2012NetworkSecurity V3.3 SV

Ni dung
An ton v An ninh
thng tin Mng
Nhp mn An ton thng tin mng

m bo tnh mt
I.
II.
Cc h mt kha i xng (m ha i xng)

Cc h mt kha cng khai ( m ha bt i xng )
I.
II.
Bi ton xc thc
III.
Nguyn Linh Giang.

B mn Truyn thng
v Mng my tnh.
I.
II.
III.
IV.
C s bi ton xc thc
Xc thc thng ip
Ch k s v cc giao thc xc thc
Cc c ch xc thc trong cc h phn tn
Bo v cc dch v Internet
An ton an ninh h thng
IV.
V.
I.
II.
III.
IV.
V.
FireWall v Proxy
H thng pht hin v ngn chn xm nhp ( IDS )
L hng h thng
Case study Windows NT v Linux
Virus my tnh
Ni dung
Cc ch tiu lun
Ti liu mn hc:
1. Cc h mt kha cng khai.
W. Stallings Networks and Internetwork security

W. Stallings Cryptography and network security
Introduction to Cryptography PGP
D. Stinson Cryptography: Theory and Practice
2. H tng kha cng khai PKI
Cu trc h tng fkha cng khai.

Chng ch s, cc chun;
Trin khai thc t. Cc ng dng trong cc giao dch.
Cc h thng m ngun m.
Cc ch tiu lun
3. Bo mt cho mng IP. IPSec. Mng ring o VPN.

ng dng.
4. Bi ton xc thc thng ip.
Cc c ch xc thc
Hm bm v hm m ha xc thc.
Cc giao thc xc thc.
Cc ch tiu lun
Cc c ch to ch k s. Giao thc ch k s.
Cc dch v ch k s.
Ch k m.
ng dng.
6. Pht hin xm nhp mng.
5. Ch k s.
C s xy dng h mt kha cng khai

Cc h mt kha cng khai.
Cc s ng dng.
Cc c ch pht hin xm nhp mng.

Pht hin theo du hiu
Pht hin theo bt thng
Phn tch cc c trng thng k ca mng.
ng dng.
7. Bo mt cho mng khng dy. Phn tch cc c trng

thng k ca cc dng tn cng t chi dch v. Xc thc
v bo mt trong mng khng dy. Pht hin bt thng
trong mng khng dy.
Cc ch tiu lun
Cc ch tiu lun
8. Bo mt h thng, bo mt mng. Cc
chnh sch, cc chun. Phn tch i vi
Windows v Unix-Linux. Cc chnh sch an
ninh mng cho mng Cisco.
9. Bo v d liu a phng tin trong qu
trnh phn phi qua h thng mng m. Vn
bo mt, bo v bn quyn v kim sot s
dng d liu a phng tin.
Cc ch tiu lun
Cc ch tiu lun
H tng kha cng khai PKI

PGP v bo mt th tn in t
S/MIME
Secure electronic transaction
Firewall, cc kin trc;
Proxy;
Cc h thng pht hin xm nhp da trn du hiu;

Cc h thng pht hin xm nhp da trn bt
thng;
Bo mt mng LAN khng dy;
Cc dng tn cng vo mng sensor.
Cc dng tn cng t chi dch v;
Tn cng SQL Injection;
Pht hin tn cng qut cng;
Cc phng php, quy trnh pht hin l hng h
thng.
10
nh gi
Chng I. Nhp mn
Gia k v qu trnh: 30%
1.
im danh: 1/3.
Thi ht mn: 70%
Lin h gio vin:

giangnl@gmail.com; s B mn: 38682596
0984933165
2.
3.
11
Bo mt cho web services;

ng nhp 1 ln vi GSS-API;
Xc thc Kerberos;
SSL v TLS;
IPSecurity;
Xc thc X509
4.
5.
Nhp mn
Cc dch v, c ch an ton an ninh thng tin v cc
dng tn cng vo h thng mng
Cc dng tn cng
Cc dch v an ton an ninh
Cc m hnh an ton an ninh mng
12
Nhp mn
Nhp mn
Bi cnh bo mt thng tin:
Trc khi xut hin my tnh: Bo v thng tin, ti

liu:
Khi xut hin cc h phn tn v s dng mng

truyn d liu v trao i thng tin: Bo v thng
tin truyn trn mng
Cc c ch bo v;
Kho kho h s lu tr vn bn.
Khi xut hin my tnh - bo v thng tin in t:
Sao chp thng tin d dng

Cn thit c cc cng c t ng bo mt cc tp, cc
dng thng tin cha trong my tnh.
c bit khi h thng c chia s ti nguyn trn mng.
Vn Computer Security.
13
Truyn d liu gia ngi s dng v my tnh,

Gia my tnh v my tnh.
Nhu cu bo v cc d liu trong khi truyn Network
Security.
Khng c ranh gii r rt gia Computer Security

v Network Security.
Gio trnh tp trung vo: an ton thng tin lin
mng: internetwork security.
14
Nhp mn
Nhp mn
Mt s v d v vn
bo v an ton thng tin:
Truyn file:
A truyn file cho B;

Trong file cha
nhng thng tin b
mt;
C khng c php
c file nhng c th
theo di c qu
trnh truyn file v sao
chp file trong qu
trnh truyn.
A v B trao i thng tin

ring t
Trao i thng ip:
C chn
gi thng
tin trao
i gia
A v B
15
16
Qun tr mng D gi thng ip

n my tnh chu s qun tr E;
Thng ip cha nhng thng
tin v danh sch nhng ngi
s dng mi.
Ngi s dng F bt thng
ip;
F thm cc user mi vo ni
dung thng ip, ri gi tip
cho E;
E nhn thng ip, khng bit
l b F thay i, vn tng l
do D gi ti v thay i danh
sch user ca mnh.
Danh
sch
NSD
D gi danh sh NSD cho E
E
F chn gi
danh sch
NSD v
sa i
danh sch
Danh
sch
NSD
Danh sch NSD

sa i
F gi
danh
sch sa
i n
cho E
Nhp mn
Nhp mn
Gi mo:
17
Kch bn ging trng hp

trc;
F to mt thng ip ca
ring mnh, cha nhng
thng tin ring c li cho F v
gi cho E.
E nhn c thng tin t F,
cho rng thng tin do D
gi v cp nht nhng thng
tin gi mo vo CSDL
D khng thng tin E
S phc tp trong bi ton Bo mt lin mng:
Khng tn ti phng php thch hp cho mi trng hp.
Cc c ch bo mt lun i i vi cc bin php i ph.
La chn nhng gii php thch hp vi tng ng cnh s

dng.
E
Danh sch gi
mo
F gi mo
D, gi
danh sch
mi n E
18
Dch v v c ch an ton an ninh

Cc dng tn cng

Cc dng tn cng
c th nh gi c nhng nhu cu v an
ton ca c quan mt cch hiu qu v c th tnh
ton v la chn nhng sn phm v chnh sch
an ninh, nh qun tr cn c nhng phng php
c tnh h thng lm c s xc nh nhng yu
cu an ton an ninh cng nh c t c nhng
cch tip cn tha mn nhng yu cu . Mt
trong nhng phng hng l kho st ba kha
cnh ca an ton an ninh thng tin.
19
Ba kha cnh an ton an ninh thng tin:
Tn cng vo an ninh thng tin
Mi tc ng lm gim mc an ton an ninh thng tin

ca h thng;
Cc c ch an ton an ninh
Cc c ch cho php:
20

Cc dng tn cng

Cc dng tn cng
Cc dch v an ton an ninh thng tin:
Cc dch v lm tng cng mc an ton ca h

thng x l thng tin v nhng thng tin c truyn i.
Cc dch v c nhim v
Cc dch v an ton an ninh.
Nhng vn ny sinh khi s dng d liu in t:

Khng c s khc bit gia cc bn sao chp s vi
nhng bn gc;
Thay i ni dung ca bn tin vt l s li du vt,
nhng thay i ni dung ca bn tin in t khng
li du vt;
Tnh xc thc:
Chng li nhng tn cng thng tin v

S dng mt hoc nhiu c ch an ton an ninh cung
cp dch v.
21
22
Danh sch cc chc nng ton vn thng tin

Identification
Endorsement
Authorization
Access ( Egress )
Liscen and/or Certification
Validation
Signature
Time of Occurrence
Witnessing ( notarization )
Authenticity-software and/or file
Concurrence
Vote
Liability
Ownership
Receipt
Registration
Certification of Origination
and/or receipt
Approval/Disapproval
Privacy ( secrecy )
Chng thc vn bn vt l ph thuc vo cc thuc

tnh vt l ca vn bn;
Chng thc vn bn phi da vo ni dung ca chnh
vn bn .

Cc dng tn cng

Cc dng tn cng
23
Pht hin,
Ngn chn hoc
Khi phc h thng sau khi b tn cng;
Phn loi cc dch v an ton an ninh:
Bo mt ring t ( confidentiality ): m bo thng tin trong

h thng my tnh cng nh thng tin chuyn ti trn mng ch
c truy cp bi nhng ngi c u quyn. Cc dng truy
cp bao gm: c, in, hin th.
Xc thc ( authentication ): m bo v ngun gc ca thng
ip hoc vn bn in t.
Ton vn thng tin ( integrity ): m bo rng ch c nhng
ngi c u quyn mi c th thay i ti nguyn ca h
thng my tnh v truyn ti thng tin. Mi thay i bao gm
ghi, xo , sa, to mi hoc xem li cc thng ip.
24

Cc dng tn cng

Cc dng tn cng
Chng ph nh ( nonrepudiation ): yu cu ngi gi

cng nh ngi nhn thng ip khng th ph nh
c lin kt.
Kim sot truy cp ( access control ): yu cu mi s
truy cp ti ti nguyn thng tin u c kim sot cht
ch t h thng.
Tnh sn sng ( availability ): yu cu h thng tnh
ton sn sng i vi nhng bn c u quyn mi khi
cn n.
25
Cc c ch an ton an ninh
Khng tn ti mt c ch duy nht c th cung cp
tt c cc dch v an ton an ninh v thc hin ht
mi chc nng ra.
Mt phn t c hu ht mi c ch bo mt s
dng: cc k thut mt m. Cc phng thc
truyn ti v lu tr thng tin da trn mt m l
c ch ph bin cung cp s an ton thng tin.
26

Cc dng tn cng
Cc dng tn cng vo h thng
Cc dng tn cng.
Truy nhp thng tin bt hp php;

Sa i thng tin bt hp php;
v.v v v.v ...
Cc dng tn cng vo h thng my tnh v mng:

Ngun thng tin
Lung thng tin thng

th-ng
Cc thng tin qu bu c th b ph hu, khng s dng c.

Dng tn cng vo tnh sn sng ca thng tin ( availability ).
V d: ph hu a cng, ct ng dy truyn ti, ph hng h thng
qun l file.
28
Chn gi thng tin (

interception ):
29
Lung thng tin b

gin on
Gin on truyn tin ( interruption ):
27
Ni nhn thng tin
Ngi khng c u
quyn c gng truy cp
ti thng tin.
Dng tn cng vo tnh
ring t ca thng tin (
confidentiality ).
V d: sao chp tri
php thng tin.
Sa i thng tin (
modification ):
Lung thng tin b

chn gi
Khng nhng truy cp

tri php thng tin m
cn sa i thng tin
gc.
Dng tn cng vo tnh
ton vn thng tin.
V d: truy cp tri php
vo h thng, sa i
thng tin, thay i ni
dung thng ip c
truyn ti.
Lung thng tin b

sa i
30
Tn cng th ng
Lm gi thng tin (
fabrication ).
Ngi khng c u
quyn a nhng thng tin
gi mo vo h thng.
Dng tn cng vo tnh xc
thc thng tin ( authencity
).
V d: a nhng thng
ip gi mo vo h thng,
thm nhng bn ghi mi
vo file.
Lung thng
tin b gi mo
31
Tn cng th ng
tng t hnh thc nghe
trm, theo di qu trnh
truyn tin.
Mc ch ca i
phng l thu c
nhng thng tin c
truyn ti.
Mi e da th ng
Chn gi thng tin mt
Gii phng ni dung

thng ip
Phn tch ti
32
Tn cng th ng
Tn cng th ng
Cc dng tn cng th ng:
Pht hin ni dung thng ip ( release of message

contents ).
Phng php chng: Ngn chn i phng thu v tm hiu

c ni dung ca thng tin truyn ti.
Dng tn cng th ng rt kh b pht hin v

khng lm thay i d liu.
Vi dng tn cng th ng, nhn mnh vn
ngn chn hn l vn pht hin.
Phn tch lu lng ( traffic analysis ).
Mc ch ca bn truyn ti thng tin: che du ni dung ca

tin khi i tng th ba c ch mt m ni dung c s
dng rng ri.
Vn t ra: bn th ba c th xc nh c v tr ca cc
my tham gia vo qu trnh truyn tin, xc nh c tn sut
v kch thc bn tin, t on c ni dung ca bn tin.
33
34
Tn cng ch ng
Dng tn cng ch
ng.
35
Dng tn cng th
ng.
Dng tn cng ch
ng bao gm: sa
cc dng d liu, a
nhng d liu gi, gi
danh, pht li, thay
i thng ip, ph
nhn dch v.
Tn cng ch ng
Mi e da ch ng
Gin on truyn tin

( tnh sn sng)
Gi danh ( masquerade ): khi i phng gi mo mt

i tng c u quyn.
Pht li ( replay ): dng tn cng khi i phng chn
bt cc n v d liu v pht li chng to nn cc hiu
ng khng c u quyn;
Gi mo thng tin
( tnh xc thc)
Sa i ni dung
( tnh ton vn)
36
Tn cng ch ng
Tn cng ch ng
Thay i thng ip ( modification of message ): mt

phn ca thng ip hp php b sa i, b lm chm
li hoc b sp xp li v to ra nhng hiu ng khng
c u quyn.
Ph nhn dch v ( denial of service): dng tn cng a
n vic cm hoc ngn chn s dng cc dch v, cc
kh nng truyn thng.
37
38
m bo tnh ring t ( Confidentiality )
m bo tnh ring t ( Confidentiality )
m bo tnh ring t ( Confidentiality ).
39
Thit lp ng truyn o gia hai h thng v ngn chn mi

hnh thc pht hin ni dung thng ip.
V d: VPN
m bo tnh xc thc ( Authentication )
Dch v m bo tnh xc thc:
i vi nhng lin kt trc tuyn, c hai kha cnh

cn phi ch ti:
Khng nh cc bn tham gia vo qu trnh truyn tin c xc

thc v ng tin cy.
i vi cc thng ip n l:
Cc thng bo, bo hiu: dch v xc thc:
41
Ngun v ch ca thng tin;

Tn sut, di;
Cc thng s khc ca lung thng tin.
40
Yu cu: pha tn cng khng th pht hin c cc c

im ca qu trnh truyn tin:
Khng thc s hu ch;

Trong nhiu trng hp kh phc tp;
Yu cu chi ph ln khi thc hin.
m bo tnh ring t: bo v lung thng tin trao i khi

cc thao tc phn tch
Bo v mi d liu c truyn gia hai ngi s dng ti mi

thi im:
Bo v cc thng ip n l hoc mt s trng n l ca

thng ip.
m bo tnh ring t ca thng tin: Bo v d liu

c truyn ti khi cc tn cng th ng.
Tng ng vi hnh thc pht hin ni dung thng ip
( release of message content ) c mt vi phng php
bo v ng truyn:
Dng tn cng ch ng rt kh c th ngn chn

tuyt i. iu yu cu phi bo v vt l mi
ng truyn thng ti mi thi im.
Mc tiu an ton: pht hin v phc hi li thng
tin t mi trng hp b ph hu v lm tr.
m bo cho bn nhn rng cc thng ip c a ra t nhng

ngun ng tin cy.
Ti thi im khi to kt ni, dch v xc thc phi hai

thc th tham gia vo trao i thng tin phi c y
quyn.
Dch v cn khng nh rng kt ni khng b can thip
bi mt bn th ba. Trong bn th ba ny c th gi
mo mt trong hai bn c y quyn c th tham
gi vo qu trnh truyn tin v thu nhn cc thng ip.
42
m bo tnh sn sng ( Availability)
m bo tnh sn sng ( Availability ).
Tn cng ph hy tnh sn sng ca h thng:
Dch v m bo tn sn sng phi:
m bo tnh ton vn( Integrity)
m bo tnh ton vn ( Integrity ).
Thc hin cc thao tc vt l tc ng ln h thng.
Ngn chn cc nh hng ln thng tin trong h thng.

Phc hi kh nng phc v ca cc phn t h thng trong
thi gian nhanh nht.
m bo tnh ton vn cng c th p dng cho lung

thng ip, mt thng ip hoc mt s trng c
la chn ca thng ip.
Phng php hu ch nht l trc tip bo v lung
thng ip.
m bo tnh ton vn:
43
44
m bo tnh ton vn ( Integrity )
m bo tnh ton vn ( Integrity )
Dch v bo m tnh ton vn d liu hng lin

kt:
Tc ng ln lung thng ip v m bo rng thng

ip c nhn hon ton ging khi c gi, khng b
sao chp, khng b sa i, thm bt.
Cc d liu b ph hu cng phi c khi phc bng
dch v ny.
Dch v bo m tnh ton vn d liu hng lin kt x
l cc vn lin quan ti s sa i ca lung cc
thng ip v chi b dch v.
45
Dch v bo m tnh ton vn hng khng lin

kt:
Ch x l mt thng ip n l. Khng quan tm ti

nhng ng cnh rng hn.
Ch tp trung vo ngn chn vic sa i ni dung thng
ip.
46
Dch v kim sot truy cp
Dch v chng ph nhn ( Nonrepudiation)
Dch v chng ph nhn ( nonrepudiation ).
47
Dch v bo m tnh ton vn d liu hng lin kt;

Dch v bo m tnh ton vn hng khng lin kt.
Dch v kim sot truy nhp.
Dch v chng ph nhn ngn chn ngi nhn v

ngi gi t chi thng ip c truyn ti.
Khi thng ip c gi i, ngi nhn c th khng
nh c rng thng ip ch thc c gi ti t
ngi c u quyn.
Khi thng ip c nhn, ngi gi c th khng
nh c rng thng ip ch thc ti ch.
Dch v kim sot truy nhp cung cp kh nng

gii hn v kim sot cc truy nhp ti cc my
ch hoc cc ng dng thng qua ng truyn
tin.
t c s kim sot ny, mi i tng khi
truy nhp vo mng phi c nhn bit hoc
c xc thc, sao cho quyn truy cp s c
gn vi tng c nhn.
48
Cc m hnh an ton mng v

h thng

h thng
Nh cung cp -c u
nhim
M hnh an ton mng
Bi ton an ton an ninh thng tin mng ny

sinh khi:
Ng-i u nhim
Thng ip
Cn
thit phi bo v qu trnh truyn tin khi

cc hnh ng truy cp tri php;
m bo tnh ring t v tnh ton vn;
m bo tnh xc thc; ..vv.
49
M hnh truyn thng ca qu trnh truyn

tin an ton
Qu trnh truyn tin -c

bo mt
V d: mt m thng ip s lm cho k tn cng khng th c

c thng ip.
Thm vo thng ip nhng thng tin c tng hp t ni dung
thng ip. Cc thng tin ny c tc dng xc nh ngi gi.
Qu trnh truyn tin -c

bo mt
C trch nhim phn phi nhng thng tin mt gia hai

bn truyn tin;
Gi cho cc thng tin trao i vi cc bn c b mt
i vi ngi tn cng.
C trch nhim phn x gia hai pha truyn tin v tnh
xc thc ca thng ip c truyn.
Cc thng tin ny c coi l b mt vi i phng.

V d: kha mt m c dng kt hp vi qu trnh truyn m
ha thng ip khi gi v gii m thng ip khi nhn.
51
52

h thng

h thng
Cc thao tc c bn thit k mt h thng an

ninh:
Thit k cc thut ton thc hin qu trnh

truyn tin an ton;
53
i ph-ng
Bn th ba c y quyn: trong nhiu trng

hp, cn thit cho qu trnh truyn tin mt:
Mt s thng tin mt s c chia s gia hai bn truyn tin.
Thng tin
mt

h thng
Qu trnh truyn ti c bo mt thng tin c gi.
Thng ip
50
Tt c cc k thut m bo an ton h thng truyn tin

u c hai thnh phn:
Knh truyn tin
Thng tin
mt

h thng
Ng-i u nhim
Pht trin nhng phng php phn phi v

chia s cc thng tin mt.
t ra giao thc trao i:
Cc thut ton ny phi m bo: tn cng khng lm mt

kh nng an ton ca chng.
Cho php hai bn truyn tin trao i thng tin s dng

nhng thut ton an ton;
Nhng thng tin mt t c an ton thch hp.
To ra nhng thng tin mt s c x l bng

thut ton trn.
54

h thng

h thng
M hnh an ton an ninh h thng

Truy nhp ca cc hacker;
Cc l hng an ninh h thng;
Cc tin trnh ngoi lai:
i ph-ng
M hnh An ninh truy nhp h thng Mng
56
Chng II.
Cc phng php mt m kha i
xng
S chung ca phng php

m ha i xng
S chung ca phng php mt m kha i xng

Mt s phng php mt m kha i xng kinh in
L thuyt h mt ca Shannon
Phng php DES
Qun tr v phn phi kha
m bo tnh ring t s dng phng php mt m
kho i xng
1.
2.
3.
4.
5.
6.
57
S m ha i xng
Mt m v thm m
58
S mt m kha i xng
S mt m kha i xng
Mt s thuc tnh ca m hnh mt m kha i

xng:
59
Cc ti nguyn
ca h thng:
D liu;
Cc qu trnh
,ng dng;
Cc phn mm;...
Con ng-i
Phn mm
Cc tin trnh truy cp ti thng tin: lm ph hy, sa

i thng tin khng c php.
Cc tin trnh dch v: pht hin cc li trong cc dch v
ca h thng ngn chn vic s dng ca nhng
ngi khng c y quyn.
55
Cng
bo v
Knh truy nhp
X*
Thm m
Thut ton m ha phi mnh khng th gii m

c thng ip nu ch da trn duy nht ni dung ca vn
bn c m ha( ciphertext ).
S an ton ca phng php m ha i xng ch ph
thuc vo b mt ca kha m khng ph thuc vo b
mt ca thut ton.
Ngun thng
ip
Khi m ha
Phng php mt m kha i xng gi thit rng:
Thm m khng thc hin c nu ch bit thng ip b

m ha v thut ton m ha.
Khng cn gi b mt thut ton.
Ch cn gi b mt kha.
Kha
mt
60
K*
Khi gii m
Ngun thng
ip
Knh mt
M hnh h thng m ha i xng.
10
S chung ca phng php

mt m kha i xng
S chung ca phng php mt

m kha i xng
Ngun thng tin:
Tp hp thng ip ca ngun:
Cc xu k t X = { X1, X2, ..., XM };
Thng ip: xu k t di m:
Xi = [ xi1, xi2, ..., xim ]
xik A; A bng k t ngun; thng thng A= {0, 1}
Mi thng ip Xi c mt xc sut xut hin P( X = Xi )
thuc tnh thng k ca ngun thng ip:
Kha mt m
Tp hp kho K = { K1, K2, ... KL},

Kha di l: Ki=[ki1, ..., kil];
kij C, C - bng k t kha; thng thng C = {0, 1}
Phn phi kha gia cc bn trao i thng tin:
61
Phn phi kha khng tp trung: Nu kha K c to ra t pha

ngun, kha K cn c chuyn cho pha nhn tin thng qua mt
knh b mt .
Phn phi kha tp trung: Kha K do bn th ba c y quyn
to ra v c phn phi cho c hai pha gi v nhn tin.
62
S chung ca phng php

mt m kha i xng
S chung ca phng php

mt m kha i xng
M mt:
Qu trnh mt m v gii m:
Tp hp thng ip m mt Y = [ Y1, Y2, ..., YN ]

Thng ip m mt: Yj = [yj1, yj2, ..., yjn]
yjp B, B bng k t m mt; thng thng B = {0, 1}
Qu trnh m ha:
Y = EK ( X )
tng thm bt nh ca qu trnh m ha, s dng s

ngu nhin R
Y = EK,R( X )
Qu trnh gii m:
Bn nhn gii m thng ip bng kha c phn phi:
X = DK( Y ) = DK ( EK,R( X ) )
63
64
S chung ca phng php

m ha i xng
S chung ca phng php m

ha i xng
Pha tn cng
Vn t ra: i phng nhn c thng ip

Y, nhng khng c c kha K. Da vo thng
ip Y, i phng phi khi phc li hoc K,
hoc X hoc c hai.
Mt m
H thng mt m c th c phn loi da vo cc tiu

ch:
i phng c th ch cn khi phc li thng ip X

bng thng ip X*.
Nu i phng mun bit thm cc thng ip trong
tng lai: cn phi xc nh c kha K.
Dng ca php ton tham gia vo m ha vn bn t dng

thng thng sang dng c mt m ha. Cc phng
php m ha thng thng ny da vo cc nguyn l sau:
65
66
Php thay th: mi k t trong bn thng ip s c nh x

vo phn t khc.
Php i ch: cc k t trong thng ip ban u c phn
b li.
Php dch;
Yu cu chnh: khng c thng tin b mt mt.
11
S chung ca phng php

m ha i xng
S chung ca phng php

m ha i xng
S lng kha c dng trong thut ton.
Phng
Nu bn gi v bn nhn cng dng chung mt kha: h

thng m ha i xng.
Nu hai kha ca b gi v bn nhn khc nhau: phng
php m ha khng i xng.
67
68
S chung ca phng php

m ha i xng
S chung ca phng php

m ha i xng
Thm m
Qu trnh xc nh X hoc K hoc c hai t pha th
ba gi l thm m ( cryptanalyst )
Chin lc c nh thm m s dng ph thuc
vo bn cht ca s m ho v nhng thng tin
do anh ta nm c.
Cc dng thm m: Cc dng tn cng vo thng
ip c m ho.
69
Ch bit vn bn c m ho ( ciphertext only attack ). Dng

b kha ny l kh nht. Nh phn tch c th bit:
Thut ton m ho.

Vn bn mt m.
Phng php ph kha: th tt c cc t hp kha c th tm
ra t hp kha thch hp. Trong trng hp khng gian kha ln
th phng php ny khng thc hin c.
i phng cn phi phn tch vn bn mt, thc hin cc kim
nghim thng k.
i phng cn phi c mt s nim v dng ban u ca
vn bn gc: ting Anh, Php, hoc l cc file DOS.
Dng tn cng ny d dng i ph nht v i phng ch c mt
s lng thng tin t nht gii m.
70
S chung ca phng php

m ha i xng
S chung ca phng php

m ha i xng
Nu i phng bt c mt s vn bn gc v vn bn m ha tng
ng ( known plaintext attack ). Nh phn tch bit:
71
thc m vn bn ban u c x l:
M ha khi ( block cipher ): vn bn nguyn thy

c x l theo tng khi thng tin v to u ra
theo tng khi thng tin.
M ha dng ( stream cipher ): thng ip u vo
c x l lin tc .
Thut ton m ho.

Vn bn mt m.
Mt hoc mt s cp vn bn gc vn bn m ho c xy dng t mt
kho mt.
Da vo nhng thng tin trn, nh phn tch tm cch pht hin kha mt K.
Nh phn tch c th da vo ngun gc ca thng ip v c on c
mt s thng tin trong vn bn gc. T da vo cp thng ip xc nh
kha mt.
Khi nh phn tch thu c h thng ngun, anh ta c th

s dng mt vn bn gc c la chn trc xc nh
vn bn m ha da vo xc nh cu trc kha mt (
chosen plaintext attack ). Nh phn tch bit:
Thut ton m ho.

Vn bn mt m.
Vn bn gc c nh phn tch la chn cng vi vn bn
mt sinh ra bi kho mt.
72
12
S chung ca phng php

m ha i xng
Vn bn m ho cho trc ( chosen ciphertext attack ). Nh phn tch

bit:
S chung ca phng php

m ha i xng
Ch
c cc thut ton m ha yu s b ph
i vi loi tn cng ch dng vn bn mt.
Cc thut ton m ha c thit k
chng dng tn cng vi vn bn gc bit (
known plaintext attack ).
Thut ton m ho.

Vn bn mt m.
Ni dung ca mt s vn bn m ho v vn bn gc c gii m tng
ng s dng m mt.
Nh phn tch phi gii m vn bn m ha hoc xc nh c kha mt.
Vn bn tu chn ( chosen text attack ). Nh phn tch bit:
Thut ton m ho.

Vn bn mt m.
Vn bn gc c nh phn tch la chn cng vi vn bn mt sinh ra bi
kho mt.
Ni dung ca vn bn m ho v vn bn gc c gii m tng ng s
dng m mt.
73
74
S chung ca phng php

m ha i xng
S chung ca phng php

m ha i xng
S m ha c coi l an ton v iu kin (

unconditional secure ): nu vn bn m mt khng cha
thng tin xc inh duy nht vn bn gc tng
ng, khng ph thuc vo pha i phng c bao nhiu
vn bn m mt.
Tnh mt ca vn bn c m bo khng ph thuc vo

lng thi gian m i phng dng ph m mt.
Ngoi tr s m mt s dng mt ln ( one-time pad ),
khng c s m mt no m bo tnh an ton v iu
kin.
75
Gi thnh b kha mt vt qu gi tr ca thng tin

c m ha.
Thi gian ph kha mt vt qu thi hn gi mt ca
thng tin.
76
S chung ca phng php

m ha i xng
77
S m mt c coi l an ton theo tnh ton (

computational secure ) nu tha mn hai iu kin:
V d: thut ton DES ( Data Encryption Standard ): Kho nh

phn
di 32 bit S lng kho: 232 35.8 pht x l vi tc
1 php m ho/s 2.15 ms vi tc 106 php m ho /
s.
di 56 bit S lng kho: 256 1142 nm x l vi tc
1 php m ho/s 10.01 gi vi tc 106 php m ho
/ s.
di 128 bit S lng kho: 2128 5.4 x 1024 nm x l
vi tc 1 php m ho/s 5.4 x 1018 nm vi tc 106
php m ho / s.
V d: Kho s dng 26 k t bng cc php hon v S lng
kho: 26! 4 x 1026 6.4 x 1012 nm x l vi tc 1 php m
ho/s 6.4 x 106 nm vi tc 106 php m ho / s.
Mt s phng php m ha i
xng kinh in
Cc phng php thay th
M Caesar
Cc k t ch ci c gn gi tr ( a = 1, b = 2, ... )
K t ca vn bn gc ( plaintext ) p c thay th bng
k t ca vn bn m mt ( ciphertext ) C theo lut m
ho sau:
C = E( p ) = ( p + k ) mod ( 26 )
Trong k nhn cc gi tr t 1 n 25.
Trong phng php ny, k chnh l kho mt m.
78
13
xng kinh in
xng kinh in
Qu trnh gii m:
p = D( C ) = ( C k ) mod ( 26 )
Phng php ph m: mt cch n gin: dng cc kho k t
1 n 25 gii m cho n khi nhn c thng ip c
ngha.
Cc vn ca m Caesar:
M mt Hill
Thut ton m ho v gii m bit trc.

Thm m:
Khng gian kha nh: ch c 25 kho;
Khi thm m bng phng php vt cn: ch cn th vi 25
kha;
Ngn ng trong bn gc bit trc v d dng nhn bit.
79
Thut ton m ho
Mi k t c gn gi tr s: a = 0, b = 1, ..., z = 25
La chn m k t lin tip ca vn bn gc;
Thay th cc k t la chn bng m k t m mt.
Vic thay th k t c thc hin bng m phng trnh
tuyn tnh.
H phng trnh m ha:
C = KP ( mod 26 )
K- ma trn kha
Thut ton gii m
P = K-1C ( mod 26 )
80
xng kinh in
xng kinh in
V d: vi m = 3, h cc phng trnh tuyn tnh c dng

sau:
C1 = ( k11p1 + k12p2 + k13p3 ) mod 26
C2 = ( k21p1 + k22p2 + k23p3 ) mod 26
C3 = ( k31p1 + k32p2 + k33p3 ) mod 26
C1 k11 k12

C2 k 21 k 22
C k
3 31 k32
k13 p1

k 23 p2
k33 p3
Ma trn K l ma trn kho mt m

V d: vi ma trn K bng:
17 17 5
K 21 18 21
2 2 19
Xu k t: paymoremoney s c m ho thnh
LNSHDLEWMTRW
pay (15, 0, 24 ); K( 15, 0, 24 )T mod 26 = ( 11, 13, 18) LNS
C = KP
81
82
xng kinh in
xng kinh in
Gii m thng ip bng ma trn K-1.
H m Hill:
Cc php ton thc hin theo modulo 26
C E K (P) KP
1
1
P D K (C) K C K KP P
83
Mc an ton ca h m Hill
4 9 15
K -1 15 17 6
24 0 17
M mt Hill c tnh mt cao khi pha tn cng ch c vn bn

mt.
Thm m h m Hill: d dng b b kha nu bn tn cng
bit c vn bn r v vn bn mt tng ng ( known
plaintext attack )
H m mt Hill m x m;
Thm m c m cp vn bn gc vn bn mt, mi
vn bn c di m;
To cc cp: Pj = ( p1j, p2j, ..., pmj ) v Cj = ( C1j, C2j, ..., Cmj )
sao cho Cj = KPj vi 1 j m i vi mt kho K cha
bit.
Xc nh hai ma trn m x m, X = ( pij ) v Y = ( Cij )
84
14
xng kinh in
xng kinh in
Ta c Y = XK K = X-1Y.
V d: vn bn gc: friday c m ho bng m mt
Hill 2 x 2 thnh PQCFKU.
H thng Vernam.
chng li qu trnh thm m, cn la chn kho tho mn:
Ta c: K( 5 17 ) = ( 15 16 ); K( 8 3 ) = ( 2 5 ); K( 0 24 ) = ( 10
20 )
Vi hai cp ban u ta c :
H m mt Vernam:
Dng cho m nh phn

Ci = pi ki
pi: bit th i ca vn bn gc;
ki: bit th i ca kho;
Ci: bit th i ca vn bn c m ho;
: php ton XOR.
15 16 5 17

K
2 5 8 3
5 17 15 16 9 1 15 16 7 19

K
8 3 2 5 2 15 2 5 8 3
85
86
xng kinh in
Gii m bng php ton ngc: pi = Ci ki

To kho: to vng lp vi mt kho. Nh vy thc t,
h thng lm vic vi mt kha rt di nhng lp li.
H thng Vernam c th b ph nu i phng bit mt
vn bn m c di ln, s dng mt s vn bn
gc bit.
Vi kho c sinh ngu nhin, c di bng di
vn bn gc, khng lp li: s m s dng mt ln (
one-time pad ): khng th ph kho. u ra c lp
thng k vi vn bn gc.
Vn ny sinh: m bo mt cho qu trnh gi v nhn
kho ngu nhin.
87
Khi nim an ton

tuyt i.
Ngun thng
ip
Thut ton m
ha
K
Ngun to s R
ngu nhin
Thm m
X*
K*
Thut ton gii

m
Ngun thng
ip
Knh mt
Kha
mt
88
Ngun thng tin X = [ X1, X2, ..., XM ], Xi A; A

bng k t( latin, nh phn, ...).
Kho K = [ K1, K2, ... KL ], kha K c to ra.
89
Kho c di bng vn bn r.
Kha c chn sao cho kho v vn bn gc c lp thng k.
Nu kha K c to ra t pha ngun, kha K cn c

chuyn cho pha nhn tin thng qua mt knh b mt.
Kha K c th c to ra bi bn th ba v c phn
phi cho bn gi v bn nhn.
Cc k t ca kho K nm trong mt bng k t: bng k
t nh phn { 0, 1 }
B to s ngu nhin: R = [ R1, R2, ..., RJ ];

Thng ip c m ha l hm ca X, R v
K : Y = [ Y1, Y2, ..., YN ]
Y = EKR( X )
Bn nhn gii m thng ip bng kha
c phn phi:
X = D K( Y )
90
15
Vn t ra: i phng nhn c

thng ip Y, nhng khng c c kha
K. Da vo thng ip Y, i phng phi
khi phc li hoc K, hoc X hoc c hai.
i phng ch bit c vn bn m mt Y.
S bo mt tuyt i: Vn bn gc X c lp
thng k vi vn bn m Y.
P( X = x | Y = y ) = P( X = x )
i vi mi vn bn gc: X = [ x1, x2, ..., xM ] v vn bn
m ho Y.
92
V d: h m Vernam
Bng ch ci: A = { 0, 1, ..., |A| 1 }

di ca vn bn gc, kho v vn bn m bng nhau:
M = L = N.
Kho c chn ngu nhin: P( K = k ) = |A|-M i vi
|A|M t hp kho.
Qu trnh m ho: Yi = Xi Ki, i = 1, 2, ..., M.
Do vi mi k t xj thuc Xi v yi thuc Yj ta c duy nht
ki thuc Kj, do : P( Y = y | X = x ) = P( Z = z ) = |A|-M
khng ph thuc vo X.
93
Yu cu i vi kho trong h thng bo mt tuyt i.
nh l: i vi h mt hon ho
H( X ) = H( X | Y ) H( K )
Nu bng k t gc v bng k t m c cng s k t: LX = LK
( trong trng hp m s dng mt ln one time pad ) v vn
bn gc hon ton ngu nhin, gii hn Shannon v tnh mt
hon ho s tr thnh:
lM
di ca kha t nht phi bng di ca vn bn gc
m bo tnh mt tuyt i.
94
Ph cc kha khng tuyt i mt.
t vn : khi no nh phn tch m mt ca

i phng c th ph c cc m khng
mt tuyt i ?!
Key equivocation function - hm nhp nhng
ca kha:
f( n ) = H( K | Y1, Y2, ..., Yn )
ny xc nh bt nh ca kha khi bit n
k t u tin ca vn bn m mt.
Unicity distance u khong cch duy nht u:

gi tr n nh nht sao cho f( n ) 0.
i vi m mt ngu nhin, ta s c:
H (K )
r log Ly
r 1
H(X )
N log Ly
- d tha ca thng ip cha trong N k t

ca m mt thuc bng ch ci c kch thc Ly .
Hm
95
M bit ca vn bn gc s c m ho trc khi kho mt K

v chui ngu nhin R thay i.
i phng bit cc thut ton m ho v gii m.

i phng c th ch cn khi phc li thng ip X
bng thng ip X*.
Nu i phng mun bit thm cc thng ip trong
tng lai: cn phi xc nh c kha K.
91
Kha mt ch c s dng mt ln.
96
16
Phng php mt m DES
Phng php mt m DES
Vn bn gc X, vn bn m mt Y l cc chui nh phn
di 64 bit.
Kha K c di 56 bit.
Tng khi 64 bit c m ha c lp s dng chung mt
kha.
97
Phng php S-DES( DES gin lc )

Phng php mt m DES
98
S- DES
(Simplified data encryption standard)
Gii thut S-DES(Simplified DES):

DECRYPTION
ENCRYPTION
8-bit plaintext
8-bit plaintext
S-DES - phin bn n gin ca DES;

Cho php:
10-bit key
Cu trc ca DES l rt phc tp
P10
fk
10
0
Gii thut S-DES
K2
-1
8-bit ciphertext
K2
fk
IP-1
8-bit ciphertext
Hnh 1:S m ho v gii m S-DES
Gii thut S-DES
Gii thut m ho S-DES s dng phng php

m ho theo khi
u vo:
- 8-bit block ca bn r
- 10-bit kho
u ra:
- 8-bit ca bn m
10
1
fk
SW
P8
fk
IP
K1
SW
Do gio s Edward Schaefer thuc trng i hc Santa Clara

pht trin
99
K1
Shift
Cc tham s ca S-DES nh hn trong DES;
IP
P8
S-DES n gin hn nhiu so vi DES
Shift
IP
M ho v gii m bng tay;

Hiu bit su v hot ng chi tit ca gii thut DES.
Gii thut m ho bao gm 4 hm:

- Hm IP(Initial Permutation)
- Hm fk
- Hm SW (Switch)
- Hm IP-1
Gii thut m ho c th biu din nh mt hm sau y:
ciphertext=IP-1(f(SW(f(IP(plaintext)))))
Tng t gii thut gii m c th biu din nh hm sau:
plaintext =IP (f(SW(f(IP-1 (ciphertext)))))
10
2
17
Sinh kho trong S-DES:
Cc hm sinh kho:
10-bit ke y
P10:y l hm hon v tun theo lut nh trong bng
LS-1: L hm dch vng 1 bit

LS-2: L hm dch vng 2 bit
P8:L hm hon v tun theo lut nh trong bng
P10
5
LS-1
LS-1
P8
LS-2
LS-2
5
8
10
3
5
P8
Hinh2: S to kha ca thut ton S-DES
10
4
M ho S-DES:
Hm fk:
8-bit plaintext
Hm IP v hm IP-1:
+
Hm IP tun theo lut sau:
IP
fk
E/P
S0
8
+
Hnh 3:M hnh chi tit fk
+ Hm IP-1 tun heo lut sau:
K1
4
S0
2
P4
4
10
5
10
6
+
4
Khi thay th S-box
E/P(expension/permutation):
Hm E/P tun theo lut sau:
10
7
Nu gi 4 bit u vo l (n1,n2,n3,n4) th E/P c biu din chi

tit nh sau:
Ti u vo S-box mt khi 8 bit c chia thnh hai khi 4 bit;

Mi khi 4 bit c a vo S0 v S1
Thay th mi khi 4 bit bng khi 2 bit;
Cc khi S0 v S1 c nh ngha nh sau:
S0:
S1:
10
8
18
Khi thay th S-box
Hon v P4
Phn t trong khi S-box c di 2 bit;

Qu trnh thay th trong S-box:
Hon v P4 tun theo lut sau:
Vi 4 bit u vo l (b1,b2,b3,b4);
b1
v b4 kt hp thnh mt s ch hng ca S box,

v b3 to thnh s ch ct trong S box;
Phn t nm trn hng v ct xc nh thay th cho
4 bit u vo ca S-box .
b2
10
9
11
0
Qun tr v phn phi kha trong m

ha i xng
Hm SW
Hm fk ch thc hin trn 4 bit tri ca u vo;

Hm SW hon i 4 bit phi v 4 bit tri ln p
dng hm fk th 2 s thc hin trn 4 bit phi.
p dng hm fk ln 2 thc hin cc hm E/P
,S0,S1,P4 nh trn.
11
1
11
2

ha i xng

ha i xng
Mt s k thut phn phi kho.
Phn phi kha khng tp trung: Kho c A la

chn v phn phi vt l ti B.
Phn phi kha tp trung: Ngi th ba C la chn
kho v phn phi vt l ti A v B.
Nhn xt:
11
3
t vn :
Trong k thut mt m truyn thng, hai pha tham gia
vo truyn tin phi chia s kho mt kho phi
c m bo b mt : phi duy tr c knh mt
phn phi kha.
Kha phi c s dng mt ln: Kho phi c

thng xuyn thay i.
Mc an ton ca bt k h mt s ph thuc vo k
thut phn phi kho.
Nu A v B trc y v hin nay dng kho, mt

pha c th gi kho mi dng kho c m ho.
Nu A v B c kt ni m mt vi pha th ba C, C c
th phn phi kho theo ng m mt ti A v B.
Phn cp kho:
Vic s dng trung tm phn phi kho da trn c s

ca vic phn cp cc kho.
Hai k thut ny kh cng knh khi cc bn tham gia vo

trao i thng tin vi s lng ln.
11
4
19

ha i xng
S dng
phn
cp
kho
Kho phin
D liu

ha i xng
Bo v bng
mt m
Kch bn qu trnh phn phi kha.
D liu
-c m
ho
Bo v bng
mt m
Gi thit: mi ngi s dng cng chia s mt kha mt chnh

vi trung tm phn phi kha ( KDC ).
Tin :
Kho chnh
D liu
Bo v khng
bng mt m
11
5
11
6

ha i xng

ha i xng
Kch bn phn phi kha:
A yu cu KDC kha phin bo mt lin kt lgic vi B.
Trong thng ip ny cha nh danh ca A v B cng vi

du hiu nhn din N1.
Du hiu nhn din N1 ny ch c s dng mt ln trong
trng hp ny.
Du hiu nhn din N1 c th l du thi gian, b m, hoc
l mt s ngu nhin.
Yu cu ti thiu i vi du nhn din: du hiu ny phi
khc nhau i vi tng yu cu.
ngn ch s gi mo, du hiu nhn din phi kh b i
phng d on. Nh vy, s ngu nhin l la chn tt.
11
7
Trung tm phn phi kha KDC tr li A bng thng ip c

m ha bng kha KMA. Nh vy ch c A l ngi duy nht c
th gii m thnh cng thng ip v A cng xc nh c
ngun gc ca thng ip ( A xc nh c thng ip l do
KDC gi ti do kha KMA ch c duy nht A v KDC bit ).
Trong thng ip cha nhng thng tin dnh cho A:
Kha phin s dng mt ln KS;

Thng ip gc cng vi du hiu nhn dng N1. Cc thng tin ny
cho php A so snh cu tr li t KDC vi yu cu ban u.
11
8

ha i xng

ha i xng
Nh vy, A c th kim tra rng yu cu ban u khng b

thay i trc khi KDC nhn c v do c du hiu
nhn dng N1 nn thng ip ny khng phi l phin
bn pht li ca mt yu cu no trc .
Trong thng ip cng c nhng thng tin dnh cho B:
A lu li kha phin KS s dng cho lin kt sp thit lp

v
gi cho B nhng thng tin ca KDC dnh cho B Ekb[ KS ||
IDA ]. V nhng thng tin ny c m ha bng KMB nn
chng c bo v khi hnh thc nghe trm. Sau khi nhn
c thng ip t A, B bit c kha phin KS, v bit
c pha bn kia l A t nh danh ca A. Thm vo , B
bit c nhng thng tin ny l do KDC cung cp v c
m ha bng KMB Ekb.
Nh vy t thi im ny, kha phin c phn phi mt
ti A v B. A v B c th s dng kha phin trao i thng
tin. Tuy nhin tng tin cy cho qu trnh trao i thng
tin v ngn chn cc kh nng tn cng, hai bc sau c th
c p dng:
Kha phin s dng mt ln KS;

nh danh ca A IDA.
Hai thng tin ny c m ha vi kha mt KMB chia s

gia B v KDC. Nhng thng tin ny c gi cho B
thit lp lin kt v chng minh nh danh ca A.
11
9
Ngi s dng A mun thit lp kt ni lgic vi ngi s dng

B.
Hai pha trao i thng tin yu cu kha phin s dng mt ln
bo mt d liu truyn qua kt ni.
Pha A c kha mt KMA, kha ny ch c A v KDC bit.
Pha B c kha mt KMB, kha ny ch c B v KDC bit.
12
0
20

ha i xng

ha i xng
B gi ti cho A du hiu nhn dng N2 bng cch m

ha s dng kha phin.
Bng cch s dng kha phin KS, A tr li B bng
thng ip f( N2 ), trong f l hm bin i N2.
(1)Yu cu || N1
(3) EKb[Ks || IDA]
Bn khi
to lin kt
A
Cc b-c phn phi kha

ha i xng
(5) EKs[ f(N2 )]
Cc b-c
xc thc

ha i xng
Kim sot kho khng tp trung:
Bn nhn
lin kt B
(4) EKs[N2]
12
2
Kch bn phn phi

kha s dng s
m ha i xng
(2)EKa[Ks || Yu cu || N1|| EKb(Ks, IDA)]
Hai bc ny gip cho B bit c rng thng ip nhn

c trong bc trc khng b pht li.
Ta thy cc bc phn phi kha bao gm cc bc t 1
n 3. Cc bc 4, 5 cng nh bc 3 dng vo mc ch
xc thc.
12
1
Trung tm
phn phi
kha KDC
Kch bn phn phi kha khng tp trung
S dng trung tm phn phi kho KDC a ra yu cu i

vi KDC: KDC phi c u nhim v phi c bo v
khi cc tn cng.
Cc yu cu ny c th loi b nu s dng s phn
phi kho khng tp trung.
(1)Yu cu || N1
Bn khi
to lin kt
A
Bn nhn
lin kt B
(2)EMKm[Ks || Yu cu || IDB || f(N1) || N2)]
(3) EKs[ f(N2 )]
12
3
12
4

ha i xng
Mi h thng giao tip theo lin kt mt vi tt c cc h thng

trm khc vi mc ch phn phi kho phin.
S lng kho phin cc i c th c s bng: n( n 1 ) / 2.
H mt kha i xng
Kch bn phn phi kho khng tp trung.
12
5
Cc yu cu ca phn phi kho khng tp trung:
Kt chng
A gi yu cu kho phin ti cho B cng vi du hiu nhn

dng N1;
B tr li bng thng ip c m ho bng kho chnh chung
( shared master key ). Trong cu tr li cha kho phin do B
la chn Ks, nh danh ca B, gi tr f( N1 ), v u hiu nhn
dng N2.
S dng kho phin mi, A gi tr f( N2 ) cho B.
Thut ton;
H mt hon ho v h mt khng hon ho;
Qun tr v phn phi kha;
12
6
21
Nguyn l h mt kho cng khai
Chng III. Cc h mt kha cng khai

Thut ton RSA
Qun l kho
S trao i kho Diffie-Hellman
Mt s h mt kha cng khai khc
c im
Mt m cng khai da trn c s ca cc hm

ton hc.
Khng da trn php thay th v i ch nh
trong phng php m ho i xng.
M mt cng khai l bt i xng.
12
7
12
8
Xut x:
Vn phn phi kha:
H m mt kho cng khai c pht trin nhm

gii quyt hai vn phc tp ny sinh t
phng php m ho i xng:
Trong c ch m mt kho cng khai s dng hai kho:

kho mt v kho cng khai.
Cc h qu ca vic s dng hai kho bt i xng:
tnh ton vn, tnh xc thc, phn phi kho.
Cc
yu cu trong s m ho i xng: hai

bn tham gia vo trao i thng tin:
Phi chia s trc kho, kho ny phi c phn
phi bng mt cch no cho h.
Phi duy tr knh mt phn phi kha.
S dng trung tm phn phi kho KDC trong m
hnh tp trung.
Vn th nht: bi ton phn phi kho;

Vn th hai: ch k in t.
12
9
13
0
Vn ch k in t: l du hiu c
trng xc thc cc bn trao i thng tin.
H mt kho cng khai.
Ch
k in t c s dng trong cc thng

ip in t;
C hiu lc tng ng vi ch k trn giy.
Phc v xc thc cc bn trao i thng tin.
S m mt kho cng khai s dng mt kho

m ho v mt kho khc c lin quan gii
m. Cc thut ton m ho v gii m c mt s
c im quan trng sau:
13
1
KDC l ht nhn trong vic m bo an ton h

thng trao i thng tin.
13
2
Khng th xc nh c kho gii m nu ch bit

thut ton m ho v kho m ho.
Mt s h m mt kho cng khai ( nh RSA ) cn
cung cp kh nng s dng bt k mt kho trong cp
kho lm kho m ho th kho cn li s c dng
lm kho gii m.
22
S m ho cng khai:
A v B c cc cp kha (KRA, KPA), (KRB, KPB). Cc kha ny dng m

ho v gii m cc thng ip.
A v B cng b kho cng khai KPA, KPB trong cp kho, kho cn li c
gi mt.
Khi gi thng ip cho B, A s m ho vn bn bng kho cng khai K PB
ca B.
Khi nhn c thng ip, B s gii m bng kho mt KRB. Bn th ba
khng gii m c thng ip v ch c B bit kho mt KRB ca B.
Kha cng khai ca B
Vn bn r
M ha
M mt
Gii m
Kha ring ca A
Vn bn r
Vn bn r
13
4
Vn bn r
S m ho i xng
S m ho cng khai
Hot
ng
1. Cng mt thut ton v cng mt kho

m ho v gii m.
2. Ng-i nhn v ng-i gi phi chia s
thut ton v kho
1. Mt thut ton m ho, mt thut

ton gii m s dng mt cp
kho.
2. Ng-i gi v ng-i nhn phi c mt
cp kho ca ring mnh.
Bo mt
1. Kho phi -c gi mt.

2. Khng th gii m vn bn nu khng
c thng tin b sung.
3. Cc kin thc v thut ton cng vi
mu ca vn bn mt khng
xc nh kho.
1. Mt trong hai kho phi -c gi mt.

2. Khng th gii m vn bn nu
khng c thng tin b sung.
3. Cc kin thc v thut ton cng vi
mu ca vn bn mt khng
xc nh kho.
13
6
Cc yu cu i vi h mt kha cng khai
13
7
Gii m
Mi bn trao i thng tin c truy nhp ti kho cng khai.

Kho mt ( kho ring t ) c lu gi cc b ti mi bn v
khng bao gi c phn phi.
Do h thng t qun l kho mt nn knh truyn thng tin ti l
mt.
H thng c th thay i kho mt v cng b kho cng khai mi
tng ng thay th kho cng khai c bt c lc no.
13
5
M mt
m bo tnh xc thc
c im:
M ha
Kha cng khai ca A
m bo tnh mt
Nu A mun gi thng ip c xc thc cho B, A s

m ho vn bn bng kho ring ca A.
Khi B nhn c thng ip, B s gii m bng kho
cng khai ca A. Khng mt bn th ba c th gii m
c thng ip v ch c B bit kho mt ca B.
Kha ring ca B
13
3
S xc thc:
Qu trnh sinh cp kha KP, KR l d trn phng din tnh ton;

Qu trnh m ha bn tin bng kha cng khai KP bn gi l d:
Y = EKP(M);
Qu trnh gii m ra vn bn r khi bit kha ring KR v bn tin mt Y
l d:
M = DKR(Y);
i vi thm m, nu ch bit KP s rt kh trn phng din tnh ton
tnh ra KR;
i vi thm m, nu ch bit KP v bn tin mt Y s rt kh trn
phng din tnh ton tnh ra bn tin r M;
Nguyn l i xng: qu trnh m ha gii m c th p dng theo
hai chiu: M = DKP[EKR(M)]
Cc hm mt chiu v hm by mt chiu
Cc hm mt chiu
nh x t min xc nh vo min gi tr sao cho c hm

ngc duy nht;
iu kin mt chiu: thc hin hm thun d; thc hin
hm ngc kh trn phng din tnh ton
Y = f(X) thc hin d trn phng din tnh ton;

X = f -1(Y) thc hin kh trn phng din tnh ton
13
8
23
Hm by mt chiu
13
9
nh x t min xc nh vo min gi tr sao cho c hm

ngc duy nht;
iu kin: thc hin hm thun d; thc hin hm ngc
kh trn phng din tnh ton nu khng c thm thng
tin b tr;
Y = fK(X) thc hin d trn phng din tnh ton nu
bit K v X;
X = fK-1(Y) thc hin kh trn phng din tnh ton nu
khng bit K;
X = fK-1(Y) thc hin d trn phng din tnh ton nu
bit K;
Xut x
RSA do Ron Rivest, Adi Shamir v Len Adlenman

pht minh nm 1977;
H thng m kho cng khai ph bin v a nng:
c s dng trong cc ng dng m ha/gii m;

Chng thc;
Phn phi v trao i kho.
14
2
S thut ton RSA
S thut ton RSA
Thut ton RSA:
14
3
Bn gi k bng kha ring.

Bn nhn xc thc ch k bng kha cng khai ca bn gi.
S thut ton RSA
S thut ton
Thm m RSA
C s l thuyt s
14
1
Bn gi m ha bng kha cng khai ca bn nhn;

Bn nhn gii m bng kha ring.
ng dng trong phn phi kha(RSA, Diffie-Helman):

duy tr knh mt phn phi kha i xng bng c s
m mt cng khai;
ng dng trong ch k s (RSA, DSS):
14
0
ng dng trong mt m m ha, gii m (RSA):
Thut ton m ho cng khai RSA
Cc ng dng ca h mt kha cng khai
Phng php m ha khi;

Vn bn r v vn bn mt l cc s nguyn c gi tr
t 0 n n-1, n s nguyn ln;
Mi khi c gi tr nh hn n.
Kch thc ca khi (s bt) nh hn hoc bng log 2(n).
Thc t, kch thc ca khi l k bit vi
2k < n 2k+1.
14
4
Cp kha: (e, d)
M ho
Bn r
M<n
M mt
C = Me mod n
Gii m
M mt
Bn r
M = Cd mod n =
(Me)d mod n
24
S thut ton RSA
S thut ton RSA
Bn gi v bn nhn phi bit s n.

Bn gi bit kha cng khai l cp (e, n).
Bn nhn c kha ring l cp (d, n).
Cc yu cu:
To kho
C th tm c cc s e, d, n sao cho:
Med = M mod n M < n.
Thc hin tnh Me v Cd mt cch n gin M < n.
Khng th xc nh c d nu bit e v n
14
5
Tm cc s e, d sao cho:
Med=M mod n
H qu ca nh l Euler: cho p v q l s nguyn t,
n v m l hai s nguyn sao cho: n=pq v 0 < m < n,
k l s nguyn bt k. ng thc sau nghim ng:
mk(n)+1=mk(p-1)(q-1)+1m mod n
Nh vy: ed = k(n)+1, tc l:
ed 1 mod (n) hay d e-1 mod (n) c ngha l
gcd((n), d) = 1 v gcd((n), e) = 1
14
6
S thut ton RSA
S thut ton RSA
S to kha RSA
V d
p = 7, q = 17
n = pq = 119; (n)=(p-1)(q-1)=96
Chn e nguyn t cng nhau vi (n), nh hn (n),
Tm d: de-1 mod (n)
14
7
d=77 => cp kha: e=(5, 119); d=(77, 119)
14
8
S thut ton RSA
S thut ton RSA
M ho v gii m
bi 0
bi 0
Xc nh 2 s nguyn t p v q. trnh tn cng vt cn, p v q

phi ln.
Xc nh e v d
- Xc
2i

i
a m a bi 0 a 2
bi 0
Cc bc quan trng trong to kha:
Biu din nh phn ca m =bkbk-1b0=bi02i

Do :
a m mod n a 2 mod n a 2 mod n
Sinh kho
Vn trong thut ton m ho v gii m RSA l vic thc hin php

ton lu tha v php ton ng d vi s nguyn ln.
Gii quyt da trn tnh cht ca php ton moun:
[(a mod n) x (b mod n)] mod n = (a x b) mod n
Tnh am vi m ln.
14
9
Chn e = 5;
15
0
nh s nguyn t p, q (s dng thut ton Miller Rabin)

1. Chn mt s nguyn l n ngu nhin (s dng b sinh s
gi ngu nhin).
2. Chn mt s nguyn a < n ngu nhin.
3. Thc hin thut ton xc sut kim tra s nguyn t.
Nu n test thnh cng th loi b gi tr n v quay li bc 1.
4. Nu n test thnh cng vi s lng test , chp nhn n;
mt khc, quay li bc 2.
- Chn e v tnh d t e v (n) (s dng thut ton Euclid)
25
Qun l kha trong s mt m kha

cng khai
Thm m RSA
Tn cng vt cn: th vt cn ton b khng

gian kha ring.
Tn cng ton hc: thc hin bi ton phn
tch s nguyn thnh tch hai s nguyn t.
Tn cng da vo thi gian: da vo thi
gian thc hin thut ton gii m.
15
1
Cc m hnh qun l kha
Bi ton phn phi kha: tp trung xy dng knh

mt phn phi kha phin b mt.
Hai hng s dng mt m kha cng khai:
Phn phi kha cng khai;

S dng m ha kha cng khai phn phi kha
phin
15
2
Phn phi kha cng khai
Cc m hnh
Cng b cng khai

Cng b th mc cng khai
Trung tm y quyn kha cng khai
Chng th kha cng khai
Cng b cng khai
Cc bn tham gia trao i thng tin t cng b

kha cng khai;
im mnh: n gin.
im yu:
Mt ngi th 3 c th gi mo kha cng khai;
15
3
15
4
Qun l th mc kha cng khai
C bn th ba C c y quyn qun l kha cng khai;

Bn th ba C to cho mi bn tham gia trao i thng tin mt
th mc lu tr kha;
Cc bn ng k v gi kha cng khai ti C. Qu trnh ng
k c th thc hin trn knh bo mt.
Cc bn c th thay th kha cng khai theo nhu cu
Bn C nh k cng b ton b th mc kha hoc

cp nht;
Cc bn c th truy cp th mc kha qua cc knh
bo mt.
Khi s dng kha nhiu ln m ha lng d liu ln;

Khi kha ring cn phi thay th
Vn xc thc i vi bn th ba C.
im yu:
Nu thm m bit c kha ring ca C
15
5
Bn C gi mo bn nhn tin B, gi kha cng khai ca

mnh KPC cho A;
A m ha cc bn tin gi cho B bng kha KPC ca C;
B khng c c bn tin A gi
C c th c c bn tin A gi B
Ton b cc kha cng khai c lu tr c th b gi mo.

C th nghe trm cc thng ip do cc bn trao i .
15
6
26
y quyn kha cng khai
15
7
A gi yu cu kha cng khai ca B ti PKA: Request||T1

PKA gi li A: EKRpka(KPB|| Request||T1)
A gi B: EKPB(IDA||N1)
B gi yu cu kha cng khai ca A ti PKA: Request||T2
PKA gi li B: EKRpka(KPA|| Request||T2)
B gi A: EKPA(N1||N2)
A gi B: EKPB(N2)
Phn phi kha mt i xng s dng

m ha cng khai
16
0
A gi B: KPA || IDA
B to kha phin Ks v gi li A: EKPA(KS)
S km xc thc
Nguyn l trao i kha Diffie-Hellman
16
1
S n gin:
Cc bn gi kha cng khai ti CA chng thc;

Nhn chng th s t CA km thi gian hiu lc;
Cc bn xut trnh chng th s trong cc giao dch;
15
9
PKA l nt tht c chai ca h thng.

Cc bn phi truy cp PKA mi khi cn kha cng khai;
PKA l im yu ca ton b h thng do s giao dch ln.
15
8
Trung tm cp pht chng th s CA;

Ch cn xc nhn kha cng khai mt ln;
Khng cn truy cp CA mi khi cn kha cng khai;
Kha cng khai s do cc bn t qun l;
S hot ng:
An ton hn;
Kt hp xc thc hai bn;
Nhc im
Chng ch kha cng khai
S lng giao dch tng;

Bn giao dch u s dng t v kha cng khai c th lu tr
dng trong cc ln sau;
nh k cc bn phi cp nht cc phin bn kha cng khai
mi.
u im:
Phn tch:
Bn th ba c y quyn PKA tham gia lu gi kha;

Cc bn A, B bit kha cng khai ca PKA;
Cc bc lm vic:
A gi B: EKPB(N1||IDA)
B gi A: EKPA(N1||N2)
A gi B: EKPB(N2)
A gi B: EKPB(EKRA(KS))
Nguyn l trao i kha Diffie-Helman
c Diffie-Hellman a ra vo 1976
L s kt hp ca hai m hnh xc thc v
mt ca h KCK
Vic sinh ra cc cp kho l hon ton khc
nhau i vi ngi s dng
S dng c ch trao i kho trc tip
khng qua trung gian xc thc
S dng p dng cho cc ng dng c

mt cao bng phng php trao i kho
(key exchange)
Nguyn tc: hai ngi s dng c th trao
i mt kho an ton - c dng m
ho cc tin nhn;
Thut ton t gii hn ch dng cho cc ng
dng s dng k thut trao i kho;
16
2
27
C s hnh thnh thut ton
Nguyn tc ton hc :
Thut ton trao i kho
m l mt s nguyn t:
y=ai mod m l bi ton d;
Bi ton ngc l bi ton kh. c bit vi m ln.
Da trn php tnh logarit ri rc
16
3
16
4
Tnh bo mt ca h mt
H mt v thm m
Thm m c sn cc thng tin :p,a,Yi,Yj

c th gii c K ,X bt buc thm m
phi s dng thut ton logarit ri rc : rt
kh nu p ln
V th nn chn p cng ln cng tt : nh th
th vic tnh ton ra X coi nh khng th
16
5
Thm m c th tn cng vo cc thng tin : p

,a,Yj,Yj
V s dng thut ton ri rc tnh ra X, sau
tnh ra K
Quan trng nht l phc tp ca thut ton
logarit ph thuc vo chn s nguyn t p
Tn cng man in the middle
16
6
Lnh vc ng dng
Bi ton xc thc
T qu trnh thut ton hn ch ng dng

ch s dng cho qu trnh trao i kho mt l
ch yu
S dng trong ch k in t.
Cc ng dng i hi xc thc ngi s dng.
16
7
28
Ni dung
Bi ton xc thc.
L thuyt xc thc Simmons
Cc phng php xc thc thng ip
Bi ton xc thc
im li cc dng tn cng
Tn cng vo tnh ring t:
M xc thc thng ip
Hm bm
Ch k s
16
9
Gii mt: gii mt ni dung thng ip.

Phn tch lung truyn ti: xc nh mu thng ip, xc nh
tn sut trao i thng ip, nh v, xc nh chc nng trm.
Dng tn cng th ng.
Mc ch: ngn chn bng m mt.
17
0
Bi ton xc thc
Bi ton xc thc
Tn cng vo tnh xc thc:
17
1
Tr hnh: a ra cc thng ip vo h thng vi tn gi mo.

Thay i ni dung thng ip: ph hu tnh ton vn.
Thay i trnh t trao i thng ip: tn cng vo giao thc.
Thay i theo tin trnh thi gian: lm tr hoc pht li thng
ip.
T chi dch v: t chi gi hoc nhn thng ip: s dng
ch k in t.
Xc thc:
Xc thc cc bn trao i thng ip.
Lm r ngun gc thng ip.
Xc nh tnh ton vn thng ip.
Chng ph nhn.
Xc thc ch th tham gia vo trao i thng tin

Thng ip c ngun gc;
Ni dung thng ip ton vn, khng b thay i trong qu trnh
truyn tin (xc thc ni dung thng ip);
Thng ip c gi ng trnh t v thi im (xc thc phin);
Mc ch ca bi ton xc thc:
Chng li cc tn cng ch ng:
M ho thng ip;
S dng m xc thc thng ip;
S dng hm bm;
Bi ton xc thc
Cc dng hm xc thc:
Cc c ch xc thc c thc hin trn hai mc:
Mc thp: trong h thng phi c cc hm chc nng cho

php kim tra tnh xc thc ca ch th v thng ip:
Hm to cc gi tr c trng xc thc ch th v thng ip.
Mc cao:
Chng gi mo;
Thay i ni dung d liu;
Thay i trnh t trao i thng tin (hot ng ca cc giao thc).
Cc phng php xc thc thng ip:
17
2
Cc hm xc thc
Cc tiu chun xc thc
Bi ton xc thc
17
3
Cc yu cu ca bi ton xc thc
S dng cc hm xc thc trong cc giao thc xc thc.

Cho php thm nh tnh xc thc ca ch th v thng ip.
M ho thng ip: s dng hm m ho xc thc

da vo vic s hu kho b mt.
M xc thc thng ip: to ra m xc thc thng ip
di c nh bng phng php m ho.
Hm bm xc thc thng ip: to m bm ca thng
ip vi di c nh.
Ch k s: to du hiu c trng xc nh duy nht
ch th.
17
4
29
Xc thc v xc thc hon ho
Khi nim xc thc, xc thc hon ho.

L thuyt xc thc.
Din gii l thuyt xc thc.
Vn gi mo v xc thc
17
5
17
6
S dng phng php mt m kho i xng
Thng ip gi t ng ngun v ch c ngi gi bit

kho b mt dng chung
Ni dung khng th b thay i v vn bn r c cu
trc nht nh
Cc gi tin c nh s th t v c m ho nn
khng th thay i trnh t v thi im nhn c
S dng phng php mt m kho cng khai
Khng ch xc thc thng ip m cn to ch k s

Phc tp v mt thi gian hn m ho i xng
17
7
17
8
Xc thc dng m xc thc thng ip

(MAC - checksum)
ch
Y
K
i phng to ra bn tin gi mo c xc thc Y v gi ti bn

nhn tin.
Bn nhn tin phi kim tra tnh xc thc ca thng ip m nhn
c.
Gi thit h xc thc: h xc thc da trn kho K c s

dng mt ln to ra bn tin c xc thc Y.
Dng m xc thc thng ip (MAC Message

Authentication Code)
L khi c kch thc nh c nh gn vo
thng ip to ra t thng ip v kha b
mt chung
Bn nhn thc hin cng gii thut trn thng
ip v kho so xem MAC c chnh xc
khng
Gii thut to MAC ging gii thut m ha
nhng khng cn gii m

(MAC - checksum)
MAC = CK(M)
Gii m

(MAC - checksum)
Xc thc bng cch m ho
17
9
M ho
Vn : tn ti
hay khng phng
Y
php xc thc hon
Thm m
ho chng li gi mo !?
Cc kch bn tn cng vo h xc thc:
M: l bn tin
K: l kho mt c chia s ch bi ngi gi v
ngi nhn;
CK(M): l mt hm xc thc, cho kt qu l mt
xu k t c di c nh;
C th c nhiu thng ip c cng chung

MAC
Nhng nu bit 1 thng ip v MAC, rt kh tm ra

mt thng ip khc cng MAC
Cc thng ip c cng xc sut to ra MAC
p ng 3 tiu chun xc thc
18
0
30
M ho bn tin v cch tn cng

ca i phng
M ho bn tin
M ho bn tin v cch tn cng

ca i phng
i xng
Khng i xng
Pi = DKi (C) cho tt c kho Ki

n khi Pi khp vi bn r P (Plaintext)
i vi CheckSum
th cho kho k bit
18
1
i phng bit bn mt C (Ciphertext)
S an ton ca thut ton ph thuc di

bit ca kho
Vi 1 ln tn cng
2k ln
V d tn cng
MAC n bit 2n CheckSum to ra

N bn tin p dng (N>>2n)
Kha K bit 2k kha to ra
18
2
V d tn cng vo MAC
V d tn cng vo MAC
Gi s: size(K) > size (MAC) (k>n)

Match (so khp): l bn Mi to ra gn khp
v bn M1
Dng cch tn cng vt cn
(brute-force)
Tn cng MAC bng cch lp li:
Vng 1:
Vng 2:
18
3
18
4
V d tn cng vo MAC
Nu k = a*n mt a vng tm ra
Nu k < n th ngay vng 1 to ra lun s so khp.
V d
Nu mt kho kch thc k=80 bit
CheckSum kch thc l n=32 bit
Th vng 1 s to ra khong 248 kha Vng 2 s thu
hp xung cn 216 kha
Vng 3 s to ch 1 kho n, v chnh l kho c
dng bi ngi gi.
Cho: M2, MAC2 = CK (M2)

Tnh Mi = CKi (MAC2) cho kho cn li.
S cch so khp to ra 2k-2n
V d tn cng vo MAC
Kt qu:
Cho: M1, MAC1 = CK (M1)

Tnh: Mi = CKi(MAC1) cho tt c kho
S cc so khp to ra 2k-n
Tn ti kh nng c nhiu kho tho mn

vic so khp
i phng c th thc hin cng mt
kim tra trn mt cp(bntin,CheckSum)
mi.
18
5
18
6
31

(MAC - checksum)

(MAC - checksum)
Ch cn xc thc, khng cn m ho tn thi gian v

ti nguyn
Tch ring bo mt v xc thc s khin t chc

linh hot hn
Cn m bo tnh ton vn ca d liu trong sut

thi gian tn ti, khng ch trong lc lu chuyn
18
7
Chng hn mi chc nng 1 tng ring
V thng ip c th b thay i sau khi gii m
18
8
Xc thc dng hm bm
Cc yu cu i vi hm bm
To ra hm bm c kch thc xc nh t thng ip

u vo(khng cn kho): h=H(M)
Hm bm khng cn gi b mt
Gi tr bm gn km vi thng ip m bo tnh
ton vn ca thng ip
Bt k mt s thay i nh no trong thng ip M
cng to ra s thay i trong m bm h
18
9
C th p dng vi thng ip M vi di bt k
To ra gi tr bm h c di c nh
H(M) d dng tnh c vi bt k M no
T h rt kh tm c M sao cho h=H(M): tnh mt
chiu
T M1 rt kh tm c M2 sao cho H(M1)=H(M2)
Rt kh tm c cp (M1,M2) sao cho
H(M1)=H(M2)
19
0
Cc yu cu i vi hm bm
Cc yu cu i vi hm bm
c im 4 l c im 1 chiu (one way). N to ra 1 m cho bn tin nhng

khng th to ra 1 bn tin cho 1 m
c im 5 m bo:
19
1
Thng ip h thng
Chng trnh my tnh
1 bn tin thay th khi b bm khng cng gi tr

bm vi bn tin cho l
Bo v li s gi mo khi s dng 1 m bm
c m ha.
Mt hm bm m tho mn cc c im t
15 trong danh sch trn th vn b coi l 1
hm bm km. Nu c im 6 c tho
mn, n mi c coi l mt hm bm tt.
c im 6 bo v bn tin khi mt lp cc tn
cng tinh vi nh tn cng ngy sinh (birthday
attack).
19
2
32
Xc thc dng hm bm
19
3
Xc thc dng hm bm
19
4
Cc hm bm n gin
So snh MAC v Hash
Tng t hm MAC nhng gi l hash

khng kho, MAC l hash c kho
Nguyn tc hot ng chung:
19
5
19
6
Hm bm XOR
Hm bm XOR
Thc hin php XOR bit-by-bit

C th biu din nh sau:
19
7
Input: file, message.. c chia thnh chui cc

block n bit
X l u vo: mi block c x l ti 1 thi
im v lp li vi cc block khc to ra 1 gi
tr bm n bit
Ci = bi1 bi2 bim

Trong :
Ci : bit th i ca m bm (i=1..n)
m: S Block n-bit ca Input
bij : bt th i ca Block j
: php ton XOR bit
19
8
Minh ha:
Bit 1
Bit 2
Bit n
Block 1
B11
B21
Bn1
Block 2
B12
B22
Bn2
..
..
Block m
B1m
B2m
Bnm
Hash Code
C1
C2
Cn
33
Hm bm RXOR
SHA-1 (Secure Hash Algorithm -1)
Thc hin: Xoay i mt bit ri thc hin

php XOR tng tnh ngu nhin
S :
Khi to n bit ca gi tr bm bng 0

X l mi block n-bit thnh cng l nh sau:
Xoay gi tr bm hin ti sang tri 1 bit

XOR block vi gi tr bm
19
9
y l mt hm bm 1 chiu
Cc phin bn
SHA-0: Cng b nm 1993

SHA-1:
SHA-2: Bao gm tp hp SHA-224, SHA-256,
SHA-384, v SHA-512
Chng c dng bi chnh ph M
20
0
S hot ng
SHA-1
c im ca hm:
Input: u vo message c size < 264
Ra: 1 Digest di 160 bit

Bo mt:
Chia thnh cc Block c size = 512 bit
Khng tnh ton ra c thng ip vi 1 Digest cho

Khng c 2 thng ip cng to ra 1 Digest
20
1
20
2
Ch k s
Mt s kt qu test
Mt s gi tr digest ca SHA-1:
SHA1("The quick brown fox jumps over the lazy dog") ==

"2fd4e1c67a2d28fced849ee1bb76e7391b93eb12"
SHA1("The quick brown fox jumps over the lazy cog") ==
"de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3"
SHA1("") ==
"da39a3ee5e6b4b0d3255bfef95601890afd80709 "
Yu
cu
loi
To v chng thc ch k
Digital Certificate
Phn
20
3
34
Yu cu
Phn loi
Da trn thng ip
S dng thng tin duy nht thuc v ngi
gi chng gi mo
D kim tra v nhn dng
Phi khng th tnh ton gi mo c
tho mn cc yu cu trn, ngi ta
thng s dng hm bm.
20
5
Ch k trc tip
Ch k phn x
20
6
Ch k trc tip
Ch k phn x
Ch bao gm cc thnh phn truyn thng

C th c to ra :
Hot ng chung :
M ho ton b bn tin vi kho ring ca ngi gi

M ho m bm ca bn tin vi kho ring ca ngi
gi
Tnh hp l ca ch k ph thuc vo vic

bo mt kho ring ca ngi gi.
20
7
Mi bn tin c gi t X n Y phi thng qua A,

kim tra ngun gc v ni dung ca n
Bn tin c ghi li thi gian ri c gi n B + 1
thng ip c m bo bi A.
S c mt ca A gii quyt vn : X c th ph nhn
bn tin ny
20
8
To ch k
20
9
Thng c phn lm 2 loi:
Chng thc ch k
21
0
35
Digital Certificate
21
1
chng thc c ch k in t bt buc

ngi nhn phi c kho chung ca ngi
gi.
Bn cht cp kho ny khng lin h vi
thuc tnh ca ngi s dng cn c c
ch lin kt chng vi ngi dng cc
certificate
Cc Certificate c CA cung cp
Cc thng tin trong Certificate
21
2
To Certificate
Cu trc phn cp ca CA
Cc Certificate c
to ra cn chng
thc cho bn thn n
Cc CA c cu trc
phn cp
Minh ho qu trnh to
Certificate cho CA gc
v CA mc thp hn
21
3
21
4
Xc thc chui Certificate
Cc giao thc xc thc
21
5
Phin bn
S serial
Nh cung cp Certifficate
Ngi gi Certificate
Thi gian hp php ca Certificate
Cc thuc tnh
Ch k s ca nh cung cp
Kho cng khai ca ngi s hu Certificate
Thut ton bm dng to ch k.
Xc thc hai bn
Cc phng php m ho c in
Phng php m ho kho cng khai
21
6
36
Xc thc hai bn
Phng php chng replay
Ti y, chng ta ch xem xt vn qun l

phn phi kho
Tn ti 2 vn :
Tnh tin cy : ngn chn hin tng gi mo v tn cng

vo kho phin
Xc nh thi im: chng li kiu tn cng replay
21
7
2 phng php:
Timestamp: gn 1 timestamp vo bn tin --> yu cu
ng b
Challenge/Response: A s gi n B 1 nonce v i tr
li ca B. Nu c cha gi tr nonce chnh xc th mi
bt u gi bn tin
21
8
nh gi 2 phng php
Timestamp: khng p dng cho cc ng dng

hng kt ni
Yu cu ng b gia cc tin trnh ng h

C hi tn cng thnh cng s tng ln nu c 1 khong
thi gian khng ng b
Tnh lun thay i v khng d on trc c ca cc
tr trong mng
Challenge/Response: khng p dng cho cc

ng dng khng hng kt ni
21
9
Phng php m ho c in
Yu cu bt tay trc khi truyn thng khng kt ni

Phng php tt nht: to s ng b gia ng h mi
bn
22
0
S dng 1 trung tm phn phi kho tin

cy(KDC)
Mi bn chia s 1 kho mt vi KDC:kho
chnh
KDC s sinh ra cc kho phin: s dng1
trn kt ni gia 2 bn
KDC cn chu trch nhim phn phi cc
kho phin s dng kho chnh bo v
qu trnh phn phi kho
M ho kho cng khai
Phng php ny m bo l mi bn u lu
tr kho cng khai hin thi ca bn cn li
Tt c cc phng php trn vn tn ti
nhng im thiu st
C nhiu phng php:
22
1
nh du thng tin vo d liu
Denny
Woo v Law
22
2
37
Mc lc
I.Gii thiu chung
I.Gii thiu chung

II.Cc vn k thut
III.Thut ton Watermark
22
3
22
4
1. Lch s ra i
2.Phn loi Watermarking
Xut pht t ngh lm giy ca Trung Quc

Yu cu v bn quyn trong th gii k thut s.
Watermark l mt qu trnh nhng d liu c gi
l watermark hay ch k s hay label vo mt i
tng a phng tin v do watermark c th
c pht hin hoc trch ra sau nhm gip a
ra cc xc thc v i tng
22
5
Theo i tng s: audio, text, video, image

Theo min biu din i tng: spatial
domain, frequency domain
Theo quan im ng dng: source base v
destionation base
Theo cc phn loi khc: visible watermark
v invisble watermark
22
6
3. ng dng
3. ng dng
Bo v bn quyn:
-dng watermark nhn
din ngi gi bn quyn.
-dng watermark nhn
din khch hng, kim
sot lu hnh hng ho.
22
7
1.Lch s ra i
2.Phn loi
3. ng dng
Chng thc nh v tnh

ton vn d liu
-nh s rt d b sa cha bng

cc cng c ho cao cp
-sa cha nh cng c th ph
hu hoc thay i vic nhn
din mt watermark
22
8
38
3. ng dng
3. ng dng
Watermark cc i tng s:
-text, image, audio, video.
-nhn din cho cc cu trc d liu kiu nh protein trong ho sinh
Che giu d liu v nh nhn nh

-nhng c lng thng tin ln nht khng nhn thy c vo
trong mt nh gc
-yu cu v tnh chu li thng l thp trong watermark
22
9
23
0
1.Cc phase c bn ca mt thut

ton watermarking
II.Cc vn k thut
1.Cc phase c bn
2.Cc kiu tn cng
3.So snh watermark vi m mt
4.So snh watermark vi nn nh
-pha nhng
watermark.
-pha phn
phi
watermark.
-pha trch dn
watermark.
-pha quyt
nh.
23
1
23
2
1.2.Phase phn phi
1.1.Phase nhng watermark
23
3
23
4
39
1.3.Phase trch dn
23
5
1.4.Phase quyt nh
o tng i gia
nh gc W v nh
c trch dn W*
Nu o trn ln hn
ngng th coi nh
ch k c xc
thc
23
6
2.Cc kiu tn cng v yu cu
2.Cc kiu tn cng v yu cu
Cc kiu tn cng:
-Nn mt mt thng tin
-Mo hnh hc
-Cc php x l tn hiu ni chung
-Cc kiu tn cng khc
Cc yu cu:
-Kh nng n hin ca du
-Kh chu li
-Chng gi mo
-Bit rate
-Sa i v sao chp watermark
23
7
23
8
4.So snh watermarking vi nn

nh
3.So snh watermark vi m mt
23
9
M mt yu cu gii m phi chnh xc cn

watermark ch yu cu t n mt ngng
no .
Watermark tng t nh m mt trong qu
trnh m ha.
nn khng mt mt thng tin khng lm nh hng n h

thng watermark th phng thc nn c mt mt thng tin s
gy ra mo cho watermark
mc tiu thit k ca h thng nn mt mt thng tin l i
nghch hn vi mc tiu ca watermarking
24
0
40

2012NetworkSecurity V3.3 SV

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2012NetworkSecurity V3.3 SV

Uploaded by

Copyright:

Available Formats

Ni dung

Nhp mn An ton thng tin mng

Cc h mt kha i xng (m ha i xng)

Nguyn Linh Giang.

1. Cc h mt kha cng khai.

W. Stallings Networks and Internetwork security

2. H tng kha cng khai PKI

Cu trc h tng fkha cng khai.

3. Bo mt cho mng IP. IPSec. Mng ring o VPN.

6. Pht hin xm nhp mng.

C s xy dng h mt kha cng khai

Cc c ch pht hin xm nhp mng.

7. Bo mt cho mng khng dy. Phn tch cc c trng

H tng kha cng khai PKI

Cc h thng pht hin xm nhp da trn du hiu;

Gia k v qu trnh: 30%

Thi ht mn: 70%

Lin h gio vin:

Bo mt cho web services;

Bi cnh bo mt thng tin:

Trc khi xut hin my tnh: Bo v thng tin, ti

Khi xut hin cc h phn tn v s dng mng

Khi xut hin my tnh - bo v thng tin in t:

Sao chp thng tin d dng

Truyn d liu gia ngi s dng v my tnh,

Khng c ranh gii r rt gia Computer Security

A truyn file cho B;

A v B trao i thng tin

Trao i thng ip:

Qun tr mng D gi thng ip

D gi danh sh NSD cho E

Danh sch NSD

Kch bn ging trng hp

D khng thng tin E

S phc tp trong bi ton Bo mt lin mng:

Khng tn ti phng php thch hp cho mi trng hp.

Cc c ch bo mt lun i i vi cc bin php i ph.

La chn nhng gii php thch hp vi tng ng cnh s

Dch v v c ch an ton an ninh

Dch v v c ch an ton an ninh

Ba kha cnh an ton an ninh thng tin:

Tn cng vo an ninh thng tin

Mi tc ng lm gim mc an ton an ninh thng tin

Dch v v c ch an ton an ninh

Dch v v c ch an ton an ninh

Cc dch v an ton an ninh thng tin:

Cc dch v lm tng cng mc an ton ca h

Cc dch v an ton an ninh.

Nhng vn ny sinh khi s dng d liu in t:

Chng li nhng tn cng thng tin v

Danh sch cc chc nng ton vn thng tin

Liscen and/or Certification

Authenticity-software and/or file

Chng thc vn bn vt l ph thuc vo cc thuc

Dch v v c ch an ton an ninh

Dch v v c ch an ton an ninh

Phn loi cc dch v an ton an ninh:

Bo mt ring t ( confidentiality ): m bo thng tin trong

Dch v v c ch an ton an ninh

Dch v v c ch an ton an ninh

Chng ph nh ( nonrepudiation ): yu cu ngi gi

Dch v v c ch an ton an ninh

Cc dng tn cng vo h thng