3 XacThucVaDinhDanh

Chng 3:
nh danhv Xc thc
(Identification and Authentication)
Khoa Khoahc vK thut Mytnh
i hc BchKhoa Tp.HCM
Ni dung
Phng phpnh danh
2
Gii thiu v nh danh v xc thc
1
1
Phng phpxcthc
3
Trng i Hc BchKhoaTp.HCM
KhoaKhoa Hc v K Thut My Tnh
2011
Bo mt h thng thngtin
Chng 3: nh danhv Xc thc
2
Giaothc xcthc
4
Gii thiu v nh danhvxcthc
Ccbc trongiu khin truycp
nh danh (Identification):
Ngi dngcungcp danhnh (identity)
Xc thc (Authentication):
2011
3
Ngi dngchng minh danhnh lng
y quyn (Authorization):
Xcnh quyn mngi dngc
Gii thiu v nh danhvxcthc
Ccbc trongiu khin truycp
nh danh (Identification):
Ngi dngcungcp danhnh (identity)
2011
4
Ngi dngchng minh danhnh lng
y quyn (Authorization):
Xcnh quyn mngi dngc
nh danh
Ngi dngcungcp danhnh ca mnhchoh thng
Mc ch:
Tmkim s tn ti vquyn hn chongi dng
2011
5
5
Xcthc
Ngi dng cungcp bng chng ldanhnh lng v
phhp vi mnh.
Mc ch:
Chng minh danhnh lhp l vph hp vi ngi dng.
Quyt nh cchophpngi dng truycp voti nguyn
ca h thng hay khng
2011
6
ca h thng hay khng
Ni dung
1
Phng phpnh danh
2
iu khin d liu vi SQL
3
2011
7
DAC v iu khin dng thng tin
4
Phng phpnh danh
C2 phng php:
ngi dng t nhp thngtin v danhnh
S dng danhnh s ha:
Danhnh sinhtrc hc (biometric identity)
Danhnh mytnh(computer identity)
Danhnh s (digital identity)
2011
8
Danhnh s (digital identity)
Phng phpnh danh
Phng php 1: ngi dng t nhp thng tin v danh
nh
y lphng phpph bin nht hin nay
V d: username, s ti khon
Bc u tinkhi mt hacker mun xmnhp vomt h
thng lthuthp danhschccngi dng hp l ca h
2011
9
thng lthuthp danhschccngi dng hp l ca h
thng.
Phng phpnh danh
Phng php 2: S dng danh nh s ha
Danhnh sinhtrc hc (Biometric identity)
Nhn dng khunmt (Facial recognition)
Qut trngmt (iris scanners)
Hnhhc bntay(hand geometry)
2011
10
Nhn dng vntay(fingerprint)
Phng phpnh danh
Danhnh mytnh(Computer identity)
Tnmytnh
a ch MAC
a ch IP
2011
11
Phng phpnh danh
Danhnh s (Digital identity)
Chng nhn s (Digital certificate)
Th thngminh (Smart card)
2011
12
Ni dung
Phng phpnh danh
2
1
Phng phpxcthc
3
2011
13
Giaothc xcthc
4
Phng php xc thc
Ccphng phpxcthc:
Nhng g bn bit (Something you know)
Nhng g bn c (Something you have)
Nhng g l chnh bn (Something you are)
Mt phng phpxcthc tt lphng phpmkhngd
b on hoc b lmgi.
2011
14
b on hoc b lmgi.
Nhng g bn bit
V d:
Password
S PIN (Personal Identification Number)
u im
Tin li
2011
15
Chi ph thp
Khuyt im
Mc bo mt ph thuc vo phc tp ca password
Nhng g bn bit
Nhng vn ca password:
Password yu: d on (tnngi dng, ngysinhnht ,)
Xydng chnhschpassword:
di
Ccckt c bit (non-letter), ckvit hoa, vit thng
Khcvi username, cct d on
2011
16
Khcvi username, cct d on
Thayi password nh k
Cn cnbng gia: hacker khon vngi dng cth nh
Thu thp thngtin bt hp php(Social engineering)
Ccphn mm ginip (spyware), keystroke logging
Nhng g bn c
Th thngminh (smart card): cb nh nh vckh nng
thc hin mt vi tnhton
Trongth clu thngtin v ngi dng vc password.
ngi dng cth chn nhng password phc tp vthayi
khi cn
a ch MAC, a ch IP
2011
17
a ch MAC, a ch IP
17
Nhng g lchnhbn
S dng ccyu t sinhtrc hc xcthc.
Nhn dng khunmt
Qut trngmt
Hnhhc bntay
Nhn dng vntay
2011
18
Xcthc bng sinhtrc hc gm 2 bc
ng kmu
Nhn dng
Nhng g lchnhbn
Ccli xy rakhi xcthc bng sinhtrc hc
Fraud rate
False accept rate
Alice
2011
19
Bob
Nhng g l chnh bn
Ccli xy rakhi xcthc bng sinhtrc hc
Insult rate
False reject rate
Not
Alice
2011
20
Alice
Nhng g lchnhbn
T l li sinhtrc hc
Fraud rate =Insult rate
Vntay(5%)
Hnhhc bntay(0.1%)
Trngmt (0.001%)
2011
21
u im:
Khtn cng
Khuyt im:
Tn km: lu tr, x l
Phng phpxcthc
Phng phpxcthc tt th tn km
Xt v kh nng b tn cng:
Biometrics <Smartcard <Password
Xt v chi ph:
Password <Smartcard <Biometrics
2011
22
Cth k hp ccphng phpxcthc vi nhau
Ni dung
Phng phpnh danh
2
1
Phng phpxcthc
3
2011
23
Giaothc xcthc
4
Giaothc xcthc
Giaothc xcthc n gin
Giaothc xcthc challenge-response
Giaothc xcthc dngkhai xng
Giaothc xcthc dngkhacngkhai
Giaothc xcthc KERBEROS
2011
24
Gii thiu
Gi s lAlice mun chng minh vi Bob lTi chnhl
Alice
Alice cng cn bit ngi cnli cng lBob khng.
Malice l ngi xu c mun phgiaothc xcthc
Ti l Alice
2011
25
Alice
Bob
Malice
Ti l Alice
Hy minh
Giao thc xc thc n gin
A
l
i
c
e
B
o
b
1: Ti l Alice
2011
26
1: Ti l Alice
2: Hy minh
3: My password is frank
Giao thc xc thc n gin
Password dng vn bn r, Malice cth quanst c.
B
o
b
1: Ti l Alice
M
a
l
i
c
e
2011
27
1: Ti l Alice
2: Hy minh
3: My password is frank
Giaothc xcthc n gin vi hmhash
P
A
: password ca Alice
h(): hmhash
A
l
i
c
e
B
o
b
2011
28
1: Ti l Alice
2: Hy minh
3: h(P
A
)
Giaothc xcthc n gin vi hmhash
Tn cngbng cchlp li thngip
B
o
b
1: Ti l Alice
M
a
l
i
c
e
2011
29
1: Ti l Alice
2: Hy minh
3: h(P
A
)
Giaothc xcthc
Giaothc xcthc n gin
Giao thc xc thc challenge-response
2011
30
N: s nonce (number used once)
A
l
i
c
e
B
o
b
1: Ti l Alice
2011
31
2: N
3: h(P
A
, N)
Khuyt im: Bob phi bit trc password ca Alice
Giaothc xcthc
Giaothc xcthc n gin
Giao thc xc thc dng kha i xng
2011
32
Giaothc xc thc dng kha i xng
C: ciphertext
M: plaintext
K
A
: khaca Alice
C ={M}
K
K
AB
: Khochunggia Alice vBob
2011
33
K
AB
: Khochunggia Alice vBob
Giaothc xc thc dng kha i xng
A
l
i
c
e
B
o
b
1: Ti l Alice
2: N
2011
34
Khuyt im:
Ch cBob xcthc c Alice
Alice khngbit cng lBob khng
3: {N}
KAB
Giaothc xcthc ln nhau(mutual) dngkhai xng
A
l
i
c
e
B
o
b
1: Ti l Alice
2011
35
Thngip bc 3 lp li t bc 2: khngth xcthc
ngi gi
2: {N}
KAB
3: {N}
KAB
Giaothc xcthc ln nhauci tin
A
l
i
c
e
B
o
b
1: Ti l Alice, N
A
2011
36
2: N
B
, {N
A
}
KAB
3: {N
B
}
KAB
Tn cnggiaothc xcthc ln nhauci tin
B
o
b
1.1.: Ti l Alice, N
A
1.2: N
B
, {N
A
}
KAB
M
a
l
i
c
e
2011
37
1.2: N
B
, {N
A
}
KAB
2.1: Ti l Alice, N
B
2.2: N
C
, {N
B
}
KAB
1.3.: {N
B
}
KAB
Giaothc xcthc ln nhauci tin khc
A
l
i
c
e
B
o
b
1: Ti l Alice, N
A
2011
38
2: N
B
, {Bob, N
A
}
KAB
3: {Alice, N
B
}
KAB
Giaothc xcthc
Giaothc xcthc n gin
Giao thc xc thc dng kha cng khai
2011
39
C: ciphertext
M: plaintext
K
A
: cp khab mt vcngkhai ca Alice
C ={M}
KA
: mhabng khacngkhai ca Alice
M =[C]
KA
: gii mbng khab mt ca Alice
2011
40
M =[C]
KA
: gii mbng khab mt ca Alice
S =[M]
KA
: klnM bng khab mt ca Alice
[{M}
KA
]
KA
=M
{[M]
KA
}
KA
=M
Dngmhacngkhai
A
l
i
c
e
B
o
b
1: Ti l Alice
2011
41
2: {N}
KA
3: N
Dngch ks
A
l
i
c
e
B
o
b
1: Ti l Alice
2011
42
2: N
3: [N]
KA
Giaothc xcthc
Giaothc xcthc n gin
Giao thc xc thc KERBEROS
2011
43
Lgiaothc c s dng trongthc t
KERBEROS
Dngmhai xng
c thit k dngtrongnhng h thng nh nh lmng
ni b
Da vothnhphn th 3 tin cy lTrungtmphnphi kha
2011
44
Da vothnhphn th 3 tin cy lTrungtmphnphi kha
(Key Distribution Center - KDC)
Vi N ngi dng
Giaothc dngkhacngkhai: 2N kha
Giaothc dngkhai xng: N
2
kha
Giaothc Kerberos: N kha
Trungtmphnphi khaKDC
KDC cmt siukhaK
KDC
, ch cKDC mi bit khany
KDC cungcp: Ticket-Granting Ticket (TGT)
TGT cha khaphin, user ID vthi hn
TGT c mhabng K
KDC
2011
45
Ch cKDC mi c c TGT
KDC
K
KDC
Alice
K
A
Malice
K
M
Bob
K
B
QutrnhAlice login voh thng s dng KERBEROS
Password
Alice yu TGT
2011
46
K
A
: khachunggia Alice vKDC, K
A
= h(password)
S
A
: khaphin
TGT
A
={Alice, S
A
}
KKDC
Alice
KDC
{S
A
, TGT
A
}
KA
A
l
i
c
e
K
D
C
B
o
b
1
2
3
4
2011
47
1. Alice gi choKDC: Alice, Bob, TGT
A
, {timestamp}
SA
2. KDC gi choAlice: {Bob, K
AB
, ticket-to-Bob}
SA
ticket-to-Bob: {Alice, K
AB
}
KB
3. Alice gi choBob: ticket-to-Bob, {timestamp}
KAB
4. Bob gi choAlice: {timestamp + 1}
KAB
4
Mt thaotcd tha trongKERBEROS:
KDC gi choAlice: {S
A
, TGT
A
}
KA
Trongkhi TGT
A
= {Alice, S
A
}
KKDC
KDC gi choAlice: {S
A
}
KA
, TGT
A
chi ph
2011
48
KDC dngK
KDC
gii mtt c ccTGT
khngcn bit ai gi yucu
Ni dung
Phng phpnh danh
2
1
Phng phpxcthc
3
2011
49
Giaothc xcthc
4
2011
50

3 XacThucVaDinhDanh

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

3 XacThucVaDinhDanh

Uploaded by

Copyright:

Available Formats

Chng 3:

You might also like