You are on page 1of 64

Bo mt trong thng tin di ng

THUT NG VIT TT
3GPP AH AMF AuC AUTN AV CA CAPI CCITT CH COA CRL CS DARPA DES DH DNS DSP EA ECC ECDSA EC-EKE ESP FA GSM HA IDEA 3rd Generation Partnership Project n i tc th h ba Authentication Header Mo u nhn thc Authentication and Key Management Trng qun l kho v nhn Field Authentication Center Authentication Token Authentication Vector Certification Authority Cryptographic Application thc Trung tm nhn thc Th nhn thc Vc t nhn thc Chnh quyn chng nhn Program Giao din chng trnh ng

Interface dng Consultative Committee for International U ban t vn v in bo v Telephony and Telegraphy Corresponding Host Care of Address Certificate Revocation List Certificate Server Defense Advanced Research Projects Agency Data Encryption Standard Diffie-Hellman Domain Name System Digital Signal Processor External Agent Elliptic Curve Cryptographic Elliptic Curve Digital Signature Algorithm Elliptic Curve-Encrypted Key Exchange Encapsulating Security Protocol Foreign Agent Global Systems for in thoi quc t My i tc Chm sc a ch Danh sch thu hi chng nhn Server chng nhn C quan cc d n nghin cu tin tin quc phng Chun mt m d liu H thng tn min B x l tn hiu s Tc nhn ngoi Mt m ng cong Elp Thut ton ch k s ng cong Elp Trao i kho mt m ng

cong Elp Giao thc an ninh ng gi Tc nhn khch Mobile H thng thng tin di ng ton cu Tc nhn nh Thut ton mt m s liu quc

Communications Home Agent International Data Encryption Algorithm

Trang: 1

Bo mt trong thng tin di ng

IEEE IMEI IMSR IMT-2000 IMUI IPSec ISAKMP ITU KDC LAN MAC MH MoIPS MSR PDA PKI RAND RCE RFC RPC SN SNBS SPD SPI UMTS USIM RSA

t Institute of Electrical and Electronic Vin k thut in v in t Engineers International Mobile Equipment Identifier B nhn dng thit b di ng

quc t Improved Modular Square Root Modul cn bc 2 ci tin International Mobile Telecomunications- Vin thng di ng th gii2000 International Mobile User Identifier 2000 B nhn dng ngi s dng di

ng th gii Internet Protocol Security An ninh giao thc Internet Internet Security Association and Key Giao thc qun l kho v lin Management Protocol International Telecommunications Union Key Distribution Center Local Area Network Message Authentication Code Mobile Host Mobile IP Security Modular Square Root Personal Digital Assistant Public-Key Infrastructure Random number Radio Control Equipment Request For Comments Remote Procedure Call Serving Node Serving Network Base Station Security Policy Database kt an ninh Internet Lin minh vin thng quc t Trung tm phn phi kho Mng ni b M nhn thc bn tin My di ng An ninh an ninh di ng Modul cn bc hai Tr gip s c nhn C s h tng kho cng cng S ngu nhin Thit b iu khin v tuyn Yu cu ph bnh Cuc gi th tc xa Node phc v Trm gc mng phc v C s d liu chnh sch an

ninh Security Parameters Index Ch mc cc tham s an ninh Universal Mobile Telecommunications H thng vin thng di ng System UMTS Subscriber Identity Module Rivest, Shamir and Adleman ton cu Modul nhn dng thu bao UMTS

Trang: 2

Bo mt trong thng tin di ng

PHN I: GII THIU TI


I: GII THIU NG DNG CA TI Nhn thc trong thng tin di ng l mt ti khng mi nhng c mi ngi rt quan tm v ly n lm ti nghin cu chuyn ca mnh.Thng tin di ng nh bt cm ta n hang ngy vy, D n c gn gi vi chng ta i na nhng khng t bn khng r v vn ny. N rt ng dng trong thc t vi chng ta Lun vn ny s tm hiu ti v nhn thc thu bao v n lin quan n mi trng mng v tuyn. Theo ng cnh ny mt thu bao l ngi s dng: chng hn mt khch hng ca mt dch v in thoi t ong hoc mt ngi s dng mt dch v truy nhp Internet khng dy. Nhn thc thu bao l mt thnh phn then cht ca an ninh thng tin trong bt k mi trng mng no, nhng khi ngi s dng l di ng th nhn thc m nhn cc thnh phn mi. Trong th gii an ninh thng tin, nhn thc ngha l hnh ng hoc qu trnh chng minh rng mt c th hoc mt thc th l ai hoc chng l ci g. Theo Burrows, Abadi v Needham: Mc ch ca nhn thc c th c pht biu kh n gin nhng khng hnh thc v khng chnh xc. Sau khi nhn thc, hai thnh phn chnh (con ngi, my tnh, dch v) phi c trao quyn c tin rng chng ang lin lc vi nhau m

Trang: 3

Bo mt trong thng tin di ng

khng phi l lin lc vi nhng k xm nhp. V vy, mt c s h tng IT hp nht mun nhn thc rng thc t ngi s dng h thng c s d liu ca cng ty l gim c ngun nhn lc trc khi cho php quyn truy nhp vo d liu nhn cng nhy cm (c l bng cc phng tin mt khu v th thng minh ca ngi dng). Hoc nh cung cp h thng thng tin t ong mun nhn thc my in thoi t ong ang truy nhp vo h thng v tuyn ca h thit lp rng cc my cm tay thuc v nhng ngi s dng c ti khon l mi nht v l cc my in thoi khng c thng bo l b nh cp.

1.1: MC CH Tm hiu k thut bo mt trong thng tin di ng Bo mt mng thng tin 2G v 3G Mc ch ca nhn thc c th c pht biu kh n gin nhng khng hnh thc v khng chnh xc. Sau khi nhn thc, hai thnh phn chnh (con ngi, my tnh, dch v) phi c trao quyn c tin rng chng ang lin lc vi nhau m khng phi l lin lc vi nhng k xm nhp Bo mt uc thng tin qua hnh thc x l thng tin hay mt qu trnh x l khc m bo tnh bo mt cho ngi s dng Tng kh nng pht trin ca thng tin di ng

1.2 . I TNG NGHIN CU - Nghin cu cc th trong thng tin di ng nh 2G v 3G - Cc phng php a truy cp trong mng 2G v 3G - Cc h thng chuyn mch 2G,3G - Phng php kha cng cng - Nhn thc thu bao 1.3: PHM VI NGHIN CU Cc giao thc bo mt cho mng 2 G, 3 G
Trang: 4

Bo mt trong thng tin di ng

Nhn thc thu bao cho mng 2G Hot ng ca gioa thc nhn thc GSM Cc phng php bo mt mng thng tin di ng Gip cho chng ta b mt hn trong thng tin m ngi s dng cn bo mt Tng tnh cht bo mt cho khch hng Khng lm nh hng cho ngi s dng khi ang thng tin vi nhau qua thng tin di ng. Ngi s dng d dng lin lc vi nhau m khng s ngi khc nghe c. D cng ngh thng tin n thi im hin nay rt pht trin v pht trin ln n mc cao nht ca nhu cu nhng chng ta khng ngng tm hiu nhng ci c m x hi nghin cu.

1.4: NGHA TI

PHN II: NI DUNG TI


CHNG I: BO MT TRONG MNG GSM
I: Cc th h trong h GSM 1.1: Gii thiu v GSM Vi th trng Vit Nam, cng ngh di ng u tin GSM, th h 2G n gin, ch cho php thoi l chnh. Vic nng cp ln cng ngh GPRS vo cui nm 2003 gip ngi dng bt u lm quen vi nhng ng dng d liu. Cui nm 2007 va qua, sau khi ng dng EGDE, tc c nng cao hn vi nh tc t khong 384 kb/s. Nhng tc thc t vn cn thp khin cc dch v da trn nn d liu khng th pht trin v bng n mnh nh dch v thoi hin nay. Trn th gii by gi cn 2 th h cao cp ca h GSM vn cha c ng dng ti th trng Vit Nam, l WCDMA - th h 3G vi tc 2Mbps v HSPA (HSDPA & HSUPA) th h 3,5G vi kh nng truyn ln n 14,4 Mbps. y l nhng cng ngh tin tin ang c ng dng rng ri trn th gii vi hn 200 triu thu bao, trn 220 mng thuc 94 quc gia, chim 2/3 thu bao 3G trn ton cu (GSA, 6/2008). Theo thng tin t cc nh cung cp c u th v thu bao cng nh h tng ln nht Vit Nam hin nay, ngoi mc ch thi tuyn, cc mng ang chun b mi th c th trin khai ngay 3G khi c kt qu: u thu, lp t, th nghim, trin khai v.v Ngi
Trang: 5

Bo mt trong thng tin di ng

dng Vit Nam s sm tip cn c cng ngh ny, bt kp xu th cho bng ch bng em vi gn 100 quc gia khc. 1.2: Cng ngh truyn thng th th th hai GSM (2G) Th h hai ca mng di ng da trn truyn dn tn hiu s bng thp. Cng ngh v tuyn 2G thng dng nht c bit n l GSM (Global System for Mobile Communications). Cc h thng GSM, c trin khai ln u tin vo nm 1991, hin nay ang hot ng khong 140 nc v lnh th trn th gii, vi khong 248 triu ngi s dng. GSM kt hp c hai k thut TDMA v FDMA. Cc h thng GSM u tin s dng ph tn 25MHz di tn 900MHz. FDMA c s dng chia bng tn 25MHz thnh 124 knh tn s v tuyn ( rng knh l 200kHz). Vi mi tn s li s dng khung TDMA vi 8 khe thi gian. Ngy nay cc h thng GSM hot ng bng tn 900MHz v 1.8GHz trn ton th gii (ngoi tr M hot ng trn bng tn 1.9GHz) Cng vi GSM, mt cng ngh tng t c gi l PDC (Personal Digital Communications), s dng cng ngh TDMA ni ln Nht. T , mt vi h thng khc s dng cng ngh TDMA c trin khai khp th gii vi khong 89 triu ngi s dng. Trong khi GSM c pht trin Chu u th cng ngh CDMA c pht trin mnh Bc M. CDMA s dng cng ngh tri ph v c thc hin trn khong 30 nc vi c tnh khong 44 triu thu bao. Trong khi GSM v cc h thng s dng TDMA khc tr thnh cng ngh v tuyn 2G vt tri, cng ngh CDMA cng ni ln vi cht lng thoi r hn, t nhiu hn, gim rt cuc gi, dung lng h thng v tin cy cao hn. Cc mng di ng 2G trn y ch yu vn s dng chuyn mch knh. Cc mng di ng 2G s dng cng ngh s v c th cung cp mt s dch v ngoi thoi nh fax hay bn tin ngn tc ti a 9.6 kbps, nhng vn cha th duyt web v cc ng dng a phng tin. Hnh v di y th hin tng quan v ba cng ngh TDMA, FDMA v CDMA.

Trang: 6

Bo mt trong thng tin di ng

Hnh 1.1: Cc phng php a truy nhp. 1.3 Cu trc mng GSM 1.3.1: S khi Mng GSM c chia lm bn phn chnh: My di ng MS. H thng trm gc BSS. H thng chuyn mch SS. Trung tm vn hnh, bo dng OMC.

Trang: 7

Bo mt trong thng tin di ng

Hnh 1.2: Cu trc mng GSM. 1.3.2: Trm di ng - MS Mt trm di ng gm hai thnh phn chnh: Thit b di ng hay u cui.. Module nhn thc thu bao SIM. SIM l mt card thng minh dng nhn dng u cui. u cui khng th hot ng nu khng c SIM. Sim card c bo v bi s nhn dng c nhn. nhn dng thu bao vi h thng, SIM cn cha cc tham s thu bao khc nh IMSI 1.3.3: H thng trm gc - BSS BSS kt ni my di ng vi MSC. Chu trch nhim v vic pht v thu sng v tuyn. BSS chia lm hai phn: Trm thu pht BTS, hay trm gc BS. B iu khin trm gc BSC. BTS: BTS gm b thu pht v cc anten s dng trong mi cell trong mng. Mt BTS thng c t v tr trung tm ca mt cell. Mi BTS c t 1 n 16 b thu pht ph thuc vo mt thu bao trong cell.

Trang: 8

Bo mt trong thng tin di ng

BSC: BSC iu khin mt nhm BTS v qun l ti nguyn v tuyn. BSC chu trch nhim iu khin vic handover (chuyn giao), nhy tn, cc chc nng tng i v iu khin cc mc cng sut tn s v tuyn ca BTS. 1.3.4: H thng chuyn mch - SS H thng chuyn mch SS chu trch nhim qun l thng tin gia cc thu bao khc nhau nh thu bao di ng, thu bao ISDN, thu bao in thoi c nh N cn bao gm cc c s d liu cn thit lu tr thng tin v thu bao. Mt s khi chc nng trong SS gm: Trung tm chuyn mch dch v di ng - MSC. GMSC. Thanh ghi nh v thng tr - HLR. Thanh ghi nh v tm tr - VLR. Trung tm nhn thc - AuC. Thanh ghi nhn dng thit b - EIR. MSC: Thnh phn trung tm ca khi SS. Thc hin cc chc nng chuyn mch ca mng. N cn cung cp kt ni n cc mng khc. GMSC: L im kt ni gia hai mng. Cng MSC l ni giao tip gia mng di ng v mng c nh. N chu trch nhim nh tuyn cuc gi t mng c nh n mng GSM. HLR: L c s d liu quan trng lu tr cc thng tin v thu bao thuc vng ph sng ca MSC. N cn lu tr v tr hin ti ca cc thu bao cng nh cc dch v m thu bao ang c s dng.

Trang: 9

Bo mt trong thng tin di ng

VLR: Lu tr cc thng tin cn thit cung cp dch v thu bao cho cc my di ng t xa. Khi mt thu bao vo vng ph sng ca MSC mi, VLR s kt hp vi MSC yu cu thng tin v thu bao ny t HLR tng ng, lc ny VLR s c thng tin m bo cung cp dch v thu bao m khng cn hi li HLR mi ln thit lp cuc gi. VLR lun i km vi mt MSC. AuC: Thanh ghi AuC c dng cho mc ch bo mt. N cung cp cc tham s cn thit cho chc nng nhn thc v m ho. Cc tham s ny gip xc minh s nhn dng thu bao. EIR: EIR c dng cho mc ch bo mt. N l mt thanh ghi lu tr cc thng tin v cc thit b mobile. C th hn l n lu tr danh sch cc u cui hp l. Mt u cui c nhn dng bng mt IMEI. EIR cho php cm cc cuc gi t cc u cui b nh cp hay khng c php. 1.4: Cc phng thc bo mt trong mng GSM 1.4.1: Bo v SIM bng PIN, PUK y l 1 phng php bo v SIM n gin, ch thc hin SIM v khng lin quan ti mng. PIN CODE (Personal Indentification Number): c lu trn SIM. c hi mi khi bt my. 3 ln nhp sai Hi PUK (PIN UnlocK). 10 ln sai PUK Thay SIM. 1.4.2: Nhn thc thu bao (Authentication) Mc ch: Nhn thc thu bao.
Trang: 10

Bo mt trong thng tin di ng

Ngn nga vic s dng mng tri php. Cha kha s dng mng. K thut: Nhn dng thu bao: IMSI hoc TMSI. Phng php nhn thc Challenge-Response v pha nh cung cp dch v. 1.4.3: Cc thnh phn d liu trong giao thc nhn thc GSM Giao thc an ninh GSM, k c i vi s nhn thc ngi dng, c da trn cc cng ngh m ho i xng, vi SIM v trung tm nhn thc, c hai a ra cng IMSI v kho nhn thc thu bao (Ki) cho mi thu bao GSM. Mt c s ca giao thc bo mt GSM l trong khi kho nhn thc ca thu bao c lu trong c SIM v trung tm nhn thc th kho ny khng bao gi c truyn qua mng. Thnh phn d liu kho ca giao thc nhn thc GSM a ra bn di, cng vi cc thnh phn d liu khc to nn b ba. Cc thnh phn ca b ba c sinh ra bi trung tm nhn thc, c lu tr u tin trong HLR, v gi ti VLR khi mt thu bao tm cch thit lp mt phin lm vic trong khi thu bao ang chuyn vng.

1.4.4: Cc thnh phn ca b ba RAND: RAND l mt s ngu nhin 128 bit c sinh ra bi trung tm nhn thc. N lun c s dng trong giai on u thc hin th tc ChallengeResponse ca chui nhn thc GSM. SRES (Signed Response) : L mt s 32 bit, SRES l kt qu khi s dng thut ton A3 GSM cho RAND 128 bit. Kc (Session Key): Kc l mt kho phin 64 bit, Kc s dng m ha v gii m ha d liu truyn gia handset v BS trong mt phin truyn thng GSM n gin. Kc c sinh ra trong SIM v pha handset bng cch cung cp RAND 128 bit v kho nhn dng duy nht ca thu bao K i cho thut ton A8. Do Kc l kha duy nht i vi c thu bao c nhn.
Trang: 11

Bo mt trong thng tin di ng

1.4.5: Cc thnh phn d liu cn thit khc Ki: (Subscriber Authentication Key-Kho nhn thc thu bao): l kho duy nht i vi mi thu bao c nhn, l mt kho i xng lu gi trong c SIM v trung tm nhn thc, nhng khng bao gi pht qung b qua ng khng. IMSI: (International Mobile Subscriber Identification Nhn dng thu bao di ng quc t): l mt s nhn dng duy nht i vi thu bao c nhn. TMSI: (Temporary Mobile Subscriber Identification Nhn dng thu bao di ng tm thi): l mt s nhn dng tm thi c s dng trong phin truyn thng GSM, thay cho IMSI trong mc ch duy tr b mt thu bao. 1.5: Hot ng ca giao thc nhn thc GSM 1.5.1: Bn cht V bn cht, GSM s dng mt giao thc Challenge-Response n gin.

Hnh 1.3: K thut Challenge-Response.

Giao thc ny mang li th ca RAND v SRES c tnh trc bi trung tm nhn thc v c a ti VLR. Qu trnh thc hin nh sau: 1. MS thit lp knh v tuyn vi mng. 2. MS gi (IMSI hay TMSI) n HLR.

Trang: 12

Bo mt trong thng tin di ng

3. HLR s yu cu AuC cp b ba (RAND, Kc, SRES) ca IMSI tng ng. Trung tm nhn thc s dng thut ton A3 sinh ra SRES t s ngu nhin RAND v kho nhn thc thu bao Ki. Thm vo , AuC tnh c kho phin K c trong mt cch tng t, s dng thut ton A8. 4. HLR gi (RAND) n MS nh mt yu cu. 5. MS tnh ton ra (SRES) t RAND do HLR gi n v K i trn SIM. SIM trn MS s dng thut A3 v kho Ki thc hin thut ton A 3 sinh ra SRES ring ca n (SRES). 6. MS gi (SRES) v HLR (p li yu cu ca bc 4). 7. HLR i chiu SRES t to v SRES do MS gi v: Nu trng khp th nhn thc thnh cng, cn khng th t chi MS hoc yu cu nhn thc bng IMSI (nu ang dng TMSI).

Hnh1.4: S tng qut nhn thc trong GSM.

Trang: 13

Bo mt trong thng tin di ng

Hnh 15: S chi tit qu trnh nhn thc trong GSM.

Hnh 1.6. M hnh an ninh cho giao din v tuyn GSM

Trang: 14

Bo mt trong thng tin di ng

Hnh 1.7: Lung thng tin trong chui nhn thc thu bao GSM.

[A3 Algorithm Inputs] Random Chanllenge (RAND) Secret Key (Ki)

[A8 Algorithm Inputs] Random Chanllenge (RAND) Secret Key (Ki)

A3 Algorithm [ Algorithm Outputs] Session Key (Ks)

A8 Algorithm

Chanllenge Response (SRES)

Hnh 1.8: Qu trnh vo ra d liu ca thut ton A3 v A8 trong chui nhn thc thu bao GSM.

nh gi vic thc hin cc thut ton A3, A8: C hai thut ton A3 v A8 u c thc hin trn SIM. Cc Operator c th chn la cc thut ton theo mong mun. Vic ng dng cc thut ton A3, A8 khng ph thuc vo nh sn xut phn cng v cc Operator. Thc t hai thut ton A3, A8 c thc hin ng thi qua COMP128. 1.5.2: M ho thng tin ng truyn (Ciphering)

Trang: 15

Bo mt trong thng tin di ng

Mc tiu: Bo v d liu trn ng truyn v tuyn. Bo v cc thng tin c nhn ca thu bao. Bo v thng tin bo hiu. Ngn nga vic nghe trm. K thut: S dng Kc m ha v khi phc d liu. c thc hin trn my u cui. Thut ton m ha c s dng l thut ton A 5. Thut ton A5 c lu tr bng phn cng trn thit b di ng, b x l ca TD s chu trch nhim thc hin. Thut ton A5/1 c s dng bi nhng quc gia l thnh vin ca t chc Vin thng chu u CEPT, M, mt s nc chu . Thut ton A5/2 c s dng c, chu v mt s nc th gii th 3. Thut ton A5/2 ra i sau, yu hn thut ton A 5/1 v ch yu c s dng cho mc Thut ton A5/0 c th c s dng khi trm thu pht sng ch nh v ng truyn s khng c m ho. iu ng ni l ngi dng in thoi di ng khng ch xut khu sang cc nc nm ngoi khi CEPT. h c bit l ng truyn ca cuc gi hin ti c c m ha hay khng! y chnh l nn tng cho hnh thc tn cng ngi ng gia nghe ln cuc gi.

Hnh 1.9: K thut m ho v gii m s dng thut ton A5.

Hm m s hiu khung d liu Fn Mi khung d liu c mt s hiu khung tng ng, chnh l s th t khung. Thut ton m ho d liu A5 cho mt khung d liu ph thuc vo s hiu khung. Hm m s hiu khung d liu - Fn c tnh t s hiu khung nh trong hnh 3.9, trong T1 l thng s ca php chia s hiu khung cho 51*26 = 1326, T2 l php d ca php chia s hiu khung cho 51, T3 l php d ca php chia s hiu khung cho 26. Hm Fn c dng cho thut ton m ho d liu A5.
Trang: 16

Bo mt trong thng tin di ng

Hnh 1.10: Cu trc Fn.

Thut ton A5/1: Thut ton A5/1 gm hai giai on: Giai on 1: To ra 228 bit gi m cho mi khung d liu. Giai on 2: 228 bit (mt khung d liu) bn m = 228 bit d liu gi m XOR 228 bit (mt khung d liu) bn r. Trm thu pht cng khi to 228 bit d liu nh vy v XOR chng vi bn m c, gii m d liu. H m ha dng A5/1 l php XOR u ra ca ba thanh ghi dch chuyn u ra tuyn tnh (linear feedback shift registers) R1, R2 v R3 c di ln lt l 19, 22 v 23 bit nh hnh 3.10 v 22 bit m Fn. Mi thanh ghi c dch chuyn t phi sang tri, c quyt nh bi hm a s (majority function). Hm a s c xc nh bi ba bit C1, C2 v C3. Trong C1 l bit th 8 ca R1, C2 l bit th 10 ca R2, C3 l bit th 10 ca R3, trong cc bit c nh th t t phi sang bt u t 0. Trong cc bit C1, C2 v C3 nu hai hoc nhiu hn trong chng l 0 th hm a s m = 0. Tng t nu hai hoc nhiu hn trong chng l 1 th hm a s m = 1. Nu C1=m th R1 c dch, nu C2=m th R2 c dch, v nu C3=m th R3 c dch. Trong mi vng lp, cc bit 13, 16, 17 v 18 ca R1 c XOR v gn cho bit 0 ca R1. Bit 20, 21 ca R2 c XOR v gn cho bit 0 ca R2. Bit 7, 20, 21, 22 ca R3 c XOR v gn cho bit 0 ca R3. Sau mi vng lp bit cui cng ca mi thanh ghi c XOR sinh ra 1 bit u ra.
Trang: 17

Bo mt trong thng tin di ng

Hnh 1.11 : Cu trc thut ton A5/1.

Giai on 1: to cc bit d liu gi m (pseudo-code) t kho Kc v Fn 1. Trong bc u tin, tt c cc thanh ghi nhn gi tr 0: R1 = R2 = R3 = 0. Tng bit mt t bit thp nht ca Kc, mi mt 64 bit c a vo 3 thanh ghi mt cch ng thi (parallel), b qua hm a s. Trong mi vng lp, cc bit t Kc c lu vo thanh ghi bng cch thc hin XOR vi bit 0 ca mi thanh ghi. For i = 0 to 63 R1[i] = R1[0] Kc[i], R2[i] = R2[0] Kc[i], R3[i] = R3[0] Kc[i] 2. Bc 2: 22 bit m Fn c lu vo thanh ghi ging nh Kc bc 1. For i = 0 to 21 R1[i] = R1[0] Fn[i], R2[i] = R2[0] Fn [i], R3[i] = R3[0] Fn [i] 3. Bc 3: 100 vng lp b sung c thc hin dng hm a s, kt qu bc 3 khng phi l u ra cui cng ca thut ton nhng l u vo ca bc 4. 4. Bc 4: 228 vng lp khc c thc hin nhn c 228 bit gi m. Giai on 2: Bn m = bn r XOR gi m.

Thut ton A5/2:

Trang: 18

Bo mt trong thng tin di ng

Hnh 1.12 : Cu trc thut ton A5/2.

Thut ton m ho A5/2 dng kho Kc(64 bit) v gi tr khi to IV (22 bit) Fn. A5/2 c thc hin bi bn thanh ghi dch chuyn u ra tuyn tnh (Linear Feedback Shift Registers LFSRs): R1, R2, R3, R4 vi di ln lt l 19, 22, 23, 17 bit, vi u ra tuyn tnh nh hnh 3.11. Trc khi mt thanh ghi b kho li (tm thi khng dng), u ra c tnh (khi tin hnh XOR cc gi tr). Sau , thanh ghi c dch mt bit sang phi (tr bit bn phi nht) v u ra c lu trong v tr bn tri nht (v tr 0). A5/2 c khi to vi Kc v Fn theo bn bc, trong bit th i ca K c c k hiu l Kc[i], bit th i ca Fn c k hiu l Fn[i] vi i = 0 l bit nh nht. K hiu trng thi cc thanh ghi sau khi kho li c thit lp bi (R1, R2, R3, R4) = keysetup( Kc, Fn). Qu trnh khi to ny l qu trnh thit lp kho. Thit lp kha l tuyn tnh vi c Kc v Fn, ngoi tr R1[15], R2[16], R3[18] v R4[10] lun c gn l 1. A5/2 hot ng theo vng lp, cui mi vng lp mt bit u ra c sinh ra. Trong mi vng lp, hai hoc ba trong cc thanh ghi R1, R2 v R3 b kho, ty theo gi tr ba bit 3, 7 v 10 ca R4. Sau R4 b kho li. Bt u mi vng lp, ba bit R4[3], R4[7] v R4[10] thc hin hm a s (majority function). Quy tc kho li cc thanh ghi nh sau:
Trang: 19

Bo mt trong thng tin di ng

R1 c kho li nu v ch nu R4[10] thuc a s, R2 c kho nu v ch nu R4[3] thuc a s, R3 c kho nu v ch nu R4[7] thuc a s. V d: Nu hai hoc nhiu trong hn ba bit R4[10], R4[3], R4[7] l 1 th hm a s m = 1, nu R4[10] = 1 th R1 c kho li, nu R4[3] = 1 th R2 c kho li, nu R4[7] = 1 th R3 c kho li. Nu hai hoc nhiu hn trong ba bit R4[10], R4[3], R4[7] l 0 th hm a s m = 0, nu R4[10] = 0 th R1 c kho li, nu R4[3] = 0 th R2 c kho li, nu R4[7] = 0 th R3 c kho li. Sau , R4 b kho, v mt bit u ra c to ra t cc gi tr ca R1, R2 v R3 bng cch XOR bit phi nht ca chng vi ba gi tr hm a s ca mi thanh ghi. 99 bit u tin ca u ra c b qua v 228 bit tip theo c dng lm u ra ca thut ton. Giai on 1: to cc bit d liu gi m (pseudo-code) t kho Kc v Fn 1. u tin, c bn thanh ghi u c gn gi tr 0. R1 = R2 = R3 = R4 = 0. 64 bit Kc s c a vo 4 thanh ghi ng thi. Trong mi vng lp, cc bit t K c c lu vo thanh ghi bng cch thc hin XOR vi bit 0 ca mi thanh ghi. For i = 0 to 63 R1[i] = R1[0] Kc[i], R2[i] = R2[0] Kc[i], R3[i] = R3[0] Kc[i], R4[i] = R4[0] Kc[i] 2. 22 bit m s c lu vo thanh ghi ging nh Kc trong bc 1. For i = 0 to 21 R1[i] = R1[0] Fn[i], R2[i] = R2[0] Fn[i], R3[i] = R3[0] Fn[i], R4[i] = R4[0] Fn[i] 3. Gn cc bit R1[15] = 1, R2[16] = 1, R3[18] = 1, R4[10] = 1. 4. Thc hin 99 vng lp dng hm a s, kt qu bc 3 khng phi l u ra cui cng ca thut ton nhng l u vo ca bc 4. 5. Thc hin 228 vng lp v ly kt qu u ra 228 bit. u ra gm 228 bit (c gi l gi m) c chia lm hai na.

Trang: 20

Bo mt trong thng tin di ng

-Na u tin gm 114 bit c dng nh gi m m ho lin kt t mng ti thit b di ng. -Na th 2 cng gm 114 bit c dng m ho lin kt t thit b di ng ti mng di ng. Giai on 2: Bn m = bn r XOR gi m. Do A5/2 c xy dng da trn kin trc ca A 5/1. Cc hm u ra ca R1, R2 v R3 cng tng t nh cc hm u ra ca A 5/1. Qu trnh khi to ca A5/2 tng t ca A5/1, ch c mt im khc l A 5/2 cng khi to R4 v mt bit ca mi thanh ghi s gn l hng 1 sau khi khi to, trong khi A 5/1 khng dng R4 v khng c bit no b gn l hng 1. Khi A5/2 b qua 99 bit ca u ra th A 5/1 b qua 100 bit u ra. K thut kim sot thanh ghi cng tng t, nhng cc bit u vo cho k thut ny ly t R4 trong trng hp A5/2, trong khi vi A5/1 ly t R1, R2 v R3. 3.3.4 S dng IMSI tm (TMSI) thay cho IMSI IMSI (International Mobile Subscriber Identity): S nhn dng thu bao di ng quc t. IMSI l s nhn dng duy nht c gn cho tng thu bao di ng gip cho vic nhn dng chnh xc cc thu bao di ng trn cc ng truyn sng v tuyn v thng qua mng. IMSI c s dng cho vic bo hiu trong mng PLMN (mng thng tin di ng mt t - Public Land Mobile Network). IMSI c lu tr trong SIM, HLR v VLR.

Hnh 1.13: Cu trc IMSI.


Trang: 21

Bo mt trong thng tin di ng

IMSI bao gm cc thnh phn sau: MCC (Mobile Country Code): M quc gia MNC (Mobile Network Code): M mng di ng MSIN (Mobile Station Identification Number): S nhn dng thit b di ng TMSI (Temporary Mobile Subscriber Identity): S nhn dng thu bao di ng tm thi. TMSI l mt s IMSI tm thi c cp cho mt MS khi ng nhp vo mng. TMSI c s dng bo mt thu bao ng trn giao tip khng kh. TMSI c ngha cc b trong phm vi MSC/VLR ang phc v v n c thay i theo thi gian hay khi c mt s kin no xy ra nh vic cp nht v tr (Location update). Cu trc ca TMSI c quyt nh bi nh khai thc dch v nhng chiu di khng vt qu 8 k t. Mc tiu: Bo v IMSI trn ng truyn v tuyn bng cch hn ch n i a vic trao i gia Network-MS bng IMSI. K thut: S dng TMSI (IMSI tm). TMSI s c gn cho IMSI sau ln giao tip vi Network ln u tin. Cc ln sau s dng TMSI thay cho IMSI. TMSI s c re-new sau mi ln thc hin Location Update (cp nht v tr). Khi MS tt my, TMSI s c lu li trn SIM dng li ln sau. VLR s thc hin vic ch nh/qun l TMSI.

Hnh 1.14: Ch nh TMSI (khng thc hin Location Update).

Trang: 22

Bo mt trong thng tin di ng

Hnh 1.15:Ch nh TMSI (thc hin Location Update).

1.5.3: Cc l hng trong h thng bo mt ca mng GSM nhn thc v pha MS. Cc bn tin Authen_Req v Authen_Res khng mang thng tin v ngi gi v ngi nhn. Nu MS nhn c mt Authen_Req(RAND) n s lun phn hi li mt Authen_Res(SRES). Cch hacker khai thc l hng ny: Cc False BTS. L hng nghim trng trong thut ton COMP128 (A3/A8) Trong thc t vic thc hin 2 thut ton A 3 v A8 c thc hin chung trong 1 thut ton COMP. COMP s to ra (64-bit K c) v (32-bit SRES) t (128-bit K i) v (128-bit RAND). L hng nghim trng ca COMP l: Vi cc gi tr chn lc RAND u vo, c th tm ra Ki vi s ln th t hn theo l thuyt (khong 2 13-215 thay v 2128 ln). Theo cch thut ton COMP128 thc hin th thc cht chiu di kha bo mt ch c 54 bit v 10 bit trng s thp c defaut bng 0. K thut s dng TMSI thay IMSI qu yu Khi mng khng nhn thc thnh cng vi MS bng TMSI, n c th yu cu MS nhn thc qua IMSI: Identity_Request (Identity Type=IMSI). Khi MS s gi IMSI v mng qua v tuyn, thng tin khng h c m ha. L hng trong thut ton A5/1 hoc A5/2
Trang: 23

Bo mt trong thng tin di ng

A5/1 c th b crack trong vng 1 giy bng my tnh thng thng - theo nhn xt ca 2 chuyn gia bo mt Alex Biryukov v Adi Shamir. A5/2 thm ch cn yu hn c A5/1. Thng tin m ha trn v tuyn, song khng h c m ho trong mng li Thc t thng tin trong mng GSM ch c m ha trn ng v tuyn. Qung ng cn li t BTS v mng li khng h c bo v. IMSI trao i qua li gia cc VLR cng khng h c bo v. Kt lun: Trong chng ny, chng ta tm hiu c kin trc mng, cc thnh phn ca mng v kin trc bo mt ca mng thng tin di ng GSM cng nh phn tch mng GSM di gc bo mt. Bn cnh , chng ny cn gii thiu gii php bo mt c s dng trong mng GSM, trnh by v cc phng thc bo v SIM, cc bc trong qu trnh nhn thc thu bao, m ha cng nh cc thut ton m ha c s dng trong bo mt mng GSM. Ngoi ra, cn nu ln cc l hng trong h thng bo mt mng GSM c c ci nhn ton din hn v vn bo mt trong h thng GSM.

CHNG II: PHNG PHP KHO CNG CNG TRONG MI TRNG LIN MNG V TUYN

Trong nhng nm 1980, khi cc giao thc bo mt cho GSM ang c pht trin, s ph bnh c ni n nhiu nht v mt m kha cng cng cng nh mng v tuyn lin quan l cc giao thc yu cu vic x l qu nhiu. Chng hn, RSA c c tnh l yu cu tnh ton gp 1000 ln so vi cng ngh mt m kha ring. Cho trc gii hn ca cc my in thoi t ong di dng c tc x l ln tui th ngun, ngi thit k mng t ong nhn thy iu ny phi tr mt gi qu cao. 2.1. Thut ton kha cng cng Light-Weight cho mng v tuyn

Trang: 24

Bo mt trong thng tin di ng

Bt u vo u nhng nm 1990, cc nh nghin cu tm ra cc thut ton lun phin yu cu phi thc hin t x l hn. Cc thut ton ny c th c p dng cho nhn thc v an ninh trong mi trng lin mng v tuyn. Trong s ny c k thut MSR (Module Square Root) v mt vi bin th ca ECC (Elliptic Curve Cryptography: Mt m ng cong). Nhng thut ton ny s c m t khi qut trong cc phn nh di y. 2.1.1: Thut ton MSR Thut ton MSR c gii thiu bi M.O.Rabin nm 1979, v sau c nghin cu cho tim nng trong cc h thng thng tin c nhn bi Beller, Chang v Yacobi u nhng nm 1990. Ging nh hu ht cc thut ton mt m, phng php y l da trn s hc modul v ph thuc vo s phc tp ca vic phn tch ra tha s nhng s ln. Ni chung, MSR hot ng nh sau. Kha cng cng l mt modul, N, l tch ca hai s nguyn t ln, p v q (trong , khi thc hin trong thc t, p v q in hnh l nhng s nh phn c di t 75 n 100 bt). T hp p v q to thnh thnh phn kha ring ca thut ton. Nu Principal A mun chuyn bn tin tin cy M ti Principal B, u tin A tnh CM2 mod N, trong C l on vn bn mt m pht sinh v M2 l gi tr nh phn ca bn tin M c bnh phng. Ch rng y l php ton modul v th ly gi tr phn d modul N. Khi nhn c on vn bn m ha C, principal B, ngi bit p v q c th o ngc qu trnh ny bng cch ly ra modul cn bc 2 ca C lp ra M (ngha l MSQRT(C) mod N). i vi pha khng c quyn truy nhp n cc gi tr ca p v q, thc hin gii php b cn tr do s kh khn ca tha s N khng c thut ton phc tp a thc. Ngoi s tht rng n tr gip mt m kha ring/kha cng cng v ch truyn bn tin, MSR c mt u im ln th hai khi n c s dng cho mi trng v tuyn. Vic ti thut ton c s dng my in ton l bt i xng. Tnh modul bnh phng cn cho mt m yu cu t tnh ton hn nhiu (ch mt php nhn modul) so vi ly

Trang: 25

Bo mt trong thng tin di ng

modul cn bc 2 tr li vn bn thng (iu ny yu cu php tnh s m). V vy, nu chc nng m ha c th c t trn trm di ng, v chc nng gii mt m trn trm gc, mt cch l tng MSR p ng nhng hn ch c t ra bi my in thoi c b x l chm v d tr ngun gii hn. 2.1.2: Mt m ng cong elp (ECC: Elliptic Curve Cryptography) Trong nhng nm gn y, ECC cng ni ln nh mt k thut mt m tim nng cho cc ng dng trong cc mng v tuyn. Trng tm t vo vic ti thiu cc yu cu cho ti nguyn b x l dnh cho mt m trong trm di ng, sc mnh ca mt m cho mi bt kha tr thnh mt phm cht quan trng. Ni chung ngi ta chp nhn rng mt m vi ECC s dng cc kha 160 bt a ra xp x cng mc bo mt nh RSA c kha 1024 bt v t nht mt nghin cu ch ra rng ECC thm ch c kha 139 bt cng cung cp c mc bo mt ny. Koduri, Mahajan, Montague, v Moseley xut mt phng php nhn thc t hp cc mt khu c nhn ngn vi mt m da trn ECC. Cc tc gi s dng hai bin th ca phng php ECC c bn, EC-EKE (Elliptic Curve Encrypted Key Exchange: Trao i kha mt m ng cong elp) v SPECKE (Simple Password Elliptic Curve Key Exchange: Trao i kha ng cong mt khu n gin). C hai bin th u yu cu cc Principal ang lin lc tho thun mt password, nh ngha ton hc ca mt ng cong elip c th, v mt im trn ng cong ny, trc khi thit lp mt phin truyn thng (mc d khng c nghin cu trong ti liu ny, mt trung tm nhn thc c th cung cp cc thng tin cn thit cho cc Principal nh mt s trao i nhn thc). Khi thc hin th mt th tc nhn thc cho cc mi trng v tuyn s dng ECDSA (Elliptic Curve Digital Signature Algorithm: Thut ton ch k s ng cong elp), Aydos, Yanik v Koc s dng cc my RISC 80MHz ARM7TDMI nh l b x l mc tiu (ARM7TDMI c s dng trong cc ng dng s trong cc sn phm di ng c thit k lin lc thng qua mng v tuyn). Bng cch s dng kha ECC di 160 bit, vic to ch k ECDSA yu cu 46,4 ms, i vi 92,4 ms cho s xc minh ch k. Vi mt di kha 256 bt phi mt ti 153,5 ms cho vic to ch k v 313,4
Trang: 26

Bo mt trong thng tin di ng

ms cho vic xc minh. Cc tc gi kt lun rng cch tip cn ECDSA da trn ECC ti vic xc minh thu bao l mt s la chn thc t cho mi trng v tuyn. 2.2: Beller, Chang v Yacobi: Mt m kha cng cng gp phi vn kh khnTrong mt bi vit nm 1993 ca IEEE Journal on Selected Areas in Communications, Beller, Chang v Yacobi nh ngha cc cch tip cn cho nhn thc v mt m d liu trong cc ng dng mng v tuyn da trn mt m kha cng cng. Phng php u tin c gi l Gii php kha cng cng MSR ti thiu s dng phng php MSR v chnh quyn trung ng tin cy lu gi mt modulus N v cc tha s cu thnh p v q. Khi cc thu bao bt u cc hp ng dch v ca chng, mt chng nhn b mt c a vo trong t hp in thoi m t hp ny cng s dng modul N. Gii php kha cng cng MSN ti thiu c s yu km rng ngi mo nhn cng trm gc nu thnh cng sau c th mo nhn ngi s dng. Giao thc th hai trong ba giao thc ny, giao thc MSR ci tin (IMSR) gii quyt im yu km ny bng cch thm vic nhn thc mng ti trm di ng. Cui cng, giao thc th 3 Giao thc MSR+DH b sung s trao i kha Diffie-Hellman vo phng php Modul cn bc 2 c s. Cc mc nh di y khm ph giao thc MSR ci tin chi tit hn. Mt s ch sau c cung cp v cch m giao thc MSR+DH b sung vo kh nng ca IMSR, cng vi mt li ch thch v s quan trng ca giao thc ca Beller, Chang, v Yacobi. 2.2.1: Cc phn t d liu trong giao thc MSN ci tin Trong giao thc IMSR, c Trm gc mng phc v (SNBS: Serving Network Base Station) ln Chnh quyn chng nhn (CA: Certification Authority) gi cc kha cng cng c m t khi tho lun v MSR, biu din tch ca hai s nguyn t ln p v q, ci m to thnh cc kha ring. Mi trm gc mng gi mt chng ch, nhn c t Chnh quyn chng nhn, p dng hm bm h cho ID mng ca trm gc mng v cho kha cng cng ca n. Beller, Chang v Yacobi s dng thut ng Thit b iu khin v tuyn (RCE: Radio Control Equipment) xc nh thc th chc nng iu khin cc
Trang: 27

Bo mt trong thng tin di ng

cng truyn thng trn mng v tuyn. V chng ta s dng trm gc xc nh chc nng ny trong cc chng khc ca lun vn nn nht qun vn thut ng ny s c s dng y. (Thut ng ca Beller, Chang v Yacobi cng c sa i trong mt vi chi tit gi nht qun). Cc phn t v chc nng d liu then cht trong giao thc IMSR bao gm:

1. IDBS (Base Station Identifier): B nhn dng duy nht ca trm gc mng v tuyn
(trong ng cnh ny l mt trm gc trong mng phc v hoc mng khch).

2. IDMS (Mobile Station Identifier): B nhn dng duy nht trm di ng. iu ny tng
ng vi IMSI (International Mobile Subscriber Identity : Nhn dng thu bao di ng quc t) trong giao thc nhn thc GSM.

3. NBS (Public Key of Base Station): NBS, kha cng cng ca trm gc l tch ca 2 s
nguyn t ln, pBS v qBS, ch trm gc ca mng v Chnh quyn chng nhn (CA) bit.

4. NCA (Public Key of CA): NCA, kha cng cng ca CA tng t l tch ca 2 s
nguyn t ln, pCA v qCA, ch CA c bit.

5. Ks (Session Key): Mt kha phin cho mt m d liu n sau trong phin truyn
thng, c m phn trong giao thc nhn thc.

6. RANDX (Random Number): Mt s ngu nhin c chn bi trm di ng trong khi


xc nh Ks.

7. h (Hash Function): h l hm bm mt chiu, tt c cc Principal u bit, hm ny


gim cc i s u vo ti c ca cc modulus (ngha l cng di nh N BS v NCA).

8. Trm gc kim tra tnh hp l ca chng nhn bng cch bnh phng gi tr chng
nhn modul NCA, v so snh n vi gi tr ca h (ID BS, NBS) (c tnh ton mt cch c lp). Nu cc gi tr trng khp vi nhau th trm di ng thng qua, nu khc n hy b phin truyn thng.

Trang: 28

Bo mt trong thng tin di ng

9. Trm di ng chn mt s ngu nhin c gi l RANDX c chc nng nh kha


phin Ks. Trm di ng sau tnh mt gi tr gi l a, trong a RANDX2 mod NBS. Trm di ng sau s gi a n trm gc.

10. Server mng tnh gi tr RANDX (trong thc t y l kha phin Ks) bng cch tnh
RANDX sqrt(a) mod NBS. Ch rng k nghe trm khng th thc hin c tnh ton ny bi v k nghe trm khng truy cp c cc tha s p v q ca trm gc. C trm gc ln trm di ng by gi dng chung kha phin Ks.

11. By gi trm di ng s dng kha phin Ks, hm f, v mt chui m tnh ra mt


gi tr gi l b, trong b f(Ks, m). Chui m trn mc ni ID MS v CertMS vi nhau. Trm di ng truyn b ti trm gc mng.

12. Trm di ng s dng s hiu bit ca n v kha phin Ks gii mt m b v ly ra


m. T chui m, trm gc ly ra chng nhn cho trm di ng Cert MS, v tnh CertMS2 mod NCA. Gi tr ny c so snh vi g(ID MS) mod NCA. Nu kt qu trng nhau, th trm di ng trong thc t l ng v kho phin c xc nhn. Hot ng ca giao thc IMSR c m t theo s trong hnh 2.1. Ch rng, trong khi hnh v ch m t giao tip gia trm di ng v trm gc mng, th quyn xc nhn cng l mt phn quan trng ca c s h tng. Tuy nhin vi giao thc IMSR cho trc, th CA c yu cu khi trm gc c thit lp v khi thu bao ng k dch v tr thi im phin ring. iu ny c u im gim yu cu cho truyn thng khong cch xa t cc mng phc v n mng nh trong khi thit lp mt phin truyn thng.

Trang: 29

Bo mt trong thng tin di ng

Hnh 1.16: Biu minh ho hot ng ca thut ton IMSR

2.2.2: Giao MSR+DH Beller, Chang v Yacobi thng bo mt s yu km quan trng trong giao thc IMSR. Trm gc mng c cung cp vi cc thng tin b mt v trm di ng m trm gc chng minh l khng tin cy, v vy trong tng lai n c th ng vai tr trm gc v nhn cc dch v mt cch gian ln. Gii php m cc nh nghin cu t ra cho vn ny l b xung kho chuyn i Diffie-Hellman vo giao thc IMSR. Vi s tng cng ny, s tip xc b hn ch i vi nhng thnh vin ni b m bit c cc gi tr p v q cho CA. 2.2.3:Beller, Chang v Yacobi: Phn tch hiu nng Mt phn quan trng c xut bi Beller, Chang v Yacobi v kh nng pht trin ca giao thc kho cng cng v d nh nhng giao thc h xut trong ti liu

Trang: 30

Bo mt trong thng tin di ng

nm 1993 l phn tch hiu nng. Nh ch trc y, tt c ba giao thc l bt i xng theo yu cu tnh ton. V pha server, cc giao thc ny yu cu ly ra modul cn bc 2 - mt qu trnh i hi nhiu tnh ton thm ch ngay c khi cc tha s nguyn t p v q c sn. Tuy nhin vi cc server mt m chuyn dng trong trm gc mng, tc gi bin lun rng iu ny l kh dng thm ch bng cch s dng phn cng nm 1993. Ngc li, gnh nng tnh ton b p t bi IMSR trn my cm tay l nh. Ch cn n hai php nhn modul. Mc tnh ton ny c th qun l mt cch d dng ngay c vi b vi x l 8 bt. Khi b xung kho chuyn i Diffie-Hellman vo th vi giao thc MSR+DH, khi lng tnh ton tng ln ti 212 php nhn modul trong giao thc nhn thc, thc hin cc modul 512 bt. iu ny l khng thc t i vi cc my cm tay ch c trang b mt b vi iu khin. Tuy nhin tc gi bin lun rng, vi cc chun phn cng nm 1993 th c th trin khai c cho my cm tay c trang b mt DSP (Digital Subscriber Processor: B x l tn hiu s) v sn sng c th thc hin trong nm 2001. 2.3:Carlsen: Public-light Thut ton Beller, Chang v Yacobi c duyt li Trong mt ti liu nm 1999 xut hin trong Operating System Review, Ulf Carlsen nh gi v ph bnh phng php kho cng cng c xut bi Beller, Chang v Yacobi (BCY) c m t trong phn trc. Carlsen ng vi BCY rng giao thc MSR n gin d b tn cng ni bn trm gi mo l trm gc hp php to ra 2 s nguyn t p v q ring ca n, v chuyn tch N ti trm di ng nh th n l kho cng cng thc. Theo Carlsen, nhng chng nhn giao thc IMSR cng c s yu km trong chng khng cha cc d liu lin quan n thi gian v d nh d liu ht hn. iu ny ngha l IMSR d b tn cng pht li trong chng nhn c c s dng li bi bn tn cng sau khi kho phin tng ng c tit l. Gii php tim nng gii quyt vn ny l gm vic thm tem thi gian vo chng nhn IMSR, lm cho CA hot ng online nh mt thnh phn tham gia tch cc trong giao thc, hoc to v phn phi quyn thu hi giy php.

Trang: 31

Bo mt trong thng tin di ng

Carlsen xut hai giao thc tng cng cho cc giao thc c a ra bi BCY nhm tng cng vic m bo an ninh trong khi vn gi c mt vi u im ca phng php kho cng cng. Giao thc tr li kho b mt (Secret Key Responder Protocol): Giao thc ny gii thiu li mt kho b mt c x l bi trm di ng cng nh server tin cy (trusted server) m ring bit vi trm di ng v trm gc mng. Trusted server bit kho ring ca trm di ng v v vy c th gii mt m mt nonce c mt m bi trm di ng vi kho ring ca trm di ng. Nonce c s dng m bo ng thi hn trao i bn tin nhn thc; trong khi s c mt ca trusted server trong hnh nh cho php trm di ng khi to phin truyn thng m khng phi qung b nhn dng ring ca n mt cch r rng. Giao thc an ninh u cui-n-u cui (End to End Security Protocol): Carlsen ch ra rng nhiu s bo mt cho mng v tuyn m nhn an ninh ca mng v tuyn. Tuy nhin, iu ny l gi thuyt ti u thi qu: Ngi s dng ngh rng di dng an ninh di ng v t tin tng vo hiu qu ca vic o c an ton c iu khin bi ngi vn hnh. V vy yu cu ca ngi s dng l cc dch v bo mt end -to- end (cc thnh phn mng c iu khin bi ngi vn hnh khng th can thip n) nn c cung cp. Mt kha cnh th v ca Giao thc bo mt u cui n u cui l, trc khi kho phin c to ra v c trao i th giao thc yu cu hai ngi nghe nhn thc ID ca nhau bng cch nhn ra ging ni ca nhau v xc nhn n (Giao thc v vy khng hu dng khi tng tc vi nhng ngi nghe m ngi s dng khng quen bit). Ni chung, Carlsen t lc quan hn Beller, Chang v Yacobi rng phng php kho cng cng c th thc hin mt mc hiu nng cho php chng c th linh ng s dng trong cc h thng mng v tuyn thc. Do hiu nng v thi gian hn ch, cng ngh kho cng cng hin thi khng thch hp cho vic cung cp tin cy nhn dng ch trong giao thc responder. Ngoi ra chng ta thy rng u im ca cng ngh kho cng cng gim khi server online
Trang: 32

Bo mt trong thng tin di ng

v c th l trusted server c yu cu. iu ny t ti u hn cho vic s dng cng ngh kho cng cng nh mt gii php chung cho nhn thc v tnh ring t trong cc giao thc PCS (Personal Communications Services: Cc dch v thng tin c nhn) khi tin cy nhn dng ch c yu cu. Vn ny hin ra r rng c bit trong cc vng th, ni m s cc my di ng c t ng thi ti mt cng v tuyn c th c th ln n hng trm. 2.4. Aziz v Diffie: Mt phng php kho cng cng h tr nhiu thut ton mt m Trong mt bi vit nm 1994 trong IEEE Personal Communications, Ashar Aziz v Witfield Diffie cng xut mt giao thc cho cc mng v tuyn s dng giao thc kho cng cng cho nhn thc v to kho phin, v mt phng php kho ring cho mt m d liu trong mt phin truyn thng. Ging nh xut ca Beller, Chang v Yacobi c m t trn, phng php ca Aziz v Diffie s dng chng nhn s v CA. Mt c tnh ring bit ca phng php Aziz-Diffie l n cung cp s h tr r rng cho trm di ng v trm gc mng m phn thut ton mt m kho ring no s c s dng thc hin tnh tin cy d liu. 2.4.1 Cc phn t d liu trong giao thc Aziz-Diffie Cc phn t d liu quan trng trong giao thc nhn thc c xut bi Aziz v Diffie gm: 1. RCH1 (Random Chanllenge): RCH1 l mt gi tr yu cu ngu nhin c to bi trm di ng trong pha khi to ca giao thc nhn thc. Aziz v Diffie xut di 128 bt. 2. CertMS (Certificate of the Mobile Station): Certificate ca trm gc cha cc phn t d liu di y: S Sri (Serial number), thi gian hiu lc, tn my, kho cng cng ca my v tn CA. Ni dung v nh dng Cert tun theo CCITT X.509. Cert c k vi bn tin digest c to vi kho ring ca CA. Nhn dng

Trang: 33

Bo mt trong thng tin di ng

cha trong CA ny trong Cert cho php Principal khc m bo an ton kho cng cng CA. 3. CertBS (Certificate of Base Station): CertBS c cng cc phn t v cu trc nh ca trm di ng. 4. KUMS (Public Key): Kho cng cng ca trm di ng. 5. KUBS (Public Key): Kho cng cng ca trm gc. 6. RAND1; RAND2 (Random Numbers): RAND1, c to bi trm gc v RAND2, m trm di ng to ra c s dng trong vic to kho phin. 7. Ks (Session Key): Kho phin c to thng qua vic s dng c RAND1 ln RAND2. 8. SKCS (List of Encription Protocols): SKCS cung cp mt danh sch cc giao thc mt m d liu kho ring m trm di ng c th s dng cho vic mt m d liu c truyn dn trong mt phin truyn thng. 9. Sig (Digital Signatures): Nhng ch k s di giao thc Aziz-Diffie, c to ra bng cch s dng kho ring ca ng k principal, v c p dng bng cch p dng kho cng cng ca ngi k. 2.4.2:Hot ng ca giao thc Aziz-Diffie Chui trao i bn tin gia trm di ng v trm gc mng trong giao thc AzizDiffie bao gm: 1. Trm di ng gi bn tin request-to-join (yu cu tham gia) ti mt trm gc mng trong vng ln cn ca n. Bn tin request to join cha ba phn t chnh: s c to ngu nhin ng vai tr nh mt yu cu (challenge), RCH1; chng nhn trm di ng, CertMS; v mt danh sch cc thut ton mt m d liu kho ring m trm di ng c th h tr, SKCS. 2. Trm di ng xc nhn gi tr ca ch k trn chng nhn ca trm di ng. Ch rng iu ny chng nhn rng chnh chng nhn cng l iu xc nhn c gi tr
Trang: 34

Bo mt trong thng tin di ng

m khng phi l chng nhn nhn c t trm di ng cng trm di ng m chng nhn pht hnh ti. Nu chng nhn khng c gi tr th trm gc kt thc phin; nu khc n tip tc. 3. Trm gc tr li trm di ng bng cch gi chng nhn ca n, Cert BS; mt s ngu nhin, RAND1, mt m bng cch s dng kho cng cng ca trm di ng; v la chn thut ton mt m kho ring t cc thut ton c gii thiu bi trm di ng. Trm gc chn t s giao nhau ca tp cc thut ton c gii thiu bi trm di ng v tp cc thut ton m trm gc h tr thut ton m n xem l a ra bo mt cao. di kho c m phn n di ti thiu m trm di ng c kh nng x l v trm gc h tr. Trm gc tnh ton mt ch k bn tin bng cch s dng kho ring trn mt tp cc gi tr m cha gi tr mt m RAND1, thut ton mt m d liu c chn, challenge RCH1 ban u nhn c t trm di ng v danh sch ban u cc thut ton mt m ng c. 4. Trm di ng Trm di ng xc nhn tnh cht hp l ca chng nhn n nhn c t trm gc. Trm di ng cng xc nhn ch k trm gc bng cch gii mt m tp cc gi tr n nhn c trong bn tin k, bng cch s dng kho cng cng ca trm gc. Nu gi tr RCH1 v gi tr cc thut ton mt m ng c nhn c t trm gc ph hp vi nhng gi tr ny c truyn ban u bi trm di ng th nhn dng trm gc c xc nhn. Nu khc trm di ng kt thc phin truyn thng. 5. ly ra gi tr RAND1 bng gii mt m s dng kho ring ca n. 6. Trm di ng by gi to ra mt gi tr ngu nhin th hai, RAND2 c cng di bt nh RAND1 v lm php ton logic XOR hai chui. Chui to ra bi RAND1RAND2 s cu thnh mt kho phin cho phin truyn thng ny. Trm di ng mt m gi tr RAND2 theo kho cng cng ca trm gc. 7. Trm di ng gi gi tr mt m RAND2 ti trm gc. N cng tnh ton ch k ca n trn mt tp cc gi tr cha gi tr mt m RAND2, v gi tr mt m

Trang: 35

Bo mt trong thng tin di ng

RAND1 m n nhn c trc y t trm gc. (Bi v gi tr mt m RAND1 ny by gi c k vi kho ring ca trm di ng nn trm gc c mt c ch xc nhn vic nhn thc trm di ng). Trm di ng gi cc phn t d liu ny ti trm gc. 8. Trm gc xc nhn ch k trn bn tin va nhn c t trm di ng bng cch s dng kho cng cng trm bao hp l. 9. Trm gc gii mt m gi tr RAND2 bng cch s dng kho ring ca n. Trm gc by gi c th to ra RAND1 RAND2, n cng nm gi kho phin. (Ch rng m bo an ton kho phin RAND1RAND2, mt k xm nhp cn truy nhp vo kho ring ca c trm gc ln di ng. Nu ch k c xc nhn, trm gc chp nhn trm di ng nh mt thu trm di ng t c kh nng hn l mt trong hai b xm nhp). ng ch rng ch k s c thm vo bn tin c gi bi trm gc trong bc 3 trn c ba vai tr khc nhau sau y: (1) nhn thc bn tin, (2) cung cp s tr li yu cu (Challenge) ti bn tin u tin ca trm di ng, v (3) nhn thc bn tin u tin nhn c thng qua vic cha danh sch ban u cc thut ton ng c. Cng ch rng, trong khi CA khng lin quan trc tip n chui giao thc nhn thc th CA k cc xc nhn c trm gc ln trm di ng trong mt bc u tin. vch ra s trao i bn tin trong giao thc Aziz-Diffie, hy xem hnh 2.2. Aziz v Diffie nhn mnh tnh hung ni m khng ch c mt CA m c nhiu CA c yu cu trong mt mng hot ng rng tun theo c t CCITT X.509. Trong trng hp ny, bn tin th 2, c gi trm gc ti trm di ng, s bao gm khng ch chng nhn trm gc m cn cha ng dn chng nhn m s cho php chng nhn c cng nhn hp l trong mt phn cp cc CA.

Trang: 36

Bo mt trong thng tin di ng

Hnh 1.17: S minh ho chui trao i bn tin trong giao thc Aziz-Diffie.

2.5.: Bnh lun v nh gi giao thc Aziz-Diffie Ngc vi kin trc cc giao thc th h hai, Aziz v Diffie nhn mnh giao thc h tr nhn thc tng h. Cc chng nhn s v mt CA ng mt vai tr quan trng trong phng php lai kho ring v kho cng cng. Giao thc ny ch bo v on ni v tuyn chnh xc nhng Aziz v Diffie mun cho php c ch bo mt end-to-end hot ng mc ng dng v mc truyn ti trong khi giao thc ca h hot ng tng mng. Mt kha cnh quan trng phn bit giao thc ny vi cc giao thc khc c m t trong chng ny l Aziz-Diffie to ra mt c ch r rng cho php trm di ng v trm gc mng m phn v chn trong s cc giao thc mt m d liu ng c. 2.6. Tng kt mt m kho cng cng trong mng v tuyn T quan im ca nhng ngi thit k v vn hnh mng thng tin t ong, cc cng trnh c m t trong chng ny r rng l vt thi i. Cc phng php kho

Trang: 37

Bo mt trong thng tin di ng

cng cng c tn thnh bi BCY, Carlsen v Aziz v Diffie gn y ni ln, trong khi kinh nghim nhn c t chng trong lnh vc Internet th chng cha c chng minh trong mi trng mng t ong thng mi din rng. Bng cch tp trung vo cc phng php tnh ton va phi nh MSR v mt m ng cong elp, vic nghin cu y tm kim mi quan tm lin quan ti hiu nng v kh nng m rng. T u n gia nhng nm 1990, s tri rng vn l qu ln cho cc nh vn hnh mng. Tuy nhin khi th gii mng, thm ch i vi cc lu lng thoi hng ti c ch da trn IP v khi Internet tr thnh mt m hnh ni bt cho tt c cc loi truyn thng d liu th s vic ny s thay i.

CHNG 3 : BO MT TRONG MNG 3G (UMTS)


3.1: Cng ngh truyn thng th th th ba UTMA (3G) 3G (third-generation technology) l cng ngh truyn thng th h th ba, cho php truyn c d liu thoi v d liu ngoi thoi (ti d liu, gi email, tin nhn nhanh, hnh nh...). Nc u tin a 3G vo khai thc thng mi mt cch rng ri l Nht Bn. Nm 2005, khong 40% cc thu bao ti Nht Bn l thu bao 3G, mng 2G ang dn bin mt ti Nht Bn. Cng ngh v tuyn 3G l s hi t ca nhiu h thng vin thng v tuyn 2G trong mt h thng ton cu bao gm c cc thnh phn v tinh v mt t. Mt trong nhng c im quan trng ca 3G l kh nng thng nht cc tiu chun nh CDMA, GSM, TDMA. C ba phng thc t c kt qu ny l WCDMA, CDMA2000 v UWC136 (Universal Wireless Communication). CDMA2000 tng thch vi CDMA th h hai IS-95 phn ln c s dng M. UWC, cn c gi l IS-136 HS, c xut bi TIA v thit k theo chun ANSI-136, mt tiu chun TDMA Bc M.

Trang: 38

Bo mt trong thng tin di ng

WCDMA tng thch vi mng 2G GSM ph bin chu u v a phn chu . WCDMA s dng bng tn 5Mhz v 10 Mhz, to nn mt nn tng thch hp cho nhiu ng dng. N c th t trn cc mng GSM, TDMA hay IS-95 sn c. Mng WCDMA s c s dng cho cc ng dng tc cao v cc h thng 2G c s dng cho cc cuc gi thoi thng thng. 3.2: Hnh dung s vn hnh ca mt mng 3G Ty vo mc pht trin ca tng th trng v tng mng, m hnh trin khai 3G ca mi nh khai thc s khc nhau. Hoc ph sng ng lot 3G trn ton th trng, hoc ph sng dn dn t khu vc th ri m rng dn. Khi ti vng 3G, s tn ti mt lot cc cng ngh GSM, GPRS, EDGE, WCDMA (v c HSPA nu nng cp), ty thuc vo cng ngh ca chic in thoi m bn ang s dng, bn c th tn hng tc tng ng. Ly v d in thoi ca bn l chic GSM (hoc GPRS, EDGE), cuc gi ca bn s vn chy trn bng tn c, n trm thu pht sng GSM v theo h thng tng i chuyn mch c. Tng ng vi cng ngh ca chic in thoi (GSM/GPRS/EDGE) m bn c th thng thc tc truy cp khc nhau. Nu sm c chic in thoi 3G (WCDMA hoc HSPA, chic iPhone 3G chng hn), th cuc gi ca bn s theo bng tn mi, trm Node B mi v chy v tng i. Cu hnh chic in thoi 3G ny chc chn s phi hot ng c vi 2G, tc l in thoi phi a ch GSM/GPRS/EDGE/WCDMA iu ny l bt buc v vng ph sng 2G v 3G khng ng nht, nu ra ngoi vng ph 3G, ban s lin lc c nh vo song 2 G c snVi mt mng a ch nh vy, cc tng i s c 3 c ch iu khin, cung cp loi cng ngh thch hp cho cc cuc gi

3.2.1: Nh cung cp quy nh v chnh sch dch v mi loi cuc gi s c gn 1 loi cng ngh, v d cc cuc gi thoi s i theo mng GSM cuc gi d liu s theo mng 3 G. 3.2.2: iu khin cn bng ti gia cc ch
Trang: 39

Bo mt trong thng tin di ng

v d khi cuc gi trn bng tn GSM qu ti, mt s thu bao s c chuyn qua WCDMA tip tc cuc gi hoc ngc li. 3.2.3: Gi cc, loi hnh thu bao ca ngi dng Mi thu bao s thuc mt nhm khch hng vi u tin khc nhau. Thu bao vng s c u tin gn vo ch c ti thp nht hoc tc cao nht. Trong khi thu bao thng ch c s dng dch v tc thp, hoc vn s dng GSN ngay c trong vng ph WCDMA hiu hn s vn hnh ny, chng ta hy cng xem mt minh ha sau. Mt ngi dng vi in thoi a ch GSM/WCDMA p chuyn tu ha t trung tm thnh ph i ra vng qu. Mng m anh ny thu bao l GSM vi vng ph sng EDGE ton quc, ti mt s thnh ph c sng WCDMA Khi tu bt u chy, anh gi cho ngi thn, sau anh gi mt on phim video trong khi vn tip tc cuc ni chuyn (WCDMA cho php thc hin 2 cuc gi d liu v thoi cng lc nh th ny). Khi tu chy ra khi thnh ph, ht sng WCDMA, tng i s chuyn cuc gi thoi sang mng GSM v chuyn cuc gi video sang mng EDGE. Anh ny s thy cht lng cuc gi video gim i trong khi cht lng cuc gi s khng i 3.3: M hnh trin khai 3G Ni v vic nng cp 3G khng th khng bn n m hnh, hay chin lc trin khai 3G. C 3 chin lc chnh l: (1) Trin khai nhanh chng WCDMA ton mng, (2) Trin khai WCDMA dn dn (3) Trin khai 3G sau 3.3.1. Trin khai nhanh chng WCDMA trn ton mng: C nhiu nguyn nhn cc nh cung cp chn phng n ny: mc cnh tranh th trng cao; theo yu cu ca nh nc; th trng c nhu cu dch v d liu cao; tnh hnh ti chnh mnh; dung lng mng GSM hin ti ang b hn ch; t l ri mng cao; tham vng chim thm th phn v nng cao ch s doanh thu trn mt thu bao (ARPU) Nu vng ph sng 3G th rng khp m khch hng li khng c thit b s dng th cng v ngha. V vy, mun chin lc ny thnh cng, cc nh khai thc phi
Trang: 40

Bo mt trong thng tin di ng

c mt chnh sch pht trin thu bao tng ng: khuyn khch khch hng thay my mi, tip th cc thit b mi gn vi dch v d liu vv 3.3.2: Trin khai WCDMA dn dn: Ph sng WCDMA bt u t vng th ri lan ta dn ra, trong khi vn tip tc u t GSM nng cao dung lng dch v thoi v dch v d liu tc thp GPRS. Cc l do chn chin lc ny: kh nng pht trin ca GSM v GPRS vn cn cao; cht lng v dung lng ca GSM v GPRS c vn (cn phi u t ci thin phc v khch hng 2G); mng GSM v s thu bao qu ln; in thoi 2G vn cn nhiu; th trng d liu di ng ch mi pht trin; tnh hnh ti chnh n nh. Cc thit b u cui a ch GSM/GPRS/WCDMA v vy cng s c gii thiu, tip th dn dn, ph thuc vo nhu cu v kh nng ca khch hng. 3.3.3: Trin khai 3G sau: Khi nhu cu th trng v dch v d liu cao cn thp, nhu cu v thoi vn l ch yu v tip tc pht trin, hoc chnh ph cha cp php bng tn 3G, th nh cung cp ti th trng ny ch cn pht trin ln EDGE l va . Vic nng cp ln WCDMA s c cn nhc trong tng lai. Tuy nhin khi u t h tng mng GSM hoc GPRS, nh khai thc ny phi ch chn h thng h tr tt vic nng cp WCDMA trong tng lai. T nhng miu t trn, c th nhn thy m hnh ph hp vi 3 mng GSM ca Vit Nam hin nay nu trng tuyn 3G s l m hnh 2, pht trin 3G t cc thnh ph ri m rng dn ra vng su vng xa. Tc nhanh hay chm l ty thuc vo tham vng cng nh nng lc ca tng nh cung cp. 3.4:Gii thiu UMTS H thng vin thng di ng ton cu (UMTS) l mt c cu t chc c phi hp bi Lin minh vin thng quc t (ITU) h tr cc dch v thng tin v tuyn th h ba. UMTS l mt phn ca mt c cu t chc ln hn l IMT-2000. Vai tr chnh ca c UMTS v IMT-2000 l to ra mt nn tng cho thng tin di ng khuyn khch vic gii thiu phn phi ni dung s v cc dch v truy nhp thng tin m b xung cho thng tin thoi thng thng trong mi trng v tuyn. Thc hin mc tiu ny r rng i hi

Trang: 41

Bo mt trong thng tin di ng

bng tn rng hn 10Kbit/s sn c trong hu ht h thng th h th hai, v th UMTS s h tr tc truyn s liu ln ti 2 Mbits/s. Ph cho lu lng UMTS, cng nh vic thc hin IMT-2000 trn th gii ri vo khong gia 1870GHz v 2030GHz. Giy php u tin cho h thng UMTS c thc hin Chu u. Ti Nht Bn, cc k hoch yu cu vic trin khai sm IMT-2000 bng tn cao tng thch vi cc dch v t ong bt u t thng 5-2001. Trn ton th gii, vic trin khai c s h tng UMTS s tip tc gia nm 2001 n 2005 vi nhit tnh ban u c th b kim ch bi thc t th trng - nhng h thng ny t i vi cc nh cung cp dch v, v i hi mt s lng ln cc thu bao to ra li nhun. Mt bo co gn y c pht hnh bi UMTS Forum a ra mt vi u im v th h ba: Th h 3 mang n nhiu tnh di ng hn ti Internet, xy dng trn c tnh di ng duy nht nhm cung cp nhn tin nhm, cc dch v da trn v tr, cc thng tin c nhn ho v gii tr. Nhiu dch v th h ba mi s khng da trn Internet, chng thc s l cc dch v di ng thun tu. Vo nm 2005, nhiu d liu hn thoi s chy qua mng di ng. Theo quan in ny v tim nng ca cc dch v thng tin v tuyn th h th ba, cc thu bao s khng ch thng tin vi nhau qua mng. H s ti cc ni dung giu tnh ho v tn hng cc tr chi trong khi ang di chuyn. H s trao i cc vn bn qua u cui v tuyn ca h. V h s tin hnh mt phm vi rng cc giao dch thng mi in t t bt k ni no h xut hin. Mc d chi tit v cch cc nh cung cp dch v s b xung vo tm nhn ny thng qua vic thc hin h thng thc cha c xc nh, mt iu r rng l - mt mc bo mt thng tin v nhn thc thu bao cao s l cp bch v bt buc. Nhiu cng trnh gn y trong vic nh ngha kin trc an ninh cho UMTS c tin hnh trong mt s cc d n nghin cu c ti tr bi Lin minh Chu u v cc chng trnh quc gia Chu u. Nhng d n ny bao gm ASPeCT (Advanced Security for Personal Communications TechnologyACTS program), MONET (part of RACE Program) v 3GS3 (Third Generation Mobile Telecommunications System Security Studies: Nghin cu an ninh h thng vin thng di ng th h ba) (theo

Trang: 42

Bo mt trong thng tin di ng

chng trnh UK LINK). Mt d n gn y hn, USECA (UMTS Security Architecture: Kin trc an ninh UMTS) c ch o bi cc nh nghin cu ti Vodafone ang nh ngha mt tp y cc giao thc an ninh v cc th tc cho mi trng UMTS. Phm vi ca d n l rng, bao gm cc nghin cu su mim con: cc c im v yu cu bo mt, cc c ch bo mt, kin trc bo mt, c s h tng kho cng cng, modul thng tin thu bao (USIM), v bo mt u cui (handset). Cc kin trc quan trng khc trong s pht trin ca cc giao thc an ninh v nhn thc UMTS c gi l 3GPP (Third-Generation Partnership Project: D n hp tc th h ba), mt d n quc t bao gm nhng thnh vin t Bc M v Chu . 3.4.1: Kin trc mng 3G UMTS H thng thng tin di ng th h 3 UMTS tn dng kin trc c trong hu ht cc h thng thng tin di ng th h 2, v thm ch c th h th nht. iu ny c ch ra trong cc c t k thut 3GPP. H thng UMTS bao gm mt s cc phn t mng logic, mi phn t c mt chc nng xc nh. Theo tiu chun, cc phn t mng c nh ngha ti mc logic, nhng c th li lin quan n vic thc thi mc vt l. c bit l khi c mt s cc giao din m (i vi mt giao din c coi l m, th yu cu giao din phi c nh ngha mt cch chi tit v cc thit b ti cc im u cui m c th cung cp bi 2 nh sn xut khc nhau). Cc phn t mng c th c nhm li nu c cc chc nng ging nhau, hay da vo cc mng con cha chng. Theo chc nng th cc phn t mng c nhm thnh cc nhm: Mng truy nhp v tuyn RAN (Mng truy nhp v tuyn mt t UMTS l UTRAN). Mng ny thit lp tt c cc chc nng lin quan n v tuyn. Mng li (CN): Thc hin chc nng chuyn mch v nh tuyn cuc gi v kt ni d liu n cc mng ngoi. Thit b ngi s dng (UE) giao tip vi ngi s dng v giao din v tuyn. Kin trc h thng mc cao c ch ra trong hnh 4.1.
Trang: 43

Bo mt trong thng tin di ng

Hnh 1.18: Kin trc h thng UMTS mc cao.

Theo cc c t ch ra trong quan im chun ha, c UE v UTRAN u bao gm cc giao thc hon ton mi, vic thit k chng da trn nhu cu ca cng ngh v tuyn WCDMA mi. Ngc li, vic nh ngha mng li (CN) c k tha t GSM. iu ny em li cho h thng c cng ngh truy nhp v tuyn mi mt nn tng mang tnh ton cu l cng ngh mng li c sn, nh vy s thc y s qung b ca n, mang li u th cnh tranh chng hn nh kh nng roaming ton cu. H thng UMTS c th chia thnh cc mng con c th hot ng c lp hoc hot ng lin kt cc mng con khc v n phn bit vi nhau bi s nhn dng duy nht. Mng con nh vy gi l mng di ng mt t UMTS (PLMN), cc thnh phn ca PLMN c ch ra trong hnh 1.18

Trang: 44

Bo mt trong thng tin di ng

Hnh 1.19: Cc thnh phn ca mng trong PLMN.

Hnh 1.20: Kin trc mng 3G UMTS.

Trang: 45

Bo mt trong thng tin di ng

Thit b ngi s dng (UE) bao gm 2 phn: My di ng (UE/MS): l thit b vt l ca ngi s dng. N cha mt thit b di ng (ME). Khi nhn dng thu bao UMTS (USIM): USIM l mt ng dng c lu tr trong th thng minh khi kt hp vi ME cho php truy nhp vo cc dch v 3G. USIM c cc chc nng chnh nh sau: Nhn dng chnh xc thu bao. Lu tr thng tin v thu bao v cc thng tin c lin quan. T nhn thc trong mng. Cung cp cc chc nng bo mt. Lu tr cc thng tin nh ngn ng s dng, nhn dng th thng minh, s IMSI, kha mt m v cc thng tin khc. UTRAN cng bao gm 2 phn t: Node B: l trm thu pht gc ca UTRAN phc v cho mt hoc nhiu . Trm gc c cc chc nng nh: pht hin li trn knh truyn v ch ln mc cao hn, iu ch/gii iu ch knh vt l, o lng v tuyn v ch th ln cc lp trn cng nh chc nng iu khin cng sut. Mt s nh sn xut cn cung cp c cc Node B h tr c chun UMTS v CDMA2000 bng cch s dng cc khi cm nh thay th c v tng thch cao gia phn cng v phn mm. Giao din gia Node B v UE chnh l giao din v tuyn UTRAN trong mng W-CDMA. B iu khin mng v tuyn (RNC): qun l ti nguyn ca tt c cc Node B ni ti n. RNC c kt ni ti phn mng li chuyn mch knh (CS) thng qua giao din IuCS, v kt ni ti phn li chuyn mch gi (PS) thng qua giao din IuPS. RNC khng ch qun l ti nguyn v tuyn ca cc thit b di ng m cn qun l cc cc ng vo/ra mng li ca cc dch v do thit b di ng s dng. RNC thc hin mt s nhim

Trang: 46

Bo mt trong thng tin di ng

v chnh nh: x l lu lng thoi v d liu, chuyn giao gia cc , thit lp v gii phng cuc gi. Mng li (CN): Trung tm chuyn mch cc dch v di ng (MSC): l thnh phn chnh ca phn mng li chuyn mch knh (CS). N cng l giao din gia mng di ng vi cc mng chuyn mch knh khc nh mng PSTN. MSC thc hin nh tuyn tt c cc cuc gi t mng ngoi v ti mt my di ng nht nh, thc hin tt c cc chc nng chuyn mch v bo hiu cho my di ng nm trong vng a l m MSC phc v. Ngoi ra MSC cn c cc chc nng khc nh: Thc hin th tc yu cu ng k v tr v chuyn giao (handover). Thu thp d liu cho mc ch tnh cc. Qun l cc thng s mt m ha. Hn na, trong mt mng di ng c th tn ti nhiu MSC khc nhau, ty vo yu cu dung lng chuyn mch trong mng. GPRS v UMTS cung cp cc dch v trn c s s dng c CS v PS do hot ng c lin quan n c hai phn ny. B ghi nh v thng tr (HLR): y l khi lu gi cc thng tin lin quan n cc thu bao ca mng di ng. Thng tin c nhp vo khi mt thu bao mi ha mng. HLR lu tr hai kiu thng tin ca ngi s dng l thng tin tm thi v thng tin c nh. Cc d liu c nh l cc d liu khng thay i, ngoi tr khi ngi s dng yu cu. Cc d liu c nh c lin quan n vn bo mt l IMSI v kha nhn thc. Mi mng di ng c th s dng mt hoc nhiu HLR, ty thuc vo quy m hot ng ca mng. B ghi nh v tm tr (VLR): Cc VLR thng c ci t kt hp vi mt MSC, VLR lu tt c cc thng tin v thu bao s dng nm trong vng phc v ca mt MSC. Do , VLR cha thng tin v cc thu bao hot ng trong mng, thm ch khi khng phi l mng nh ca thu bao. Khi mt thu bao ng k vo mt mng khc, thng tin

Trang: 47

Bo mt trong thng tin di ng

t HLR cng c chuyn ti VLR ca mng khch v thng tin ny b xa i khi thu bao ri khi mng. Ni chung, cc thng tin c lu tr trong VLR khc so vi trong HLR. Phn mng li chuyn mch gi (PS) trong UMTS SGSN (node h tr phc v cc dch v GPRS): chu trch nhim qun l di ng v qun tr cc phin truyn thng gi IP. N nh tuyn cc gi tin lu lng t mng truy nhp v tuyn ti mt SGSN thch hp, c th cung cp truy nhp ti mng d liu bn ngoi. Hn na, n cn to cc bn ghi cho cc khi khc phc v mc ch tnh cc. SGSN gip iu khin truy nhp ti cc ti nguyn mng, chng li cc truy nhp tri php vo mng hay cc dch v v ng dng c bit. Giao din IuPS, kt ni gia RNC ca UTRAN vi thnh phn quan trng nht ca phn mng PS, SGSN. GGSN (node h tr GPRS cng): thc hin chc nng cng giao tip gia mng di ng vi cc mng s liu bn ngoi nh Internet hay cc mng Intranet khc. Cng nh SGSN, GGSN cng thu thp cc thng tin cc v chuyn chng cho khi Chc nng cng tnh cc (CGF). GMSC (MSC cng): l mt b chuyn mch ti v tr m mng di ng mt t cng cng UMTS kt ni vi mng ngoi. Tt cc kt ni chuyn mch knh n v i u phi qua GMSC. Mng ngoi c th chia thnh 2 nhm: Cc mng chuyn mch knh: Cc mng ny cung cp cc kt ni chuyn mch knh, ging nh dch v in thoi ang tn ti. V d nh ISDN v PSTN. Cc mng chuyn mch gi: Cc mng ny cung cp cc kt ni cho cc dch v d liu gi, chng hn nh mng Internet. Cc giao din m c bn ca UMTS: Giao din Cu: y l giao din gia th thng minh USIM v ME. Giao din ny tun theo tiu chun cho cc th thng minh.

Trang: 48

Bo mt trong thng tin di ng

Giao din Uu: y l giao din v tuyn WCDMA. Uu l giao din nh UE truy cp c vi phn c nh ca h thng, v v th c th l phn giao din m quan trng nht trong UMTS. Giao din Iu: Giao din ny kt ni UTRAN ti mng li. Tng t nh cc giao din tng thch trong GSM, l giao din A (i vi chuyn mch knh), v Gb (i vi chuyn mch gi), giao din Iu em li cho cc b iu khin UMTS kh nng xy dng c UTRAN v CN t cc nh sn xut khc nhau. Giao din Iur: Giao din m Iur h tr chuyn giao mm gia cc RNC t cc nh sn xut khc nhau, v v th b sung cho giao din m Iu. Giao din Iub: Iub kt ni mt Node B v mt RNC. UMTS l mt h thng in thoi di ng mang tnh thng mi u tin m giao din gia b iu khin v trm gc c chun ho nh l mt giao din m hon thin. Ging nh cc giao din m khc, Iub thc y hn na tnh cnh tranh gia cc nh sn xut trong lnh vc ny. 3.4.2: Cc lnh vc an ninh ca UMTS Mt yu cu cao i vi s thit k cu trc an ninh cho UMTS l to mt h thng c s m h thng ny c th m rng c sau ny. Ging nh trong trng hp s thit k v Internet, mt phng php tip cn kho l n v ho cu trc an ninh bng cch to mt b cc lp v tip theo kt hp mt tp cc nguyn t, cng vi s thit k h thng v cc mc ch thc hin, i vi nhng lp ny. Nhng n v ny gi l Domains bi cc nh thit k UMTS, v trong thit k thc t s c 5 domains nh sau: 3.4.2.1: An ninh truy nhp mng C nhng c trng an ninh cung cp cho ngi s dng di ng s truy nhp an ton ti c s h tng UMTS, v vic bo v ngi s dng khi s tn cng vo lin kt v tuyn khng dy ti mng mt t. Cc thnh phn kho ny bao gm:

Trang: 49

Bo mt trong thng tin di ng

B mt nhn dng ngi dng: IMUI v thng tin nhn dng thng xuyn lin h vi ngi s dng khng b tit l cho k nghe trm. Nhn thc chung: C thit b u cui di ng v BS ca mng dch v nhn thc c vi nhau, iu ny ngn chn c k gi dng tn cng vo c 2 bn ca phin truyn thng. B mt ca ngi s dng v d liu bo hiu : C ni dung ca phin truyn thng ca thu bao v thng tin bo hiu lin kt c bo v trong vic truyn qua lin kt khng dy. Bo ton d liu v nhn thc gc: Thc th nhn trong mt phin truyn thng c th xc minh rng bn tin nhn khng thay i trong khi truyn v bn tin xut pht thc t t bn yu cu. 3.4.2.2: An ninh lnh vc mng Tp cc c trng an ninh trong cho php cc node trong c s h tng mng nh cung cp trao i d liu bo hiu c m bo v an ninh v bo v chng li s xm phm c s h tng hu tuyn. Nhn thc nguyn t mng: Kh nng cc thnh phn ca c s h tng mng thuc vo cc nh cung cp dch v khc nhau, nhn thc mi thnh phn trc khi d liu nhy cm c trao i. B mt ca d liu trao i : S bo v ca d liu trao i gia cc nguyn t mng khi k nghe trm tn cng. iu ny t c in hnh thng qua m ho. Bo ton d liu v nhn thc gc: iu ny tng ng vi kha cnh bo ton d liu v nhn thc gc ca an ninh truy nhp mng, nhng p dng i vi s lin h gia cc nguyn t mng. Khi mt nguyn t mng truyn d liu bo hiu ti phn t khc, node nhn d liu c th xc nhn rng d liu khng b bin i trong khi truyn, v d liu sinh ra thc t cng vi nguyn t

Trang: 50

Bo mt trong thng tin di ng

mng c trnh din nh bn gc. mt ln na, nhng c tnh ny phi p dng qua mng ca nh cung cp dch v UMTS khc nhau. 3.4.2.3 An ninh lnh vc ngi s dng Tp cc c trng p dng cho s tng tc gia mt ngi s dng v handset UMTS ca h. Mt mc ch kho trong lnh vc ny l ti thiu ho s thit hi v s la o c th xy ra khi mt handset b nh cp. Nhn thc ngi s dng ti USIM: Nhn thc trong lnh vc nh ny p dng cho mi lin h gia mt thu bao c nhn v phng thc nhn dng thu bao bng Smart-card trong handset UMTS ca thu bao. hn ch vic s dng handset i vi ch nhn ca n, hoc mt nhm c nhn c trao quyn, ngi s dng c th cn cung cp mt PIN mc ch m u mt phin truyn thng. Lin kt u cui USIM: Ging nh Smart-card h tr USIM ghi c th thay i, USIM cn cn thit bo v mi lin h gia USIM v handset UMTS. iu ny s nhn c mt cch in hnh thng qua mt b mt chung trong c USIM v thit b u cui bi nh cung cp dch v khi dch v c khi mo. Lin kt u cui UMTS ngn chn mt USIM card ca ngi s dng khi b chn vo mt handset khc v s dng khng c s cho php. 3.4.2.4:An ninh lnh vc ng dng Cc c trng an ninh cho php trao i an ton bn tin mc ng dng gia handset v h thng ca mt phn nh cung cp dch v th h 3. Trong cu trc UMTS, s cung cp nhu cu lm cho nh vn hnh mng hoc nh cung cp khc to s ng dng thng tr trong USIM hoc trong handset. Bn tin an ton: Bn tin an ton s cung cp mt knh an ton cho vic truyn bn tin gia USIM v mt Server mng.

Trang: 51

Bo mt trong thng tin di ng

B mt lu lng ngi s dng bng rng : S bo v bn tin chng li nhng k tn cng nghe trm, in hnh qua m ho trn ng dy cng nh nhng phn khng dy ca c s h tng. 3.4.3:Tnh cu hnh v gim st trong an ninh Nhng kh nng ngi s dng c th nhn bit cc c trng an ninh g trong s vn hnh v kim sot nhng dch v g c s dng cho mt b cc dch v an ninh chc chn. Visibility (tnh gim st): Thng qua c cu hot ng cung cp bi c s h tng UMTS, h thng ngi s dng c th quyt nh nhng c trng an ninh trong s vn hnh bt k thi im no v mc ca an ninh nh th no. Configurability (tnh cu hnh): Thng qua c cu hot ng cung cp bi c s h tng UMTS, ngi dng c th yu cu nhm cc dch v an ton phi trong s vn hnh trc khi ngi dng s dng mt dch v chc chn. V d nh trng hp hp l ny c th p dng cho php hoc lm t lit vic s dng m PIN c nhn i vi USIM trong handset ca n, hoc i vi s quyt nh t chi nhng cuc gi khng m ho.
Mc ng dng ngdng ngi dng ADS ng dng nh cung cp dch v

Thit b u cui

UDS

n v nhn dng cc dch v ngi dng

NAS

Mng dch v (SN)

Mc Thng tr/dch v

NAS

Mi
NDS

trng thng
Trang: 52

Bo mt trong thng tin di ng


NAS NAS

NAS

u cui di ng Mng truy nhp

Mc truyn ti

Hnh 1.21: Biu minh ha 5 lnh vc hot ng an ninh UMTS trong mi lin h gia cc thnh phn ca ton b h thng UMTS.

NAS: Network Access Security An ninh truy nhp mng. NDS: Network Domain Security An ninh lnh vc mng. USD: User Domain Security An ninh lnh vc ngi dng. ADS: Application Domain Security An ninh lnh vc ng dng. Chia ton b lnh vc an ninh thnh nhiu min trong s th hin ny c mt vi bc. u tin, n biu din s phc tp bi s chia nh ton b khong khng vn thnh cc phn nh ring r. Hn na, bng vic to cc n v an ninh vi cc giao din c a ra, n c kh nng nng cp hoc thay th cc thnh phn ca cu trc an ninh khng cn lm li ton cng vic. 3.4.4:Cc lnh vc tng cng an ninh cho UMTS Trong mt ti liu thng 3-2000 c gii thiu ti Hi tho IAB v lin mng v tuyn, N.Asokan ca trung tm nghin cu Nokia cung cp tng kt di y v cc lnh vc then cht trong UMTS s gii thiu nhng tng cng cho cc ch an ninh GSM. Nhn thc tng h: Mng phc v c nhn thc ti cc thu bao di ng cng nh thu bao di ng c nhn thc ti mng. Tng s h tr cho an ninh v mt m d liu trong mng li.

Trang: 53

Bo mt trong thng tin di ng

Tng di kho chng li cc cuc tn cng mnh: Nh c bit, cc thut ton mt m s liu GSM th h hai c di kho hiu qu ch 40 bit v ngi ta ngh c th b ph v gn nh trong thi gian thc. Cc kho cho mt m s liu trong UMTS s l 128 bit. Tnh an ton nhn dng ngi s dng s c tng cng thng qua vic s dng kho nhm. Cc thut ton mt m UMTS c bn s c thc hin cng khai c quan tm n cc ph bnh thng xuyn v GSM. S h tr cho tnh ton vn cng nh tnh an ton s c cung cp. Mt khi nim quan trng trong lnh nhn thc thu bao cho UMTS l mng khch quan tm c tr ph hn l v vic nhn dng ngi s dng. V vy mt s nhn mnh v mi quan tm ca mng khch l vic trao quyn cung cp cc dch v hn l vic nhn thc. Cc h thng thc hin vic nhn thu bao nhn mnh s tng tc gia thu bao di ng v mng nh, vi cc thng tin trao quyn c truyn ti mng m s cung cp cc dch v ti thu bao di ng (mng khch). Theo cch ny, nhn thc c th c thc hin m khng phi m phn v tnh tin cy nhn dng thu bao. 3.4.5: Cc th tc nhn thc v bo mt trong mng 3G UMTS UMTS l nng cp ca mng 2G GSM ln 3G, do bo mt UMTS c da trn nn tng GSM ng thi pht trin thm mt s c im mi. 3.4.5.1 Th tc nhn thc v tho thun kho (Authentication and Key Agreement AKA procedures) UMTS AKA l c ch bo mt c s dng thc hin chc nng nhn thc cng nh cc tha thun v kha. C ch ny da trn c s giao thc nhn thc yu cu/p ng, theo quan im nhm t c tnh tng thch ln nht vi h thng nhn thc thu bao v giao thc thit lp kha ca GSM, cho php chuyn i d dng hn t GSM/GPRS ln UMTS. Giao thc yu cu/p ng l mt bin php bo mt kim tra nhn dng ca cc thnh phn khc m khng l ra kha b mt dng truyn thng
Trang: 54

Bo mt trong thng tin di ng

gia hai bn. Khi nim kha ca mi bn chng t mi bn u chia s mt khu ny m khng h l ra hay truyn chng i. Nhn thc (Authentication) trong UMTS l nhn thc 2 hng: Xc nhn user i vi mng. Xc nhn mng i vi user. AKA c thc hin khi mt trong cc s kin sau xy ra: User ng k vo dch v ca mng. Sau mt yu cu dch v. Yu cu location update (cp nht v tr). Yu cu attach (nhp mng). Yu cu detach (ri mng). Yu cu thit lp li kt ni. Cc thng tin lin quan n ngi dng phi c truyn t mng nh thu bao n mng phc v c th hon thin cc qu trnh iu khin. HLR/AuC ca mng nh cung cp cho VLR/SGSN ca mng phc v cc vect nhn thc (AV) , trong mi vect c cha cc thng tin nh trong bng 4.1. Bng 4.1. Cu trc ca mt vc t nhn thc. Trng thng tin RAND CK IK AUTN XRES M t S ngu nhin Kha mt m Kha nhn dng Th nhn thc p ng c mong i

(a) Cu trc ca mt vect nhn thc. Tn trng SQN AMF MAC M t S tun t Trng qun l nhn thc M nhn thc bn tin

(b) Cu trc trng AUTN trong vect nhn thc.

Trang: 55

Bo mt trong thng tin di ng

Th tc nhn thc v tha thun kha c tng kt trong cc thut ton sau: 1. VLR/SGSN ca mng khch yu cu cc vect nhn thc t HLR/AuC ca mng nh thu bao. 2. HLR/AuC tnh ton vect AV t cc thut ton nhn thc v kha b mt ca thu bao K. K ch c lu tr trong HLR/AuC ca mng nh v trn USIM my di ng ca thu bao. 3. HLR/AuC ca mng nh p ng li bng cch gi i n vect AV 1 - AVn ti cho VLR/SGSN ca mng khch. 4. VLR/SGSN ca mng khch chn mt trong cc vect AV v yu cu tip ti USIM ca my di ng bng cch gi i RAND v AUTN trong vect AV nhn c. 5. USIM x l AUTN nhn c. Vi s tr gip ca kha b mt K, ngi s dng c th kim tra xem d liu yu cu va nhn c ng l ca ngi truy nhp vi cng kha K hay khng. USIM cng kim tra hiu lc ca AV bng cch kim ra li trng s tun t (SQN). Nu AV do mng cung cp l hp l v c nhn thc, USIM s tip tc to kha kim tra tnh tin cy (CK), kha kim tra tnh ton vn (IK) v to p ng ngc tr li cho mng (RES). 6. Ngi s dng p ng RES cho mng khch. 7. VLR/SGSN ca mng khch kim tra tnh chnh xc ca p ng bng cch so snh p ng mong i (XRES) ca vc t AV vi p ng RES nhn c t USIM ca my di ng.

Trang: 56

Bo mt trong thng tin di ng

Hnh 1.22: Th tc nhn thc v tho thun kho (AKA) trong mng 3G.

C ch nhn thc hai hng trong UMTS da trn 2 tham s c lu gi trong USIM v AuC: Kha K tham s c nh. SQN tham s ng. ng b kha K v SQN gia USIM v AuC: i vi kha K th n gin v y l thng s c nh. m bo s ng b SQN gia USIM v AuC, ta s dng th tc truyn li. Th tc ng b li SQN:

Trang: 57

Bo mt trong thng tin di ng

Trong trng hp USIM xem xt thy SQN HE nhn c khng ph hp SQNMS ang lu gi, n s gi mt bn tin li n AuC vi nguyn nhn li l mt ng b. Bn tin li ng b gi n AuC km theo cc thng s: RAND AUTS = SQNMS AK||MAC-S * * Thut ton f1 v f5 c s dng cho th tc ng b li:

Hnh 1.23: ng b li trong USIM.

Hnh 1.24: ng b li trong AuC.

Trang: 58

Bo mt trong thng tin di ng

Khi AuC nhn c bn tin ch nh li ng b, AuC s kim tra SQN HE. Nu SQNHE khng ph hp, n s reset li SQNHE sang SQNUE. Sau AuC s gi mt tp cc AV mi n VLR/SGSN. Lc ny user c th c nhn thc bi AV mi. Nu VLR/SGSN khng nhn c SRES, n s khng xa AV m s dng AV ny thc hin th tc truyn li yu cu nhn thc. AV s c xa khi VLR/SGSN nhn c SRES hoc th tc truyn li b bi b sau nhiu ln truyn li. Khi MS nhn c yu cu nhn thc v pht hin rng RAND lp li, n s truyn li RES. 3.4.5.2: Th tc bo ton tnh nguyn vn (Integrity Procedure) Thng tin iu khin v bo hiu c truyn trn mng gia my di ng vi mng l rt quan trng v nhy cm, v vy n cn phi c m bo tnh ton vn. C ch m bo tnh nng bo mt ny l thut ton m bo tnh ton vn UMTS (UIA), c ci t c trn my di ng v trn khi kt cui ca UTRAN vi mng li, v d RNC. Thut ton UIA c cp trong phn ny l thut ton f9, c miu t nh trong hnh 4.8. Th tc kim tra tnh ton vn ca d liu nh sau: MS s dng thut ton f9 tnh MAC-I 32 bit bo ton tnh nguyn vn d liu. D liu bo hiu (MESSAGE) l mt trong cc thng s vo ca thut ton f9. MAC-I tnh c gn vo thng tin bo hiu v gi trn giao din v tuyn t MS n RNC. Mt khi RNC nhn c thng tin v MAC-I c gn km, n s tnh XMAC-I trn d liu bo hiu nhn c ging nh cch m MS tnh MAC-I. S ton vn ca thng tin bo hiu c xc nh bng cch so snh MAC-I v XMAC-I.

Trang: 59

Bo mt trong thng tin di ng

COUNT-I DIRECTION FRESH COUNT-I DIRECTION FRESH MESSAGE MESSAGE

IK

f9

IK

f9

MAC-I

XMAC-I

Sender UE or RNC

Receiver RNC or UE

Hnh 1..25: S dng thut ton f9 to M nhn thc bn tin (MAC) t s liu bo hiu u vo.

IK: 128 bit, IK = f4(K, RAND). C 1 IK cho kt ni CS v 1 IK cho kt ni PS. FRESH: 32 bit, thng s ny m bo cho mng ngn chn vic user lp li cc bn tin bo hiu. c to ngu nhin bi RNC. DIRECTION: 1 bit, 0: UERNC; 1: RNCUE. MESSAGE: l bn tin bo hiu. COUNT-I = HFN|RRC sequence number: 32 bit, HFN tng 1 n v khi RRC (Radio Resource Control) sequence number y. 3.4.5.3: Th tc mt m (Ciphering procedure) Th tc mt m c s dng cho c bo hiu v d liu user bo v chng b nghe ln. Thut ton nhm m bo tnh tin cy ca d liu cn c tn l f8 v c ch ra trong hnh 4.9, thut ton c thc hin nh sau: MS s dng thut ton f8 vi kha mt m CK v mt vi thng s khc tnh ton mt chui bit ra. Chui bit ra ny c xor tng bit vi chui d liu thu c mt on d liu c mt m. D liu c mt m c gi n mng thng qua giao din v tuyn.

Trang: 60

Bo mt trong thng tin di ng

RNC s dng thut ton f8 cng cc thng s vo ging nh MS, bao gm c kha mt m CK c chia s, to nn mt chui bit ra tng t nh thc hin MS. Chui bit ra ny c xor vi d liu c mt m tm li thng tin ban u.
COUNT-C DIRECTION LENGTH COUNT-C DIRECTION LENGTH BEARER BEARER

CK

f8

CK

f8

KEYSTREAM BLOCK

KEYSTREAM BLOCK

PLAINTEXT BLOCK Sender UE or RNC

CIPHERTEXT BLOCK Receiver RNC or UE

PLAINTEXT BLOCK

1.2.6: Thut ton f8 s dng m ha s liu ngi dng v bo hiu.

CK: 128 bit, CK = f3(K, RAND). C 1 CK cho kt ni CS v 1 CK cho kt ni PS. BEARER: 5 bit, thng s xc nhn bearer v tuyn. L u vo nhm ngn chn cc tp gi tr thng s vo ging nhau c s dng cho cc chui kha khc nhau. DIRECTION: 1 bit, 0: UERNC; 1: RNCUE. LENGTH: 16 bit, xc nh chiu di ca block chui kha. COUNT-C = HFN||CFN: 32 bit. CFN: RLC (Radio Link Control) frame number. HFN: Hyper Frame Number, tng 1 n v khi CFN y.

Trang: 61

Bo mt trong thng tin di ng

3.4.5.4: Th tc ch nh li TMSI (TMSI reallocation procedure) Mc ch: Bo v IMSI Ch nh mt cp TMSI/LAI cho user c th dng cho vic xc nhn sau ny trn knh truy cp v tuyn. Th tc ch nh TMSI c thc hin sau th tc mt m. Khi MS thay i LA th tc ch nh li TMSI s c thc hin li.

MS

VLR/SGSN
TMSI REALLOCATION COMMAND TMSI REALLOCATION COMPLETE

Hnh 1.27: Th tc ch nh li TMSI. Th tc ch nh li TMSI c thc hin nh sau: 1. VLR/SGSN gi bn tin TMSI REALLOCATION COMMAND bao gm s kt hp ca TMSI v LAI c ch nh bi mng hoc LAI v IMSI nu TMSI b xa. 2. Sau khi nhn c bn tin TMSI REALLOCATION COMMAND, MS lu gi LAI vo SIM. Nu nhn dng nhn c l IMSI ca MS, MS s xa TMSI. Nu nhn dng nhn c l TMSI, MS s lu gi TMSI trong USIM. Trong c hai trng hp, MS u gi bn tin TMSI REALLOCATION COMPLETE n VLR/SGSN.

Trang: 62

Bo mt trong thng tin di ng

3. Khi VLR/SGSN nhn c bn tin TMSI REALLOCATION COMPLETE, VLR/SGSN s xem TMSI mi gi n MS l hp l, hoc nu trc IMSI c gi n MS th TMSI c s b xa. Trong trng hp VLR/SGSN khng nhn c bn tin TMSI REALLOCATION COMPLETE t user: Mng s qun l kt hp 2 cp TMSI mi-IMSI v TMSI c (nu c)-IMSI. Nu giao dch t user: User c th xc nhn chnh n bng c TMSI c hoc mi. Khi mng s ch gi li TMSI m user xc nhn. Nu giao dch t mng: mng s xc nhn user bng IMSI ca n. Sau mng s hng dn user xa v lu TMSI. Kt lun: Trong chng ny trnh by v kin trc mng, cc thnh phn v giao din ca h thng mng 3G UMTS, xem xt kin trc bo mt v cc lnh vc an ninh ca mng 3G. Tp trung trnh by cc th tc bo mt v nhn thc, cc bin php bo mt c s dng trong mng 3G nh th tc nhn thc v tha thun kha AKA, th tc bo ton tnh ton vn thng tin bo hiu, th tc m ha d liu, th tc ch nh li TMSI Qua y, ta c th nh gi, so snh c kh nng bo mt ca mng 3G so vi bo mt mng GSM v thy c h thng thng tin di ng 3G to dng mt kin trc an ninh chc chn, nh cung cp c nhng c tnh an ninh cn thit, p ng c nhu cu bo mt cho c nh cung cp mng ln ngi s dng.

Trang: 63

Bo mt trong thng tin di ng

PHN III: KT LUN


Lun vn ny ch yu l tm hiu bo mt trong thgn tin di ng qua cc giao thc c trnh by trn ti. Ni dung ch yu l tm kim cc thng tin trong bo mt nh 2G, 3G, hay mng v tuyn. Tt c u nhm mc ch nghin cu v nhn thc v thng tin di ng.Chng u em li mc ch l bo mt c thng tin.Vic bo mt v nhn thc thu bao cho cc giao thc trong mng thng tin nh mng t ong s v Internet khng dy. iu ny gip chng ta xc nh vic thc hin vic nhn thc v cao hn na l bo mt trong thng tin di ng. Tuy nhin quan trng nhn thy ton b lnh vc nhn thc v bo mt cho mi trng lin mng v tuyn l mt cng vic ang pht trin. Nhiu vn nh s cnh tranh ang din ra gia cng ngh kho mt m kho cng cng (public key) v kho ring (private key) vn cn cha c gii quyt, ng thi nhng nn tng tnh ton v truyn thng c s ang pht trin khng ngng. Cng ngh an ninh cho thng tin v tuyn s tip tc thay i nhanh chng trong thp k ti v tim nng thc hin c cng ngh v tnh cht e do ti an ninh pht trin theo thi gian. T mt nghin cu nh lun vn ny c th d on mt s thnh phn ca l trnh pht trin. Cc phn t cn li chc chn vn cha phn tch v tm hiu r lm cho ti thm phong ph v a dng hn. iu khng mong mun thc y chnh n hng ti lch s ca Internet mt cch thng xuyn v c l s tip tc nh vy vi tn s ngy cng tng v lch s Internet khng dy ang m rng vi nhiu cgn ngh bo mt chnh xc v hp l hn cho tt cc thng tin cc ng truyn. Tt c u phc v mc ch ti a cho vic bo mt thng tin di ng..

Trang: 64