nng ny thc hin cp
nhp d liu v hng ha ca khch hng vo h thng cc n hng ch
c x l. Nu khch hng cha thc hin ng nhp, h thng khng xc
nh c nh danh ngi dng ang truy cp l ai, t website s chuyn
hng n trang ng nhp. Trong trang ny, khch hng cn cung cp cc
thng tin gm: Tn ng nhp v Mt khu, nu cc thng tin ny ng hoc
ng nhp thnh cng trc , h thng s t ng chuyn n trang x
l t mua hng v thng bo cho khch hng. Sau thao tc ny, khch hng
nhn c email thng bo tnh trng n hng, v ng dn duy nht
thc hin kch hot n hng.
Thao tc 3: Kch hot n hng. Khi n hng cha c kch hot, d liu
v cc sn phm, hng ha t mua c m ha theo thut ton RSA, s
dng kha chung m ha cc thng tin n hng, bo m thng tin c
bo mt v khng b tit l nu khng c kha b mt hp l gii m.
Khch hng thc hin kch hot theo ng dn cung cp trong email, tip
h thng s yu cu cung cp kha b mt bng cch khch hng browse
chn file cha kha b mt, file ny c h thng cung cp khi thc
hin ng k. H thng s s dng kha b mt ny (ch lu trong b nh
RAM my tnh) gii m cc thng tin m ha trn, tm ra s sn
phm mua, s lng tng ng vi mi sn phm, t , tnh gi tr
n hng v chuyn d liu cho module x l khu tr tin trong ti khon.
Nu mt ngi no nhn c ng dn ny v cng thc hin kch hot
n hng, nhng khng c kha b mt hp l, th s khng th thc hin
c vic gii m v mua hng.
5, Cc thc thc hin m ha v gii m
5.1 M ha n hng
- Cc sn phm trong mt n hng c c trng bi: M sn phm, s
lng cn mua. Cc thng tin khc nh: gi bn, tn hng u c lu
tr trong CSDL ca website, khng cn thit phi a vo xu k t cn
m ha.
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
79
- T plain text cn m ha gm: PT = {M-hng-ha}/{S-lng-cn-
mua}[^]. T , khi khch hng chn mua 5 sn phm th xu k t cn
thc hin m ha s l: PT = sp01/3^sp12/9^sp32/1^sp45/8^sp983/2, din
gii ra s l: mua Sn phm c m l sp01 s lng 3 chic (ci), sn
phm c m sp12 s lng 9, sn phm c m l sp32 s lng 1, sn
phm c m sp45 s lng 8, sn phm c m 983 s lng 2. Hm thc
hin m ha s m ha PT thnh ET (encoded text), s dng kha cng
khai ca ngi t mua hng. Xu ET ny s khng th c ngha nu
khng c gii m, vic gii m i hi phi c kha ring ca khch
hng
5.2 Gii m n hng
- Xu k t m ha ET c hm gii m thc hin decode (gii m) sau
khi khch hng cung cp mt kha ring hp l. Nu qu trnh gii m
thnh cng, h thng s nhn c xu PT nh trc khi thc hin m
ha, t chng t ngi kch hot n hng l hp l, v tin hnh
thanh ton, tr tin trong ti khon bnh thng
V d khi thc hin m ha/gii m
Kha b mt v cng khai
Thnh vin ca h thng l anhtuan, sau khi ng k s c h thng cung
cp cc kha cng khai, kha b mt nh sau:
PrivateKey:
YTozOntpOjA7czozMjoiEwUyThq8gAfqCKXW2F/gjMYjOPo6J34rmP6b8
vY+TMoiO2k6MTtzOjMyOiIBv4wLNs8ExGUG+mvRNP2p+2cjRKAH0Dt
mFTE0lebYQyI7aToyO3M6NzoicHJpdmF0ZSI7fQ==
PublicKey:
YTozOntpOjA7czozMjoiEwUyThq8gAfqCKXW2F/gjMYjOPo6J34rmP6b8
vY+TMoiO2k6MTtzOjM6IgEAASI7aToyO3M6NjoicHVibGljIjt9
Nhn vo hai kha ny, chc chn mi chng ta u khng bit ngha ca
n, nhng n c sinh ra khi ta s dng m ha theo thut ton RSA
II. ci t cc chc nng bo mt v an ton thng tin trn web
site mua bn linh kin my tnh
1. Th tc ng k thnh vin
Th tc ny c xy dng cng vi chc nng ng k thnh vin, sau khi
khch hng iu y cc thng tin c nhn cn thit nh email, mt khu, tn
y , a chv form ny c trnh, khi Server s tin hnh vic cp
nht cc thng tin ny vo c s d liu, trc khi cp nht, mt khu khch
hng s c m ho bng phng php m ho DES (hoc c th l Triple
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
80
DES, AES hay bt k h mt m kho i xng no khc m bo rng mt
khu ca khch hng c gi kn).
Nu khch hng ng k thnh cng th h thng website s gi cho khch hng
mt thng bo vo a ch email m khch hng ng k km theo mt kho
ring private key di dng mt file vn bn tex khch hng phi lu gi kho
ring ny nh ch k s ca ring mnh thng bo nh sau:
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
81
2. Khch hng la chn mua hng trn website
Sau khi ng k l thnh vin ca website khch hng mi c quyn chn
hng v mua hng trn trang gii thiu cc mt hng ca website.
Khch hng lt web, xem h thng cung cp nhng mt hng no, chng loi
no, nu tm c hng ph hp th thc hin thao tc chn mua hng. Sau thao
tc ny, mt hng c chn s nm trong mt n hng, v khch hng c
th thay i li n hng theo cc thao tc nh: khng chn sn phm no ,
thay i s lng cn mua ca mi sn phm, hy ton b n hng
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
82
Sau khi chn xong cc sn phm, khch hng thc hin thao tc Chp nhn
mua hng. Chc nng ny thc hin cp nhp d liu v hng ha ca khch
hng vo h thng cc n hng ch c x l. H thng website s gi cho
khch hng mt thng bo v ho n cc mt hng m khch hng va chn
km theo cc thng tin v gi c v a ch nhn hng nh sau:
Khch hng thc hin kch hot theo ng dn cung cp trong email, tip
h thng s yu cu cung cp kha b mt bng cch khch hng browse chn
file cha kha b mt, file private key ny c h thng cung cp khi thc
hin ng k. H thng website s xc thc khch hng bng kho private key
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
83
v gi li cho khch hng mt thng bo c cha y ho n mua hng ca
khch hng v tng s tin m khch hng phi tr t ti khon ca mnh.
Kt thc qu trnh giao dch mua bn my tnh thng qua dch v INTERNET
v ti khon ca c nhn ti cc ngn hng
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
84
kt lun
Vi s pht trin mang tnh ton cu ca mng Internet v TMT, con
ngi c th giao tip d dng trong mt cng ng rng ln. Tuy nhin i vi
cc giao dch mang tnh nhy cm, cn phi c c ch m bo an ton trong
phin giao dch . Cn thit hn c l mi bn cn xc nh chnh xc ngi
mnh ang giao tip c ng l i tc mong i hay khng. Trong lun vn
ny, em cp n hai k thut chnh trong an ton thng tin l m ho v
k s cng vi nhng vn lin quan n bo mt ng dng Web. Hai k thut
ny cng c p dng phn no trong vic xc thc i tc trong mi phin
giao dch.
V k thut m ho, c hai phng php: M ho i xng v m ho kho
kho cng khai. M ho m bo an ton v thng tin giao tip nhng khng m
bo liu thng tin c b gi mo hoc c b mo danh hay khng. Vn ch yu
nm vic qun l kho m ho v gii m c hai phng php m ho.
i vi phng php k s, da vo ch k cng cp kho ring v cng
khai, chng ta c th xc nh chnh xc i tc trong giao dch. Em cng tm
hiu hai loi ch k: Ch k km thng ip v ch k sinh thng ip cng hai
s k c chp nhn v s dng rng ri: RSA, DSS.
C mt vn t ra i vi ch k s, liu chng ta c m bo chnh xc
ch k hoc kho kho cng khai l thuc i tc hay khng. C rt nhiu cch
tn cng vo ch k s, trong ph bin l phng php mo danh ch k.
Gii php khc phc a ra l s dng chng ch s cho kho kho cng khai
nhm m xc thc tnh ng n ca i tc trong giao dch. Tuy nhin, do
iu kin v mt thi gian cn hn ch, em khng th nghin cu k lng v
chng ch s cho kho cng khai m tp trung vo vic tm hiu mt s cc giao
thc bo mt ng dng web, c th l ci t mt s quy trnh giao dch s dng
ti cc phng php m ho thng tin cng nh k s. Em cng c gng ht
sc pht trin ng dng theo m hnh thng mi in t s dng SET,
nhng do thc t Vit Nam hin nay khng tn ti mt cch y cc thnh
phn tham gia SET, v vy ng dng s gp kh khn khi trin khai trong thc
tin.
Trong thi gian ti, em s tip tc pht trin ti vi phng hng c
th nh sau:
Tip tc tm hiu hn v thc nghim vi mt s phng php m ho
kho i xng nh Triple DES, RC4, IDEA; cc phng php m ho kho
cng khai nh Elgamal, Rabin, Knapsack, Eliptic Curve.
Ci tin v nng cao hiu qu ca cc module ci t trn webssite cng
nh cc k thut ci t khc.