Giáo trình Bảo mật thông tin

GIO TRNH
BO MT THNG TIN
H ni 8-2013
M u
Gn y, mn hc An ton v bo mt thng tin c a vo ging dy ti
hu ht cc Khoa Cng ngh Thng tin ca cc trng i hc v cao ng. Do cc
ng dng trn mng Internet ngy cc pht trin v m rng, nn an ton thng tin
trn mng tr thnh nhu cu bt buc cho mi h thng ng dng. p ng
yu cu hc tp v t tm hiu ca sinh vin cc chuyn ngnh Cng ngh Thng tin,
nhm ging vin ph trch mn Bo mt ca khoa Cng ngh thng tin, trng H
Kinh doanh v Cng ngh H Ni t chc bin son gio trnh ny. Ni dung ca
n c da trn mt s ti liu, nhng ch yu l cun sch ca Gio s William
Stallings Cryptography and Network Security: Principles and Practice. Bn dch
chng ti tham kho bi ging ca TS. Trn Vn Dng khoa CNTT, H Giao
Thng vn ti H Ni. Cun sch trn c dng lm ti liu ging dy ti nhiu
trng i hc. Vi mc ch trang b cc kin thc c s va v gip cho sinh
vin hiu c bn cht ca cc kha cnh an ninh trn mng, trong gio trnh c
gng trnh by tm tt cc phn l thuyt c bn v a ra cc ng dng thc t.
Gio trnh gm 7 chng. Chng u nu tng quan v bo mt, chng 2 tm tt
s lc v m c in, chng 3 trnh by nhng khi nim c bn v s hc, chng
4 gii thiu v M khi v chun m d liu, chng 5 nu v m cng khai v RSA,
chng 6 gii thiu ng dng v an ton Web v IP v cui cng chng 7 tm tt v
K xm nhp v bin php phng chng bc tng la
MC LC
CHNG 1. TNG QUAN V BO MT......................................................................5
1.1 Gii thiu chung v bo mt thng tin...........................................................................5
1.2 Dch v, c ch, tn cng...............................................................................................7
1.3 M hnh an ton mng...................................................................................................8
1.4 Bo mt thng tin trong h c s d liu......................................................................10
Cu hi v bi tp...............................................................................................................13
CHNG 2. M C IN..............................................................................................14
2.1 M i xng..................................................................................................................14
2.2 Cc m th c in thay th..........................................................................................17
2.3 Cc m th c in hon v...........................................................................................23
2.4 Mt s vn khc......................................................................................................24
Cu hi v bi tp...............................................................................................................25
CHNG 3. C S TON HC....................................................................................27
3.1 S hc trn Modulo......................................................................................................27
3.2. Mt s thut ton trn Zn.............................................................................................30
3.3 Gii thiu l thuyt s..................................................................................................33
Cu hi v bi tp...............................................................................................................37
CHNG 4. CHUN M D LIU (DES) V CHUN M NNG CAO (AES)...39
4.1 Chun m d liu (DES)...............................................................................................39
4.3. Double DES v Triple DES.........................................................................................47
4.4 Chun m nng cao (AES)...........................................................................................48
Cu hi v bi tp...............................................................................................................49
CHNG 5. M CNG KHAI V QUN L KHO................................................50
5.1 M kho cng khai........................................................................................................50
5.2 H mt m RSA............................................................................................................52
5.3 Qun l kho.................................................................................................................55
5.4 Trao i kho Diffie Hellman.......................................................................................58
Cu hi v bi tp...............................................................................................................59
CHNG 6. AN TON IP V WEB...............................................................................61
6.1 An ton IP.....................................................................................................................61
6.2 An ton Web..................................................................................................................63
6.3 Thanh ton in t an ton...........................................................................................67
6.4 An ton th in t.......................................................................................................70
Cu hi v bi tp...............................................................................................................74
CHNG 7. K XM NHP, PHN MM C HI V BC TNG LA........75
7.1 K xm nhp.................................................................................................................75
7.2 Phn mm c hi..........................................................................................................78
7.3 Trn b m..................................................................................................................83
7.4 Bc tng la...............................................................................................................90
Cu hi v bi tp...............................................................................................................95
DANH MC CC K HIU, CC CH VIT TT...................................................96
DANH SCH CC TI THO LUN.....................................................................98
TI LIU THAM KHO.................................................................................................99
CHNG 1. TNG QUAN V BO MT

1.1 Gii thiu chung v bo mt thng tin
1.1.1 M u v bo mt thng tin
Ngy nay vi s pht trin bng n ca cng ngh thng tin, hu ht cc thng tin ca
doanh nghip nh chin lc kinh doanh, cc thng tin v khch hng, nh cung cp,
ti chnh, mc lng nhn vin,u c lu tr trn h thng my tnh. Cng vi
s pht trin ca doanh nghip l nhng i hi ngy cng cao ca mi trng kinh
doanh yu cu doanh nghip cn phi chia s thng tin ca mnh cho nhiu i tng
khc nhau qua Internet hay Intranet. Vic mt mt, r r thng tin c th nh hng
nghim trng n ti chnh, danh ting ca cng ty v quan h vi khch hng.
Cc phng thc tn cng thng qua mng ngy cng tinh vi, phc tp c th dn n
mt mt thng tin, thm ch c th lm sp hon ton h thng thng tin ca doanh
nghip. V vy an ton v bo mt thng tin l nhim v rt nng n v kh on
trc c, nhng tu trung li gm ba hng chnh sau:
- Bo m an ton thng tin ti my ch
- Bo m an ton cho pha my trm
- Bo mt thng tin trn ng truyn
ng trc yu cu bo mt thng tin, ngoi vic xy dng cc phng thc bo mt
thng tin th ngi ta a ra cc nguyn tc v bo v d liu nh sau:
- Nguyn tc hp php trong lc thu thp v x l d liu.
- Nguyn tc ng n.
- Nguyn tc ph hp vi mc ch.
- Nguyn tc cn xng.
- Nguyn tc minh bch.
- Nguyn tc c cng quyt nh cho tng c nhn v bo m quyn truy cp
cho ngi c lin quan.
- Nguyn tc khng phn bit i x.
- Nguyn tc an ton.
- Nguyn tc c trch nim trc php lut.
- Nguyn tc gim st c lp v hnh pht theo php lut.
- Nguyn tc mc bo v tng ng trong vn chuyn d liu xuyn bin gii.
y chng ta s tp trung xem xt cc nhu cu an ninh v ra cc bin php an
ton cng nh vn hnh cc c ch t c cc mc tiu .
Nhu cu an ton thng tin:
An ton thng tin thay i rt nhiu trong thi gian gn y. Trc kia hu
nh ch c nhu cu bo mt thng tin, nay i hi thm nhiu yu cu mi nh
an ninh my ch v trn mng.
Cc phng php truyn thng c cung cp bi cc c ch hnh chnh v
phng tin vt l nh ni lu tr bo v cc ti liu quan trng v cung cp
giy php c quyn s dng cc ti liu mt .
My tnh i hi cc phng php t ng bo v cc tp v cc thng tin
lu tr. Nhu cu bo mt rt ln v rt a dng, c mt khp mi ni, mi lc.
Do khng th khng ra cc qui trnh t ng h tr bo m an ton
thng tin.
Vic s dng mng v truyn thng i hi phi c cc phng tin bo v d
liu khi truyn. Trong c c cc phng tin phn mm v phn cng, i
hi c nhng nghin cu mi p ng cc bi ton thc tin t ra.
Cc khi nim:
An ton my tnh: tp hp cc cng c c thit k bo v d liu v
chng hacker.
An ton mng: cc phng tin bo v d liu khi truyn chng.
An ton Internet: cc phng tin bo v d liu khi truyn chng trn tp cc
mng lin kt vi nhau.
Mc ch ca mn hc l tp trung vo an ton Internet gm cc phng tin bo
v, chng, pht hin, v hiu chnh cc ph hoi an ton khi truyn v lu tr thng
tin.
1.1.2 Nguy c v him ha i vi h thng thng tin
Cc him ha i vi h thng c th c phn loi thnh him ha v tnh hay c
, ch ng hay th ng.
- Him ha v tnh: khi ngi dng khi ng li h thng ch c quyn,
h c th ty chnh sa h thng. Nhng sau khi hon thnh cng vic h
khng chuyn h thng sang ch thng thng, v tnh k xu li dng.
- Him ha c : nh c tnh truy nhp h thng tri php.
- Him ha th ng: l him ha nhng cha hoc khng tc ng trc tip ln
h thng, nh nghe trm cc gi tin trn ng truyn.
- Him ha ch ng: l vic sa i thng tin, thay i tnh trng hoc hot
ng ca h thng.
i vi mi h thng thng tin mi e da v hu qu tim n l rt ln, n c th
xut pht t nhng nguyn nhn nh sau:
- T pha ngi s dng: xm nhp bt hp php, n cp ti sn c gi tr
- Trong kin trc h thng thng tin: t chc h thng k thut khng c cu
trc hoc khng mnh bo v thng tin.
- Ngay trong chnh sch bo mt an ton thng tin: khng chp hnh cc chun
an ton, khng xc nh r cc quyn trong vn hnh h thng.
- Thng tin trong h thng my tnh cng s d b xm nhp nu khng c cng
c qun l, kim tra v iu khin h thng.
- Nguy c nm ngay trong cu trc phn cng ca cc thit b tin hc v trong
phn mm h thng v ng dng do hng sn xut ci sn cc loi 'rp' in t
theo nh trc, gi l 'bom in t'.
- Nguy him nht i vi mng my tnh m l tin tc, t pha bn ti phm.
1.1.3 Phn loi tn cng ph hoi an ton:
Cc h thng trn mng c th l i tng ca nhiu kiu tn cng:

- Tn cng gi mo l mt thc th tn cng gi danh mt thc th khc. Tn
cng gi mo thng c kt hp vi cc dng tn cng khc nh tn cng
chuyn tip v tn cng sa i thng bo.
- Tn cng chuyn tip xy ra khi mt thng bo, hoc mt phn thng bo
c gi nhiu ln, gy ra cc tc ng tiu cc.
- Tn cng sa i thng bo xy ra khi ni dung ca mt thng bo b sa i
nhng khng b pht hin.
- Tn cng t chi dch v xy ra khi mt thc th khng thc hin chc nng
ca mnh, gy cn tr cho cc thc th khc thc hin chc nng ca chng.
- Tn cng t bn trong h thng xy ra khi ngi dng hp php c tnh hoc
v can thip h thng tri php. Cn tn cng t bn ngoi l nghe trm, thu
chn, gi mo ngi dng hp php v vt quyn hoc lch qua cc c ch
kim sot truy nhp.
Tn cng b ng. Do thm, theo di ng truyn :
o nhn c ni dung bn tin hoc
o theo di lung truyn tin
Tn cng ch ng. Thay i lung d liu :
o gi mo mt ngi no .
o lp li bn tin trc
o thay i ban tin khi truyn
o t chi dch v.
1.2 Dch v, c ch, tn cng.
Nhu cu thc tin dn n s cn thit c mt phng php h thng xc nh cc
yu cu an ninh ca t chc. Trong cn c tip cn tng th xt c ba kha cnh
ca an ton thng tin: bo v tn cng, c ch an ton v dch v an ton.
Sau y chng ta xt chng theo trnh t ngc li:
1.2.1 Cc dch v an ton.
y l cng c m bo an ton ca h thng x l thng tin v truyn thng tin

trong t chc. Chng c thit lp chng li cc tn cng ph ho1. C th dng
mt hay nhiu c ch an ton cung cp dch v.
Thng thng ngi ta cn phi to ra cc lin kt vi cc ti liu vt l: nh c ch
k, ngy thng, bo v cn thit chng khm ph, sa by, ph hoi, c cng
chng, chng kin, c ghi nhn hoc c bn quyn.
1.2.2 Cc c ch an ton:
T cc cng vic thc t chng li cc ph hoi an ninh, ngi ta h thng v
sp xp li to thnh cc c ch an ninh khc nhau. y l c ch c thit k
pht hin, bo v hoc khi phc do tn cng ph hoi.
Khng c c ch n l no p ng c mi chc nng yu cu ca cng tc an
ninh. Tuy nhin c mt thnh phn c bit nm trong mi c ch an ton l: k
thut m ho. Do chng ta s dnh mt thi lng nht nh tp trung vo l
thuyt m.
1.2.3 Tn cng ph hoi an ninh:
Ta xc nh r th no l cc hnh ng tn cng ph hai an ninh. l mi hnh
ng chng li s an ton thng tin ca cc t chc.
An ton thng tin l bn v bng cch no chng li tn cng vo h thng thng tin
hoc pht hin ra chng. Trn thc t c rt nhiu cch v nhiu kiu tn cng khc
nhau. Thng thut ng e do v tn cng c dng nh nhau. Cn tp trung
chng mt s kiu tn cng chnh: th ng v ch ng.
1.3 M hnh an ton mng

1.3.1 Kin trc an ton ca h thng truyn thng m OSI.
gip cho vic hoch nh chnh sch v xy dng h thng an ninh tt. B phn
chun ha tiu chun ca t chc truyn thng quc t (International
Telecommunication Union) nghin cu v ra Kin trc an ninh X800 dnh cho
h thng trao i thng tin m OSI. Trong nh ngha mt cch h thng phng
php xc nh v cung cp cc yu cu an ton.N cung cp cho chng ta mt cch
nhn tng qut, hu ch v cc khi nim m chng ta nghin cu.
Trc ht ni v dich v an ton, X800 nh ngha y l dch v cung cp cho tng

giao thc ca cc h thng m trao i thng tin, m m bo an ton thng tin cn
thit cho h thng v cho vic truyn d liu.
Trong ti liu cc thut ng chun trn Internet RFC 2828 nu nh ngha c th
hn dich v an ton l dch v trao i v x l cung cp cho h thng vic bo v
c bit cho cc thng tin ngun.Ti liu X800 a ra nh ngha dch v theo 5 loi
chnh:
- Xc thc: tin tng l thc th trao i ng l ci tuyn b. Ngi ang
trao i xng tn vi mnh ng l anh ta, khng cho php ngi khc mo danh.
- Quyn truy cp: ngn cm vic s dng ngun thng tin khng ng vai tr.
Mi i tng trong h thng c cung cp cc quyn hn nht nh v ch c
hnh ng trong khun kh cc quyn hn .
- Bo mt d liu: bo v d liu khng b khm ph bi ngi khng c quyn.
Chng hn nh dng cc k hiu khc thay th cc k hiu trong bn tin, m ch
ngi c bn quyn mi c th khi phc nguyn bn ca n.
- Ton vn d liu: tin tng l d liu c gi t ngi c quyn. Nu c thay
i nh lm tr hon v mt thi gian hay sa i thng tin, th xc thc s cho cch
kim tra nhn bit l c cc hin tng xy ra.
- Khng t chi: chng li vic chi b ca mt trong cc bn tham gia trao i.
Ngi gi cng khng tri b l mnh gi thng tin vi ni dung nh vy v ngi
nhn khng th ni di l ti cha nhn c thng tin . iu ny l rt cn thit
trong vic trao i, tha thun thng tin hng ngy.
C ch an ton c nh ngha trong X800 nh sau:
- C ch an ton chuyn dng c ci t trong mt giao thc ca mt tng vn
chuyn no : m ho, ch k in t, quyn truy cp, ton vn d liu, trao i c
php, m truyn, kim sot nh hng, cng chng.
- C ch an ton ph dng khng ch r c dng cho giao thc trn tng no hoc
dch v an ninh c th no: chc nng tin cy cho mt tiu chun no , nhn an
ton chng t i tng c tnh cht nht nh, pht hin s kin, vt theo di an ton,
khi phc an ton.
1.3.2 M hnh an ton mng tng qut
S dng m hnh trn i hi chng ta phi thit k:
o thut ton ph hp cho vic truyn an ton.
o Pht sinh cc thng tin mt (kho) c s dng bi cc thut ton.
o Pht trin cc phng php phn phi v chia s cc thng tin mt.
o c t giao thc cho cc bn s dng vic truyn v thng tin mt
cho cc dch v an ton.
M hnh truy cp mng an ton:
S dng m hnh trn i hi chng ta phi:

o La chn hm canh cng ph hp cho ngi s dng c danh tnh.
o Ci t kim sot quyn truy cp tin tng rng ch c ngi c
quyn mi truy cp c thng tin ch hoc ngun.
o Cc h thng my tnh tin cy c th dng m hnh ny.
1.4 Bo mt thng tin trong h c s d liu

1.4.1 Gii thiu chung
Cc h c s d liu (CSDL) ngy nay nh Oracle, SQL/Server, DB2/Informix u
c sn cc cng c bo v tiu chun nh h thng nh danh v kim sot truy xut.
Tuy nhin, cc bin php bo v ny hu nh khng c tc dng trc cc tn cng t
bn trong. bo v thng tin khi mi e da ny, ngi ta a ra hai gii php.
Gii php n gin nht bo v d liu trong CSDL mc tp tin, chng li s
truy cp tri php vo cc tp tin CSDL bng hnh thc m ha. Tuy nhin, gii php
ny khng cung cp mc bo mt truy cp n CSDL mc bng, ct v dng.
Mt im yu na ca gii php ny l bt c ai vi quyn truy xut CSDL u c th
truy cp vo tt c d liu trong CSDL cng c ngha l cho php cc i tng vi
quyn qun tr truy cp tt c cc d liu nhy cm.
Gii php th hai, gii quyt vn m ha mc ng dng. Gii php ny x l m
ha d liu trc khi truyn d liu vo CSDL. Nhng vn v qun l kha v
quyn truy cp c h tr bi ng dng. Truy vn d liu n CSDL s tr kt qu
d liu dng m ha v d liu ny s c gii m bi ng dng. Gii php ny

gii quyt c vn phn tch quyn an ton v h tr cc chnh sch an ton da
trn vai tr.
1.4.2 Mt s m hnh bo mt c s d liu
p ng nhng yu cu v bo mt cho cc h thng CSDL hin ti v sau ny
ngi ta a ra 2 m hnh bo mt CSDL thng thng sau y
Xy dng tng CSDL trung gian:
Mt CSDL trung gian c xy dng gia ng dng v CSDL gc. CSDL trung gian
ny c vai tr m ha d liu trc khi cp nht vo CSDL gc, ng thi gii m d
liu trc khi cung cp cho ng dng. CSDL trung gian ng thi cung cp thm cc
chc nng qun l kha, xc thc ngi dng v cp php truy cp.
Gii php ny cho php to thm nhiu chc nng v bo mt cho CSDL. Tuy nhin,
m hnh CSDL trung gian i hi xy dng mt ng dng CSDL ti to tt c cc
chc nng ca CSDL gc.
M hnh trung gian

S dng c ch sn c trong CSDL
M hnh ny gii quyt cc vn m ha ct da trn cc c ch sau:
a. Cc hm Stored Procedure trong CSDL cho chc nng m ha v gii m
b. S dng c ch View trong CSDL to cc bng o, thay th cc bng tht c
m ha.
c. C ch instead of trigger c s dng nhm t ng ha qu trnh m ha t
View n bng gc.
Trong m hnh ny, d liu trong cc bng gc s c m ha, tn ca bng gc
c thay i. Mt bng o c to ra mang tn ca bng gc, ng dng s truy cp
n bng o ny.
Truy xut d liu trong m hnh ny c th c tm tt nh sau:
10
M hnh bng o
Cc truy xut d liu n bng gc s c thay th bng truy xut n bng o.
Bng o c to ra m phng d liu trong bng gc. Khi thc thi lnh select,
d liu s c gii m cho bng o t bng gc ( c m ha). Khi thc thi lnh
Insert, Update, instead of trigger s c thi hnh v m ha d liu xung bng
gc.
Qun l phn quyn truy cp n cc ct s c qun l cc bng o. Ngoi cc
quyn c bn do CSDL cung cp, hai quyn truy cp mi c nh ngha:
1. Ngi s dng ch c quyn c d liu dng m ha. Quyn ny ph hp vi
nhng i tng cn qun l CSDL m khng cn c ni dung d liu.
2. Ngi s dng c quyn c d liu dng gii m.
1.4.3 S lc kin trc ca 1 h bo mt CSDL
Triggers: cc trigger c s dng ly d liu n t cc cu lnh INSERT,
UPDATE ( m ha).
Views: cc view c s dng ly d liu n t cc cu lnh SELECT ( gii
m).
Extended Stored Procedures: c gi t cc Trigger hoc View dng kch hot
cc dch v c cung cp bi Modulo DBPEM t trong mi trng ca h qun tri
CSDL.
DBPEM (Database Policy Enforcing Modulo): cung cp cc dch v m ha/gii m
d liu gi n t cc Extended Stored Procedures v thc hin vic kim tra quyn
truy xut ca ngi dng (da trn cc chnh sch bo mt c lu tr trong CSDL
v quyn bo mt).
11
Kin trc mt h bo mt CSDL

Security Database: lu tr cc chnh sch bo mt v cc kha gii m. Xu hng
ngy nay thng l lu tr CSDL v bo mt ny trong Active Directory (mt CSDL
dng th mc lu tr tt c thng tin v h thng mng).
Security Services: ch yu thc hin vic bo v cc kha gii m c lu trong
CSDL bo mt.
Management Console: dng cp nht thng tin lu trong CSDL bo mt (ch yu
l son tho cc chnh sch bo mt) v thc hin thao tc bo v mt trng no
trong CSDL m bo ti a tnh bo mt, thng tin c trao i.
Cu hi v bi tp
1.
2.
3.
4.
5.
6.
7.
8.
Trnh by cc khi nim v an ton thng tin v bo mt thng tin

Vai tr ca an ton thng tin v bo mt thng tin
Cc nguy c tn cng vo h thng thng tin
Cc yu cu cng nh mc tiu ca vic m bo an ton v bo mt thng tin
Quy trnh v m hnh m bo an ton thng tin v bo mt thng tin
nh hng tng cng an ton thng tin v bo mt thng tin
Trnh by m hnh mng an ton
Trnh by kin trc bo mt CSDL.
12
CHNG 2. M C IN
M ho c in l phng php m ho n gin nht xut hin u tin trong lch s
ngnh m ho. Thut ton n gin v d hiu. Nhng phng php m ho ny l c
s cho vic nghin cu v pht trin thut ton m ho i xng c s dng ngy
nay. Trong m ho c in c hai phng php ni bt l:
- M ho thay th
- M ho hon v
Mi m c in u l m i xng m chng ta s xt trong phn sau.
2.1 M i xng.
2.1.1 Cc khi nim c bn
Mt m i xng s dng cng mt kha cho vic m ha v gii m. C th ni m
i xng l m mt kho hay m kha ring hay m kho tha thun.
y ngi gi v ngi nhn chia s kho chung K, m h c th trao i b mt
vi nhau. Ta xt hai hm ngc nhau: E l hm bin i bn r thnh bn m v D l
hm bin i bn m tr v bn r. Gi s X l vn bn cn m ha v Y l dng vn
bn c thay i qua vic m ha. Khi ta k hiu:
Y = EK(X)
X = DK(Y)
Mi thut ton m c in u l m kho i xng, v thng tin v kha c

chia s gia ngi gi v ngi nhn. M i xng l kiu duy nht trc khi pht
minh ra kho m cng khai (cn c gi l m khng i xng) vo nhng nm
1970. Hin nay cc m i xng v cng khai tip tc pht trin v hon thin. M
cng khai ra i h tr m i xng ch khng thay th n, do m i xng n
nay vn c s dng rng ri.
Sau y ta a ra nh ngha mt s khi nim c bn v m ha.
1. Bn r X c gi l l bn tin gc. Bn r c th c chia nh c kch
thc ph hp.
2. Bn m Y l bn tin gc c m ho. y ta thng xt phng php
m ha m khng lm thay i kch thc ca bn r, tc l chng c cng
di.
3. M l thut ton E chuyn bn r thnh bn m. Thng thng chng ta cn
thut ton m ha mnh, cho d k th bit c thut ton, nhng khng bit
thng tin v kha cng khng tm c bn r.
4. Kho K l thng tin tham s dng m ho, ch c ngi gi v ngui nhn
bit. Kha l c lp vi bn r v c di ph hp vi yu cu bo mt.
5. M ho l qu trnh chuyn bn r thnh bn m, thng thng bao gm vic
p dng thut ton m ha v mt s qu trnh x l thng tin km theo.
6. Gii m chuyn bn m thnh bn r, y l qu trnh ngc li ca m ha.
7. Mt m l chuyn ngnh khoa hc ca Khoa hc my tnh nghin cu v cc
nguyn l v phng php m ho. Hin nay ngi ta a ra nhiu chun an
ton cho cc lnh vc khc nhau ca cng ngh thng tin.
8. Thm m nghin cu cc nguyn l v phng php gii m m khng bit
kho. Thng thng khi a cc m mnh ra lm chun dng chung gia cc
13
ngi s dng, cc m c cc k thm m cng nh nhng ngi pht

trin m tm hiu nghin cu cc phng php gii mt phn bn m vi cc
thng tin khng y .
9. L thuyt m bao gm c mt m v thm m. N l mt th thng nht,
nh gi mt m mnh hay khng, u phi xt t c hai kha cnh . Cc
nh khoa hc mong mun tm ra cc m hnh m ha khi qut cao p ng
nhiu chnh sch an ton khc nhau.
M hnh m i xng
2.1.2 Cc yu cu.
Mt m i xng c cc c trng l cch x l thng tin ca thut ton m, gii m,
tc ng ca kha vo bn m, di ca kha. Mi lin h gia bn r, kha v bn
m cng phc tp cng tt, nu tc tnh ton l chp nhn c. C th h ai yu
cu s dng an ton m kho i xng l
1. Thut ton m ho mnh. C c s ton hc vng chc m bo rng mc d
cng khai thut ton, mi ngi u bit, nhng vic thm m l rt kh khn
v phc tp nu khng bit kha.
2. Kho mt ch c ngi gi v ngi nhn bit. C knh an ton phn phi
kho gia cc ngi s dng chia s kha. Mi lin h gia kha v bn m l
khng nhn bit c.
2.1.3 Mt m
H mt m c c trng bi cc yu t sau
- Kiu ca thao tc m ho c s dng trn bn r:
1. Php th - thay th cc k t trn bn r bng cc k t khc
2. Hon v - thay i v tr cc k t trong bn r, tc l thc hin hon
v cc k t ca bn r.
3. Tch ca chng, tc l kt hp c hai kiu thay th v hon v cc k t
ca bn r.
- S kho c s dng khi m ha: mt kho duy nht - kho ring hoc hai kho
- kho cng khai. Ngoi ra cn xem xt s kha c dng c nhiu khng.
- Mt c trng ca m na l cch m bn r c x l, theo:
1. Khi - d liu c chia thnh tng khi c kch thc xc nh v p
dng thut ton m ha vi tham s kha cho tng khi.
2. Dng - tng phn t u vo c x l lin tc to phn t u ra
tng ng.
3.
14
2.1.4 Thm m.
C hai cch tip cn tn cng m i xng.
1. Tn cng thm m da trn thut ton v mt s thng tin v cc c
trng chung v bn r hoc mt s mu bn r/bn m. Kiu tn cng
ny nhm khai ph cc c trng ca thut ton tm bn r c th
hoc tm kha. Nu tm c kha th l tai ha ln.
2. Tn cng duyt ton b: k tn cng tm cch th mi kha c th trn
bn m cho n khi nhn c bn r. Trung bnh cn phi th mt na
s kha mi tm c.
Cc kiu tn cng thm m.
- Ch dng bn m: bit thut ton v bn m, dng phng php thng k, xc
nh bn r.
- Bit bn r: bit thut ton, bit c bn m/bn r tn cng tm kha.
- Chn bn r: chn bn r v nhn c bn m, bit thut ton tn cng tm
kha.
- Chn bn m: chn bn m v c c bn r tng ng, bit thut ton tn
cng tm kha.
- Chn bn tin: chn c bn r hoc m v m hoc gii m tung ng, tn
cng tm kha.
2.1.5 Tm duyt tng th (Brute-Force)
V mt l thuyt phng php duyt tng th l lun thc hin c, do c th tin
hnh th tng kho, m s kho l hu hn. Phn ln cng sc ca cc tn cng u
t l thun vi kch thc kho. Kha cng di thi gian tm kim cng lu v thng
tng theo hm m. Ta c th gi thit l k thm m c th da vo bi cnh bit
hoc nhn bit c bn r.
Sau y l mt s thng k v mi lin h gia di kha, kch thc khng gian
kha, tc x l v thi gian tm duyt tng th. Chng ta nhn thy vi di
kha t 128 bit tr ln, thi gian yu cu l rt ln, ln n hng t nm, nh vy c
th coi phng php duyt tng th l khng hin thc.
Key
(bits)
Size Number
of Time required at 1 encryption/
Alternative Keys s
32
223 = 43 x 109
231 s = 35.8 minutes
56
256=7.2 x 1016
255 s = 1142 years
128
2128 = 7.2 x 1038 2127 s = 5.4 x 1024 years
168
2168 = 3.7 x 1050 2167 s = 5.9 x 1036 years
26 characters 26! = 4 x 1026
2 x 1026 s = 6.4 x 1012 years
Time required at
106 encryptions/ s
2.15 miniseconds
10.01 hours
5.4 x 1018 years
5.9 x 1030 years
6.4 x 106 years
(permution)
2.1.6 an ton.
C th phn lai an ton thnh hai kiu nh sau:
- An ton khng iu kin: y khng quan trng my tnh mnh nh th no, c
th thc hin c bao nhiu php ton trong mt giy, m ho khng th b b, v
bn m khng cung cp thng tin xc nh duy nht bn r. Vic dng b m
ngu nhin mt ln m dng cho d liu m ta s xt cui bi ny c coi l an
15
ton khng iu kin. Ngoi ra cha c thut ton m ha no c coi l an ton

khng iu kin.
- An ton tnh ton: vi ngun lc my tnh gii hn v thi gian c hn (chng
hn thi gian tnh ton khng qu tui ca v tr) m ho coi nh khng th b b.
Trong trng hp ny coi nh m ha an ton v mt tnh ton. Ni chung t nay v
sau, mt thut ton m ha an ton tnh ton c coi l an ton.
2.2 Cc m th c in thay th
C hai loi m c in l m thay th v m hon v (hay cn gi l dch chuyn).
M thay th l phng php m tng k t (nhm k t) trong bn r c thay th
bng mt k t (mt nhm k t) khc to ra bn m. Bn nhn ch cn thay th
ngc li trn bn m c c bn r ban u.
Trong phng php m hon v, cc k t trong bn r vn c gi nguyn, chng
ch c sp xp li v tr to ra bn m. Tc l cc k t trong bn r hon ton
khng b thay i bng k t khc m ch o ch ca chng to thnh bn m.
Trc ht ta xt cc m c in s dng php thay th cc ch ca bn r bng cc
ch khc ca bng ch to thnh bn m.
- y cc ch ca bn r c thay bng cc ch hoc cc s hoc cc k t
khc.
- Hoc nu xem bn r nh mt dy bt, th php th thay cc mu bt bn r bng
cc mu bt bn m.
2.2.1 M Ceasar
y l m th c bit sm nht, c sng to bi Julius Ceasar. Ln u tin c
s dng trong qun s. Vic m ho c thc hin n gin l thay mi ch trong
bn r bng ch th ba tip theo trong bng ch ci.
V d:
o Meet me after the toga party
o PHHW PH DIWHU WKH WRJD SDUWB
y thay ch m bng ch ng th 3 sau m l p (m, n, o, p); thay ch e bng ch
ng th 3 sau e l h (e, f, g, h).
C th nh ngha vic m ho trn qua nh x trn bng ch ci sau: cc ch
dng di l m ca cc ch tng ng dng trn:
a b c d e f g h i j k l m n o p q r s t u v w x y z
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
V ton hc, nu ta gn s th t cho mi ch trong bng ch ci. Cc ch
dng trn c s th t tng ng l s dng di:
a b c d e f g h i j k l m
0 1 2 3 4 5 6 7 8 9 10 11 12
n o p q r s t u v w x y z
13 14 15 16 17 18 19 20 21 22 23 24 25
th m Ceasar c nh ngha qua php tnh tin cc ch nh sau:
16
c = E(p) = (p + k) mod (26)

p = D(c) = (c k) mod (26)
y, p l s th t ca ch trong bn r v c l s th t ca ch tng ng
ca bn m; k l kho ca m Ceasar. C 26 gi tr khc nhau ca k, nn c 26
kho khc nhau. Thc t di kho y ch l 1, v mi ch u tnh tin i
mt khong nh nhau.
Thm m Ceasar
l vic lm n gin, do s kho c th c l rt t.
Ch c 26 kho c th, v A ch c th nh x vo mt trong s 26 ch ci ca
bng ch ci ting Anh: A, B, C, Cc ch khc s c xc nh bng s
bc tnh tin tng ng ca A. K thm m c th th ln lt tng kho
mt, tc l s dng phng php tm duyt tng th. V s kho t nn vic
tm duyt l kh thi. Cho trc bn m, th 26 cch dch chuyn khc nhau, ta
s on nhn thng qua ni dung cc bn r nhn c.
V d. B bn m "GCUA VQ DTGCM" bng cch th cc php tnh tin khc
nhau ca bng ch, ta chn c bc tnh tin thch hp l 24 v cho bn r l "easy
to break".
2.2.2 Cc m bng ch n
By gi ta khc phc nhc im ca m Ceasar bng cch m ho cc ch khng
ch l dch chuyn bng ch, m c th to ra cc bc nhy khc nhau cho cc ch.
Trong mt m mi ch ca bn r c nh x n mt ch khc nhau ca bn m.
Do mi cch m nh vy s tng ng vi mt hon v ca bng ch v hon v
chnh l kho ca m cho. Nh vy di kho y l 26 v s kho c th
c l 26!. S kho nh vy l rt ln.
V d. Ta c bn m tng ng vi bn r trong m bng ch n nh sau:
Plain: abcdefghijklmnopqrstuvwxyz
Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext: ifwewishtoreplaceletters
Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA
- Tnh an ton ca m trn bng ch n. Tng cng c 26! xp x khong 4 x 10 26
kho. Vi kh nhiu kho nh vy nhiu ngi ngh l m trn bng ch n s an
ton. Nhng khng phi nh vy. Vn y l do cc c trng v ngn ng. Tuy
c s lng kho ln, nhng do cc c trng v tn sut xut hin ca cc ch trong
bn r v cc ch tng ng trong bn m l nh nhau, nn k thm m c th on
c nh x ca mt s ch v t m tm ra ch m cho cc ch khc. Ta s xt
kha cnh ny c th trong mc sau.
- Tnh d tha ca ngn ng v thm m. Ngn ng ca loi ngi l d tha. C
mt s ch hoc cc cp ch hoc b ba ch c dng thng xuyn hn cc b ch
cng di khc. Chng hn nh cc b ch sau y trong ting Anh "th lrd s m
shphrd shll nt wnt". Tm li trong nhiu ngn ng cc ch khng c s dng
thng xuyn nh nhau. Trong ting Anh ch E c s dng nhiu nht; sau n
cc ch T, R, N, I, O, A, S. Mt s ch rt t dng nh: Z, J, K, Q, X. Bng phng
php thng k, ta c
th xy dng cc bng cc tn sut cc ch n, cp ch, b ba ch.
17
Bng tn sut ch ci ting Anh:
S dng bng tn sut vo vic thm m

iu quan trng l m th trn bng ch n khng lm thay i tn sut
tng i ca cc ch, c ngha l ta vn c bng tn sut trn nhng i vi
bng ch m tng ng. iu c pht hin bi cc nh khoa hc Ai cp
t th k th 9. Do c cch thm m trn bng ch n nh sau:
- Tnh ton tn sut ca cc ch trong bn m
- So snh vi cc gi tr bit
- Tm kim cc ch n hay dng A-I-E, b i NO v b ba RST; v cc b t
dng JK, X-Z..
- Trn bng ch n cn xc nh cc ch dng cc bng b i v b ba tr
gip.
V d. Thm m bn m trn bng ch n, cho bn m:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEP
OPDZSZUFPOUDTMOHMQ
- Tnh tn sut cc ch
- on P v Z l e v t.
- Khi ZW l th v ZWP l the.
- Suy lun tip tc ta c bn r:
it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives in moscow
2.2.3 M Playfair
18
Nh chng ta thy khng phi s kho ln trong m bng ch n m bo

an ton m. Mt trong cc hng khc phc l m b cc ch, tc l mi ch s c
m bng mt s ch khc nhau ty thuc vo cc ch m n ng cnh. Playfair l
mt trong cc m nh vy, c sng to bi Charles Wheastone vo nm 1854 v
mang tn ngi bn l Baron Playfair. y mi ch c th c m bng mt trong
7 ch khc nhau ty vo ch cp i cng n trong bn r.
Ma trn kho Playfair. Cho trc mt t lm kho, vi iu kin trong t kho
khng c ch ci no b lp. Ta lp ma trn Playfair l ma trn c 5 x 5 da trn t
kho cho v gm cc ch trn bng ch ci, c sp xp theo th t nh sau:
- Trc ht vit cc ch ca t kho vo cc hng ca ma trn bt t hng th
nht.
- Nu ma trn cn trng, vit cc ch khc trn bng ch ci cha c s dng
vo cc cn li. C th vit theo mt trnh t qui c trc, chng hn t u bng
ch ci cho n cui.
- V c 26 ch ci ting Anh, nn thiu mt . Thng thung ta dn hai ch no
vo mt chung, chng hn I v J.
- Gi s s dng t kho MORNACHY. Lp ma trn kho Playfair tng ng nh
sau:
MONAR
CHYBD
EFGIK
LPQST
UVWXZ
M ho v gii m: bn r c m ho 2 ch cng mt lc theo qui tc nh sau:
- Chia bn r thnh tng cp ch. Nu mt cp no c hai ch nh nhau, th ta
chn thm mt ch lc chng hn X. V d, trc khi m balloon bin i thnh
ba lx lo on.
- Nu c hai ch trong cp u ri vo cng mt hng, th m mi ch bng ch
pha bn phi n trong cng hng ca ma trn kha (cun vng quanh t cui v u),
chng hn ar bin i thnh RM
- Nu c hai ch trong cp u ri vo cng mt ct, th m mi ch bng ch
pha bn di n trong cng ct ca ma trn kha (cun vng quanh t cui v u),
chng hn mu bin i thnh CM
- Trong cc trng hp khc, mi ch trong cp c m bi ch cng hng vi
n v cng ct vi ch cng cp vi n trong ma trn kha. Chng hn, hs m
thnh BP, v ea m thnh IM hoc JM (tu theo s thch)
An ton ca m Playfair:
- An ton c nng cao so hn vi bng n, v ta c tng cng 26 x 26 = 676
cp. Mi ch c th c m bng 7 ch khc nhau, nn tn sut cc ch trn bn m
khc tn sut ca cc ch ci trn vn bn ting Anh ni chung.
- Mun s dng thng k tn sut, cn phi c bng tn sut ca 676 cp thm
m (so vi 26 ca m bng n). Nh vy phi xem xt nhiu trng hp hn v
tng ng s c th c nhiu bn m hn cn la chn. Do kh thm m hn m
trn bng ch n.
- M Playfair c s dng rng ri nhiu nm trong gii qun s M v Anh
trong chin tranh th gii th 1. N c th b b kho nu cho trc vi trm ch, v
bn m vn cn cha nhiu cu trc ca bn r.
19
2.2.4 Cc m a bng
Mt hng khc lm tng an ton cho m trn bng ch l s dng nhiu bng ch
m. Ta s gi chng l cc m th a bng. y mi ch c th c m bng
bt k ch no trong bn m ty thuc vo ng cnh khi m ho. Lm nh vy tri
bng tn sut cc ch xut hin trong bn m. Do lm mt bt cu trc ca bn r
c th hin trn bn m v lm cho thm m a bng kh hn. Ta s dng t kho
ch r chn bng no c dng cho tng ch trong bn tin. S dng ln lt cc
bng theo t kha v lp li t u sau khi kt thc t kho. di kho l chu k
lp ca cc bng ch. di cng ln v nhiu ch khc nhau c s dng trong t
kho th cng kh thm m.
2.2.5 M Vigenere
M th a bng n gin nht l m Vigenere. Thc cht qu trnh m ho Vigenere l
vic tin hnh ng thi dng nhiu m Ceasar cng mt lc trn bn r vi nhiu
kho khc nhau. Kho cho mi ch dng m ph thuc vo v tr ca ch trong
bn r v c ly trong t kho theo th t tng ng.
Gi s kho l mt ch c di d c vit dng K = K 1K2Kd, trong Ki nhn
gi tr nguyn t 0 n 25. Khi ta chia bn r thnh cc khi gm d ch. Mi ch
th i trong khi ch nh dng bng ch th i vi tnh tin l K i ging nh trong m
Ceasar. Trn thc t khi m ta c th s dng ln lt cc bng ch v lp li t u
sau d ch ca bn r. V c nhiu bng ch khac nhau, nn cng mt ch cc v tr
khc nhau s c cc bc nhy khc nhau, lm cho tn sut cc ch trong bn m dn
tng i u.
Gii m n gin l qu trnh lm ngc li. Ngha l dng bn m v t kho vi cc
bng ch tng ng, nhng vi mi ch s dng bc nhy lui li v u.
V d: s dng m Vigenere vi t kha v bn r cho trc ta c th lm nh
sau:
- Vit bn r ra
- Vit t kho lp nhiu ln pha trn tng ng ca n
- S dng mi ch ca t kho nh kho ca m Ceasar
- M ch tng ng ca bn r vi bc nhy tng ng.
- Chng hn s dng t kho deceptive
key:
deceptivedeceptivedeceptive
plaintext: wearediscoveredsaveyourself
ciphertext:ZICVTWQNGRZGVTWAVZHCQYGL
m ch w u tin ta tm ch u ca kha l d, nh vy w s c m trn bng

ch tnh tin 3 (tc l a tnh tin vo d). Do ch u w c m bi ch Z. Ch
th hai trong t kha l e, c ngha l ch th hai trong bn r s c tnh tin 4 (t
a tnh tin n e). Nh vy th hai trong bn r e s c m bi ch I. Tng t nh
vy cho n ht bn r.
Trn thc t h tr m Vigenere, ngi ta to ra trang Saint Cyr tr gip
cho vic m v gii m th cng. l mt bng c 26 x 26 c tn tng ng l cc
ch ci trong bng ch ting Anh. Hng th i l tnh tin i ch ca bng ch ci. Khi
ch ct u tin chnh l kho ca bng ch cng hng. Do ch m ca mt
20
ch trong bn r nm trn cng ct vi ch v nm trn hng tng ng vi ch

kho.
ABCDEFGHIJKLMNOPQRSTUVWXYZ
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
ABCDEFGHIJKLMNOPQRSTUVWXYZ
BCDEFGHIJKLMNOPQRSTUVWXYZA
CDEFGHIJKLMNOPQRSTUVWXYZAB
DEFGHIJKLMNOPQRSTUVWXYZABC
EFGHIJKLMNOPQRSTUVWXYZABCD
FGHIJKLMNOPQRSTUVWXYZABCDE
GHIJKLMNOPQRSTUVWXYZABCDEF
HIJKLMNOPQRSTUVWXYZABCDEFG
IJKLMNOPQRSTUVWXYZABCDEFGH
JKLMNOPQRSTUVWXYZABCDEFGHI
KLMNOPQRSTUVWXYZABCDEFGHIJ
LMNOPQRSTUVWXYZABCDEFGHIJK
MNOPQRSTUVWXYZABCDEFGHIJKL
NOPQRSTUVWXYZABCDEFGHIJKLM
OPQRSTUVWXYZABCDEFGHIJKLMN
PQRSTUVWXYZABCDEFGHIJKLMNO
QRSTUVWXYZABCDEFGHIJKLMNOP
RSTUVWXYZABCDEFGHIJKLMNOPQ
STUVWXYZABCDEFGHIJKLMNOPQR
TUVWXYZABCDEFGHIJKLMNOPQRS
UVWXYZABCDEFGHIJKLMNOPQRST
VWXYZABCDEFGHIJKLMNOPQRSTU
WXYZABCDEFGHIJKLMNOPQRSTUV
XYZABCDEFGHIJKLMNOPQRSTUVW
YZABCDEFGHIJKLMNOPQRSTUVWX
ZABCDEFGHIJKLMNOPQRSTUVWXY
Bng Saint Cyr
An ton ca m Vigenere. Nh vy c ch m khc nhau cho cng mt ch ca bn

r. Suy ra tn sut ca cc ch b l phng, ngha l tn sut xut hin cc ch trn
bn m tng i u nhau. Tuy nhin cha mt hon ton, do di ca kho c
hn, nn c th to nn chu k vng lp. K thm m bt u t tn sut ca ch
xem c phi y l m n bng ch hay khng. Gi s y l m a bng ch, sau
xc nh s bng ch trong t kho v ln tm tng ch. Nh vy cn tng di
t kho tng s bng ch dng khi m l tn sut ca cc ch.
2.2.6 Phng php thm m Kasiski
Phng php pht trin bi Babbage v Kasiski. Ta thy cc ch nh nhau trn bn r
v cch nhau mt khong ng bng di t kho (chu k), th s c m bng
21
cng mt ch. Nh vy t lp ca cc ch trong bn m c th cho php xc nh

chu k. Tt nhin khng phi khi no cng tm c di t kho. Sau tm cc
ch trong t kho bng cch tn cng tng bng ch n vi cng k thut da trn
cc bng tn sut ca cc b ch nh trc.
2.3 Cc m th c in hon v
Trong cc mc trc chng ta xt mt s m thay th, cc ch ca bn r
c thay th bng cc ch khc ca bn m. By gi chng ta xt n loi m khc,
m hon v, cc ch trong bn r khng c thay th bng cc ch khc m ch thay
i v tr, tc l vic m ho ch dch chuyn v tr tng i gia cc ch trong bn
r. Nh vy, n du bn r bng cch thay i th t cc ch, n khng thay i cc
ch thc t c dng. Do bn m c cng phn b tn sut xut hin cc ch nh
bn gc. Nh vy c th thm m pht hin c.
2.3.1 M Rail Fence
y l m hon v n gin. Vit cc ch ca bn r theo ng cho trn mt s
dng. Sau c cc ch theo theo tng dng s nhn c bn m. S dng chnh l
kho ca m. V khi bit s dng ta s tnh c s ch trn mi dng v li vit bn
m theo cc dng sau ly bn r bng cch vit li theo cc ct.
V d. Vit bn tin meet me after the toga party ln lt trn hai dng nh sau
m e m a t r h t g p r y
e t e f e t e o a a t
Sau ghp cc ch dng th nht vi cc ch dng th hai cho bn m:
MEMATRHTGPRYETEFETEOAAT
2.3.2 M dch chuyn dng
M c s phc tp hn. Vit cc ch ca bn tin theo cc dng vi s ct xc nh.
Sau thay i th t cc ct theo mt dy s kho cho truc, ri c li chng theo
cc ct nhn c bn m. Qu trnh gii m c thc hin ngc li.
V d:
Key:
431 25 6 7
Plaintext: a t t a c k p
o s t po n e
d u n t i l t
wo amxy z
Ta c theo th t cc ct t 1 n 7 nhn c bn m:
Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ
2.3.2 M tch
M dng hon v hoc dch chuyn khng an ton v cc c trng tn xut ca ngn
ng khng thay i. C th s dng mt s m lin tip nhau s lm cho m kh hn.
M c in ch s dng mt trong hai phng php thay th hoc hon v. Ngi ta
22
ngh n vic kt hp c hai phng php ny trong cng mt m v c th s dng

an xen hoc lp nhiu vng. i khi ta tng lp nhiu ln cng mt loi m s to
nn m phc tp hn, nhng trn thc t trong mt s trng hp v bn cht chng
cng tng ng vi mt ln m cng loi no nh: tch ca hai php th s l
mt php th; tch ca hai php hon v s l mt php hon v. Nhng nu hai loi
m khc nhau th s to nn m mi phc tp hn, chnh v vy php th c ni
tip bng php dch chuyn s to nn m mi kh hn rt nhiu. y chnh l chic
cu ni t m c in sang m hin i.
im yu ca m c in:
Phng php m ho c in c th d dng b gii m bng cch on ch da
trn phng php thng k tn xut xut hin cc ch ci trn m v so snh vi bng
thng k quan st ca bn r.
dng c m ho c in th bn m ho v bn gii m phi thng nht vi
nhau v c ch m ho cng nh gii m. Nu khng th hai bn s khng th lm
vic c vi nhau.
2.4 Mt s vn khc.
2.4.1 My quay
Trc khi c m hin i, my quay l m tch thng dng nht. Chng c s dng
rng ri trong chin tranh th gii th hai: c, ng minh v Nht. My quay to
nn m thay th rt a dng v phc tp. Trong my c s dng mt s li hnh tr,
mi li ng vi mt php th, khi quay s thay th mi ch bng mt ch khc tng
ng. Vi 3 hnh tr khc nhau, ta c 26 x 26 x 26 = 17576 bng ch.
2.4.2 Du tin
Mt trong nhng k thut khc m bo tnh bo mt ca thng tin c gi l
du tin. y l mt s la chn dng kt hp hoc ng thi vi m. Du tin l du
s tn ti ca bn tin cn bo mt trong mt thng tin khc nh: trong bn tin di ch
dng mt tp con cc ch/t c nh du bng cch no ; s dng mc khng
nhn thy; du tin trong cc file m thanh hoc hnh nh. Cc k thut ny gn y
cng c quan tm nghin cu. Tuy nhin n c nhc im l ch du c lng
thng tin nh cc bt.
23
24
Cu hi v bi tp
Cu hi
1. Nu thut ton dng bng Saint Cyr m ha v gii m Vigenere khi bit t kha. p
dng thut ton m ha bn r sau: Network Security is very important for software
development vi t kha l COMPUTER SCIENCE
2. C bao nhiu kha Playfair khc nhau.
3. Gi s dng m dch chuyn dng vi 8 ct. Hi c bao nhiu kha khc nhau. Nu thut
ton gii m vi t kha cho trc.
Bi tp:
Bi t p 1: Cho bin an m sau dng m Ceasar
"GCUA VQ DTGCM"
Suy lun tm bn r (s dng bng ch ci ting Anh).
Bi t p 2: S dng k thut thm m bng ch n, lp bng tn sut cc ch, b ch i,
b ch ba ca an m sau:
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIVUEPHZHMDZSH
ZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOUDTMOHMQ
Lp lun v cho bit nh x ca bng ch n v a ra bn r ph hp
Bi t p 3: Tm bn m ca bn r We are studying cryptography this year s dng m
Playfair vi t kha information technology.
Bi t p 4: M ha bn r Chung toi se la nhung ky su cong nghe thong tin gioi trong mot
vai nam nua s dng t kha 631425 bng phng php Vigenere.
Bi t p 5: Cho h m Vigenere c M = 6, K = CIPHER.
a) Hy thc hi n m ha xu P = THIS IS MY TEST.
b) Hy thc hi n gii m xu M = EICJIC RTPUEI GBGLEK CBDUGV.
Bi t p
6: Cho h m Vigenere c M = 6. M ha xu P = THIS IS MY TEST ngi ta
thu c bn m l LLKJML ECVVWM.
a) Hy tm kha m ha dng ca h m trn.
b) Dng kha tm c phn trn hy gii m bn m C = KLGZWT OMBRVW.
Bi t p 7: Cho h m Vigenere c M = 6. M ha xu P = SPIRIT ngi ta thu c bn
m l OXHRZW.
a) Hy tm kha m ha dng ca h m trn.
b) Dng kha tm c phn trn hy gii m bn m C = BQETYH HMBEEW.
Bi t p 8: Cho h m Vigenere c M = 6. Gii m xu C = RANJLV ngi ta thu c
bn r l CIPHER.
a) Tm kha s dng ca h m trn.
b) Dng kha tm c phn trn hy hy gii m xu M = PLDKCI DUJQJO.
Bi t p 9: Phng php m ha thay th n gin
on vn bn sau c m ha bng cch s dng m t phng php m ha thay th n
gin. Bn r l m t phn ca m t vn bn ting Anh vit hoa, b qua cc du cu. Hy s
dng bng thng k tn sut xut hi n ca cc ch ci trong ting Anh gii m bn m
cho.
25
ODQSOCL OW GIU BOEE QRROHOCS QV GIUR KIA QF Q DQCQSLR WIR

ICL IW CQFQF EIYQE YIDJUVLR FGFVLDF GIU SLV OCVI GIUR
IWWOYL IC VXQV DICPQG DIRCOCS VI WOCP VXL JXICLF ROCSOCS
LHLRG YQEELR OF Q POFVRQUSXV YICWUFLP CQFQ BIRMLR QCP
LHLRG YQEELR QFFURLF GIU VXQV XOF IR XLR WOEL IR
QYYIUCVOCS RLYIRP IR RLFLQRYX JRIKLYV LHLRG ICL IW BXOYX
OF DOFFOCS WRID VXL YIDJUVLR FGFVLD OF QAFIEUVLEG HOVQE
S dng m t trong cc ngn ng l p trnh C, C++, Java ho c C# lm cc bi t p sau:

Bi t p 10: Vit chng trnh m tn s xut hi n ca cc ch ci ting Anh trong m t vn
bn ting Anh dng file text.
Bi t p 11: Vit chng trnh ci t thu t ton m ha v gii m ca h m Ceasar.
26
CHNG 3. C S TON HC
M u
S nguyn t, s hc ng d l c s ton hc ca l thuyt mt m, c vai tr
rt quan trng trong l thuyt mt m. Chng ny trnh by tm tt mt s kin
thc v s nguyn t v s hc ng d.
3.1 S hc trn Modulo

3.1.1 nh ngha Modulo.
Cho s t nhin n v s nguyn a. Ta nh ngha: a mod n l phn d dng
khi chia a cho n.
nh ngha quan h tng ng trn tp s nguyn
a b mod n
khi v ch khi a v b c phn d nh nhau khi chia cho n.
o V d: 100 mod 11 = 1; 34 mod 11 = 1, nn 100 34 mod 11
o S b c gi l i din ca a, nu
o
o a b mod n,
(a = qn + b)
v
0 <= b < n.
o V d: -12 mod 7 -5 mod 7 2 mod 7 9 mod 7.
y 2 l i din ca 12, -5, 2 v 9.
o Trong Modulo 7 ta c cc lp tng ng vit trn cc hng nh sau:
...
-21 -20 -19 -18 -17 -16 -15
-14 -13 -12 -11 -10 -9 -8
-7 -6 -5 -4 -3 -2 -1
0
1
2
3
4
5
6
7
8
9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31 32 33 34
...
Cc phn t cng ct l c quan h ng d vi nhau. Tp cc i din ca cc
s nguyn theo Modulo n gm n phn t k hiu nh sau:
Zn = { 0, 1, 2, 3, , n-1 }.
c s
o S b khng m c gi l c s ca a, nu c s m sao cho:
a = m.b
trong a, b, m u nguyn.
o Tc l a chia ht cho b, k hiu l b|a
27
o V d: 1, 2, 3, 4, 6, 8, 12, 24 l cc c s ca 24
3.1.2 Cc php ton s hc trn Modulo
Cho trc mt s n. Ta mun thc hin cc php ton theo Modulo ca n. Ta
c th thc hin cc php ton trn cc s nguyn nh cc php cng, nhn cc
s nguyn thng thng sau rt gn li bng php ly Modulo hoc cng c
th va tnh ton, kt hp vi rt gn ti bt c thi im no:
(a+b) mod n = [a mod n + b mod n] mod n (*)
(a.b) mod n = [a mod n . b mod n] mod n (**)
Nh vy khi thc hin cc php ton ta c th thay cc s bng cc s tng
ng theo Modulo n hoc n gin hn c th thc hin cc php ton
trn cc i din ca n: Zn = { 0, 1, 2, 3, , n-1 }.
o Cc ch v tnh cht rt gn:
nu (a+b)(a+c) mod n, th bc mod n
Nhng (ab)(ac) mod n, th bc mod n ch khi nu a l nguyn t
cng nhau vi n
V d. p dng cc tnh cht ca modulo:
17
(11*19 + 10 ) mod 7 =
17
((11*19) mod 7 + 10 mod 7) mod 7 =
17
((11 mod 7* 19 mod 7) mod 7 + (10 mod 7) mod 7) mod 7=
2222
((4.(-2)) mod 7 + (((3 ) ) ) * 3 mod 7)mod 7=
222
((-1) mod 7 + ((2 ) ) * 3 mod 7)mod 7 =
(-1 + 5) mod 7 = 4
V d: Bng Modulo 8 vi php cng
3.1.3 c s chung ln nht.
28
Bi ton. Cho hai s nguyn dng a v b. Bi ton tm c chung ln nht

ca hai s nguyn dng l bi ton chung ca l thuyt s. Ta k hiu GCD(a,
b) l c s chung dng ln nht ca a v b, tc l s nguyn dng va l
c ca a va l c ca b v l s nguyn dng ln nht c tnh cht .
V d: GCD(60,24) = 12 ; GCD (6, 15) = 3; GCD(8, 21) = 1.
Nguyn t cng nhau. Ta thy 1 bao gi cng l c s chung ca hai s

nguyn dng bt k. Nu GCD(a, b) = 1, th a, b c gi l hai s nguyn
t cng nhau:
V d: GCD(8,15) = 1, tc l 8 v 15 l hai s nguyn t cng nhau
Tm c chung ln nht. By gi chng ta xt bi ton tm c s chung ln

nht ca hai s nguyn dng cho trc. D dng chng minh c tnh cht
sau:
GCD(a,b) = GCD(b, a mod b)
Nh vy tm c s chung ca mt cp s cho trc, ta a v bi ton tm
c chung ca cp s gm s nh hn trong hai s v phn d ca s ln khi
chia cho s nh hn. Thut ton clt to nn vng lp, mi bc ta p dng
tnh cht trn cho n khi phn d cn khc 0.
Thut ton clit tm GCD(a, b)

Tnh UCLN ca 2 s nguyn
VO
: Hai s nguyn khng m a v b vi a b
RA
: CLN ca a v b.
(1)
While b 0 do
r a mod b , a b , b r
(2)
Return (a).
V d: Sau y l cc bc chia ca thut ton trn khi tnh:

4864 , 3458 38
4864 1.3458 1406
3458 2.1406 646.
1406 2.646 76
646 5.114 38
76 2.38 0
Thut ton trn c th c m rng khng nhng ch tnh c CLN ca 2
s nguyn a v b m cn tnh c cc s nguyn x v y tho mn ax by d .
Thut ton Euclide m rng:

VO
: Hai s nguyn khng m a v b vi a b
29
: d UCLN a , b v cc s nguyn x v y tho mn ax by d .
RA
(1)
Nu b 0 th t d a , x 1 , y 0 v return d, x , y
(2)
t x 2 1 , x1 0 , y 2 0 , y1 1
(3)
While b 0 do
3.1. q a mod b, r a qb, x
x2 qx1 ,
y
y2 qy1
3.2. a b , b r , x 2 x1 , x1 x , y 2 y1 , y1 y
(4)
t d a , x x 2 , y y 2 v return d, x , y
V d:
Bng sau ch ra cc bc ca thut ton trn vi cc gi tr vo
a 4864 v b 3458
Q
1
2
2
5
1
2
1406
646
114
76
38
0
1
2
5
27
32
91
1
3
7
38
45
128
a
4864
3458
1406
646
114
76
38
b
3458
1406
646
114
76
38
0
x2
1
0
1
2
5
27
32
x1
0
1
2
5
27
32
91
y2
0
1
1
3
7
38
45
y1
1
1
3
7
38
45
128
Bi vy ta c UCLN 4864 , 3458 38 v 4864 32 3458 45 38
3.2. Mt s thut ton trn Zn

3.2.1 Tm s nghch o
-
nh ngha: Phn t nghch o

Cho a Z n , Phn t nghch o (ngc theo php nhn) ca a mod n l mt s
nguyn x Z n sao cho:
a x 1 mod n
Nu x tn ti th n l duy nht, a c gi l kh nghch. Phn t nghch o ca

a c k hiu l a 1 .
- Thut ton (Tnh cc nghch o trong Z n ).
VO
: a Zn
RA
: a 1 mod n (nu tn ti).
(1) Dng thut ton Euclide m rng tm cc s nguyn x v y sao cho
ax ny d trong d a , n .
30
(2) Nu d 1 th a 1 mod n khng tn ti. Ngc li return x .

Cc bc tnh A-1 mod N
31
V d 1: n=101, a=25
V d 2: n=173, a=1024
3.2.2. Tnh A^k mod N

Tnh gi tr ca biu thc z = Ak mod n
Thut ton bnh phng v nhn
Biu din k dng nh phn blbl-1...b1b0, bi{0, 1}, 0 i l
c 0;
f 1;
for i = l downto 0
do
c 2 *c
f (f * f) mod n
if bi = 1
then c c + 1
f (f*a) mod n
return f
32
V d: Bng sau ch ra cc bc tnh ton ak mod n, vi a = 7, k = 560 =

1000110000, n = 561
i
bi
17
35
70
140
280
560
49
157
526
160
241
298
166
67
Gi tr f cui cng 1 l p s cn tm
3.3 Gii thiu l thuyt s

3.3.1 Cc s nguyn t
Nh chng ta bit s nguyn t l cc s nguyn dng ch c c s l 1 v chnh
n. Chng khng th c vit di dng tch ca cc s khc. 1 l s nguyn t,
nhng khng quan tm n n. Xt cc s nh hn 10 ta c: 2, 3, 5, 7 l s nguyn t,
v chng khng c c s khc 1 v chnh n; 4, 6, 8, 9, 10 khng phi l s nguyn
t. C th ni 2 l s chn duy nht l s nguyn t. Cc s nguyn t l trung tm
ca l thuyt s. S cc s nguyn t l v hn.
V d. Sau y l danh sch cc s nguyn t nh hn 200:
2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71
73 79 83 89 97 101 103 107 109 113 127 131 137 139 149
151 157 163 167 173 179 181 191 193 197 199
3.3.2 Phn tch ra tha s nguyn t
Mt trong nhng bi ton c bn ca s hc l phn tch ra tha s nguyn t s a,
tc l vit n di dng tch ca cc s nguyn t. Lu rng phn tch l bi ton
kh hn rt nhiu so vi bi ton nhn cc s nhn c tch.
Ta c kt lun, mi s nguyn dng u c phn tch duy nht thnh tch cc ly
tha ca cc s nguyn t:
a p
pP
V d: 91=713; 3600=243252
Thng thng tm phn tch trn, ta phi kim tra tnh chia ht cho cc s nguyn
t t nh n ln v thc hin php chia lin tip cho cc s nguyn t, ri gp thnh
ly tha ca cc s nguyn t.
3.3.3 Cc s nguyn t cng nhau v GCD
Hai s nguyn dng a v b khng c c chung no ngoi 1, c gi l nguyn t
cng nhau.
V d: 8 v 15 l nguyn t cng nhau, v c ca 8 l 1, 2, 4, 8, cn c ca 15 l 1,
3, 5, 15. Ch c 1 l c chung ca 8 v 15.
33
Ngc li c th xc nh c chung ln nht bng cch trong cc phn tch ra tha

s ca chng, tm cc tha s nguyn t chung v ly bc ly tha nh nht trong hai
phn tch ca hai s .
V d. Ta c phn tch: 300=213152 v 18=2132. Vy
GCD(18,300)=213150=6
3.3.4 nh l Ferma (nh l Ferma nh)
ap-1 mod p = 1
trong p l s nguyn t v a l s nguyn bt k khc bi ca p: GCD(a, p) = 1.
Hay vi mi s nguyn t p v s nguyn a khng l bi ca p, ta lun c
ap = a mod p
Cng thc trn lun ng, nu p l s nguyn t, cn a l s nguyn dng nh hn
p.
V d. V 5 v 7 l cc s nguyn t. 2 v 3 khng l bi tng ng ca 7 v 5, nn
theo nh l Ferma ta c
27-1 mod 7 = 1 (= 26 mod 7 = 64 mod 7= 1)
35-1 mod 5 = 1 (= 34 mod 5 = 81 mod 5= 1)
(-2)11-1 mod 11 = 1 (= 210 mod 11 = 1024 mod11 = 1)
Kt qu trn c dng trong kho cng khai. N cng c s dng kim tra
tnh nguyn t ca mt s nguyn p no , bng cch ly ngu nhin cc s a v
kim tra xem c tnh cht nu trn khng, kt lun l p nguyn t cng thuyt phc
nu php th trn ng vi nhiu ln chn ngu nhin cc s a.
3.3.5 Hm Ole
Cho n l mt s nguyn dng. Khi thc hin php tnh ng d n ca mi s nguyn
khc ta nhn c tp y cc phn d c th c l:
0, 1, 2,, n-1
T tp trn ta tm tp rt gn bao gm cc s nguyn t cng nhau vi n v quan tm
n s lng cc phn t nh vy i vi s nguyn dng n cho trc.
V d. Vi n = 10:
o Tp y cc phn d l {0,1,2,3,4,5,6,7,8,9}
o Tp rt gn cc phn d nguyn t vi 10 l {1,3,7,9}
o S cc phn t ca tp rt gn trn l gi tr ca hm Ole (n). Nh vy,
(10) = 4.
Mun tnh (n) vic m s cc s nguyn t cng nhau vi n v nh hn n
c loi b v y l bi ton tn nhiu cng sc.
Ni chung c th tnh hm le ca mt s da trn biu thc phn tch ra tha s
ca s .
o D dng thy, nu p l s nguyn t (p) = p-1
o Nu p v q l hai s nguyn t khc nhau, th

34
o c th chng minh c rng:

o (p.q) = (p-1)(q-1)
o Nu p l s nguyn t, th (pn) = pn-pn-1
o Nu s v t l hai s nguyn t cng nhau, th
(s.t) = (s).(t)
Vi d.
(37) = 37 1 = 36
(21) = (31)(71) = 26 = 12
(72) = (8.9) = (8). (9) = (23).(32) =
= (23-22)(32-31) = 4.6 = 24
3.3.6 nh l Ole
nh l Ole l tng qut ho ca nh l Ferma
a(n)mod n = 1
vi mi cp s nguyn dng nguyn t cng nhau a v n: gcd(a,n)=1.
V d.
a = 3; n = 10; (10)=4;
V vy 34 = 81 = 1 mod 10
a = 2; n =11; (11)=10;
Do 210 = 1024 = 1 mod 11
3.3.7 Kim tra tnh nguyn t

Gi s cn phi tm mt s nguyn t rt ln. Ly ngu nhin mt s ln, ta cn
phi kim tra xem s c phi l s nguyn t khng. Phng php truyn thng l
th bng php chia nh sau:
o Chia cho tt c cc s (ch cn nguyn t) nh hn hoc bng cn bc hai
ca s . Nu n khng chia ht cho s no, th l s nguyn t.
o Ch hiu qu khi xt cc s nh.
C phng php khc, m ta s xt y, s dng cc php kim tra tnh nguyn t
thng k da trn cc tnh cht
o M mi s nguyn t phi tha mn
o Nhng c mt s s khng nguyn t, gi l gi nguyn t cng tho mn
tnh cht .
C th l php kim tra da trn nh l Ferma nh sau: nu s n cn kim tra tnh
nguyn t l s nguyn t, th n s tho mn nh l Ferma i vi mi s a nh hn
n an-1 mod n = 1. Nh vy, ly ngu nhin s a v kim tra xem n c tnh cht trn
khng. Nu c th n c th l s nguyn t, nu cn tin cy ln hn, th ta kim tra
lin tip nhiu ln nh vy vi cc s ngu nhin a c chn. Sau mi ln qua c
php th, xc sut n l s nguyn t li tng ln. Ch rng
- nu bi mod n = 1,
th b2i mod n = (1)2 mod n = 1 v
- nu bi mod n = n 1,
th b2i mod n = (n - 1)2 mod n = (n2 2n +1) mod n = 1
35
Kim tra s n c l s nguyn t khng, ta ch cn xt n l l, khi n-1 l chn v

biu din n dng (n1)= 2k.q
Khi tnh an-1, ta tnh aq, sau bnh phng lin tip k ln.
Thut ton Miller - Rabin

Thut ton nh sau:
TEST (n) is:
1. Find integers k, q, k > 0, q odd, so that (n1)= 2k.q
2. Select a random integer a, 1<a<n1
3. if aq mod n = 1 then return (maybe prime");
4. for j = 0 to k 1 do
5. if (a2jq mod n = n-1)
then return(" maybe prime ")
1. return ("composite")
3.3.8 nh l phn d Trung Hoa
Trong nhiu trng hp ta mun tm cch tng tc tnh ton Modulo. Cc php
ton trn modulo cc s nh tnh nhanh nhiu so vi cc s ln. Chnh v vy nu s
ln phn tch c thnh tch ca cc s nh, tng cp nguyn t cng nhau, th ta s
c cch tnh hiu qu nh vo nh l Phn d Trung hoa.
Tnh ton trn modulo ca mt tch cc s mod M vi M= m1m2..mk
, trong GCD(mi, mj) = 1, vi mi i khc j. nh l phn d Trung Hoa cho php
lm vic trn tng modulo mi ring bit. V thi gian tnh ton cc php ton trn
modulo t l vi kch thc ca s ly modulo nn iu s nhanh hn tnh ton
trn ton b M.
C th trin khai nh l Trung Hoa theo mt s cch nh sau:
Tnh ton theo mo
dulo s ln. tnh A mod M, vi M kh ln v A l biu thc s hc no .
- Phn tch M=m1 x m2 x m3 x x mk
- Tnh Mi = M/mi vi i=1, 2,,k
Tnh ai = A mod mi. vi i=1, 2,,k
ci M i M i1 mod mi , 1 i k
- Tnh
Sau s dng cng thc
a c mod M
i 1
i i
V d. Tnh 17 mod 77. p dng nh l phn d Trung hoa, ta coi A = 178,

m1 = 7, m2 = 11. Khi M1 = 11, M2 = 7 v
36
11-1 mod 7 = 4-1 mod 7 = 2, suy ra c1 = 11*2 = 22

7-1 mod 11 = 8, suy ra c2 = 7*8 = 56
a1 = 178 mod 7 = (17 mod 7)8 mod 7 = 38 mod 7 = (32)4 mod 7 = 2
a2 = 178 mod 11 = (17 mod 11)8 mod 11 = 68 mod 11 = (62)4 mod 11 = 34 mod 11 = 4
Vy A = 178 mod 77 = (2*22 + 4*56) mod 77 = 268 mod 77 = 37 mod 77
Gii h phng trnh modulo. Cho ai = x mod mi, vi GCD(mi, mj) = 1, vi
mi i khc j. Khi ta cng p dng nh l phn d Trung Hoa tm x.
V d. Cho x 5 mod 7 v x 6 mod 11. Tm x.
p dng nh l phn d Trung hoa, ta tnh:
7-1 mod 11 = 8 v 11-1 mod 7 = 2. Nh vy
x = (5*2*11 + 6*8*7) mod (7*11) = 61 mod 77.
Cu hi v bi tp.
1. Tnh gi tr cc biu thc theo modulo sau:
8 mod 9 + 7 mod 9
8 mod 9 * 7 mod 9
5 mod 11 9 mod 11
53 mod 7
520 mod 7
5/6 mod 7
2. Tnh gi tr cc biu thc theo modulo sau
(-546) mod 13 - 347 mod 11
(1234 + 2345) mod 17
(213 * 345) mod 19
15-1 mod 101
41-1 mod 100
1435 mod 11
(235*126/13) mod 19
31130 mod 23
(23525 /17 + 12619. 397 /13) mod 29
3. Ci t thut ton clit m rng

4. Tnh hm le ca cc s nguyn sau:
12, 17, 21, 32, 36, 40, 72, 256.
8 Dng nh l Ferma v nh l Ole tnh cc biu thc sau
616 mod 17; 1516 mod 17; 95100 mod 101
74 mod 10; 95 mod 10; 1012 mod 21; 9190 mod 100;
9 Gii cc phng trnh modulo sau
x mod 11 = 3; x mod 13 = 6
y mod 51 = 11; y mod 100 = 15
z mod 12 = 5; z mod 17 = 8; z mod 23 = 11.
10 S dng nh l phn d Trung Hoa tnh gi tr cc biu thc sau
2530 mod (7*8)
37
70254 mod (11*13)

60-1 mod (11*13)
((21100 + 33-1). 4551) mod (7.9.11)
((19125 + 2551)4721 /37 mod (9.11.13)
38
CHNG 4. CHUN M D LIU (DES) V CHUN M NNG

CAO (AES)
Chng ny ta xt cc m khi hin i. y l kiu m c s dng rng ri nht
ca cc thut ton m ho. ng thi n cng c s dng kt hp vi cc th tc
khc nhm cung cp cc dch v an ton v xc thc.
Chng ta tp trung vo chun m d liu DES (Data Encryption Standards) minh
ho cho cc nguyn l m khi.
4.1 Chun m d liu (DES)

DES (Data Encryption Standards) l m khi s dng rng ri nht trn th gii trong
thi gian va qua. N c a ra nm 1977 bi NBS vn phng chun Quc gia
Hoa k (by gi l NIST - Vin chun v cng ngh Quc gia). DES l m khi vi
mi khi d liu 64 bt v dng kho di 56 bt. N c s dng rng ri v c
tranh lun k v mt an ton.
4.2.1 Lch s DES:
Cui nhng nm 1960, IBM pht trin m Lucifer, c lnh o bi Fiestel. Ban u
Lucifer s dng khi d liu 64 bt v kho 128 bt. Sau tip tc pht trin nh m
thng mi. Nm 1973 NBS yu cu xut chun m Quc gia. IBM ngh bn
sa i Lucifer, sau ny gi l DES. c cc tranh lun v thit k ca DES. V
chun ca DES c cng khai, mi ngi ng gp kin v tc , di kho v
mc an ton, kh nng thm m. Ngi ta xut chn kho 56 bt thay v 128
tng tc x l v a ra cc tiu chun thit k mt chun m d liu. Cc suy
lun v phn tch chng t rng thit k nh vy l ph hp. Do DES c s
dng rng ri, c bit trong lnh vc ti chnh.
4.2.2. Thut ton DES
M t DES:
DES m ho mt xu bit x ca bn r di 64 bng mt kho 56 bit.
Bn m nhn c cng l mt xu bit c di 64.
Thut ton tin hnh theo 3 bc:
B1: Vi bn r cho trc x, mt xu bit x 0 s c xy dng
bng cch hon v cc bit ca x theo php hon v c nh ban
u IP. Ta vit: x0 = IP(x) = L0R0, trong L0 gm 32 bit u
v R0 l 32 bit cui.
B2: Sau tnh ton 16 ln lp theo mt hm xc nh. Ta s
tnh LiRi, 1 i 16 theo quy tc sau:
Li = Ri-1; Ri = Li-1 f(Ri-1, ki)
Trong :
l php loi tr ca hai xu bit
f l mt hm s c m t sau
k1, k2, , k16 l cc xu bit c di 48 c tnh nh 1
hm ca kha k (ki chnh l mt php chn hon v bit
trong k).
Mt vng ca php m ha c m t nh sau:
39
B3: p dng php hon v ngc IP-1 cho xu bit R16L16, ta

thu c bn m y. Tc l y = IP -1(R16L16) . Hy ch th t
o ca L16 v R16
M t hm f:
Hm f c 2 bin vo:
Xu bit A c di 32
Xu bit J c di 48
u ra ca f l xu bit c di 32.
Cc bc thc hin:
B1: Bin th nht A c m rng thnh mt xu bit
di 48 theo mt hm m rng c nh E. E(A) gm 32 bit
ca A (c hon v theo cch c nh) vi 16 bit xut
hin hai ln.
B2: Tnh E(A) J v vit kt qu thnh mt chui 8 xu
6 bit l B1B2B3B4B5B6B7B8.
B3: Bc tip theo dng 8 bng S 1S2,,S8 ( c gi l
cc hp S ). Vi mi Si l mt bng 416 c nh c cc
hng l cc s nguyn t 0 n 15. Vi xu bit c di 6
(k hiu Bi = b1 b2 b3 b4 b5 b6), ta tnh Sj(Bj) nh sau:
(0 r 3)
Hai bit b1b6 xc nh biu din nh phn hng r

ca Sj
Bn bit (b2 b3 b4 b5) xc nh biu din nh phn
ca ct c ca Sj (0 c 15).
Khi Sj(Bj) s xc nh phn t Sj(r, c) ; phn t
ny vit di dng nh phn l mt xu bit c
di 4
Bng cch tng t tnh cc C j = Sj(Bj) , (1 j
8).
40
B4: Xu bit C = C1 C2 C8 c di 32 c hon v theo php hon v c

nh P. Xu kt qu l P(C) c xc nh l f(A, J).
Php hon v ban u IP:
Bng ny c ngha l bit th 58 ca x l bit u tin ca IP(x); bit th

50 ca x l bit th 2 ca IP(x)
-1
Php hon v ngc IP :
Hm m rng E c xc nh theo bng sau:
41
Tm hp S:
Ct
[0]
[1]
[2]
[3]
[0]
[1]
[2]
[3]
[0]
[1]
[2]
[3]
[0]
[1]
[2]
[3]
[0]
[1]
[2]
[3]
[0]
[1]
[2]
Hng
[0] [1] [2] [3] [4] [5] [6] [7] [8] [9]
S1
14 4
13 1
2
15 11 8
3
10
0
15 7
4
14 2
13 1
10 6
4
1
14 8
13 6
2
11 15 12
15 12 8
2
4
9
1
7
5
11
S2
15 1
8
14 6
11 3
4
9
7
3
13 4
7
15 2
8
14 12 0
0
14 7
11 10 4
13 1
5
8
13 8
10 1
3
15 4
2
11 6
S3
10 0
9
14 6
3
15 5
1
13
13 7
0
9
3
4
6
10 2
8
13 6
4
9
8
15 3
0
11 1
1
10 13 0
6
9
8
7
4
15
S4
7
13 14 3
0
6
9
10 1
2
13 8
11 5
6
15 0
3
4
7
10 6
9
0
12 11 7
13 15 1
3
15 0
6
10 1
13 8
9
4
S5
2
12 4
1
7
10 11 6
8
5
14 11 2
12 4
7
13 1
5
0
4
2
1
11 10 13 7
8
15 9
11 8
12 7
1
14 2
13 6
15
S6
12 1
10 15 9
2
6
8
0
13
10 15 4
2
7
12 9
5
6
1
9
14 15 5
2
8
12 3
7
0
42
[10] [11] [12] [13] [14] [15]

6
12
9
3
12
11
7
14
5
9
3
10
9
5
10
0
0
3
5
6
7
8
0
13
2
1
12
7
13
10
6
12
12
6
9
0
0
9
3
5
5
11
2
14
10
5
15
9
12
5
2
14
7
14
12
3
11
12
5
11
4
11
10
5
2
15
14
2
8
1
7
12
8
2
3
5
5
12
14
11
11
1
5
12
12
10
2
7
4
14
8
2
15
9
4
14
3
15
12
0
15
10
5
9
13
3
6
10
0
9
3
4
14
8
0
5
9
6
14
3
3
13
4
4
14
10
14
0
1
7
11
13
5
3
11
11
8
6
[3]
12
15
10
[0]
[1]
[2]
[3]
4
13
1
6
11
0
4
11
2
11
11
13
14
7
13
8
15
4
12
1
0
9
3
4
8
1
7
10
13
10
14
7
[0]
[1]
[2]
[3]
13
1
7
2
2
15
11
1
8
13
4
14
4
8
1
7
6
10
9
4
15
3
12
10
11
7
14
8
1
4
2
13
11
S7
3
14
10
9
S8
10.
12
0
15
14
13
12
3
15
5
9
5
6
0
7
12
8
15
5
2
0
14
10
15
5
2
6
8
9
3
1
6
2
12
9
5
6
12
3
6
10
9
14
11
13
0
5
0
15
3
0
14
3
5
12
9
5
6
7
2
8
11
Php hon v P:
4.2.3. Qu trnh sinh kho.
T kho m 64 bit ban u sinh ra 16 kho con ng vi tng vng theo s

sau:
..
Sinh kho con.

43
Kho ban u nhp vo l mt chui 64 bit, trong vng u tin kho 64 bit
c cho qua hp PC-1(Permuted Choice) hon v c la chn thnh kho
56 bit.
Hp PC-1.
Theo , bit th 57 tr thnh bit u tin, bit th 49, 41, 33, ln lt l cc

bit tip theo, v bit th 4 tr thnh bit cui cng ca chui kho.
Tip theo chia i kho 56 bit thnh hai na tri v phi, mi na ny s
c dch vng sang tri 1 hoc 2 bit tu mi vng theo quy tc sau:
Sau khi dch, hai na ca kho li c ghp li ri cho vo hp PC-2 tip

tc hon v c la chn thnh kho 48 bit v chnh l kho con cho vng
tng ng.
Hp PC-2.
Kho i qua PC-2 th bit th 14 tr thnh bit u tin, cc bit th 17, 11, 24,
l cc bit tip theo, bit th 32 l bit cui cng ca kho con.
44
4.2.4 Tnh cht ca DES

Tc dng ng lot. Khi ta thay i 1 bit trong kho s gy ra tc ng ng
lot lm thay i nhiu bit trn bn m. y l tnh cht mong mun ca kho
trong thut ton m ho. Nu thay i 1 bt u vo hoc kho s ko theo thay
i mt na s bt u ra. Do khng th on kho c. Co th ni rng
DES th hin tc ng ng lot mnh.
Sc mnh ca DES kch thc kho.
di ca kho trong DES l 56 bt c 2 56 = 7.2 x 1016 gi tr khc nhau. y
l con s rt ln nn tm kim duyt rt kh khn. Cc thnh tu gn y ch ra
rng thi gian cn thit gii mt trang m DES m khng bit kho l: sau
mt vi thng trn Internet trong nm 1997; mt vi ngy trn thit b phn
cng tng cng trong nm 1998; sau 22 gi nu kt hp cc bin php trong
nm 1999. Nh vy vn c th on c bn r sau mt khong thi nht
nh, nu c ngun lc my tnh mnh. Chnh v vy by gi ngi ta xt
mt vi bin th ca DES nhm nng cao sc mnh cho DES.
Sc mnh ca DES tn cng thi gian.
y l dng tn cng vo ci t thc t ca m. y s dng hiu bit v
qu trnh ci t thut ton m suy ra thng tin v mt s kho con hoc mi
kho con. c bit s dng kt lun l cc tnh ton chim khong thi gian
khc nhau ph thuc vo gi tr u vo ca n. Do k thm m theo di
thi gian thc hin m phn on v kho. C th k thm m sng to ra cc
loi card thng minh phn on kho, m cn phi bn bc thm v chng.
Sc mnh ca DES tn cng thm m.
C mt s phn tch thm m trn DES, t xut xy dng mt s cu
trc su v m DES. Ri bng cch thu thp thng tin v m, c th on bit
c tt c hoc mt s kho con ang dng. Nu cn thit s tm duyt nhng
kho cn li. Ni chung, l nhng tn cng da trn phng php thng k
bao gm: thm m sai phn, thm m tuyn tnh v tn cng kho lin kt.
Thm m sai phn
Mt trong nhng thnh tu cng khai gn y trong thm m l phng php
thm m sai phn. N c bit n bi NSA trong nhng nm 70, chng hn
trong thit k DES. Murphy, Birham v Shamir cng b phng php sai phn
nm 1990. y l phng php mnh phn tch m khi. N s dng phn
tch hu ht cc m khi hin ti vi mc thnh cng khc nhau. Nhng
DES c th khng c li cc tn cng . Thm m sai phn l tn cng thng
k chng li cc m Fiestel. M Fiestel dng cc cu trc m cha c s
dng trc kia nh thit k S-P mng c u ra t hm f chu tc ng bi c
u vo v kho. Do khng th tm li c gi tr bn r m khng bit
kho.
Thm m sai phn so snh hai cp m c lin quan vi nhau
o Vi s khc bit bit u vo
o Kho st s khc bit u ra
o Khi vi cng kho con c dng
o Trong cng thc sau vi hai u vo khc nhau, v tri l s khc bit
m cng vng th i c biu din qua s khc bit m vng trc
i-1 v s khc bit ca hm f trong ngoc vung.
45
mi 1 mi 1 mi'1
'
m i-1 f (mi , K i ) mi-1
f (mi' , K i )
=mi-1
S khc bit u vo cho s khc bit u ra vi mt xc sut cho trc.

o Nu tm c mt th hin u vo - u ra vi xc sut cao th c
th lun ra kho con c s dng trong vng
o Sau c th lp li cho nhiu vng (vi xc sut gim dn)
Cp ng cho bt kho nh nhau
Cp sai cho gi tr ngu nhin
o i vi s vng ln, xc sut c nhiu cp u vo 64 bt tho
mn yu cu l rt nh.
o Birham v Shamir ch ra rng lm nh th no cc c trng lp
ca 13 vng c th b c DES 16 vng y .
o Qui trnh thm m nh sau: thc hin m ho lp li vi cp bn r
c XOR u vo bit trc cho n khi nhn c XOR u ra
mong mun
o Khi c th tm c
nu vng trung gian tha mn XOR yu cu th c cp ng
nu khng th c cp sai, t l sai tng i cho tn cng
bit trc da vo thng k.
o Sau c th to ra cc kho cho cc vng theo suy lun sau
Thm m tuyn tnh
y l mt pht hin mi khc. N cng dng phng php thng k.
y cn lp qua cc vng vi xc sut gim, n c pht trin bi Matsui
v mt s ngi khc vo u nhng nm 90. C s ca phng php da
trn tm xp x tuyn tnh. V c nhn nh rng c th tn cng DES vi
247 bn r bit. Nh vy thm m tuyn tnh vn khng kh thi trong
thc t.
o Tm xp x tuyn tnh vi xc sut p !=
P[i1,i2,...,ia] (+) C[j1,j2,...,jb] = K[k1,k2,...,kc]
trong ia, jb, kc l cc v tr bit trong bn r, m, kho.
o iu kin trn cho phng trnh tuyn tnh ca cc bt kho.
nhn c 1 bt kho s dng thut ton ln cn tuyn tnh
o S dng mt s ln cc phng trnh th nghim. Hiu qu cho bi
|p 1/2|
Trong qu trnh tm hiu DES ngi ta h thng li cc tiu chun thit
k DES. Nh bo co bi Copperscmith trong [COPP94]:
o C 7 tiu chun i vi S box c cung cp m bo
tnh phi tuyn tnh
chng tham m sai phn
Ri lon tt
o C 3 tiu chun cho hon v P tng khuch tn
46
4.2.5 Cc kiu thao tc ca DES

M khi m cc block c kch thc c nh. Chng hn DES m cc block 64 bt vi
kho 56 bt Cn phi c cch p dng vo thc t v cc thng tin cn m c kch
thc ty . Trc kia c 4 kiu thao tc c nh ngha cho DES theo chun ANSI:
ANSI X3.106-1983 Modes of Use. By gi m rng thm c 5 cch cho DES v
chun m nng cao (AES Advanced Encryption Standards). Trong c kiu p
dng cho khi v c kiu p dng cho m dng.
1. Sch mt m in t (Electronic Codebook Book - ECB)
2. Dy chuyn m khi (Cipher Block Chaining - CBC)
3. M phn hi ngc (Cipher FeedBack - CFB)

4. Phn hi ngc u ra (Output FeedBack - OFB)
5. B m CTR (Counter)
( bit r ni dung ca tng kiu thao tc, c gi xem thm gio trnh William
Stallings Cryptography and Network Security: Principles and Practice)
4.3. Double DES v Triple DES

4.3.1 Double DES
S :
M ha: C DESK 2 DESK1 M
1
1
Gii m: M DESK1 DESK 2 C
Mc d c 256 s la chn cho kha K1 v 256 s la chn i vi kha K 2 .
iu ny dn ti c 2112 s la chn cho cp kha K1 , K 2 nhng sc mnh ca

DES bi hai khng ln ti mc nh vy.
47
4.3.2 Triple DES

DES bi hai c th b tn cng bng cch thm m t hai pha theo xut ca
Diffie Hellman. khc phc yu im ny ngi ta xy dng TDES vi hai
kha K1 v K 2 nh sau:
1
M ha: C DESK1 DESK 2 DESK1 M
1
1
Gii m: M DESK1 DESK 2 DESK1 C
Vi TDES vic tm kim vt cn yu cu khong 2112

TDES, bi vy trn thc t kh c th thm m thnh cng.
5,1923.1033
php tnh
4.4 Chun m nng cao (AES)

4.4.1 Ngun gc
R rng cn phi thay th DES, v c nhng tn cng v mt l thuyt c th b c
n. Mt s tn cng nghin cu thu o kho c trnh din. Ngi ta thy rng,
cn s dng Triple DES (s dng DES ba ln lin tip) cho cc ng dng i hi tng
cng bo mt, nhng qu trnh m v gii m chm, ng thi vi khi d liu nh.
Do Vin chun quc gia Hoa k US NIST ra li ku gi tm kim chun m mi
vo nm 1997. Sau c 15 c c chp nhn vo thng 6 nm 1998. V c
rt gn cn 5 ng c vin vo thng 6 nm 1999. n thng 10 nm 2000, m
Rijndael c chn lm chun m nng cao v c xut bn l chun FIPS PUB 197
vo 11/2001.
Yu cu ca AES
L m khi i xng kho ring.
Kch thc khi d liu 128 bit v di kho l ty bin: 128, 192 hoc 256
bit.
48
Chun m mi phi mnh v nhanh hn Triple DES. M mi c c s ls thuyt

mnh thi gian sng ca chun khong 20-30 nm (cng thm thi gian lu
tr).
Khi a ra thnh chun yu cu cung cp chi tit thit k v c t y .
m bo rng chun m mi ci t hiu qu trn c C v Java.
NIST in rt gn mi xut, phn tch v khng phn loi.
4.4.2 Tiu chun trin khai ca AES
Tiu chun ban u:
o An ton - chng mi tn cng thm m v thc t
o Gi tr v mt tnh ton
o Cc c trng ci t v thut ton.
Tiu chun cui cng:
o An ton tng th
o D ci t phn mm v phn cng
o Chng c tn cng v mt ci t
o Mm do trong m / gii m, kho v cc yu t khc
Danh sch cc ng c vin Chun m nng cao c rt gn:
o MARS (IBM): phc tp, nhanh, bin tin cy cao
o RC6 (USA): n gin, rt nhanh, bin tin cy thp
o Rijndael (B): r rng, nhanh, bin tin cy tt
o Serpent (Chu u): chm, r rng, bin tin cy rt cao
o Twofish (USA): phc tp, rt nhanh, bin tin cy cao
Sau tc phn tch v nh gi. Tp trung vo vic so snh cc thut ton
khc nhau:
o t vng nhng phc tp vi nhiu vng n gin hn.
o Nu r ci tin cc m c vi cc xut mi.
4.4.3 Chun m nng cao AES Rijndael
Cui cng Rijndael c chn l chun m nng cao. N c thit k bi Rijmen
Daemen B, c cc c trng sau:
C 128/192/256 bit kho v 128 bit khi d liu.
Lp hi khc vi Fiestel
o Chia d liu thnh 4 nhm 4 byte
o Thao tc trn c khi mi vng
o Thit k :
chng li cc tn cng bit
tc nhanh v nn m trn nhiu CPU
n gin trong thit k
X l khi d liu 128 bit nh 4 nhm ca 4 byte: 128 = 4*4*8 bit. Mi nhm
nm trn mt hng. Ma trn 4 hng, 4 ct vi mi phn t l 1 byte coi nh
trng thi c x l qua cc vng m ho v gii m.
Kho m rng thnh mng gm 44 t 32 bit w[i].
C ty chn 9/11/13 vng, trong mi vng bao gm
o Php th byte (dng mt S box cho 1 byte)
49
o
o
o
o
Dch hng (hon v byte gia nhm/ct)

Trn ct (s dng nhn ma trn ca cc ct)
Cng kho vng (XOR trng thi d liu vi kho vng).
Mi php ton c thc hin vi XOR v bng tra, nn rt nhanh v
hiu qu.
Cu hi v bi tp
1. Lp s khi m ho DES. Nu cc c trng ca DES.
2. Lp s khi m ho AES. Nu cc c trng ca AES.
3.. M t cc c trng m khi, chun m DES, chun m nng cao
AES.
50
CHNG 5. M CNG KHAI V QUN L KHO

5.1 M kho cng khai
M kho ring: M kho ring cn c gi l m kho n hay mt. y
ch dng mt kho, dng chung c ngi nhn v ngi gi. Khi kho ny c
dng, vic trao i thng tin v kho s c tha thun trc.
Ngi ta cn gi y l m i xng, v hai i tc c vai tr nh nhau. Do
khng bo v ngi gi khi vic ngi nhn gi mo mu tin v tuyn b l n c
gi bng ngi gi. Ngha l khi hai ngi dng m i xng, th h gi c b mt
ni dung trao i, nhng bn thn mu tin khng mang thng tin xc thc c ngi
gi.
5.1.1 M kho cng khai

Kho cng khai ra i vo u nhng nm 1970. C th ni y l bc tin
quan trng nht trong lch s 3000 nm m ho. y ngi ta s dng 2 kho: mt
kho ring v mt kho cng khai. Hai kho ny khc nhau, khng i xng vi
nhau, do m kho cng khai, cn c gi l m khng i xng. Ngi ta ng
dng mt cch thng minh cc kt qu ca l thuyt s v hm s.
Kho cng khai ra i h tr thm gii quyt mt s bi ton an ton, ch khng
phi thay th kho ring. C hai kho cng tn ti, pht trin v b sung cho nhau.
Kho cng khai/hai kho/khng i xng bao gm vic s dng 2 kho:
o Kho cng khai, m mi ngi u bit, c dng m ho mu tin v kim
chng ch k.
o Kho ring, ch ngi nhn bit, gii m bn tin hoc to ch k.
o L khng i xng v nhng ngi m ho v kim chng ch k khng th gii
m hoc to ch k.
S m kho cng khai
51
5.1.2 Ti sao li phi dng m kho cng khai

Ngi ta mun gii quyt hai vn sau v kho ny sinh trong thc t:
o Phn phi kho - lm sao c th phn phi kha an ton m khng cn
trung tm phn phi kho tin cy
o Ch k in t - lm sao c th kim chng c rng mu tin gi n
nguyn vn t ng ngi ng tn gi.
Nu ch dng kho i xng, th khng c gii php cho hai bi ton trn. M kho
cng khai c pht minh trc cng chng bi hai nh bc hc Whitfield Diffie &
Martin Hellman trng i hc Stanford vo nm 1976.
Tuy nhin khi nim ban u v n c bit n sm hn bi cng ng cc nh
khoa hc.
5.1. 3 Cc c trng ca kho cng khai
Cc thut ton kho cng khai dng 2 kho vi cc c trng sau:
o Khng c kh nng tnh ton tm kho gii m nu ch bit thut ton
m v kho dng m.
o C th d dng m ho hoc gii m mu tin nu bit kho tng ng
o Trong mt s s : mt kho bt k trong hai kho c th dng m, cn
kho kia dng gii m. Chng c vai tr i ngc nhau.
5.1.4 ng dng kho cng khai

C th phn loi cc ng dng ca kho cng khai thnh 3 loi khc nhau:
o M/gii m cung cp bo mt. y l ng dng bo mt truyn thng
ging nh ta vn thng dng vi kho i xng.
o Ch k in t - cung cp xc thc. Mt trong cc ng dng mi ca kho
cng khai m kho i xng khng th thc hin c, l kho cng
khai c c s xc nhn ngi gi v c th l mt la chn to
ch k in t ca ngi gi.
Mt s thut ton m cng khai ph hp vi mi ng dng, cn mt s khc chuyn
dng cho ng dng c th.
52
5.1.5 Tnh an ton ca cc s kho cng khai

Cng ging nh kho ring vic tm kim vt cn lun lun c th, tc l khi bit mt
trong hai kho v thut ton m ho v nguyn tc ta c th d tm kho th hai bng
cch tnh ton cc gi tr lin quan. Ni chung khi lng cn tnh ton l rt ln do
phc tp ca bi ton xc nh kho. Nu kho s dng l rt ln c hn 512 bit,
th hu nh bi ton tm kho th hai l khng kh thi, khng th thc hin c
trong thi gian c ngha, cho d ngun lc c th rt ln.
Tnh an ton da trn s khc bit ln gia cc bi ton d l m/gii m khi bit
kho v bi ton kh l thm m khi khng bit kho tng ng. V bi ton thm
m nm trong lp cc bi ton kh tng qut hn c bit n v v mt l thuyt
c chng minh l n rt kh c th thc hin trn thc t. Bi v n i hi s
dng s rt ln, nn s php ton cn thc hin l rt nhiu. y l tng chnh
to nn mt m cng khai. Ta tm kim cc bi ton m nu bit thng tin mt no
c che du th n rt d thc hin, cn nu khng th n thuc lp bi ton rt kh
gii, hu nh khng th gii trn thc t.
M cng khai thng chm hn kh nhiu so vi m i xng, nn n thng c
dng m nhng thng tin nh quan trng.
5.2 H mt m RSA
RSA l m cng khai c sng to bi Rivest, Shamir & Adleman MIT (Trng
i hc Cng ngh Massachusetts) vo nm 1977. RSA
l m cng khai c bit n nhiu nht v s dng rng ri nht hin nay. N da
trn cc php ton ly tha trong trng hu hn cc s nguyn theo modulo nguyn
t. C th, m ho hay gii m l cc php ton lu tha theo modulo s rt ln. Vic
thm m, tc l tm kho ring khi bit kho cng khai, da trn bi ton kh l phn
tch mt s rt ln ra tha s nguyn t. Nu khng c thng tin g, th ta phi ln
lt kim tra tnh chia ht ca s cho tt c cc s nguyn t nh hn cn ca n.
y l vic lm khng kh thi.
Ngi ta chng minh c rng, php ly tha cn O((log n)3) php ton, nn c
th coi ly tha l bi ton d.
Cn ch rng y ta s dng
cc s rt ln khong 1024 bit, tc l c 10 350. Tnh an ton da vo kh ca bi
ton phn tch ra tha s cc s ln. Bi ton phn tch ra tha s yu cu O(e log n
log log n) php ton, y l bi ton kh.
5.2.1 Khi to kho RSA
Mi ngi s dng to mt cp kho cng khai ring nh sau:
Chn ngu nhin 2 s nguyn t ln p v q
Tnh s lm modulo ca h thng: N = p.q
o Ta bit N)=(p-1)(q-1)
o V c th dng nh l Trung Hoa gim bt tnh ton
Chn ngu nhin kho m e
o Trong 1<e< N), gcd(e,(N))=1
53
Gii phng trnh sau tm kho gii m d sao cho

o e.d=1 mod (N) vi 0d (N)
In kho m cng khai KU={e,N}
Gi kho ring b mt KR={d,p,q}
5.2.2 S dng RSA
m ho mu tin, ngi gi:
o ly kho cng khai ca ngi nhn KU={e,N}
o Tnh
C=Me mod N, trong 0M<N
gii m ho bn m, ngi s hu nhn:

o S dng kha ring KR={d,p,q}
o Tnh M=Cd mod N
Lu rng bn tin M < N, do khi cn chia khi bn r.
C s ca RSA
Theo nh l Ole
o a(n)mod N = 1 trong gcd(a,N)=1
o Ta c N=p.q
o (N)=(p-1)(q-1)
o e.d=1 mod (N)
o e.d=1+k.(N) i vi mt gi tr k no .
Suy ra
o Cd = (Me)d = M1+k.(N) = M1.(M(N))k suy ra
o
Cd
modN = M1.(1)k modN = M1 modN = M modN
V d
1. Chn cc s nguyn t: p=17 & q=11.
2. Tnh n = pq,
n = 1711=187
3. Tnh (n)=(p1)(q-1)=1610=160
4. Chn e : gcd(e,160)=1; Ly e=7
5. Xc nh d: de=1 mod 160 v d < 160
Gi tr cn tm l d=23, v 237=161= 10160+1
6. In kho cng khai KU={7,187}
54
7. Gi kho ring b mt KR={23,17,11}

V d p dng m RSA trn nh sau:
Cho mu tin M = 88 (vy 88<187)
M C = 887 mod 187 = 11
Gii m M = 1123 mod 187 = 88
C th dng nh l phn d Trung Hoa gii m cho nhanh nh sau:
a. Tnh 1123 mod 11 = 0
b. Tnh 1123mod 17 = (-6)23 mod 17 = (-6)16(-6)4 (-6)2 (-6) mod 17 = 3
V (-6)2 mod 17 = 2, nn (-6)4 mod 17 = 4, (-6)8 mod 17 = -1
(-6)16 mod 17 = 1
c. 11-1 mod 17 = (-6)-1 mod 17 = 14 nn c2 = 11(11-1 mod 17) = 11 (14 mod
17) = 154
d. Vy M = (3.154) mod 187 = 462 mod 187 = 88
5.2.3 Ly tha
Trong cc bi ton m ho cng khai, chng ta s dng nhiu php ton ly tha vi
s m ln. Nh vy cn c thut ton nhanh hiu qu i vi php ton ny. Trc
ht ta phn tch s m theo c s 2, xt biu din nh phn ca s m, sau s dng
thut ton bnh phng v nhn. Khi nim c da trn php lp c s bnh
phng v nhn nhn c kt qu mong mun. phc tp ca thut ton l
O(log2 n) php nhn i vi s m n.
V d:
75 = 74.71 = 3.7 = 10 mod 11
v 72 = 7.7 = 49 = 5 mod 11
74 = 72.72 = 5.5 = 3 mod 11
3129 = 3128.31 = 5.3 = 4 mod 11
Phn tch s m theo c s 2

Trc ht ta chuyn s m t c s 10 sang c s 2: (11) 10 = (1011)2. Sau tnh ton
nh sau:
M11 = M1.2^3 + 0.2^2+ 1.2^1 + 1.2^0

= (M1.2^2 + 0.2^1+ 1.2^0 )2M
= (M1.2^1 + 0.2^0)2M)2M
= ((M2)2 M)2M
5.2.4 M hiu qu:
M s dng ly tha ca kho cng khai e, nu gi tr ca e nh th tnh ton s
nhanh, nhng d b tn cng. Thng chn e nh hn hoc bng 65537 (2 16-1), tc
l di kho cng khai l 16 bit. Chng hn trong v d trn ta c th la chn e =
23 hoc e = 7. Ta c th tnh m ho nhanh, nu bit n=pq v s dng nh l phn
d Trung Hoa vi mu tin M theo cc Modulo p v q khc nhau. Nu kho cng khai
e c nh th cn tin tng rng khi chn n ta lun c gcd(e,(n)) = 1. Loi b mi
p, q m lm cho (n) khng nguyn t cng nhau vi e.
55
5.2.5 Gii m hiu qu:

C th s dng nh l phn d Trung Hoa tnh theo mod p v q, sau kt hp
li tm ra bn r. V y ngi s dng kho ring bit c p v q, do c th
s dng k thut ny. Nu s dng nh l phn d Trung Hoa gii m th hiu qu
l nhanh gp 4 ln so vi gii m tnh trc tip.
5.2.6 Sinh kho RSA
Ngi s dng RSA cn phi xc nh ngu nhin 2 s nguyn t rt ln, thng
thng khong 512 bit. Do vic sinh ra ngu nhin p, q v kim tra xc sut tnh
nguyn t ca chng c nhiu gii php khc nhau vi tin cy cao. Sau khi chn
c mt kho e hoc d nguyn t cng nhau vi (n), d dng tnh c kho kia
chnh l s nghch o ca n qua thut ton Euclide m rng.
5.2.7 An ton ca RSA
Trn thc t c nhiu cch tn cng khc nhau i vi m cng khai RSA nh sau:
Tm kim kho bng phng php vt cn, phng php ny khng kh thi vi kch
thc ln ca cc s hoc tn cng bng ton hc da vo kh vic tnh (n)
bng cch phn tch n thnh hai s nguyn t p v q hoc tm cch tnh trc tip
(n). Trong qu trnh nghin cu vic thm m ngi ta xut kiu tn
cng thi gian trong khi gii m, tc l cn c vo tc m ho v gii m cc mu
tin cho trc m phn on cc thng tin v kho. Cui cng c nhng nghin cu
tn cng RSA vi iu kin bit trc bn m cho trc. Cu th nh sau:
Bi ton phn tch
Tn cng ton hc c 3 dng
o Phn tch N = p.q, sau tnh (N) v d
o Tm n trc tip (N) v tnh d
o Tm d trc tip
Hin ti tin rng tt c u tng ng vi bi ton phn tch
o C cc bc tin chm theo thi gian
o Hin ti cho rng RSA 1024 hoc 2048 l an ton
Tn cng thi gian
o Pht trin vo gia nm 1990
o Paul Kocher ch ra rng k thm m c th xc nh c kho ring nu
theo di thi gian my tnh cn gii m cc bn tin.
o Tn cng thi gian khng ch p dng cho RSA, m c vi cc h m cng
khai khc.
o Tn cng thi gian ging nh k cp on s in thai bng cch quan
st mt ngi no trong bao lu chuyn quay in thoi t s ny sang
s khc.
Tn cng bn m chn trc
o RSA c im yu vi tn cng bn m chn trc
o K tn cng chn bn m v on bn r c gii m
o Chn bn m khm ph RSA cung cp thng tin thm m
o C th tnh vi b m ngu nhin ca bn r
o Hoc s dng b m m ho phn xng.
56
5.3 Qun l kho

5.3.1 Phn phi kho
M kho cng khai gip gii bi ton phn phi kho, y l nhu cu cp bch cn
phi to ra mt c ch chia s kho trong mi trng thng xuyn trao i thng tin
v thng xuyn thay i kho. N bao gm hai kha cnh sau:
o Phn phi kho mt cch cng khai nhng m bo c b mt.
o S dng m kho cng khai phn phi kho mt (cn kho mt dng
m ho thng tin).
5.3.2 Phn phi kho cng khai c th xem xt c s dng vo mt trong
nhng vic sau:
o Thng bo cng khai kho ca ngi s dng.
o Th mc truy cp cng cng cho mi ngi.
o Ch quyn kho cng khai, ngi nm gi kho cng khai.
o Chng nhn kho cng khai, kho cng khai ca ngi s dng c ni
c thm quyn chng nhn.
Thng bo cng khai
Ngi dng phn phi kho cng khai cho ngi nhn hoc thng bo rng ri
cho cng ng. Chng hn nh ngi s dng c th t b sung kho PGP vo
th in t hoc gi cho nhm chia s tin hoc mt danh sch th in t.
im yu chnh ca thng bo cng khai l mo danh: mt ngi no c th
to kho v tuyn b mnh l mt ngi khc v gi thng bo cho mi ngi
khc. Cho n khi gi mo b pht hin th k mo danh c th la trong vai tr
ngi khc
Th mc truy cp cng cng
Dng th mc truy cp cng cng c th t c tnh an ton cao hn bng cch
ng k kho vi th mc cng cng ng ti v chia s cho mi ngi.
Th mc cn c m bo tin cy vi cc tnh cht sau:
o Cha vic nhp tn v kho cng khai
o Ngi dng ng k mt vi Th mc
o Ngi dng c th thay kho bt c lc no
o Th mc c in nh k
o Th mc c th truy cp qua mng
M hnh trn vn cn c cc l hng k xm nhp sa hoc gi mo khi vo h
thng.
Ch quyn kho cng khai
y l bc ci thin tnh an ton bng kim sot cht ch tp trung vic phn phi
kho t Th mc. N bao gm cc tnh cht ca mt Th mc nh nu phn
trc v i hi ngi dng bit kho cng khai ca Th mc . Sau ngi dng
nhn c bt k kho cng khai mong mun no mt cch an ton, bng cch truy
cp thi gian thc n Th mc khi cn n kho. Tuy nhin yu cu truy cp thi
gian thc l mt nhc im ca cch phn phi kho ny. C th trong kch bn sau
hai ngi s dng chia s kho cng khai ca mnh cho nhau thng qua vic s dng
kho cng khai ca Ch quyn nhn c kho cng khai ca i tc v trao i
qua li khng nh ngi ny bit thng tin ca ngi kia.
57
Chng nhn kho cng khai

Chng nhn cho php trao i kho khng cn truy cp thi gian thc n Ch quyn
th mc kho cng khai. lm vic chng nhn tri danh tnh ca ngi s dng
vi kho cng khai ca anh ta v ng du v giy chng nhn trnh gi
mo. Cc thng tin i km thng thng l chu k kim nh, quyn s dng, thi
hn,
Ni dung trn c k bi kho ring tin cy ca Ch quyn chng nhn (CA,
Certificate Authority). Do kho cng khai ca CA c thng bo rng ri, nn chng
nhn c th c kim chng bi mt ngi no bit kho cng khai ca Ch
quyn chng nhn.
5.3.3 Phn phi cng khai cc kho mt

Ni chung c th s dng cc phng php trn nhn c kho cng khai ca
ngi nh trao i thng tin. Kho cng khai dng cho mc ch m ho, gii m
hoc xc nhn thng tin l ca i tc. Nhng cc thut ton kho cng khai chm,
nn gi bo mt thng tin l t. Do thng thng dng kho i xng m
58
ho v gii m ni dung bn tin, m cn c gi l kho phin hay kha k (section

key). C mt s cch tha thun kho phin ph hp gia hai ngi s dng.
Phn phi kho mt n gin
c xut bi Merkle vo nm 1979
o A to ra mt cp kho cng khai mi tm thi
o A gi B mt kho cng khai v danh tnh ca h
o B to ra kho phin v gi n cho A s dng kho cng khai c cung cp
o A gii m kho phin v c hai cng dng n.
Vn nm ch, k th c th ngn hoc ng gi c hai bn ca th tc
Nu c kho cng khai th kho phin c trao i an ton
5.3.4 Trao i kho hn hp:

Ta c th kt hp s dng Trung tm phn phi kho phn phi kho phin nh
trn m hnh my ch ca IBM. Trung tm chia s kho chnh (master key) vi mi
ngi s dng. V phn phi kho phin s dng kho chnh vi Trung tm. S
kho cng khai c dng phn phi kho chnh. S ba lp ny c bit hu
ch khi ngi s dng phn tn rng. Cc yu cu cn bn ca h thng l cht lng
thc hin v s tng thch nn tng.
5.4 Trao i kho Diffie Hellman

5.4.1 Yu cu
Trao i kho Diffie Hellman l s kho cng khai u tin c xut
bi Diffie v Hellman nm 1976 cng vi khi nim kho cng khai. Sau ny c
bit n bi James Ellis (Anh), ngi xut b mt nm 1970 m hnh tng t.
y l phng php thc t trao i cng khai cc kho mt. N thc y vic nghin
cu xut cc m kho cng khai. S c s dng trong nhiu sn phm
thng mi.
L s trao i kho mt dng kho cng khai:
o Khng th dng trao i mu tin bt k.
o Tuy nhin n c th thit lp kho chung.
o Ch c hai i tc bit n.
59
o Gi tr kho ph thuc vo cc i tc (v cc thng tin v kho cng khai

v kho ring ca h).
o Da trn php ton ly tha trong trng hu hn (modulo theo s nguyn
t hoc a thc) l bi ton d.
o an ton da trn kh ca bi ton tnh logarit ri rc (ging bi ton
phn tch ra tha s) l bi ton kh.
5.4.2 Khi to Diffie Hellman
Mi ngi dng tha thun dng tham s chung:
o S nguyn t rt ln q hoc a thc.
o
o
l cn nguyn t ca mod q.
Mi ngi dng (A chng hn) to kho ca mnh:
o Chn mt kho mt (s) ca A: xA < q
x
o Tnh kho cng khai ca A: yA = A mod q.
o Mi ngi dng thng bo cng khai kho ca mnh yA.
5.4.3 Trao i kho Diffie Hellman
Kho phin dng chung cho hai ngi s dng A, B l KAB
KAB = xA.xB mod q
= yAxB mod q (m B c th tnh)

= yBxA mod q (m A c th tnh)
KAB c s dng nh kho phin trong s kho ring gia A v B
A v B ln lt trao i vi nhau, h c kho chung KAB cho n khi h chn kho
mi.
K thm m cn x, do phi gii tnh logarit ri rc
V d:
Hai ngi s dng Alice & Bob mun trao i kho phin:
ng chn s nguyn t q=353 v =3
Chn cc kho mt ngu nhin:
A chn xA=97, B chn xB=233
Tnh cc kho cng khai:
yA=397 mod 353 = 40
(Alice)
yB=3233 mod 353 = 248 (Bob)
Tnh kho phin chung:
KAB= yBxA mod 353 = 24897 = 160 (Alice)
KAB= yAxB mod 353 = 40233 = 160
60
(Bob)
Cu hi v bi tp
1.
2.
3.
4.
5.
6.
7.
8.
9.
Tnh m ho RSA ca bn ghi sau:

p=7, q=11, e = 3, NSD A chn kho ring xA = 7, tnh kho cng khai ca A
NSD B gi bn tin M = 5 v m bng kho cng khai ca A
NSD A gii m s dng nh l phn d Trung Hoa
p=11, q=13, e = 7, NSD A chn kho ring xA = 9, tnh kho cng khai ca A
p=23, q=31, NSD A chn kho ring xA = 13, tnh kho cng khai ca A
Trao i kho Difie Hellman:
Chn s nguyn t dung chung q = 131 v = 7,
NSD A chn kho ring xA = 11
NSD B chn kho ring xB = 19
Tnh kho cng khai ca A v B
Nu cch A va B tnh kho mt dng chung gia A v B
Trao i kho Difie Hellman:
Chn s nguyn t dung chung q = 131 v = 7,
NSD A chn kho ring xA = 11
NSD B chn kho ring xB = 19
Tnh kho cng khai ca A v B
Nu cch A va B tnh kho mt dng chung gia A v B
Nu thut ton tnh ly tha ca mt c s cho trc. nh gi phc tp
ca thut ton .
Ti sao c th ni nu dng nh l Trung Hoa gii m th tc gii
m nhanh gp 4 ln khng dng n.
Cho N = 1517. Hy tnh 131435 mod N.
Trong h m RSA c N = p * q = 103 * (219 1) th c th s dng ti a
l bao nhiu ga tr ca e lm kha m ha, gii thch.
10.
11.
12.
Trong h m RSA c N = p*q = 103 * 113 s c bao nhiu trng hp l bn r.

Cho h RSA c n = 1363, bit phi(n) = 1288 hy m ha bn r M = 2007.
Cho h m RSA c p = 31, q = 41, e = 271.
a) Hy tm kha cng khai KP, v kha b m t KS ca h m trn.
b) m ha cc thng i p c vit bng ting Anh ngi ta dng m t hm chuyn i
cc k t thnh cc s th p phn c hai ch s nh sau:
Khi v d xu ABC s c chuyn thnh 00 01 02 v sau ct thnh cc s c 3 ch s

000 (bng 0) v 102 m ha. Bn m thu c l m t t p cc s thuc Zn. Hy thc
hi n m ha xu P = SERIUS.
c) Gi s bn m thu c l C = <201, 793, 442, 18> hy thc hi n gii m tm ra thng
i p bn r ban u.
61
CHNG 6. AN TON IP V WEB

Trong chng ny chng ta s xt n c ch an ton IPSec v mt s giao thc
bo mt lp vn chuyn ng dng trn Web.
6.1 An ton IP
C kh nhiu c ch an ton ng dng chuyn bit nh: S/MIME, PGP, Kerberos,
SSL/HTTPS. Tuy nhin c nhng c ch an ton m xuyn sut nhiu tng ng
dng nh l c ch an ton IP c ci t trn mng cho mi ng dng.
6.1.1 IPSec
IPSec l c ch an ton IP tng quan. N cung cp: xc thc, bo mt v qun tr
kho. IPSec c dng trn mng LAN, mng WAN ring v chung v trn c
mng Internet.
Li ch ca IPSec
IPSec trn bc tng la/router cung cp an ton mnh cho mi vic truyn qua
vnh ai. N chng li vic i vng qua bc tng la/router.
IPSec nm tng vn chuyn bn di nn trong sut vi mi ng dng v c th
trong sut vi ngi s dng u cui. N c th cung cp an ton cho ngi s
dng ring bit v bo v kin trc r nhnh.
6.1.2 Kin trc an ton IP
c t an ton IP rt phc tp, c nh ngha qua mt s chun (RFC): bao gm
RFC 2401/2402/2406/2408 v c nhiu chun khc c nhm theo loi. iu
ny l bt buc i vi IP6 v tu chn vi IP4. C hai m rng an ton cho phn
u:
Phn u xc thc (AH Authentication Header)
Ti trng an ton ng gi (ESP Encapsulating Security Payload)
1. Dch v IPSec
IPSec nhm t cc mc ch sau: kim sot truy cp, ton vn khng kt ni, xc
thc ngun gc d liu, t chi ti li gi (y l mt dng ca ton vn lin kt
tng phn), bo mt (m ho), bo mt lung vn chuyn c gii hn.
2. Lin kt an ton
Quan h mt chiu gia ngi gi v ngi nhn m cung cp s an ton cho
lung vn chuyn v c xc nh bi 3 tham s
o Ch s tham s an ton
o a ch IP ch
o Tn ca th tc an ton
Ngoi ra c mt s cc tham s khc nh: ch s dy (sequence number), thng tin
v phn u xc thc v phn u m rng AH & EH, thi gian sng. C lu tr
c s d liu ca cc lin kt an ton.
3. Phn u xc thc (Authentication Header - AH)
AH cung cp s h tr cho an ton d liu v xc thc ca cc gi IP:
o H thng u cui/chuyn mch c th xc thc ngi s dng/ng dng
o Ngn tn cng theo di a ch bng vic theo di cc ch s dy.
AH da trn s dng MAC: HMACMD596 hoc HMAC SHA -1-96
Mun vy cc bn cn chia s kho mt.
62
4. Ti trng an ton ng gi (ESP)

ESP m bo bo mt ni dung mu tin v lung vn chuyn gii hn, c la chn
cung cp dch v xc thc v h tr phm vi rng cc m, cc ch m, b m
o Bao gm DES, Triple DES, RC5, IDEA, CAST,
o CBC v cc ch khc
o B m cn thit lp y cc kch thc khi, cc trng cho lung
vn chuyn
5. Ch vn chuyn v ch ng ESP
ESP c s dng vi 2 ch : vn chuyn v ng. Trong ch ng khng cn
gi tng minh a ch ch.
Ch vn ti c s dng m v tu chn xc thc d liu IP:
o D liu c bo v nhng phn u vn r bit a ch ch
o C th phn tch vn chuyn mt cch hiu qu
o Tt i vi ESP my ch vn chuyn ti my ch
Ch ng m ton b gi IP
o B sung phn u mi cho bc nhy tip
o Tt cho mng ring o VPN (Virtual Private Network), cng n cng an
ton
6. Kt hp cc lin kt an ton
Cc lin kt an ton c th ci t qua AH hoc ESP. ci t c hai cn kt hp
cc lin kt an ton
o To nn b cc lin kt an ton
o C th kt thc ti cc im cui cng nhau hoc khc nhau
o Kt hp bi k vn chuyn v ng lp
Cn bn lun v th t xc thc v m ho
7. Qun tr kho
Qun l sinh kho v phn phi kho gia cc bn trao i thng tin, thng
thng cn hai cp kho, 2 kho trn mt hng cho AH v ESP.
Trong c ch Qun tr kho th cng, ngi qun tr h thng thit lp cu hnh
cho tng h thng.
Trong c ch Qun tr kho t ng:
o H thng t ng da vo yu cu v kho cho cc lin kt an ton
trong h thng ln.
o C cc thnh phn nh th tc trao i kha Oakley v lin kt an ton
trn mng ISAKMP
8. Oakley
Oakley l th tc trao i kho, da trn trao i kho Diffie-Hellman. y b
sung cc c trng khc phc cc im yu nh Cookies, nhm (tham s tng
th), cc ch s c trng (nonces), trao i kho Diffie Hellman vi vic xc
thc. C th s dng s hc trn trng s nguyn t hoc ng cong elip.
9. ISAKMP
ISAKMP lin kt an ton trn Internet v th tc qun tr kho. N cung cp
khung qun l kho, xc nh cc th tc v nh dng gi thit lp, tha
thun, iu chnh v xo cc lin kt an ton (SA Secure Associations).
ISAKMP c lp vi th tc trao i kho, thut ton m ho v phng php xc
thc
Trao i v ti trng ISAKMP
63
C mt s kiu ti trng ISAKMP: an ton, xut, dng vn chuyn, kho, nh

danh, chng nhn, hash, ch k, nonce v xo.
ISAKMP c b khung cho 5 kiu trao i mu tin:c s, bo v nh danh, xc
thc, tch cc v thng tin.
6.2 An ton Web

6.2.1 Khi nim
Web ngy cng c s dng rng ri bi cc cng ty, chnh ph v c nhn,
nhng Internet v Web c nhng l hng ln v c nhiu mi e do an ton nh:
o Tnh ton vn
o Bo mt
o T chi dch v
o Xc thc
Nh vy cn b sung c ch bo mt cho Web.
6.2.2 SSL (Secure Socket Layer)
SSL l dch v an ton tng vn chuyn, ban u c pht trin bi Netscape.
Sau phin bn 3 ca n c thit k cho u vo cng cng v tr thnh
chun Internet, c bit n nh an ton tng vn chuyn TLS (Transport Layer
Security).
SSL s dng giao thc TCP cung cp dch v u cui n cui tin cy v c 2
tng th tc
6.2.3 Kin trc SSL
y kt ni SSL l:
o Tm thi, u cui n u cui, lin kt trao i
o Gn cht vi 1 phin SSL
V phin SSL:
o Lin kt gia ngi s dng v my ch
o c to bi th tc HandShake Protocol
o Xc nh mt tp cc tham s m ho
o C th chia s bi kt ni SSL lp
1. Dch v th tc bn ghi SSL
64
Dch v th tc bn ghi SSL m bo tnh ton vn ca bn tin:

o S dng MAC vi kho mt chia s
o Ging nh HMAC nhng vi b m khc
v cung cp bo mt:
o S dng m i xng vi kho chung xc nh bi th tc HandShake.
o IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4128
o Bn tin c nn trc khi m
2. Th tc thay i c t m SSL (SSL Change Cipher Spec Protocol):
y l mt trong 3 giao thc chuyn bit ca SSL s dng th tc bn ghi SSL.
y l mu tin n, buc trng thi treo tr thnh hin thi v cp nht b m
ang dng
3. Th tc nhc nh SSL (SSL Alert Protocol)
Truyn i li nhc ca SSL lin quan cho thnh vin. Nghim khc: nhc nh
hoc cnh bo
Nhc nh c bit:
o cnh bo: mu tin khng ch i, bn ghi MAC ti, li gii nn, li
Handshake, tham s khng hp l
o Nhc nh: ng ghi ch, khng chng nhn, chng nhn ti, chng
nhn khng c h tr, chng nhn b thu hi, chng nhn qu hn,
chng nhn khng c bit n.
Nn v m nh mi d liu SSL
4. Th tc bt tay SSL (SSL HandShake Protocol)
1.
Th tc ny cho php my ch v my trm:
o Xc thc nhau
o Tha thun thut ton m ho v MAC
o Tha thun kho m s dng
N bao gm mt lot cc thng tin:
o Thit lp cc kh nng an ton
o Xc thc my ch v trao i kho
o Xc thc my trm v trao i kho
o Kt thc
65
5. An ton tng vn chuyn

IETF chun RFC 2246 ging nh SSLv3.
Vi khc bit nh:
o s k hiu kch thc bn ghi
o s dng HMAC thay cho MAC
o hm gi ngu nhin tng mt
o c m ghi ch b sung
o c mt s thay i h tr m
o thay i kiu chng nhn v tha thun
o thay i b m v tnh ton m
Sau y ta xem xt chi tit giao thc xc thc ngi dng RADIUS v giao thc
SSL:
66
Giao thc RADIUS

RADIUS l m t dch v dnh cho vi c xc nh n v cho php ngi dngtruy cp t
xa qua cc thit b nh mdem, DSL, cp mng hoc cc thit b khng dy khc.
M t site thng thng c m t my ch truy c p c kt ni vo mt modem. M t
my ch dch v RADIUS c kt ni vo mng nh m t dch v xc nh n. Nhng
ngi dng t xa gi vo my ch truy c p, my ch s yu cu nhng dch v xc
nh n t my ch dch v RADIUS. My ch dch v RADIUS s xc nh n ngi
dng v cho php h truy c p ti nguyn.Nhng nh qun tr mng to ra nhng h
s v ngi dng my ch RADIUS,xc nh cc quyn hn cp cho ngi dng t
xa. Nhng giao thc hi p c s dng trong sut qu trnh ngi dng vo mng.
Giao thc SSL
c pht trin bi Netscape, giao thc SSL c s dng rng ri trn mng
Internet trong vic xc thc v m ho thng tin gia my trm v my ch. Trong
khi SSL c th s dng h tr cc giao dch an ton cho rt nhiu ng dng khc
nhau trn Internet. SSL khng phi l mt giao thc n l, m l mt tp cc th tc
c chun ho thc hin cc nhim v bo mt sau:
Xc thc my ch: Cho php ngi s dng xc thc c my ch mun kt
ni. Lc ny, pha browser s dng cc k thut m ho cng khai chc
chn rng chng ch v kho cng cng ca my ch l c gi tr v c cp
pht bi mt CA trong danh sch cc CA ng tin cy ca my trm.
Xc thc my trm: Cho php pha my ch xc thc c ngi s dng
mun kt ni. Pha my ch cng s dng cc k thut m ho cng khai
kim tra xem chng ch v kho cng cng ca my ch c gi tr hay khng
v c cp pht bi mt CA trong danh sch cc CA ng tin cy khng.
M ho kt ni: Tt c cc thng tin trao i gia my trm v my ch c
m ho trn ng truyn nhm nng cao kh nng bo mt.
Hot ng ca SSL
Giao thc SSL hot ng da trn hai nhm con giao thc l giao thc bt tay v
giao thc bn ghi. Giao thc bt tay xc nh cc tham s giao dch gia hai i
tng c nhu cu trao i thng tin hoc d liu, cn giao thc bn ghi xc nh
khun dng cho tin hnh m ho v truyn tin hai chiu gia hai i tng .Giao
thc SSL bt tay s s dng SSL bn ghi trao i mt s thng tin gia my
ch v my trm vo ln u tin thit lp kt ni SSL.
Mt giao dch SSL thng bt u bi qu trnh bt tay gia hai bn. Cc bc
trong qu trnh bt tay c th nh sau:
1. My trm s gi cho my ch s phin bn SSL ang dng, cc tham s ca
thut ton m ho, d liu c to ra ngu nhin (ch k s) v mt s thng
tin khc m my ch cn thit lp kt ni vi my trm
2. My ch gi cho my trm s phin bn SSL ang dng, cc tham s ca thut
ton m ho, d liu c to ra ngu nhin v mt s thng tin khc m my
trm cn thit lp kt ni vi my ch. Ngoi ra my ch cng gi chng
ch ca n n my trm v yu cu chng ch ca my trm nu cn.
3. My trm s dng mt s thng tin m my ch gi n xc thc my ch.
Nu nh my ch khng c xc thc th ngi s dng s c cnh bo v
kt ni khng c thit lp. Cn nu nh xc thc c my ch th pha my
trm s thc hin tip bc 4.
67
4. S dng tt c cc thng tin c to ra trong giai on bt tay trn, my

trm (cng vi s cng tc ca my ch v ph thuc vo thut ton c s
dng) s to ra premaster secret cho phin lm vic, m ho bng kho cng
khai m my ch gi n trong chng ch bc 2, v gi n my ch.
5. Nu my ch c yu cu xc thc my trm, th pha my trm s nh du
vo phn thng tin ring ch lin quan n qu trnh bt tay ny m hai bn
u bit. Trong trng hp ny, my trm s gi c thng tin c nh du v
chng ch ca mnh cng vi premaster secret c m ho ti my ch.
6. My ch s xc thc my trm. Trng hp my trm khng c xc thc,
phin lm vic s b ngt. Cn nu my trm c xc thc thnh cng, my
ch s s dng kho b mt gii m premaster secret, sau thc hin mt
s bc to ra master secret.
7. My trm v my ch s s dng master secret to ra cc kho phin ,
chnh l cc kho i xng c s dng m ho v gii m cc thng tin
trong phin lm vic v kim tra tnh ton vn d liu.
8. My trm s gi mt li nhn n my ch thng bo rng cc thng ip tip
theo s c m ho bng kho phin. Sau n gi mt li nhn c m
ho thng bo rng pha my trm kt thc giai on bt tay.
9. My ch cng gi mt li nhn n my trm thng bo rng cc thng ip
tip theo s c m ho bng kho phin. Sau n gi mt li nhn c
m ho thng bo rng my ch kt thc giai on bt tay.
10. Lc ny giai on bt tay hon thnh, v phin lm vic SSL bt u. C
hai pha my trm v my ch s s dng cc kho phin m ho v gii m
thng tin trao i gia hai bn, v kim tra tnh ton vn d liu
6.3 Thanh ton in t an ton

6.3.1 Yu cu
y l m m v c t an ton nhm bo v thanh ton th tn dng trn Internet. N
c pht trin nm 1996 bi Master, Visa Card v khng phi h thng tr tin.
Thanh ton in t an ton l tp cc giao thc v nh dng an ton dng
o Trao i an ton gia cc i tc
o Tin tng v s dng X509v3
o Ring bit v hn ch thng tin cho ngi cn
Cc thnh phn Thanh ton in t
68
6.3.2 Thanh ton in t an ton

1. Ngi mua m ti khon
2. Ngi mua nhn c chng nhn
3. Ngi bn c chng nhn ca h
4. Ngi mua t hng
5. Ngi bn c kim chng
6. n t hng v tr tin c gi
7. Ngi bn yu cu giy php tr tin
8. Ngi bn duyt n t hng
9. Ngi bn cung cp hng v dch v
10. Ngi bn yu cu tr tin
6.3.3 Ch k kp
Ngi mua to ch k kp
o Thng tin n t OI cho ngi bn
o Thng tin tr tin PI cho ngn hng
Khng bn no bit chi tit ca ngi khc. Nhng cn phi bit l h c kt
ni vi nhau. S dng ch k kp cho mc ch ny
o K trn bn ghp ca OI v PI
6.3.3 Yu cu tr tin
Trao i yu cu tr tin gm 4 mu tin sau
1. Khi to yu cu - nhn chng nhn
2. Khi to tr li k tr li
3. Yu cu tr tin - ca OI v PI
4. Tr li tr tin n phc p
6.3.4 Yu cu tr tin ngi mua
69
6.3.5 Yu cu tr tin ngi bn
1. Kim tra chng nhn ngi gi th bng ch k ca CA

2. Kim tra ch k kp bng cch s dng kho ch k cng khai ca ngi
mua tin tng rng n khng b gi mo khi truyn v c k s dng
ch k kho ring ca ngi gi th.
3. X l n t v gi tip thng tin tr tin cho cng tr tin xc thc
(m t sau)
4. Gi phn hi tr tin cho ngi gi th
6.3.6 Giy php cng tr tin
1. Kim chng mi chng nhn
2. Gii m phong b in t ca khi giy php v nhn c kho i xng,
sau gii m khi giy php
3. Kim tra ch k ca ngi bn trn khi giy php
4. Gii m phong b in t khi tr tin, nhn c kho i xng, sau
gii m khi tr tin
5. Kim tra ch k kp trn khi tr tin
6. Kim tra rng, thanh ton ID nhn c t ngi bn ph hp vi danh
tnh trong PI nhn c (khng trc tip) t ngi bn
7. Yu cu v nhn c giy php t ni pht hnh
8. Gi tr li giy php cho ngi bn
70
6.3.7 Nhn tr tin

Ngi bn gi cho cng tr tin yu cu nhn tr tin. Cng kim tra yu cu .
Sau yu cu chuyn tin n ti khon ngi bn. Thng bo cho ngi bn v
ch tr li vic nhn.
6.4 An ton th in t
Th in t l mt trong nhng dch v mng c coi trng v ng dng rng ri
nht. ng thi ni dung ca cc mu tin khng an ton. C th b quan st trn
ng truyn hoc bi nhng ngi c thm quyn thch hp h thng u cui.
Nng cao an ton th in t l mc ch quan trng ca mi h thng trao i th.
y phi m bo cc yu cu sau: tnh bo mt ni dung tin gi, xc thc ngi gi
mu tin, tnh ton vn ca mu tin, hn na bo v khi b sa, tnh chng t chi
gc, chng t chi ca ngi gi.
6.4.1 Dch v PGP.
PGP (Pretty Good Privacy) l mt dch v v bo mt v xc thc c s dng rng
ri cho chun an ton th in t. PGP c pht trin bi Phil Zimmermann. y
la chn cc thut ton m ho tt nht dng, tch hp thnh mt chng trnh
thng nht, c th chy trn Unix, PC, Macintosh v cc h thng khc. Ban u l
mien ph, by gi c cc phin bn thng mi. Sau y chng ta xem xt hot ng
ca PGP
Thao tc PGP xc thc
Ngi gi to mu tin, s dng SHA-1 sinh Hash 160 bit ca mu tin, k hash vi
RSA s dng kho ring ca ngi gi v nh km vo mu tin.
Ngi nhn s dng RSA vi kho cng khai ca ngi gi gii m v khi phc
bn hash. Ngi nhn kim tra mu tin nhn s dng bn hash ca n v so snh vi
bn hash c gii m.
Thao tc PGP bo mt
Ngi gi to mu tin v s ngu nhin 128 bit nh kho phin cho n, m ho mu
tin s dng CAST-128/IDEA /3DES trong ch CBC vi kho phiien . Kho
phin c m s dng RSA vi kho cng khai ngi nhn v nh km vi mu tin.
Ngi nhn s dng RSA vi kho ring gii m v khi phc kho phin. Kho
phin c s dng gii m mu tin.
Thao tc PGP - Bo mt v xc thc
C th s dng c hai dch v trn cng mt mu tin. To ch k v nh vo mu tin,
sau m c mu tin v ch k. nh kho phin c m ho RSA/ElGamal.
Thao tc PGP nn
Theo mc nh PGP nn mu tin sau khi k nhng trc khi m. Nh vy cn lu
mu tin cha nn v ch k kim chng v sau. V rng nn l khng duy nht.
y s dng thut ton nn ZIP.
Thao tc PGP tng thch th in t
Khi s dng PGP s c d liu nh phn gi (mu tin c m). Tuy nhin th
in t c th thit k ch cho vn bn. V vy PGP cn m d liu nh phn th vo
71
cc k t ASCII in c. Sau s dng thut ton Radix 64, nh x 3 byte vo 4 k

t in c v b sung kim tra tha quay vng CRC pht hin li khi truyn. PGP
s chia on mu tin nu n qu ln.
Tm li, cn c kho phin cho mi mu tin, c kch thc khc nhau: 56 bit DES,
128 bit CAST hoc IDEA, 168 bit Triple DES, c sinh ra s dng d liu u
vo ngu nhin ly t s dng trc v thi gian g bn phm ca ngi s dng
Kho ring v cng khai ca PGP

V c nhiu kho ring v kho cng khai c th c s dng, nn cn phi xc nh
r ci no c dng m kho phin trong mu tin. C th gi kho cng khai y
vi tng mu tin. Nhng u l khng , v cn phi nu r danh tnh ca
ngi gi. Do c th s dng nh danh kho xc nh ngi gi. C t nht 64
bit c ngha ca kho v l duy nht, c th s dng nh danh ca kho trong ch
k.
72
PGP Message Format

Cc chm kho PGP
Mi ngi s dng PGP c mt cp chm kho. Chm kho cng khai cha mi
kho cng khai ca cc ngi s dng PGP khc c ngi bit v c nh s
bng nh danh kho (ID key). Chm kho ring cha cc cp kho cng khai/ring
ca ngi c nh s bi nh danh kho v m ca kho ly t giai on duyt
hash. An ton ca kho cng khai nh vy ph thuc vo an ton ca giai on
duyt.
Sinh mu tin PGP
S sau m t qui trnh sinh mu tin PGP gi cho ngi nhn.
73
Nhn mu tin PGP
S sau nu cch ngi nhn gii m, kim chng thng tin c mu tin.
Qun l kho PGP

Tt hn ht da vo ch quyn chng nhn. Trong PGP mi ngi s dng c mt
CA ca mnh. C th k kho cho ngi s dng m anh ta bit trc tip. To thnh
Web ca nim tin. Cn tin cy kha c k, v tin cy cc kho m cc ngi
khc k khi dng mt dy chuyn cc ch k n n.
Chm kho ch c cc ch dn tin cy. Ngi s dng c th thu hi kho ca h
74
6.4.2 M rng th Internet a mc ch/an ton S/MIME

Tng cng an ton cho th in t a mc ch m rng MIME (Multipurpose
Internet Mail Extension). Th in t Internet RFC822 gc ch c vn bn, MIME
cung cp h tr cho nhiu kiu ni dung v mu tin c nhiu phn vi m ho d liu
nh phn thnh dng vn bn.
S/MIME tng cng tnh an ton, c h tr ca S/MIME trong nhiu tc nhn th
in t nh MS Outlook, Mozilla, Mac Mail,
Cc chc nng S/MIME
D liu ng phong b, ni dung c m ho v lin kt kho, d liu c k, mu
tin c m v k sau nn, d liu r rng c k, mu tin tng minh v m ho ch
k trn bn nn, d liu ng phong b v k, lng nhau cc th c th k v m.
Cc thut ton m ho S/MIME
Cc ch k in t DSS v RSA, cc hm hash: SHA-1 v MD5, m kho phin:
Elgamal & RSA, m mu tin: AES, Triple-DES, RC2/40, ;MAC: HMAC vi SHA1.
C qu trnh i thoi quyt nh s dng thut ton no.
Cc mu tin S/MIME
S/MIME bo v cc thc th MIME vi ch k, m hoc c hai to thnh cc i
tng ng gi MIME. C phm vi cc kiu ni dung khc nhau: d liu ng phong
b, d liu c k, d liu r rng c k, yu cu ng k, chng nhn mu tin.
Qu trnh chng nhn S/MIME
S/MIME s dng chng nhn X.509 phin bn 3. Qun tr vic s dng kt hp s
phn cp CA ca X.509 v Web nim tin ca PGP. Mi client c mt danh sch cc
giy chng nhn cho CA tin cy v c cc giy chng nhn v cp kho cng
khai/ring ca mnh. Chng nhn cn c k bi cc CA tin cy.
Ch quyn chng nhn CA (Certificate Authorities)
C mt s CA mi ngi u bit. Verisign l mt CA c s dng rng ri.
Verisign xut bn mt s kiu nh danh in t. Tng mc kim tra v ko theo
tin cy.
Cu hi v bi tp
1. Nu mc ch IPSec, cc tham s, AH v ESP
2. Nu mc ch SSL v TLS. Trnh by kin trc v nhim v ca cc thnh
phn ca chng.
3. Th no l thanh ton in t an ton
4. Nu yu cu ca ch k kp v chng t ch k kp trong thanh ton in
t an ton p ng cc yu cu .
5. Nu qui trnh thanh ton in t an ton, chng t n p ng c cc yu
cu an ton ra.
6. Nu cc yu cu bo mt, xc thc, ch k in t ca h thng th n
t.
7. Trnh by gii php xut ca PGP cho h thng th in t.
8. Tm hiu xc thc c bn HTTP trong Internet Explorer.
75
CHNG 7. K XM NHP, PHN MM C HI V BC

TNG LA
7.1 K xm nhp
7.1.1 Khi nim
Vn quan trng i vi h thng mng l chng li vic truy cp khng mong
mun qua mng my tnh ln hoc cc b. Chng ta c th phn loi k xm nhp
nh sau:
o K gi danh
o K lm quyn
o Ngi s dng giu mt
C nhiu mc kh nng khc nhau xm nhp khc nhau. R rng vn trn
c cng khai v tr nn bc xc
o T Wily Hacker trong nm 1986/1987
o n vic tng nhanh cc i ng cu tnh trng khn cp ca my tnh
Vi i ng cu c th cm thy bnh an nhng i hi cc ngun chi b sung
pht trin v duy tr hot ng. K xm nhp c th s dng cc h thng lm hi
tn cng.
7.1.2 Cc k thut xm phm
Mc tiu ca k xm nhp l dnh quyn truy cp hoc tng quyn trong h thng.
Cc phng php tn cng c bn bao gm
o Tm mc tiu v thu thp thng tin
o Truy cp ban u
o Leo thang quyn
o Ln vt khi phc
Mc tiu chnh l ginh c mt khu v sau dng quyn truy cp ca ngi
s hu.
7.1.3 on mt khu
on mt khu l mt trong cc hng tn cng chung nht. K tn cng bit
tn ngi s dng ng nhp (t trang email/web) v tm cch on mt khu.
o Mc nh, mt khu ngn, tm kim cc t chung
o Thng tin ca ngi dng (thay i tn, ngy sinh, s in thoi, cc
mi quan tm v t chung)
o Tm kim tng th mi kh nng ca mt khu
K xm nhp kim tra ng nhp vi tp mt khu nh cp c. S thnh cng
ca vic on mt khu ph thuc vo mt khu c chn bi ngi dng. Tng
quan ch ra rng nhiu ngi s dng chn mt khu khng cn thn.
Nm bt mt khu
Tn cng khc bao gm nm bt mt khu
o Theo di qua vai khi nhp password
o S dng chng trnh nga thnh Toroa thu thp
o Theo di login mng khng an ton, chng hn Telnet, FTP, Web,
email.
76
o Cht lc thng tin ghi li c sau ln vo mng thnh cng (m/lch

s web, s quay cui,)
o S dng login/password ng nhi li ngi s dng
Ngi s dng cn c hc dng cc bin php phng v ngn nga thch
hp.
7.1.4 Pht hin xm nhp
Chc chn c li an ton u . Nh vy pht hin xm nhp cn phi
o Chia khi pht hin nhanh
o Hnh ng ngn chn
o Thu thp thng tin tng cng an ton
Gi thit rng k xm nhp s hnh ng khc so vi ngi dng hp php
o Nhng s c s khc bit nh gia h
1. Cc cch tip cn pht hin xm nhp
Pht hin thng k bt thng
o Vt qua ngng thng k no
o Da trn m t
Da trn qui tc
o Hnh ng bt thng
o nh danh thm nhp
2. Kim tra cc bn ghi
Cng c c bn pht hin xm nhp l kim tra bn ghi n gin
o Mt phn ca h iu hnh a ngi s dng
o Sn sng s dng
o C th khng c thng tin trong nh dng mong mun
Tin hnh kim tra cc bn ghi chuyn dng pht hin
o c to chuyn dng thu thp mt s thng tin mong mun
o Tr gi chi ph b sung trong h thng
3. Pht hin thng k bt thng
Pht hin ngng
o m s xut hin ca s kin c bit theo thi gian
o Nu vt qu gi tr no th cho l c xm nhp
o Nu ch dng n th y l pht hin th khng hiu qu
Da trn m t
o c trng hnh vi qu kh ca ngi s dng
o Pht hin h qu quan trng t
o M t bng nhiu tham s
4. Phn tch kim tra bn ghi
y l c s ca cch tip cn thng k. Phn tch bn ghi nhn c cc s o
theo thi gian
o S m, o, thi gian khong, s dng ngun
S dng cc kim tra khc nhau trn s liu phn tch xc nh hnh vi hin ti
c chp nhn c khng
o Tnh k vng, phng sai, bin nhiu chiu, qu trnh Markov, chui
thi gian, thao tc
u im chnh l khng s dng kin thc bit trc
5. Pht hin xm nhp da trn qui tc
77
Quan st cc s kin trong h thng v p dng cc qui tc quyt nh hot

ng c ng nghi ng hay khng. Pht hin bt thng da trn qui tc
o Phn tch cc bn ghi kim tra c xc nh mu s dng v qui tc t
sinh cho chng
o Sau quan st hnh vi hin ti v snh vi cc qui tc nhn thy
nu n ph hp
o Ging nh pht hin thng k bt thng khng i hi kin thc bit
trc v sai lm an ton
nh danh s thm nhp da vo qui tc
o S dng cng ngh h chuyn gia
o Vi qui tc nh danh s xm nhp bit, cc mu im yu, hoc cc
hnh vi nghi ng
o So snh cc bn ghi kim tra hoc cc trng thi theo qui tc
o Qui tc c sinh bi cc chuyn gia nhng ngi phng vn v h
thng kin thc ca cc qun tr an ton
o Cht lng ph thuc vo cch thc thc hin cc iu trn
o tng da trn t l
o Thc t pht hin xm nhp h thng cn pht hin t l xm nhp ng
vi rt t cnh bo sai
Nu rt t s xm nhp c pht hin -> an ton khng tt
Nu rt nhiu cnh bo sai -> b qua/ph thi gian
o iu rt kh thc hin
o Cc h thng tn ti hnh nh khng c cc bn ghi tt
Pht hin xm nhp phn tn
o Truyn thng thng tp trung h thng n l
o Nhng thng thng c cc h thng my tnh
o Bo v hiu qu cn lm vic cng nhau pht hin xm nhp
o Cc vn
Lm vic vi nhiu nh dng bn ghi kim tra khc nhau
Ton vn v bo mt d liu trn mng
Kin trc tp trung v phn tn
S dng bnh mt ong
o Chng li thu ht cc k tn cng
Tch khi s truy cp n cc h thng then cht
thu thp cc thng tin v hot ng ca chng
Kch thch k tn cng li trong h thng ngi qun tr c
th phn on
o c cp y cc thng tin ba t
o c trang b thu thp chi tit thng tin v hot ng ca k tn
cng
o H thng mng n v lp
7.1.5 Qun tr mt khu
o L bo v tuyn u chng k xm nhp
o Ngi s dng c cung cp c hai:
Login xc nh c quyn ca ngi s dng
Password xc nh danh tnh ca h
78
o Passwords thng c lu tr m ho
Unix s dng DES lp
Cc h thng gn y s dng hm hash
o Cn phi bo v file passwords trong h thng
Tm hiu v mt khu
o Purdue 1992 c nhiu mt khu ngn
o Klein 1990 c nhiu mt khu on c
o Kt lun l ngi s dng thng chn cc mt khu khng tt
o Cn mt cch tip cn chng li iu
To mt khu - cn gio dc cch to mt khu
o Cn c chnh sch v gio dc ngi s dng
o Gio dc tm quan trng ca mt khu tt
o Cho nh hng mt khu tt
di ti thiu > 6
i hi trn ch hoa v ch thng, s v du chm
khng chn t trong t in
o Nhng nn chn sao cho nhiu ngi khng
To mt khu my tnh t sinh
o Cho my tnh t to mt khu
o Nu ngu nhin khng d nh, th s vit xung (hi chng nhn kh
chu)
o Ngay c pht m c cng khng nh
o C cu chuyn v vic chp nhn ca ngi s dng ti
o FIPS PUB 181 l mt trong nhng b sinh tt nht
C c m t v code v d
Sinh t vic ghp ngu nhin cc m tit pht m c
To mt khu - kim tra trc
o Cch tip cn h hn nht c th ci thin an ton mt khu
o Cho php ngi s dng chn trc mt khu ca mnh
o Nhng cho h thng kim chng xem n c chp nhn c khng
Bt buc theo qui tc n gin
So snh vi t in cc mt khu ti
S dng m hnh thut ton Markov hoc b lc chng cc
cch chn ti
7.2 Phn mm c hi
7.2.1 Cc kiu phn mm c hi khc ngoi Virus
Virus my tnh c cng b rt nhiu, l mt trong nhng phn mm c hi.
Tc ng ca n mi ngi u bit, c nu trong cc bo co, vin tng
v phim nh, gy nhiu ch hn l tn thng v c quan tm nhiu phng
chng.
1. Ca sau hoc ca sp
im vo chng trnh b mt, cho php nhng ngi bit truy cp m b qua cc
th tc an ton thng thng. K thut ny c th c s dng chung bi nhng
ngi pht trin v l mi e do khi trong chng trnh sn phm cho php
79
khai thc bi cc k tn cng. Rt kh ngn chn trong h iu hnh, i hi s

pht trin v cp nht phn mm tt.
2. Bom logic
y l mt trong nhng phn mm c hi kiu c, code c nhng trong chng
trnh hp php. N c kch hot khi gp iu kin xc nh
o C mt hoc vng mt mt s file
o Ngy thng/thi gian c th
o Ngi s dng no
Khi c kch hot thng thng n lm hng h thng
o Bin i/xo file/a, lm dng my,
3. Nga thnh T roa
Chng trnh vi cc tc ng ph c du kn, m thng thng rt hp dn
nh tr chi hoc phn mm nng cp. Khi chy thc hin nhng nhim v b
sung, cho php k tn cng gin tip dnh quyn truy cp m h khng th trc
tip. Thng thng s dng lan truyn virrus/su (worm) hoc ci t ca sau
hoc n gin ph hoi d liu.
4. Zombie
y l chng trnh b mt iu khin my tnh ca mng khc v s dng n
gin tip tin hnh cc tn cng. Thng thng s dng khi ng tn cng t
chi cc dch v phn tn (DdoS). Khai thc cc l hng trong cc h thng.
7.2.2 Virus
Virus l on code t sinh lp nh km vi code khc nh virus sinh hc. C hai
u lan truyn t n v mang i b ti
o Mang theo code to cc bn sao ca chnh n
o V cng nh mi code n cng thc hin nhim v ngm no
Thao tc ca virus
Cc giai on ca virus
o Nm im - ch s kin kch hot
o Lan truyn lp sinh ra chng trnh/a
o Kch hot - bi s kin thc hin b ti
o Thc hin b ti
o C th thng thng mang tnh cht chuyn bit ca cc my v h iu
hnh. N khai thc cc tnh cht v im yu
Cu trc Virus
program V :=
{goto main;
1234567;
subroutine infect-executable := {loop:
file := get-random-executable-file;
if (first-line-of-file = 1234567) then goto loop
else prepend V to file; }
subroutine do-damage := {whatever damage is to be done}
subroutine trigger-pulled := {return true if condition holds}
main: main-program :=
{infect-executable;
if trigger-pulled then do-damage;
goto next;}
next:
80
}
Cc kiu Virus
C th phn loi da trn kiu tn cng
o Virus n bm
o Virus c tr b nh
o Virus sector khi ng
o Ln lt
o Virus nhiu hnh thi
o Virus bin ho
1. Marco Virus
Marco code nh km file d liu, c dch bi chng trnh s dng file
o Nh marco ca Word/Excel
o S dng lnh t ng v lnh marco
y l on code l c lp vi nn tng, l on ngun chnh ca s lan nhim
virus. C s khc bit khng r rng gia d liu v file chng trnh, thng
thng c s tho hip truyn thng: d dng s dng v an ton. c s
ci thin an ton trong Word, khng tri hn s e do ca virus.
2. Virus email
y l loi virus lan truyn s dng email c nh km cha marco virus nh
Melissa. Thng c kch hot khi ngi s dng m file nh km hoc t khi
hn khi mail c xem s dng mt tnh cht script ca tc nhn mail. Do s
lan truyn rt nhanh, thng thng ch l tc nhn mail Microsoft Outlook hoc
ti liu Word /Excel. Cn an ton ng dng v h iu hnh tt hn
3. Su
y l chng trnh sinh lp nhng khng c tc ng, thng lan truyn trn
mng
o Nh su Internet Morris 1988
o Dn n vic to ra cc i ng cu khn cp my tnh CERT
o Dng c quyn phn tn hoc khai thc cc im yu h thng
o c s dng rng ri bi Hackers to zombie PC, ko theo s dng
cc tn cng khc, c bit t chi dich v DoS
Vn chnh l mt s an ton ca h thng kt ni thng xuyn nh PC.
Thao tc ca su
Cc giai on ca su ging nh virus:
o Nm im
o Lan truyn
Tm h thng khc tc ng
Thit lp kt ni vi h thng ch t xa
T sinh lp mnh cho h thng t xa
o Kch hot
o Thc hin
4. Su Morrris
81
Su Morris l loi su c in, c to bi Robert Morris vo 1988, nhm ti cc

h thng Unix. y s dng mt s k thut lan truyn, nh
o Ph mt khu n gin trong file mt khu cc b
o Khai thc l hng
o Tm li ca sp trong h thng mail
Mi tn cng thnh cng s sinh lp n.
5. Tn cng ca su ng thi
Ln sng tn cng ca su ng thi mi t gia 2001 nh:
- Code Red - s dng l hng MS IIS:
o Th IP ngu nhin cho h thng chy IIS
o C kch hot thi gian cho tn cng t chi dch v
o Ln sng th hai tc ng n 360000 my ch trong vng 14 gi
- Code Red 2 ci t ca sp
- Nimda c ch tc ng lp
- SQL Slammer tn cng my ch MS SQL
- Sobig tn cng my ch proxy m
- Mydoom su email c s lng ln v c ca sau
6. Cng ngh su
Cc c tnh ca cng ngh su l tn cng a nn tng, khai thc nhiu chiu, lan
truyn cc nhanh, c nhiu kiu tc ng, bin ho, c ng v khai thc zero day.
7. Cc bin php chng Virus
Bin php tt nht l ngn nga, nhng ni chung l khng th. Do
cn phi c mt trong nhiu bin php sau:
o Pht hin virus nhim trong h thng
o nh danh loi virus nhim
o Loi b khi phc h thng v trng thi sch
8. Phn mm chng Virus
Phn mm thuc th h u tin
o Qut s dng ch k ca virus nh danh
o Hoc pht hin s thay i di ca chng trnh
Phn mm thuc th h th hai
o S dng cc qui tc trc quan pht hin nhim virus
o S dng m hash ca chng trnh pht hin s thay i
Phn mm thuc th h th ba
o Chng trnh thng tr trong b nh nh danh virus theo hnh ng
Phn mm thuc th h th t
ng gi vi rt nhiu kiu k thut chng virus
Qut v ln vt tch cc, kim sot truy cp
Phng php dit bng tay vn c dng.
9. K thut chng Virus nng cao
Gii m mu
o S dng m phng CPU kim tra chng trnh, ch k v hnh vi trc
khi chy chng
Dng H thng min dch s (IBM)
o Hnh ng a muc tiu v chng Virus
82
o Mi virus nhp vo t chc c nm bt, phn tch, pht hin/tm

chn to ra chng n v loi b
Sau y l s H min dch s (Digital Immune System)
7.2.3 Phn mm ngn chn hnh vi

Cc phn mm ny c tch hp vi h iu hnh ca my ch.
Chng trnh theo di cc hnh vi trong thi gian thc
o Chng hn truy cp file, nh dng a, cc ch thc hin, thay i
tham s h thng, truy cp mng
i vi cc hnh ng c kh nng c hi
o Nu pht hin th ngn chn, chm dt hoc tm kim
C u im so vi qut, nhng code c hi chy trc khi pht hin.
1. Tn cng t chi dch v t xa
Tn cng t chi dch v t xa (DDoS) to thnh e da ng k, lm cho h
thng tr nn khng sn sng, lm trn bi s vn chuyn v ch.
K tn cng thng s dng mt s ln cc zombies, tng kh ca cc tn
cng.
Cng ngh bo v tm cc bin php ng u chng li
83
2. Tm hiu cch k th xy dng mng li tn cng t chi dch v t xa

T chi dch v c hiu lc khi b nhim rt nhiu zombies. thc hin c
iu cn c:
- Phn mm ci t tn cng t chi dch v t xa
- Cc l hng khng v c trong nhiu h thng
- Chin lc qut tm l hng h thng: s dng cc yu t ngu nhin, lp
danh sch va chm, tm hiu cu trc topo, mng con cc b.
3. Chng tn cng t chi dch v t xa (DDoS)
C ba cch bo v sau y c dng rng ri
- Ngn nga tn cng v chim lnh trc.
- Pht hin tn cng v lc trong qu trnh s dng dch v
- Ln vt ngun tn cng v xc nh s tn cng sau khi s dng xong dch
v.
Ni chung c phm vi rng cc kh nng tn cng, v vy phi c nhiu bin php
chng v s dng kt hp chng.
7.3 Trn b m
Trn b m l c ch tn cng rt ph bin bt u t 1988 xut hin su Morris n
Code Red, Slammer, Sasser v nhiu ci khc na. Cc k thut phng chng u
bit. Tuy nhin vn cn l vn phi quan tm v di truyn t cc con rp ly lan
rng ri. V vn cn cc k thut lp trnh khng cn thn.
C s ca vic trn b nh: sinh bi do li lp trnh, cho qu nhiu d liu lu tr
hn kh nng cho php trong b m kch thc c nh. B m c th trn ngn
xp, ng, d liu tng th. Vit cc v tr nh cn k, lm hng d liu ca
84
chng trnh, truyn iu khin khng mong mun, vi phm truy cp b nh, thc
hin code ca k tn cng
7.3.1 V d trn b nh
Xt chng trnh C trn. y c ba bin, thng thng lu trong vng nh lin k.

Gi chng trnh con copy vo str1 d liu Start. Sau c u vo s dng hm
gets lu vo str2. Sau so snh u vo vi xu Start. Nu thnh cng valid = true.
Vn hm th vin gets ca C khng kim tra ln d liu c vo. Nu nhiu
hn 7 k t n i hi b nh nhiu hn. Khi d liu tha vit d liu ca bin
k, trong trng hp ny l str1. Gi s xu u vo l EVILINPUTVALUE,kt
quxuStr1bvitviccktTVALUE. Xu str2 khng ch s dng 8 k t
ca n m cn thm 7 k t t str1. Bit cu trc trn, k tn cng c th thu xp sao
cho gi tr xu Str1 vn bng Str2. Chng hn nu nhp xu u vo l
BADINPUTBADINPUT th trong php so snh kt qu vn ng nh trong ln
chy th ba trong v d trn.
7.3.2 Tn cng trn b nh. lm trn b m, k tn cng cn phi pht hin l
hng trn b m trong chng trnh no . Theo di, ln theo vt thc hin, s
dng cc cng c n. Hiu b m lu trong b nh nh th no v xc nh kh
nng ph hng.
85
Function Calls and Stack Frames
Mt cht v lch s ngn ng lp trnh. mc ngn ng my mi d liu l mng

cc bytes, thng dch ph thuc vo cc ch lnh c dng. Ngn ng bc cao hin
i c nh ngha cht v kiu v cc php ton ng. Khng c l hng trn b m,
c lng trc, gii hn khi dng.
C v ngn ng lin quan c cu trc iu khin bc cao, nhng cho php truy cp trc
tip n b nh. V vy c l hng trn b m. C k tha ln cc code khng an
ton, ang c s dng rng ri, nn c l hng.
hiu hn to sao li trn b nh, m khng khc phc c, ta xem xt c ch m
li gi hm qun l trng thi cc b cho mi li gi. Khi mt hm gi hm khc, n
cn phi lu u a ch tr v hm c gi khi kt thc tr iu khin cho
hm gi. Bn cnh cng cn c ch ct mt s tham s m cn truyn cho hm
c gi v cng cn lu cc gi tr thanh ghi ca hm gi m cn c s dng khi
hm c gi kt thc. Thng thng mi d liu ny c ct khung ngn xp
(stack frame). Mi ln gi hm li sinh ra mt khung ngn xp lin kt.
Trn b m ngn xp xy ra khi b m t trn ngn xp. N c khai thc bi
su Morris. Bi bo Smashing the Stack tuyn truyn n. C bin cc b pha di
con tr khung lu tr v a ch tr li. V vy trn b m cc b c nhiu kh nng
vit cc mc iu khin chnh. K tn cng vit a ch tr v vi a ch ca
an code ci vo. c th l a ch ca chng trnh, th vin h thng hoc ti
vo b m.
Chng ta xem cu to vng nh, ni ct chng trnh ang chy, d liu tng th,
ng v ngn xp. Khi chng trnh chy, h iu hnh to ra mt tin trnh cho n.
Tin trnh c cho bi khng gian o ca ring n vi cu trc nh trn hnh v sau.
N bao gm ni dung chng trnh ang chy, trong c d liu tng th, bng cp
b nh, code ca chng trnh gn y ca khng gian nh ny. Trn khng gian
cho ng tng dn ln v trn na l khng gian cho ngn xp gim dn xung.
86
Programs and Processes
m t trn b m ngn xp ta xt chng trnh C sau. N cha bin cc b duy

nht, b m inp. Hm Hello nhc nhp tn m c c vo b m nh hm th
vin khng an ton gets(). Sau hin kt qu c c nh hm th vin printf ().
Nu gi tr nh c c th y khng c vn g. Chng trnh gi hm s chy
thnh cng nh trong ln chy th nht trn hnh sau . Nu d liu ln nh trong
ln chy th hai, d liu s vt qua cui b m v ghi ln con tr khung lu tr
v tr v a ch sai tng ng vi biu din nh phn ca cc k t. V khi hm tr
iu khin cho a ch tr v, n nhy n v tr b nh khng hp l, bo li
Segmentation Fault v dng chng trnh khng bnh thng nh thng bo trn
hnh sau . K tn cng tn dng c hi ny truyn iu khin v chng trnh
nh trc.
87
Stack Overflow Example
7.3.3 Code che y (Shellcode)

y l code chng trnh c chun b bi k tn cng. N c lu trong b nh b
trn v k tn cng tm cch chuyn iu khin sang cho shell.
Exampe ShellCode
Example Stack Overflow Attack
88
Pht trin code che y

Trong v d trn m t vi Intel Linux shellcode c bn chy bn dch Bourne
shell. Shellcode cn phi ph hp vi i s cho execve(). N bao gm mi code
gi hm ca h thng, phi c lp vi v tr v khng cha NULLs xu kt thc
ca C.
Thng thng chng trnh che y di v bc l tin ch h thng ng tin cy,
dch v mng c bit, code th vin c s dng chung, nh hnh nh.
Cc hm ca shellcode: giao din t sinh, to i tng nghe khi to giao din
kt ni, to kt ni ngc li ti k tn cng, vt qua cc qui tc tng la, thot
khi mi trng thc thi hn ch.
7.3.4 Bo v trn b nh
Trn b m c khai thc rng ri, c nhiu code c l hng ang dng. Mc d
nguyn nhn v cc bin php chng bit. C hai cch chng rng ri: chng
trnh mi c gia c trong thi gian dch v kim sot tn cng chng trnh ang
c trong thi gian chy.
Nu s dng ngn ng bc cao vi kiu mnh , th s khng c l hng trn b m.
Chng trnh dch buc kim tra c v cc thao tc cho php trn cc bin. Khi
phi tr gi khi s dng ngun v hn ch truy cp n phn cng. Tuy nhin vn cn
mt s code ca cc ngn ng ging C.
Bo v trong thi gian dch
89
Thit lp cc k thut lp trnh an ton. Nu s dng ngn ng tim n khng an ton

nh C, lp trnh vin cn vit code an ton mt cch tng minh. Bng thit k vi
code mi, sau khi xem xt code c. Xem an ton trn b m nh tp con cc k
thut lp trnh an ton ni chung. Ch n cc li nh, kim tra khng gian trong
b m bt k.
C ngh m rng an ton cho C nh to im pht thc thi, cn dch chng trnh
vi chng trnh dch c bit. C mt s phng n th vin chun an ton, cc hm
mi, nh strlcpy(). Ci t li an ton hn mt s hm chun nh th vin ng,
chng hn Libsafe.
B sung code ca chc nng nhp v thot kim tra ngn xp ghi nhn vic ghi
, s dng yu t ngu nhin nh bo v ngn xp, kim tra vit gia bin cc b
v con tr khung lu tr v a ch tr v. Chng trnh dng nu pht hin thay i.
Pht hnh: bn dch li, h tr pht hin li hoc copy an ton lu tr/kim tra a ch
tr v.
Bo v trong thi gian chy
S dng h tr b nh o to mt s vng b nh khng thc thi c nh stack,
heap, global data. Cn h tr t cc phn cng b nh nh trong SPARC / Solaris
systems, x86 Linux/Unix/Windows systems. Pht hnh h tr cho code ngn xp thc
thi, cn mt s d phng c bit.
Thao tc trn v tr ca cc cu trc d liu chnh, s dng tnh tin ngu nhin cho
mi tin trnh, c vng a ch ln trn cc phng tin ca cc h thng hin i
chng cc va chm v on a ch b m ch l khng th. V tr ngu nhin cho
b m heap v v tr cc hm th vin chun. t cc trang bo v gia cc vng
quan trng ca b nh, t c trong b nh nh a ch khng hp l. C th ngay c
t gia cc khung ngn xp v cc b m heap trong thi gian thc thi v phi tr
gi v khng gian.
C nhiu cc phng n tn cng khc: phng n trn ngn xp, trn heap, trn d
liu tng th, trn xu nh dng, trn s nguyn. C th c nhiu hn na c pht
hin trong tng lai. Mt s khng th ngn chn tr khi code an ton lc ban u.
Phng n trn ngn xp ch vit b m v con tr khung lu tr tr v xy ra
nhng n khung gi tr v li gi hm iu khin bi k tn cng c dng khi c
trn b m gii hn. V d tch ra bi mt khung. Tuy c cc hn ch: cn bit a
ch chnh xc ca b m, hm gi thc hin vi khung gi, phng n trn ngn xp
thay a ch tr v bng hm th vin chun p li s bo v ngn xp khng thc
thi. K tn cng xy dng cc tham s ph hp trn ngn xp pha trn a chi tr v.
K tn cng c th cn a ch chnh xc ca b m, c th ngay c kt ni hai li
gi th vin.
Cng c tn cng b m t trong heap. Thng thng t trn code ca chng
trnh, b nh c yu cu bi chng trnh s dng cho cc cu trc d liu
ng, v d nh danh sch mc ni. Khng c a ch tr v, nn khng c chuyn
giao quyn iu khin d dng. C th c con tr hm khai thc hoc thao tc cu
trc d liu qun tr. Cch bo v l dng heap ngu nhin v khng thc thi.
C th tn cng b m t trong d liu tng th. C th t pha trn code ca
chng trnh. Nu c con tr hm v b m c l hng hoc bng qun tr cc qu
trnh lin k. Nhm ti vit con tr hm c gi sau . Cch bo v l dng
90
vng d liu tng th ngu nhin v khng thc thi, dch chuyn con tr hm, cc
trang bo v.
7.4 Bc tng la
7.4.1 M u
Bc tng la pht trin mnh m, c ng dng trong cc cc h thng thng
tin. By gi mi ngi u mun ln Internet v cc mng lin kt vi nhau. V
vy cn quan tm thng xuyn v an ton. Khng d dng bo v tng h thng
trong t chc. Thng thng s dng bc tng la, cung cp vng bo v nh
mt phn ca chin lc an ton ton din.
Bc tng la l g
L im c chai kim sot v theo di. Cc mng lin kt vi tin cy khc
nhau, buc c hn ch trn cc dch v ca mng. Chng hn, vn chuyn phi c
giy php. Kim tra v kim sot truy cp, c th ci t cnh bo cc hnh vi bt
thng. Cung cp bng NAT v s dng theo di gim st. Ci t mng ring o
(VPN) s dng c ch an ton IPSec. C th min dch trc.
Hn ch ca bc tng la
Khng bo v c cc tn cng i vng qua n, chng hn mng ln lt, thit b
modems. N ngn cn c cc t chc tin cy v dch v tin cy (SSL/SSH).
Khng bo v chng cc mi e da t bn trong, chng hn nh nhng nhn vin
bc tc hoc thng ng vi k xu. Khng th bo v chng vic truyn cc
chng trnh hoc file nhim virus, v c phm vi rt rng cc dng file v cc h
iu hnh
7.4.2 Bc tng la cc lc gi
L thnh phn ca bc tng la nhanh nht v n gin nht, l c s ca mi h
thng tng la. N kim tra mi gi IP (khng c ng cnh) v cho php hay t
chi tu theo qui tc xc nh. Suy ra c hn ch truy cp n cc dch v v cc
cng.
Cc ng li mc nh c th
o Rng khng cho php tc l cm
o Rng khng cm tc l cho php
Packet Filtering Examples

A
action
block
allow
action
block
ourhost
*
OUR-GW
ourhost
*
port
*
25
theirhost
SPIGOT
*
port
*
theirhost
*
91
port
*
*
port
*
comment
we dont trust these people
connection to our SMTP port
comment
default
action
allow
action
allow
allow
action
allow
allow
allow
ourhost
*
src
{ourhost}
*
src
{ourhost}
*
*
port
*
port
*
25
port
*
*
*
theirhost
*
dest
*
*
dest
*
*
*
port
25
*
port
*
*
>1024
port
25
flags
ACK
flags
ACK
comment
connection to their SMTP port
comment
our packets to their SMTP port
their replies
comment
our outgoing calls
replies to our calls
traffic to nonservers
Tn cng cc lc gi
a ch IP la o: gi a ch ngun lm cho tin tng, b sung b lc ln mch
chuyn ngn chn.
Tn cng mch truyn gc: k tn cng t c truyn khc vi mc nh, ngn
chn cc gi truyn gc
Tn cng cc on tin (fragment) nh. Chia thng tin phn u thnh mt s on
nh. Hoc b qua hoc sp xp li trc khi kim tra
Bc tng la cc lc gi trng thi
Lc gi truyn thng khng kim tra ng cnh ca tng cao hn, tc l snh cc
gi v vi dng chy ra. Lc gi trng thi hng n yu cu . Chng kim tra
mi gi IP trong ng cnh: gi vt theo di vi cc k client-server, kim tra tng
gi ng thuc vo mt phin. Suy ra c kh nng tt hn pht hin cc gi gi
tch khi ng cnh.
7.4.3 Bc tng la cng giao tip tng ng dng (hoc proxy)
C cng giao tip chuyn dng cho ng dng proxy (ngi c u quyn).
C truy cp y n giao thc
o Ngi s dng yu cu dch v t proxy
o Proxy kim tra cc yu cu c hp l khng
o Sau x l yu cu v tr li cho ngi s dng
o C th vo/theo di vn chuyn tng ng dng
Cn cc proxies khc nhau cho mi dch v
o Mt s dch v h tr mt cch t nhin proxy
o Nhng loi khc th cn gii quyt mt s vn
92
7.4.4 Bc tng la - cng giao tip mc mch vng

Chuyn tip 2 kt ni TCP. C s an ton bng cch hn ch m cc kt ni ny
cho php. Mi ln to ra chuyn tip thng thng khng kim tra ni dung. Thng
thng c s dng khi tin cy ngi s dng bn trong bng cch cho php cc kt
ni ra ngoi ni chung. Gi SOCKS c s dng rng ri cho mc ch ny.
7.4.5 My ch Bastion
H thng my ch an ton cao. Chy cng giao tip mc ng dng v mch vng.
Hoc cung cp cc dch v truy cp bn ngoi. C tim nng th hin cc yu t
ca my ch. V an ton bn vng, nn h iu hnh nng n hn, cc dch v
chnh, b sung xc thc, proxies nh, an ton, c lp, khng c quyn.
C th h tr 2 hay nhiu hn kt ni mng v c th c tin cy p buc
chnh sch tch bch tin cy gia cc kt ni mng.
Cu hnh bc tng la (Firewall Configurations)
93
7.4.6 Kim sot truy cp

H thng xc nh c nh danh nh ngi s dng, xc nh cc ngun gc
no n c th truy cp. M hnh tng qut l ma trn truy cp vi
o Ch th - thc th ch ng (ngi s dng, qu trnh)
o i tng - thc th b ng (file hoc ngun)
o Quyn truy cp cch m i tng c truy cp
C th c phn tch bi
o Cc ct nh danh sch kim sot truy cp
o Cc hng nh cc th v kh nng
Ma trn kim sot quyn truy cp
94
7.4.7 Cc h thng my tnh tin cy

An ton thng tin ngy cng quan trng. C cc mc khc nhau v s nhy
cm ca thng tin
o Phn loi thng tin qun s: bo mt, b mt
Ch th (ngi hoc chng trnh) c nhiu quyn khc nhau truy cp n cc i
tng thng tin. c bit nh an ton nhiu tng
o Ch th c mc an ton ti a v hin ti
o i tng c phn loi mc tin cy c nh
Mun xem xt cc cch tng tin tng trong h thng cng c cc quyn .
7.4.8 M hnh Bell LaPadula
Mt trong nhng m hnh an ton ni ting nht. c ci t nh cc chnh sch
bt buc trong h thng. C hai chnh sch chnh
o Khng c ln (tnh cht an ton n gin)
Ch th ch c th c/vit cc i tng nu mc an ton
hin ti ca ch th tri hn (>=) phn loi ca i tng
o Khng vit xung (tnh cht *)
Ch th ch c th b sung/vit ln i tng nu mc an ton
hin ti ca ch th c tri (<=) bi phn loi ca i tng
Reference Monitor
(Giao din ch dn)
Cc h thng my tnh trin khai

Chnh ph c th pht trin cc h thng IT. ng u vi phm vi rng cc
chun
o TCSEC, IPSEC v by gi l Tiu chun Chung
Xc nh mt s mc trin khai vi tng cng kim tra qui tc. xut bn
danh sch cc sn phm trin khai
o Ch hng ti s dng cho chnh ph/quc phng
95
o Cng c th hu ch trong cng nghip

7.4.9 Tiu chun chung
c t yu cu an ton quc t khi u v xc nh tiu chun trin khai. Tch
hp vi cc chun khc
o Chng hn CSEC, ITSEC, CTCPEC (Canada), Federal (US)
c t cc chun cho
o Tiu chun trin khai
o Phng php lun cho ng dng ca Tiu chun
o Cc th tc hnh chnh trin khai, chng nhn v cc s ch nh
Xc nh tp cc yu cu an ton, c ch trin khai (TOE). Yu cu ri vo trong
2 loi sau
o Chc nng
o S tin cy
C hai c t chc theo lp classes ca h hoc cu thnh
Cc yu cu Tiu chun chung
Yu cu chc nng
o Kim sot an ton, h tr m, trao i thng tin, bo v d liu ngi s
dng, nh danh v xc thc, qun l an ton, tnh ring t, bo v cc
hm an ton tin cy, ngun thit thc, truy cp TOE, ng dn tin cy
Yu cu s tin cy
o Qun l tham s h thng, phn phi v thao tc, pht trin, ti liu ch
dn, h tr thi gian sng, kim tra, nh gi l hng, bo tr s tin cy
Cu hi v bi tp
1. Lit k v phn loi cc phn mm c hi v cc bin php phng chng.
2. Phn tch cc k thut xm nhp h thng v cch phng nga.
3. Nu cc bin php tng cng an ninh, bo mt my tnh c nhn da trn cc
phn mm thng dng hin c.
4. Mc ch yu cu ca vic xy dng bc tng la. C nhng loi bc tng
la no.
5. Nu cch thit lp bc tng la s dng cng c h tr trong h iu hnh.
6. Phn tch cc li trn b nh c th xy ra, nu nguyn nhn.
7. Tm hiu cc yu cu lp trnh an ton.
8. Trnh by mt s m hnh h thng my tnh tin cy.
96
DANH MC CC K HIU, CC CH VIT TT

Stt
K hiu
Din gii
ACL
Access Control List Danh sch kim sot truy cp
AES
Advanced Encryption Standard - chun m quc t
AH
Authentication Header - u mc xc thc
CA
Certification authority Ch quyn chng nhn
CERT
Computer emergency response team - i cp cu s c my tnh
CRL
Certificate revocation list Danh sch thu hi chng nhn
CSDL
C s d liu
CNTT
Cng ngh thng tin
CSHT
C s h tng
10
CBC
Cipher Block Chaining Dy m khi
11
CFB
Cipher feedback - Phn hi m
12
DBA
Database administrator - Qun tr h thng
13
DES
Data Encription Standards Chun m d liu
14
DNA
Domain Name System H thng tn min
15
DSA
Digital signature Algorithm Thut ton ch k in t
16
DSS
Digital signature standard Chun ch k in t
17
ECB
Electronic codebook sch m in t
97
18
ECC
Encription curve code m ng cong Elip
19
ESP
Encapsulating security payload ti bo mt ng gi
20
FIPS
Federal Information Processing Standard - chun x l thng tin

Lin bang
21
IDEA
International data encryption algorithm - Thut ton m d liu

quc t
22
IPKI
Internet X.509 public key Infrastructure - H tng kho cng khai

Internet X.509
23
KDC
Key Distribution Center Trung tm phn phi kha
24
LAN
Local area network mng cc b
25
MD
Message digest digest bn tin
26
NAT
Network address translation dch a ch mng
27
PKCS
Public key cryptography standard Chun m khoa cng khai
28
PKI
Public Key Infrastructure - H tng kho chung
29
PGP
Pretty Good Privacy Phn mm bo mt th in t
30
RSA
Thut ton m cng khai RSA mang tn Rivest, Shamir, Adleman
31
SET
Secure Electronic transaction Thanh ton in t an ton
32
SHA1
Secure hash algorithm 1 Thut ton bm 1
33
SMTP
Simple Mail Transfer Protocol Giao thc chuyn th n gin
34
SOAP
Simple Object Access Protocol Giao thc truy cp i tng

n gin
98
35
SSL
Secure Socket Layer giao thc bo mt lp vn chuyn
36
TLS
Transport Layer Security Chun giao thc bo mt lp vn

chuyn
37
UID
User Identification nh danh ngi s dng
38
TTP
Trusted Third Party Bn th ba tin cy
39
URL
Uniform Resource Locator a ch ngun thng nht
40
VPN
Virtual private network mng ring o
41
WAN
Wide area network - mng din rng
42
WTLS
Wireless transport layer security an ton tng vn chuyn khng

dy
99
DANH SCH CC TI THO LUN

STT
1.
2.
3.
4.
5.
Tn ti
Phng php m bo an ninh trn b TCP/IP, IPSEC
H thng firewall
Trnh by v IDS, IPS
Tm hiu mt s h thng x l thng tin theo di, phn tch, cnh bo s c an ton
mng quc t (SIEM, threat-management-system-datasheet (TMS)
Tm hiu h thng AlientVault Open Source SIEM (OSSIM)
6.
Trnh by v cc hnh thc tn cng vo h thng thng tin doanh nghip ph bin hin
7.
nay
Trnh by v cc bin php phng chng tn cng bng phn cng c phn phi v
8.
s dng ph bin hin nay

Trnh by v bin php phng chng tn cng bng phn mm phn phi v s dng
ph bin hin nay
9.
10.
11.
12.
13.
14.
15.
Trnh by v SSL
Trnh by v SET v WEP
Trnh by v cc l hng ph bin trn Website hin nay
Trnh by v virus v worm
Trnh by cc im yu trong cc h thng thng tin hin nay
Trnh by v Trojan
Trnh by v DoS, DdoS, DRDoS
16. Trnh by v nguyn tc hot ng v c ch pht hin, ngn chn ng thi gii thiu
mt s chng trnh dit Virus ph bin hin nay
100
TI LIU THAM KHO

[1] William Stallings. Cryptography and Network Security: Principles and Practice. Fourth
Edition. Pearson Education, 2005.
[2] A. Menezes, P. van Oorschot v S. Vanstone. - Handbook of Applied Cryptography, Fifth
Edition, CRC Press, 1996.
[3] Douglas Stinson - Cryptography: Theory and Practice. Boca Raton. FL. CRC Press,
2007.
[4] http://en.wikipedia.org
[5] http://vn.wikipedia.org
[6] http://www.ietf.org/rfc
[7] http://www.schneier.com/blowfish.html
[8] http://www.rsasecurity.com
[9] http://people.csail.mit.edu/rivest/crypto-security.html
[10] Nguyn Ngc Tun, Hng Phc. Cng ngh bo mt World Wide Web.
Nh xut bn Thng k, 2005.
101

Giáo trình Bảo mật thông tin

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Giáo trình Bảo mật thông tin

Uploaded by

Copyright:

Available Formats

GIO TRNH

CHNG 1. TNG QUAN V BO MT

1.1.3 Phn loi tn cng ph hoi an ton:

Cc h thng trn mng c th l i tng ca nhiu kiu tn cng:

y l cng c m bo an ton ca h thng x l thng tin v truyn thng tin

1.3 M hnh an ton mng

Trc ht ni v dich v an ton, X800 nh ngha y l dch v cung cp cho tng

M hnh truy cp mng an ton:

S dng m hnh trn i hi chng ta phi:

1.4 Bo mt thng tin trong h c s d liu

d liu dng m ha v d liu ny s c gii m bi ng dng. Gii php ny

M hnh trung gian

Kin trc mt h bo mt CSDL

Trnh by cc khi nim v an ton thng tin v bo mt thng tin

Mi thut ton m c in u l m kho i xng, v thng tin v kha c

ngi s dng, cc m c cc k thm m cng nh nhng ngi pht

ton khng iu kin. Ngoi ra cha c thut ton m ha no c coi l an ton

c = E(p) = (p + k) mod (26)

Bng tn sut ch ci ting Anh:

S dng bng tn sut vo vic thm m

Nh chng ta thy khng phi s kho ln trong m bng ch n m bo

m ch w u tin ta tm ch u ca kha l d, nh vy w s c m trn bng

ch trong bn r nm trn cng ct vi ch v nm trn hng tng ng vi ch

An ton ca m Vigenere. Nh vy c ch m khc nhau cho cng mt ch ca bn

cng mt ch. Nh vy t lp ca cc ch trong bn m c th cho php xc nh

ngh n vic kt hp c hai phng php ny trong cng mt m v c th s dng

ODQSOCL OW GIU BOEE QRROHOCS QV GIUR KIA QF Q DQCQSLR WIR

S dng m t trong cc ngn ng l p trnh C, C++, Java ho c C# lm cc bi t p sau:

3.1 S hc trn Modulo

3.1.3 c s chung ln nht.

Bi ton. Cho hai s nguyn dng a v b. Bi ton tm c chung ln nht

Nguyn t cng nhau. Ta thy 1 bao gi cng l c s chung ca hai s

Tm c chung ln nht. By gi chng ta xt bi ton tm c s chung ln

Thut ton clit tm GCD(a, b)

: Hai s nguyn khng m a v b vi a b

V d: Sau y l cc bc chia ca thut ton trn khi tnh:

Thut ton Euclide m rng:

: Hai s nguyn khng m a v b vi a b

: d UCLN a , b v cc s nguyn x v y tho mn ax by d .

3.1. q a mod b, r a qb, x

Bng sau ch ra cc bc ca thut ton trn vi cc gi tr vo

Bi vy ta c UCLN 4864 , 3458 38 v 4864 32 3458 45 38

3.2. Mt s thut ton trn Zn

nh ngha: Phn t nghch o

nguyn x Z n sao cho:

Nu x tn ti th n l duy nht, a c gi l kh nghch. Phn t nghch o ca

: a 1 mod n (nu tn ti).

(1) Dng thut ton Euclide m rng tm cc s nguyn x v y sao cho

(2) Nu d 1 th a 1 mod n khng tn ti. Ngc li return x .

3.2.2. Tnh A^k mod N

V d: Bng sau ch ra cc bc tnh ton ak mod n, vi a = 7, k = 560 =

3.3 Gii thiu l thuyt s

Ngc li c th xc nh c chung ln nht bng cch trong cc phn tch ra tha

o Nu p v q l hai s nguyn t khc nhau, th

o c th chng minh c rng:

3.3.7 Kim tra tnh nguyn t

Kim tra s n c l s nguyn t khng, ta ch cn xt n l l, khi n-1 l chn v

Thut ton Miller - Rabin

V d. Tnh 17 mod 77. p dng nh l phn d Trung hoa, ta coi A = 178,

11-1 mod 7 = 4-1 mod 7 = 2, suy ra c1 = 11*2 = 22

3. Ci t thut ton clit m rng

70254 mod (11*13)

CHNG 4. CHUN M D LIU (DES) V CHUN M NNG

Trong h m RSA c N = pq = 103 113 s c bao nhiu trng hp l bn r.