BẢO MẬT VÀ AN TOÀN THÔNG TIN TRONG THƯƠNG MẠI ĐIỆN TỬ

I HC THI NGUYN
KHOA CNG NGH THNG TIN

-----------------------------------

V ANH TUN

BO MT V AN TON THNG TIN TRONG
THNG MI IN T

LUN VN THC S KHOA HC
CNG NGH THNG TIN

Chuyn ngnh : Khoa hc my tnh
M s : 60 . 48 . 01

Ngi hng dn khoa hc:
PGS.TS NGUYN GIA HIU

THI NGUYN 2008
S ha bi Trung tm Hc liu i hc Thi Nguyn http://www.lrc-tnu.edu.vn
2
Mc lc

Ni dung Trang

Li ni u................................................................................................

2
I. Ni dung nghin cu ca ti .........................................................
3
1. Mc tiu v nhim v nghin cu ca ti.....................................
3
2. ngha khoa hc ca ti.................................................................
3
3. Phng php nghin cu....................................................................
3
4. Phm vi nghin cu.............................................................................
3
5. Cc kt qu nghin cu d kin cn t c..................................
4
II. B cc ca lun vn............................................................................
5
Chng I : CC KHI NIM V TMT V CC C TRNG CA
TMT
6
1. Khi nim v TMT...........................................................................
6
2. Li ch ca thng mi in
t...........................................................
6
3. Cc c trng c bn ca TMT.......................................................
8
4. Cc loi th trng in t..................................................................
9
5. Cc h thng thanh ton trong TMT..............................................
10
6. Cng ngh thanh ton in t............................................................
11
7. Quy trnh thanh ton in t.............................................................
12
Ch- ng II : h mt m, m kho i xng, m kho cng
khai, ch k s
14
I. tng quan v cc h mt m..................................................................
14
1. Mt m hc c in..............................................................................
14
2. Mt m hc hin i............................................................................
15
3. Thut ng............................................................................................
16
4. Tiu chun mt m.............................................................................
17
ii. cc phng php m ho
19
1. M ho i xng (m ho kho b mt)............................................
19
2. M ha khng i xng (M ha kha cng khai)...........................
29
iii. CH K S
36
1. Ch k s..............................................................................................
36
2. Phn loi cc s ch k s..............................................................
37
3. Mt s s ch k c bn.................................................................
3.1. S ch k RSA.............................................................................
3.2. S ch k DSA (Digital Signature Standard).............................
40
40
42
4. Cc s ch k s kh thi.................................................................
46

PHAN BAO CO
3
Ni dung Trang

5. Cc cch tn cng ch k in t........................................................

47
Ch-ng III : bo mt v an ton thng tin trong tmt
49
i. vn an ton thng tin..........................................................................
49
II. chng ch s v c ch m ho..................................................... 51
1. Gii thiu v chng ch s...................................................................
51
2. Xc thc nh danh.............................................................................
52
3. Chng ch kha cng khai...................................................................
54
4. M hnh CA..........................................................................................
57
5. Mt s giao thc bo mt ng dng trong TMT...........................
57
CHNG IV: ci t bo mt v an ton thng tin trn
website mua bn cc linh kin my tnh trn mng internet
74

I. Cc chc nng c bn v hot ng ca h thng website
74
1. T chc d liu....................................................................................
74
2. Qun tr thng tin...............................................................................
75
3. M ha RSA v p dng trong h thng...........................................
75
4. Thc hin mua hng...........................................................................
75
5.Cch thc thc hin m ha v gii m..............................................
76
II. ci t cc chc nng bo mt v an ton thng tin trn
web site mua bn linh kin my tnh
77
1. Th tc ng k thnh vin ................................................................
77
2. Khch hng la chn v mua hng trn website.............................
79
kt lun................................................................................................. 82
Ti liu tham kho............................................................................. 83

4
li ni u
Vi s pht trin mang tnh ton cu ca mng Internet v TMT, con
ngi c th mua bn hng ho v dch v thng qua mng my tnh ton cu
mt cch d dng trong mi lnh vc thng mi rng ln . Tuy nhin i
vi cc giao dch mang tnh nhy cm ny cn phi c nhng c ch m bo
bo mt v an ton v vy vn bo mt v an ton thng tin trong thng
mi in t l mt vn ht sc quan trng. ti s cp n cc k
thut chnh ca lnh vc Bo mt v an ton thng tin trong thng mi in
t.
Hin nay vn Bo mt v an ton thng tin trong TMT v ang
c p dng ph bin v rng ri Vit Nam v trn phm vi ton cu. V
th vn Bo mt v an ton ang c nhiu ngi tp trung nghin cu
v tm mi gii php m bo Bo mt v an ton cho cc h thng thng
tin trn mng. Tuy nhin cng cn phi hiu rng khng c mt h thng
thng tin no c bo mt 100% bt k mt h thng thng tin no cng c
nhng l hng v bo mt v an ton m cha c pht hin ra
Vn bo mt v an ton thng tin trong TMT phi m bo bn yu
cu sau y:
- m bo tin cy : Cc ni dung thng tin khng b theo di hoc sao
chp bi nhng thc th khng c u thc.
- m bo ton vn : Cc ni dung thng tin khng b thay i bi nhng
thc th khng c u thc
- S chng minh xc thc : Khng ai c th t tr hnh nh l bn hp
php trong qu trnh trao i thng tin
- Khng th thoi thc trch nhim : Ngi gi tin khng th thoi thc v
nhng s vic v nhng ni dung thng tin thc t gi i
Xut pht t nhng kh nng ng dng trong thc t v nhng ng dng
c t cc kt qu ca nghin cu trc y v lnh vc Bo mt v an ton
trong TMT. ti s i su nghin cu cc k thut v cc phng php
Bo mt v an ton thng tin trong thng mi in t

5
I. Ni dung nghin cu ca ti
1. Mc tiu v nhim v nghin cu ca ti
- ti nghin cu cc k thut v phng php thc hin nhim v
Bo mt v an ton trong thng mi in t, qu trnh thc hin v cc
kin thc khoa hc v thut ton lin quan nh: Xc thc, Bo mt, Bo
ton d liu, Mt m, Ch k s...
- p dng cc kt qu nghin cu trin khai h thng Bo mt v an
ton trong TMT
2. ngha khoa hc ca ti
p dng cc kt qu nghin cu xy dng cc k thut Bo mt v
an ton trong thng mi in t vi mt s tnh nng c bn nh: H
thng chng thc, Cc c ch phn b kho t ng, M ho cc thng
tin cn thit, k thut ngn nga cc rui ro trong TMT.
Vn Bo mt v an ton trn mng l mt trong nhng vn nng hi
trong hot ng thc tin ca TMT, gii quyt tt vn bo mt v an
ton trong TMT s mang li ngha ht sc to ln nh: Lm cho khch
hng tin tng khi thc hin cc giao dch trn mng, v cc nh cung cp
dch v giao dch trc tuyn cng nh cc ISP m bo c nhng thng
tin ca khch hng giao dch trn mng c an ton.
3. Phng php nghin cu
Thu thp, phn tch cc ti liu v nhng thng tin lin quan n ti.
Tm hiu cc giao dch trong thng mi in t ca mt s Website
trong v ngoi nc, thu thp cc thng tin v bo mt cc giao dch
thng mi in t c.
Kt hp cc nghin cu c trc y ca cc tc gi trong nc cng
vi s ch bo, gp ca thy hng dn hon thnh ni dung nghin
cu
4. Phm vi nghin cu
Cc vn v bo mt chng thc trong thng mi in t Hm bm,
cc thut ton m ho i xng DES v v bt i xng nh m kho
cng khai RSA, s dng ch k s DSA v RSA, cc giao thc bo mt
trn mng nh: SSL, TLS, SET...
Cc k thut s dng v cc phng php kt hp cc h mt m trong
bo mt.
6
Do c nhng hn ch nht nh v c s vt cht v iu kin tip cn
thc t vi lnh vc an ton v bo mt trong thng mi in t nn vic
ci t cc ng dng ch yu mang tnh th nghim.
5. Cc kt qu nghin cu d kin cn t c
Cc vn v bo mt chng thc trong thng mi in t, s dng ch
k s, Cc k thut s dng v cc phng php kt hp cc h mt m
trong bo mt.
Ci t th nghim vn v bo mt v an ton trong thng mi in t
nghin cu.

7
II, B cc ca lun vn
Chng I : CC KHI NIM V TMT V CC C TRNG CA
TMT
1. Khi nim v TMT
2. Li ch ca thng mi in t
3. Cc c trng c bn ca TMT
4. Cc loi th trng in t.
5. Cc h thng thanh ton trong TMT
6. Cng ngh thanh ton in t
7. Quy trnh thanh ton in t
Chng II : H MT M, M KHO I XNG, M KHO CNG
KHAI, CH K S
I, Tng quan v cc h mt m
1. M ho kho i xng: Thut ton v qu trnh to kho
2. M ho kho cng khai: Hot ng, to kho, m ho, gii m,
chuyn i vn bn r
II, Ch k s
1. Khi nim ch k s
2. Phn loi ch k s
3. Mt s s ch k s c bn
4. nh gi tnh an ton ca cc s ch k s
Chng III : BO MT V AN TON TRONG TMT
1. An ton thng tin
2. C ch m ho
3. Chng thc s ho
4. Mt s giao thc bo mt ng dng trong TMT
- Cc vn bo mt ng dng WEB
- C ch bo mt SSL v TSL
- C ch bo mt SET
Chng IV: CI T V PHT TRIN CC NG DNG
- Ci t ng dng bo mt v an ton thng tin, chng thc s ho, ch k
s trn WEBSITE mua bn my tnh trn mng INTERNET
Kt lun

8
chng i : cc khi nim v TMT v cc c trng
ca TMT
1. Khi nim v TMT
Thng mi in t l hnh thc mua bn hng ho v dch v thng qua
mng my rnh ton cu. TMT theo ngha rng c nh ngha trong lut mu
v thng mi in t ca U ban LHQ v lut thng mi quc t:
Thut ng thng mi cn c din gii theo ngha rng bao qut
cc vn pht sinh t mi quan h mang tnh cht thng mi d c hay
khng c hp ng. Cc quan h mang tnh cht thng mi bao gm cc giao
dch sau y: Bt c giao dch no v thng mi no v cung cp hoc trao
i hng ho hoc dch v, tho thun phn phi, i din hoc i l thng
mi, u thc hoa hng, cho thu di hn, xy dng cc cng trnh, t vn, k
thut cng trnh, u t, cp vn, ngn hng, bo him, tho thun khai thc
hoc t nhng, lin doanh cc hnh thc khc v hp tc cng nghip hoc
kinh doanh, chuyn ch hng ho hay hnh khch bng ng bin, ng
khng, ng st hoc ng b
Nh vy, c th thy rng phm vi ca Thng mi in t rt rng, bao
qut hu ht cc lnh vc hot ng kinh t, vic mua bn hng ho v dch v
ch l mt trong hng ngn lnh vc p dng ca Thng mi in t. Theo
ngha hp TMT ch gm cc hot ng thng mi c tin hnh trn mng
my tnh m nh Internet. Trn thc t chnh cc hot ng thng mi thng
qua mng Internet lm pht sinh thut ng Thng mi in t.
Thng mi in t gm cc hot ng mua bn hng ho v dch v qua
phng tin in t, giao nhn cc ni dung k thut s trn mng, chuyn tin
in t, mua bn c phiu in t, vn n n in t, u gi thng mi, hp
tc thit k, ti nguyn mng, mua sm cng cng, tip th trc tuyn ti ngi
tiu dng v cc dch v sau bn hng. Thng mi in t c thc hin i
vi c thng mi hng ho (v d nh hng tiu dng, cc thit b y t chuyn
dng) v thng mi dch v (v d nh dch v cung cp thng tin, dch v
php l, ti chnh). Cc hot ng truyn thng nh chm sc sc kho, gio
dc v cc hot ng mi (nh siu th o). Thng mi in t ang tr thnh
mt cuc cch mng lm thay i cch thc mua sm ca con ngi.
2. Li ch ca TMT
Xut pht t nhng kinh nghim thc t trong qu trnh hot ng ca
thng mi in t th TMT mang li cho con ngi v x hi cc li ch
sau:
9

2.1. Thu thp c nhiu thng tin

TMT gip cho mi c nhn khi tham gia thu c nhiu thng tin v th
trng, i tc, gim chi ph tip th v giao dch, rt ngn thi gian sn xut,
to dng v cng c quan h bn hng. Cc doanh nghip nm c cc thng
tin phong ph v kinh t th trng, nh c th xy dng c chin lc sn
xut v kinh doanh thch hp vi xu th pht trin ca th trng trong nc,
trong khu vc v quc t. iu ny c bit c ngha i vi cc doanh nghip
va v nh, hin nay ang c nhiu nc quan tm coi l mt trong nhng
ng lc pht trin kinh t.

2.2. Gim chi ph sn xut

TMT gip gim chi ph sn xut, trc ht l chi ph vn phng. Cc vn
phng khng giy t chim din tch nh hn rt nhiu, chi ph tm kim chuyn
giao ti liu gim nhiu ln trong khu in n gn nh b hn. Theo s liu
ca hng General Electricity ca M tit kim trn lnh vc ny t ti 30 %.
iu quan trng hn, vi gc chin lc l cc nhn vin c nng lc c
gii phng khi nhiu cng on s v v c th tp trung vo nghin cu pht
trin, s a n nhng li ch to ln lu di.

2.3. Gim chi ph bn hng, tip th v giao dch

TMT gip gim thp chi ph bn hng v chi ph tip th. Bng phng
tin Internet / Web mt nhn vin bn hng c th giao dch vi rt nhiu khch
hng, catalogue in t trn web phong ph hn nhiu so vi catalogue in n ch
c khun kh gii hn v lun lun li thi, trong khi catalogue in t trn
web c cp nht thng xuyn.
TMT qua Internet / Web gip ngi tiu th v cc doanh nghip gim
ng k thi gian v chi ph giao dch. Thi gian giao dch qua Internet ch bng
7% thi gian giao dch qua FAX, v bng khong 0.5 phn nghn thi gian giao
dch qua bu in chuyn pht nhanh, chi ph thanh ton in t qua Internet ch
bng 10% n 20% chi ph thanh ton theo li thng thng.

2.4. Xy dng quan h i tc

Thng mi in t to iu kin cho vic thit lp v cng c mi quan
h gia cc thnh vin tham gia qu trnh thng mi thng qua mng Internet
cc thnh vin tham gia c th giao tip trc tip (lin lc trc tuyn) v lin tc
vi nhau, c cm gic nh khng c khong cch v a l v thi gian na, nh
s hp tc v qun l u c tin hnh nhanh chng mt cch lin tc, cc
bn hng mi, cc c hi kinh doanh mi c pht hin nhanh chng trn
phm vi ton th gii v c nhiu c hi la chn hn.
10

2.5. To iu kin sm tip cn kinh t tri thc

Trc ht TMT s kch thch s pht trin ca nghnh CNTT to c s
cho pht trin kinh t tri thc. Li ch ny c mt ngha ln i vi cc nc
ang pht trin, nu khng nhanh chng tip cn nn kinh t tri thc th sau
khong mt thp k na nc ang pht trin c th b b ri hon ton. Kha
cnh li ch ny mang tnh chin lc cng ngh v tnh chnh sch pht trin
cn cho cc nc cng nghip ho.

3. Cc c trng c bn ca TMT

So vi cc hot ng thng mi truyn thng, TMT c mt s cc c
trng c bn sau:

3.1. Cc bn tin hnh giao dch trong thng mi in t khng tip xc
trc tip vi nhau v khng i hi phi bit nhau t trc.
Trong thng mi truyn thng cc bn thng gp g nhau trc tip
tin hnh giao dch. Cc giao dch c thc hin ch yu theo nguyn tc vt l
nh chuyn tin, sc, ho n, vn n, gi bo co. Cc phng tin vin
thng nh: Fax, telex,... ch c s dng chao i s liu kinh doanh. Tuy
nhin vic s dng cc phng tin in t trong thng mi truyn thng ch
chuyn ti thng tin mt cch trc tip gia 2 i tc ca cng mt giao dch.
Thng mi in t cho php tt c mi ngi cng tham gia t cc vng
xa xi ho lnh n cc khu vc th rng ln, to iu kin cho tt c mi
ngi khp mi ni u c c hi ngang nhau tham gia vo th trng giao
dch ton cu v khng i hi nht thit phi c mi quen bit vi nhau.

3.2. Cc giao dch thng mi truyn thng c thc hin vi s tn ti ca
khi nim bin gii quc gia, cn thng mi in t c thc hin trong
mt th trng khng c bin gii (th trng thng nht ton cu). Thng
mi in t trc tip tc ng ti mi trng cnh tranh ton cu.
Thng mi in t cng pht trin th my tnh c nhn tr thnh ca s
cho doanh nghip hng ra th trng trn khp th gii. Vi TMT mt doanh
nhn d mi thnh lp c th kinh doang Nht Bn, c v Chi l..., m
khng h phi bc ra khi nh, mt cng vic trc kia phi mt nhiu nm.

3.3. Trong hot ng giao dch TMT u c s tham gia ca t nht ba ch
th, trong c mt bn khng th thiu c l ngi cung cp dch v
mng, cc c quan chng thc.
Trong TMT ngoi cc ch th tham gia quan h giao dch ging nh giao dch
thng mi truyn thng xut hin mt bn th 3 l nh cung cp dch v
mng, cc c quan chng thc... l nhng ngi to mi trng cho cc giao
11
dch thng mi in t. Nh cung cp dch v mng v c quan chng thc c
nhim v chuyn i, lu gi cc thng tin gia cc bn tham gia giao dch
TMT, ng thi h cng xc nhn tin cy ca cc thng tin trong giao dch
TMT.

3.4. i vi thng mi truyn thng th mng li thng tin ch l phng
tin trao i d liu, cn i vi TMT th mng li thng tin chnh l th
trng
Thng qua TMT nhiu loi hnh kinh doanh mi c hnh thnh. V
d: Cc dch v gia tng gi tr trn mng my tnh hnh thnh nn cc nh trung
gian o lm cc dch v mi gii cho gii kinh doanh v tiu dng, cc siu th
o c hnh thnh cung cp hng ho v dch v trn mng my tnh. Cc
ch ca hng thng thng ngy nay cng ang ua nhau a thng tin ln Web
tin ti khai thc mng th trng rng ln trn Web bng cch m ca hng
o.

4. Cc loi th trng in t

Tu thuc vo i tc kinh doanh m ngi ta gi l th trng B2B,
B2C, C2B hay C2C. Th trng m l nhng th trng m tt c mi ngi c
th ng k v tham gia. Ti mt th trng ng ch c mt s thnh vin nht
nh c mi hay cho php tham gia. Mt th trng ngang tp trung vo mt
quy trnh kinh doanh ring l nht nh, v d nh lnh vc cung cp: nhiu
doanh nghip c th t cc nghnh khc nhau tham gia nh l ngi mua v lin
h vi mt nhm nh cung cp. Ngc li th trng dc m phng nhiu quy
trnh kinh doanh khc nhau ca mt nghnh duy nht hay mt nhm ngi dng
duy nht.
Sau khi ln sng lc quan v TMT ca nhng nm 1990 qua i, thi
gian m xut hin nhiu th trng in t, ngi ta cho rng sau mt qu
trnh tp trung ch c mt s t th trng ln l s tip tc tn ti. Th nhng
bn cnh l ngy cng nhiu nhng th trng chuyn mn nh.
Ngy nay tnh hnh khc hn i, cng ngh thc hin mt th trng
in t r i rt nhiu. Thm vo l xu hng kt ni nhiu thng tin cho
hng khc nhau thng qua cc giao din lp trnh ng dng thnh lp mt th
trng chung c mt cho hng cao. Ngoi ra cc th trng c lp trc
y cn c tch hp ngy cng nhiu bng cc gii php phn mm cho mt
cng Web ton din.
Thng mi in t c phn loi theo t cch ca ngi tham gia giao
dch nh sau:
Ngi tiu dng:

C2C (Consumer To Consumer): Ngi tiu dng vi ngi tiu dng
C2B (Consummer To Business): Ngi tiu dng vi doanh nghip
C2G (Consumer To Government): Ngi tiu dng vi chnh ph
12

Doanh nghip:
B2C (Bussiness To Consumer): Doanh nghip vi ngi tiu dng
B2B (Bussiness To Business ): Doanh nghip vi doanh nghip
B2G (Bussiness To Government): Doanh nghip vi chnh ph
B2E (Bussiness To Employee): Doanh nghip vi nhn vin
Chnh ph
G2C (Government To Consumer): Chnh ph vi ngi tiu dng
G2B (Government To Business): Chnh ph vi doanh nghip
G2G (Government To Government): Chnh ph vi chnh ph

5. Cc h thng thanh ton trong TMT

Thanh ton in t l mt khu quan trng trong TMT. Hiu mt cch
khi qut th thanh ton in t l mt qu trnh thanh ton tin gia ngi mua
v ngi bn. im ct li ca vn ny l vic ng dng cc cng ngh thanh
ton ti chnh (v d nh m ho s th tin dng, sc in t, hoc tin in t)
gia ngn hng, nh trung gian v cc bn tham gia hot ng thng mi. Cc
ngn hng v t chc tn dng hin nay s dng cc phng php ny nhm
mc ch nng cao hiu qu hot ng trong bi cnh pht trin ca nn kinh t
s, vi mt s li ch nh gim chi ph x l, chi ph cng ngh v tng cng
thng mi trc tuyn.
Thanh ton in t l vic tr tin thng qua cc thng ip in t thay
v trao tay trc tip. Vic tr lng bng cch chuyn tin vo ti khon ngn
hng, tr tin mua hng bng th tn dng, bng th mua hng... thc cht cng
l nhng v d n gin ca thanh ton in t.
Hnh thc thanh ton in t c mt s h thng thanh ton c bn sau:

Thanh ton bng th tn dng: Thc t cho thy, khch hng trn mng khng
th tr tin hoc sc thanh ton. iu cn thit l Website bn hng cn phi
to ra c cc hnh thc thanh ton trn mng. H thng thanh ton ph bin
hin nay trn mng l thanh ton bng th tn dng. Mt s th tn dng ph bin
hin nay l Visa, MasterCard, American Express, JBC. tin hnh giao dch
th tn dng t Website bn hng cn thit phi lin kt ti mt dch v tin
hnh thanh ton th tn dng trn mng nh CyberCard hay PaymentNet,... Dch
v thanh ton ny cung cp phn mm nh v trn my ch dch v an ton ti
dc v thc hin thanh ton. Dch v thc hin thanh ton xc nhn thng qua
th tn dng c th hon tt giao dch vi khch hng. Sau chuyn n b
phn xc nhn. Dch v thanh ton bng th tn dng m bo rng tin c
thc hin ti khon ngn hng. tin hnh s dng dch v thanh ton bng
th tn dng trn Website cn ng k mt ti khon giao dch Internet vi ngn
hng (acquier). Hin ti khng phi ngn hng no cng cung cp dch v ti
khon giao dch trn Internet. Ti khon giao dch Internet c thit k cho
13
php nh kinh doanh thc hin giao dch thanh ton qua th tn dng trn
Internet thng qua dch v th tn dng trn mng.

Thanh ton vi in t (Electronic Cash MicroPayment): c s dng cho
nhng giao dch qu nh i vi yu cu thanh ton qua th tn dng (di 10
USD). Micropayment vi thanh ton c duy tr qua bin nhn in t, khch
hng m ti khon vi my cung cp bin nhn in t t ng. My cung cp
bin nhn in t t ng. My cung cp bin nhn in t t ng s cp cho
khch hng tin k thut s (digital money), do khch hng c th mua trc
tip t Website. Trc khi khch hng thanh ton tin k thut s n ngi
bn, n xc nhn c ngi mua v my bn hng t ng m bo rng tin
i n ng ni cung cp tin in t Cyberrcash.

Chi phiu in t (Electronic Check) : y l mt dch v cho php khch hng
trc tip chuyn tin in t t ngn hng n ngi bn hng. Chi phiu in t
c s dng thanh ton ho n nh k. Cc cng ty nh in, nc, ga, in
thoi... a ra hnh thc thanh ton ny ci thin t l thu, gim chi ph v d
dng hn cho khch hng trong vic qun l ho n. T trin vng ca khch
hng khi mt khch hng ng k vi nh cung cp th khch hng s nhn c
thng tin thanh ton (s ti khon, ngn hng...). Khch hng vi tn ng k s
dng v mt khu h c th truy nhp vo Website ca cng ty pht hnh chi
phiu kim tra s d ca h. Khch hng cng c th nhn nhng ho n
in t v gi th in t thng bo nhn c ho n in t t cng ty
cung cp gi n. Khi khch hng truy cp ho n ca mnh trn Internet sau
khi xem xt tt c cc ho n khch hng c th chn thanh ton t tin ca
mnh trong ti khon ti ngn hng. Qu trnh thanh ton c thc hin thng
qua dch v nh dch v thanh ton chi phiu in t trn Cybercashs Paynow
(thanh ton nhanh) ca Cybercash.

Th in t (Email): C th dng cho php i tc kinh doanh nhn
thanh ton t ti khon khch hng hoc lp ti khon vi nh cung cp.

Vi nhng li ch nu trn, tng cng kh nng thanh ton in t s l
mt gii php ct gim ng k cc chi ph hot ng. Theo tnh ton ca cc
ngn hng th vic giao dch bng tin v sc rt tn km, do h tm kim cc
gii php khc vi chi ph thp hn. Hin nay M th cc giao dch bng tin
mt chim khong 54% v bng sc l 29% cc giao dch in t chim khong
17%. D bo con s ny s tng ln trong thi gian ti.

6. Cng ngh thanh ton in t

Cc cng ngh thanh ton in t bt u pht trin vi dch v chuyn
tin bng in t v d nh dch v chuyn tin ca Western Union gip mt c
nhn c th chuyn tin cho ngi no a im khc thng qua lnh
14
chuyn tin ca h t mt quy cung cp dch v ca Western Union. Tin ch
c th chuyn giao cho khch hng sau khi p ng c cc yu cu nhn in.
Trong trng hp ny, khng c s tham gia ca bt k ngn hng no c,
Western ch n thun l mt cng ty in tn. S an ton ph thuc vo kh
nng ti chnh ca hng, v s an ton ca dch v ny c kim sot qua cc
thng ip gi i trong tng giao dch ring l. Cc thng tin ny khng c
cng b rng ri m ch khch hng v ngi nhn c bit khon tin c
chuyn. Ch k c s dng nh mt cng c xc nhn nhm mc ch cho
bit qu trnh chuyn giao hon thnh khi khch hng nhn c tin.
Cc sng kin trong thanh ton in t hin nay u nhm mc ch to ra
mt cch thc n gin, thun li cho khch hng trong giao dch thanh ton v
mang tnh tc thi. Trong mt giao dch in t, cc khu kim tra hi oi, tin
hnh th tc thanh ton s din ra ngay lp tc khi khch hng gi lnh yu cu
chuyn tin thanh ton cho mt giao dch mua bn trn mng.
H thng thanh ton in t dnh cho khch hng pht trin rt nhanh chng.

7. Quy trnh thanh ton in t

Mt quy trnh thanh ton in t bao gm c 6 cng on c bn sau:
1. Khch hng, t mt my tnh ti mt ni no , in nhng thng tin
thanh ton v a ch lin h vo n t hng (Order Form) ca Website bn
hng. Doanh nghip nhn c yu cu mua hng ho hay dch v ca khch
hng v phn hi xc nhn tm tt li nhng thng tin cn thit nh mt hng
chn, a ch giao nhn v s phiu t hng
2. Khch hng kim tra li cc thng tin v click chn t hng, gi
thng tin tr v cho Doanh nghip.
3. Doanh nghip nhn v lu tr thng tin t hng ng thi chuyn tip
thng tin thanh ton (s th tn dng, ngy o hn, ch th) c m ho
n my ch (Server, thit b x l d liu) ca Trung tm cung cp dch v x
l th trn mng Internet. Vi qu trnh m ho cc thng tin thanh ton ca
khch hng c bo mt an ton nhm chng gian ln trong cc giao dch
(ngay c doanh nghip s khng bit c thng tin v th tn dng ca khch
hng).
4. Khi Trung tm x l th tn dng nhn c thng tin thanh ton, s gii
m thng tin v x l giao dch ng sau tng la (Fire Wall) v tch ri mng
Internet (off the Internet), nhm mc ch bo mt tuyt i cho cc giao dch
thng mi, nh dng li giao dch v chuyn tip thng tin thanh ton n
Ngn hng ca Doanh nghip (Acquirer) theo mt ng dy thu bao ring
(mt ng truyn s liu ring bit).
5. Ngn hng ca Doanh nghip gi thng in in t yu cu thanh ton
(authorization request) n ngn hng hoc Cng ty cung cp th tn dng ca
khch hng (Issuer). V t chc ti chnh ny s phn hi l ng hoc t chi
thanh ton n trung tm x l th tn dng trn mng Internet.
15
6. Trung tm x l th tn dng trn Internet s tip tc chuyn tip nhng
thng tin phn hi trn n doanh nghip v tu theo doanh nghip thng bo
cho khch hng c r l n t hng s c thc hin hay khng.
chng II : h mt m, m kho i xng m kho
cng khai, ch k s
i. tng quan v cc h mt m
Mt m hc l mt linh vc lin quan vi cc k thut ngn ng v ton
hc m bo an ton thng tin, c th l thng tin lin lc. V phng din
lch s, mt m hc gn lin vi qu trnh m ha; iu ny c ngha l n gn
vi cc cch thc chuyn i thng tin t dng ny sang dng khc nhng
y l t dng thng thng c th nhn thc c thnh dng khng th nhn
thc c, lm cho thng tin tr thnh dng khng th c c nu nh khng
c cc kin thc b mt. Qu trnh m ho c s dng ch yu m bo
tnh b mt ca cc thng tin quan trng , chng hn trong cng tc tnh bo,
qun s hay ngoi giao cng nh cc b mt v kinh t, thng mi. Trong
nhng nm gn y, lnh vc hot ng c mt m ho dc m rng; mt
m ho hin i cung cp c ch nhiu hot ng hn l ch duy nht vic gi b
mt v c mt lot cc ng dng nh : chng thc kho cng khai, ch k s,
bu c in t hay tin in t. Ngoi ra nhng ngi khng c nhu cu thit
yu c bit v tnh b mt cng s dng cc cng ngh mt m ho, thng
thng c thit k v to lp sn trong cc c s h tng ca cng ngh tnh
ton v lin lc vin thng.
Mt m hc l mt nghnh c lch s t hng nghn nm nay. Trong phn
ln thi gian pht trin ca mnh ( ngoi tr vi thp k tr li y ), lch s mt
m hc chnh l lch s ca nhng phng php mt m hc c in cc
phng php mt m ho vi bt v giy, i khi c h tr t nhng dng c c
kh n gin. Vo u th k 20, s xut hin ca cc c cu c kh v in c,
chng hn nh my Enigma, cung cp nhng nhng c ch phc tp v hiu
qu hn cho vic mt m ho. S ra i v pht trin mnh m ca ngnh in
t v my tnh trong thp nin gn y to iu kin mt m hc pht trin
nhy vt ln mt tm cao mi.
1. Mt m hc c in
Nhng bng chng sm nht v s dng mt m hc l cc ch tng hnh
khng tiu chun tm thy trn cc bc tng Ai Cp c i (cch y khong
4500). Nhng k hiu t ra khng phi phc v mc ch truyn thng tin b
mt m c v nh l nhm mc ch gi nn nhng iu thn b, tr t m hoc
thm tr to s thch th cho ngi xem. Ngoi ra cn rt nhiu v d khc v
16
nhng ng dng ca mt m hc hoc l nhng iu tng t. Mun hn, cc
hc gi v ting Hebrew c s dng mt phng php m ho thay th bng ch
ci n gin chng hn nh mt m ho Atbash ( khong nm 500 n nm
600). Mt m hc t lu c s dng trong cc tc phm tn gio che
giu thng tin vi chnh quyn hoc nn vn ho thng tr. V d tiu chun nht
l s ch k th ca cha (Ting Anh number of the beast) xut hin trong
kinh Tn c ca c c gio. y s 666 c th l cch m ho ch n
ch La M hoc l n hong nero ca ch ny. Vic khng cp trc
tip s gy rc ri khi chnh sch b chnh quyn ch . i vi c c gio
chnh thng thi vic che du ny kt thc khi constantine ci o v chp nhn
o c c l chnh thng ca ch.

Hnh 1: Scytale, mt thit b mt m ha c i
Ngi Hy Lp c i cng c bit n l s dng cc k thut mt m (chng
hn nh mt m scytale ). Cng c nhng bng chng t ngi La M nm c
cc k thut mt m (mt m caesar v cc bin th). Thm tr c nhng
cp n mt cun sch ni v mt m trong qun i La M, tuy nhin cun
sch ny tht truyn.
2. Mt m hc hin i
Nhiu ngi cho rng k nguyn ca mt m hc hin i c bt u
vi Claude Shannon, ngi c coi l cha ca mt m ton hc. Nm 1949
ng d cng b bi l thuyt v truyn trhng trong cc h thng bo mt
(Communication Theory of secrecy system ) trn tp san bell system technical
journal _ tp san k thut ca h thng bell_ v mt thi gian ngn sau , trong
cun mathematical theory of communication _ l thuyt ton hc trong truyn
thng _ cng vi tc gi warren weaver. Nhng cng trnh ny, cng vi nhng
cng trnh nghin cu khc ca ng v l thuyt v tin hc v truyn thng (
information and communication theory), thit lp mt nn tng l thuyt c
bn cho mt m hc v thm m hc. Vi nh hng , mt m hc hu nh b
thu tm bi cc c quan truyn thng mt ca chnh ph, chng hn nh NSA,
17
v bin mt khi tm hiu bit ca cng chng. Rt t cc cng trnh c tip
tc cng b, cho n thi k gia thp nin 1970, khi mi s c thay i.

3. Thut ng
Vic nghin cu tm cc phng thc ph v vic s dng mt m
c gi l phn tch mt m, hay ph m. Mt m ho v phn tch mt m i
khi c nhm li cng nhau di tn gi chung mt m hc, n bao bc ton
b cc ch lin quan n mt m. Trong thc t, thut ng mt m ho thng
thng c s dng ni n ngnh ny mt cch tng th.
Trong mt s ngn ng nh ting anh n l cryptography, c ngun gc
t ting Hy Lp kryptos tc l "n" v graphein, "vit ra". Vic s dng t
"cryptography" ln u tin c l din ra trong bi din thuyt ca Sir Thomas
Browne nm 1658 c tn gi The garden of cyrus: "The strange cryptography of
gaffarel in his starrie booke of heaven".
Mt m ho l qu trnh chuyn i cc thng tin thng thng (vn bn
thng hay vn bn r ) thnh dng khng c trc tip c, l vn bn m.
Gii mt m, l qu trnh ngc li, phc hi li vn bn thng t vn bn m.
Mt m l thut ton mt m ho v gii mt m. Hot ng chnh xc ca
mt m thng thng oc kim sot bi kho _ mt on thng tin b mt no
cho php tu bin cch thc to ra vn bn m. Cc giao thc mt m ch r
cc chi tit v vic mt m (v cc nn tng mt m ho khc) c s dng nh
th no thu c cc nhim v c th. Mt b cc giao thc, thut ton, cch
thc qun l kho v cc hnh ng quy nh trc bi ngi s dng thi hnh
cng nhau nh mt h thng to ra h thng mt m.
Trong cch ni thng thng, "m" b mt thng thng c s dng
ng ngha vi "mt m". Trong mt m hc, thut ng ny c ngha k thut
c bit: Cc m l cc phng php lch s tham gia vo vic thay th cc n
v vn bn ln hn, thng thng l cc t hay cu (v d, "qua tao" thay th cho
"tan cong luc rang dong"). Ngc li, mt m ho c in thong thng thay th
hoc sp xp li cc ch ring bit (hoc mt nhm nh cc ch ci) v d, "tan
cong luc rang dong" tr thnh "ubo dpoh mvd sboh epoh" bng cch thay th.
Thm m: Mc tiu ca thm m (ph m ) l tm nhng im yu hoc
khng an ton trong phng th mt m ho. Thm m c th c thc hin
bi nhng k tn cng c , nhm lm hng h thng; hoc bi nhng ngi
thit k ra h thng (hoc nhng ngi khc ) vi nh nh gi an ton ca
h thng.
18
C rt nhiu loi hnh tn cng thm m, v chung c th c phn loi
theo nhiu cch khc nhau. Mt trong nhng c im lin quan l nhng ngi
tn cng c th bit v lm nhng g hiu c thng tin b mt. V d,
nhng ngi thm m ch truy cp c vn bn m ho khng ? hoc thm ch:
Anh ta c chn la cc vn bn ngu nhin m ho ? Cc kch bn ny tng
ng vi tn cng vn bn m, tn cng bit bn r v tn cng chn la bn r.
Trong cng vic thm m thun tu s dng cc im yu trong cc thut
ton mt m ho, nhng cuc tn cng khc li da trn s thi hnh, c bit
n nh l cc tn cng side _channel. Nu ngi thm m bit lng thi gian
m thut ton cn m ho mt lng bn r no , anh ta c th s dng
phng thc tn cng thi gian m ho m nu khng th chng chu c
php thm m. Ngi tn cng cng c th nghin cu cc mu v di ca
thng ip rt ra cc thng tin hu ch cho vic ph m; iu ny c bit
n nh l thm m lu thng.
Nu nh h thng mt m s dng kho xut pht t mt khu, chng c
nguy s b tn cng kiu duyt ton b (brute force ), v kch thc khng ln
cng nh thiu tnh ngu nhin ca mt khu. y l im yu chung trong h
thng mt m. i vi cc ng dng mng, giao thc tho thun kho chng
thc mt khu c th gim i mt s cc gii hn ca mt khu. i vi cc ng
dng c lp, hoc l bin php an ton lu tr cc d liu cha mt khu
v/hoc cc cm t kim soat truy cp thng thng c gi nn s dng.
Thm m tuyn tnh v Thm m vi phn l cc phng php chung cho
mt m ho khoa i xng. Khi mt m ho da vo cc vn ton tin nh
kh NP, ging nh trong trng hp ca thut ton kho i xng, cc thut
ton nh phn tch ra tha s nguyn t tr thnh cng c tim nng cho thm
m.
4. Tiu chun mt m
Thi k gia thp nin k 1970 c chng kin hai tin b cong chnh
ln ( cng khai ). u tin l s cng xut tiu chun mt m ho d liu
(data encryption standard) trong "cng bo lin bang " ( federal register ) nc
M vo ngy 17 thng 3 nm 1975. Vi c ca cc tiu chun quc gia
(national bureau of standards _NBS ), (hin l NIST ), bn xut DES c
cng ty IBM ( international business machines ) trnh tr thnh mt trong
nhng c gng trong vic xy dng cc cng c tin ch cho thng mi,nh
cho cc nh bng v cho cc t chc ti chnh ln. Sau nhng ch o v thay
i ca NSA, vo nm 1977, n c chp thun v c pht hnh di ci
tn bn cng b v tiu chun x l thng tin ca lin bang (federal information
processing standard publication _FIPS) (phin bn hin nay l FIPS 46_3). DES
19
l phng thc mt m cng khai u tin c mt c quan quc gia nh NSA
"tn sng". S pht hnh bn c t ca n bi NBS khuyn khch s quan
tm ch ca cng chng cng nh ca cc t chc nghin cu v mt m hc.
Nm 2001, DES chnh thc c thay th bi AES ( vit tt ca advanced
encryption standard _ tiu chun m ho tin tin) khi NIST cng b phin bn
FIPF 197. Sau mt cuc thi t chc cng khai, NIST chn Rijndael, do hai
nh mt m ngi B trnh, v n tr thnh AES v mt s bin th ca n
nh tam phn DES (Triple Des), vn cn c s dng, do trc y n c
gn lin vi nhiu tiu chun quc gia v cc t chc. vi chiu di kho ch l
56 bit, n c chng minh l khng sc chng li nhng tn cng kiu
vt cn (brute force attack- tn cng dng bo lc). Mt trong nhng kiu tn
cng loi ny c thc hin bi nhm nhn quyn cyber (cyber civil- rights
group) tn l t chc tin tuyn in t (electronic frontier foundation) vo nm
1997, v ph m thnh cng trong 56 ting ng h- cu truyn ny c
nhc n trong cun cracking DES( ph v DES), c sut bn bi Oreilly
and Associates. Do kt qu ny m hin nay vic s dng phng php mt m
ho DES nguyn dng, c th c khng nh mt cch khng nghi ng, l mt
vic lm mo him, khng an ton v nhng thng ip di s bo v ca
nhng h thng m ho trc y dng DES, cng nh tt c cc thng ip
c truyn gi t nm 1976 tr i s dng DES, u tronh tnh trng rt ng
lo ngi. Bt chp cht lng vn c ca n, mt s s kin sy ra trong nm
1976, c bit l s kin cng khai nht ca Whitfield Diffie, ch ra rngchiu
di kho m DES s dng (56-bit) l mt kho qu nh). c mt s nghi ng
xut hin ni rng mt s cc t chc ca chnh ph, ngay ti thi im by gi,
cng c cng sut my tnh ph m cc thng dip dng DES; r rng
l nhng c quan khc cng c kh nng lm vic nay ri.
Mt m ho c s dng m bo an ton cho thng tin lin lc.Cc
thuc tnh c yu cu l:
Tnh b mt: ch c ngi nhn xc thc c th ly ra c ni dung ca
thng tin cha ng trong dng mt m ho ca n. Ni khc i, n khng
th cho php thu lm c bt k thng tin ng k no v ni dung ca
thng ip.
- Nguyn vn: ngi nhn cn c kh nng xc nh c thng tin c b thay
i trong qu trnh truyn hay khng.
- Tnh xc thc: ngi nhn cn c kh nng xc nh ngi gi v kim tra
xem ngi gi c thc s gi tin i hay khng.
- Khng b t chi: ngi gi khng b (khng th) t chi vic gi thng
tin i.
- Chng lp li: khng cho php bn th ba copy li vn bn v gi nhiu ln
n ngi nhn m ngi gi khng h hay bit.
Mt m hc c th cung cp c ch gip thc hin iu ny.Tuy nhin,
20
mt s mc tiu khng phi bao gi cng l cn thit, trong ngha cnh ca thc
t hay mong mun. V d, ngi gi thng tin c th mong mun gi mnh l
nc danh; trong trng hp ny s khng t chi thc hin r rng l khng
thch hp.
ii. cc phng php m ho

1. M ho i xng (m ho kho b mt)
1.1. nh ngha
Thut ton i xng hay l thut ton m ti kho m ho c th tnh ton
ra c t kho gii m.Trong rt nhiu trng hp, kho m ho v kho gii
m l ging nhau. Thut ton ny cn c nhiu tn gi khc nh thut ton kho
b mt, thut ton kho n gin, thut ton mt kho. Thut ton ny yu cu
ngi gi v ngi nhn phi tho thun mt kho trc khi thng bo c gi
i, v kho ny phi c ct gi b mt. an ton ca thut ton ny ph
thuc vo kho, nu l ra kho ny ngha l bt k ngi no cng c th m
ho v gii m thng bo trong h thng m ho. S m ho v gii m ca thut
ton i xng biu th bi:
E
K
(K) = C v D
K
(C ) = P

Hnh2: M ho vi kho m v gii m ging nhau
1.2. Cc vn i vi phng php m ha i xng
Phng m ha i xng i hi ngi m ha v ngi gii m phi
cng chung mt kha. Khi kha phi c gi b mt tuyt i, do vy ta d
dng xc nh mt kha nu bit kha kia.
H m ha i xng khng an ton nu kha b l vi xc sut cao. Trong
h ny, kha phi c gi i trn knh an ton.
Vn qun l v phn phi kha l kh khn v phc tp khi s dng h
m ha i xng. Ngi gi v nhn phi lun thng nht vi nhau v kha.
Vic thay i kha l rt kh v d b l
21
Khuynh hng cung cp kho di m n phi c thay i thng xuyn
cho mi ngi trong khi vn duy tr c tnh an ton ln hiu qu chi ph s cn
tr rt nhiu ti h mt m ny.

1.3 chun m ho d liu DES.
a, Gii thiu
Ngy 15.5.1973. u ban tiu chun quc gia M cng b mt khuyn
ngh cho cc h trong H s qun l lin bang. iu ny cui cng dn n
s pht trin ca chun m d liu (ES) v n tr thnh mt h mt c s
dng rng ri nht trn th gii. DES c IBM pht trin v c xem nh l
mt ci bin ca h mt LUCIPHER. Ln u tin DES c cng b trong H
s lin bang vo ngy 17.3.1975. Sau nhiu cuc tranh lun cng khai, DES
c chp nhn lm chun cho cc ng dng khng c coi l mt vo
5.1.197. K t c 5 nm mt ln,DES li c u ban tiu chun quc gia
xem xt li.
DES l thut ton m ho khi (block algorithm), n m ho mt khi d
liu 64 bit bng mt kho 56 bit. Mt khi bn r 64 bit a vo thc hin, sau
khi m ho d liu ra l mt khi bn m 64 bit. C m ho v gii m u s
dng cng mt thut ton v kho.
Nn tng xy dng khi ca DES l s kt hp n gin ca cc k thut
thay th v hon v bn r da trn kho, l cc vng lp. DES s dng 16
vng lp p dng cng mt kiu kt hp cc k thut trn khi bn r.
Thut ton ch s dng cc php ton s hc v lgic thng thng trn cc
s 64 bit, v vy n r rng th hin vo nhng nm 1970 trong iu kin v
cng ngh lc by gi. Ban u, s thc hin cc phn mm kiu ny rt th s,
nhng hin ti vic tt hn, v vi c tnh lp i lp li ca thut ton
to nn tng s dng chip vi mc ch ny c bit ny.
b. M t
M t y ca DES c nu trong cng b s 64 v cc chun x l
thng tin lin bang (M) vo 15.1.1977. DES m ho mt su bit x ca r di
64 bng mt kho 56 bit. Bn m nhn c cng l mt xu bit c di 64.
Trc ht ta m t mc cao ca h thng.
Thut ton tin hnh theo 3 giai on:
1. Vi bn r trc x, mt su bit x
0
s c xy dng bng cch hon v cc
bit ca x theo php hon v c nh ban uIP.
22
Ta vit:x
0
= IP (X)= L
0
R
0
, trong L
0
gm 32 bit u v R
0
l 32 bit cui.
2. sau tnh ton 16 ln lp theo mt hm xc nh.
Ta s tnh L
1
R
1
,1s i s 16 theo qui tc sau:
L
1
=R
i-1

R
1
= L
i-1
f(R
i-1
,K
i
)

Trong k hiu php hoc loi tr ca hai xu bit ( cng theo modun 2). F l
mt hm ta x m t sau, cn K
1
,K
2
,...,K
16
l cc su bit di 48 c tnh
nh hm ca kho Ki l mt php chn hon v bt trong K). K
1
,K
2
,...,K
16
s to
thnh bng kho. Mt vng ca php m ho c m t trn hnh 2.
3. p dng php hon v IP
-1
(R
16
L
16
). Ch th t c o ca R
16
va L
16
.

Hnh 3 : Mt vng ca DES

Hm f c hai bin vo : bin th nht A l xu bit di 32, bin th hai j l
mt xu bit di 48. u ra ca f l mt xu bit di 32.
Cc bc thc hin:
Bin th nht A c m rng thnh mt xu bit di 48 theo mt hm m
rng c nh E. E9A) gm 32 bit ca A (c hon v theo cch c nh ) vi 16
bit xut hin hai ln.
L i-1 Li-1
f
i
-
1
i
-
1
+
Ri Li-1

K i
23
Tnh E(A) j v vit kt qu thnh mt chui 8 xu 6 bit = B
1
B
2
B
3
B
4
B
5
B
6
B
7
B
8

Bc tip theo dng 8 bng S
1
,S
2
,,S
8
( c gi tt l ci hp S). Vi mi Si
l mt bng 46 c nh c cc hng l cc s nguyn t 0 n 15. Vi xu bit
c di 6 (K hiu B
1
= b
1
b
2
b
3
b
4
b
5
b
6
), ta tnh Si(Bi) nh sau: Hai bit b
1
b
2
xc
nh biu din
nh phn ca hng r ca S
i
( 0 s r s 3) v 4 bit (b
2
b
3
b
4
b
5
) xc nh biu din nh
phn ca ct c ca S
i
(0 s c s 15) . Khi S
i
(B
i
) s xc nh phn t S
i
(r,c);
phn t ny vit di dng nh phn l mt xaau bit c di 4. (Bi vy , mi
Si c th c coi l mt hm m m u vo l mt xu bit c di 2 v mt
xu bit c di 4, cn u ra l mt xu bit c di4). Bng cch tng t
tnh cc Ci = S
i
(B
i
) , 1 s i s 8 .
Xu bit C = C
1
C
2
C
8
c di 32 c hon v theo php hon v c nh P.
Xu kt qu l P(C) c xc nh l f(A,J).
Hm f c m t trong hnh 1.3. Ch yu n gm mt php th (s dng hp
S), tip sau l php hon v P .

Hnh 4: .Hm f ca DES
Cui cng ta cn m t vic tnh ton bng kho t kho K. Trn thc t , K l
mt xu bit di 64 , tring 56 bit l kho v 5 bit kim tra tnh chn l
nhm phat hin sai. Cc bit cc v tr 8, 16, .,64 c xc nh sao cho mi
byte cha mt s l cc s 1 . Bi vy mt sai st n l c th pht hin c
trong mi nhm 8 bit.
Cc bit kim trab b qua trong qu trnh tnh ton bng kho.
24
1. Vi mt kho K 64 bit cho trc , ta loi b cc bit kim tra tnh chn l v
hon v c bit cn li ca K theo php hon v c nh PC-1 (K) = C0D0.
2. Vi i thay i t 1 n 16:
C
i
= LS
i
(C
i-1
)
D
i
= LS
i
(D
i-1
)
V K
i
= PC-2 (C
i
D
i
). LSi th hin s dch sang tri 1 hoc 2 bit , ph thuc vo
gi tr ca i:dch 1v trs nu i = 1,2,9 hoc 16 v dch 2 v tr trong cc trng
hp cn li . PC-2 l mt hon v c nh khc.
Vic tnh bng kho c m t trn hnh 1.4

Hnh 5: Tnh bng kho DES
c. Gii m DES
Sau khi thay i , hon v ,, v dch vng , bn c th ngh rng thut ton
gii m hon ton khc v phc tp , kh hiu nh thut ton m ho . Tri li ,
DES s dng cng thut ton lm vic cho c m ho v gii m.
Vi DES , c th s dng cng chc nng gii m ho mt khi. Ch c s
khc nhau l cc kho phi c s dng theo th t ngc li . Ngha l ,
nu cc kho m ho cho mi vng l k
1
,k
2
,k
3
,.,k
15
,k
16
th cc kho gii l
k
16
,k
15
,.,k
3
,k
2
,k
1
. Thut tan ding sinh kho c s dng cho mi vng
theo kiu vng quanh . Kho c dch phi , v s nhng v tr c c tnh
t cui ca bng ln, thay v t trn xung .
d. Tranh lun v DES
Khi DES c xut nh mt chun mt m , c rt nhiu kin ph
phn . Mt l do phn i DES c lin quan n cc hp S . Mi tnh ton lin
25
quan n DES ngoi tr cc hp S u tuyn tnh , tc vic tnh php hoc loi
tr ca hai u ra cng ging nh php hoc loi tr ca hai u vo ri tnh
ton u ra . Cc hp S- cha ng thnh phn phi tuyn ca ca h mt l yu
t quan trng nht i vi mt ca h thng. Tuy nhin tiu chun xy dng
cc hp S khng c bit y . Mt s ngi gi l cc hp S phi cha
cc ca sp c du kn, cho php C An ninh quc gia M (NSA) gii ms
c cc thng bo nhng vn gi c mc an ton ca DES. D nhin ta
khng th bc b c khng nh ny, tuy nhin khng c mt chng c no
c a ras chng t rng trong thc t c cc ca sp nh vy.
Nm 1976 NSA khng nh rng, tnh cht sau ca hp S l tiu chun thit
k:
Mi hng trong mi hp S l mt hon v ca cc s nguyn 0, 1, 15.
Khng mt hp S no l mt hm Affine hoc tuyn tnh cc u vo ca n.
Vic thay i mt bit vo ca S phi to nn s thay i t nht l hai bit ra.
i vi hp S bt k vi u vo x bt k S (s) v S(x 001100) phi khc
nhau ti thiu l hai bit (trong x l xu bit dai 6).
Hai tnh cht khc nhau sau y ca cc hp S c th coi l c rt ra t tiu
chun thit k ca NSA.
Vi hp S bt k, u vo x bt k vi e, f e {0,1}:
S(x) = S(x 11 ef00).
Vi hp S bt k, nu c nh mt bit vo v xem xt gi tr ca mt bit u ra
c nh th cc mu vo bit ra ny bng 0 s xp x bng s mu ra bit
bng 1. (Ch rng, nu c nh gi tr bit vo th nht hoc bit vo th 6 th c
16 mu vo lm mt bit ra c th bng 0 v c 16 mu vo lm cho bit ny bng
1. Vi cc bit vo t bt th hai n bit th 5 th iu ny khng cn dng na.
Tuy nhin phn b kt qu vn gn vi phn b u. Chnh xc hn, vi mt
hp S bt k, nu ra c nh gi tr ca mt bit vo bt k th s my vo lm cho
mt bit ra c nh no c gi tr 0 hoc lun nm trong khong 13 n 19).
Ngi ta khng bits r l liu cn mt chun thit k bo y hn c
dng trong vic xy dng hp S hay khng.
S phn i xc ng nht v DES chnh l kch thc ca khng gian kho :
2
56
l qu nh m bo an ton thc s. Nhiu thit b chuyn dng c
xut nhm phc v cho vic tn cng vi bn r bit. Php tn cng ny
ch yu thc hin tm kho theo phng php vt cn. Tc ci bn r x64 bt v
bn m y tng ng, mi kho u c th c kim tra cho ti khi tm c
mt kho K tho mns e
k
(x) = y. Cn ch l c th nhiu hn mt kho K nh
vy.
Ngay t nm 1977, Diffie v Hellman gi rng c th xy dng mt
chp VLSI (mch tch hp mt ln) c kh nng kim tra c 10
6
kho/giy.
Mt my c th tm ton b khng gian kho c 10
6
trong khong 1 ngy. H
c tnh chi ph to mt my nh vy khong 2.10
7
$.
26
Trong cuc hi tho ti hi ngh CRYPTO93, Michael Wiener a ra
mt thit k rt c th v my tm kho. My ny xy dng trn mt chp tm
kho, c kh nng thc hin ng thi 16 php m v tc ti 5.10
7
kho/giy.
Vi cng ngh hin nay, chi ph ch to khong 10,5$/ chip. Gi ca mt khung
my cha 5760 chp vo khong 100.000$ v nh vy n c kh nng tm ra
mt kho ca DES trong khong 1,5v ngy. Mt thit b dng 10 khung my
nh vy c gi chng 10
6
$ s gim thi gian tm kim kho trung bnh xung
cn 3,5 gi.
e. ng dng ca DES
Mc d vic m t DES kh di song ngi ta c th thc hin DES rt hu
hiu bng c phn cng ln phn mm. Cc php ton duy nht cn c thc
hin l php hoc loi tr xu bit. Hm m rng E, cc hp S, cc hon v IP v
P v vic tnh ton cc gi tr K
1
., K
16
u c th thc hin c cng lc
bng tra bng (trong phn mm) hoc bng cch ni cng chng thnh mt
mch.
Cc ng dng phn cng hin thi c th t c tc m ho cc nhanh.
Nm 1991 c 45s ng dng phn cng v chng trnh c s ca DES c
u ban tiu chun quc gia M (NBS) chp thun.
Mt ng dng quan trngs ca DES l trong giao dch ngn hng M -
(ABA) DES c dng m ho cc s nh danh c nhn (PIN) v vic
chuyn khon bng my th qu t ng (ATM). DES cng c h thng chi
tr gia cc nh bng ca ngn hng hi oi (CHIPS) dng xc thc cc
giao dch. DES cn c s dng rng ri trong cc t chc chnh ph. Chng
hn nh b nng lng, B t php v H thng d tr lin bang.

1.4. H m ha AES

Trong mt m hc, AES ( vit tt ca t ting Anh: Advanced Encryption
Standard, hay tiu chun m ha tin tin) l mt thut ton m ha khi c
chnh ph Hoa K p dng lm tiu chun m ha. Ging nh tiu chun tin
nhin DES, AES c k vng p dng trn phm vi th gii v c nghin
cu rt k lng. AES c chp thun lm tiu chun lin bang bi vin tiu
chun v cng ngh quc gia Hoa K (NIST ) sau mt qu trnh tiu chun ha
ko di 5 nm.
Thut ton c thit k bi hai nh mt m hc ngi B: Joan Daemen
v Vincent Rijmen (ly tn chung l Rijnadael khi tham gia cuc tthit k
AES).
Thng tin chung
Tc gi Vincent Rijmen v Joan Daemen
Nm cng b 1998
Pht trin t Square (m ha)
Cc thut ton da trn Crypton (m ha), Anubis (m
27
ha),GRAND CRU
Chi tit thut ton
Khi d liu 128 bit
di kha 128,192 hoc 256 bit
Cu trc Mng thay th- hon v
S chu trnh 10,12 hoc 14 (ty theo di kha)

Thut ton c da vo bng thit k Square c trc ca Daemen v
Rijmen; cn Square li c thit k da trn Shark.
Khc vi DES s dng mng Feistel, Rijndael s dng mng thay th- hon
v, AES c th d dng thc hin v t cao bng phn mm hoc phn cng
v khng i hi nhiu b nh. Do AES l mt tiu chun m ha mi, n ang
c s dng rng ri trong nhiu ng dng.
M t thut ton

Trong bc addRoundKey, mi byte c thit k vi mt byte trong kha
con ca chu trnh s dng php ton XOR ().

Trong bc Subyte, mi byte c thay th bng mt byte theo bang tra, S; b
ij
=
S(a
ij
)

28

Trong bc ShiftRows, cc byte trong mi hng c dch vng tri. S v tr
dch chuyn ty thuc tng bng.

Trong bc MixColumns, mi ct c nhn vi h s c nh c(x)
Mc d 2 tn AES v Rijndael vn thng c thay th cho nhau nhng
trn thc t th 2 thut ton khng hon ton ging nhau. AES ch lm vic vi
khi d liu 128 bt v kha c di 128, 192 hoc 256 bt trong khi Rijndael
c th lm vic vi khi d liu v kha c di bt k l bi s ca 32 bt nm
trong khong t 128 ti 256 bt.
Cc kha con s dng trong cc chu trnh c to ra bi qu trnh to
kha con Rijndael.
Hu ht cc php ton trong thut ton AES u c thc hin trong mt
trng hu hn.
AES lm vic vi tng khi d liu 44 byte (ting Anh: state, khi trong
Rijndael c th thm mt ct). Qu trnh m ha bao gm 4 bc:
1. AddRoundKey __mi byte ca khi c kt hp vi kha con, cc
kha con ny c to ra t qu trnh to kha con Rijndael.
2. SubBytes __y l php th (phi tuyn) trong mi byte s c th
bng mt byte khc theo bng tra (Rijndael-box).
3. ShiftRows __i ch, cc hng trong khi c dch vng.
29
4. MixColumns __qu trnh trn lm vic theo cc ct trong khi theo mt
php bin i tuyn tnh.
Ti chu trnh cui th bc MixColumns c thay th bng bc
AddRoundKey.
Bc AddRoundKey
Ti bc ny, kha con c kt hp vi cc khi. Kha con trong mi chu
trnh c to ra t kha chnh vi qu trnh to kha con Rijndael; mi kha
con c di ging nh cc khi. Qu trnh kt hp c thc hin bng cch
XOR tng bt ca kha con vi khi d liu.
Bc SubBytes
Cc bc c th thng qua bng tra S-box. y chnh l qu trnh phi
tuyn ca thut ton. Hp S-box ny c to ra t mt php nghch o trong
trng hu hn GF (2
8
) c tnh cht phi tuyn. chng li cc tn cng da
trn cc c tnh i s, hp S-box ny c to nn bng cch kt hp php
nghch o vi mt php bin i kh nghch. Hp S-box ny cng c chn
trnh cc im c nh (fixed point).
Bc ShiftRows
Cc hng c dch vng mt s v tr nht nh. i vi AES, hng u
c gi nguyn. Mi byte ca hng th 2 c dch tri mt v tr. Tng t
cc hng th 3 v 4 c dch 2 v 3 v tr. Do vy, mi ct khi u ra ca
bc ny s bao gm cc byte 4 ct khi u vo. i vi Rijndael vi
di khi khc nhau th s v tr dch chuyn cng khc nhau.
Bc MixColumns
Mi ct c kt hp li theo mt php bin i tuyn tnh kh nghch. Mi
khi 4 byte u vo s cho mt khi 4 byte u ra vi tnh cht l mi byte
u vo u nh hng ti c 4 byte u ra. Cng vi bc ShiftRows,
MixColumns to ra tnh cht khuyn tn cho thut ton. Mi ct c xem
nh mt a thc trong trng hu hn v c nhn (modun x
4
+1) vi a thc
c(x) = 3x
3
+ x
2
+ x + 2. V th, bc ny c th c xem l php nhn ma trn
trong trng hu hn.
Ti u ha
i vi cc h thng 32 bt hoc ln hn, ta c th tng tc thc hin
thut ton bng cch chuyn i cc bc Subbytes, ShiftRows v MixColumns
thnh dng bng. Mi boc s tng ng vi 4 bng vi 256 mc, mi mc l 1
t 32 bt v chim 4096 byte trong b nh. Khi , mi chu trnh s c bao
30
gm 16 ln tra bng v 12 ln thc hin php XOR 32 bt cng vi 4 php XOR
trong bc AddRoundKey.
Trong trng hp kch thc cc bng vn ln hn so vi thit b thc hin
th cc bc tra bng s thc hin ln lt vi tng bng theo vng trn.

2. M ha khng i xng (M ha kha cng khai)
2.1. nh ngha
Thut ton m ha cng khai l thut ton c thit k sao cho kha m
ha l khc so vi kha gii m. M kha gii m ha khng th tnh ton c
t kha m ha .Kha m ha gi l kha cng khai (public key ), kha gii m
c gi l kha ring (private key)

Hnh 6: M ha vi kha m v gii m khc nhau

c trng ni bt ca h m ha cng khai l c kha cng khai (public key
) v bn tin m ha (ciphertext) u c th gi i trn mt knh thng tin khng
an ton

2.2.Cc iu kin ca mt h m ha cng khai

Vic tnh ton ra cp kha cng khai K
B
v b mt k
B
da trn c s cc
iu kin ban u phi c thc hin mt cch d dng, ngha l thc hin
trong thi gian a thc .
Ngi gi A c c kha cng khai ca ngi nhn B v c bn tin P
cn gi i c th d dng to ra c bn m C.
C =E
KB
(P) = E
B
(P)
Cng vic ny cng trong thi gian a thc .
Ngi nhn B khi nhn c bn tin m ha C vi kha b mt k
B
th c
th gii m bn tin trong thi gian a thc
Bn r

Gii m Bn r
Kha m Kha gii
Bn m
31
P =D
kB
(C) = D
B
[E
B
(M)]
Nu k ch bit kha cng khai K
B
c gng tnh ton kha b mt th khi
chng phi ng u vi trng hp nan gii, trng hp ny i hi nhiu
yu cu khng kh thi v thi gian
Nu k ch bit c cp (K
B,
C) v c gng tnh ton ra bn r P th gii
quyt bi ton kh vi s php th v cng ln, do khng kh thi

2.3. Thut ton m ha RSA

a. Khi nim h m ha RSA

Khi nim h mt m RSA c ra i nm 1976 bi cc tc gi
R.RivetsK,A.Shamir , v L.Adleman. H m ha ny da trn c s ca hai bi
ton
Bi ton Logarith ri rc
Bi ton phn tch thnh tha s
Trong h m ha RSA cc bn r, cc bn m v cc kha (public key v
private key) l thuc tp s nguyn Z
N
={1,,N-1}. Trong tp Z
N
vi N
=pxq l cc s nguyn t khc nhau cnh vi php cng, php nhn moun N
to ra moun s hc N
Kha m ha E
KB
l cp s nguyn (N, K
B
) v kha gii m D
kB
l cp s
nguyn (N, k
B
), cc s l rt ln, s N c th ln ti hng trm ch s
Cc phng php m ha v gii m ha l rt d dng.
Cng vic m ha l s bin i bn r P (Plaintext) thnh bn m C
(ciphertext) da trn cp kha cng khai K
B
v bn r P theo cng thc sau y
C = E
KB
(P) = p
KB
(mod N) (1)
Cng vic giI ma l s bin i ngc li bn m C thnh bn r P da
trn cp kha b mt k
B
, moun N theo cng thc sau :
P =D
kB
(C) =C
kB
(mod N) (2)
D thy rng, bn r ban u cn c bin i mt cch thch hp thnh
bn m, sau c th ti to li bn r ban u t chnh bn m :
P =D
kB
(E
KB
(P)) (3)
Thay th (1) vo (2) ta c:
( P
KB
)
kB
=P (mod N) (4)
Ta thy N =pxq vi p, q l s nguyn t. Trong ton hc chng minh
c rng, nu N l s nguyn t th cng thc (4) s c li gii khi v ch khi:
K
B
.k
B
1 (mod| (N)) (5)
Trong | (N) =LCM(p-1, q-1 ).
(Lest Common Multiple) l bi s chung nh nht .
32
Ni mt cch khc, u tin ngi nhn B la chn mt kha cng khai K
B

mt cch ngu nhin. Khi kha b mt k
B
c tnh ra bng cng thc (5).
iu ny hon ton tnh c v khi B bit c cp s nguyn t (p, q) th s
tnh c | (N).

Hnh
Hnh 7: S cc bc thc hin m ha theo thut ton RSA

V d:
N=11413=101x113, | (N) =100x112 =11200 =2
6
x5
2
x7. K
B
phi chn sao cho
khng chia ht cho 2,5, 7. Chn, chng hn K
B
=3533 khi k
B
=K
B
-1

=6579mod11200. V ta c kha cng khai l (N,K
B
)=(11413,3533) kha b mt
l 6759. Php lp m v gii m l
E
KB
(P) =P
KB
(mod N) =P
3533
(mod 11413)
D
kB
(C) =C
kB
(mod N) =C
6579
(mod 11413)
Chng hn vi PC =9726, ta c C =5761

b. an ton ca h RSA
Mt nhn nh chung l tt c cc cuc tn cng gii m u mang mc
ch khng tt. Tnh bo mt ca RSA ch yu da vo vic gi b mt kha
gii m hay gi b mt cc tha s p, q ca N. Ta th xt mt vi phng thc
Chn kha k
B
Bn m c
Bn r P
K
B
k
B
Tnh N=pxq
Chn p v q
C=P
KB
(mod N)
Chn kha K
B
Tnh | (N)
Bn r gc
P=
B
k
c (mod N)

33
tn cng in hnh ca k ch nhm gii m trong thut ton ny (nhm xm
phm ti cc yu t b mt ).
Trng hp 1: chng ta xt ntrng hp khi k ch no bit c moun
N, kha cng khai K
B
v bn tin m ha C, khi k ch s tm ra bn tin gc

(Plaintext) nh th no. lm c iu k ch thng tn cngvo h
thng mt m bng hai phng thc sau y:

Phng thc th nht:
Trc tin da vo phn tch tha s m un N. Tip theo sau chng s tm
cch tnh ton ra hai s nguyn t p v q, v c kh nng thnh cng khi s
tnh c (N) + (p-1) (q-1) v kho b mt K
B
. Ta thy N cn phi l tch ca
hai s nguyn t, v nu N l tch ca hai s nguyn t th thut ton phn tch
tha s n gin cn ti a N
1/2
bc, bi v c mt s nguyn t nh hn N
1/2
.
Mt khc, nu N l tch ca n s nguyn t, th thut ton phn tch tha s n
gin cn ti a N
1/n
bc.

Phng thc th hai:
Phng thc tn cng th hai vo h m ha RSA l c th khi u bng
cch gii quyt trng hp thch hp ca bi ton logarit ri rc. Trng hp
ny k ch c trong tay bn m C v kha cng khai K
B
tc l c cp (K
B
,
C).

Trng hp 2: Chng ta xt trng hp khi k ch no bit c moun N
v (N), khi k ch s tm ra bn tin gc (Plaintext) bng cch sau:
Bit (N) th c th tnh p, q theo h phng trnh:
P * q = N, (p -1) (q-1) = (N)
Do p v q l nghim ca phng trnh bc hai:
x
2
- (n - (N) +1 ) + n = 0.
V d: n = 84773093, v bit (N) = 84754668. Gii phng trnh bc hai tng
ng ta s c hai nghim p = 9539 v q = 8887.

c. Mt s tnh cht ca h RSA
Trong cc h mt m RSA, mt bn tin c th c m ha trong thi thi
gian tuyn tnh.
i vi cc bn tin di, di ca cc s c dng cho cc kha c th
c coi nh l hng. Tng t nh vy, nng mt s ln ly tha c thc
hin trong thi gian hng. Thc ra tham s ny che du nhieeuf chi tit ci t
c lin quan n vic tnh ton vi cc con s di, chi ph ca cc php ton thc
s l mt yu t ngn cn s ph bin ng dng ca phng php ny. Phn
quan trng nht ca vic tnh ton c lin quan n vic m ho bn tin. Nhng
34
chc chn l s khng c h m ho no ht nu khng tnh ra c cc kha
ca chng l cc s ln.
Cc kha cho h m ha RSA c th c to ra m khng phi tnh ton qu
nhiu.
Mt ln na, ta li ni n cc phng php kim tra s nguyn t. Mi s
nguyn t ln c th c pht sinh bng cch u tin to ra mt s ngu nhin
ln, sau kim tra cc s k tip cho ti khi tm c mt s nguyn t. Mt
phng php n gin thc hin mt php tnh trn mt con s ngu nhin, vi
xc sut 1/2 s chng minh rng s c kim tra khng phi nguyn t. Bc
cui cng l tnh p da vo thut ton Euclid.
Nh phn trn trnh by trong h m ha cng khai th kha gii m
(Privatekey) K
B
v cc tha s p, q l c gi b mt v s thnh cng ca
phng php l tu thuc vo k ch c kh nng tm ra c gi tr ca K
B
hay
khng nu cho trc N v K
B
. Rt kh c th tm ra c K
B
t K
B
, cn bit v
p v q. Nh vy cn phn tch N ra thnh tha s tnh p v q. Nhng vic
phn tch ra tha s l mt vic lm tn rt nhiu thi gian, vi k thut hin i
ngy nay th cn ti hng triu nm phn tch mt s c 200 ch s ra tha
s.
an ton ca thut ton RSA da trn c s nhng kh khn ca vic xc
nh cc tha s nguyn t ca mt s ln. Bng di y cho bit cc thi gian
d on, gi s rng mi php ton thc hin trong mt micro giy.

S cc ch s trong
s c phn tch
Thi gian phn tch
50 4 gi
75 104 gi
100 74 nm
200 4.000.000 nm
300 5 * 10
15
nm
500 4 *10
25
nm

Bng: Thi gian d on thc hin php tnh.
d. ng dng ca RSA.
H m ha RSA c ng dng rng ri ch yu cho web v cc chng
trnh email. Ngy nay, RSA cn c s dng rng ri trong cc cng ngh bo
mt s dng cho thng mi in t (v d nh cng ngh bo mt SSL v).

2.4. Hm bm.
Chng ta c th thy rng cc s ch k ni chung ch cho php k cc
bc in nh. Thng thng khi s dng mt s ch k, ch k c sinh ra
c di ln hn so vi vn bn k, do vy kch thc vn bn sau khi k s
tng ln rt nhiu. V trn thc t ta cn k trn cc bc in rt di, chng hn,
mt ti liu v php lut c th di nhiu Megabyte.
35
Mt cch n gin gii bi ton ny l chia cc bc in di thnh nhiu
on sau k ln cc on c lp nhau. iu ny cng tng t nh m
ha mt chui di bn r bng cch m ha mi k t bn r c lp nhau s
dng cng mt bn kha. (V d: Ch ECB trong m ha).
Bin php ny c mt s vn trong vic to ra cc ch k s. Trc ht,
vi mt bc in di, ta kt thc bng mt ch k rt ln. Nhc im khc l
cc s ch k an ton li chm v chng dng cc phng php s hc
phc tp nh s m modulo. Tuy nhin, vn nghim trng hn vi php ton
ny l bc in k c th b sp xp li cc on khc nhau, hoc mt s on
trong chng c th b loi b v bc in nhn c vn xc minh c. Ta cn
bo v s nguyn vn ca ton b bc in v iu ny khng th thc hin
c bng cch k c lp tng mu nh ca chng.
Gii php cho tt c cc vn ny l dng hm HASH m ha kha cng
khai nhanh. Hm ny ly mt bc in c di tu v to ra mt bn tm
lc thng bo c kch thc quy nh (v dv: 160 bt vi DSS) sau bn tm
lc thnng bo s c k thay v k trc tip trn vn bn gc.
Khi Bob mun k bc in x, trc tin anh ta xy dng mt bn tm lc
thng bo z = h(x) v sau tnh y = sig
k
(z). Bob truyn cp (x,y) trn knh. Xt
thy c th thc hin xc minh (bi ai b) bng cch trc ht khi phc bn
tm lc thng bo z = h(x) bng hm h cng khai v sau kim tra xem
ver
k
(x,y) c = true, hay khng.

Bc in X c di bt k

Hnh 8: K mt bn tm lc thng bo

Bn tm lc (gi tr ca hm bm) cn c gi l i din vn bn (Message
digest). Mt message digest l c chiu di c nh vi cc c im nh sau:
- Gi tr tr li ca hm bm duy nht i vi mi gi tr u vo. Bt
k s thay i no ca d liu vo cng u dn n mt kt qu
sai.
Bn tm lc thng bo z = h(x)
Ch k y = sig
k
(z)
36
- T i din vn bn khng th suy ra c d liu gc l g, chnh
v iu ny m ngi ta gi l one -way.
Nh cp trong phn m ha kha kha cng khai, n c th s dng kha
b mt ca bn cho vic m ha v kha kha cng khai cho vic gii m. Cch
s dng cp kha nh vy khng c dng khi cn c s b mt thng tin, m
ch yu n dng k cho d liu. Thay vo vic i m ha d liu, cc phn
mm k to ra message digest ca d liu v s dng kha b mt m ha i
din . Hnh 1.8 a ra m hnh n gin ha vic ch k s c s dng nh
th no kim tra tnh ton vn ca d liu c k.
Trong hnh 1.8 c hai phn c gi cho ngi nhn: D liu gc v ch k
s. kim tra tnh ton vn ca d liu, ngi nhn trc tin s dng kha
kha cng khai ca ngi k gii m i din vn bn (Message digest)
c m ha v kha b mt ca ngi k. Da vo thng tin v thut ton bm
trong ch k s, ngi nhn s to ra i din vn bn t d liu gc v mi.
Nu cc i din ny ging nhau tc l d liu khng b thay i t lc c k.
Nu khng ging nhau c ngha l d liu b gi mo iu ny cng c th
xy ra khi s dng hai kha kho kha cng khai v kha b mt khng tng
ng.

Compare
K K

a, Using conventional encryption

Compare
K
private
K
public

M
e
s
s
a
g
e

M
e
s
s
a
g
e

M
e
s
s
a
g
e

E

H
D
H
M
e
s
s
a
g
e

M
e
s
s
a
g
e

M
e
s
s
a
g
e

E

H
D
H
37

b, Using public-key encryption
Hnh 9: S dng ch k s kim tra tnh ton vn ca d liu.

Nu nh hai i din vn bn ging nhau, ngi nhn c th chc chn rng
kha kha cng khai c s dng gii m ch k s l tng ng vi kha
b mt c s dng to ra ch k s. xc thc nh danh ca mt i
tng cng cn phi xc thc kha kha cng khai ca i tng .
Trong mt vi trng hp, ch k s c nh gi l c th thay th ch k
bng tay. Ch k s ch c th m bo khi kha b mt khng b l. Khi kha b
mt b l th ngi s hu ch k khng th ngn chn c vic b gi mo ch
k.

iii. CH K S

ch k ca mt ngi trn mt ti liu (thng t cui bn tin ) xc
nhn ngun gc hay trch nhim vi ti liu .
Vi ti liu s ho (in t),nu ch k cng t cui bn tin, th vic
sao chp li ch k s l hon tond dng v khng th phn bit dc bn
gc vi bn saov ch k s l cc s 0,1.
Vy mt ch k s t cui ti liu loi s khng th chu trch
nhim i vi ton b ni dung vn bn . Ch k s th hin trch nhim i
vi ton b ti liu phi l ch k trn tng bit ca ti liu .
Trong chng ny, em trnh by cc vn c bn nht v ch k s, cc
khi nim, cc tnh cht, cc s k hin ang c s dng.
Chng ta khng th k trn bt k ti liu no vi di tu , v nh vy
ch k s c di rt ln, t nht cng di bng di ca ti liu c k. Vi
ti liu di, ngi ta k trn i din ca n. i din ca bn tin c thit lp
qua Hm bm.

1. Ch k s

Vi ch k thng thng, n l mt phn vt l ca ti liu.Tuy nhin, mt
ch k s khng gn theo kiu vt l vo bc in nn thut ton c dng phi
khng nhn thy theo cch no trn bc in.
Th hai l vn v kim tra .Ch k thng thng c kim tra bng
cch so snh n vi cc ch k xc thc khc. V d, ai k mt tm sc
mua hng,ni bn phi so snh ch k trn mnh giy vi ch k nm mt su
ca th tn dng kim tra .D nhin, y khng phi l phng php an tonv
n d dng gi mo. Mt khc,cc ch k s c th c kim tra nh dng mt
38
thut ton kim tra cng khai. Nh vy, bt k ai cng c th kim tra c ch
k s. Vic dng mt s ch k an ton c th s ngng chn c kh nng
gi mo.
S khc bit c bn gia ch k s v ch k thng thng bn copy ti
liu c k bg ch k s ng nht vi bn gc , cn copy ti liu c ch k
trn giy thng c th khc vi bn gc.iu ny c ngha l phi cn thn
ngn chn mt bc k s khi b dng li. V d. Bob k mt bc in xc nhn
Ailice c kh nng lm mt iu mt ln. V th, bn thn bc in cn cha
thng tin (chng hn nh ngy thng) ngn n khi b dng li.
Mt s ch k s thng cha hai thnh phn: thut ton k v thut
ton xc minh. Bob c th k in x dng thut ton k an ton . Ch k sig(x)
nhn c c th kim tra bng thut ton k an ton . Ch k sig(x) nhn c
c th kim tra bng thut ton xc minh cng khai ver. Khi cho trc cp (x,y),
thut ton xc minh c gi tr TRUE hay FALSE tu thuc vo ch k c thc
nh th no . Di y l nh ngha hnh thc ca ch k:
nh ngha: mt s ch k s l b 5(P,A,K,S,C) trong :
1.P L tp hu hn cc bc in (thng ip) c th .
2.A l tp hu hn cc ch k c th.
3.K khng gian kho l tp hu hn cc kho c th.
4.Vi mi K thuc K tn ti mt thut ton k sig
k
eS v l mt thut ton xc
nh Ver
k
e V. Mi sig
k
:PA vVer
k
: PA { true,false} l hm sao cho mi
thng ip xe P v ch k ye A thomn phng tnh di y.

Ver
k
= True nu y=sing(x)
False nu y= sing(x)

Vi mi k thuc K hm sig
k
,Ver
k
l cc hm c thi gian a thc .Ver
k
s
l hm cng khai , sig
k
l b mt. khng th d dng tnh ton gi mo ch k
ca Bob trn thng ip x .Ngha l x cho trc ,ch c Bob mi c th tnh
c y Ver
k
= true . Mt s ch k khng th an ton v iu kin v
Oscar c th kim tra tt c cc ch s y c th c trn thng ip x nh dng
thut ton ver
k
cng khai cho n khi anh ta tm thy mt ch k ng.V th ,
nu c thi gian ,Oscar lun lun c th gi mo ch k ca Bob .Nh vy ,
ging nh trng hp h thng m kho cng khai , mc ch ca chng ta l
tm cc s ch k s an ton v mt tnh ton.

2. Phn loi cc s ch k s

C ch ch k in t c chia lm hai 2 lp , lp ch k km thng ip
(message appendix)v lp ch k khi phc thng ip (message recovery).

39
- Ch k km thng ip: i hi thng ip ban u l u vo gii thut
kim tra .

- Ch k khi phc thng ip: thng ip ban u c sinh ra t bn thn
ch k.

40

Hnh 10: Hnh biu din phn loi mc tng quan v ch k in t

s

2.1. S ch k km thng ip
S ch k km thng ip l s c s dng nhiu nht trong thc
t. N da trn cc hm bm m ho n l da trn cc hm bm bt k v t b
li khi b tn cng theo kiu gi mo.Chng ta c th nh nghi chnh xc s
ch k ny nh sau :

nh ngha :Mt s k i hi thng ip u vo l mt tham s cho qu
trnh xc nhn ch k l s k km thng ip .V d EIGamal,DSA,Schonor.

a. Gii thut sinh kho:

Mi mt thc th to mt kho ring cho thng ip cn kho v mt
kha cng khai tng ng cc thc th khc xc nhn ch k
.
- Mi thcth A phi chn mt kho ring cng vi vic xc nh
khng gian kho S
A,k
:k thuc R ,ca dng chuyn i.
- S
A,k
xc nh mt anhhs x 1-1 t khng gian M
h
vo khong gian
kho S gi l dng chuyn i ch khay co l thut ton k s.
- S
A
tng ng (corresponding mapping)V
A
t khng gian M
h
S
vo tp hp { false,true} c ngha l :

V
A
(m,s*)=true nu S
A,k
(m)=s*
V
A
(m,s*)=false trong cc trng hp khc.
V
a
l kho cng khai ca A ,S
A
l kho ring ca A

ngu nhin
Khi phc thng
dip Xc nh
ch k in t
ngu nhin
Km thng ip
Xc nh
41

b. Gii thut sinh v xc nhn ch k:

Thc th A to mt ch k s vo n x M v c xc nhn bi thc th B.

Qu trnh sinh ch k

- Chn mt ch k k thuc R
- Tnh hm bm m=h(m) v s*=S
A,k
(m)
- Ch k ca A cho m l s*.Cp m v s* dng xc nhn
-
Qu trnh xc nhn ch k

- Nhn kho cng khai nh danh choA v v
A

- Tnh hm bm m=h(m)v u=v
A
(m,s*)
- Chp nhn ch k ca A cho m l s* nu u=TRUE.

2.2. S ch k khi phc thng ip
c trng cho s ny l thng ip c th c khi phc t chnh bn
thn ch k .Trong thc t s kiu ny thng c k cho cc thng ip
ngn .
M
m

m
S
A,k
M
h
h s
a) Tin trnh k thng ip
M
h
x S V
A
TRU
E
FALSE
b) Tin trnh xc nhn ch k
42
nh ngha

Mt s k c gi l c khi phc thng ipkhi v ch khi n l s
m vi n mc hiu bit v thng dip l khng i hi trong qu trnh xc
nhn ch k .V d v cc s ch k c khi phc thng ip trong thc t l
:RSA,Rabin ,Nyber Rueppel vi kho chung .
a. Thut ton sinh kho
Mi mt thc th A phi chn mt tp hp S
A
={S
A,k
:k thuc R} mi S
A,k
xc
nh mt nh x 1-1 t khng gian M
h
vao khng gian kho S goi l dang
chuyn i ch k.
- S
A
xc nh mt nh x tng ng(corresponding mapping) VA sao cho
VA* S
A,k
nh x xc nh MS cho tt c k thuc R.
- V
A
l kho cng khai ca A, S
A
l kho ring ca A.
b. Thut ton sinh ch k v xc nhn ch k
Tin trnh sinh ch k: Thc th phI lm theo cc bc sau:
Chn mt s k e R
Tnh m' = R(m) v s * = S
A,k
(m'). (R l hm redundancy)
Ch k ca A l s *
Tin trnh xc nhn ch k: Thc th B phI lm nh sau:
Nhn kho cng khai ca A l V
A

Tnh m' = V
A
(s*)
Xc nhn m' e M
R
(Nu m' e M
R
th t chi ch k)
Khi phc m t m' bng cch tnh R
-1
(m')

S
A,k

R

Hnh 12: S ch k khi phc thng ip
3. Mt s s ch k c bn
Sau y chng ta s nghin cu cc s ch k c bn nht v c ng
dng rng ri cng nh ng tin cy nht hin nay .
3.1. S ch k RSA
Chng ta s nghin cu n s ch k RSA v cc s tng t .
c im ca cc s ch k ny l mc tnh ton ph thuc hon ton vo
ln ca gii thut gii quyt cc bi ton nhn s nguyn bi ton lu tha .
S ch k bao gm c hai loi km thng ip v khi phc thng ip . S

S

s*=S
A,k
(m'
)
M

m'
M

m'

M
R

m'
43
ch k RSA c pht minh bi 3 nh nghin cu Rivest, Shamir v
Adleman, y l s c ng dng thc t rng ri nht da trn cng ngh s
dng kho chung. Cc phng php tn cng RSA u tin (multicative
property) v cc vn khc lin quan ti ch k RSA c a ra bi Davia,
Jonge v Chaum.

a. Thut ton sinh kho:
Thc th A to kho cng khai RSA v kho ring tng ng theo phng thc
sau:
Sinh ra hai s nguyn t ln ngu nhin p v q cng kch thc bit
Tnh n = p.q v | = (p-1)(q-1)
Chn mt s t nhin ngu nhin a tho mn iu kin sau: 1< a <| v
USCLN (a, |) = 1 hay ae Z*
P
.
S dng gii thut m rng Euclidean tnh ton s t nhin duy nht b
sao cho 1 < b < | v ab 1 (mod |)
Kho cng khai ca A l K = (n, a) kho ring ca A l K = b
b. Thut ton sinh v xc nh ch k
Thc th A k trn thng ip m . Thc th B c th xc nh c ch
k ca A v khi phc li thng ip t ch k.
Sinh ch k: Thc th A lm theo cc bc sau:
Tnh m' = H(m) , l mt s nguyn trong khong | 0,n-1 |
Tnh s = m'
d
mod n
Ch k ca A cho m l s
Xc nhn ch k: Thc th B lm theo cc bc sau:
Nhn kho cng khai ca A l (n, b)
Tnh m' = s
b
mod n
Kim tra m' e M
R
nu khng s khng chp nhn ch k
Ly li thng ip m t m = H
-1
(m')
c. Tm tt lc k theo RSA:

Cho n = p.q vi p v q l cc s nguyn t
Cho P = A =Z
n
v nh ngha
p = {(n,p,q,a,b),, n = p.q, p v q nguyn t, ab 1 mod | (n) }
Cc gi tr n, b l cng khai. nh ngha
Sig
k
(x) = x
a
mod n v
Ver
k
(x,y) = true x y
b
(mod n) vi x,y eZ
n
Nu di thng dip x lnN, ta s dng hm bm.

V d: V d sau y s dng s k RSA, vi thng ip ln
Sinh kho:
44
Thc th A chn s nguyn t p =7927 v q =6997. Tnh n =pq =5546521 v
| =7926.6996 =55450296.
A chn a =5 v gii ab =5.b1 (mod 55450296) c b = 44360237.
Sinh ch k:
k thng ip m =31229978, A tnh m
1
=H(m) =31229978.
Ch k s = m
1
b
=mod n =31229978
4430237
mod 55465219 =30729435
Xc nhn ch k:
B tnh m
2
= s
a
mod n = 30729435
5
mod 55465219 =31229978
B chp nhn ch k v m
2
= m
1
.

3.2. S ch k DSA (Digital Signature Standard)

Trong phn ny ni dung chnh l nghin cu cc s ch k in t
DSA v lp cc ch k tng t, c im ca nhng gii thut ny l u s
dng ch k theo kiu chn la ngu nhin. Tt c cc s DSA km thng
ip u c th ci bin thnh cc s k khi phc thng ip .c bit, s i
su vo chun ch k in t DSS(Digital Signature Standard) do kh nng ci
t thc t ca n
a. Gii thiu
S ch k DSS da trn giI thut k in t DSA (Digital Signature
Algorithm). Ch k dng DSS l mt dng ch k km thng ip, iu c
ngha l ch k phi c gi km vi thng ip m bn thn ch k khng
cha (hoc khng sinh ra) thng ip, thng thng nhng ch k dng ny
u i hi c mt hm bm trn thng ip (do ni dung thng ip c di
khng xc nh). Hm bm ny c s dng trong qu trnh sinh ch k xy
dng mt dng nn ca d liu (condensed version of data). D liu ny gi l
i din vn bn (message digest). Phn i din vn bn ny l u vo ca gii
thut sinh ch k. Ngi xc nhn ch k cng s dng hm bm ny xy
dng phng php xc nhn ch k. i vi s ch k DSS hm bm l
security Hash Algorithm (SHA) c miu t trong FIPS 186, hm bm ny to
ra mt gi tr s nguyn 160 bt c trng cho mt thng ip, iu ny lm hn
ch mt trong cc gi tr tham s ca DSS phI l 160 bit. Ngoi ra, chun ny
yu cu vic sinh ch k phi s dng mt kha ring cho mi ngi k, ngc
45
li xc nhn ch k, ngi xc nhn phi c mt kha cng khai tng ng
vi kha ring ca ngi gi

Hnh 13: Ch k DSA
b. Cc gii thut c bn ca DSA
Thut ton sinh kha
Mi thc th to mt kha cng khai v mt kha mt tng ng theo cch sau:
1. Chn mt s nguyn t q sao cho 2
159
< q < 2
160
2. Chn mt s nguyn t p sao cho 2
511+64t
< p < 2
512+64t
t e[0,8]
3. Chn s o nh sau:
Chn g l mt s nguyn bt k nh hn p, o =g
(p-1)/q
mod p
o khc 1
4. Chn s nguyn a sao cho: 1 1 s s q a
5. Tnh
a
o | = mod p
6. Kha ring ca thc th l a, kha cng khai l b (p,q, o | )
Thut ton sinh ch k
Khi cn sinh ch k cho mt thng ip x thc th phI lm nhng vic
nh sau:
1. Chn mt s nguyn mt k, 0 < k <q-1
2. T nh =(a
k
mod p ) mod q.
3. Tnh k
-1
mod q.
4. Tnh o =k
-1
(h(x)+a ) mod q
5. Ch k ca thc th cho x l cp (o , )
Thut ton xc nhn ch k

46
Khi cn xc nhn ch k cho mt thng ip m thc th phi lm nhng
vic nh sau:
1. Dnh ly kho cng khai ca thc th k (p, q, a, )
2. Nu iu kin: 0 < d,? < q khng tho mn th t chi ch k
3. Tnh w = d
-1
mod q v h(x)
4. Tnh e
1
= w.h(x) mod q v e
2
=?w mod q
5. Tnh v = (a
e1
.
e2
mod p) mod q
6. Nu v = ? th chp nhn ch k ngoi ra th t chi.
c. Tm tt lc ch k s DSS

V d:
Ga s q = 101, p = 78q + 1 = 7879
3 l phn t nguyn thu trong Z
7879
nn ta c th ly: a = 3
78
mod 7879 = 170
Ga s a = 75, khi = a
a
mod 7879 = 4576
Mun k bc in x = 1234, ta chn s ngu nhin k = 50
V th c k
-1
mod 101 = 99, khi c:
? = (170
30
mod 7879) mod 101
= 2518 mod 101
= 94
V d = (1234 + 75*94)*99 mod 101 = 96
Ch k (94, 97) trn bc in 1234 c xc minh bng cc tnh ton sau:
d
-1
= 97
-1
mod 101 = 25
e
1
= 1234*25 mod 101 = 45
e
2
= 94*25 mod 101 = 27
C (170
45
.4567
27
mod 7879) mod 101 = 2518 mod 101 = 94
Gi s p l s nguyn t 512 bt sao cho bi ton logarit ri rc trong Z
p
l kh
gii.
Cho p l s nguyn t160 bt l c ca (p-1).
Ga thit a? Z
p
l cn bc q ca mt modulo p
Cho p thuc Z
p
v a = Z
q
Z
p
v nh ngha:
A = {(p, q , a, a, ): trng a
a
(mod p)}
Cc s p, q , a, cng khai, c a mt.
Vi K = (p, q , a, a, ) v vi mt s ngu nhin (mt) k, 1 = k = q -1, ta nh
ngha:
Qa trnh k s sig
k
(x, k) = (?,d) trong :
? = (a
k
mod p) mod q v
d = (x + a ?)k
-1
mod q vi x? Z
p
v?, d ? Z
q

Qa trnh xc minh s hon thnh sau cc tnh ton:
e
1
= xd
-1
mod q
e
2
=?d
-1
mod q
ver(x, g, d) = true (a
e1

e2
mod p) mod q =?

47
V th ch k hp l.

d. Tnh cht ca ch k DSA
an ton
an ton ca ch k ph thuc vo b mt ca kho ring. Ngi
s dng phi c bo v trc v kho ring ca mnh. Nu kho ring m
bo an ton tuyt i th ch k cng c mc an ton hu nh tuyt i. Mt
khc, vi kho ring l cng khai, ch k DSA l an ton khi t kho cng khai
khng th tm c kho ring. Tht vy, ta c:
Cho p l mt s nguyn t rt ln, phng trnh ton hc sau l khng
th gii c: y = a
x
mod p (1) vi y, a = g
(p-1)/q
v khc 1. xem xt iu ny
trc ht ta nhn xt phng trnh (1) c nghim x duy nht thuc khong [1,
q]. Tht vy, gi s c hai nghim x
1
v x
2
, t (1) ta c:
y = a
x1
mod p v y = a
x2
mod p
Khng mt tnh tng

qut ta gi s x
1
< x
2
t y ta suy ra:
- a
x1
chia ht cho p (khng tho mn do p nguyn t)
- Tn ti k nh hn p sao cho a
k
1 (mod p). Vi gi tr a c dng
a = g
(p-1)/q
th iu ny khng th xy ra khi g < p.
Trong nhiu trng hp, thng ip c th m v gii m ch mt ln nn
n ph hp cho vic dng vi h mt bt k (an ton ti thi im c
m). Song trn thc t, nhiu khi mt bc in c lm mt ti liu i
chng, chng hn nh bn hp ng hay mt chc th v v th cn xc
minh ch k sau nhiu nm k t khi bc in c k. Bi vy, iu quan
trng l c phng n d phng lin quan n s an ton ca s ch k
khi i mt vi h thng m. V s Elgamal khng an ton hn bi ton
logarithm ri rc nn cn dng modulo p ln hn chng hn 512 bit tr ln.
Tuy nhin di ch k theo s Elgamal l gp i s bit ca p m vi
nhiu ng dng dng th thng minh th cn ch k ngn hn nn gii php
sa i l: mt mt dng p vi di biu din t 512 n 1024 bit, mt
khc trong ch k (?,d), cc s?, d c di biu bin ngn, chng hn l
160 bit Khi di ch k l 320 bit. iu ny thc hin bng cch
dng nhm con Cyclic Z
q
* ca Z
p
* thay cho chnh bn thn Z
p
*, do mi
tnh ton vn c thc hin trong Z
p
* nhng d liu v thnh phn ch k
li thuc Z
q
*.
Tnh hp l:
Tnh hp l ca ch k DSA da trn hai nh l sau:
nh l 1: Cho p, q l hai s nguyn t tho mn iu kin q \ (p - 1).
h l mt s nguyn dng bt k tho mn h < p. Nu:
g h
(p - 1) / q
mod p th g
q
1 mod p
48
Tht vy g
q
(h
(p - 1)/q
)q h
p 1
mod p (theo nh l Fecma nht).
nh l 2: Vi g, p, q xc nh nh trn ta lun c:
nu m n mod p th g
m
g
n
mod p.
Tht vy khng mt tnh tng qut ta t m = n + kq
Th g
m
g
n + kq
(g
n
mod p).(g
kq
mod p) g
n
mod p
iu phi chng minh.

Nhc im:
Mt kin cho rng, vic x l la chn ca NIST l khng cng khai.
Tiu chun c cc an ninh quc gia pht trin m khng c s tham gia
ca khi cng nghip M. Cn nhng ch trch v mt k thut th ch yu l v
kch thc modulo p c nh = 512 bt. Nhiu ngi mun kch thc ny c
th thay i c nu cn, c th dng kch c ln hn. p ng nhng iu
kin ny, NIST chn tiu chun cho php c nhiu kch c modulo bt k
chia ht cho 64 trong phm vi t 512 n 1024 bt.
Mt phn nn na v DSA l ch k c to ra nhanh hn vic xc minh
n. Trong khi , nu dng RSA lm s ch k vi s m xc minh cng khai
nh hn (chng hn = 3) th c th xc minh nhanh hn nhiu so vi vic lp
ch k. iu ny dn n hai vn lin quan n nhng nh dng ca s
ch k:
- Bc in ch c k mt ln, xong nhiu khi li phi xc minh ch k
nhiu ln trong nhiu nm. iu ny to gi nhu cu c thut ton xc
minh nhanh hn.
- Nhng kiu my tnh no c th dng k v xc minh? Nhiu ng
dng, chng hn cc th thng minh c kh nng x l hn ch lin lc vi
my tnh nhanh hn. V th c nhu cu nhng thit k mt s c th
thc hin trn th mt s tnh ton. Tuy nhin c mt s tnh hung cn
h thng minh to ch k, trong nhng tnh hung khc li cn th thng
minh xc minh ch k. V th c th a ra gii php xc nh y.
S p ng ca NIST i vi yu cu v s ln to xc minh ch k thc
ra khng c yu cu g ngoi yu cu v tc , min l c hai th thc hin
nhanh.
4. Cc s ch k s kh thi
Trong cc s ch k in t ngi ta thng s dng hai s ch k
l DSA v RSA bi v mt s nguyn nhn sau:
- C hai s u c chnh ph M thng qua trong Chun ch k s
(DSS) . C hai gii thut DSA v RSA u c cng b trong H s
49
trong lin bang (FIPS) vo ngy 19/5/94 v c a ra lm chun chnh
thc ca ch k in t vo 1/12/94 mc d n c xut t 8/91.
- Cc s ch k ny u l c s ch k da trn cc phng php m
ho kho kho cng khai vadf u c bo mt rt cao.
- Cc b s liu kim nghim s ng n trong vic ci t cc ch k
ny u c cng khai. Nu trong qu trnh th nghim cc ch k ny
u m bo ng vi b s liu th ch k c coi l an ton.
- C hai s ch k u c th chuyn i t cc ch k km thng ip
thnh ch k khi phc thng ip khng my kh khn vi vic tch hp
thm cc hm c d R (Redundancy Function).
- Trong thc t khi a ra h thng CA server, pha i tc quyt nh la
chn s ch ki DSA l ch k chnh thc cho ton b cc giao dch.
- Thi gian xc nhn ch k ca c hai loi ch k ny u ngn v chp
nhn c trong mi trng mng cng cng.
5. Cc cch tn cng ch k in t
Khi ni n ch k in t chng ta lun t mc tiu an ton ln hng
u, mt ch k in t ch thc s c p dng trong thc t nu nh n
c chng minh l khng h gi mo. Mc tiu ln nht ca nhng k tn
cng cc s ch k l gi mo ch, iu ny c ngha l k tn cng sinh
ra c ch k ca ngi k ln thng ip m ch k ny s c chp nhn
bi ngi xc nhn. Trong thc t cc hnh vi tn cng ch k in t rt a
dng, d dng phn tch mt s ch k l an ton hay khng ngi ta
tin hnh kim nghim an ton ca ch k trc cc s tn cng sau:
Tolal break (tn cng ton b): Mt k gi mo khng nhng tnh c thng
tin v kho ring (private key) m cn c th s dng mt thut ton sinh ch
k tng ng to ra c ch k cho thng ip.
- Selective forgert (gi mo c la chn) : K tn cng c kh nng to ra
c mt tp hp cc ch k cho mt lp cc thng ip nht nh, cc
thng ip ny c k m khng cn phi c kho mt ca ngi k.
- Existential forgert (gi mo vi thng ip bit trc): K tn cng c
khae nng gi mo ch k cho mt thopong ip, k tn cng khng th
hoc c t nht kh nng kim sot thng ip c gi mo ny.
- Ngoi ra, hu ht cc ch k in t u da vo c ch m ho kho cng
khai, cc ch k in t da trn c ch ny c th b tn cng theo cc
phng thc sau:
50
- Key only attacks (tn cng vi kho): K tn cng ch bit kho chung
ca ngi k.
- Message attacks (tn cng vo thng ip): ay k tn cng c kh nng
kim tra cc ch k khc hau c ph hp vi thng ip c trc hay
khng. y l kiu tn cng rt thng dng, trong thc t n thng c
chia lm ba lp:
o Known message attack (tn cng vi thng ip bit): K tn
cng c ch k cho mt lp cc thng ip.
o Chosen message attack (tn cng la chn thng ip): K tn
cng dnh c cc ch k ng cho mt danh sch cc sthng ip
trc khi tin hnh hoath ng ph hu ch k, cch tn cng ny l
non adaptive (khng mang tnh ph hp) bi v thng ip c
chn trc khi bt k mth ch k no c gi i.
o Adaptive chosen message attack (tn cng la chn thng ip
ch ng): K tn cng c php s dng ngi k nh l mt bn
ng tin cy, k tn cng c th yu cu ch k cho cc thng ip
m cc thng ip ny ph thuc vo kho cng khai ca ngi k,
nh vy k tn cng c th yu cu ch k ca cc thng ip ph
thuc vo ch k v thng ip dnh c trrc y v qua tnh
c ch k.

51

CHNG III
bo mt v an ton thng tin trong tmt

i. vn an ton thng tin

Ngy nay, vi s pht trin mnh m ca cng ngh thng tin vic ng dng
cng ngh mng my tnh tr nn v cng ph cp v cn thit. Cng ngh
mng my tnh mang li li ch to ln.S xut hin mng Internet cho php
mi ngi c th truy cp, chia s v khai thc thng tin mt cch d dng v
hiu qu. S pht trin mnh m ca Internet xt v mt bn cht chnh l vic
p ng li s gia tng khng ngng ca nhu cu giao dch trc tuyn trn h
thng mng ton cu. Cc giao dch trc tuyn trn Internet pht trin t nhng
hnh thc s khai nh trao i thng tin ( email, message, v.v), qung b (
web-publishing) n nhng giao dch phc tp th hin qua cc h thng chnh
ph in t, thng mi in t ngy cng pht trin mnh m trn khp th
gii.
Tuy nhin li ny sinh cc vn an ton thng tin, Internet c nhng k thut
cho php mi ngi truy nhp, khai thc, chia s thng tin. Nhng n cng l
nguy c chnh dn n vic thng tin ca bn b h hng hoc ph hu hon
ton. S d c l do l v vic truyn thng tin qua mng Internet hin nay
ch yu s dng giao thc TCP /IP. TCP/IP cho php cc thng tin c gi t
mt my tnh ny ti mt my tnh khc m i qua mt lot cc my tnh trung
gian hoc mng ring bit trc khi n c th i ti c ch. Chnh v im
ny, giao thc TCP /IP to c hi cho "bn th ba" c th thc hin cc hnh
ng gy mt mt an ton thng tin trong giao dch.

Theo s liu ca CERT (Computer Emegency Response Team - "i cp
cu my tnh"), s lng cc v tn cng trn internet c thng bo cho t
chc ny l t hn 200 vo nm 1989, khong 400 vo nm 1991, 1400 vo nm
1993, v 2241 vo nm 1994. Nhng v tn cng ny nhm vo tt c cc my
tnh c mt trn Internet, cc my tnh ca tt c cc cng ty ln nh AT &T,
IBM, cc trng i hc, cc c quan nh nc, cc t chc qun s nh bng
Mt s v tn cng c quy m khng l (c ti 100.000 my tnh b tn cng).
Hn na, nhng con s ny ch l phn ni ca tng bng. Mt phn rt ln cc
v tn cng khng c thng bo, v nhiu l do, trong c th k n ni lo
b mt uy tn, hoc n gin nhng ngi qun tr h thng khng h hay bit
nhng cuc tn cng nhm vo h thng ca h.

Khng ch s lng cc cuc tn cng tng ln nhanh chng, m cc
phng php tn cng cng lin tc c hon thin. iu mt phn do cc
52
nhn vin qun tr h thng c kt ni vi Internet ngy cng cao cnh
gic. Cng theo CERT, nhng cuc tn cng thi k 1988-1989 ch yu on
tn ngi s dng mt khu (UserID-password) hoc s dng mt s li ca
cc chng trnh v h iu hnh (security hole) lm v hiu ha h thng bo
v, tuy nhin cc cuc tn cng vo thi gian gn y bao gm c cc thao tc
nh gi mo a ch IP, theo di thng tin truyn qua mng, chim cc phin lm
vic t xa (telnet hoc rlogin). Mt s vn an ton i vi nhiu mng hin
nay:

- Nghe trm (Eavesdropping): Thng tin khng h b thay i, nhng s b
mt ca n th khng cn. V d, mt ai c th bit c s th tn dng, hay
cc thng tin cn bo mt ca bn.

- Gi mo (Tampering): Cc thng tin trong khi truyn trn mng b thay
i hay b thay i trc khi n ngi nhn. V d, mt ai c th sa i ni
dung ca mt n t hng hoc thay i l lch ca mt c nhn trc khi cc
thng tin i n ch.

- Mo danh (Impersonation): Mt c nhn c th da vo thng tin ca
ngi khc trao i vi mt i tng. C hai hnh thc mo danh sau:

o Bt trc (Spoofing): Mt c nhn c th gi v nh mt ngi
khc. V d, dng a ch mail ca mt ngi khc hoc gi mo mt tn min
ca mt trang Wed.

o Xuyn tc (Misrepresentation): Mt c nhn hay mt t chc c th
gi v nh mt i tng, hay a ra nhng thng tin v mnh m khng ng
nh vy. V d, c mt trang chuyn v thit b ni tht m c s dng th tn
dng, nhng thc t l mt trang chuyn nh cp th tn dng.

- Chi ci ngun gc: Mt c nhn c th chi l khng gi ti liu khi
xy ra tranh chp. V d, khi gi email thng thng, ngi nhn s khng th
khng nh ngi gi l chnh xc.

va m bo tnh bo mt ca thng tin li khng lm gim s pht trin ca
vic trao i thng tin qung b trn ton cu th chng ta cn c cc gii php
ph hp. Hin ti c rt nhiu gii php cho vn an ton thng tin trn mng
nh m ho thng tin, ch k in t (chng ch kho kho cng khai) Sau
y chng ta ln lt tm hiu cc khi nim cn bn v m ho thng tin v i
su vo vic s dng ch k s cho vic xc thc trn mng.

Cc b mt bo m an ton cho giao dch in t

53
Th no l mt h thng an ton thng tin? An ton trc cc cuc tn cng l
mt vn m cc h thng giao dch trc tuyn cn gii quyt. Thng tin
truyn trn mng gp rt nhiu ri ro v nguy c b mt thng tin l thng
xuyn. Chng hn vic thanh ton bng th tn dng thng qua dch v wed s
gp mt s ri ro sau:

o Thng tin t trnh duyt wed ca khch hng dng thun vn bn nn
c th b lt vo tay k tn cng.

o Trnh duyt wed ca khch hng khng th xc nh c my ch m
mnh trao i thng tin c phi l tht hay mt wed gi mo.

o Khng ai c th n bo d liu truyn i c b thay i hay khng.

V vy cc h thng cn phi c mt c ch m bo an ton trong qu trnh
giao dch in t. Mt h thng thng tin trao i d liu an ton phi p ng
mt s yu cu sau:

o H thng phi m bo d liu trong qu trmh truyn i l khng b
nh cp.

o H thng phi c kh nng xc thc, trnh trng hp gi danh, gi
mo.

Do vy, cn tp trung vo vic bo v cc ti sn khi chng c chuyn tip
gia my khch v my ch t xa. Vic cung cp knh thng mi an ton ng
ngha vi vic m bo tnh ton vn ca thng bo v tnh sn sng ca knh.
Thm vo , mt k hoch an ton y cn bao gm c tnh xc thc.

Cc k thut m bo cho an ton giao dch in t chnh l s dng cc h
mt m, cc chng ch s v s dng ch k s trong qu trmh thc hin cc
giao dch.

II. chng ch s v c ch m ho

1. Gii thiu v chng ch s

Vic s dng m ha hay k s ch gii quyt uc vn bo mt thng ip
v xc thc. Tuy nhin khng c th m bo rng i tc khng th b gi
mo, trong nhiu trng hp cn thit phi chng minh bng phng tin
in t danh tnh ca ai .
Chng ch s l mt tp tin in t c s dng nhn din mt c nhn, mt
my dch v, mt t chc, n gn nh danh ca i tng vi mt kha
cng khai, ging nh bng li xe, h chiu, chng minh th.
54
C mt ni c th chng nhn cc thng tin ca bn l ng, c gi l c
quan xc thc chng ch (Certificate Authority-CA). l mt n v c thm
quyn xc nhn nh danh v cp cc chng ch s.CA c th l mt i tc th
ba ng c lp hoc c cc t chc t vn hnh mt h thng t cp cc chng
ch cho ni b ca h.Cc phng php xc nh nh danh ph thuc vo
cc chnh sch m CA t ra.Chnh sch lp ra phi m bo vic cp chng ch
s phi ng n, ai c cp v mc ch dng vo vic g.Thng thng,
trc khi cp mt chng ch s, CA s cng b cc th tc cn thit phi thc
hin cho cc loi chng ch s.
Trong chng ch s cha mt kha cng khai c gn vi mt tn duy nht ca
mt i tng (nh tn ca mt nhn vin hoc my dch v).Cc chng ch s
gip ngn chn vic s dng kha cng khai cho vic gi mo.Ch c kha cng
khai c chng thc bi chng ch s s lm vic vi kha b mt tng ng,
n c s hu bi i tng c nh danh nm trong chng ch s.
Ngoi kha cng khai, chng ch s cn cha thng tin v i tng nh tn m
n nhn din.hn dng, tn ca CA cp chng ch s, m siu quan trng
nht l chng ch s phi c ch k s ca CA cp chng ch s .N cho
php chng ch s nh c ng du ngi s dng c th kim tra.

2. Xc thc nh danh

Vic giao tip trn mng in hnh l gia mt my khch (Client nh trnh
duyt trn my c nhn) v mt my dch v (Server nh my ch
Website).Vic chng thc c th c thc hin c hai pha.My dch v c
th tin tng vo my khch v ngc li.
Vic xc thc y khng ch c ngha mt chiu i vi ngi gi, tc l
ngi gi mun ngi nhn tin tng vo mnh.Khi mt ngi gi thng
ip c km theo ch k s ca mnh (cng vi chng ch s), th khng th
chi ci: khng phi l thng ip ca anh ta.
C hai hnh thc xc thc my khch:
- Xc thc da trn tn truy nhp v mt khu (Username v Password).Tt c
cc my dch v cho php ngi dng nhp mt khu, c th truy nhp vo
h thng.My dch v s qun l danh sch cc Username v Password ny.
- Xc thc da trn chng ch s. l mt phn ca giao thc bo mt
SSL.My khch k s vo d liu, sau gi c ch k s v c chng ch s
qua mng.My dch v s dng k thut m ha kha cng khai kim tra ch
k v xc nh tnh hp l ca chng ch s.

Xc thc da trn mt khu.
Khi xc thc ngi dng theo phng php nyK, ngi dng quyt nh tin
tng vo my dch v (c th khng c bo mt theo giao thc SSLc).My dch
v phi xc thc ngi s dng trc khi cho php h truy nhp ti nguyn ca
h thng.
55

Hnh 14: S dng mt khu xc thc my khch kt ni ti my dch v.
Cc bc trong hnh trn nh sau:
Bc 1: p li yu cu xc thc t my dch v, my khch s hin hp
thoi yu cu nhp mt khu.Ngi phi dng nhp mt khu cho mi my dch
v khc nhau trong cng mt phin lm vic.
Bc 2: My khch gi mt khu qua mng, khng cn mt hnh thc m ha
no.
Bc 3: My dch v tm kim mt khu trong c s d liu.
Bc 4: My dch v xc nh xem mt khu c quyn truy cp vo nhng
ti nguyn no ca h thng.
Khi s dng loi xc thc ny, ngi dng phi nhp mt khu cho mi
my dch v khc nhau, n lu li du vt ca cc mt khu ny cho mi ngi
dng.
Xc thc da trn chng ch s.
Chng ch s c th thay th 3 bc u chng thc bng mt khu vi c ch
cho php ngi dung ch phi nhp mt khu mt ln v khng phi truyn qua

mng, ngi qun tr c th iu khin quyn truy nhp mt cch tp trung.

My khch
1.Ng- i dng nhp tn v mt
khu cho xc thc.
3.My dch v dng mt khu
xc nhn nh danh ng- i dng
1.Ng- i dng nhp tn v
mt khu cho xc thc.

My khch

4.My dch v dng mt khu
xc nhn nh danh ng- i
dng

5..My dch v
xc nhn quyn
truy nhp vo
nhng ti nguyn
no chong- i
dng.

My dch v

3.My khch gi chng ch v
ch k qua mng.

My dch v

2.My khch gi tn v mt
khu qua mng.
4.My dch v xc nhn
quyn truy nhp vo
nhng ti nguyn no
cho ng- i dng.
56

Hnh 15: Chng ch s chng thc cho may khch kt ni ti my dch v.

Giao dch hnh trn c dng giao thc bo mt SSL.My khch phi c chng
ch s cho my dch v nhn din.S dng chng ch s chng thc c li
th hn khi dng mt khu.Bi v n da trn nhng g m ngi s dng c:
Kha b mt v mt khu bo v kha b mt.
iu cn ch l ch c ch my khch mi c php truy nhp vo my
khch, phi nhp mt khu vo c s d liu ca chng trnh c s dng
kha b mt (mt khu ny c th phi nhp li trong khong thi gian nh k
cho trc).
C hai c ch xc thc trn u pha truy nhp mc vt l ti cc my c
nhn.M ha kha cng khai ch c th kim tra vic s dng kha b mt tng
ng vi kha cng khjai trong chng ch s.N khng m nhn trch nhim
bo v mc vt l v mt khu s dng kha b mt.Trch nhim ny thuc v
ngi dng.

Cc bc trong hnh trn nh sau:

Bc 1: Phn mm my khch(v d nh Communicator) qun l c s d liu
v cc cp kha b mt v kha cng khai.My khch s yu cu nhp mt khu
truy nhp vo c s d liu ny ch mt ln hoc theo nh k.
Khi my khch truy nhp vo my dch v c s dng SSL, xc thc my
khch da trn chng ch s, ngi dng ch phi nhp mt khu mt ln, h
khng phi nhp li khi cn truy cp ln th hai.
Bc 2: My khch dng kha b mt tng ng vi kha cng khai ghi trong
chng ch, v k ln d liu c to ra ngu nhin cho mc ch chng thc t
c pha my khch v my dch v.D liu ny v ch k s thit lp mt bng
chng xc nh tnh hp l ca kha b mt.Ch k s c th oc kim tra
bng kha cng khai tng ng vi kha b mt dng k, n l duy nht
trong mi phin lm vic ca giao thc SSL.
Bc 3: My khch gi c chng ch v bng chng (mt phn d liu c to
ngu nhin v c k) qua mng.
Bc 4: My dch v s dng chng ch s v bng chng xc thc ngi
dng.
Bc 5: My dch v c th thc hin ty chn cc nhim v xc thc khc, nh
viec xem chng ch ca my khch c trong c s d liu lu tr v qun l
cc chng ch s.My dch v tip tc xc nh xem ngi s dng c quyn g
i vi ti nguyn ca h thng.

3. Chng ch kha cng khai

Gii thiu chng ch kha cng khai
57
Khi mt ngi mun dng k thut m ha kha cng khai m ha mt thng
ip v gi cho ngi nhn, ngi gi cn mt bn sao kha cng khai ca
ngi nhn.Khi mt thnh vin bt k mun kim tra ch k s, anh ta cn c
mt bn sao kha cng khai ca thnh vin k.Chng ta gi c hai thnh vin
m ha thng ip v thnh vin kim tra ch k s l nhng ngi s dng
kha cng khai.
Khi kha cng khai c gi n cho ng s dng, th khng cn thit
phi gi b mt kha cng khai ny.Tuy nhin, ngi dng kha cng khai phi
m bo rng kha cng khai c dng, ng l dnh cho thnh vin khc (c
th l ngi nhn thng ip c ch nh hoc b sinh ch k s c yu
cu).Nu k ph hoi dng kha cng khai khc thay th kha cng khai hp l,
ni dung cc thng ip m ha c th b l.Nh vy nhng thnh vin khng
ch nh khc s bit oc cc thng ip hay cc ch k s c th b lm
gi.Ni cch khc, cch bo v (c to ra t cc k thut ny) s b nh hng
nu k truy nhp thay th cc kha cng khai khng xc thc.
i vi cc nhm thnh vin nh yu cu ny c th c tha mn d dng.V
d trng hai ngi quen bit nhau, khi ngi ny mun truyn thng an ton
vi ngi kia, h c th c bn sao kha cng khai ca nhau bng cch trao
i cc a nh c ghi cc kha cng khai ca tng ngi.Nh vy m bo
rng cc kha cng khai c lu gi an ton trn mi h thng cc b ca tng
ngi.y chnh l hnh thc phn phi kha cng khai th cng.
Tuy nhin hnh thc phn phi kha cng khai kiu ny b coi l khng thc t
hoc khng tha ng trong phn ln cc lnh vc ng dng kha cng khai, c
bit khi s lng s dng tr nn qu ln hoc phn tn.Cc chng ch kha
cng khai gip cho vic phn phi kha cng khai tr nn c h thng.
H thng cp chng ch kha cng khai lm vic nh sau:
Mt CA pht hnh cc chng ch cho nhng ngi nm gi cc cp kha cng
khai v kha ring.Mt chng ch gm kha cng khai v thng tin nhn
dng duy nht ch th (Subject) ca chng ch.Ch th ca chng ch c th l
58
mt ngi, thit b, hoc mt thc th khc c nm gi kha ring tng
ng.Khi ch th ca chng ch l mt ngi hoc mt thc th hp php no ,
ch th thng c nhc n nh l mt thc th (Subscriber) ca CA.Chng
ch c CA k bng kha ring ca h.

Hnh 16: Chng ch kha cng khai da trn CA

Mt khi h thng cc chng ch c thit lp, cng vic ca ngi dng cng
khai rt ngin.Ngi dng cn kha cng khai ca mt trong cc thu bao ca
CA, h ch cn ly bn sao chng ch ca CA, ly ra kha cng khai, kim tra
ch k ca CA c trn chng ch hay khng.Ngi dng kha cng khai s dng
cc chng ch nh trn c coi l thnh vin tin cy.Kiu h thng ny tng
i n gin v kinh t khi thit lp trn din rng v theo hnh thc t ng bi
v mt trong cc c tnh quan trng ca chng ch l:
Cc chng ch c th c pht hnh m khng cn phi bo v thng qua cc
dch v an ton truyn thng m bo s tin cn xc thc v ton vn.
Chng ta khng cn gi b mt kha cng khai, nh vy cc chng ch
khng phi l b mt.Hn na, y khng i hi cc yu cu v tnh xc thc
v ton vn do cc chng ch t bo v (ch k s ca CA c trong chng ch
cung cp bo v xc thc v ton vn).Mt k truy nhp tri php nh lm gi
chng ch khi n ny ang c pht hnh cho nhng ngi s dng kha cng
khai, nhng ngi dng ny s pht hin ra vic lm gi v ch k s ca CA
Kha ring ca CA
Sinh ch k s
Thng tin i t- ng
Kha cng khai
ca i t- ng
Tn CA
Ch k CA
59
c kim tra chnh xc.Chnh v th cc chng ch kha cng khai c pht
hnh theo cch khng an ton, v d nh: thng qua cc my ch, h thng th
mc, cc giao thc truyn thng khng an ton.
Li ch c bn ca h thng cp chng ch l: mt ngi s dng kha
cng khai c th c c s lng ln kha cng khai ca cc thnh vin khc
mt cch tin cy, nh khacng khai ca CA.Lu rng chng ch s ch hu
ch khi ngi dng kha cng khai tin cy CA pht hnh cc chng ch hp l.

4. M hnh CA

Nu vic thit lp mt CA (c th pht hnh cc chng ch kho cng khai cho
tt c nhng ngi nm gi cp kha cng khai v kha ring trn th gii) l
kh thi v khi tt c nhng ngi s dng kha cng khai tin cy vo cc chng
ch c CA ny pht hnh th ta gii quyt vn phn phi kha cng khai.
Rt tic l iu ny khng th thc hin c.n gin v n khng thc t i
vi mt CA.Mt CA khng th c y thng tin v cc mi quan h vi cc
thu bao c th pht hnh cc chng ch c tt c nhng ngi dng kha
cng khai chp nhn.V vy, chng ta cn chp nhn s tn ti ca nhiu CA
trn th gii.
Gi thit khi c nhiu CA, mt ngi dng nm gi kho cng khai ca mt CA
xc nh (CA ny pht hnh chng ch cho thnh vin m ngi s dng kha
cng khai mun truyn thng an ton) mt cch b mt l khng thc t. Tuy
nhin, c c kha cng khai ca CA, ngi dng c th tm v s dng
mt chng ch khc, n cha kha cng khai ca CA ny nhng do CA khc
pht hnh kha cng khai ca CA ny c ngi s dng nm d an ton.

5. Mt s giao thc bo mt ng dng trong TMT

Cc vn bo mt ng dng Web

Word Wide Web c c s ng dng l client/sever chy trn Internet v
cc mng Intranet vi giao thc ICP/IP. Nhng thch thc mi i vi bo mt
Web tr thnh cn thit hn bao gi ht nht l trong cch mng bi cnh cc
mng my tnh v cc dch v s dng Web ngy cng pht trin.
Internet nh con dao hai li. Khng ging nhng mi trng truyn
thng nh nhng h thng in tn, m thoi, fax, cc Web sever lun c nguy
c phi hng chu cc cuc tn cng trn ton b mng Internet.
C nhiu gii php cho vn bo mt ng dng Web cng nh cc Web
sever lin quan u rt d s dng, cu hnh hoc qun l. Ni dung ca cc web
side ny cng ngy cng phong ph, phn nh tnh a dng ca thng tin, v tt
nhin khng loi tr nhng webside khng trc c bi chng n di nhng
lp v c che chn mt cch kho lo. Lch s ngn ngi ca Web c phn
nh bi nhng h thng c nng cp v pht trin mi m vn c nhng
nguy c b tn cng vo cc l hng bo mt.
60
C nhiu gii php cho vn bo mt c ua ra, cc nh nghin
cu ch yu tp trung vo vic nghin cu v xem xt nhm ci tin cc dch v
cung cp v cc k thut c s dng, nhng vi mt cch tip c mi
trong gii hn ca giao thc ICP/IP. Hnh 3.1a cho ta thy s khc bit ny,
chnh l vic cung cp c ch bo mt cho IP. Tin b ny ca IPSec th hin
ch n to mt knh thng sut, knh sch,gia ngi s dng cui vi ng
dng nh l mt gii php thng nht.Hn na,IPSec cn cha mt b lc c
bit la chn tuyn giao vn trnh hin tng trn b nh trong qu trnh x
l ca IPSec.

(b) Transport Level (a)Network Level (c) Application
Level

Hnh 17: V tr ca cc phng tin bo mt trong cu trc ca giao thc
TCP/IP
Mt gii php na l ci tin c ch bo mt trn giao thc TCP, mt
trong nhng tng dn dt n s ra i ca giao thc Secure Sockets layer
(SSL) v Transprot layer Security (TLS). tng ny, c hai s la chn l SSL
hoc l TLS, SSL c cung cp nh l mt giao thc h tr nn c hon ton
c th bo mt bt k giao thc ng dng no c xp trn lp TCP mt cch
trong sut.Ngoi ra, SSL cn c th c gn vo cc ng dng nh mt gi c
bit, v d nh cc trnh duyt IE v Netscape u c trang b SSL, cc Web
server cng u c b sung giao thc ny.
Mt c trng khc ca cc dch v bo mt l vic chng c gn bn
trong cc dch v bo mt , hnh 3.1c l mt v d cho kin trc dng ny. S
thay i mi ny th hin ch cc dch v c th thch ng vi cc thnh phn
cn thit nht nh ca ng dng. Trong bi cnh chung ca vn bo mt ng
dng web, SET(Secure Electrolic Transaction) l mt v d tiu biu cho cch
tip cn ny.
5.2 SSL v TLS
Nh cp trn, hai giao thc bo mt quan trng lp vn chuyn
(Layer Transport) c tm quan trng rt ln i vi s bo mt ca cc trnh ng
dng trn web l SSL v TLS .
Cho n nay, c 3 phin bn ca SSL:
- SSL 1.0: c s dng ni b ch bi Netcape Communications 1.0. N
cha mt s khuyt im nghim trng v khng bao gi c tung ra
bn ngoi.
HTT
P
FTP SMTP
00
TCP

IP/IPSPec
SMTP HTTP
TCP
IP
TCP
Kerbero
s
S/MINE PGP SET
IP
HTT
P
SMT
P
FPT

SSL or TLS
UDP
61
SSL
Ghandshaks
protocol
SSl change
Cipher Spec
protocol
SSL,
Aliert
protocol

HTTR
SSl Record Layer
TCP
LDAP
cac
- SSL 2.0: c kt nhp vo Netscape Communications 1.0 n 2.x. N
c mt s im yu lin quan n s hin thn c th ca cuc tn cng
ca i tng trung gian.Trong mt n lc nhm dng s khng chc
chn ca cng chng v bo mt ca SSL. Microsoft cng gi thiu
giao thc PCT (Private Communication Technology) cnh trang trong ln
tung ra Internet Explorer u tin ca n vo nm 1996.
- SSL 3.0: Netscape Communications phn ng li s thch thc PCT
ca Microsoft bng cch gii thiu SSL 3.0. Vn gii quyt cc vn
trong SSL 2.0 v thm mt s tnh nng mi. Vo thi im ny
Microsoft nhng b v ng h tr trong tt c cc phin bn phn
mm da vo TCP/IP ca n.

5.2.1 Kin trc ca SSL

Cu trc ca SSL v giao thc ca SSL tng ng c minh ha trong
hnh 1.1. Theo hnh ny, SSL m ch mt lp ( bo mt) trung gian gia lp vn
chuyn (Transport Layer) v lp ng dng (Applycation Layer). SSL c xp
lp ln trn mt dch v vn chuyn nh hng ni kt v ng tin cy, chng
hn nh c cung cp bi TCT. V kh nng n c th cung cp cc dch v
bo mt cho cc giao thc ng dng ty da vo TCP ch khng phi ch
HTTP. Thc t, mt u im chnh ca cc giao thc bo mt lp vn chuyn
(Transport Layer) ni chung v giao thc SSL ni ring l chng c lp vi
ng dng theo ngha l chng c th c s dng bo v bt k giao thc
ng dng c xp lp ln trn TCP mt cch trong sut. Hnh 2.2 minh ha
mt s giao thc ng dng im hnh bao gm NSIIOP, HTTP, FTP, Telnet,
IMAP, IRC, POP3. Tt c chng c th c bo v bng cch xp ln chng
trn SSL (mu t S c thm vo trong cc k ghp giao thc tng ng ch
nh vic s dng SSL). Tuy nhin ch rng SSL c mt nh hng Client-
sever mnh m v tht s khng p ng cc yu cu ca cc giao thc ng
dng ngang hng.

HTTP SMTP
Application
Layer

Transport
Layer
62
IP
.............................................................
..............
Internet
Layer
...

Network
Layer

Hnh 18: Kin trc ca SSL

Tm li, giao thc SSL cung cp s bo mt truyn thng vn c 3 c tnh
c bn
1. Cc bn giao tip (ngha l Client v server) c th xc thc nhau bng
cch s dng mt m kha chung.
2. S b mt ca lu lng d liu c bo v v ni kt c m ha trong
sut sau khi mt s thit lp quan h ban u v s thng lng kha
session xy ra.
3. Tnh xc thc v tnh ton vn ca lu lng d liu cng c bo v v
cc thng bo c xc thc v c kim tra tnh ton ton vn mt cch
trong sut bng cch s dng MAC.
Tuy nhin iu quan trng cn lu l SSL khng ngn cc cuc tn
cng phn tch lu lng.v d: bng cch xem xt cc a ch IP ngun v ch
khng c m ho v cc s cng TCP, hoc xem xt lng d liu c
truyn, mt ngi vn phn tch lu lng vn c th xc nh cc bn no dang
tng tc, cc loi dch v no ang c s dng, v i khi ngay c khi dnh
c thng tin v cc mi quan h doanh nghip hoc c nhn. Hn na SSL
khng ngn cc cuc tn cng c nh hng da vo phn thc thi TCP chng
hn nh cc cuc tn cng lm trn ngp TCP SYN hoc cng ot sesion.
s dng s bo v ca SSL c client ln server phi bit rng pha bn kia ang
s dng SSL. Ni chung c ba kh nng gii quyt vn ny :
1. S dng cc s cng chuyn dng c dnh ring bi internet asigned
numbers Authority (IANA) .Trong trng hp ny mt s cng ring bit phi
c gn cho mi iao thc n dng vn s dng SSL.
2. S dng s cng chun cho mi giao thc ng dng v thng lng
cc tu chn bo mt nh l mt phn ca giao thc ng dng .
3. s dng mt tu chn TCP thng lng vic s dng mt giao thc
bo mt, chng hn nh SSL trong sut giai on thit lp ni kt TCP thng
thng.
S thng lng dnh ring cho ng dng ca cc ty chn bo mt
(ngha l kh nng th hai) co khuyt im l i hi mi giao thc ng dng
c chnh sa hiu tin trnh thng lng. Ngoi ra, vic xc nh mt tu
chn TCP (ngha l kh nng th 3) l mt gii php tt, nhng n khng c
Network Access
63
tho lun nghim tc cho n by gi. Thc t, cc s cng ring bit c
dnh ring v c gn bi IANA cho mi giao thc ng dng vn c th chy
trn SSL hoc TLS (ngha l kh nng th nht). Tuy nhin, hy ch vic s
dng cc s cng ring bit cng c khuyt im l i hi hai ni kt TCP nu
client khng bit nhng g m server h tr. Trc tin, client phi ni kt vi
cng an ton v sau vi cng khng an ton v ngc li. Rt c th cc giao
thc sau ny s hu b phng php ny v tm kh nng th hai. V d, SALS
(Simple Authentication v Security Layer) xc nh mt ph hp thm s h
tr xc thc vo cc giao thc ng dng da vo kt ni. Theo thng s k thut
SALS, vic s dng cc c ch xc thc c th thng lng gia client v
server ca mt giao thc ng dng cho.
S cng -c gn bi IANA cho cc giao thc ng dng vn vn chy
trn SSL/TLS c tm tt trong bng 2.1. Ngy nay, S ch nh vic s
dng SSL c thm (hu t) nht qun vo cc t ghp ca cc giao thc ng
dng tng ng (trong mt s thut ng ban u, S c s dng v c thm
tin t mt cch khng nht qun v mt s t ghp).
Bng 2.1 : Cc s cng c gn cho cc giao thc ng dng chy trn
TLS/SSL

T kho Cng M t
Nsiiop 261 Dch v tn IIOP trn TLS/SSL
Https 443 HTTP trn TLS/SSL
Smtps 465 SMTP trn TLS/SSL
Nntps 563 SMTP trn TLS/SSL
Ldaps 636 LDAP trn TLS/SSL
Ftps-data 989 FTP (d liu) trn TLS/SSL
Ftps 990 FTP (iu khin) trn TLS/SSL
Tenets 992 TELNET trn TLS/SSL
Imaps 994 INC trn TLS/SSL
Pop3s 995 POP3 trn TLS/SSL

Ni chung, mt session SSL c trng thi v giao thc SSL phi khi
to v duy tr thng tin trng thi mt trong hai pha ca sesion. Cc phn t
thng tin trng thi sesion tng ng bao gm mt session ID, mt chng nhn
ngang hng, mt phng php nn, mt thng s mt m, mt kho mt chnh
v mt c vn ch nh vic sesion c th tip tc li hay khng, c tm tt
trong bng 2.2. Mt session SSL c th c s dng trong mt s kt ni v
ccthnh phn thng tin trng thi ni kt tng ng c tm tt trong bng
2.3 .chng bao gm cc tham s mt m, chng hn nh cc chui byte ngu
nhin server v client cc kho mt MAC ghi server v client, cc kho ghi
server v client, mt vector khi to v mt s chui. trong hai trng hp,
iu quan trng cn lu l cc pha giao tip cn s dng nhiu session SSL
ng thi v cc session c nhiu ni kt ng thi
64

Bng 2.2 : Cc thnh phn thng tin trng thi Session SSL

Thnh phn M t
Session ID nh dng c chn bi server nhn dng mt
trng thi session hot ng hoc c th tip tc
li.
Peer certificate Chng nhn X.509 phin bn 3 ca thc th ngang
hng.
Compression
method
Thut ton dng nn d liu trc khi m ha.
Ciphr spec Thng s ca cc thut ton m ho d liu v
MAC.
Mater sercet Kho mt 48 - byte c chia s gia client v
server.
Is resumable C vn biu th session c th c s dng bt
u cc ni kt mi hay khng.

Bng 2.3: Cc thnh phn thng tin trng thi ni kt SSL.

Thnh phn M t
Ngu nhin
server v client
Cc chui byte c chn bi server v client cho
mi ni kt.
Kho mt Kho mt c s dng cho cc hot ng MAC
trn d liu.
MAC ghi
server
c ghi bi server.
Kho mt
MAC ghi client
Kho mt c s dng cho cc hot ng MAC
trn d liu c ghi bi client.
Kho ghi
server
Kho c s dng cho vic m ho d liu bi
server v gii m bi client.
Kho ghi client Kho c s dng cho vic m ho d liu bi
client v gii m bi server.
Initialization
vector
Trng thi khi to cho mt mt m khitong ch
CBC.Trng ny c khi to u tin bi SSL
Handshake player. Sau khi on vn bn mt
m sau cng t mi bn ghi c dnh ring s
dng vi bn ghi sau .
S chui Mi pha duy tr cc s chui ring bit cho cc
65
thng bo c chuyn v c nhn cho mi ni
kt.

Giao thc con SSL quan trng nht l SSL Handshake protocol. Ln
lt giao thc ny l mt giao thc xc thc v trao i kho vn c th c
s dng thng lng. Khi to v ng b ho cc tham s bo mt v
thng tin trng thi tng ng c t trong mt hai im cui ca mt
session hoc ni kt SSL.
Sau khi SSL Handshake protocol hon tt d liu ng dng c th
c gi v c nhn bng cch s dng SSL Record protocol v cc tham s
bo mt c thng lng v cc thnh phn thng tin trng thi.

5.2.2 SSL Record protocol :

Hnh 19: Cc bc SSL Record protocol

SSL Record Protocol nhn d liu t cc dao thc con SSL lp cao hn v s l
vic phn on, nn, xc thc v m ho d liu. Chnh xc, giao thc ny ly
mt khi d liu c kch c tu lm d liu nhp v to mt lot cc on d
liu nhp v tao mt lot cc on d liu SSL lm d liu xut (hoc cn c
gi l cc bn ghi) nh hn hoc bng 16,83 byte.
Cc bc khc nhau ca SSL Record Protocol vn i t mt on
d liu th n mt bn ghi SSL Plaintext (bc phn on), SSL Compressed
(bc nn) v SSL ciphertext (bc m ho) c minh ho trong hnh 2.3. Sau
cng, mi bn SSL cha cc bn thng tin sau y:
Application layer
Change
Cipher
Spec
SSL
Alert
Protocol
SSL
Handshake
Protocol

SSL Record protocol
TCP protocol

IP protocol

SSL 3.0
66
Loi ni dung: xc nh giao thc lp cao hn vn ophi c s dng
sau x l ln d liu bn ghi SSL (sau khi gii nens v gii m ho
thch hp).
S phin bn ca giao thc: xc nh phin bn SSL ang s dng
(thng l version 3.0)
di;
ln d liu (c nn v c m ho tu ): ln d liu bn ghi
SSL c nn v c m ho theo phng thc nn hin hnh v thng
s mt m c xc nh cho session SSL.
MAC.
Lc u mi session SSL,phng php nn v thng s mt m thng
c xc nh l rng. C hai c xc lp trong xut qu trnh thc thi ban u
SSL Handshake Protocol.Sau cng MAC c thm vo cc bn ghi SSL. N
cung cp cc dich v xc thc ngun gc thng ban\ c\v tnh ton vn d liu.
Tng t nh thut ton m ho, thut ton vn c s dng tnh v xc
nhn MAC c xc nh trong thng s mt m ca trng thi session hin
hnh. Theo mc nh,SSL Record Protocol s dng mt cu trc MAC vn
tng t nhng vn khc vi cu trc HMAC hn. C ba im khc bit chnh
gia cu trc SSL MAC v cu trc HMAC:
1. Cu trc SSL MAC c mt s chui trong thng bo trc khi hash
ngn cc hnh thc tn cng xem li ring bit.
2. Cu trc SSL MAC c chiu di bn ghi.
3. Cu trc SSL MAC s dng cc ton t ghp, trong khi cu trc MAC s
dng module 2.
Tt c cc im khc bit ny hin hu ch yu v cu trc SSL MAC
oc s dng trc cu trc HMAC cng c s dng cho thng s ki thut
giao thc bo mt Internet. Cu trc HMAC cng c s dng cho thng s k
thut giao thc TSL gn y hn.
Nh c minh ho trong hnh 2.3 mt s giao thc con SSL c xp
lp trn SSL Record Protocol. Mi giao thc con c th tham chiu c th thng
bo n cc loi thng bo c th vn c gi bng cch s dng SSL Record
Protocol. Thng s k thut SSL 3.0 xc nh ba giao thc SSL sau y:
Alert Protocol;
Handshake Protocol;
ChangeCipherpec Protocol;
Tm li, SSL Alert Protocol c s dng chuyn cc cnh bo thng
qua SSL Record Protocol. Mi cnh bo gm 2 phn, mt bc nh bo v mt
m t cnh bo.
SSL Handshake Protocol l giao thc con SSl chnh c s dng
h tr xc thc client v server v trao i mt kho session. Do SSL
Handshake Protocol trnh by tng quan v c tho lun trong phn tip theo.
Sau cng, SSL ChangeCipherpec Protocol c s dng thay i
gia mt thng s mt m ny v mt thng s mt m khc. Mc d thng s
67
mt m thng c thay i cui mt s thit lp quan h SSL, nhng n
cng c th c thay i vo bt k thi im sau .
Ngoi nhng giao thc con SSL ny, mt SSL Application Data
Protocol c s dng chuyn trc tip d lu ng dng n SSL Record
Protocol.
5.2.3 SSL Handshake Protocol
SSL Handshake Protocol l giao thc con SSL chnh c xp lp trn
SSL Record Protocol. Kt qu, cc thng bo thit lp quan h SSL c cung
cp cho lp bn ghi SSL ni chng c bao bc trong mt hoc nhiu bn ghi
SSL vn c x l v c chuyn nh c xc nh bi phng php nn v
thng s mt m ca session SSL hin hnh v cc kho mt m ca ni kt SSL
tng ng. Mc ch ca SSL Handshake Protocol l yu cu mt slient v
server thit lp v duy tr thng tin trng thi vn c s dng bo v cc
cuc lin lc. C th hn, giao thc phi yu c slient v server chp thun mt
phin bn giao thc SSL chung, chn phng thc nn v thng phc nn v
thng s mt m, tu xc thc nhau v to mt kho mt chnh m t cc
kho ssession khc nhau dnh cho vic xc thc v m ho thng bo c th
c dn xut t .
Tm li, vic thc thi SSL Handshake Protocol gia mt slient C v mt
server S c th c tm tt nh sau (cc thng bo c t trong cc du
ngoc vung th tu ):

Client Server
Client Hello
Server Hello
Server Certificate
Server Hello Done
Client Key Exchange
Change Cipher specification
Hnh 20:
68
Handshake Finished
Change Cipher specifications

Khi Client C mun kt ni vi server S, n thit lp mt ni kt TCP vi
cng HTTPS (vn khng c a vo phn m t giao thc) v gi mt thng
bo CLIENTHELLO n server bc 1 ca s thc thi SSL Handshake
Protocol. Client cngx c th gi mt thng bo CLIENT HELLO nhm phn hi
li mt thng bo HELLOREQUEST hoc ch ng thng lng li cc tham
s bo mt ca mt ni kt hin c. Thng bo CLIENTHELLO bao gm cc
trng sau y:
S ca phin bn SSL cao nht c biu hin bi client (thng l
3.0t).
Mt cu trc ngu nhin do client to ra gm mt tem thi gian 32 bit
c dng UNIX chun v mt gi tr 28 byte c to ra bi mt b to s gi
ngu nhin.
Mt nh danh session m client mun s dng cho ni kt ny.
Mt danh sch cc b mt m client h tr.
Mt danh sch cc phng php nn m client h tr.
Ch rng trng session identity (nh danh session) nn rng nu
session SSL hin khng tn ti hoc nu client mun o clientclient ham s bao
mt mi. mt trong hai trng hp, mt trng session identity khng rng l
xclient nh mt session SSL hi c gia client v server (ngha l mt session
c cc tham s bo mt m client mun s dng li). nh danh session c th
bt ngun t mt ni kt trc , ni kt ny hoc mt ni kt ang hot ng.
Cng ch rng danh sch cc b mt m c h tr, c chuyn t client
n server trong thng bo CLIENTHELLO, cha cc t hp thut ton mt m
c h tr bi client theo th t u tin. Mi b mt m xc nh mt thut
ton trao i v mt thut ton trao i kho v mt thng bo mt m. Server
s chn mt b mt m hoc nu cc la chn c th chp nhn c khng
c trnh by, tr v mt thng bo li v ng ni kt mt cch ph hp. Sau
khi gi thng bo CLIENTHELLO. Client i mt thng bo SERVER
HELLO. Bt k thng bo khc c tr v bi server ngoi tr mt thng bo
HELLOREQUEST c xem nh l mt li vo thi im ny.
bc 2, server s l thng bo CLIENTHELLO v p ng bng mt
thng bo li hoc thng bo SERVER HELLO. Tng t nh thng bo
CLIENTHELLO, thng bo SERVER HELLO c cc trng sau y:
Mt s phin bn server cha phin bn thp hn ca phin bn c
ngh bi client trong thng bo CLIENTHELLO v c h tr cao nht bi
Server.
Mt cu trc ngu nhin do server to ra cng gm mt tem thi gian
32 bit c dng UNIX chun v mt gi tr 28 bit c to ra bi mt b to s
ngu nhin.
Mt inh danh session tng ng vi kt ni ny.
69
Mt b mt m c chn bi server t danh sch cc b mt m c
h tr bi client.
Mt phng php nn c chn bi server t danh sch cc tht ton
nn c h tr bi client.
Nu nh danh session trong thng bo CLIENTHELLO khng rngN,
server tm trong cache session ca n nhm tm ra mt mc tng hp. Nu mc
tng hp c tm thy v server mun thit lp ni kt bng cch s dng
trng thi session tng ng, server p ng bng cng mt gi tr nh c
cung cp bi client . Ch nh ny l mt session c tip tc li v xc nh
rng c hai pha phi tin hnh trc tip vi cc thng bo
CHANGECIPHESPEC v FINISHED c trnh by thm bn di. Nu
khng, trng ny cha mt gi tr khc nhn bit mt session mi. Server cng
c th tr v mt trng nhjdanh session rng biu th rng session s khng
c lu tr v do khng th c tip tc sau . Cng ch rng thng
bo SERVERHELLO, server c chn mt b mt m v mt phng php
nn t cc danh sch c cung cp bi client trong thng bo CLIENTHELLO
. Cc thut tn trao i kho, xc thc, m ho v xc thc thng bo c xc
nh bi b m c chn bi server v c lm l ra trong thng bo
SERVERHELLO. Cc b mt m vn oc xc nh trong giao thc SSL v
c bn ging nh b mt m xc nh cho TLS
Ngoi thng bo SERVERHELLO, server cng phi gi cc thng bo
khc n client. V d, nu server c s dng s xc thc da vo chng
nhn, server gi chng nhn site c n n client trong mt thng bo
CERTIFICATE tng ng. Chng nhn phi thch hp cho thut ton trao I
kho cua b mt m c chn v thng l mt chng nhn X 509v3. cng
loi thng bo server c s dng sau cho s p ng ca client i vi
thng bo CERTIDICATERequest ca server . Trong trng hp cc chng
nhn X 509v3, mt chng nhn c th thc s tham chiu n ton b mi chui
cc chng nhn, c sp xp theo th t vi chng nhn ca i tng gi trc
tin theo sau l bt k chng nhn CA tin hnh theo tnhf t hng n mt CA
gc (vn c ch nhn bi clientv).
Tip theo, server c th gi thng bo SERVERKEYEXCHANGE n client n
n khng c chng nhn, vn c c s dng ch xc nh cc ch k k
thut s hoc s dng thut ton trao i kho da vo token FORITEZZA
(KEA). R rng thng bo ny khng c yu cu nu chng nhn site gm
mt kho chung RSA vn c th c s dng trong vic m ho.Ngoi ra mt
server khng nc danh c th tu yu cu mt chng nhn c nhn xc nhn
client. Do , n gi mt thng bo CERTIFFICATATERequest n client.
Thng bo ny cha mt danh sch cc loi chng nhn uc yu cu,
c phn loi theo th t u tin ca server cng nh mt danh sch cc tn
yc phn bit cho cc CA c th chp nhn. cui bc 2, server gi mt
thng bo SERVERHELLODone n client ch nh s kt thc
SERVERRHLLO v cc thng bo km.
70
Sau khi nhn SERVERHELLO v cc thng tin i km, client xc nhn
rng chng nhn site server (nu c cung cp) l hp l v kim tra nhm bo
m cc thng s bo mt c cung cp trong thng bo SERVERHELLO c
th c chp nhn. Nu server yu cu s xc thc client, client gi mt thng
bo CERTIFICATE vn cha mt chn nhn c nhn cho kho chung ca ngi
dng n server bc 3.
Tip theo, client gi mt thng bo CLIENTKEYEXCHANGE c dng ph
thuc vo thut ton cho mi kho chn bi server.
Nu RSA c s dng cho vic xc thc server v trao i kho, client
to mt kho mt tinchnh 48 byte, m ho n bng m chung c tm thy
trong chng nhn site hoc kho RSA tm thi t thng bo
SERVERKEYEXCHSNGE v gi kt qu troqr v trong thng bo
CLIENTKEYEXCHANGE. ln lt server s dng kho n gi m kho
mt chnh.
Nu cc token FORTEZZA c s dng trao i kho, client dn
xut mt kho m ho token (TEK) bng cch s dng KEA. Cch tm KEA ca
client s dng kho chung t chng nhn server cng vi mt s tham s ring
trong token ca client. Client gi cc tham s chung cn thit cho server cng
to TEK, s dng cc tham s ring ca n. N to mt kho mt chnh, bao bc
n bng cch s dng TEK v gi kt qu cng vi mt s vector khi to n
server nh l mt phn ca thng bo CLIENTKEYEXCHANGE. Ln lt
server c th gii m kho mt chnh mt cch thch hp. Thut ton trao i
kho ny khng c s dng rng ri.
Nu s s xc thc client c yu cu, client cng gi mt thng bo
CERTIFICATEVERIFY n server. Thng bo ny c s dng cung cp
s xc thc r rng nh danh cua ngi da vo chng nhn cc nhn. N ch
c gi theo sau mt chng ch client vn c kh nng to ch k (tt c cc
chng nhn ngoi tr cc chng nhn cha cc tham s Diffehallman c nh).
Sau cng, client hon tt bc 3 bng cch gu 1 thng bo
CHAGECIPHERSPEC v mt thng bo FINIHED tng ng ti server. Thng
bo FINIHED lun c gu ngay lp tc sau thng bo
CHANGERCIPERSPEC xc nhn rng cc tin trnh trao i kho v xc
thc thnh cng. Thc t thng bo FINISHED l thong bo u tin vn
c bo v bng cc thut ton mi uc thng lng v cc kho session.
N ch c th c to v c xc nhn nu nhng kho ny c ci t mt
cch ph hp c hai pha. Khng i hi s bo nhn thng bo FINISHED;
cc pha c th bt u gi d liu c m ho ngay lp tc sau khi gi
thng bo FINISHED. Vic thc thi SSL Handshake Protocol hn tt bng vic
cng yu cu server gI mt thng bo SERVERKEYEXCHANGE v mt
thng vo FINISHED tng ng n client bc 4.
Sau khi thit lp SSL hon tt, mt ni kt an ton c thit lp gia cc
client v server . ni kt ny by gi c th c s dng gi d liu ng
dng vn c bao bc bi SSL Record Protocol. Chnh xc hn, d liu ng
71
dng c th c phn on, c nn, hoc c m ho v c xc thc theo
SSL Record Protocol cng nh thng tin trng thI session v ni kt vn by
gi c thit lp (tu thuc vic thc thi SSL Handshake Protocolt)
SSL Handshake Protocol c th c rt ngn nu client v server quyt
nh tip tc li mt session SSL c thit lp trc (v vn c l trv)
hoc lp li mt session SSL hin c. Trong trng hp ny, ch ba dng thng
bo v tng cng su thng bo c yu cu, Cc dng thng bo tng ng c
th tm tt nh sau:
1: C -> S: CLIENTHELLO
2: S-> C: SERVERHELLO
CHANECIPHERSPEC
FINISHES
3: S-> CHANECIPHERSPEC INISHES
bc mt, client gi mt thng bo CLIENTHELLO n server vn c
mc nh danh session cn c tip tc li. Ln lt cc server kim tra cache
session ca n tm mt mc tng hp. Nu mt mc tng hp c tm
thy, server mun tip tc li ni kt bn di trng thI session xc nh, n
tr v mt thng bo SERVERHELLO vi cng mt nh danh session bc
2. Vo thi im ny, c client ln server phogi cc thng bo
CHANECIPHERSPEC v FINISHES n nhau bc 2 v 3. Mt khi vic ti
thit lp session hon tt, client v server c th bt u d liu ng dng.
5.3. Bo mt giao dch in t ( Secure Electronic Transaction SET)
SET l mt phng php bo mt c xy dng nhm bo m an ton
cc giao dch trn internet bng th tn dng. Phin bn hin ti, SET v1, c
chn lm tiu chun bo mt cho cc th tn dng nh Matercard v Visa vo
thng 1 nm 1996. Rt nhiu cng ty tp chung pht trin v xy dng tong
c IBM, Microsoft, Netscape, RSA, Tesia v Versign. T nm 1998 cc sn
phm u tin s dng SET c trin khai.
Bn thn SET khng phi l mt h thng thanh ton, m thc cht n l
tp hp cc giao thc bo mt v nh dng cho php ngi dng s dng cc
thit b lm vic vi th tn dng trn h thng mng nh internet theo nguyn
tc bo mt. V c bn, SET cung cp ba dch v:
- Cung cp mt knh truyn thng an ton tuyt i vi tt c cc thnh
vin trong qu trnh giao dch.
72
- S dng tiu chun chng thc s X.509v3 m bo an ton.
- Gi gn s ring t bi cc thng tin ch cung cp cho cc thnh vin
trong giao dch din ra vo thi im hay a im cn thit.
5.3.1.Tng quan v SET
Cc yu cu: Trc tin ta xem xt cc yu cu trong thng mi m
SET cn c cng nh cc thnh phn khc tham gia trong cc giao dch s dng
SET, cc yu cu thng mi m bo an ton cho cc chi tr vi th tn dng
trn Internet cng nh cc mng khc bao gm:
- Cung cp s tin cy cho cc thng tin chi tr v thanh ton: iu ny
cn thit m bo ngi dng th gi gn an ton cc thng tin ca mnh
cng nh cc thng tin n c vi ngi nhn c mong i. S tin cy ny
cng s gim bt cc ri ro I vi cc gian ln trong giao dch vi i tc cng
nh cc thnh vin th ba khng mong mun. SET s dng m ho cc cung
cp tin cy ny.
- m bo tnh ton ton vn i vi mi d liu c truyn : Ngha l
m bo khng c ni dung no b thay i trong sut qu trnh giao dch s
dng SET. Ch k s c s dng cung cp cc ton vn ny.
- Cung cp chng thc i vi ngi s dng th l ngi s dng ti
khon th tn dng hp php: Mt c ch lin kt ngi dng th ti s ti
khon xc nh nhm gim thiu cc gian ln i vi mt qu trnh mua bn chi
tr. Ch k s v c ch chng nhn c s dng xc nhn ngi dng th
l ngi s hu ti khon hp l.
- Cung cp cc chng thc cho php cc nh knh doanh c th chp nhn
cc giao dch s dng th tn dng thng qua mi quan h vi mt t chc ti
chnh: y l s b sung cho cc yu cu c trc. Ngi s dng th cn nhn
bit c u l cc nh kinh doanh c t cch m bo an ton cho cc giao
dch. Mt ln na, ch k s v cc c ch chng nhn c s dng.
- m bo vic s dng mt cch tt nht cc k thut xy dng h
thng v an ton thc t bo v tt c cc thnh vin hp php trong ton
b qu trnh giao dch: SET l mt s kim nghim tt da trn cc thut ton v
cc giao thc m ho an ton cao.
- Xy dng mt giao thc m khng ph thuc vo cc c ch bo mt
giao dch cng nh cc c ch ngn chn khc dng: SET c th thc thi an
ton trn stack ca TCP /IP th. Tuy nhin, SET khng gy tr ngi khi s
dng cc c ch bo mt khc chng hn nh IPSec v SSL /TLS.
73
- To iu kin v khuyn khch kh nng gia phn mm v cc nh
cung cp dch v mnh: Cc giao thc v nh dng SET c lp vi h tng
thit b phn cng, h iu hnh v phn mm Wed.
Cc c trng c bn ca SET: Sau khi cp ti yu cu cn c ta thy
SET bao gm cc c trng c bn sau:
- Thng tin cy: Thng tin ti khon v cc thng tin cho vic
chi tr c bo v khi n c truyn I trong mng. Mt iu th v v quan
trng nht c trng ny ca SET l n ngn khng cho nh kinh doanh bt
c s th tn dng ca ngi s dng, m iu ny ch c cung cp cho cc
ngn hng pht hnh. Quy c m ho ny c DES dng cung cp cc tin
cy.
- Ton vn d liu: Thng tin chi tr t ngi s dng th ti cc nh
kinh doanh bao gm cc thng tin thanh ton, d liu c nhn v cc liu cho
vic chi tr. SET m bo vic cc ni dung ca thng ip khng b bin i
trong khi gi i. Ch k s RSA, s dng m bm SHA -1, s m bo tnh
ton vn cc thng ip ny. Cc thng ip ny cng c th c m bo bi
HMAC s dng SHA -1.
- Chng thc cc nh kinh doanh: SET cho php ngi s dng th
xc nhn mt nh kinh doanh c quan h vi mt tt choc ti chnh c kh nng
chp nhn cc th chi tr. Trong trng hp ny SET c s dng chng nhn s
X.509v3 v ch k s RAS.
Ch rng SET khng ging nh IPSec v SSL /TLS, n ch cung cp mt chn
la ng vi mi thut ton m ho. y l mt s khn ngoan bi SET l mt
ng dng n c lp vi m tp hp cc yu cu ring, m c IPSec v
SSL /TLS ng vai tr h tr mt phm vi no ca cc ng dng.
5.3.2.Cc thnh phn tham gia s dng SET.

74

- Ngi dng th (cardholder): trong mi trng in t, khch hng hay
mt nhm khch hng c nh hng ti cc nh kinh doanh t nhng
chic my tnh c nhn thng qua internet. Mt ngi s dng th l
ngi c quyn nm gi th thanh ton c cung cp bi nhng nh pht
hnh.
- Nh kinh doanh(Merchant): Mt nh kinh doanh c th l mt c nhn
hay mt t chc c cc dch v bn hng cho ngi dng th. Cc dch v
ny c tin hnh thng qua cc website hoc th in t. Mt nh kinh
doanh chp nhn c cc th thanh ton th buc phi c quan h vi
mt nh trung gian(Acquirer).
- Nh pht hnh(issuer): y l mt t chc ti chnh, chng hn nh ngn
hng, cung cp ti khon ngi dng cng vi th thanh ton. Cc ti
khon c s dng thng qua cc imail c nhn. V c bn, cc nh pht
hnh chu trch nhim chi tr cc khon tin cha tr ca ngi dng th.
- Nh trung gian Ngn hng ca doanh nghip (Acquirer): y l t chc
ti chnh thc hin vic thit lp mt ti khon i vi nh kinh doanh v
chng thc cc qu trnh chi tr bng th. Cc nh kinh doanh thng
chp nhn nhiu hn mt loi th nhng li khng mun quan tm n
nhiu t chc cng nh nhiu c nhn cung cp th no. Trng khi nh
trung gian s cung cp vic chng thc nh kinh doanh bng cch a ra
cho h mt th ti khon tin li v gii hn quyn i vi cc loi th
ny. Nh trung gian cng cung cp cc lun chuyn in t cho vic chi
tr i vi cc ti khon ca cc nh kinh doanh. Sau cng, nh kinh
doanh s c hon li s tin m cc nh pht hnh c c t qu lun
chuyn in t trn mng chi tr.
- Cng chi tr (payment gateway): y l mt chc nng thc hin bi Nh
trung gian hoc c xy dng mt thnh vin th ba nhm x l cc
thng tin chi tr ca nh kinh doanh. Nh trung gian trao i cc thng
ip SET vi cng chi tr thng qua internet, trong khi cng chi tr
hng vo hay kt ni mng ti h thng s l ti chnh ca nh trung
gian.
- Quyn chng nhn (Certification Authority- CA): y l mt thc th
c tin cy cung cp cc chc nhn kho cng khai X.509V3 cho
ngi s dng th, cc nh kinh doanh v cc cng chi tr. Thnh cng
ca SET s ph thuc vo s tn ti ca mt h tng CA c gi tr.
75
Di y l m t lc bao gm cho cc s kin c din ra trong mt giao
dch thng mi in t:
1. Khch hng m mt ti khon: khch hng c c th tn dng nh
MasteerCard hay Visa vi mt ngn hng c kh nng h tr chi tr in
t v STE.
2. Khch hng nhn mt chng nhn: Sau khi nhn dng hon tt, khch
hng nhn c mt chng nhn s X.509V3, c k bi ngn
hng.chng nhn ny xc minh cng khai RSA ca khch hng v hn s
dng ca n. N s thit lp mt quan h, c bo m bi ngn hang,
chic cp kho ca khch hng v th tn dng ca anh ta.
3. Nh kinh doanh c ring cc chng nhn ca h: Mt nh kinh doanh
mun chp nhn nhiu loi th th buc phi s hu hai chng nhn i
vi hai kho cng khai ring ca h: Mt cho k nhn thng ip v mt
cho trao i kho. Nh kinh doanh cng cn c mt b sao chng nhn
kho cng khai ca cng chi tr.
4. Khch hng t mt thanh ton: y l mt qu trnh bao gm vic la
chn mt hng trn webside ca nh kinh doanh v xc nh gi c.
Khch hng gi ti nh kinh doanh mt danh sch cc mt hng mun
mua, h nhn c mt mu thanh ton bao gm danh sch mt hng, gi
c, tng tin v s ho n.
5. Nh kinh doanh c xc nhn: Thm vo mi thanh ton, nh kinh
doanh gi mt bn sao chng nhn n, v vy khch hng c th tin tng
rng anh ta c quan h vi mt nh kinh doanh hp php.
6. Vic thanh ton v chi tr c gi i: Khch hng gi ti nh kinh
doanh cc thng tin thanh ton v chi tr cng vi chng nhn khch
hng: Thng tin thanh ton bao gm cc mt hng t trong mu ho
n; thng tin chi tr cha ni dung chi tit ca th tn dng. N c
m ho do vy nh kinh doanh khng th bit c; chng nhn khch
hng cho php nh kinh doanh xc nhn khch hng.
7. Nh kinh doanh yu cu chng thc cc chi tr: nh kinh doanh chuyn
cc thng tin ti cng chi tr, yu cu xc thc thng tin th tn dng ca
khch hng c ph hp vi vic mua cc sn phm t hay khng.
8. Nh kinh doanh xc nhn thanh ton: nh kinh doanh gi xc nhn
thanh ton ti khch hng.
9. Nh kinh doanh cung cp cc mt hng dch v: nh kinh doanh chuyn
hng hoc cung cp dch v ti khch hng.
10. Nh kinh doanh yu cu chi tr: yu cu ny c gi ti cng chi tr
(Qu l tt c qu trnh chi tr).

76

CHNG IV
ci t bo mt v an ton thng tin trn website
mua bn cc linh kin my tnh trn mng internet

I. Cc chc nng c bn v hot ng ca h thng website

Nh trnh by trong chng 1, chng 2 v chng 3 ca lun vn khi
nghin cu v cc h mt m kho i xng v kho cng khai cn bn cng
nh vic nghin cu cc giao thc v c ch bo mt thng mi in t s
dng SSL/TLS, SET, tc gi quyt nh la chn h mt m c bn nht l
DES v gii thut ch k s DSA cho phn ci t ng dng ca mnh.
Trong lun vn ny, em khng i su vo vic trnh by v qu trnh phn
tch h thng cho vic xy dng website bn hng trc tuyn m ch trnh by
ngha ca cc phn h thng c xy dng bao gm cc chc nng thng
thng cng nh cc chc nng bo mt c ci t. Cc m t qu trnh
chng thc, bo mt lp c s d liu cng nh qu trnh tng tc gia cc i
tng trong qu trnh chng thc khch hng c m t trong s sau:

1. T chc d liu
- Website bao gm c cc trang:
- Trang ch
- Trang thng tin nhm hng: v d My tnh sch tay, thit b vn phng
- Trang thng tin chi tit sn phm: hin th cc thng tin chi tit v mt sn
phm, qua khch hng thc hin cc thao tc khc nh: chn mua hng
- Trang thng tin n hng: sau khi khch hng la chn mt hoc nhiu
sn phm cn mua, gm cc thng tin nh: m sn phm, tn sn phm,
s lng cn mua s lp thnh mt n hng. Trn trang n hng ny,
khch hng thc hin cc chc nng khc nh :
o Tip tc mua hng: tip tc chn thm cc sn phm khc mun
mua
t hng
Chng thc
khch hng
Khch hng
77
o Chp nhn mua hng: gi thng tin v n hng ln h thng, xc
nhn nhu cu mua hng
o Hy n hng: xa b tt c cc sn phm la chn, t chn
li cc sn phm mi
o Cp nht n hng: la chn li s lng mi sn phm trong n
hng, t h thng tnh li gi tin cho tng cng cc sn phm
chn
2. Qun tr thng tin
- Ngi qun tr h thng cp nht cc thng tin v sn phm ln website,
t khc hng c th la chn xem, mua
- Mi sn phm gm cc thng tin quan trng l: M sn phm, gi bn.
Cc thng tin khc ch c ngha cung cp hiu bit cho khch hng
3. M ha RSA v p dng trong h thng
ng k thnh vin
- Mi ngi truy cp vo h thng, mun thc hin vic mua hng, ng k
mua hng u phi ng k tr thnh thnh vin ca website. Qu trnh
ny chnh l vic cp cho khch hng mt tn ng nhp, mt khu
ng nhp v cp kha cng khai kha b mt theo thut ton RSA.
Vi y cc thng tin ny, khch hng c th thc hin c giao dch
mua hng trn website
- Chi tit cc bc ng k thnh vin gm cc bc nh sau:
o ng k thnh vin: cung cp cc thng tin nh: tn ng nhp, a
ch hm th, mt khu
o H thng kim tra tnh duy nht ca Tn ng nhp & a ch th.
Nu c s dng trong h thng, khch hng phi la chn mt
tn khc
o Nu qu trnh cung cp thng tin hon tt v khng gp li no, h
thng thc hin to cp kha b mt cng khai theo thut ton
RSA, sau gi kha b mt di dng file nh km v a ch th
m khch hng cung cp. Kha cng khai c lu tr trong
CSDL
o Cp kha b mt cng khai ny bo m tnh duy nht, khng
trng lp gia tt c cc thnh vin ca h thng
o Khch hng sau khi kim tra a ch th, nhn c y cc
thng tin cn phi thc hin thao tc xc nhn trc khi thc hin
c bt k giao dch no. Thao tc ny l cn thit, trnh
trng hp mo danh, s dng email ca ngi khc mt cch
khng hp l.
o Sau khi thao tc ny hon thnh, khch hng c quyn thc hin
cc giao dch ca mnh, theo nhng chc nng m h thng cung
cp.
78
4. Thc hin mua hng
- Khch hng thc hin vic mua hng, cng hon ton ging cc bc
chn hng trong siu th, nhng khc l trn mt h thng in t, siu th
trc tuyn
Thao tc 1: Xem hng v chn hng. Khch hng lt web, xem h thng
cung cp nhng mt hng no, chng loi no, nu tm c hng ph hp
th thc hin thao tc chn mua hng. Sau thao tc ny, mt hng c chn
s nm trong mt n hng, v khch hng c th thay i li n hng
theo cc thao tc nh: khng chn sn phm no , thay i s lng cn
mua ca mi sn phm, hy ton b n hng
Thao tc 2: Chp nhn mua hng. Sau khi chn xong cc sn phm, khch
hng thc hin thao tc Chp nhn mua hng. Chc nng ny thc hin cp
nhp d liu v hng ha ca khch hng vo h thng cc n hng ch
c x l. Nu khch hng cha thc hin ng nhp, h thng khng xc
nh c nh danh ngi dng ang truy cp l ai, t website s chuyn
hng n trang ng nhp. Trong trang ny, khch hng cn cung cp cc
thng tin gm: Tn ng nhp v Mt khu, nu cc thng tin ny ng hoc
ng nhp thnh cng trc , h thng s t ng chuyn n trang x
l t mua hng v thng bo cho khch hng. Sau thao tc ny, khch hng
nhn c email thng bo tnh trng n hng, v ng dn duy nht
thc hin kch hot n hng.
Thao tc 3: Kch hot n hng. Khi n hng cha c kch hot, d liu
v cc sn phm, hng ha t mua c m ha theo thut ton RSA, s
dng kha chung m ha cc thng tin n hng, bo m thng tin c
bo mt v khng b tit l nu khng c kha b mt hp l gii m.
Khch hng thc hin kch hot theo ng dn cung cp trong email, tip
h thng s yu cu cung cp kha b mt bng cch khch hng browse
chn file cha kha b mt, file ny c h thng cung cp khi thc
hin ng k. H thng s s dng kha b mt ny (ch lu trong b nh
RAM my tnh) gii m cc thng tin m ha trn, tm ra s sn
phm mua, s lng tng ng vi mi sn phm, t , tnh gi tr
n hng v chuyn d liu cho module x l khu tr tin trong ti khon.
Nu mt ngi no nhn c ng dn ny v cng thc hin kch hot
n hng, nhng khng c kha b mt hp l, th s khng th thc hin
c vic gii m v mua hng.
5, Cc thc thc hin m ha v gii m
5.1 M ha n hng
- Cc sn phm trong mt n hng c c trng bi: M sn phm, s
lng cn mua. Cc thng tin khc nh: gi bn, tn hng u c lu
tr trong CSDL ca website, khng cn thit phi a vo xu k t cn
m ha.
79
- T plain text cn m ha gm: PT = {M-hng-ha}/{S-lng-cn-
mua}[^]. T , khi khch hng chn mua 5 sn phm th xu k t cn
thc hin m ha s l: PT = sp01/3^sp12/9^sp32/1^sp45/8^sp983/2, din
gii ra s l: mua Sn phm c m l sp01 s lng 3 chic (ci), sn
phm c m sp12 s lng 9, sn phm c m l sp32 s lng 1, sn
phm c m sp45 s lng 8, sn phm c m 983 s lng 2. Hm thc
hin m ha s m ha PT thnh ET (encoded text), s dng kha cng
khai ca ngi t mua hng. Xu ET ny s khng th c ngha nu
khng c gii m, vic gii m i hi phi c kha ring ca khch
hng
5.2 Gii m n hng
- Xu k t m ha ET c hm gii m thc hin decode (gii m) sau
khi khch hng cung cp mt kha ring hp l. Nu qu trnh gii m
thnh cng, h thng s nhn c xu PT nh trc khi thc hin m
ha, t chng t ngi kch hot n hng l hp l, v tin hnh
thanh ton, tr tin trong ti khon bnh thng
V d khi thc hin m ha/gii m
Kha b mt v cng khai
Thnh vin ca h thng l anhtuan, sau khi ng k s c h thng cung
cp cc kha cng khai, kha b mt nh sau:
PrivateKey:
YTozOntpOjA7czozMjoiEwUyThq8gAfqCKXW2F/gjMYjOPo6J34rmP6b8
vY+TMoiO2k6MTtzOjMyOiIBv4wLNs8ExGUG+mvRNP2p+2cjRKAH0Dt
mFTE0lebYQyI7aToyO3M6NzoicHJpdmF0ZSI7fQ==
PublicKey:
YTozOntpOjA7czozMjoiEwUyThq8gAfqCKXW2F/gjMYjOPo6J34rmP6b8
vY+TMoiO2k6MTtzOjM6IgEAASI7aToyO3M6NjoicHVibGljIjt9
Nhn vo hai kha ny, chc chn mi chng ta u khng bit ngha ca
n, nhng n c sinh ra khi ta s dng m ha theo thut ton RSA
II. ci t cc chc nng bo mt v an ton thng tin trn web
site mua bn linh kin my tnh

1. Th tc ng k thnh vin
Th tc ny c xy dng cng vi chc nng ng k thnh vin, sau khi
khch hng iu y cc thng tin c nhn cn thit nh email, mt khu, tn
y , a chv form ny c trnh, khi Server s tin hnh vic cp
nht cc thng tin ny vo c s d liu, trc khi cp nht, mt khu khch
hng s c m ho bng phng php m ho DES (hoc c th l Triple
80
DES, AES hay bt k h mt m kho i xng no khc m bo rng mt
khu ca khch hng c gi kn).

Nu khch hng ng k thnh cng th h thng website s gi cho khch hng
mt thng bo vo a ch email m khch hng ng k km theo mt kho
ring private key di dng mt file vn bn tex khch hng phi lu gi kho
ring ny nh ch k s ca ring mnh thng bo nh sau:

81

2. Khch hng la chn mua hng trn website
Sau khi ng k l thnh vin ca website khch hng mi c quyn chn
hng v mua hng trn trang gii thiu cc mt hng ca website.

Khch hng lt web, xem h thng cung cp nhng mt hng no, chng loi
no, nu tm c hng ph hp th thc hin thao tc chn mua hng. Sau thao
tc ny, mt hng c chn s nm trong mt n hng, v khch hng c
th thay i li n hng theo cc thao tc nh: khng chn sn phm no ,
thay i s lng cn mua ca mi sn phm, hy ton b n hng

82

Sau khi chn xong cc sn phm, khch hng thc hin thao tc Chp nhn
mua hng. Chc nng ny thc hin cp nhp d liu v hng ha ca khch
hng vo h thng cc n hng ch c x l. H thng website s gi cho
khch hng mt thng bo v ho n cc mt hng m khch hng va chn
km theo cc thng tin v gi c v a ch nhn hng nh sau:

Khch hng thc hin kch hot theo ng dn cung cp trong email, tip
h thng s yu cu cung cp kha b mt bng cch khch hng browse chn
file cha kha b mt, file private key ny c h thng cung cp khi thc
hin ng k. H thng website s xc thc khch hng bng kho private key

83
v gi li cho khch hng mt thng bo c cha y ho n mua hng ca
khch hng v tng s tin m khch hng phi tr t ti khon ca mnh.

Kt thc qu trnh giao dch mua bn my tnh thng qua dch v INTERNET
v ti khon ca c nhn ti cc ngn hng

84
kt lun

Vi s pht trin mang tnh ton cu ca mng Internet v TMT, con
ngi c th giao tip d dng trong mt cng ng rng ln. Tuy nhin i vi
cc giao dch mang tnh nhy cm, cn phi c c ch m bo an ton trong
phin giao dch . Cn thit hn c l mi bn cn xc nh chnh xc ngi
mnh ang giao tip c ng l i tc mong i hay khng. Trong lun vn
ny, em cp n hai k thut chnh trong an ton thng tin l m ho v
k s cng vi nhng vn lin quan n bo mt ng dng Web. Hai k thut
ny cng c p dng phn no trong vic xc thc i tc trong mi phin
giao dch.
V k thut m ho, c hai phng php: M ho i xng v m ho kho
kho cng khai. M ho m bo an ton v thng tin giao tip nhng khng m
bo liu thng tin c b gi mo hoc c b mo danh hay khng. Vn ch yu
nm vic qun l kho m ho v gii m c hai phng php m ho.
i vi phng php k s, da vo ch k cng cp kho ring v cng
khai, chng ta c th xc nh chnh xc i tc trong giao dch. Em cng tm
hiu hai loi ch k: Ch k km thng ip v ch k sinh thng ip cng hai
s k c chp nhn v s dng rng ri: RSA, DSS.
C mt vn t ra i vi ch k s, liu chng ta c m bo chnh xc
ch k hoc kho kho cng khai l thuc i tc hay khng. C rt nhiu cch
tn cng vo ch k s, trong ph bin l phng php mo danh ch k.
Gii php khc phc a ra l s dng chng ch s cho kho kho cng khai
nhm m xc thc tnh ng n ca i tc trong giao dch. Tuy nhin, do
iu kin v mt thi gian cn hn ch, em khng th nghin cu k lng v
chng ch s cho kho cng khai m tp trung vo vic tm hiu mt s cc giao
thc bo mt ng dng web, c th l ci t mt s quy trnh giao dch s dng
ti cc phng php m ho thng tin cng nh k s. Em cng c gng ht
sc pht trin ng dng theo m hnh thng mi in t s dng SET,
nhng do thc t Vit Nam hin nay khng tn ti mt cch y cc thnh
phn tham gia SET, v vy ng dng s gp kh khn khi trin khai trong thc
tin.
Trong thi gian ti, em s tip tc pht trin ti vi phng hng c
th nh sau:
Tip tc tm hiu hn v thc nghim vi mt s phng php m ho
kho i xng nh Triple DES, RC4, IDEA; cc phng php m ho kho
cng khai nh Elgamal, Rabin, Knapsack, Eliptic Curve.
Ci tin v nng cao hiu qu ca cc module ci t trn webssite cng
nh cc k thut ci t khc.

BẢO MẬT VÀ AN TOÀN THÔNG TIN TRONG THƯƠNG MẠI ĐIỆN TỬ

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BẢO MẬT VÀ AN TOÀN THÔNG TIN TRONG THƯƠNG MẠI ĐIỆN TỬ

Uploaded by

Copyright:

Available Formats

I HC THI NGUYN

KHOA CNG NGH THNG TIN

You might also like