Professional Documents
Culture Documents
An ton v An ninh
thng tin Mng
I.
II.
I.
II.
Bi ton xc thc
III.
I.
II.
III.
IV.
C s bi ton xc thc
Xc thc thng ip
Ch k s v cc giao thc xc thc
Cc c ch xc thc trong cc h phn tn
Bo v cc dch v Internet
An ton an ninh h thng
IV.
V.
I.
II.
III.
IV.
V.
FireWall v Proxy
H thng pht hin v ngn chn xm nhp ( IDS )
L hng h thng
Case study Windows NT v Linux
Virus my tnh
Ni dung
Cc ch tiu lun
Ti liu mn hc:
Cc ch tiu lun
Cc c ch xc thc
Hm bm v hm m ha xc thc.
Cc giao thc xc thc.
Cc ch tiu lun
Cc c ch to ch k s. Giao thc ch k s.
Cc dch v ch k s.
Ch k m.
ng dng.
5. Ch k s.
Cc ch tiu lun
Cc ch tiu lun
8. Bo mt h thng, bo mt mng. Cc
chnh sch, cc chun. Phn tch i vi
Windows v Unix-Linux. Cc chnh sch an
ninh mng cho mng Cisco.
9. Bo v d liu a phng tin trong qu
trnh phn phi qua h thng mng m. Vn
bo mt, bo v bn quyn v kim sot s
dng d liu a phng tin.
Cc ch tiu lun
Cc ch tiu lun
10
nh gi
Chng I. Nhp mn
1.
im danh: 1/3.
2.
3.
11
4.
5.
Nhp mn
Cc dch v, c ch an ton an ninh thng tin v cc
dng tn cng vo h thng mng
Cc dng tn cng
Cc dch v an ton an ninh
Cc m hnh an ton an ninh mng
12
Nhp mn
Nhp mn
Cc c ch bo v;
Kho kho h s lu tr vn bn.
13
14
Nhp mn
Nhp mn
Mt s v d v vn
bo v an ton thng tin:
Truyn file:
C chn
gi thng
tin trao
i gia
A v B
15
16
Danh
sch
NSD
E
F chn gi
danh sch
NSD v
sa i
danh sch
Danh
sch
NSD
F gi
danh
sch sa
i n
cho E
Nhp mn
Nhp mn
Gi mo:
17
E
Danh sch gi
mo
F gi mo
D, gi
danh sch
mi n E
18
c th nh gi c nhng nhu cu v an
ton ca c quan mt cch hiu qu v c th tnh
ton v la chn nhng sn phm v chnh sch
an ninh, nh qun tr cn c nhng phng php
c tnh h thng lm c s xc nh nhng yu
cu an ton an ninh cng nh c t c nhng
cch tip cn tha mn nhng yu cu . Mt
trong nhng phng hng l kho st ba kha
cnh ca an ton an ninh thng tin.
19
Cc c ch an ton an ninh
Cc c ch cho php:
20
21
22
Endorsement
Authorization
Access ( Egress )
Validation
Signature
Time of Occurrence
Witnessing ( notarization )
Concurrence
Vote
Liability
Ownership
Receipt
Registration
Certification of Origination
and/or receipt
Approval/Disapproval
Privacy ( secrecy )
23
Pht hin,
Ngn chn hoc
Khi phc h thng sau khi b tn cng;
24
25
Cc c ch an ton an ninh
Khng tn ti mt c ch duy nht c th cung cp
tt c cc dch v an ton an ninh v thc hin ht
mi chc nng ra.
Mt phn t c hu ht mi c ch bo mt s
dng: cc k thut mt m. Cc phng thc
truyn ti v lu tr thng tin da trn mt m l
c ch ph bin cung cp s an ton thng tin.
26
Cc dng tn cng.
28
29
27
Ngi khng c u
quyn c gng truy cp
ti thng tin.
Dng tn cng vo tnh
ring t ca thng tin (
confidentiality ).
V d: sao chp tri
php thng tin.
Sa i thng tin (
modification ):
30
Tn cng th ng
Lm gi thng tin (
fabrication ).
Ngi khng c u
quyn a nhng thng tin
gi mo vo h thng.
Dng tn cng vo tnh xc
thc thng tin ( authencity
).
V d: a nhng thng
ip gi mo vo h thng,
thm nhng bn ghi mi
vo file.
Lung thng
tin b gi mo
31
Tn cng th ng
tng t hnh thc nghe
trm, theo di qu trnh
truyn tin.
Mc ch ca i
phng l thu c
nhng thng tin c
truyn ti.
Mi e da th ng
Phn tch ti
32
Tn cng th ng
Tn cng th ng
33
34
Tn cng ch ng
Dng tn cng ch
ng.
35
Dng tn cng th
ng.
Dng tn cng ch
ng bao gm: sa
cc dng d liu, a
nhng d liu gi, gi
danh, pht li, thay
i thng ip, ph
nhn dch v.
Tn cng ch ng
Mi e da ch ng
Gi mo thng tin
( tnh xc thc)
Sa i ni dung
( tnh ton vn)
36
Tn cng ch ng
Tn cng ch ng
37
38
39
i vi cc thng ip n l:
41
40
42
43
44
45
46
47
48
Ng-i u nhim
Thng ip
Cn
49
51
52
53
i ph-ng
Thng tin
mt
Thng ip
50
Thng tin
mt
Ng-i u nhim
54
i ph-ng
56
Chng II.
Cc phng php mt m kha i
xng
1.
2.
3.
4.
5.
6.
57
S m ha i xng
Mt m v thm m
58
S mt m kha i xng
S mt m kha i xng
59
Cc ti nguyn
ca h thng:
D liu;
Cc qu trnh
,ng dng;
Cc phn mm;...
Con ng-i
Phn mm
55
Cng
bo v
X*
Thm m
Ngun thng
ip
Khi m ha
Kha
mt
60
K*
Khi gii m
Ngun thng
ip
Knh mt
10
Tp hp thng ip ca ngun:
Cc xu k t X = { X1, X2, ..., XM };
Thng ip: xu k t di m:
Xi = [ xi1, xi2, ..., xim ]
xik A; A bng k t ngun; thng thng A= {0, 1}
Mi thng ip Xi c mt xc sut xut hin P( X = Xi )
thuc tnh thng k ca ngun thng ip:
Kha mt m
61
62
M mt:
Qu trnh mt m v gii m:
Qu trnh m ha:
Y = EK ( X )
Y = EK,R( X )
Qu trnh gii m:
X = DK( Y ) = DK ( EK,R( X ) )
63
64
Pha tn cng
Mt m
65
66
11
Phng
67
68
Thm m
Qu trnh xc nh X hoc K hoc c hai t pha th
ba gi l thm m ( cryptanalyst )
Chin lc c nh thm m s dng ph thuc
vo bn cht ca s m ho v nhng thng tin
do anh ta nm c.
Cc dng thm m: Cc dng tn cng vo thng
ip c m ho.
69
70
Nu i phng bt c mt s vn bn gc v vn bn m ha tng
ng ( known plaintext attack ). Nh phn tch bit:
71
thc m vn bn ban u c x l:
72
12
c cc thut ton m ha yu s b ph
i vi loi tn cng ch dng vn bn mt.
Cc thut ton m ha c thit k
chng dng tn cng vi vn bn gc bit (
known plaintext attack ).
73
74
75
76
77
Mt s phng php m ha i
xng kinh in
M Caesar
Cc k t ch ci c gn gi tr ( a = 1, b = 2, ... )
K t ca vn bn gc ( plaintext ) p c thay th bng
k t ca vn bn m mt ( ciphertext ) C theo lut m
ho sau:
C = E( p ) = ( p + k ) mod ( 26 )
Trong k nhn cc gi tr t 1 n 25.
Trong phng php ny, k chnh l kho mt m.
78
13
Mt s phng php m ha i
xng kinh in
Mt s phng php m ha i
xng kinh in
Qu trnh gii m:
p = D( C ) = ( C k ) mod ( 26 )
Phng php ph m: mt cch n gin: dng cc kho k t
1 n 25 gii m cho n khi nhn c thng ip c
ngha.
Cc vn ca m Caesar:
M mt Hill
79
Thut ton m ho
Mi k t c gn gi tr s: a = 0, b = 1, ..., z = 25
La chn m k t lin tip ca vn bn gc;
Thay th cc k t la chn bng m k t m mt.
Vic thay th k t c thc hin bng m phng trnh
tuyn tnh.
H phng trnh m ha:
C = KP ( mod 26 )
K- ma trn kha
Thut ton gii m
P = K-1C ( mod 26 )
80
Mt s phng php m ha i
xng kinh in
Mt s phng php m ha i
xng kinh in
C1 k11 k12
C2 k 21 k 22
C k
3 31 k32
k13 p1
k 23 p2
k33 p3
17 17 5
K 21 18 21
2 2 19
Xu k t: paymoremoney s c m ho thnh
LNSHDLEWMTRW
pay (15, 0, 24 ); K( 15, 0, 24 )T mod 26 = ( 11, 13, 18) LNS
C = KP
81
82
Mt s phng php m ha i
xng kinh in
Mt s phng php m ha i
xng kinh in
H m Hill:
Cc php ton thc hin theo modulo 26
C E K (P) KP
1
1
P D K (C) K C K KP P
83
Mc an ton ca h m Hill
4 9 15
K -1 15 17 6
24 0 17
84
14
Mt s phng php m ha i
xng kinh in
Mt s phng php m ha i
xng kinh in
Ta c Y = XK K = X-1Y.
V d: vn bn gc: friday c m ho bng m mt
Hill 2 x 2 thnh PQCFKU.
H thng Vernam.
chng li qu trnh thm m, cn la chn kho tho mn:
Ta c: K( 5 17 ) = ( 15 16 ); K( 8 3 ) = ( 2 5 ); K( 0 24 ) = ( 10
20 )
Vi hai cp ban u ta c :
H m mt Vernam:
15 16 5 17
K
2 5 8 3
5 17 15 16 9 1 15 16 7 19
K
8 3 2 5 2 15 2 5 8 3
85
86
Mt s phng php m ha i
xng kinh in
L thuyt h mt ca Shannon
87
Ngun thng
ip
Thut ton m
ha
K
Ngun to s R
ngu nhin
Thm m
X*
K*
Ngun thng
ip
Knh mt
Kha
mt
88
L thuyt h mt ca Shannon
L thuyt h mt ca Shannon
89
Kho c di bng vn bn r.
Kha c chn sao cho kho v vn bn gc c lp thng k.
90
15
L thuyt h mt ca Shannon
L thuyt h mt ca Shannon
i phng ch bit c vn bn m mt Y.
S bo mt tuyt i: Vn bn gc X c lp
thng k vi vn bn m Y.
P( X = x | Y = y ) = P( X = x )
i vi mi vn bn gc: X = [ x1, x2, ..., xM ] v vn bn
m ho Y.
92
L thuyt h mt ca Shannon
L thuyt h mt ca Shannon
V d: h m Vernam
93
nh l: i vi h mt hon ho
H( X ) = H( X | Y ) H( K )
Nu bng k t gc v bng k t m c cng s k t: LX = LK
( trong trng hp m s dng mt ln one time pad ) v vn
bn gc hon ton ngu nhin, gii hn Shannon v tnh mt
hon ho s tr thnh:
lM
di ca kha t nht phi bng di ca vn bn gc
m bo tnh mt tuyt i.
94
L thuyt h mt ca Shannon
L thuyt h mt ca Shannon
H (K )
r log Ly
r 1
H(X )
N log Ly
Hm
95
91
96
16
Vn bn gc X, vn bn m mt Y l cc chui nh phn
di 64 bit.
Kha K c di 56 bit.
Tng khi 64 bit c m ha c lp s dng chung mt
kha.
97
98
S- DES
(Simplified data encryption standard)
ENCRYPTION
8-bit plaintext
8-bit plaintext
10-bit key
P10
fk
10
0
K2
-1
8-bit ciphertext
K2
fk
IP-1
8-bit ciphertext
10
1
fk
SW
P8
fk
IP
K1
SW
99
K1
Shift
IP
P8
Shift
IP
10
2
17
Cc hm sinh kho:
10-bit ke y
P10
5
LS-1
LS-1
P8
LS-2
LS-2
5
8
10
3
5
P8
10
4
M ho S-DES:
Hm fk:
8-bit plaintext
Hm IP v hm IP-1:
+
IP
fk
E/P
S0
8
+
K1
4
S0
2
P4
4
10
5
10
6
+
4
E/P(expension/permutation):
10
7
10
8
18
Hon v P4
Vi 4 bit u vo l (b1,b2,b3,b4);
b1
10
9
11
0
Hm SW
11
1
11
2
11
3
t vn :
Trong k thut mt m truyn thng, hai pha tham gia
vo truyn tin phi chia s kho mt kho phi
c m bo b mt : phi duy tr c knh mt
phn phi kha.
Mc an ton ca bt k h mt s ph thuc vo k
thut phn phi kho.
Phn cp kho:
11
4
19
D liu
Bo v bng
mt m
D liu
-c m
ho
Bo v bng
mt m
Kho chnh
D liu
Bo v khng
bng mt m
11
5
11
6
11
7
11
8
11
9
12
0
20
(1)Yu cu || N1
Bn khi
to lin kt
A
Cc b-c
xc thc
Bn nhn
lin kt B
(4) EKs[N2]
12
2
12
1
Trung tm
phn phi
kha KDC
(1)Yu cu || N1
Bn khi
to lin kt
A
Bn nhn
lin kt B
(2)EMKm[Ks || Yu cu || IDB || f(N1) || N2)]
12
3
12
4
H mt kha i xng
12
5
Kt chng
Thut ton;
H mt hon ho v h mt khng hon ho;
Qun tr v phn phi kha;
12
6
21
c im
12
7
12
8
Xut x:
Cc
12
9
13
0
Vn ch k in t: l du hiu c
trng xc thc cc bn trao i thng tin.
Ch
13
1
13
2
22
S m ho cng khai:
Vn bn r
M ha
M mt
Gii m
Kha ring ca A
Vn bn r
Vn bn r
13
4
Vn bn r
S m ho i xng
S m ho cng khai
Hot
ng
Bo mt
13
6
13
7
Gii m
13
5
M mt
m bo tnh xc thc
c im:
M ha
m bo tnh mt
Kha ring ca B
13
3
S xc thc:
Cc hm mt chiu v hm by mt chiu
Cc hm mt chiu
13
8
23
Hm by mt chiu
13
9
Xut x
14
2
14
3
S thut ton
Thm m RSA
C s l thuyt s
14
1
14
0
14
4
Cp kha: (e, d)
M ho
Bn r
M<n
M mt
C = Me mod n
Gii m
M mt
Bn r
M = Cd mod n =
(Me)d mod n
24
To kho
C th tm c cc s e, d, n sao cho:
Med = M mod n M < n.
Thc hin tnh Me v Cd mt cch n gin M < n.
Khng th xc nh c d nu bit e v n
14
5
Tm cc s e, d sao cho:
Med=M mod n
H qu ca nh l Euler: cho p v q l s nguyn t,
n v m l hai s nguyn sao cho: n=pq v 0 < m < n,
k l s nguyn bt k. ng thc sau nghim ng:
mk(n)+1=mk(p-1)(q-1)+1m mod n
Nh vy: ed = k(n)+1, tc l:
ed 1 mod (n) hay d e-1 mod (n) c ngha l
gcd((n), d) = 1 v gcd((n), e) = 1
14
6
S to kha RSA
V d
p = 7, q = 17
n = pq = 119; (n)=(p-1)(q-1)=96
Chn e nguyn t cng nhau vi (n), nh hn (n),
14
7
14
8
M ho v gii m
bi 0
bi 0
- Xc
2i
i
a m a bi 0 a 2
bi 0
Sinh kho
14
9
Chn e = 5;
15
0
25
Thm m RSA
15
1
15
2
Cc m hnh
15
3
15
4
Vn xc thc i vi bn th ba C.
im yu:
Nu thm m bit c kha ring ca C
15
5
15
6
26
15
7
16
0
A gi B: KPA || IDA
B to kha phin Ks v gi li A: EKPA(KS)
S km xc thc
16
1
S n gin:
15
9
15
8
An ton hn;
Kt hp xc thc hai bn;
Nhc im
u im:
Phn tch:
A gi B: EKPB(N1||IDA)
B gi A: EKPA(N1||N2)
A gi B: EKPB(N2)
A gi B: EKPB(EKRA(KS))
c Diffie-Hellman a ra vo 1976
L s kt hp ca hai m hnh xc thc v
mt ca h KCK
Vic sinh ra cc cp kho l hon ton khc
nhau i vi ngi s dng
S dng c ch trao i kho trc tip
khng qua trung gian xc thc
16
2
27
Nguyn tc ton hc :
m l mt s nguyn t:
y=ai mod m l bi ton d;
Bi ton ngc l bi ton kh. c bit vi m ln.
16
3
16
4
Tnh bo mt ca h mt
H mt v thm m
16
5
16
6
Lnh vc ng dng
Bi ton xc thc
16
7
28
Ni dung
Bi ton xc thc.
L thuyt xc thc Simmons
Cc phng php xc thc thng ip
Bi ton xc thc
im li cc dng tn cng
M xc thc thng ip
Hm bm
Ch k s
16
9
17
0
Bi ton xc thc
Bi ton xc thc
17
1
Mc ch ca bi ton xc thc:
M ho thng ip;
S dng m xc thc thng ip;
S dng hm bm;
Bi ton xc thc
Cc dng hm xc thc:
Mc cao:
Chng gi mo;
Thay i ni dung d liu;
Thay i trnh t trao i thng tin (hot ng ca cc giao thc).
17
2
Cc hm xc thc
Bi ton xc thc
17
3
Cc yu cu ca bi ton xc thc
17
4
29
Vn gi mo v xc thc
17
5
17
6
17
7
17
8
ch
Y
K
MAC = CK(M)
Gii m
17
9
M ho
Vn : tn ti
hay khng phng
Y
php xc thc hon
Thm m
ho chng li gi mo !?
Cc kch bn tn cng vo h xc thc:
M: l bn tin
K: l kho mt c chia s ch bi ngi gi v
ngi nhn;
CK(M): l mt hm xc thc, cho kt qu l mt
xu k t c di c nh;
18
0
30
M ho bn tin
i xng
Khng i xng
i vi CheckSum
18
1
V d tn cng
18
2
V d tn cng vo MAC
V d tn cng vo MAC
Vng 1:
Vng 2:
18
3
18
4
V d tn cng vo MAC
Nu k = a*n mt a vng tm ra
Nu k < n th ngay vng 1 to ra lun s so khp.
V d
Nu mt kho kch thc k=80 bit
CheckSum kch thc l n=32 bit
Th vng 1 s to ra khong 248 kha Vng 2 s thu
hp xung cn 216 kha
Vng 3 s to ch 1 kho n, v chnh l kho c
dng bi ngi gi.
V d tn cng vo MAC
Kt qu:
18
5
18
6
31
18
7
18
8
Xc thc dng hm bm
Cc yu cu i vi hm bm
18
9
C th p dng vi thng ip M vi di bt k
To ra gi tr bm h c di c nh
H(M) d dng tnh c vi bt k M no
T h rt kh tm c M sao cho h=H(M): tnh mt
chiu
T M1 rt kh tm c M2 sao cho H(M1)=H(M2)
Rt kh tm c cp (M1,M2) sao cho
H(M1)=H(M2)
19
0
Cc yu cu i vi hm bm
Cc yu cu i vi hm bm
19
1
Thng ip h thng
Chng trnh my tnh
Mt hm bm m tho mn cc c im t
15 trong danh sch trn th vn b coi l 1
hm bm km. Nu c im 6 c tho
mn, n mi c coi l mt hm bm tt.
c im 6 bo v bn tin khi mt lp cc tn
cng tinh vi nh tn cng ngy sinh (birthday
attack).
19
2
32
Xc thc dng hm bm
19
3
Xc thc dng hm bm
19
4
Cc hm bm n gin
19
5
19
6
Hm bm XOR
Hm bm XOR
19
7
19
8
Minh ha:
Bit 1
Bit 2
Bit n
Block 1
B11
B21
Bn1
Block 2
B12
B22
Bn2
..
..
Block m
B1m
B2m
Bnm
Hash Code
C1
C2
Cn
33
Hm bm RXOR
19
9
y l mt hm bm 1 chiu
Cc phin bn
20
0
S hot ng
SHA-1
c im ca hm:
20
1
20
2
Ch k s
Mt s kt qu test
Mt s gi tr digest ca SHA-1:
Yu
cu
loi
To v chng thc ch k
Digital Certificate
Phn
20
3
34
Yu cu
Phn loi
Da trn thng ip
S dng thng tin duy nht thuc v ngi
gi chng gi mo
D kim tra v nhn dng
Phi khng th tnh ton gi mo c
tho mn cc yu cu trn, ngi ta
thng s dng hm bm.
20
5
Ch k trc tip
Ch k phn x
20
6
Ch k trc tip
Ch k phn x
Hot ng chung :
20
7
20
8
To ch k
20
9
Chng thc ch k
21
0
35
Digital Certificate
21
1
21
2
To Certificate
Cu trc phn cp ca CA
Cc Certificate c
to ra cn chng
thc cho bn thn n
Cc CA c cu trc
phn cp
Minh ho qu trnh to
Certificate cho CA gc
v CA mc thp hn
21
3
21
4
21
5
Phin bn
S serial
Nh cung cp Certifficate
Ngi gi Certificate
Thi gian hp php ca Certificate
Cc thuc tnh
Ch k s ca nh cung cp
Kho cng khai ca ngi s hu Certificate
Thut ton bm dng to ch k.
Xc thc hai bn
Cc phng php m ho c in
Phng php m ho kho cng khai
21
6
36
Xc thc hai bn
21
7
2 phng php:
Timestamp: gn 1 timestamp vo bn tin --> yu cu
ng b
Challenge/Response: A s gi n B 1 nonce v i tr
li ca B. Nu c cha gi tr nonce chnh xc th mi
bt u gi bn tin
21
8
nh gi 2 phng php
21
9
Phng php m ho c in
22
0
Phng php ny m bo l mi bn u lu
tr kho cng khai hin thi ca bn cn li
Tt c cc phng php trn vn tn ti
nhng im thiu st
C nhiu phng php:
22
1
Denny
Woo v Law
22
2
37
Mc lc
22
3
22
4
1. Lch s ra i
22
5
22
6
3. ng dng
3. ng dng
Bo v bn quyn:
-dng watermark nhn
din ngi gi bn quyn.
-dng watermark nhn
din khch hng, kim
sot lu hnh hng ho.
22
7
1.Lch s ra i
2.Phn loi
3. ng dng
22
8
38
3. ng dng
3. ng dng
Watermark cc i tng s:
-text, image, audio, video.
-nhn din cho cc cu trc d liu kiu nh protein trong ho sinh
trong mt nh gc
-yu cu v tnh chu li thng l thp trong watermark
22
9
23
0
II.Cc vn k thut
1.Cc phase c bn
2.Cc kiu tn cng
3.So snh watermark vi m mt
4.So snh watermark vi nn nh
-pha nhng
watermark.
-pha phn
phi
watermark.
-pha trch dn
watermark.
-pha quyt
nh.
23
1
23
2
23
3
23
4
39
1.3.Phase trch dn
23
5
1.4.Phase quyt nh
o tng i gia
nh gc W v nh
c trch dn W*
Nu o trn ln hn
ngng th coi nh
ch k c xc
thc
23
6
Cc kiu tn cng:
-Nn mt mt thng tin
-Mo hnh hc
-Cc php x l tn hiu ni chung
-Cc kiu tn cng khc
Cc yu cu:
-Kh nng n hin ca du
-Kh chu li
-Chng gi mo
-Bit rate
-Sa i v sao chp watermark
23
7
23
8
23
9
24
0
40