Scribd Logo
Upload

Welcome to Scribd!

  • 1. Khái niệm ISAKMP, tại sao cần có giao thức ISAKMP

    Uploaded by

    boysaobang
    7 views19 pages
    Very good.

    Original Title

    16-20

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Very good.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views19 pages

    1. Khái niệm ISAKMP, tại sao cần có giao thức ISAKMP

    Uploaded by

    boysaobang
    Very good.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 19

    Cu 16: Trnh by v giao thc ISAKMP (Internet Security A ociation an!

    Key Manage"ent# trong IP Security$ - Kh%i ni&" ISAKMP' t(i ao c)n c* giao thc ISAKMP+ - C%ch , !-ng ISAKMP' c.u tr/c g*i tin ISAKMP' c.u tr/c c%c t0i tin ISAKMP' 1 ngh2a c%c tr34ng+ - 56" 7i8u trao 9:i ISAKMP (;a e' I!entity Protection' Authentication <n=y' Aggre ive' In>or"ationa=#+ 1. Khi nim ISAKMP, ti sao cn c giao thc ISAKMP Kh%i ni&"$ ISAKMP l vit tt ca Internet Security Association and Key Management. - n! ng!"a c#c t! t$c v c#c % n! d&ng g'i tin trong vi(c t!it l)*+ %m *!#n+ c!,n! s-a+ !y ./ c#c SAs. SAs c!0a t1t c2 c#c t!3ng tin %45c y6u c7u c!o vi(c t!8 t!i ca n!i9u d c! v$ .2o m)t m&ng n!4 d c! v$ t7ng IP :gi;ng n!4 vi(c %'ng g'i c#c *ayload v <#c t!8c c#c !eader=+ v)n c!uy>n !o?c c#c d c! v$ t7ng 0ng d$ng !o?c .2o v( c!@n! Au# trBn! %i9u %Bn! ca n'. - n! ng!"a c#c t2i tin dCng trong vi(c trao %Di E!o# v c#c t!3ng tin an ton E!#c m c#c t!3ng tin ny %Fc l)* vGi EH t!u)t t&o ra E!o#+ t!u)t to#n mI !o# v cJ c! <#c t!8c. ISAKMP *!Kn .i(t vGi c#c giao t!0c trao %Di E!o# E!#c %> t#c! c#c c!i tit v9 Au2n lL SA :v Au2n lL E!o#= tM c#c c!i tit v9 trao %Di E!o#. N' n!i9u giao t!0c trao %Di E!o# E!#c n!au+ vGi c#c t!uFc t@n! .2o m)t E!#c n!au. Ouy n!i6n+ c7n mFt PrameQorE c!ung %> c!1* n!)n % n! d&ng c#c t!uFc t@n! ca SA v %> %m *!#n+ t!ay %Di+ v lo&i ./ SAs. ISAKMP *!$c v$ n!4 n!Rng PrameQorE c!ung ny. ISAKMP c' t!> %45c t!8c t!i tr6n .1t c0 trao t!0c truy9n t!3ng no. Si(c ci %?t *!2i .ao gTm E!2 nUng g-i v n!)n ca ISAKM* s- d$ng VWP tr6n cDng XYY. T(i ao c)n c* ISAKMP$ ISAKMP *!Kn .i(t vGi c#c giao t!0c trao %Di E!o# E!#c %> t#c! c#c c!i tit v9 Au2n lL Et !5* .2o m)t :v Au2n lL E!o#= tM c#c c!i tit v9 trao %Di E!o#. N' n!i9u giao t!0c trao %Di E!o# E!#c n!au+ vGi c#c t!uFc t@n! .2o m)t E!#c n!au. Ouy n!i6n+ c7n mFt PrameQorE c!ung %> c!1* n!)n % n! d&ng c#c t!uFc t@n! ca SA v %> %m *!#n+ t!ay %Di+ v lo&i ./ c#c SA. ISAKMP *!$c v$ n!4 n!Rng PrameQorE c!ung ny. ISAKMP c' t!> %45c t!8c t!i tr6n .1t c0 trao t!0c truy9n t!3ng no. Si(c ci %?t *!2i .ao gTm E!2 nUng g-i v n!)n ca ISAKM* s- d$ng VWP tr6n cDng XYY. ISAKMP !Z tr5 vi(c %m *!#n ca c#c SA v9 c#c giao t!0c .2o m)t [ t1t c2 c#c t7ng ca stacE m&ng :IPS\N+ O]S+ O]SP+ ^SP_`=. abng vi(c t)* trung vo vi(c Au2n lL c#c SA+ ISAKMP gi2m mFt s; l45ng lGn c#c c!0c nUng trCng l?* trong mZi giao t!0c .2o m)t. ISAKMP ccng c' t!> gi2m t!di gian t!it l)* Et n;i .bng vi(c %m *!#n ton .F c#c d c! v$ trong ngUn <* t0c t!B.

    2. Cch s dng ISAKMP, c ! t"#c gi tin ISAKMP, c ! t"#c cc t$i tin ISAKMP, % ngh&a cc t"'(ng. C%ch , !-ng ISAKMP - ISAKMP cung c1* giao t!0c trao %Di %> t!it l)* mFt SA giRa c#c t!8c t!> %ang %m *!#n %45c E ti* .[i vi(c t!it l)* mFt SA .[i c#c t!8c t! %ang %m *!#n ny t!ay e

    m?t mFt s; giao t!0c. 7u ti6n+ mFt giao t!0c trao %Di .an %7u c!o *!f* mFt t)* c#c t!uFc t@n! .2o m)t cJ .2n %45c %45c c!1* n!Kn. O)* c#c t!uFc t@n! ny .2o v( c!o vi(c trao %Di ca c#c ISAKMP. g' ccng c!, ra *!4Jng t!0c <#c t!8c v trao %Di E!o# %45c t!8c !i(n n!4 l mFt *!7n ca giao t!0c ISAKMP. gu n!4 t)* c#c t!uFc t@n! .2o m)t cJ .2n %45c ci %?t giRa c#c t!8c t!> server %ang %m *!#n t!B trao %Di ISAKMP .an %7u %45c ./ Aua v s8 t!it l)* mFt SA c' t!> %45c t!8c !i(n mFt c#c! tr8c ti*. Sau E!i t)* c#c t!uFc t@n! .2o m)t cJ .2n %45c c!1* n!)n+ n!)n di(n %45c <#c t!8c v c#c E!o# y6u c7u %45c t&o ra t!B c#c SA %I %45c t!it l)* c' t!> %45c sd$ng c!o s8 Et n;i ti* t!eo .[i t!8c t! %45c tri(u ghi .[i ISAKMP. P!Kn t#c! c#c c!0c nUng t!n! i *!7n lm tUng t!6m t@n! *!0c t&* ca vi(c *!Kn t@n! .2o m)t ca mFt t!8c t!i ISAKMP !on c!,n!. Ouy n!i6n+ *!Kn t#c! r1t Auan trhng trong s8 t4Jng t!@c! giRa c#c !( t!;ng vGi c#c y6u c7u .2o m)t E!#c n!au v ccng n6n %Jn gi2n !o# vi(c *!Kn t@c! s8 *!#t tri>n <a !Jn ca mFt server ISAKMP.

    C.u tr/c g*i tin ISAKMP ISAKMP jeader ISAKMP jeader ge<t Payload Initator NooEie kes*onder NooEie MaloSer MinorSer \<c!ange _lags Message IW ]engt! ISAKMW jeader - ge<t *ayload: Ki>u t2i tin Initiator s; e - Sersion: *!i6n - \<c!ange ty*e: Ki>u trao %Di - _lags: cd - Message IW: s; !i(u - ]engt!: %F di - Initator NooEiem kes*onde NooEie: MI c!;ng l&i t1n c3ng W^S n NooEie cuoa t!8c t!> E![i t&o vi(c t!it l)* SA+ E!ai .#o SA v lo&i ./ SA - kes*onder NooEie: NooEie ca t!8c t!> %ang %#* 0ng l&i y6u c7u t!it l)* SA+ E!ai .#o SA v lo&i ./ SA. - ge<t *ayload: c!, ra lo&i *ayload %7u ti6n trong message. - Malor Sersion: c!, ra *!i6n .2n c!@n! ca giao t!0c ISAKM^ %ang dCng. - Minor Sersion: c!, ra *!i6n .2n t!0 yu ca giao t!0c ISAKMP %ang dCng. Orong W^S+ NooEie dCng %> c!;ng vi(c t1n c3ng T &t server :.bng vi(c g-i !ng lo&t c#c message: re*lay *acEet !o?c Plood attacE - s- d$ng % a c!, ma=: a6n g-i g-i mFt cooEie+ E!i %' .6n n!)n g-i l&i c!o .6n g-i mFt cooEie+ nu n!4 .6n g-i %#* 0ng l&i t!B %' l % a c!, t!)t. Payload jeader e Payloade Payload jeader p Payloadp

    C.u tr/c c%c t0i tin ISAKMP ge<t Payload

    keserved

    Payload ]engt!

    Payload jeader - ge<t Payload: Ki>u t2i tin ti* t!eo - keserved: W8 *!qng - Payload ]engt!: F di t2i tin N#c Ei>u t2i tin - Ki>u SA: WCng %> trao %Di c#c t!am s; an ton. - Pro*osal :P=: s- d$ng trong Au# trBn! %m *!#n SA+ t!;ng n!1t c#c giao t!0c %45c sd$ng. - OransPorm :O=: t!;ng n!1t c#c Ei>u .in %Di - Key \<c!ange :K\=: WCng %> trao %Di E!o# - IdentiPication :IW=: trao %Di t!3ng tin % n! dan! - NertiPied :\kI=: trao %Di c!0ng c!, sD v t!3ng tin li6n Auan - NertiPicate keAuest: y6u c7u c!0ng c!, s; - jas!m Signature: c!0a mI jas! !o?c c!R EL - gonce: s; nonce c!;ng g-i l?* - gotiPication: t!3ng tin c2n! .#omlZi - Welete: SA !t !&n t!B !uo ). *+m ,i-! t"ao ./i ISAKMP 01as2, Id2ntit3 P"ot2ction, A!th2ntication 4n53, Agg"2ssi62, In7o"mationa58. e. ;a e ?@change (Trao 9:i cA B#: r .4Gc e= I k: SA+ gonce: Initator g-i c!o kes*onder c#c t!3ng s; SA+ gonce %9 ng! SA. p= kI: SA+ gonce :gonce e E!#c gonce p=: t!;ng n!1t SA i= I k: K\+ IWI: AVOj t&o E!o#+ c!0ng t!8c t!3ng tin r= k I: K\+ IWk: AVOj <#c n!)n E!o#+ c!0ng t!8c s Et t!tc C+ I!entity Protection ?@change e= KlPdlsa p= I k i= I k: K\ r= k I: KI X= I k: IWI+ AVOj u= k I: IWk+ AVOj i. Authentication on=y ?@change$ i .4Gc e= I k: SA+ gonce p= k I: SA+ gonce++ IWk+ AVOj i= I k: IWI+ AVOj r. Aggre ive ?@change: i .4Gc e= I k: SA: K\+ IWI+ gonce p= k I: SA: K\+ gonce+ IWkv AVOj i= I k: AVOj D+ In>or"ationa= ?@change

    I k: gmW t!3ng tin lZi+ c2n! .#o+ <o# Cu 1E: Trnh by v giao thc SSF (Secure Soc7et Fayer#$ - G.n 9 an ton Heb' c%c Ih3Ang %n tiJI cKn an ton Heb theo c%c =LI+ - Kh%i ni&" SSF' chc n6ng' 7iJn tr/c SSF+ - Kh%i ni&" SSF Connection v SSF Se ion+ C%c thuMc tNnh cOa SSF Connection v SSF Se ion+ 1. 9 n .: an to;n <2=, cc >h'?ng n ti@> cAn an to;n <2= th2o cc 5B>. - we. p c!i9u ti(n l5i n!4ng dx . t1n c3ng - F tr8c Auan cao+ dx *!#t t#n t!3ng tin n6n dx tit lF .@ m)t ri6ng t4+ vi *!&m .2n Auy9n. - j( t!;ng *!0c t&*: giao t!0c %Jn gi2n+ n!4ng c#c 0ng d$ng clientmserver *!0c t&* - N' c#c %i>m dx . t1n c3ng: Qe. server c' t!> tr[ t!n! .n %&* t1n c3ng C%c "Pi 9e !o( v tNnh b0o "Kt cOa Heb M;i %e do& j)u Au2 ai(n *!#* %;i *!' O@n! ton vyn - O!ay %Di dR li(u - M1t t!3ng tin N#c c!ecEsum mI ng4di s- d$ng - ODn !&i %n m#y !o# - OrBn! duy(t Orolan m'c !orse - Wx . t1n c3ng - O!ay %Di .F n!G -O!ay %Di trong c!uy>n ti* c#c message O@n! .2o m)t - gg!e trFm Aua - M1t t!3ng tin MI !o#+ Qe. *ro<y m&ng - M1t t@n! ri6ng t4 - OrFm t!3ng tin tM server - OrFm dR li(u tM client - O!3ng tin v9 c1u !Bn! m&ng - O!3ng tin v9 client no %ang trao %Di vGi server OM c!;i d c! v$ - ggt c#c t!read - j/ng+ *!# vz N' n!i9u c#c! E!#c ca ngMJi s- d$ng. - {u1y r;i n!au %> ngUn ngMa - ]m l$t m#y vGi - N2n tr[ ng4di sc#c y6u c7u gi2 d$ng !on t!n! - ]m %7y %"a c0ng c3ng vi(c !o?c .F n!G. - N3 l)* m#y .[i d8 t1n c3ng WgS |#c t!8c - ji(n n!Kn ca N#c EH t!u)t mI !o# ng4di s- d$ng !5*

    *!#*. - }i2 m&o dR li(u C%c Ih3Ang Ih%I tiJI cKn an ton Qeb theo c%c =LI - P!Kn lo&i c#c m;i %e do& t!eo v tr@ ta c': s we. server s we. client s getQorE traPPic :can t!i(* vo dR li(u tr6n %4dng truy9n=. - P!Kn lo&i t!eo c1* .2o v( s I*sec :O7ng m&ng= s SS] :Secure SocEet ]ayer=: O7ng giao v)n s S\O :Secure \lectronic Oransaction=: O7ng 0ng d$ng

    Orong su;t vGi ng4di s- tr6n ONP+ %45c n!tng trong c#c *acEage d$ng cu;i

    ?c t2 0ng d$ng - S\O

    2. -

    Khi nim SSC, chc n+ng, ,i@n t"#c SSC. 45c *!#t min! .[i c3ng ty getsca*e+ c&n! tran! vGi SjOOP OM version i.Y tr[ t!n! c!u~n Internet O]S :Orans*ort ]ayer Security= SS] i.e

    Kh%i ni&"$ D SS] :Secure SocEet ]ayer= l giao t!0c %a m$c %@c! %45c t!it E %> t&o ra c#c giao ti* giRa !ai c!4Jng trBn! 0ng d$ng tr6n mFt cDng % n! tr4Gc :socEet rri= n!bm mI !o# ton .F t!3ng tin %im%n+ %45c s- d$ng trong giao d c! %i(n t- n!4 truy9n s; li(u t! t@n d$ng+ m)t E!~u+ s; .@ m)t c# n!Kn :PIg= tr6n Internet. Ph thm: Internet c!&y tr6n mFt giao t!0c c' t6n l ONPmIP. }iao t!0c ONPmIP <#c % n! c!o c#c m#y t@n! tr6n m&ng t!3ng tin l gB v %45c gi n!4 t! no. SS] tUng E!2 nUng ca ONPmIP .bng c#c! .D sung t!6m mFt lG* mGi l6n tr6n ONPmIP ghi l lG* .2n g!i SS] :SS] kecord ]ayer=. K!i mFt E!#c! !ng .4Gc vo m#y c! an ton %45c Au2n lL .di SS]+ trBn! duy(t s y6u c7u m#y c! mFt *!i6n an ton. Sau %' m#y c! an ton s m[ mFt cDng mI !o# %?c .i(t c!o *!i6n mua !ng tr8c tuyn . WR li(u g-i %i %45c mI !o# tr4Gc E!i g-i tr6n ONPmIP. SS] kecor% ]ayer Au2n lL cDng ny %> %2m .2o *!i6n c' E!#c! !ng ny duy trB s8 an ton ca n'. ggoi ra+ SS] cung c1* c3ng ng!( ghi l giao t!0c .t tay SS] :SS] jands!aEe Protocol=. SS] jands!aEe Protocol nbm tr6n m#y c! an ton v tin !n! c!0ng n!)n v mI !o# E!o# c3ng cFng+ X

    Orong c#c giao d c! %i(n t- tr6n m&ng v trong c#c giao d c! t!an! to#n tr8c tuyn+ t!3ng tinmdR li(u tr6n m3i tr4dng m&ng Internet E!3ng an ton t!4dng %45c .2o %2m .[i cJ c! .2o m)t t!8c !i(n tr6n t7ng v)n t2i c' t6n ]G* cDng .2o m)t SS] :Secure SocEet ]ayer= - mFt gi2i *!#* EH t!u)t !i(n nay %45c s- d$ng E!# *!D .in trong c#c !( %i9u !n! m&ng m#y t@n! tr6n Internet. Chc n6ng$ %2m .2o t@n! an ton v tUng c4dng .2o m)t t;i %a c!o ng4di s- d$ng E!i truy9n %&t t!3ng tin Aua m&ng. KiJn tr/c SSF o P!$ t!uFc vo ONP c!o %F tin c)y end to end o SS] l giao t!0c t7ng .ao gTm !ai lG* giao t!0c: - SS] kecord Protocol: cung c1* d c! v$ an ton cJ .2n - i giao t!0c lG* tr6n: WCng trong vi(c Au2n lL c#c trao %Di SS] gTm Giao thc SSL Handshake: l giao t!0c con SS] c!@n! %45c s- d$ng %> !Z tr5 <#c t!8c client v server v %> trao %Di mFt E!'a session Giao thc SSL Change Cipher Spec: %45c s- d$ng %> t!ay %Di giRa mFt t!3ng s; m)t mI ny v mFt t!3ng s; m)t mI E!#c. M?c dC t!3ng s; m)t mI t!4dng %45c t!ay %Di [ cu;i mFt s8 t!it l)* Auan !( SS]+ n!4ng n' ccng c' t!> %45c t!ay %Di vo .1t E t!di %i>m sau %'. Giao thc SSL Alert: %45c s- d$ng %> c!uy>n c#c c2n! .#o t!3ng Aua SS] kecord Protocol. MZi c2n! .#o gTm p *!7n+ mFt m0c c2n! .#o v mFt m3 t2 c2n! .#o. ggoi n!Rng giao t!0c con SS] ny+ mFt SS] A**lication Wata Protocol %45c s- d$ng %> c!uy>n tr8c ti* dR li(u 0ng d$ng %n SS] kecord Protocol.

    O!eo .i>u %T tr6n+ SS] nbm trong t7ng 0ng d$ng ca giao t!0c ONPmIP. Wo %?c %i>m ny+ SS] c' t!> %45c dCng trong !7u !t mhi !( %i9u !n! !Z tr5 ONPmIP m E!3ng c7n *!2i c!,n! s-a n!Kn ca !( t!;ng !o?c ngUn <* ONPmIP. i9u ny mang l&i c!o SS] s8 c2i tin m&n! m so vGi c#c giao t!0c E!#c n!4 IPSec :IP Security Protocol=. SB giao t!0c ny %qi !/i n!Kn !( %i9u !n! *!2i !Z tr5 v c!,n! s-a ngUn <* ONPmIP. SS] ccng c' t!> dx dng v45t Aua t4dng l-a v *ro<y+ ccng n!4 gAO :Network Address Translation= m E!3ng c7n nguTn cung c1*. u

    SSF ho(t 9Mng nh3 thJ noR ai>u %T d4Gi %Ky s c!, ra mFt c#c! %Jn gi2n vGi tMng .4Gc Au# trBn! t!it l)* Et n;i SS] giRa m#y E!#c! :client n dCng mFt %4dng dn Qe. .roQser= v m#y c! :server n dCng mFt SS] Qe. server=

    ai>u %T . OMng .4Gc t!n! l)* mFt Et n;i SS] g!4 .&n t!1y tr6n !Bn!+ Au# trBn! t!it l)* Et n;i SS] .t %7u .bng vi(c trao %Di c#c t!am s; mI !o# v sau %' <#c n!)n c#c server mFt c#c! tu L :dCng gia t!0c SSL Handshake=. gu .t tay :Handshake= t!n! c3ng+ c2 !ai c!i9u %9u c!1* n!)n .F mI !o# c!ung v c#c E!o# mI !o#+ t!B dR li(u [ t7ng 0ng d$ng :t!3ng t!4dng dCng jOOP+

    n!4ng ccng c' t!> l mFt giao t!0c E!#c= c' t!> %45c g-i t!3ng Aua %4dng !7m :tunnel= mI !o# :dCng SSL Record La er=. Orong t!8c t+ tin trBn! tr6n cqn *!0c t&* !Jn mFt c!tt. > tr#n! n!Rng c#i .t tay E!3ng c7n t!it+ mFt s; t!am s; mI !o# %45c giR l&i. N#c t!3ng .#o %45c g-i %i. aF mI !o# ccng c' t!> %45c t!ay %Di. Ouy n!i6n+ .1t c!1* c#c %?c %i>m E" t!u)t %'+ c#c! t!0c *!D .in n!1t ca tin trBn! ny lm vi(c t!8c s8 n!4 tr6n. ). Khi nim SSC Conn2ction 6; SSC S2ssion. Cc th!Ec tFnh cGa SSC Conn2ction 6; SSC S2ssion+ SS] Nonnection: M;i Auan !( ngang !ng [ t7ng giao v)n ca p ntt. Mhi connection %9u Et n;i vGi mFt session SS] session: l mFt Et !5* giRa client v server+ %45c t!it l)* .[i jandS!aEe Protocol :giao t!0c .t tay=: |#c % n! mFt t)* c#c t!am s; an ton m)t mI c' t!> %45c c!ia s giRa n!i9u connection. Session c' n!i9u connection Session % n! ng!"a t)* t!am s; an ton %45c s- d$ng c!ung .[i n!i9u connection Or#n! vi(c *!2i trao %Di t!am s; an ton n!i9u l7n Session c' p tr&ng t!#i: s current: ang !o&t %Fng v c' t!> t!8c !i(n g-i tin n!n s *ending: ang trong Au# trBn! %m *!#n Et n;i N#c t!uFc t@n! ca SS] session - Session IW - N!0ng c!, s; c2u c#c .6n - O)* t!3ng s; an ton :ci*!er s*ec=: c#c t!u)t to#n s- d$ng - Master Secret: K!o# c!@n! - Isresuma.le: session c' t!> t&o c#c connection mGi E!3ng N#c t!uFc t@n! ca SS] connection - gonce: s; ngu n!i6n dCng %> c!;ng W^S attacE - MAN secret: E!o# dCng %> t&o mI c!0ng t!8c :jMAN= - \ncry*tion Eey: E!o# dCng c!o mI !o# truy9n t!;ng - Initial vector: WCng trogn mI !o# NaN - Seg num.er: s; !i(u Cu 1S: Trnh by giao thc SSF Tecor!$ - Kh%i ni&"' c%c !Uch v- cOa SSF Tecor!+ - C%c b3Lc thVc hi&n SSF Tecor!+ - C.u tr/c g*i tin SSF Tecor!' 1 ngh2a c%c tr34ng+ 1. Khi nim, cc dHch 6 cGa SSC I2co"d Khi nim: l giao t!0c t!uFc SS] <#c % n! E!u3n d&ng c!o tin !n! mI !o# v truy9n tin !ai c!i9u giRa !ai %;i t45ng c' n!u c7u trao %Di t!3ng tin !o?c dR li(u. Cc dHch 6D Nung c1* p d c! v$ Auan trhng c!o SS] connection - O@n! .2o m)t: giao t!0c jandS!aEe % n! ng!"a E!o# .2o m)t c!o mI !o# truy9n t!;ng ca c#c t2i tin SS].

    O@n! ton vyn: giao t!0c jandS!aEe % n! ng!"a mFt E!o# c!ia s %45c s- d$ng %> % n! d&ng mI c!0ng t!8c tin n!n :message aut!entication code - MAN= : sd$ng jMAN d8a tr6n E![i t&o .[i giao t!0c jandS!aEe=

    o _ragmentation n K!;i euK.yte !o?c @t !Jn o Nom*ression n tu L+ E!3ng %45c tUng %F di nFi dung v45t Au# eYpr.ytes o Message aut!entication code :MAN n mI c!0ng t!8c tin .#o= n s- d$ng E!o# .2o m)t c!ia s+ t4Jng t8 n!4 t!u)t to#n jMAN 2. Cc ='Bc thJc hin SSC I2co"d SS] kecord Protocol n!)n dR li(u tM c#c giao t!0c con SS] lG* cao !Jn v <- lL vi(c *!Kn %o&n+ nfn+ <#c t!8c v mI !'a dR li(u. N!@n! <#c !Jn+ giao t!0c ny l1y mFt E!;i dR li(u c' E@c! cz tCy L lm dR li(u n!)* v tha mFt lo&t c#c %o&n dR li(u SS] lm dR li(u <u1t :!o?c cqn %45c ghi l c#c .2n g!i= n!/ !Jn !o?c .bng eu+ii .yte. N#c .4Gc E!#c n!au ca SS] kecord Protocol v;n %i tM mFt %o&n dR li(u t!3 %n mFt .2n g!i SS] Plainte<t :.4Gc *!Kn %o&n=+ SS] Nom*ressed :.4Gc nfn= v SS] Ni*!erte<t :.4Gc mI !'a=. MZi t2i trhng dR li(u .2n g!i SS] %45c nfn v %45c mI !'a t!eo *!4Jng t!0c nfn !i(n !n! v t!3ng s; m)t mI %45c <#c % n! c!o session SS]. ]tc .t %7u mZi session SS]+ *!4Jng *!#* nfn v t!3ng s; m)t mI t!4dng %45c <#c % n! l rZng. N2 !ai %45c <#c l)* trong su;t Au# trBn! t!8c t!i .an %7u SS] jands!aEe Protocol. Sau cCng+ MAN %45c t!6m vo mZi .2n g!i SS]. g' cung c1* c#c d c! v$ <#c t!8c nguTn g;c t!3ng .#o v t@n! ton vyn dR li(u. O4Jng t8 n!4 t!u)t to#n mI !'a+ t!u)t to#n v;n %45c s- d$ng %> t@n! v <#c n!)n MAN %45c <#c % n! trong t!3ng s; m)t mI ca tr&ng t!#i session !i(n !n!. O!eo m?c % n!+ SS] kecord Protocol s- d$ng mFt c1u trtc MAN v;n t4Jng t8 n!4ng vn E!#c vGi c1u trtc jMAN !Jn. N' .a %i>m E!#c .i(t c!@n! giRa c1u trtc SS] MAN v c1u trtc jMAN:

    e. N1u trtc SS] MAN c' mFt s; c!uZi trong t!3ng .#o tr4Gc E!i !as! %> ngUn c#c !Bn! t!0c t1n c3ng <em l&i ri6ng .i(t. p. N1u trtc SS] MAN c' c!i9u di .2n g!i. i. N1u trtc SS] MAN s- d$ng c#c to#n t- g!f*+ trong E!i c1u trtc MAN s- d$ng moduloe cFng p. O1t c2 n!Rng %i>m E!#c .i(t ny !i(n !Ru c! yu vB c1u trtc SS] MAN %45c s- d$ng tr4Gc c1u trtc jMAN trong !7u n!4 t1t c2 t!3ng s; EH t!u)t giao t!0c .2o m)t Internet. N1u trtc jMAN ccng %45c s- d$ng c!o t!3ng s; EH t!u)t giao t!0c O]S g7n %Ky !Jn. ). C ! t"#c gi tin SSC I2co"d, % ngh&a cc t"'(ng n! d&ng SS] kecord

    Oi6u %9 SS] kecord: - Nontent Oy*e: Ki>u g'i tin SS]+ <#c % n! giao t!0c lG* cao !Jn v;n *!2i %45c s- d$ng %> sau %' <- lL t2i trhng dR li(u .2n g!i SS] :sau E!i gi2i nfn v gi2i mI !'a t!@c! !5*=. - Sersion n *!i6n .2n :c!@n! *!$=+ <#c % n! *!i6n .2n SS] %ang s- d$ng :t!4dng l version i.Y= - Nom*ressed ]engt!: F di .2n tin g;c - MAN: mI c!0ng t!8c N#c lo&i content ty*e: - N!ange Ni*!er S*ec: }iao t!0c %Jn gi2n n!#t .ao gTm message e .yte. a#o .6n n!)n t!ay %Di .F t!am s; an ton :#* d$ng tr&ng t!#i *ending vo current=+ Wata e .yte.
    1 byte

    Change Cipher Spec Protocol

    eY

    Alert:YYpYOruy9n t2i t!3ng tin c2n! .#o m lZi. Wata p .yte: ayte e c!, m0c %F+ .yte p t!> !i(n nFi dung c2n! .#o. 1 byte 1 byte =eve= a=ert

    A=ert Protoco= A**lication Wata: dR li(u t7ng 0ng d$ng SS] truy9n t2i :Wata e .yte= 1 byte o*aAue content <ther uIIer]=ayer Irotoco= (e+g+' YTTP) jandS!aEe: N!0a c#c t!3ng tin c!o *!f* clientmserver %m *!#n+ trao %Di t!am s; an ton :s- d$ng tr4Gc E!i truy9n dR li(u t7ng 0ng d$ng= 1 byte _ byte ^ byte tyIe =ength Yan! ha7e Protoco= Cu 1W: Trnh by c%c b3Lc thVc hi&n bXt tay trong giao thc SSF Yan! ha7e$ - Kh%i ni&"' "-c 9Nch cOa SSF Yan! ha7e+ - C%c giai 9o(n trong Zu% trnh bXt tay cOa SSF Yan! ha7e+ - [ ngh2a c%c th\ng 9i&I trao 9:i trong c%c giai 9o(n cOa Zu% trnh bXt tay+ 1. Khi nim, mc .Fch cGa SSC Kandsha,2 Khi nimD SS] jands!aEe *rotocol l giao t!0c con SS] c!@n! %45c s- d$ng %> !Z tr5 <#c t!8c client v server v %> trao %Di mFt E!'a session Mc .FchD N!o *!f* server v client <#c t!8c ln n!au+ %m *!#n+ mI !o#+ s- d$ng t!u)t to#n MAN. 45c s- d8ng tr4Gc E!i dR li(u t7ng 0ng d$ng %45c truy9n. aao gTm mFt c!uZi c#c message. content

    ee

    2. Cc giai .on t"ong L! t"Mnh =Nt ta3 cGa SSC Kandsha,2 `a" b giai 9o(n$ - Giai !o"n #$ O!it l)* Et n;i logic v t!;ng n!1t t!am s; an ton o Nlient g-i message client%hello vGi nonce& session '(& cipher s)ite :gi2m t!eo t!0 t8 4u ti6n=+ *!4Jng t!0c nfn. o Server g-i l&i message ser*er%hello vGi! nonce v l8a c!hn c#c t!am s; d8 Ein. o N#c trao %Di c!@n!: kSA Pi<ed+ e*!emeral :c!'ng tn=+ or anonymous :n?c dan!= WiPPie-jellman _ortea Giai !o"n +$ Orao %Di t!3ng tin certiPicate :c!0ng n!)n= v Eey o j7u !t l tu c!hn o Server g-i certiPicate :|.XYs= ca n' nu n' c7n <#c t!8c o Message er*er%ke %e,change %45c g-i. Ky l mFt !as! .ao gTm c#c nonce % ngUn c2n t1n c3ng g-i l?*. o Server c' t!> g-i mFt message certi-icate%re.)est tGi client. o Nu;i cCng message ser*er%done :no *arms= lu3n lu3n %45c g-i .[i server %> c!, ra *!7n cu;i ca !ello+ <#c t!8c v message trao %;i. o Server c!d %#* 0ng ca client - Giai !o"n /$ Nlient g-i certiPicate v <#c n!)n server o aKy gid Nlient <#c min! l&i l&i certiPicate nu %45c y6u c7u v Ei>m tra c#c t!am s;. o Message certi-icate %45c g-i nu server y6u c7u n'. o Message client%ke %e,change g-i c#c E!o# trao %Di. o Message certi-icate%*eri- message %45c g-i %> <#c min! s[ !Ru ca client ca E!o# ri6ng l certiPicate ca client - Giai !o"n 0$ jon t!i(n v Et t!tc Au# trBn! trao %Di o jon t!n! vi(t ci %?t Et n;i an ton. o Nlient g-i mFt message change%cipher%spec v co**y Ni*!erS*ec *ending t!n! Ni*!erS*ec current. o Nlient g-i message Pinis!ed d4Gic t!u)t to#n mGi+ E!o# v t@n! .@ m)t. o #* 0ng l&i p message+ server t!8c !i6n gi;ng n!4 t! jands!aEe com*lete !on t!n! v client v server c' t!> .t %7u trao %Di dR li(u t7ng 0ng d$ng

    ep

    ei

    ). O ngh&a cc thPng .i> t"ao ./i t"ong cc giai .on cGa L! t"Mnh =Nt ta3D nh' gi$i thFch t"Qn hMnh t"Qn Cu C^: Trnh by v giao thc S?T (Secure ?=ectronic Tran action#$ - SA 9a thanh to%n trVc tuyJn trong giao !Uch th3Ang "(i 9i&n t, (TMcT#+ - Kh%i ni&" S?T' =di Nch cOa vi&c , !-ng S?T trong b0o "Kt TMcT+ - Ke thuKt chf 71 7gI trong S?T' t(i ao c)n !hng chf 71 7gI' c%ch t(o chf 71 7gI trong S?T+ 1. S? .R thanh ton t"Jc t!3@n t"ong giao dHch th'?ng mi .in t 0SMTS8.

    er

    2. Khi nim SUS, 5Vi Fch cGa 6ic s dng SUS t"ong =$o mAt SMTS Khi nimD S\O l vit tt ca c#c tM Secure \lectronic Oransaction+ l mFt ng!i t!0c t)* !5* n!Rng EH t!u)t mI !o# v .2o m)t n!bm m$c %@c! %2m .2o an ton c!o c#c giao d c! mua .#n tr6n m&ng. o Ky l mFt EH t!u)t .2o m)t+ mI !'a %45c *!#t tri>n .[i SISA+ MASO\k NAkW v c#c tD c!0c E!#c tr6n t! giGi. M$c % c! ca S\O l .2o v( !( t!;ng t! t@n d$ng+ t&o c!o E!#c! !ng+ doan! ng!i(*+ ngKn !ng+ c#c tD c!0c ti c!@n!... s8 tin c)y trong E!i giao d c! mua .#n tr6n Internet. o g!Rng ti6u c!u~n v c3ng ng!( S\O %45c #* d$ng v t!> !i(n n!1t Au#n trong c#c doan! ng!i(*+ c#c ngKn !ngmc3ng ty c1* t!+ tD c!0c t@n d$ng v trung tKm <- lL t! t@n d$ng Aua m&ng. o ggoi ra+ S\O t!it l)* mFt *!4Jng t!0c !o&t %Fng *!;i !5* t4Jng !Z :met!od oP intero*era.ility= n!bm .2o m)t c#c d c! v$ Aua m&ng tr6n c#c *!7n c0ng v *!7n m9m E!#c n!au. CVi Fch cGa 6ic s dng SUS t"ong =$o mAt SMWS _ !Uch v- cA b0n$ ] ;0o "Kt ] Tin cKy ] Tiing t3 (9jc tr3ng# o Nung c1* tNnh b0o "Kt: t1t c2 c#c t!3ng tin %45c mI !o# o Nung c1* tNnh tin cKy: N#c .6n t!am gia truy9n t!3ng *!2i c' c!0ng c!, s;

    eX

    o Nung c1* tNnh riing t3: O!3ng tin c!, %45c cung c1* E!i c7n t!it. 12 l3 t4nh n5ng !6c 7i8t c9a S:T :i .6n t!am gia t!B c' t!3ng tin c!ung n!4ng mZi .6n c!, !i>u %45c t!3ng tin ca mBn!= Chuki c%c V 7i&n cOa 1 giao t%c: 1+ K!#c! !ng m[ ti E!o2n t&i miFt n! cung c1* d c! v$ t!> t@n d$ng :MasterNard+ Sisa`.=. C+ K!#c! !ng n!)n %45c mFt c!0ng c!, s; %45c EL .[i ngKn !ng. _+ g! cung c1* :%Jn v c!1* n!)n t! E!#c! !ng= s[ !Ru p c!0ng c!, s;: e %> EL+ mFt %> trao %Di E!o# b+ K!#c! !ng tin !n! %?t !ng mFt s; !ng !o?c !o?c d c! v$ ca n! cung c1* D+ g! cung c1* %45c <#c t!8c 6+ K!#c! !ng g-i t!3ng tin %?t !ng v t!3ng tin t!an! to#n c!o n! cung c1* E+ g! cung c1* y6u c7u Ei>m c!0ng t!3ng tin t!an! to#n t&i ngKn !ng tr4Gc E!i c!uy>n c!o E!#c! !ng S+ g! cung c1* <#c n!)n %Jn %?t !ng W+ g! cung c1* v c!uy>n !ng !o?c c#c d c! v$ c!o E!#c! !ng 1^+ g! cung c1* y6u c7u t!an! to#n tM ngKn !ng O'm l&i S\O %45c t!it l)* %> .2o m)t n!Rng t!3ng tin v9 c# n!Kn ccng n!4 t!3ng tin v9 ti c!@n! trong Au# trBn! mua .#n v giao d c! tr6n m&ng. ). KX th!At chY ,% ,Z> t"ong SUS, ti sao cn d[ng chY ,% ,Z>, cch to chY ,% ,Z> t"ong SUS. Ch; k4 s< th=ng th>?ng$ Ch; k@ kAp Message Message e Message p

    j GhAp + mB hash Wigest CB hash

    Wigest e

    Wigest p

    geQ Wigest eu Wual Message

    T"o mB hash mDi 7Eng SHA CB hoF 7Eng khoF GPr Pri*ate ke

    Ke thuKt t(o chf 71 7gI trong S?T GhFi ni8m$ N!R EL Ef* Et n;i p .2n tin mFt c#c! an ton n!4ng c!, c!o mZi .6n c' t!> %hc %45c t!3ng tin dn! c!o mBn!. M$c %@c! ca c!R EL Ef*: Et n;i p .2n tin %45c g-i c!o p ng4di E!#c n!au.+ trong tr4dng !5* ny E!#c! !ng mu;n g-i mFt t!3ng tin %?t !ng :^I n ^rder InPormation= tGi n! cung c1* v t!3ng tin t!an! to#n :Payment InPormation - PI= tGi ngKn !ng. g! cung c1* E!3ng c7n .it mI s; t! t@n d$ng ca E!#c! !ng v ngKn !ng ccng E!3ng c7n t!it c!i tit %?t !ng ca E!#c! !ng. K!#c! !ng %45c cung c1* s8 .2o v9 t@n! ri6ng t4 .bng vi(c giR p m$c t#c! rdi n!au. Ouy n!i6n+ !ai m$c *!2i %45c li6n Et vGi n!au t!eo c#c! m c' t!> %45c sd$ng %> gi2i Auyt c#c v1n %9 tran! cIi E!i c7n. ]i6n Et %45c y6u c7u %> E!#c! !ng c' t!> c!0ng min! rbng t!an! to#n ny dn! c!o %?t !ng ny m E!3ng *!2i l c!o c#c m?t !ng !o?c d c! v$ E!#c. > c' t!> t!1y %45c s8 c7n t!it *!2i li6n Et+ c!o rbng E!#c! !ng g-i c!o n! cung c1* p t!3ng %i(* n e l ^I %I EL v mFt PI %I EL n v n! cung c1* c!uy>n PI c!o n!gKn !ng. gu n! cung c1* c' t!> l1y %45c ^I E!#c tM E!#c! !ng ny+ n! cung c1* c' t!> E!ai rbng ^I ny %i vGi PI %tng !Jn l ^I .an %7u %> m4u l5i t!B c!@n! s8 li6n Et %2m .2o c!o vi(c ny E!3ng <2y ra. T(i ao c)n !hng chf 71 7gI - N' n!i9u tr4dng !5* c#c .2n tin c' li6n Auan n!4ng %45c g-i c!o n!Rng ng4di ri6ng r v n!Rng ng4di n!)n ny c!, %45c *!f* .it t!3ng tin dn! c!o mBn! c!R EL Ef* C%ch t(o chf 71 7gI trong S?T

    ligure 1b$ t!8 hi&n c%ch , !-ng chf 7N P 98 9%I ng c%c yiu c)u n*i trin+ Kh%ch hng gif "m ha h (SYA ]1# cOa PI v "m ha h cOa <I+ Sau 9* C ha h ny 93dc =iin 7Jt vLi nhau thnh "Mt "m ha h "Li+ Sau chng' 7h%ch hng "m ho% ha h thu 93dc vLi 7ho% riing cOa anh ta' t(o thnh chf 71 7gI+ C%c Ih3Ang thc 93dc tPng 7Jt =(i nh3 au$
    DS = EKRcc[H(H(PI)||H(OI))]

    %' Kkc: l E!o# c!R E@ .@ m)t ca E!#c! !ng. aKy gid c!o rbng n! cung c1* s[ !Ru c!R EL Ef*+ ^I v digest ca PI :PIMW=. g! cung c1* ccng c' E!o# c3ng E!ai ca E!#c! !ng+ %45c l1y tM certiPicate ca E!#c! !ng. Sau %' n! cung c1* c' t!> t@n! to#n p %&i l45ng sau:
    H(PIMD||H(OI)) and DKUc[DS]

    %' KVc l E!o# c!R EL c3ng E!ai ca E!#c! !ng. gu p %&i l45ng .bng n!au t!B n! cung c1* %I <#c t!8c %45c c!R EL. O4Jng t8+ nu ngKn !ng s[ !Ru WS+ PI v digest ca ^I :^IMW= v E!o# c3ng E!ai ca E!#c !ng+ t!B ngKn !ng c' t!> t@n! to#n n!4 sau:
    H(H(PI)||OIMD) and DKUc[DS]

    O!6m mFt l7n nRa+ nu p %&i l45ng ny .bng n!au t!B ngKn !ng <#c t!8c %45c c!c EL. O'm l&i: e. g! cung c1* n!)n ^I v <#c t!8c c!R EL. p. ggKn !ng n!)n %45c PI v <#c t!8c c!R EL. i. K!#c! !ng li6n Et ^I vGi PI v c' t!> .2o v( %45c li6n Et ny

    S@ d$+ c!o rUng n! cung c1* mu;n %Di mFt ^I E!#c c!o *!i6n giao d c! ny+ %> c' l5i. N7n *!2i tBm mFt ^I E!#c m mI !as! ca n' t4Jng 0ng vGi ^IMW %ang tTn t&i. SGi SjA -e+ %i9u ny E!' c' t!> t!8c !i(n %45c. Wo v)y+ n! cung c1* E!3ng t!> li6n Et mFt ^I E!#c vGi PI ny.

    You might also like