KHOA THNG K TIN HC-I HC NNG

BO CO MN: MANG TRUYN THNG

tai: GIAO THC SSL

Gio vin hd :ng Trung Thnh Sinh vin th :Trng Quc Dng :Nguyn c Cng :L Tn Hip :V Ph t :Nguyn Vn Cng Thun

Lp

: MANTT02

1
Mng truyn thng ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

MUC TIU BAO CAO

1) 2) 3) 4) 5)
6) 7)

Gii thiu chung: khi nim, lch s pht trin SSL Cu trc giao thc SSL C ch bo mt d liu: cc phng thc m ha ng dung cua SSL Cc rui ro va cch khc phuc, so snh giao thc bo mt SSL vi mt s phng thc bo mt khc Demo cu hinh ISS 6.0 web site (chy trn window server 2003) s dung m ha SSL Kt lun

2
Mng truyn thng ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

KHAI NIM V LICH S PHAT TRIN SSL

1) Khai nim SSL (Secure Socket Layer ) l giao thc a muc ch c thit k to ra cc giao tip gia hai chng trnh ng dung, nhm m ho ton b thng tin i/n, m ngy nay c s dung rng ri cho giao dch in t nh truyn s hiu th tn dung, mt khu, s b mt c nhn (PIN) trn Internet. Vic m ha d liu din ra mt cch trong sut, h tr nhiu giao thc khc chy trn nn giao thc TCP, SSL chy ng dung trn mt cng nh trc (socket 443) Giao thc SSL (Secure Socket Layer) t hp nhiu gii thut m ha nhm m bo qu trnh trao i thng tin trn mng c bo mt. Vic m ha d liu din ra mt cch trong sut, h tr nhiu giao thc khc chy trn nn giao thc TCP, SSL kt hp nhng yu t sau thit lp c mt giao dch an ton
Mng truyn thng

ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

KHAI NIM V LICH S PHAT TRIN SSL

2) Lich s phat trin Giao thc SSL c hinh thanh va pht trin u tin nm 1994 bi nhm nghin cu Netscape dn dt bi Elgammal Cho n by gi, c ba phin bn cua SSL: SSL 1.0 Netscape Communications SSL 2.0: k tha Netscape Communications 1.0 SSL 3.0 c tung ra chnh thc vao thng 3 nm 1996 va vn ang c b sung va hoan thin. Phin bn SSL hin nay la 3.0 va vn ang tip tuc c b sung va hoan thin.

4
Mng truyn thng ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

CU TRUC GIAO THC SSL

1) Cu truc SSL

5
Mng truyn thng ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

CU TRUC GIAO THC SSL

2) Giao thc SSl SSL l giao thc tng (layered protocol), bao gm 4 giao thc con sau
Giao thc SSL Handshake

Giao thc SSL Change Cipher Spec Giao thc SSL Alert SSL Record Layer

Giao thc SSL da trn hai nhm con giao thc l giao thc bt tay (handshake protocol) v giao thc bn ghi (record protocol). Giao thc bt tay xc nh cc tham s giao dch gia hai i tng c nhu cu trao i thng tin hoc d liu, cn giao thc bn ghi xc nh khun dng cho tin hnh m ho v truyn tin hai chiu gia hai i tng .

Mng truyn thng

ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

CU TRUC GIAO THC SSL

3) Cac thut toan ma hoa dung trong SSL
SHA-1 (Secure Hash Algorithm): la mt thut ton bm ang c chnh phu M s dung. 3-DES (Triple-DES): l thut ton m ho c di kho gp 3 ln dai kho trong m ho DES DSA (Digital Signature Algorithm): la mt phn trong chun v xc thc s ang c c chnh phu M s dung KEA (Key Exchange Algorithm) la mt thut ton trao i kho ang c chnh phu MY s dung. MD5 (Message Digest algorithm) c pht trin bi Rivest RSA: l thut ton m ho cng khai dng cho c qu trnh xc thc v m ho d liu c Rivest, Shamir, and Adleman pht trin. RSA key exchange: l thut ton trao i kho dng trong SSL da trn thut ton RSA. RC2 and RC4: la cc thut ton m ho c pht trin bi Rivest dng cho RSA Data Security. SHA-1 (Secure Hash Algorithm): la mt thut ton bm ang c chnh phu M s dung.

Mng truyn thng

ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

C CH BAO MT D LIU
1) Cach thc

SSL la mt tp cc thu tuc c chun ha cc dch vu bo mt.

Xc thc server Xc thc Client M ho kt ni

Cch thc bo mt SSL Record Protocol

SSL Record Protocol nhn d liu t cc giao thc con SSL lp cao hn v x l vic phn on, nn, xc thc v m ha d liu. Chnh xc hn, giao thc ny ly mt khi d liu c kch c ty lm d liu nhp v to mt lot cc on d liu SSL lm d liu xut (hoc cn c gi l cc bn ghi) nh hn hoc bng 16,383 byte.
Mng truyn thng

ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

C CH BAO MT D LIU

Cc bc khc nhau cua SSL Record Protocol vn i t mt on d liu th n mt bn ghi SSL Plaintext (bc phn on), SSL Compressed (bc nn) v SSL Ciphertext (bc m ha). Sau cng, mi bn ghi SSL cha cc trng thng tin sau y: Loi ni dung; S phin bn cua giao thc; Chiu dai; Ti trng d liu (c nn va c m ha ty ); MAC.
Giao thc SSL s dung kt hp 2 loi m ho i xng va cng khai. S dung m ho i xng nhanh hn rt nhiu so vi m ho cng khai khi truyn d liu, nhng m ho cng khai li la gii php tt nht trong qa trinh xc thc. Mt giao dch SSL thng bt u bng qu trinh bt tay gia hai bn.

SSL handshake

Mng truyn thng

ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

C CH BAO MT D LIU
S cac bc SSL Record protocol

Hinh 2: S cac bc SSL Record protocol Mng truyn thng

10
ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

C CH BAO MT D LIU
2) Thc thi Bc u tin trong vic thc thi SSL cho Web site cua bn l phi c c chng ch SSL t mt trung tm cp chng ch SSL. Chng ch SSL cua Web Server phn bit tn min v a ch IP ring bit cua n. Bn c th mua chng ch SSL t cc nh cung cp chng ch nh Verisign, Thawte, Entrust hay mt s nh cung cp chng ch cng cng khc. Chng ch cua nhng cng ty u c cc trnh duyt ln nhn ra. Bn cng c th c c chng ch t mt CA ni b. Sau ta tin hnh ci t (phn ny s c gii thiu trong DEMO)

11
Mng truyn thng ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

NG DUNG SSL
1) ng dung cng ngh xac thc may chu SSL trong giao dich thng mai din t

Hinh 3: M ta qua trinh bt tay cua giao thc SSL Mng truyn thng

12

ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

NG DUNG SSL

2) ng dung SSL trong chng chi s, ch ki s SSL Certificates - Chng ch s c vai tr rt quan trng trong cc giao dch trc tuyn nh: t hng, thanh ton, trao i thng tin,... c bit l trong cc lnh vc thng mi in t, sn giao dch vng v chng khon, ngn hng in t, chnh phu in t. Khi c s dung, mi d liu trao i gia ngi dng v website s c m ha ( pha ngi gi) v gii m ( pha ngi nhn) bi c ch SSL mnh m nht hin nay. Chng ch s SSL Server s cho php bn lp cu hnh Website cua mnh theo giao thc bo mt SSL (Secure Sockets Layer). Loi chng ch s ny s cung cp cho Website cua bn mt nh danh duy nht nhm m bo vi khch hng cua bn v tnh xc thc v tnh hp php cua Website. Chng ch s SSL Server cng cho php trao i thng tin an ton v bo mt gia Website vi khch hng, nhn vin v i tc cua bn thng qua cng ngh SSL.
Mng truyn thng

13

ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

NG DUNG SSL

3) ng dung mang ring ao s dung SSL (SSL VPN)

Hnh 4: M hnh SSL VPN

Mng truyn thng

14
ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

NG DUNG SSL
2) ng dung SSL VPN dnh cho ISP Gii php SSL VPN SA 6000 SP cho php cc ISP cung cp nhng gii php truy cp t xa v truy cp extranet, dch vu phuc hi sau thm ha v dch vu bo mt LAN Intranet - VoIP WLAN ti cc khch hng doanh nghip trn ton cu. Quan trng hn c, l nhng gii php khng i hi chi ph cao, nhng vn m bo cng ngh bo mt hng u v tnh chuyn dung cua sn phm, p ng nhu cu cua cc doanh nghip va v nh, vn rt quan tm ti chi ph u t. Khi ISP trin khai cc dch vu SSL VPN ny, nhng ngi dng c cp php cua khch hng s dung dch vu u c quyn truy cp bo mt ti mi ti nguyn mng t bt c mt kt ni Internet v trnh duyt Web chun no, nh my tnh c nhn, my tnh xch tay v cc thit b di ng.
Mng truyn thng

15

ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

CAC RUI RO V C CH KHC PHUC

1) Rui ro Thiu phn mm an ninh cn thit trn cc my cng cng Truy cp vt l vo cc my dng chung Keystroke logger Thit b u cui - mt thng tin nhy cm v s hu tr tu Man-in-the-middle attacksTn cng dng Man-in-the-middle Gii hn phn cng

16
Mng truyn thng ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

CAC RUI RO V C CH KHC PHUC

2) Cach khc phuc Chnh sch an ninh v truy cp an ton thng qua xc thc ngi dng mng. Xc thc my tnh Kim tra tnh trng an ninh cua my tnh Secure Desktop Lm sch Cache Pht hin Keystroke logger Cu hnh cn quan tm ao to v nng cao nhn thc cua ngi dung

17
Mng truyn thng ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

SO SANH GIA SSL VPN VA IPSEC VPN

18
Mng truyn thng ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

DEMO CHNG TRINH

Cu hnh IIS 6.0 Web site (chay trn Windows Server 2003) s dung m ha SSL .

19
Mng truyn thng ti: Giao thc SSL

KHOA THNG K TIN HC-I HC NNG

KT THC TI

20
Mng truyn thng ti: Giao thc SSL