Silde An Ninh Mang PDF

1
An ton v An ninh
thng tin Mng
Nguyn Linh Giang.
B mn Truyn thng
v Mng my tnh.
2
I. Nhp mn An ton thng tin mng
II. m bo tnh mt
I. Cc h mt kha i xng (m ha i xng)
II. Cc h mt kha cng khai ( m ha bt i xng )
III. Bi ton xc thc
I. C s bi ton xc thc
II. Xc thc thng ip
III. Ch k s v cc giao thc xc thc
IV. Cc c ch xc thc trong cc h phn tn
IV. Bo v cc dch v Internet
V. An ton an ninh h thng
I. FireWall v Proxy
II. H thng pht hin v ngn chn xm nhp ( IDS )
III. L hng h thng
IV. Case study Windows NT v Linux
V. Virus my tnh
Ni dung
3
Ni dung
Ti liu mn hc:
W. Stallings Networks and Internetwork security
W. Stallings Cryptography and network security
Introduction to Cryptography PGP
D. Stinson Cryptography: Theory and Practice

4
Cc ch tiu lun
1. Cc h mt kha cng khai.
C s xy dng h mt kha cng khai
Cc h mt kha cng khai.
Cc s ng dng.
2. H tng kha cng khai PKI
Cu trc h tng fkha cng khai.
Chng ch s, cc chun;
Trin khai thc t. Cc ng dng trong cc giao dch.
Cc h thng m ngun m.
5
Cc ch tiu lun
3. Bo mt cho mng IP. IPSec. Mng ring o VPN.
ng dng.
4. Bi ton xc thc thng ip.
Cc c ch xc thc
Hm bm v hm m ha xc thc.
Cc giao thc xc thc.
5. Ch k s.
Cc c ch to ch k s. Giao thc ch k s.
Cc dch v ch k s.
Ch k m.
ng dng.
6
Cc ch tiu lun
6. Pht hin xm nhp mng.
Cc c ch pht hin xm nhp mng.
Pht hin theo du hiu
Pht hin theo bt thng
Phn tch cc c trng thng k ca mng.
ng dng.
7. Bo mt cho mng khng dy. Phn tch cc c trng
thng k ca cc dng tn cng t chi dch v. Xc thc
v bo mt trong mng khng dy. Pht hin bt thng
trong mng khng dy.
2
7
Cc ch tiu lun
8. Bo mt h thng, bo mt mng. Cc
chnh sch, cc chun. Phn tch i vi
Windows v Unix-Linux. Cc chnh sch an
ninh mng cho mng Cisco.
9. Bo v d liu a phng tin trong qu
trnh phn phi qua h thng mng m. Vn
bo mt, bo v bn quyn v kim sot s
dng d liu a phng tin.

8
Bo mt cho web services;
ng nhp 1 ln vi GSS-API;
Xc thc Kerberos;
SSL v TLS;
IPSecurity;
Xc thc X509
Cc ch tiu lun
9
H tng kha cng khai PKI
PGP v bo mt th tn in t
S/MIME
Secure electronic transaction
Firewall, cc kin trc;
Proxy;
Cc ch tiu lun
10
Cc h thng pht hin xm nhp da trn du hiu;
Cc h thng pht hin xm nhp da trn bt
thng;
Bo mt mng LAN khng dy;
Cc dng tn cng vo mng sensor.
Cc dng tn cng t chi dch v;
Tn cng SQL Injection;
Pht hin tn cng qut cng;
Cc phng php, quy trnh pht hin l hng h
thng.
Cc ch tiu lun
11
nh gi
Gia k v qu trnh: 30%
im danh: 1/3.
Thi ht mn: 70%

Lin h gio vin:
giangnl@gmail.com; s B mn: 38682596
0984933165
12
Chng I. Nhp mn
1. Nhp mn
2. Cc dch v, c ch an ton an ninh thng tin v cc
dng tn cng vo h thng mng
3. Cc dng tn cng
4. Cc dch v an ton an ninh
5. Cc m hnh an ton an ninh mng
3
13
Bi cnh bo mt thng tin:
Trc khi xut hin my tnh: Bo v thng tin, ti
liu:
Cc c ch bo v;
Kho kho h s lu tr vn bn.
Khi xut hin my tnh - bo v thng tin in t:
Sao chp thng tin d dng
Cn thit c cc cng c t ng bo mt cc tp, cc
dng thng tin cha trong my tnh.
c bit khi h thng c chia s ti nguyn trn mng.
Vn Computer Security.
Nhp mn
14
Nhp mn
Khi xut hin cc h phn tn v s dng mng
truyn d liu v trao i thng tin: Bo v thng
tin truyn trn mng
Truyn d liu gia ngi s dng v my tnh,
Gia my tnh v my tnh.
Nhu cu bo v cc d liu trong khi truyn Network
Security.
Khng c ranh gii r rt gia Computer Security
v Network Security.
Gio trnh tp trung vo: an ton thng tin lin
mng: internetwork security.
15
Nhp mn
Mt s v d v vn
bo v an ton thng tin:
Truyn file:
A truyn file cho B;
Trong file cha
nhng thng tin b
mt;
C khng c php
c file nhng c th
theo di c qu
trnh truyn file v sao
chp file trong qu
trnh truyn.
A B
C
A v B trao i thng tin
ring t
C chn
gi thng
tin trao
i gia
A v B
16
Nhp mn
Trao i thng ip:
Qun tr mng D gi thng ip
n my tnh chu s qun tr E;
Thng ip cha nhng thng
tin v danh sch nhng ngi
s dng mi.
Ngi s dng F bt thng
ip;
F thm cc user mi vo ni
dung thng ip, ri gi tip
cho E;
E nhn thng ip, khng bit
l b F thay i, vn tng l
do D gi ti v thay i danh
sch user ca mnh.
D E
F
D gi danh sh NSD cho E
F chn gi
danh sch
NSD v
sa i
danh sch F gi
danh
sch sa
i n
cho E
Danh
sch
NSD
Danh
sch
NSD
Danh sch NSD
sa i
17
Nhp mn
Gi mo:
Kch bn ging trng hp
trc;
F to mt thng ip ca
ring mnh, cha nhng
thng tin ring c li cho F v
gi cho E.
E nhn c thng tin t F,
cho rng thng tin do D
gi v cp nht nhng thng
tin gi mo vo CSDL
D E
F
D khng thng tin E
F gi mo
D, gi
danh sch
mi n E
Danh sch gi
mo
18
S phc tp trong bi ton Bo mt lin mng:
Khng tn ti phng php thch hp cho mi trng hp.

Cc c ch bo mt lun i i vi cc bin php i ph.

La chn nhng gii php thch hp vi tng ng cnh s
dng.

Nhp mn
4
19
c th nh gi c nhng nhu cu v an
ton ca c quan mt cch hiu qu v c th tnh
ton v la chn nhng sn phm v chnh sch
an ninh, nh qun tr cn c nhng phng php
c tnh h thng lm c s xc nh nhng yu
cu an ton an ninh cng nh c t c nhng
cch tip cn tha mn nhng yu cu . Mt
trong nhng phng hng l kho st ba kha
cnh ca an ton an ninh thng tin.
Dch v v c ch an ton an ninh
Cc dng tn cng
20
Cc dng tn cng
Ba kha cnh an ton an ninh thng tin:
Tn cng vo an ninh thng tin
Mi tc ng lm gim mc an ton an ninh thng tin
ca h thng;
Cc c ch an ton an ninh
Cc c ch cho php:
Pht hin,
Ngn chn hoc
Khi phc h thng sau khi b tn cng;
21
Cc dch v an ton an ninh thng tin:
Cc dch v lm tng cng mc an ton ca h
thng x l thng tin v nhng thng tin c truyn i.
Cc dch v c nhim v
Chng li nhng tn cng thng tin v
S dng mt hoc nhiu c ch an ton an ninh cung
cp dch v.

Cc dng tn cng
22
Cc dch v an ton an ninh.
Nhng vn ny sinh khi s dng d liu in t:
Khng c s khc bit gia cc bn sao chp s vi
nhng bn gc;
Thay i ni dung ca bn tin vt l s li du vt,
nhng thay i ni dung ca bn tin in t khng
li du vt;
Tnh xc thc:
Chng thc vn bn vt l ph thuc vo cc thuc
tnh vt l ca vn bn;
Chng thc vn bn phi da vo ni dung ca chnh
vn bn .
Cc dng tn cng
23
Cc dng tn cng
Danh sch cc chc nng ton vn thng tin
Identification Endorsement
Authorization Access ( Egress )
Liscen and/or Certification Validation
Signature Time of Occurrence
Witnessing ( notarization ) Authenticity-software and/or file
Concurrence Vote
Liability Ownership
Receipt Registration
Certification of Origination
and/or receipt
Approval/Disapproval
Privacy ( secrecy )
24
Phn loi cc dch v an ton an ninh:
Bo mt ring t ( confidentiality ): m bo thng tin trong
h thng my tnh cng nh thng tin chuyn ti trn mng ch
c truy cp bi nhng ngi c u quyn. Cc dng truy
cp bao gm: c, in, hin th.
Xc thc ( authentication ): m bo v ngun gc ca thng
ip hoc vn bn in t.
Ton vn thng tin ( integrity ): m bo rng ch c nhng
ngi c u quyn mi c th thay i ti nguyn ca h
thng my tnh v truyn ti thng tin. Mi thay i bao gm
ghi, xo , sa, to mi hoc xem li cc thng ip.
Cc dng tn cng
5
25
Chng ph nh ( nonrepudiation ): yu cu ngi gi
cng nh ngi nhn thng ip khng th ph nh
c lin kt.
Kim sot truy cp ( access control ): yu cu mi s
truy cp ti ti nguyn thng tin u c kim sot cht
ch t h thng.
Tnh sn sng ( availability ): yu cu h thng tnh
ton sn sng i vi nhng bn c u quyn mi khi
cn n.
Cc dng tn cng
26
Cc c ch an ton an ninh
Khng tn ti mt c ch duy nht c th cung cp
tt c cc dch v an ton an ninh v thc hin ht
mi chc nng ra.
Mt phn t c hu ht mi c ch bo mt s
dng: cc k thut mt m. Cc phng thc
truyn ti v lu tr thng tin da trn mt m l
c ch ph bin cung cp s an ton thng tin.
Cc dng tn cng
27
Cc dng tn cng.
Truy nhp thng tin bt hp php;
Sa i thng tin bt hp php;
v.v v v.v ...

Cc dng tn cng
28
Cc dng tn cng vo h thng
Cc dng tn cng vo h thng my tnh v mng:

Gin on truyn tin ( interruption ):
Cc thng tin qu bu c th b ph hu, khng s dng c.
Dng tn cng vo tnh sn sng ca thng tin ( availability ).
V d: ph hu a cng, ct ng dy truyn ti, ph hng h thng
qun l file.

Ngun thng tin Ni nhn thng tin
Lung thng tin thng
thng
Lung thng tin b
gin on
29
Chn gi thng tin (
interception ):
Ngi khng c u
quyn c gng truy cp
ti thng tin.
Dng tn cng vo tnh
ring t ca thng tin (
confidentiality ).
V d: sao chp tri
php thng tin.
Lung thng tin b
chn gi
30
Sa i thng tin (
modification ):
Khng nhng truy cp
tri php thng tin m
cn sa i thng tin
gc.
Dng tn cng vo tnh
ton vn thng tin.
V d: truy cp tri php
vo h thng, sa i
thng tin, thay i ni
dung thng ip c
truyn ti.

Lung thng tin b
sa i
6
31
Lm gi thng tin (
fabrication ).
Ngi khng c u
quyn a nhng thng tin
gi mo vo h thng.
Dng tn cng vo tnh xc
thc thng tin ( authencity
).
V d: a nhng thng
ip gi mo vo h thng,
thm nhng bn ghi mi
vo file.

Lung thng
tin b gi mo
32
Tn cng th ng
Dng tn cng th
ng.
Tn cng th ng
tng t hnh thc nghe
trm, theo di qu trnh
truyn tin.
Mc ch ca i
phng l thu c
nhng thng tin c
truyn ti.

Mi e da th ng
Chn gi thng tin mt
Gii phng ni dung
thng ip
Phn tch ti
33
Cc dng tn cng th ng:
Pht hin ni dung thng ip ( release of message
contents ).
Phng php chng: Ngn chn i phng thu v tm hiu
c ni dung ca thng tin truyn ti.
Phn tch lu lng ( traffic analysis ).
Mc ch ca bn truyn ti thng tin: che du ni dung ca
tin khi i tng th ba c ch mt m ni dung c s
dng rng ri.
Vn t ra: bn th ba c th xc nh c v tr ca cc
my tham gia vo qu trnh truyn tin, xc nh c tn sut
v kch thc bn tin, t on c ni dung ca bn tin.
Tn cng th ng
34
Dng tn cng th ng rt kh b pht hin v
khng lm thay i d liu.
Vi dng tn cng th ng, nhn mnh vn
ngn chn hn l vn pht hin.

Tn cng th ng
35
Tn cng ch ng
Dng tn cng ch
ng.
Dng tn cng ch
ng bao gm: sa
cc dng d liu, a
nhng d liu gi, gi
danh, pht li, thay
i thng ip, ph
nhn dch v.
Mi e da ch ng
Gin on truyn tin
( tnh sn sng)
Gi mo thng tin
( tnh xc thc)
Sa i ni dung
( tnh ton vn)
36
Gi danh ( masquerade ): khi i phng gi mo mt
i tng c u quyn.
Pht li ( replay ): dng tn cng khi i phng chn
bt cc n v d liu v pht li chng to nn cc hiu
ng khng c u quyn;

Tn cng ch ng
7
37
Thay i thng ip ( modification of message ): mt
phn ca thng ip hp php b sa i, b lm chm
li hoc b sp xp li v to ra nhng hiu ng khng
c u quyn.
Ph nhn dch v ( denial of service): dng tn cng a
n vic cm hoc ngn chn s dng cc dch v, cc
kh nng truyn thng.

Tn cng ch ng
38
Dng tn cng ch ng rt kh c th ngn chn
tuyt i. iu yu cu phi bo v vt l mi
ng truyn thng ti mi thi im.
Mc tiu an ton: pht hin v phc hi li thng
tin t mi trng hp b ph hu v lm tr.

Tn cng ch ng
39
Cc dch v an ton an ninh
m bo tnh ring t ( Confidentiality )
m bo tnh ring t ( Confidentiality ).
m bo tnh ring t ca thng tin: Bo v d liu
c truyn ti khi cc tn cng th ng.
Tng ng vi hnh thc pht hin ni dung thng ip
( release of message content ) c mt vi phng php
bo v ng truyn:
Bo v mi d liu c truyn gia hai ngi s dng ti mi
thi im:
Thit lp ng truyn o gia hai h thng v ngn chn mi
hnh thc pht hin ni dung thng ip.
V d: VPN
40
Bo v cc thng ip n l hoc mt s trng n l ca
thng ip.
Khng thc s hu ch;
Trong nhiu trng hp kh phc tp;
Yu cu chi ph ln khi thc hin.
m bo tnh ring t: bo v lung thng tin trao i khi
cc thao tc phn tch
Yu cu: pha tn cng khng th pht hin c cc c
im ca qu trnh truyn tin:
Ngun v ch ca thng tin;
Tn sut, di;
Cc thng s khc ca lung thng tin.
m bo tnh ring t ( Confidentiality )
41
m bo tnh xc thc ( Authentication )
Dch v m bo tnh xc thc:
Khng nh cc bn tham gia vo qu trnh truyn tin c xc
thc v ng tin cy.
i vi cc thng ip n l:
Cc thng bo, bo hiu: dch v xc thc:
m bo cho bn nhn rng cc thng ip c a ra t nhng
ngun ng tin cy.
42
i vi nhng lin kt trc tuyn, c hai kha cnh
cn phi ch ti:
Ti thi im khi to kt ni, dch v xc thc phi hai
thc th tham gia vo trao i thng tin phi c y
quyn.
Dch v cn khng nh rng kt ni khng b can thip
bi mt bn th ba. Trong bn th ba ny c th gi
mo mt trong hai bn c y quyn c th tham
gi vo qu trnh truyn tin v thu nhn cc thng ip.

8
43
m bo tnh sn sng ( Availability ).
Tn cng ph hy tnh sn sng ca h thng:
Thc hin cc thao tc vt l tc ng ln h thng.
Dch v m bo tn sn sng phi:
Ngn chn cc nh hng ln thng tin trong h thng.
Phc hi kh nng phc v ca cc phn t h thng trong
thi gian nhanh nht.
m bo tnh sn sng ( Availability)
44
m bo tnh ton vn ( Integrity ).
m bo tnh ton vn cng c th p dng cho lung
thng ip, mt thng ip hoc mt s trng c
la chn ca thng ip.
Phng php hu ch nht l trc tip bo v lung
thng ip.
m bo tnh ton vn:
Dch v bo m tnh ton vn d liu hng lin kt;
Dch v bo m tnh ton vn hng khng lin kt.
m bo tnh ton vn( Integrity)
45
Dch v bo m tnh ton vn d liu hng lin
kt:
Tc ng ln lung thng ip v m bo rng thng
ip c nhn hon ton ging khi c gi, khng b
sao chp, khng b sa i, thm bt.
Cc d liu b ph hu cng phi c khi phc bng
dch v ny.
Dch v bo m tnh ton vn d liu hng lin kt x
l cc vn lin quan ti s sa i ca lung cc
thng ip v chi b dch v.
m bo tnh ton vn ( Integrity )
46
Dch v bo m tnh ton vn hng khng lin
kt:
Ch x l mt thng ip n l. Khng quan tm ti
nhng ng cnh rng hn.
Ch tp trung vo ngn chn vic sa i ni dung thng
ip.
m bo tnh ton vn ( Integrity )
47
Dch v chng ph nhn ( nonrepudiation ).
Dch v chng ph nhn ngn chn ngi nhn v
ngi gi t chi thng ip c truyn ti.
Khi thng ip c gi i, ngi nhn c th khng
nh c rng thng ip ch thc c gi ti t
ngi c u quyn.
Khi thng ip c nhn, ngi gi c th khng
nh c rng thng ip ch thc ti ch.
Dch v chng ph nhn ( Nonrepudiation)
48
Dch v kim sot truy nhp.
Dch v kim sot truy nhp cung cp kh nng
gii hn v kim sot cc truy nhp ti cc my
ch hoc cc ng dng thng qua ng truyn
tin.
t c s kim sot ny, mi i tng khi
truy nhp vo mng phi c nhn bit hoc
c xc thc, sao cho quyn truy cp s c
gn vi tng c nhn.

Dch v kim sot truy cp
9
49
M hnh an ton mng
Bi ton an ton an ninh thng tin mng ny
sinh khi:
Cn thit phi bo v qu trnh truyn tin khi
cc hnh ng truy cp tri php;
m bo tnh ring t v tnh ton vn;
m bo tnh xc thc; ..vv.
M hnh truyn thng ca qu trnh truyn
tin an ton
Cc m hnh an ton mng v
h thng
50
h thng
Nh cung cp - c u
nhim
i phng
Ng- i u nhim Ng- i u nhim
Thng ip
Thng tin
mt
Thng ip
Thng tin
mt
Qu trnh truyn tin - c
bo mt
Qu trnh truyn tin - c
bo mt
Knh truyn tin
51
Tt c cc k thut m bo an ton h thng truyn tin
u c hai thnh phn:
Qu trnh truyn ti c bo mt thng tin c gi.
V d: mt m thng ip s lm cho k tn cng khng th c
c thng ip.
Thm vo thng ip nhng thng tin c tng hp t ni dung
thng ip. Cc thng tin ny c tc dng xc nh ngi gi.
Mt s thng tin mt s c chia s gia hai bn truyn tin.
Cc thng tin ny c coi l b mt vi i phng.
V d: kha mt m c dng kt hp vi qu trnh truyn m
ha thng ip khi gi v gii m thng ip khi nhn.
h thng
52
Bn th ba c y quyn: trong nhiu trng
hp, cn thit cho qu trnh truyn tin mt:
C trch nhim phn phi nhng thng tin mt gia hai
bn truyn tin;
Gi cho cc thng tin trao i vi cc bn c b mt
i vi ngi tn cng.
C trch nhim phn x gia hai pha truyn tin v tnh
xc thc ca thng ip c truyn.

h thng
53
Cc thao tc c bn thit k mt h thng an
ninh:
Thit k cc thut ton thc hin qu trnh
truyn tin an ton;
Cc thut ton ny phi m bo: tn cng khng lm mt
kh nng an ton ca chng.
To ra nhng thng tin mt s c x l bng
thut ton trn.
h thng
54
Pht trin nhng phng php phn phi v
chia s cc thng tin mt.
t ra giao thc trao i:
Cho php hai bn truyn tin trao i thng tin s dng
nhng thut ton an ton;
Nhng thng tin mt t c an ton thch hp.

h thng
10
55
M hnh an ton an ninh h thng
Truy nhp ca cc hacker;
Cc l hng an ninh h thng;
Cc tin trnh ngoi lai:
Cc tin trnh truy cp ti thng tin: lm ph hy, sa
i thng tin khng c php.
Cc tin trnh dch v: pht hin cc li trong cc dch v
ca h thng ngn chn vic s dng ca nhng
ngi khng c y quyn.
h thng
56
h thng
Cc ti nguyn
ca h thng:
D liu;
Cc qu trnh
,ng dng;
Cc phn mm;...
i phng
M hnh An ninh truy nhp h thng Mng
Knh truy nhp
Cng
bo v
Con ng- i
Phn mm
57
Chng II.
Cc phng php mt m kha i
xng
1. S chung ca phng php mt m kha i xng
2. Mt s phng php mt m kha i xng kinh in
3. L thuyt h mt ca Shannon
4. Phng php DES
5. Qun tr v phn phi kha
6. m bo tnh ring t s dng phng php mt m
kho i xng
58
S m ha i xng
Mt m v thm m
S chung ca phng php
m ha i xng
59
Mt s thuc tnh ca m hnh mt m kha i
xng:
Thut ton m ha phi mnh khng th gii m
c thng ip nu ch da trn duy nht ni dung ca vn
bn c m ha( ciphertext ).
S an ton ca phng php m ha i xng ch ph
thuc vo b mt ca kha m khng ph thuc vo b
mt ca thut ton.
Phng php mt m kha i xng gi thit rng:
Thm m khng thc hin c nu ch bit thng ip b
m ha v thut ton m ha.
Khng cn gi b mt thut ton.
Ch cn gi b mt kha.
S mt m kha i xng
60
M hnh h thng m ha i xng.
Ngun thng
ip
Khi m ha Khi gii m
Ngun thng
ip
Kha
mt
Thm m
Knh mt
X Y X
K
X
*
K
*
S mt m kha i xng
11
61
Ngun thng tin:
Tp hp thng ip ca ngun:
Cc xu k t X = { X
1
, X
2
, ..., X
M
};
Thng ip: xu k t di m:
X
i
= [ x
i1
, x
i2
, ..., x
im
]
x
ik
e A; A bng k t ngun; thng thng A= {0, 1}
Mi thng ip X
i
c mt xc sut xut hin P( X = X
i
)
thuc tnh thng k ca ngun thng ip:

S chung ca phng php mt
m kha i xng
62
Kha mt m
Tp hp kho K = { K
1
, K
2
, ... K
L
},
Kha di l: K
i
=[k
i1
, ..., k
il
];
k
ij
e C, C - bng k t kha; thng thng C = {0, 1}
Phn phi kha gia cc bn trao i thng tin:
Phn phi kha khng tp trung: Nu kha K c to ra t pha
ngun, kha K cn c chuyn cho pha nhn tin thng qua mt
knh b mt .
Phn phi kha tp trung: Kha K do bn th ba c y quyn
to ra v c phn phi cho c hai pha gi v nhn tin.
S chung ca phng php
mt m kha i xng
63
M mt:
Tp hp thng ip m mt Y = [ Y
1
, Y
2
, ..., Y
N
]
Thng ip m mt: Y
j
= [y
j1
, y
j2
, ..., y
jn
]
y
jp
eB, B bng k t m mt; thng thng B = {0, 1}

S chung ca phng php
mt m kha i xng
64
Qu trnh mt m v gii m:
Qu trnh m ha:
Y = E
K
( X )
tng thm bt nh ca qu trnh m ha, s dng s
ngu nhin R
Y = E
K,R
( X )
Qu trnh gii m:
Bn nhn gii m thng ip bng kha c phn phi:
X = D
K
( Y ) = D
K
( E
K,R
( X ) )
S chung ca phng php
mt m kha i xng
65
Pha tn cng
Vn t ra: i phng nhn c thng ip
Y, nhng khng c c kha K. Da vo thng
ip Y, i phng phi khi phc li hoc K,
hoc X hoc c hai.
i phng c th ch cn khi phc li thng ip X
bng thng ip X
*
.
Nu i phng mun bit thm cc thng ip trong
tng lai: cn phi xc nh c kha K.
S chung ca phng php
m ha i xng
66
Mt m
H thng mt m c th c phn loi da vo cc tiu
ch:
Dng ca php ton tham gia vo m ha vn bn t dng
thng thng sang dng c mt m ha. Cc phng
php m ha thng thng ny da vo cc nguyn l sau:
Php thay th: mi k t trong bn thng ip s c nh x
vo phn t khc.
Php i ch: cc k t trong thng ip ban u c phn
b li.
Php dch;
Yu cu chnh: khng c thng tin b mt mt.
S chung ca phng php m
ha i xng
12
67
S lng kha c dng trong thut ton.
Nu bn gi v bn nhn cng dng chung mt kha: h
thng m ha i xng.
Nu hai kha ca b gi v bn nhn khc nhau: phng
php m ha khng i xng.

S chung ca phng php
m ha i xng
68
Phng thc m vn bn ban u c x l:
M ha khi ( block cipher ): vn bn nguyn thy
c x l theo tng khi thng tin v to u ra
theo tng khi thng tin.
M ha dng ( stream cipher ): thng ip u vo
c x l lin tc .
S chung ca phng php
m ha i xng
69
Thm m
Qu trnh xc nh X hoc K hoc c hai t pha th
ba gi l thm m ( cryptanalyst )
Chin lc c nh thm m s dng ph thuc
vo bn cht ca s m ho v nhng thng tin
do anh ta nm c.
Cc dng thm m: Cc dng tn cng vo thng
ip c m ho.
S chung ca phng php
m ha i xng
70
Ch bit vn bn c m ho ( ciphertext only attack ). Dng
b kha ny l kh nht. Nh phn tch c th bit:
Thut ton m ho.
Vn bn mt m.
Phng php ph kha: th tt c cc t hp kha c th tm
ra t hp kha thch hp. Trong trng hp khng gian kha ln
th phng php ny khng thc hin c.
i phng cn phi phn tch vn bn mt, thc hin cc kim
nghim thng k.
i phng cn phi c mt s nim v dng ban u ca
vn bn gc: ting Anh, Php, hoc l cc file DOS.
Dng tn cng ny d dng i ph nht v i phng ch c mt
s lng thng tin t nht gii m.
S chung ca phng php
m ha i xng
71
Nu i phng bt c mt s vn bn gc v vn bn m ha tng
ng ( known plaintext attack ). Nh phn tch bit:
Thut ton m ho.
Vn bn mt m.
Mt hoc mt s cp vn bn gc vn bn m ho c xy dng t mt
kho mt.
Da vo nhng thng tin trn, nh phn tch tm cch pht hin kha mt K.
Nh phn tch c th da vo ngun gc ca thng ip v c on c
mt s thng tin trong vn bn gc. T da vo cp thng ip xc nh
kha mt.

S chung ca phng php
m ha i xng
72
Khi nh phn tch thu c h thng ngun, anh ta c th
s dng mt vn bn gc c la chn trc xc nh
vn bn m ha da vo xc nh cu trc kha mt (
chosen plaintext attack ). Nh phn tch bit:
Thut ton m ho.
Vn bn mt m.
Vn bn gc c nh phn tch la chn cng vi vn bn
mt sinh ra bi kho mt.

S chung ca phng php
m ha i xng
13
73
Vn bn m ho cho trc ( chosen ciphertext attack ). Nh phn tch
bit:
Thut ton m ho.
Vn bn mt m.
Ni dung ca mt s vn bn m ho v vn bn gc c gii m tng
ng s dng m mt.
Nh phn tch phi gii m vn bn m ha hoc xc nh c kha mt.
Vn bn tu chn ( chosen text attack ). Nh phn tch bit:
Thut ton m ho.
Vn bn mt m.
Vn bn gc c nh phn tch la chn cng vi vn bn mt sinh ra bi
kho mt.
Ni dung ca vn bn m ho v vn bn gc c gii m tng ng s
dng m mt.

S chung ca phng php
m ha i xng
74
Ch c cc thut ton m ha yu s b ph
i vi loi tn cng ch dng vn bn mt.
Cc thut ton m ha c thit k
chng dng tn cng vi vn bn gc bit (
known plaintext attack ).
S chung ca phng php
m ha i xng
75
S m ha c coi l an ton v iu kin (
unconditional secure ): nu vn bn m mt khng cha
thng tin xc inh duy nht vn bn gc tng
ng, khng ph thuc vo pha i phng c bao nhiu
vn bn m mt.
Tnh mt ca vn bn c m bo khng ph thuc vo
lng thi gian m i phng dng ph m mt.
Ngoi tr s m mt s dng mt ln ( one-time pad ),
khng c s m mt no m bo tnh an ton v iu
kin.

S chung ca phng php
m ha i xng
76
S m mt c coi l an ton theo tnh ton (
computational secure ) nu tha mn hai iu kin:
Gi thnh b kha mt vt qu gi tr ca thng tin
c m ha.
Thi gian ph kha mt vt qu thi hn gi mt ca
thng tin.

S chung ca phng php
m ha i xng
77
V d: thut ton DES ( Data Encryption Standard ): Kho nh
phn
di 32 bit S lng kho: 2
32
35.8 pht x l vi tc
1 php m ho/s 2.15 ms vi tc 10
6
php m ho /
s.
56
1142 nm x l vi tc
1 php m ho/s 10.01 gi vi tc 10
6
php m ho
/ s.
128
5.4 x 10
24
nm x l
vi tc 1 php m ho/s 5.4 x 10
18
nm vi tc 10
6

php m ho / s.
V d: Kho s dng 26 k t bng cc php hon v S lng
kho: 26! ~ 4 x 10
26
6.4 x 10
12
nm x l vi tc 1 php m
ho/s 6.4 x 10
6
nm vi tc 10
6
php m ho / s.
S chung ca phng php
m ha i xng
78
Cc phng php thay th
M Caesar
Cc k t ch ci c gn gi tr ( a = 1, b = 2, ... )
K t ca vn bn gc ( plaintext ) p c thay th bng
k t ca vn bn m mt ( ciphertext ) C theo lut m
ho sau:
C = E( p ) = ( p + k ) mod ( 26 )
Trong k nhn cc gi tr t 1 n 25.
Trong phng php ny, k chnh l kho mt m.
Mt s phng php m ha i
xng kinh in
14
79
Qu trnh gii m:
p = D( C ) = ( C k ) mod ( 26 )
Phng php ph m: mt cch n gin: dng cc kho k t
1 n 25 gii m cho n khi nhn c thng ip c
ngha.
Cc vn ca m Caesar:
Thut ton m ho v gii m bit trc.
Thm m:
Khng gian kha nh: ch c 25 kho;
Khi thm m bng phng php vt cn: ch cn th vi 25
kha;
Ngn ng trong bn gc bit trc v d dng nhn bit.
xng kinh in
80
M mt Hill
Thut ton m ho
Mi k t c gn gi tr s: a = 0, b = 1, ..., z = 25
La chn m k t lin tip ca vn bn gc;
Thay th cc k t la chn bng m k t m mt.
Vic thay th k t c thc hin bng m phng trnh
tuyn tnh.
H phng trnh m ha:
C = KP ( mod 26 )
K- ma trn kha
Thut ton gii m
P = K
-1
C ( mod 26 )
xng kinh in
81
V d: vi m = 3, h cc phng trnh tuyn tnh c dng
sau:
C
1
= ( k
11
p
1
+ k
12
p
2
+ k
13
p
3
) mod 26
C
2
= ( k
21
p
1
+ k
22
p
2
+ k
23
p
3
) mod 26
C
3
= ( k
31
p
1
+ k
32
p
2
+ k
33
p
3
) mod 26

C = KP
|
|
|
.
|
\
|
|
|
|
.
|
\
|
=
|
|
|
.
|
\
|
3
2
1
33 32 31
23 22 21
13 12 11
3
2
1
p
p
p
k k k
k k k
k k k
C
C
C
xng kinh in
82
Ma trn K l ma trn kho mt m
V d: vi ma trn K bng:

Xu k t: paymoremoney s c m ho thnh
LNSHDLEWMTRW
pay (15, 0, 24 ); K( 15, 0, 24 )
T
mod 26 = ( 11, 13, 18) LNS
|
|
|
.
|
\
|
=
19 2 2
21 18 21
5 17 17
K
xng kinh in
83
Gii m thng ip bng ma trn K
-1
.

H m Hill:
Cc php ton thc hin theo modulo 26

|
|
|
.
|
\
|
=
17 0 24
6 17 15
15 9 4
K
1 -
= = = =
= =

P KP K C K (C) D P
KP (P) E C
1 1
K
K
xng kinh in
84
Mc an ton ca h m Hill
M mt Hill c tnh mt cao khi pha tn cng ch c vn bn
mt.
Thm m h m Hill: d dng b b kha nu bn tn cng
bit c vn bn r v vn bn mt tng ng ( known
plaintext attack )
H m mt Hill m x m;
Thm m c m cp vn bn gc vn bn mt, mi
vn bn c di m;
To cc cp: P
j
= ( p
1j
, p
2j
, ..., p
mj
) v C
j
= ( C
1j
, C
2j
, ..., C
mj
)
sao cho C
j
= KP
j
vi 1s j s m i vi mt kho K cha
bit.
Xc nh hai ma trn m x m, X = ( p
ij
) v Y = ( C
ij
)
xng kinh in
15
85
Ta c Y = XK K = X
-1
Y.
V d: vn bn gc: friday c m ho bng m mt
Hill 2 x 2 thnh PQCFKU.
Ta c: K( 5 17 ) = ( 15 16 ); K( 8 3 ) = ( 2 5 ); K( 0 24 ) = ( 10
20 )
Vi hai cp ban u ta c :

|
|
.
|
\
|
=
|
|
.
|
\
|
|
|
.
|
\
|
=
|
|
.
|
\
|
|
|
.
|
\
|
=
|
|
.
|
\
|
=
|
|
.
|
\
|
3 8
19 7
5 2
16 15
15 2
1 9
5 2
16 15
3 8
17 5
K
K
3 8
17 5
5 2
16 15
1
xng kinh in
86
H thng Vernam.
chng li qu trnh thm m, cn la chn kho tho mn:
Kho c di bng vn bn r.
Kha c chn sao cho kho v vn bn gc c lp thng k.
H m mt Vernam:
Dng cho m nh phn
Ci = pi ki
pi: bit th i ca vn bn gc;
ki: bit th i ca kho;
Ci: bit th i ca vn bn c m ho;
: php ton XOR.

xng kinh in
87
Gii m bng php ton ngc: pi = Ci ki

To kho: to vng lp vi mt kho. Nh vy thc t,
h thng lm vic vi mt kha rt di nhng lp li.
H thng Vernam c th b ph nu i phng bit mt
vn bn m c di ln, s dng mt s vn bn
gc bit.
Vi kho c sinh ngu nhin, c di bng di
vn bn gc, khng lp li: s m s dng mt ln (
one-time pad ): khng th ph kho. u ra c lp
thng k vi vn bn gc.
Vn ny sinh: m bo mt cho qu trnh gi v nhn
kho ngu nhin.

xng kinh in
88
Khi nim an ton
tuyt i.

Ngun thng
ip
Thut ton m
ha
Thut ton gii
m
Ngun thng
ip
Kha
mt
Thm m
Knh mt
X Y X
K
X
*
K
*
Ngun to s
ngu nhin
R
L thuyt h mt ca Shannon
89
Ngun thng tin X = [ X
1
, X
2
, ..., X
M
], X
i
e A; A
bng k t( latin, nh phn, ...).
Kho K = [ K
1
, K
2
, ... K
L
], kha K c to ra.
Nu kha K c to ra t pha ngun, kha K cn c
chuyn cho pha nhn tin thng qua mt knh b mt.
Kha K c th c to ra bi bn th ba v c phn
phi cho bn gi v bn nhn.
Cc k t ca kho K nm trong mt bng k t: bng k
t nh phn { 0, 1 }
90
B to s ngu nhin: R = [ R
1
, R
2
, ..., R
J
];
Thng ip c m ha l hm ca X, R v
K : Y = [ Y
1
, Y
2
, ..., Y
N
]
Y = E
KR
( X )
Bn nhn gii m thng ip bng kha
c phn phi:
X = D
K
( Y )
16
91
Vn t ra: i phng nhn c
thng ip Y, nhng khng c c kha
K. Da vo thng ip Y, i phng phi
khi phc li hoc K, hoc X hoc c hai.
i phng bit cc thut ton m ho v gii m.
i phng c th ch cn khi phc li thng ip X
bng thng ip X
*
.
Nu i phng mun bit thm cc thng ip trong
tng lai: cn phi xc nh c kha K.
92
Kha mt ch c s dng mt ln.
M bit ca vn bn gc s c m ho trc khi kho mt K
v chui ngu nhin R thay i.
i phng ch bit c vn bn m mt Y.
S bo mt tuyt i: Vn bn gc X c lp
thng k vi vn bn m Y.
P( X = x | Y = y ) = P( X = x )
i vi mi vn bn gc: X = [ x
1
, x
2
, ..., x
M
] v vn bn
m ho Y.
93
V d: h m Vernam
Bng ch ci: A = { 0, 1, ..., |A| 1 }
di ca vn bn gc, kho v vn bn m bng nhau:
M = L = N.
Kho c chn ngu nhin: P( K = k ) = |A|
-M
i vi
|A|
M
t hp kho.
Qu trnh m ho: Y
i
= X
i
K
i
, i = 1, 2, ..., M.
Do vi mi k t x
j
thuc X
i
v y
i
thuc Y
j
ta c duy nht
ki thuc Kj, do : P( Y = y | X = x ) = P( Z = z ) = |A|
-M

khng ph thuc vo X.

94
Yu cu i vi kho trong h thng bo mt tuyt i.
nh l: i vi h mt hon ho
H( X ) = H( X | Y ) s H( K )
Nu bng k t gc v bng k t m c cng s k t: L
X
= L
K

( trong trng hp m s dng mt ln one time pad ) v vn
bn gc hon ton ngu nhin, gii hn Shannon v tnh mt
hon ho s tr thnh:
l > M
di ca kha t nht phi bng di ca vn bn gc
m bo tnh mt tuyt i.
95
Ph cc kha khng tuyt i mt.
t vn : khi no nh phn tch m mt ca
i phng c th ph c cc m khng
mt tuyt i ?!
Key equivocation function - hm nhp nhng
ca kha:
f( n ) = H( K | Y
1
, Y
2
, ..., Y
n
)
Hm ny xc nh bt nh ca kha khi bit n
k t u tin ca vn bn m mt.
96
Unicity distance u khong cch duy nht u:
gi tr n nh nht sao cho f( n ) ~ 0.
i vi m mt ngu nhin, ta s c:

r - d tha ca thng ip cha trong N k t
ca m mt thuc bng ch ci c kch thc L
y
.
y
L r
K H
u
log
) (
~
y
L N
X H
r
log
) (
1 =
17
97
Vn bn gc X, vn bn m mt Y l cc chui nh phn
di 64 bit.
Kha K c di 56 bit.
Tng khi 64 bit c m ha c lp s dng chung mt
kha.
Phng php mt m DES
98
Phng php S-DES( DES gin lc )
Phng php mt m DES

Phng php mt m DES
99
S- DES
(Simplified data encryption standard)
Cu trc ca DES l rt phc tp
S-DES - phin bn n gin ca DES;
Cho php:
M ho v gii m bng tay;
Hiu bit su v hot ng chi tit ca gii thut DES.
S-DES n gin hn nhiu so vi DES
Cc tham s ca S-DES nh hn trong DES;
Do gio s Edward Schaefer thuc trng i hc Santa Clara
pht trin
10
0
Gii thut S-DES(Simplified DES):

IP
fk
SW
IP
-1
Shift
P10
fk
Shift
P8
P8
IP
fk
SW
IP
-1
fk
8-bit plaintext
8-bit ciphertext
8-bit plaintext
10-bit key
K1 K1
K2 K2
8-bit ciphertext
ENCRYPTION
DECRYPTION
Hnh 1:S m ho v gii m S-DES
10
1
Gii thut m ho S-DES s dng phng php
m ho theo khi
u vo:
- 8-bit block ca bn r
- 10-bit kho
u ra:
- 8-bit ca bn m
Gii thut S-DES
10
2
Gii thut S-DES
Gii thut m ho bao gm 4 hm:
- Hm IP(Initial Permutation)
- Hm f
k

- Hm SW (Switch)
- Hm IP
-1
Gii thut m ho c th biu din nh mt hm sau y:
ciphertext=IP
-1
(f(SW(f(IP(plaintext)))))
Tng t gii thut gii m c th biu din nh hm sau:
plaintext =IP

(f(SW(f(IP
-1
(ciphertext)))))

18
10
3
Sinh kho trong S-DES:

P10
LS-1 LS-1
P8
LS-2 LS-2
P8
10-bit key
8 8
8
5 5
5 5
5 5
Hinh2: S to kha ca thut ton S-DES 10
4
Cc hm sinh kho:
P10:y l hm hon v tun theo lut nh trong bng

LS-1: L hm dch vng 1 bit
LS-2: L hm dch vng 2 bit
P8:L hm hon v tun theo lut nh trong bng

10
5
M ho S-DES:
Hm IP v hm IP
-1
:
+ Hm IP tun theo lut sau:

+ Hm IP
-1
tun heo lut sau:
10
6
Hm f
k
:

IP
E/P
S0 S0
P4
+
+
K1
8
8-bit plaintext
4
4
4
8
4
4
4
2
2
fk
F
Hnh 3:M hnh chi tit f
k
10
7
E/P(expension/permutation):
Hm E/P tun theo lut sau:

Nu gi 4 bit u vo l (n
1
,n
2
,n
3
,n
4
) th E/P c biu din chi
tit nh sau:
10
8
Khi thay th S-box
Ti u vo S-box mt khi 8 bit c chia thnh hai khi 4 bit;
Mi khi 4 bit c a vo S
0
v S
1
Thay th mi khi 4 bit bng khi 2 bit;
Cc khi S
0
v S
1
c nh ngha nh sau:
S
0
: S
1
:
19
10
9
Phn t trong khi S-box c di 2 bit;
Qu trnh thay th trong S-box:
Vi 4 bit u vo l (b1,b2,b3,b4);
b1 v b4 kt hp thnh mt s ch hng ca S box,
b2 v b3 to thnh s ch ct trong S box;
Phn t nm trn hng v ct xc nh thay th cho
4 bit u vo ca S-box .
Khi thay th S-box
11
0
Hon v P4
Hon v P4 tun theo lut sau:

11
1
Hm SW
Hm f
k
ch thc hin trn 4 bit tri ca u vo;
Hm SW hon i 4 bit phi v 4 bit tri ln p
dng hm f
k
th 2 s thc hin trn 4 bit phi.
p dng hm f
k
ln 2 thc hin cc hm E/P
,S
0
,S
1
,P4 nh trn.
11
2
t vn :
Trong k thut mt m truyn thng, hai pha tham gia
vo truyn tin phi chia s kho mt kho phi
c m bo b mt : phi duy tr c knh mt
phn phi kha.
Kha phi c s dng mt ln: Kho phi c
thng xuyn thay i.
Mc an ton ca bt k h mt s ph thuc vo k
thut phn phi kho.
Qun tr v phn phi kha trong m
ha i xng
11
3
Mt s k thut phn phi kho.
Phn phi kha khng tp trung: Kho c A la
chn v phn phi vt l ti B.
Phn phi kha tp trung: Ngi th ba C la chn
kho v phn phi vt l ti A v B.
Nhn xt:
Hai k thut ny kh cng knh khi cc bn tham gia vo
trao i thng tin vi s lng ln.

ha i xng
11
4
Nu A v B trc y v hin nay dng kho, mt
pha c th gi kho mi dng kho c m ho.
Nu A v B c kt ni m mt vi pha th ba C, C c
th phn phi kho theo ng m mt ti A v B.
Phn cp kho:
Vic s dng trung tm phn phi kho da trn c s
ca vic phn cp cc kho.
ha i xng
20
11
5
ha i xng
D liu
D liu
- c m
ho
Kho phin
D liu Kho chnh
Bo v bng
mt m
Bo v bng
mt m
Bo v khng
bng mt m
S dng
phn
cp
kho
11
6
Kch bn qu trnh phn phi kha.
Gi thit: mi ngi s dng cng chia s mt kha mt chnh
vi trung tm phn phi kha ( KDC ).
Tin :
Ngi s dng A mun thit lp kt ni lgic vi ngi s dng
B.
Hai pha trao i thng tin yu cu kha phin s dng mt ln
bo mt d liu truyn qua kt ni.
Pha A c kha mt K
MA
, kha ny ch c A v KDC bit.
Pha B c kha mt K
MB
, kha ny ch c B v KDC bit.
ha i xng
11
7
Kch bn phn phi kha:
A yu cu KDC kha phin bo mt lin kt lgic vi B.
Trong thng ip ny cha nh danh ca A v B cng vi
du hiu nhn din N
1
.
Du hiu nhn din N
1
ny ch c s dng mt ln trong
trng hp ny.
Du hiu nhn din N
1
c th l du thi gian, b m, hoc
l mt s ngu nhin.
Yu cu ti thiu i vi du nhn din: du hiu ny phi
khc nhau i vi tng yu cu.
ngn ch s gi mo, du hiu nhn din phi kh b i
phng d on. Nh vy, s ngu nhin l la chn tt.
ha i xng
11
8
Trung tm phn phi kha KDC tr li A bng thng ip c
m ha bng kha K
MA
. Nh vy ch c A l ngi duy nht c
th gii m thnh cng thng ip v A cng xc nh c
ngun gc ca thng ip ( A xc nh c thng ip l do
KDC gi ti do kha K
MA
ch c duy nht A v KDC bit ).
Trong thng ip cha nhng thng tin dnh cho A:
Kha phin s dng mt ln K
S
;
Thng ip gc cng vi du hiu nhn dng N
1
. Cc thng tin ny
cho php A so snh cu tr li t KDC vi yu cu ban u.

ha i xng
11
9
Nh vy, A c th kim tra rng yu cu ban u khng b
thay i trc khi KDC nhn c v do c du hiu
nhn dng N
1
nn thng ip ny khng phi l phin
bn pht li ca mt yu cu no trc .
Trong thng ip cng c nhng thng tin dnh cho B:
Kha phin s dng mt ln K
S
;
nh danh ca A IDA.
Hai thng tin ny c m ha vi kha mt K
MB
chia s
gia B v KDC. Nhng thng tin ny c gi cho B
thit lp lin kt v chng minh nh danh ca A.
ha i xng
12
0
A lu li kha phin K
S
s dng cho lin kt sp thit lp
v
gi cho B nhng thng tin ca KDC dnh cho B E
kb
[ K
S
||
IDA ]. V nhng thng tin ny c m ha bng K
MB
nn
chng c bo v khi hnh thc nghe trm. Sau khi nhn
c thng ip t A, B bit c kha phin K
S
, v bit
c pha bn kia l A t nh danh ca A. Thm vo , B
bit c nhng thng tin ny l do KDC cung cp v c
m ha bng K
MB
E
kb
.
Nh vy t thi im ny, kha phin c phn phi mt
ti A v B. A v B c th s dng kha phin trao i thng
tin. Tuy nhin tng tin cy cho qu trnh trao i thng
tin v ngn chn cc kh nng tn cng, hai bc sau c th
c p dng:
ha i xng
21
12
1
B gi ti cho A du hiu nhn dng N
2
bng cch m
ha s dng kha phin.
Bng cch s dng kha phin K
S
, A tr li B bng
thng ip f( N
2
), trong f l hm bin i N
2
.
Hai bc ny gip cho B bit c rng thng ip nhn
c trong bc trc khng b pht li.
Ta thy cc bc phn phi kha bao gm cc bc t 1
n 3. Cc bc 4, 5 cng nh bc 3 dng vo mc ch
xc thc.
ha i xng
12
2
Bn nhn
lin kt B
Trung tm
phn phi
kha KDC
Bn khi
to lin kt
A
(1)Yu cu || N
1
(2)E
Ka
[K
s
|| Yu cu || N
1
|| E
Kb
(K
s
, ID
A
)]
(3) E
Kb
[K
s
|| ID
A
]
(4) E
Ks
[N
2
]
(5) E
Ks
[ f(N
2
)] Cc b- c
xc thc
Cc b- c phn phi kha
Kch bn phn phi
kha s dng s
m ha i xng
ha i xng
12
3
Kim sot kho khng tp trung:
S dng trung tm phn phi kho KDC a ra yu cu i
vi KDC: KDC phi c u nhim v phi c bo v
khi cc tn cng.
Cc yu cu ny c th loi b nu s dng s phn
phi kho khng tp trung.
ha i xng
12
4
ha i xng
Bn nhn
lin kt B
Bn khi
to lin kt
A
(1)Yu cu || N
1
(2)E
MKm
[K
s
|| Yu cu || ID
B
|| f(N
1
) || N
2
)]
(3) E
Ks
[ f(N
2
)]
Kch bn phn phi kha khng tp trung
12
5
Cc yu cu ca phn phi kho khng tp trung:
Mi h thng giao tip theo lin kt mt vi tt c cc h thng
trm khc vi mc ch phn phi kho phin.
S lng kho phin cc i c th c s bng: n( n 1 ) / 2.
Kch bn phn phi kho khng tp trung.
A gi yu cu kho phin ti cho B cng vi du hiu nhn
dng N
1
;
B tr li bng thng ip c m ho bng kho chnh chung
( shared master key ). Trong cu tr li cha kho phin do B
la chn Ks, nh danh ca B, gi tr f( N
1
), v u hiu nhn
dng N
2
.
S dng kho phin mi, A gi tr f( N
2
) cho B.
ha i xng
12
6
Kt chng
H mt kha i xng
Thut ton;
H mt hon ho v h mt khng hon ho;
Qun tr v phn phi kha;
22
12
7
Nguyn l h mt kho cng khai
Thut ton RSA
Qun l kho
S trao i kho Diffie-Hellman
Mt s h mt kha cng khai khc
Chng III. Cc h mt kha cng khai
12
8
c im
Mt m cng khai da trn c s ca cc hm
ton hc.
Khng da trn php thay th v i ch nh
trong phng php m ho i xng.
M mt cng khai l bt i xng.
Trong c ch m mt kho cng khai s dng hai kho:
kho mt v kho cng khai.
Cc h qu ca vic s dng hai kho bt i xng:
tnh ton vn, tnh xc thc, phn phi kho.
12
9
Xut x:
H m mt kho cng khai c pht trin nhm
gii quyt hai vn phc tp ny sinh t
phng php m ho i xng:
Vn th nht: bi ton phn phi kho;
Vn th hai: ch k in t.
13
0
Vn phn phi kha:
Cc yu cu trong s m ho i xng: hai
bn tham gia vo trao i thng tin:
Phi chia s trc kho, kho ny phi c phn
phi bng mt cch no cho h.
Phi duy tr knh mt phn phi kha.
S dng trung tm phn phi kho KDC trong m
hnh tp trung.
KDC l ht nhn trong vic m bo an ton h
thng trao i thng tin.
13
1
Vn ch k in t: l du hiu c
trng xc thc cc bn trao i thng tin.
Ch k in t c s dng trong cc thng
ip in t;
C hiu lc tng ng vi ch k trn giy.
Phc v xc thc cc bn trao i thng tin.

13
2
H mt kho cng khai.
S m mt kho cng khai s dng mt kho
m ho v mt kho khc c lin quan gii
m. Cc thut ton m ho v gii m c mt s
c im quan trng sau:
Khng th xc nh c kho gii m nu ch bit
thut ton m ho v kho m ho.
Mt s h m mt kho cng khai ( nh RSA ) cn
cung cp kh nng s dng bt k mt kho trong cp
kho lm kho m ho th kho cn li s c dng
lm kho gii m.
23
13
3
S m ho cng khai:
A v B c cc cp kha (K
RA
, K
PA
), (K
RB
, K
PB
). Cc kha ny dng m
ho v gii m cc thng ip.
A v B cng b kho cng khai K
PA
, K
PB
trong cp kho, kho cn li c
gi mt.
Khi gi thng ip cho B, A s m ho vn bn bng kho cng khai K
PB
ca B.
Khi nhn c thng ip, B s gii m bng kho mt K
RB
. Bn th ba
khng gii m c thng ip v ch c B bit kho mt K
RB
ca B.
M ha Gii m
Kha cng khai ca B
A B
Vn bn r
M mt
m bo tnh mt
Kha ring ca B
Vn bn r
13
4
S xc thc:
Nu A mun gi thng ip c xc thc cho B, A s
m ho vn bn bng kho ring ca A.
Khi B nhn c thng ip, B s gii m bng kho
cng khai ca A. Khng mt bn th ba c th gii m
c thng ip v ch c B bit kho mt ca B.
M ha Gii m
Kha ring ca A
A B
Vn bn r
M mt
m bo tnh xc thc
Kha cng khai ca A
Vn bn r
13
5
c im:
Mi bn trao i thng tin c truy nhp ti kho cng khai.
Kho mt ( kho ring t ) c lu gi cc b ti mi bn v
khng bao gi c phn phi.
Do h thng t qun l kho mt nn knh truyn thng tin ti l
mt.
H thng c th thay i kho mt v cng b kho cng khai mi
tng ng thay th kho cng khai c bt c lc no.

13
6
S m ho i xng S m ho cng khai
Hot
ng
1. Cng mt thut ton v cng mt kho
m ho v gii m.
2. Ng-i nhn v ng-i gi phi chia s
thut ton v kho
1. Mt thut ton m ho, mt thut
ton gii m s dng mt cp
kho.
2. Ng-i gi v ng-i nhn phi c mt
cp kho ca ring mnh.
Bo mt
1. Kho phi -c gi mt.
2. Khng th gii m vn bn nu khng
c thng tin b sung.
3. Cc kin thc v thut ton cng vi
mu ca vn bn mt khng
xc nh kho.
1. Mt trong hai kho phi -c gi mt.
2. Khng th gii m vn bn nu
khng c thng tin b sung.
3. Cc kin thc v thut ton cng vi
mu ca vn bn mt khng
xc nh kho.

13
7
Cc yu cu i vi h mt kha cng khai
Qu trnh sinh cp kha K
P
, K
R
l d trn phng din tnh ton;
Qu trnh m ha bn tin bng kha cng khai K
P
bn gi l d:
Y = E
KP
(M);
Qu trnh gii m ra vn bn r khi bit kha ring K
R
v bn tin mt Y
l d:
M = D
KR
(Y);
i vi thm m, nu ch bit K
P
s rt kh trn phng din tnh ton
tnh ra K
R
;
i vi thm m, nu ch bit K
P
v bn tin mt Y s rt kh trn
phng din tnh ton tnh ra bn tin r M;
Nguyn l i xng: qu trnh m ha gii m c th p dng theo
hai chiu: M = D
KP
[E
KR
(M)]
13
8
Cc hm mt chiu v hm by mt chiu
Cc hm mt chiu
nh x t min xc nh vo min gi tr sao cho c hm
ngc duy nht;
iu kin mt chiu: thc hin hm thun d; thc hin
hm ngc kh trn phng din tnh ton
Y = f(X) thc hin d trn phng din tnh ton;
X = f
-1
(Y) thc hin kh trn phng din tnh ton
24
13
9
Hm by mt chiu
nh x t min xc nh vo min gi tr sao cho c hm
ngc duy nht;
iu kin: thc hin hm thun d; thc hin hm ngc
kh trn phng din tnh ton nu khng c thm thng
tin b tr;
Y = f
K
(X) thc hin d trn phng din tnh ton nu
bit K v X;
X = f
K
-1
(Y) thc hin kh trn phng din tnh ton nu
khng bit K;
X = f
K
-1
(Y) thc hin d trn phng din tnh ton nu
bit K;

14
0
Cc ng dng ca h mt kha cng khai
ng dng trong mt m m ha, gii m (RSA):
Bn gi m ha bng kha cng khai ca bn nhn;
Bn nhn gii m bng kha ring.
ng dng trong phn phi kha(RSA, Diffie-Helman):
duy tr knh mt phn phi kha i xng bng c s
m mt cng khai;
ng dng trong ch k s (RSA, DSS):
Bn gi k bng kha ring.
Bn nhn xc thc ch k bng kha cng khai ca bn gi.
14
1
Thut ton m ho cng khai RSA

S thut ton
Thm m RSA
C s l thuyt s
14
2
S thut ton RSA
Xut x
RSA do Ron Rivest, Adi Shamir v Len Adlenman
pht minh nm 1977;
H thng m kho cng khai ph bin v a nng:
c s dng trong cc ng dng m ha/gii m;
Chng thc;
Phn phi v trao i kho.
14
3
Thut ton RSA:
Phng php m ha khi;
Vn bn r v vn bn mt l cc s nguyn c gi tr
t 0 n n-1, n s nguyn ln;
Mi khi c gi tr nh hn n.
Kch thc ca khi (s bt) nh hn hoc bng log
2
(n).
Thc t, kch thc ca khi l k bit vi
2
k
< n 2
k+1
.
S thut ton RSA
14
4
Cp kha: (e, d)
M ho

Gii m
M mt C
Bn r M = C
d
mod n =
(M
e
)
d
mod n
Bn r M < n
M mt C = M
e
mod n
S thut ton RSA
25
14
5
Bn gi v bn nhn phi bit s n.
Bn gi bit kha cng khai l cp (e, n).
Bn nhn c kha ring l cp (d, n).
Cc yu cu:
C th tm c cc s e, d, n sao cho:
M
ed
= M mod n M < n.
Thc hin tnh M
e
v C
d
mt cch n gin M < n.
Khng th xc nh c d nu bit e v n
S thut ton RSA
14
6
To kho
Tm cc s e, d sao cho:
M
ed
=M mod n
H qu ca nh l Euler: cho p v q l s nguyn t,
n v m l hai s nguyn sao cho: n=pq v 0 < m < n,
k l s nguyn bt k. ng thc sau nghim ng:
m
k|(n)+1
=m
k(p-1)(q-1)+1
m mod n
Nh vy: ed = k|(n)+1, tc l:
ed 1 mod |(n) hay d e
-1
mod |(n) c ngha l
gcd(|(n), d) = 1 v gcd(|(n), e) = 1
S thut ton RSA
14
7
S to kha RSA
S thut ton RSA
14
8
V d
p = 7, q = 17
n = pq = 119; |(n)=(p-1)(q-1)=96
Chn e nguyn t cng nhau vi |(n), nh hn |(n),
Chn e = 5;
Tm d: de
-1
mod |(n)
d=77 => cp kha: e=(5, 119); d=(77, 119)
S thut ton RSA
14
9
S thut ton RSA
M ho v gii m
Vn trong thut ton m ho v gii m RSA l vic thc hin php
ton lu tha v php ton ng d vi s nguyn ln.
Gii quyt da trn tnh cht ca php ton moun:
[(a mod n) x (b mod n)] mod n = (a x b) mod n
Tnh a
m
vi m ln.
Biu din nh phn ca m =b
k
b
k-1
b
0
=
bi0
2
i
Do :

( )
[ [
[
= =
=
|
|
.
|
\
|
= =
=
=
=
0
2
0
2
0
2
2
mod mod mod
0
i
i
i
i
i
i
i b
i
b b
m
b
m
n a n a n a
a a a
15
0
Sinh kho
Cc bc quan trng trong to kha:
Xc nh 2 s nguyn t p v q. trnh tn cng vt cn, p v q
phi ln.
Xc nh e v d
- Xc nh s nguyn t p, q (s dng thut ton Miller Rabin)
1. Chn mt s nguyn l n ngu nhin (s dng b sinh s
gi ngu nhin).
2. Chn mt s nguyn a < n ngu nhin.
3. Thc hin thut ton xc sut kim tra s nguyn t.
Nu n test thnh cng th loi b gi tr n v quay li bc 1.
4. Nu n test thnh cng vi s lng test , chp nhn n;
mt khc, quay li bc 2.
- Chn e v tnh d t e v |(n) (s dng thut ton Euclid)
S thut ton RSA
26
15
1
Thm m RSA
Tn cng vt cn: th vt cn ton b khng
gian kha ring.
Tn cng ton hc: thc hin bi ton phn
tch s nguyn thnh tch hai s nguyn t.
Tn cng da vo thi gian: da vo thi
gian thc hin thut ton gii m.
15
2
Qun l kha trong s mt m kha
cng khai
Cc m hnh qun l kha
Bi ton phn phi kha: tp trung xy dng knh
mt phn phi kha phin b mt.
Hai hng s dng mt m kha cng khai:
Phn phi kha cng khai;
S dng m ha kha cng khai phn phi kha
phin
15
3
Phn phi kha cng khai
Cc m hnh
Cng b cng khai
Cng b th mc cng khai
Trung tm y quyn kha cng khai
Chng th kha cng khai
15
4
Cng b cng khai
Cc bn tham gia trao i thng tin t cng b
kha cng khai;
im mnh: n gin.
im yu:
Mt ngi th 3 c th gi mo kha cng khai;
Bn C gi mo bn nhn tin B, gi kha cng khai ca
mnh K
PC
cho A;
A m ha cc bn tin gi cho B bng kha K
PC
ca C;
B khng c c bn tin A gi
C c th c c bn tin A gi B
15
5
Qun l th mc kha cng khai
C bn th ba C c y quyn qun l kha cng khai;
Bn th ba C to cho mi bn tham gia trao i thng tin mt
th mc lu tr kha;
Cc bn ng k v gi kha cng khai ti C. Qu trnh ng
k c th thc hin trn knh bo mt.
Cc bn c th thay th kha cng khai theo nhu cu
Khi s dng kha nhiu ln m ha lng d liu ln;
Khi kha ring cn phi thay th
15
6
Bn C nh k cng b ton b th mc kha hoc
cp nht;
Cc bn c th truy cp th mc kha qua cc knh
bo mt.
Vn xc thc i vi bn th ba C.
im yu:
Nu thm m bit c kha ring ca C
Ton b cc kha cng khai c lu tr c th b gi mo.
C th nghe trm cc thng ip do cc bn trao i .
27
15
7
y quyn kha cng khai
Bn th ba c y quyn PKA tham gia lu gi kha;
Cc bn A, B bit kha cng khai ca PKA;
Cc bc lm vic:
A gi yu cu kha cng khai ca B ti PKA: Request||T1
PKA gi li A: E
KRpka
(K
PB
|| Request||T1)
A gi B: E
KPB
(ID
A
||N
1
)
B gi yu cu kha cng khai ca A ti PKA: Request||T2
PKA gi li B: E
KRpka
(K
PA
|| Request||T2)
B gi A: E
KPA
(N
1
||N
2
)
A gi B: E
KPB
(N
2
)
15
8
Phn tch:
S lng giao dch tng;
Bn giao dch u s dng t v kha cng khai c th lu tr
dng trong cc ln sau;
nh k cc bn phi cp nht cc phin bn kha cng khai
mi.
u im:
An ton hn;
Kt hp xc thc hai bn;
Nhc im
PKA l nt tht c chai ca h thng.
Cc bn phi truy cp PKA mi khi cn kha cng khai;
PKA l im yu ca ton b h thng do s giao dch ln.
15
9
Chng ch kha cng khai
Trung tm cp pht chng th s CA;
Ch cn xc nhn kha cng khai mt ln;
Khng cn truy cp CA mi khi cn kha cng khai;
Kha cng khai s do cc bn t qun l;
S hot ng:
Cc bn gi kha cng khai ti CA chng thc;
Nhn chng th s t CA km thi gian hiu lc;
Cc bn xut trnh chng th s trong cc giao dch;
16
0
Phn phi kha mt i xng s dng
m ha cng khai
S n gin:
A gi B: K
PA
|| ID
A

B to kha phin K
s
v gi li A: E
KPA
(K
S
)
S km xc thc
A gi B: E
KPB
(N
1
||ID
A
)
B gi A: E
KPA
(N
1
||N
2
)
A gi B: E
KPB
(N
2
)
A gi B: E
KPB
(E
KRA
(K
S
))
16
1
Nguyn l trao i kha Diffie-Hellman
c Diffie-Hellman a ra vo 1976
L s kt hp ca hai m hnh xc thc v
mt ca h KCK
Vic sinh ra cc cp kho l hon ton khc
nhau i vi ngi s dng
S dng c ch trao i kho trc tip
khng qua trung gian xc thc

16
2
Nguyn l trao i kha Diffie-Helman
S dng p dng cho cc ng dng c
mt cao bng phng php trao i kho
(key exchange)
Nguyn tc: hai ngi s dng c th trao
i mt kho an ton - c dng m
ho cc tin nhn;
Thut ton t gii hn ch dng cho cc ng
dng s dng k thut trao i kho;
28
16
3
C s hnh thnh thut ton
Nguyn tc ton hc :
m l mt s nguyn t:
y=a
i
mod m l bi ton d;
Bi ton ngc l bi ton kh. c bit vi m ln.
Da trn php tnh logarit ri rc
16
4
Thut ton trao i kho
16
5
Tnh bo mt ca h mt
Thm m c sn cc thng tin :p,a,Y
i
,Y
j
c th gii c K ,X bt buc thm m
phi s dng thut ton logarit ri rc : rt
kh nu p ln
V th nn chn p cng ln cng tt : nh th
th vic tnh ton ra X coi nh khng th
16
6
H mt v thm m
Thm m c th tn cng vo cc thng tin : p
,a,Y
j
,Y
j

V s dng thut ton ri rc tnh ra X, sau
tnh ra K
Quan trng nht l phc tp ca thut ton
logarit ph thuc vo chn s nguyn t p
Tn cng man in the middle
16
7
Lnh vc ng dng

T qu trnh thut ton hn ch ng dng
ch s dng cho qu trnh trao i kho mt l
ch yu
S dng trong ch k in t.
Cc ng dng i hi xc thc ngi s dng.
Bi ton xc thc
29
16
9
Ni dung
Bi ton xc thc.
L thuyt xc thc Simmons
Cc phng php xc thc thng ip
M xc thc thng ip
Hm bm
Ch k s

17
0
Cc yu cu ca bi ton xc thc
im li cc dng tn cng
Tn cng vo tnh ring t:
Gii mt: gii mt ni dung thng ip.
Phn tch lung truyn ti: xc nh mu thng ip, xc nh
tn sut trao i thng ip, nh v, xc nh chc nng trm.
Dng tn cng th ng.
Mc ch: ngn chn bng m mt.
Bi ton xc thc
17
1
Bi ton xc thc
Tn cng vo tnh xc thc:
Tr hnh: a ra cc thng ip vo h thng vi tn gi mo.
Thay i ni dung thng ip: ph hu tnh ton vn.
Thay i trnh t trao i thng ip: tn cng vo giao thc.
Thay i theo tin trnh thi gian: lm tr hoc pht li thng
ip.
T chi dch v: t chi gi hoc nhn thng ip: s dng
ch k in t.
Xc thc:
Xc thc cc bn trao i thng ip.
Lm r ngun gc thng ip.
Xc nh tnh ton vn thng ip.
Chng ph nhn.
17
2
Bi ton xc thc
Cc tiu chun xc thc
Xc thc ch th tham gia vo trao i thng tin
Thng ip c ngun gc;
Ni dung thng ip ton vn, khng b thay i trong qu trnh
truyn tin (xc thc ni dung thng ip);
Thng ip c gi ng trnh t v thi im (xc thc phin);
Mc ch ca bi ton xc thc:
Chng li cc tn cng ch ng:
Chng gi mo;
Thay i ni dung d liu;
Thay i trnh t trao i thng tin (hot ng ca cc giao thc).
Cc phng php xc thc thng ip:
M ho thng ip;
S dng m xc thc thng ip;
S dng hm bm;
17
3
Bi ton xc thc
Cc hm xc thc
Cc c ch xc thc c thc hin trn hai mc:
Mc thp: trong h thng phi c cc hm chc nng cho
php kim tra tnh xc thc ca ch th v thng ip:
Hm to cc gi tr c trng xc thc ch th v thng ip.
Mc cao:
S dng cc hm xc thc trong cc giao thc xc thc.
Cho php thm nh tnh xc thc ca ch th v thng ip.
17
4
Bi ton xc thc
Cc dng hm xc thc:
M ho thng ip: s dng hm m ho xc thc
da vo vic s hu kho b mt.
M xc thc thng ip: to ra m xc thc thng ip
di c nh bng phng php m ho.
Hm bm xc thc thng ip: to m bm ca thng
ip vi di c nh.
Ch k s: to du hiu c trng xc nh duy nht
ch th.

30
17
5
Khi nim xc thc, xc thc hon ho.
L thuyt xc thc.
Din gii l thuyt xc thc.
17
6
Xc thc v xc thc hon ho
Vn gi mo v xc thc
Vn : tn ti
hay khng phng
php xc thc hon
ho chng li gi mo !?
Cc kch bn tn cng vo h xc thc:
i phng to ra bn tin gi mo c xc thc Y v gi ti bn
nhn tin.
Bn nhn tin phi kim tra tnh xc thc ca thng ip m nhn
c.
Gi thit h xc thc: h xc thc da trn kho K c s
dng mt ln to ra bn tin c xc thc Y.
M ho
Thm m
Gii m ch
X Y
Y
Y
X
K
17
7
Xc thc bng cch m ho
S dng phng php mt m kho i xng
Thng ip gi t ng ngun v ch c ngi gi bit
kho b mt dng chung
Ni dung khng th b thay i v vn bn r c cu
trc nht nh
Cc gi tin c nh s th t v c m ho nn
khng th thay i trnh t v thi im nhn c
S dng phng php mt m kho cng khai
Khng ch xc thc thng ip m cn to ch k s
Phc tp v mt thi gian hn m ho i xng
17
8
Xc thc dng m xc thc thng ip
(MAC - checksum)
Dng m xc thc thng ip (MAC Message
Authentication Code)
L khi c kch thc nh c nh gn vo
thng ip to ra t thng ip v kha b
mt chung
Bn nhn thc hin cng gii thut trn thng
ip v kho so xem MAC c chnh xc
khng
Gii thut to MAC ging gii thut m ha
nhng khng cn gii m
17
9
MAC = C
K
(M)
M: l bn tin
K: l kho mt c chia s ch bi ngi gi v
ngi nhn;
C
K
(M): l mt hm xc thc, cho kt qu l mt
xu k t c di c nh;
(MAC - checksum)
18
0
C th c nhiu thng ip c cng chung
MAC
Nhng nu bit 1 thng ip v MAC, rt kh tm ra
mt thng ip khc cng MAC
Cc thng ip c cng xc sut to ra MAC
p ng 3 tiu chun xc thc
(MAC - checksum)
31
18
1
M ho bn tin v cch tn cng
ca i phng
M ho bn tin
i xng
Khng i xng
S an ton ca thut ton ph thuc di
bit ca kho
Vi 1 ln tn cng
2
k
ln th cho kho k bit

18
2
M ho bn tin v cch tn cng
ca i phng
V d tn cng
i phng bit bn mt C (Ciphertext)
P
i
= D
Ki
(C) cho tt c kho K
i
n khi P
i
khp vi bn r P (Plaintext)
i vi CheckSum
MAC n bit 2
n
CheckSum to ra
N bn tin p dng (N>>2
n
)
Kha K bit 2
k
kha to ra

18
3
V d tn cng vo MAC
Gi s: size(K) > size (MAC) (k>n)
Match (so khp): l bn M
i
to ra gn khp
v bn M
1

Dng cch tn cng vt cn
(brute-force)

18
4
Tn cng MAC bng cch lp li:
Vng 1:
Cho: M
1
, MAC
1
= C
K
(M
1
)
Tnh: M
i
= C
Ki
(MAC
1
) cho tt c kho
S cc so khp to ra 2
k-n

Vng 2:
Cho: M
2
, MAC
2
= C
K
(M
2
)
Tnh M
i
= C
Ki
(MAC
2
) cho kho cn li.
S cch so khp to ra 2
k-2n

V d tn cng vo MAC
18
5
Kt qu:
Nu k = a*n mt a vng tm ra
Nu k < n th ngay vng 1 to ra lun s so khp.
V d
Nu mt kho kch thc k=80 bit
CheckSum kch thc l n=32 bit
Th vng 1 s to ra khong 2
48
kha Vng 2 s thu
hp xung cn 2
16
kha
Vng 3 s to ch 1 kho n, v chnh l kho c
dng bi ngi gi.
V d tn cng vo MAC
18
6
Tn ti kh nng c nhiu kho tho mn
vic so khp
i phng c th thc hin cng mt
kim tra trn mt cp(bntin,CheckSum)
mi.
V d tn cng vo MAC
32
18
7

(MAC - checksum)
18
8
Ch cn xc thc, khng cn m ho tn thi gian v
ti nguyn
Thng ip h thng
Chng trnh my tnh
Tch ring bo mt v xc thc s khin t chc
linh hot hn
Chng hn mi chc nng 1 tng ring
Cn m bo tnh ton vn ca d liu trong sut
thi gian tn ti, khng ch trong lc lu chuyn
V thng ip c th b thay i sau khi gii m
(MAC - checksum)
18
9
Xc thc dng hm bm
To ra hm bm c kch thc xc nh t thng ip
u vo(khng cn kho): h=H(M)
Hm bm khng cn gi b mt
Gi tr bm gn km vi thng ip m bo tnh
ton vn ca thng ip
Bt k mt s thay i nh no trong thng ip M
cng to ra s thay i trong m bm h
19
0
Cc yu cu i vi hm bm
C th p dng vi thng ip M vi di bt k
To ra gi tr bm h c di c nh
H(M) d dng tnh c vi bt k M no
T h rt kh tm c M sao cho h=H(M): tnh mt
chiu
T M1 rt kh tm c M2 sao cho H(M1)=H(M2)
Rt kh tm c cp (M1,M2) sao cho
H(M1)=H(M2)

19
1
c im 4 l c im 1 chiu (one -
way). N to ra 1 m cho bn tin nhng
khng th to ra 1 bn tin cho 1 m
c im 5 m bo:
1 bn tin thay th khi b bm khng cng gi tr
bm vi bn tin cho l
Bo v li s gi mo khi s dng 1 m bm
c m ha.
Cc yu cu i vi hm bm
19
2
Mt hm bm m tho mn cc c im t
15 trong danh sch trn th vn b coi l 1
hm bm km. Nu c im 6 c tho
mn, n mi c coi l mt hm bm tt.
c im 6 bo v bn tin khi mt lp cc tn
cng tinh vi nh tn cng ngy sinh (birthday
attack).
Cc yu cu i vi hm bm
33
19
3
Xc thc dng hm bm

19
4
Xc thc dng hm bm

19
5
So snh MAC v Hash
Tng t hm MAC nhng gi l hash
khng kho, MAC l hash c kho
19
6
Cc hm bm n gin
Nguyn tc hot ng chung:
Input: file, message.. c chia thnh chui cc
block n bit
X l u vo: mi block c x l ti 1 thi
im v lp li vi cc block khc to ra 1 gi
tr bm n bit
19
7
Hm bm XOR
Thc hin php XOR bit-by-bit
C th biu din nh sau:
C
i
= b
i1
b
i2
b
im

Trong :
C
i
: bit th i ca m bm (i=1..n)
m: S Block n-bit ca Input
b
ij
: bt th i ca Block j
: php ton XOR bit
19
8
Minh ha:
Bit 1 Bit 2 . Bit n
Block 1 B
11
B
21
. B
n1

Block 2 B
12
B
22
B
n2

. .. ..
Block m B
1m
B
2m
. B
nm

Hash Code C
1
C
2
. C
n

Hm bm XOR
34
19
9
Hm bm RXOR
Thc hin: Xoay i mt bit ri thc hin
php XOR tng tnh ngu nhin
S :
Khi to n bit ca gi tr bm bng 0
X l mi block n-bit thnh cng l nh sau:
Xoay gi tr bm hin ti sang tri 1 bit
XOR block vi gi tr bm
20
0
SHA-1 (Secure Hash Algorithm -1)
y l mt hm bm 1 chiu
Cc phin bn
SHA-0: Cng b nm 1993
SHA-1:
SHA-2: Bao gm tp hp SHA-224, SHA-256,
SHA-384, v SHA-512
Chng c dng bi chnh ph M
20
1
SHA-1
c im ca hm:
Input: u vo message c size < 2
64
Chia thnh cc Block c size = 512 bit
Ra: 1 Digest di 160 bit
Bo mt:
Khng tnh ton ra c thng ip vi 1 Digest cho
Khng c 2 thng ip cng to ra 1 Digest

20
2
S hot ng
20
3
Mt s kt qu test
Mt s gi tr digest ca SHA-1:
SHA1("The quick brown fox jumps over the lazy dog") ==
"2fd4e1c67a2d28fced849ee1bb76e7391b93eb12"
SHA1("The quick brown fox jumps over the lazy cog") ==
"de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3"
SHA1("") ==
"da39a3ee5e6b4b0d3255bfef95601890afd80709"
Ch k s
Yu cu
Phn loi
To v chng thc ch k
Digital Certificate

35
20
5
Yu cu
Da trn thng ip
S dng thng tin duy nht thuc v ngi
gi chng gi mo
D kim tra v nhn dng
Phi khng th tnh ton gi mo c
tho mn cc yu cu trn, ngi ta
thng s dng hm bm.
20
6
Phn loi
Thng c phn lm 2 loi:
Ch k trc tip
Ch k phn x

20
7
Ch k trc tip
Ch bao gm cc thnh phn truyn thng
C th c to ra :
M ho ton b bn tin vi kho ring ca ngi gi
M ho m bm ca bn tin vi kho ring ca ngi
gi
Tnh hp l ca ch k ph thuc vo vic
bo mt kho ring ca ngi gi.

20
8
Ch k phn x
Hot ng chung :
Mi bn tin c gi t X n Y phi thng qua A,
kim tra ngun gc v ni dung ca n
Bn tin c ghi li thi gian ri c gi n B + 1
thng ip c m bo bi A.
S c mt ca A gii quyt vn : X c th ph nhn
bn tin ny

20
9
To ch k
21
0
Chng thc ch k
36
21
1
Digital Certificate
chng thc c ch k in t bt buc
ngi nhn phi c kho chung ca ngi
gi.
Bn cht cp kho ny khng lin h vi
thuc tnh ca ngi s dng cn c c
ch lin kt chng vi ngi dng cc
certificate
Cc Certificate c CA cung cp
21
2
Cc thng tin trong Certificate
Phin bn
S serial
Nh cung cp Certifficate
Ngi gi Certificate
Thi gian hp php ca Certificate
Cc thuc tnh
Ch k s ca nh cung cp
Kho cng khai ca ngi s hu Certificate
Thut ton bm dng to ch k.
21
3
To Certificate
Cc Certificate c
to ra cn chng
thc cho bn thn n
Cc CA c cu trc
phn cp
Minh ho qu trnh to
Certificate cho CA gc
v CA mc thp hn

21
4
Cu trc phn cp ca CA
21
5
Xc thc chui Certificate
21
6
Cc giao thc xc thc
Xc thc hai bn
Cc phng php m ho c in
Phng php m ho kho cng khai
37
21
7
Xc thc hai bn
Ti y, chng ta ch xem xt vn qun l
phn phi kho
Tn ti 2 vn :
Tnh tin cy : ngn chn hin tng gi mo v tn cng
vo kho phin
Xc nh thi im: chng li kiu tn cng replay
21
8
Phng php chng replay
2 phng php:
Timestamp: gn 1 timestamp vo bn tin --> yu cu
ng b
Challenge/Response: A s gi n B 1 nonce v i tr
li ca B. Nu c cha gi tr nonce chnh xc th mi
bt u gi bn tin

21
9
nh gi 2 phng php
Timestamp: khng p dng cho cc ng dng
hng kt ni
Yu cu ng b gia cc tin trnh ng h
C hi tn cng thnh cng s tng ln nu c 1 khong
thi gian khng ng b
Tnh lun thay i v khng d on trc c ca cc
tr trong mng
Challenge/Response: khng p dng cho cc
ng dng khng hng kt ni
Yu cu bt tay trc khi truyn thng khng kt ni
Phng php tt nht: to s ng b gia ng h mi
bn
22
0
Phng php m ho c in
S dng 1 trung tm phn phi kho tin
cy(KDC)
Mi bn chia s 1 kho mt vi KDC:kho
chnh
KDC s sinh ra cc kho phin: s dng1
trn kt ni gia 2 bn
KDC cn chu trch nhim phn phi cc
kho phin s dng kho chnh bo v
qu trnh phn phi kho
22
1
M ho kho cng khai
Phng php ny m bo l mi bn u lu
tr kho cng khai hin thi ca bn cn li
Tt c cc phng php trn vn tn ti
nhng im thiu st
C nhiu phng php:
Denny
Woo v Law

22
2
nh du thng tin vo d liu
38
22
3
Mc lc
I.Gii thiu chung
II.Cc vn k thut
III.Thut ton Watermark
22
4
I.Gii thiu chung
1.Lch s ra i
2.Phn loi
3. ng dng

22
5
1. Lch s ra i
Xut pht t ngh lm giy ca Trung Quc
Yu cu v bn quyn trong th gii k thut s.
Watermark l mt qu trnh nhng d liu c gi
l watermark hay ch k s hay label vo mt i
tng a phng tin v do watermark c th
c pht hin hoc trch ra sau nhm gip a
ra cc xc thc v i tng
22
6
2.Phn loi Watermarking
Theo i tng s: audio, text, video, image
Theo min biu din i tng: spatial
domain, frequency domain
Theo quan im ng dng: source base v
destionation base
Theo cc phn loi khc: visible watermark
v invisble watermark
22
7
3. ng dng
Bo v bn quyn:
-dng watermark nhn
din ngi gi bn quyn.
-dng watermark nhn
din khch hng, kim
sot lu hnh hng ho.
22
8
3. ng dng
Chng thc nh v tnh
ton vn d liu
-nh s rt d b sa cha bng
cc cng c ho cao cp
-sa cha nh cng c th ph
hu hoc thay i vic nhn
din mt watermark
39
22
9
3. ng dng
Watermark cc i tng s:
-text, image, audio, video.
-nhn din cho cc cu trc d liu kiu nh protein trong ho sinh
23
0
3. ng dng
Che giu d liu v nh nhn nh
-nhng c lng thng tin ln nht khng nhn thy c vo
trong mt nh gc
-yu cu v tnh chu li thng l thp trong watermark
23
1
II.Cc vn k thut
1.Cc phase c bn
2.Cc kiu tn cng
3.So snh watermark vi m mt
4.So snh watermark vi nn nh
23
2
1.Cc phase c bn ca mt thut
ton watermarking
-pha nhng
watermark.
-pha phn
phi
watermark.
-pha trch dn
watermark.
-pha quyt
nh.
23
3
1.1.Phase nhng watermark
23
4
1.2.Phase phn phi
40
23
5
1.3.Phase trch dn
23
6
1.4.Phase quyt nh
o tng i gia
nh gc W v nh
c trch dn W*

Nu o trn ln hn
ngng th coi nh
ch k c xc
thc
23
7
2.Cc kiu tn cng v yu cu
Cc kiu tn cng:
-Nn mt mt thng tin
-Mo hnh hc
-Cc php x l tn hiu ni chung
-Cc kiu tn cng khc

23
8
2.Cc kiu tn cng v yu cu
Cc yu cu:
-Kh nng n hin ca du
-Kh chu li
-Chng gi mo
-Bit rate
-Sa i v sao chp watermark

23
9
3.So snh watermark vi m mt
M mt yu cu gii m phi chnh xc cn
watermark ch yu cu t n mt ngng
no .
Watermark tng t nh m mt trong qu
trnh m ha.
24
0
4.So snh watermarking vi nn
nh
nn khng mt mt thng tin khng lm nh hng n h
thng watermark th phng thc nn c mt mt thng tin s
gy ra mo cho watermark
mc tiu thit k ca h thng nn mt mt thng tin l i
nghch hn vi mc tiu ca watermarking

Silde An Ninh Mang PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Silde An Ninh Mang PDF

Uploaded by

Copyright:

Available Formats

1

You might also like