You are on page 1of 17

cng n thi hc phn An ton thng tin - (c) 2009 by Bi Thanh Lim

Trng i hc hi phng
i hc tin hc k7
cng n tp An ton thng tin




















Hi Phng, Thng 12 nm 2009
(c) Bi Thanh Lim
cng n thi hc phn An ton thng tin - (c) 2009 by Bi Thanh Lim

I. M HO
1. Trnh by v H m ho
a. nh ngha h m ho
H mt m: l mt h bao gm 5 thnh phn (P, C, K, E, D) tho mn cc tnh cht sau
P ( Plaintext ) l tp hp hu hn cc bn r c th.
C ( Ciphertext ) l tp hp hu hn cc bn m c th.
K ( Key ) l tp hp cc bn kho c th.
E ( Encrytion ) l tp hp cc qui tc m ho c th.
D ( Decrytion ) l tp hp cc qui tc gii m c th.
Chng ta bit mt thng bo thng c t chc di dng bn r. Ngi gi s lm
nhim v m ho bn r, kt qu thu c gi l bn m. Bn m ny c gi i trn mt
ng truyn ti ngi nhn sau khi nhn c bn m ngi nhn gii m n tm hiu ni
dung. D dng thy c cng vic trn khi s dng nh ngha h mt m :
E
K
( P) = C v D
K
( C ) = P
Nhng yu cu i vi h mt m: Cung cp mt mc cao v tin cy, tnh ton vn,
s khng t chi v s xc thc.
tin cy: cung cp s b mt cho cc thng bo v d liu c lu bng vic che
du thng tin s dng cc k thut m ha.
Tnh ton vn: cung cp s bo m vi tt c cc bn rng thng bo cn li khng
thay i t khi to ra cho n khi ngi nhn m n.
Tnh khng t chi: c th cung cp mt cch xc nhn rng ti liu n t ai
ngay c khi h c gng t chi n.
Tnh xc thc: cung cp hai dch v: u tin l nhn dng ngun gc ca mt thng
bo v cung cp mt vi s bo m rng n l ng s thc. Th hai l kim tra c
tnh ca ngi ang logon mt h thng v sau tip tc kim tra c tnh ca h
trong trng hp ai c gng t nhin kt ni v gi dng l ngi s dng.

b. Cc loi H m ho
b.1 M ho kho i xng
nh ngha: Thut ton i xng hay cn gi thut ton m ho c in l thut ton m ti
kho m ho c th tnh ton ra c t kho gii m. Trong rt nhiu trng hp, kho m
ho v kho gii m l ging nhau. Thut ton ny cn c nhiu tn gi khc nh thut ton
kho b mt, thut ton kho n gin, thut ton mt kho. Thut ton ny yu cu ngi gi
v ngi nhn phi tho thun mt kho trc khi thng bo c gi i, v kho ny phi
c ct gi b mt. an ton ca thut ton ny vn ph thuc v kho, nu l ra kho
ny ngha l bt k ngi no cng c th m ho v gii m thng bo trong h thng m ho.
L loi mt m ch dng 1 kho cho c vic m v gii m.
V d cc h m ho kho i xng:
- M chuyn dch (shift cipher)
- M thay th (substitution cipher)
- M Affine
cng n thi hc phn An ton thng tin - (c) 2009 by Bi Thanh Lim

- Vigenere
- M Hill
- M hon v
u im:
Tc m/gii m nhanh. y l u im ni bt ca m i xng.
S dng n gin: ch cn dng mt kho cho c 2 bc m v gii m.
Nhc im:
i hi kho phi c 2 bn gi/nhn trao tn tay nhau v khng th truyn
kho ny trn ng truyn m khng c bo v. iu ny lm cho vic s
dng kho tr nn khng thc t.
Khng an ton: cng nhiu ngi bit kho th ri ro cng cao.
Mt s loi mt m i xng:
DES: 56 bit, khng an ton. C th d dng b b kho trong khong vi pht.
Triple DES, DESX, GDES, RDES: m rng di ca kho m DES ln ti 168
bit.
RC2, RC4, RC5: di kho c th ln ti 2048 bit.
IDEA (International Data Encryption Algorithm): 128 bit, thng dng trong cc
chng trnh email.
Blowfish: 448 bit
b.2 M ho kho cng khai (Phi i xng)
nh ngha: Vo nhng nm 1970 Diffie v Hellman pht minh ra mt h m ho mi
c gi l h m ho cng khai hay h m ho phi i xng.
Thut ton m ho cng khai l khc bit so vi thut ton i xng. Chng
c thit k sao cho kho s dng vo vic m ho l khc so vi kho gii m. Hn
na kho gii m khng th tnh ton c t kho m ho. Chng c gi vi tn
h thng m ho cng khai bi v kho m ho c th cng khai, mt ngi bt k
c th s dng kho cng khai m ho thng bo, nhng ch mt vi ngi c ng
kho gii m th mi c kh nng gii m.
L loi mt m dng mt kho m ho (thng gi l kho cng khai - public
key) v dng mt kho khc gii m (thng gi l kho ring - priavate key).
cng n thi hc phn An ton thng tin - (c) 2009 by Bi Thanh Lim

Trong nhiu h thng, kho m ho gi l kho cng khai (public key), kho gii m thng
c gi l kho ring (private key).
c trng ni bt ca h m ho cng khai l c kho cng khai (public key) v bn tin m
ho (ciphertext) u c th gi i trn mt knh thng tin khng an ton.
V d cc h m ho kho cng khai:
- RSA
- Rabin
- Elgamal
- H m da trn bi ton NII y (Merkle-Hellman, McEliece)
- Cc h mt m xc sut cng khai (Goldwasser-Micali, Blum-Goldwasser)
u im
y l loi m c s dng ch yu trn Internet. Mt ngi mun s dng loi mt
m ny cn to ra mt cp kho public/private. Anh ta c th truyn kho public ca mnh ti
bt c ai mun giao tip vi anh ta m khng s ngi khc ly kho ny. C ta s m ho
thng ip ca mnh bng kho public v gi ti cho anh ta. D nhin l ch mnh anh ta vi
kho private ca mnh mi c th thy c thng ip ca c.
Nhc im:
Tc m ho chm: tc m ho nhanh nht ca loi mt m khng i xng vn
chm hn 1000 ln so vi mt m i xng. Do ngi ta thng kt hp 2 loi mt
m nng tc m ho ln.
Mt s loi mt m khng i xng
RSA: Loi m ny c dng nhiu nht cho web v chng trnh email. di kho
thng thng l t 512 n 1024 bit.
ElGamal: 512 n 1024 bit.
b.2 M dng
Vi cch m theo dng (stream cipher), trc ht ta phi xc nh mt dng kha,
tc l mt phn t K = K
1
...K
m
K
*

, vi dng kha ta xc nh vi mi bn r X =
x
1
...x
m
P * bn m tng ng l
e
K
(X) =
1
1 1
( ... ) ( )... ( ).
m
K m K K m
e x x e x e x =
cng n thi hc phn An ton thng tin - (c) 2009 by Bi Thanh Lim

Gii m Y = e
K
(X) ta c
d
K
(Y) =
1 1
1 1
( ( )).... ( ( )) ....
m m
K K K K m m
d e x d e x x x X = = .
s dng cch lp mt m theo dng, ngoi s mt m gc ta cn phi c
mt dng kha, tc l mt dy c di ty cc k t kha. thng l cc dy cc
k t kha c sinh ra bi mt b "to dy ngu nhin" no xut pht t mt "mm"
chn trc. Trong cc ng dng thc t, ngi ta thng dng cch m theo dng c s
mt m gc l s Vernam vi
P = C = K = {0,1}
v cc hm lp m v gii m c xc nh bi
e
K
(x) = x + K mod 2, d
K
(y) = y +K mod 2 (K = 0 hoc 1);
dng kha l dy bit ngu nhin c sinh ra bi mt b to dy bit ngu nhin no
.
b.2 M khi
Theo cch m theo khi (block cipher), trc ht ta xc nh mt di khi (chng
hn l k), tip m rng khng gian kha t K thnh K
k
, v vi mi K =K
1
...K
k
K
k
, ta
m rng e
K
v d
K
thnh cc thut ton e
K
: P
k
C
k
v d
K
: C
k
P
k
nh sau: vi mi
x
1
...x
k
P
k

v y
1
...y
k
C
k
ta c

1
1 1
( .... ) ( ).... ( );
k
K k K K k
e x x e x e x =
1
1 1
( .... ) ( ).... ( )
k
K k K K k
d y y d y d y = .
Gi th bn r m ta mun lp mt m cho n l dy k t X P * .Ta ct X thnh
tng khi, mi khi c di k, khi cui cng c th c di k, ta lun c th gi
thit l c th b sung vo phn cui ca khi mt s k t qui c no n cng
c di k. Do ta c th gi thit X = X
1
....X
m
, trong mi X
1
,...,X
m
l mt khi c
di k. V ta nh ngha bn mt m ca X l:
e
K
(X) = e
K
(X
1
....X
m
) = e
K
(X
1
)....e
K
(X
m
).
t Y = e
K
(X
1
)....e
K
(X
m
), ta c th vit Y = Y
1
....Y
m
vi Y
i
=e
K
(X
i
), v do c
d
K
(Y) = d
K
(Y
1
)....d
K
(Y
m
) = X
1
....X
m
= X.
Cch m theo khi n gin v thng dng nht l khi ta chn di khi k =1. Khi
vi mi bn r X = x
1
...x
m
P * ta c
e
K
(X) = e
K
(x
1
....x
m
) = e
K
(x
1
)....e
K
(x
m
).

cng n thi hc phn An ton thng tin - (c) 2009 by Bi Thanh Lim

c. V d v mt h m ho
M dch vng: M dch vng c xc nh trn Z
26
(do c 26 ch ci trn bng ch
ci ting Anh) mc d c th xc nh n trn Zm vi modulus m tu . D dng thy
rng, MDV s to nn mt h mt nh xc nh trn, tc l dK (eK(x)) = x vi mi
x Z
26
.
nh ngha: Mt h mt l mt b 5 (P,C,K,E,D)
Gi s P = C = K = Z
26
vi 0 k 25 , nh ngha:
e
K
(x) = x +K mod 26 v d
K
(x) = y -K mod 26 (x,y Z
26
)
Nhn xt: Trong trng hp K = 3, h mt thng c gi l m Caesar tng
c Julius Caesar s dng. Ta s s dng MDV (vi modulo 26) m ho mt vn
bn ting Anh thng thng bng cch thit lp s tng nggia cc k t v cc
thng d theo modulo 26 nh sau: A 0,B 1, . . ., Z 25.
V d 1: Gi s kho cho MDV l K = 11 v bn r l: wewillmeetatmidnight
Trc tin bin i bn r thnh dy cc s nguyn nh dng php tng ng trn. Ta c:
22 4 22 8 11 11 12 4 4 19
0 19 12 8 3 13 8 6 7 19
sau cng 11 vo mi gi tr ri rt gn tng theo modulo 26
7 15 7 19 22 22 23 15 15 4
11 4 23 19 14 24 19 17 18 4
Cui cng bin i dy s nguyn ny thnh cc k t thu c bn m sau:
HPHTWWXPPELEXTOYTRSE
gi m bn m ny, trc tin, Bob s bin i bn m thnh dy cc s nguyn ri tr
i gi trcho 11 ( rt gn theo modulo 26) v cui cng bin i li dy ny thnh cc k t.

2. Trnh by v H m ho kho i xng
a. nh ngha: Nh trn.
b. Cc c im c trng ca H m ho kho i xng
Phng m ho c in i hi ngi m ho v ngi gii m phi cng
chung mt kho. Khi kho phi c gi b mt tuyt i, do vy ta d
dng xc nh mt kho nu bit kho kia.
H m ho i xng khng bo v c s an ton nu c xc sut cao
kho ngi gi b l. Trong h kho phi c gi i trn knh an ton nu
k ch tn cng trn knh ny c th pht hin ra kho.
Vn qun l v phn phi kho l kh khn v phc tp khi s dng h
m ho c in. Ngi gi v ngi nhn lun lun thng nht vi nhau v
vn kho. Vic thay i kho l rt kh v d b l.
cng n thi hc phn An ton thng tin - (c) 2009 by Bi Thanh Lim

Khuynh hng cung cp kho di m n phi c thay i thng xuyn cho
mi ngi trong khi vn duy tr c tnh an ton ln hiu qu chi ph s cn tr rt nhiu
ti vic pht trin h mt m c in.
V d bng mt s minh ho vic lp, gii m theo h m ho i xng (Affine)
Gi s K = (7,3). Nh nu trn, 7-1
mod 26 = 15. Hm m ho l
e
K
(x) = 7x+3
V hm gii m tng ng l:
d
K
(x) = 15(y-3) = 15y -19
y, tt c cc php ton u thc hin trn Z
26
. Ta s kim tra liu
d
K
(e
K
(x)) = x vi mi x thuc Z
26
khng? Dng cc tnh ton trn Z
26
, ta c
d
K
(e
K
(x)) =d
K
(7x+3)
=15(7x+3)-19 = x +45 -19= x.
minh ho, ta hy m ho bn r hot. Trc tin bin i cc ch h,
o, t thnh cc thng du theo modulo 26. Ta c cc s tng ng l 7, 14 v
19. By gi s m ho:
7 7 +3 mod 26 = 52 mod 26 = 0
7 14 + 3 mod 26 = 101 mod 26 =23
7 19 +3 mod 26 = 136 mod 26 = 6
Bi vy 3 k hiu ca bn m l 0, 23 v 6 tng ng vi xu k t AXG.
3. Trnh by v H m ho cng khai
a. nh ngha: Nh trn.
b. Cc c im c trng ca H m ho kho cng khai
Diffie v Hellman xc inh r cc iu kin ca mt h m ho cng khai nh
sau:
1. Vic tnh ton ra cp kho cng khai K
B
v b mt k
B
da trn c s cc iu
kin ban u phi c thc hin mt cch d dng, ngha l thc hin trong
thi gian a thc.
2. Ngi gi A c c kho cng khai ca ngi nhn B v c bn tin P cn gi
i th c th d dng to ra c bn m C.
C = E
KB
(P) = E
B
(P)
Cng vic ny cng trong thi gian a thc.
3. Ngi nhn B khi nhn c bn tin m ha C vi kho b mt k
B
th c th gii
m bn tin trong thi gian a thc.
cng n thi hc phn An ton thng tin - (c) 2009 by Bi Thanh Lim

P = D
kB
(C) = D
B
[E
B
(M)]
4. Nu k ch bit kho cng khai K
B
c gng tnh ton kho b mt th khi
chng phi ng u vi trng hp nan gii, trng hp ny i hi nhiu
yu cu khng kh thi v thi gian.
5. Nu k ch bit c cp (K
B
,C) v c gng tnh ton ra bn r P th gii quyt
bi ton kh vi s php th l v cng ln, do khng kh thi.
c. V d bng mt s minh ho vic lp, gii m theo h m ho cng khai (Elgamal)
Chn p = 2579, = 2, a = 765 ta tnh c = 2
765
= 949 mod 2579. Ta c kho cng
khai (2579, 2, 949) v kho b mt 765.
Gi s tip tc lp m cho x = 1299, ta chn ngu nhin k = 853 s c:
e
k
= (1299, 853) = (2
853
, 1299, 949
853
) mod 2579 = (453, 2369)
V gii m ngc li:
dk = (453, 2396) = 2396 . (453
765
)
-1
mod 2579 = 1299.
4. Trnh by v H m ho RSA
jnh ngha h mt RSA

Ni mt cch khc, u tin ngi nhn B la chn mt kha cng khai K
B
mt cch ngu
nhin. Khi kha b mt k
B
c tnh ra bng cng thc (5). iu ny hon ton tnh c v
khi B bit c cp s nguyn t (p,q) th s tnh c (N).

V d:
N=11413=101113, (N)=100112=11200=2
6
5
2
7. K
B
phi chn sao cho khng chia ht
cho 2,5,7. Chn, chng hn K
B
=3533 khi k
B
= K
B
-1
= 6579 mod 11200. V ta c kha cng
khai l (N,K
B
) = (11413,3533), kha b mt l 6579. Php lp m v gii m l:
E
KB
(P) = P
KB
(mod N) = P
3533
(mod 11413)
D
kB
(C) = C
kB
(mod N) = C
6579
(mod 11413)
Chng hn vi P = 9726, ta c C=5761.

Chun b
Cho n = p*q vi p,q l s nguyn t ln.
t P = C = Z
n

t (n) = (p-1)*(q-1)
Chn b nguyn t vi (n)
nh ngha kha K = {(n,a,b): a*b 1 (mod (n))}
Mt cch k hiu khc: K = {(n,K
b
,k
b
): K
b
*k
b
1 (mod (n))}
Xc nh h mt RSA
Hai gi tr n, b cng khai; cc gi tr a l b mt
Vi mi gi tr K=(n, a, b) v xP; yC ta xc nh hai hm sau
Hm m ha: y = e
k
(x) = x
b
mod n

cng n thi hc phn An ton thng tin - (c) 2009 by Bi Thanh Lim



6. Trnh by v H m ho Elgamal
Elgamal l h mt m ho cng khai, c xut nm 1985 da vo phc tp tnh
ton ca bi ton Logarit ri rc, v sau nhanh chng c s dng rng ri khng
nhng trong cc vn bo mt truyn tin m cn trong cc vn xc nhn v v ch k in
t.
1. S h m ho cng khai ELGamal:
S h m ho cng khai ELGamal c cho bi:
= (P, C, K, E, D)
Trong :
*
26
*
26
*
26
, Z Z C Z P = = vi P l mt s nguyn t: K = {K = (K, K): K = (p, , ),
K = a,
a
= mod p}, y l phn t nguyn thy theo mod p. Cc gi tr p, , c
cng khai, a c gi b mt. Nh vy vi K = (p, , a, ) v s ngu nhin b mt r Z
p-1

nh ngha:
Lp m:
e
k
(x, r) = (y
1
, y
2
)
Trong : y
1
=
r
mod p v y
2
= x*
r
mod p
Gii m:
d
k
(y
1
, y
2
) = y
2
(y
1
a
)
-1

Cc php lp m v gii m nh vy l hp thc bi v, vi mi x P v mi k Z
p-1
:

Chn p v q
Tnh
N=pq
Tnh (N)
Chn kha KB
C = P
KB
(mod N)
P = C
kB
( mod N )
Chn kha kB
KB
kB
Bn
Bn m C
Bn r gc P
S cc bc thc hin m ha theo thut ton RSA
cng n thi hc phn An ton thng tin - (c) 2009 by Bi Thanh Lim

d
k
(e
k
(x, k)) = x.
k
.(
k
)
-1
mod p = x.
k

-k
mod p = x.
2. Cc c im c trng ca h m ho Elgamal
Nh trnh by trn, nu ta xt tnh an ton ca h mt m ELGamal l vic gi tuyt
mt gi tr a, th ta c th yn tm v bi ton tm kho b mt tng ng vi bi ton Logarit
ri rc, m bi ton ny th cho n nay cha c mt thut ton no lm vic trong thi gian a
thc gii c n. C mt iu cnh bo l nn ch chn Module p l s nguyn t sao cho
p-1 c t nht mt c s nguyn t ln. iu thc hin c nu n l s nguyn t c
dng 2q+1 vi q cng l s nguyn t ln.
Ngoi ra, cn c kh nng kho b mt a b l trong vic s dng cu th s ngu nhin k,
c bit l s k c dng. Thc vy nu l s k th kho b mt a c th c tnh ra
ngay theo cng thc sau y:
a = (x-ky
2
) y
1
-1
mod (p-1)
Nh vy, mt ngi thm m c kh nng tn cng theo kiu bit c bn r c th pht
hin ra kho a nu bit k.
Mt trng hp khc lm mt tnh an ton ca h mt m ELGamal l vic dng chung
nhiu s k cho nhiu ln lp m. Thc vy gi s dng chung mt s ngu nhin k cho nhiu
ln lp m, mt ln cho x
1
v mt ln cho x
2
v c cc bn m tng ng (y
1
, y
2
) v (z
1
, z
2
).
V cng mt s k nn y
1
= z
1
v do theo cng thc lp m chng ta c z
2
/y
2
= x
2
/x
1
. Nh vy
ngi thm m trong mt ln bit bn r s bit c bn m trong nhng ln sau.
3. Cc v d bng s minh ho vic lp m, gii m
Chn p = 2579, = 2, a = 765 ta tnh c = 2
765
= 949 mod 2579. Ta c kho cng
khai (2579, 2, 949) v kho b mt 765.
Gi s tip tc lp m cho x = 1299, ta chn ngu nhin k = 853 s c:
e
k
= (1299, 853) = (2
853
, 1299, 949
853
) mod 2579 = (453, 2369)
V gii m ngc li:
dk = (453, 2396) = 2396 . (453
765
)
-1
mod 2579 = 1299.
II. K S
1. Trnh by v s ch k s (Ch k in t)

1. nh ngha s ch k s. Cc loi ch k s hin nay.
Gi s p l s nguyn t sao cho bi ton logarit ri rc trong Z
p
l kh
Gi s l phn t nguyn thy ca Z
*
p
. t P= Z
*
p
, A= Z
*
p

Z
p-1
v
K={(p, , a, ) :
a
mod p, a Z
*
p
}.
Gi tr p, , l cng khai, cn a l b mt.
Vi mi K = (p, ,a, ) v vi mt s ngu nhin (mt) k Z*
p-1
:
Sig
K
(x,k) = ( , )
Trong =
k
mod p v = ( x - a ) k
-1
mod (p-1).
vi Z
*
p
, Z
p-1
ta nh ngha:
cng n thi hc phn An ton thng tin - (c) 2009 by Bi Thanh Lim

Ver(x,

, )=True

x
mod p
2. Cc loi ch k s hin nay.
Hin nay c cc loi ch k nh :RSA, ELGamal, ch k khng th ph nhn c, ch k
mt ln, ch k nhiu ln, ch k m.
3. V d minh ho vic k s v kim tra ch k
*V d v s ch k ElGamal
Cn k trn x=2
+Chun b: Chn p=7, a=3, =2, r=5
Tnh =
a
mod p = 2
3
mod 7=1
+K: - Sig(x,r)=Sig(2,5)=(,)
- =x
r
mod p = 2
5
mod 7 = 4
- =(x-a*)*r
-1
mod (p-1) =(2-3*4)*5
-1
mod (7-1) =4
- Vy Sig(2,5) =(4,4)
+Kim tra ch k:
- V phi

mod 7 =1
4
* 4
4
mod 7 =4
- V tri
x
mod p = 2
2
mod 7 = 4
- V phi =V tri =4 Ch k ng
2. Trnh by v s ch k RSA
a. S :
Cho n=p*q, p v q l s nguyn t ln. t P= A=Z
n
, (n ) =(p-1)*(q-1).
K={(p, q, n, a, b): a*b=1 mod (n )}
Trong n, b l cng khai v q, p, a l b mt.
Vi vn bn xP ta nh ngha:
K: y = sig
k
(x) = x
a
mod n, yA.
Kim th: ver
k
(x,y)= ng x y
b
mob n.
Thut ton
u vo: - Vn bn x.
- Cc s p, q l cc s nguyn t ln.
- Tp kho K=( p, q, n, a, b).
u ra: - Ch k s y=sig
k
(x).
- Kim th ch k ver
k
(x,y) = true nu tho mn iu kin
x y
b
mob n.
b. Cc c im c trng ca ch k s RSA.
- So snh gia s ch k RSA v s mt m RSA ta thy c s tng ng.
Vic G k vo x tng ng vi vic m ho vn bn x. Thut ton kim th chnh l
vic s dng hm gii m nh RSA kim tra xem sau khi gii m c ng l vn bn
trc khi k khng. Thut ton kim th l cng khai, bt k ai cng c th kim th
ch k c.
cng n thi hc phn An ton thng tin - (c) 2009 by Bi Thanh Lim

- Nh vy vic k chng qua l m ho, vic kim th li chnh l vic gii m. Vn
bn x m ho trc khi gi. Nhng gia vic k v m ho c mi lin h g khng ?
Nn k trc hay m ho trc ?
c. V d minh ho vic K s , Kim tra ch k.
Gi s chng ta tin hnh k v kim th vi vn bn l 1 k t.
d. Vit chng trnh thc hin theo s ny.
Readln(q);
Readln(p);
Readln(b);
n:=p*q;
(n):=(p-1)*(q-1);
a:=Nghich_ao(b, (n))
Readln(c); {a vn bn vo.}
Procedure KY_RSA;
begin
x:=ord(c) - 64;
y:=Mu_To(x,a,n);
Writeln(y); {Ch k ca thut ton}
end;
Procedure KT_RSA;
begin
Readln(y);
If (x mod n) = Mu_To(y,b,n) Then {Xc nhn ch k l hp l.}
Else {Xc nhn ch k l khng hp l.}
end;

3. Trnh by v s ch k s Elgamal
1. S .
Gi s p l s nguyn t sao cho bi ton logarit ri rc trong Z
p
l kh gii. Gi s
Z
p
*
l phn t nguyn thu. t P= Z
p
*
, A = Z
p
*
x Z
p-1
*
.
K={( p, , a, ): =
a
mod p}.
Trong : p, , : cng khai v a: b mt.
Chn k Z
p
*
l b mt, k = (p, , a, ). Vi vn bn xP (x 0) ta nh ngha:
K:
y = sig
k
(x, k) = (,), ( Z
p
*
, Z
p-1
). =
a
mod p.
= (x-a* )*k
-1
mod (p-1).
cng n thi hc phn An ton thng tin - (c) 2009 by Bi Thanh Lim

Kim th :
Ver
k
(x, , ) = ng

*


x
mod p.
2. Thut ton
u vo: - Vn bn x.
- S nguyn t ln p, phn t nguyn .
- Tp kho K=( p, , a, ).
u ra: ch k sig
k
(x,k) = (, ).
kim th ver
k
(x, , ) l ng nu tha mn k

*


x
mod p.
3. Cc c im c trng ca ch k s Elgamal.
Xt mt ca s ch k E. Gi s, Oscar th gi mo ch k trn bc in x
cho trc khng bit a. Nu Oscar chn v sau th tm gi tr tng ng, anh ta
phi tnh logarithm ri rc log

-.
Mt khc, nu u tin ta chn v sau th tim
v th gii phng trnh:





x
(mod p).
tm . y l bi ton cha c li gii no: Tuy nhin, dng nh n cha c
gn vi n bi ton nghin cu k no nn vn c kh nng c cch no tnh
v ng thi (, ) l mt ch k. Hin thi khng ai tm c cch gii song cng
khng ai khng nh c rng n khng th gii c.
4. V d minh ho vic K s , Kim tra ch k.
Gi s chng ta tin hnh k v kim th vi vn bn l 1 k t. cho p = 467 , = 2
, a = 127, khi :
=
a
mod p
= 2
127
mod 467
= 132.
Nu Bob mun k ln bc in x = 100 v chn s ngu nhin k = 123. (ch
UCLN (213 , 466) = 1 v 213
-1
mod 466 = 431). Khi :
= 2
213
mod 467 = 29.
= (100 127*29) 431 mod 466 = 51.
Xc minh ch k bng cch kim tra: 132
29
29
51
189 mod 467 v 2
100
189
mod 467. V th ch k l hp l .
Xt mt ca s ch k Egamal: Gi s k tn cng (TC) th gi mo ch k
trn vn bn x m khng bit trc a. Nu TC chn v sau th tm gi tr tng
ng, anh ta phi tnh logarit ri rc log

-
. Mt khc, nu u tin anh ta chn v
th tm v th gii phng trnh:



=
x
mod p tm . y l bi ton cha c li
gii, tuy nhin dng nh n cha dc gn vi bi ton nghin cu k no nn vn
cn kh nng c cch tnh , ng thi (, ) l mt ch k. Hin thi khng ai
tm c cch gii song cng khng c ai khng nh c rng n khng th gii c.
cng n thi hc phn An ton thng tin - (c) 2009 by Bi Thanh Lim

5. Vit chng trnh thc hin theo s ny.
Readln(p); Readln();
Readln(a); Readln(k);
:=Mu_To(, a, p);
Readln(c); {Nhp vn bn.}
Procedure KY_ELGAMAL;
begin
x:= ord(c) 64;
:= Mu_To(, k, p);
:= Nghich_dao(k)*(x-a*) mod (p-1);
Writeln(, ); {Ch k sig
k
(x,k)=( ,).}
end;
Prrocedure KT_ELGAMAL;
begin
Readln(,);
If (Mu_To(, , p) * Mu_To(, , p)) mod p =Mu_To(, x, p) Then {Xc nhn ch k l
hp l.}
Else {Xc nhn ch k l khng hp l.}
end;
III. KIM SOT TRUY NHP
1. Trnh by vn kim sot truy nhp
a. Khi nim kim sot truy nhp
L vic p ng tt c cc truy nhp trc tip n i tng h thng tun theo phng
php v chnh sch bo v d liu. H thng kim sot truy nhp gm ngi dng v tin trnh,
cc ch th ny khai thc d liu, chng trnh thng qua cc php ton.
H thng kim sot truy nhp gm 2 phn:
(1) Cc chnh sch v qui tc truy nhp: Security Policies, Access rules
t ra kiu khai thc thng tin lu tr trong h thng.
(2) Cc th tc kim sot (c ch an ninh): Control Procedures
Kim tra yu cu truy nhp, cho php hay t chi yu cu khai thc.

Security Policies Access rules Control procedures









Control
procedures
Security
Policies
Access
rules
Ac
cess
Access
Request
Access
cng n thi hc phn An ton thng tin - (c) 2009 by Bi Thanh Lim


Chnh sch truy nhp: Lin quan n thit k v qun l h thng cp quyn khai thc.
Mt cch thng thng bo m an ninh CSDL l nh danh cc i tng tham gia h
thng v xc nh quyn truy nhp cho i tng.
jnh danh (Identifier): gn cho mi i tng mt nh danh (tn gi) theo mt cch thng
nht, khng c s trng lp cc nh danh.
U quyn (Authrization): l quyn khai thc mt php ton ca mt ch th trn mt i
tng.
Gii han quyn truy nhp:
tr li cu hi: bao nhiu thng tin c th c truy nhp cho mi ch th l ? C
hai chnh sch c bn:
+ Chnh sch c quyn ti thiu: Cc ch th s dng lng thng tin ti thiu cn
thit cho hot ng.
+ Chnh sch c quyn ti a: Cc ch th s dng lng thng tin ti a cn thit
cho hot ng. Tuy nhin phi m bo thng tin khng b xm phm qu mc cho
php.
C hai kin trc kim sot truy nhp:
+ H thng ng: Ch cc yu cu c quyn truy nhp mi c php.
+ H thng m: Cc truy nhp khng b cm th c php.
b. Cc phng php kim sot truy nhp: Trc tip, T ng
Trc tip:
+ Mt khu (PassWord)
Gin tip:
+ Tng la (FireWall),
+ Mng ring o (Virtual Private Network)
2. Trnh by vn kim sot truy nhp trc tip
2.1. Khi nim kim sot truy nhp trc tip
Qun l quyn truy nhp:
Chnh sch qun l quyn truy nhp c th c dng trong kim sot tp trung hoc phn
tn, vic la chn ny cng l mt chnh sch an ninh, c th kt hp c chnh sch ph
hp.
+ Phn cp u quyn: C ch kim sot c thc hin ti nhiu trm, tp trung
kim sot cc trm. V d: T chc cc trm nh cc nt trn cy.
+ Chn ngi s hu: m t quan h, m t ngi s hu v m bo quyn khai
thc thng tin ca h.
+ Quyt nh tp th: c ti nguyn do mt nhm s hu, khi c yu cu truy nhp
cn c s ng ca c nhm. V d: Chia s kha b mt.
2.2. Cc phng php kim sot truy nhp Trc tip
a. Chnh sch kim sot truy nhp: Thit lp kh nng, ch ra cch ch th v i
tng trong h thng c nhm li, dng chung kiu truy nhp no , cho php thit lp
vic chuyn quyn truy nhp.
b. Chnh sch phn cp: l chnh sch kim sot lung thng tin, ngn nga lung
thng tin i v cc i tng c mc phn loi thp hn.
H thng c cc mc phn loi sau:
0 = Bnh thng (Unclassified - U).
1 = Mt (Confidential - C)
2 = Ti mt (Secret - S)
3 = Tuyt mt (Top Secret - TS)
c. Mt khu.
cng n thi hc phn An ton thng tin - (c) 2009 by Bi Thanh Lim

Phn ny tp trung nghin cu c ch s dng mt khu, y vn l bin php an ninh c
hiu qu trong cc h thng hin nay. Cc nh nghin cu cho rng h thng mt khu l an
ton v khng th hoc khng c kh nng tnh c hm ngc ca hm mt chiu m ho
mt khu. Nghin cu tiu chun xc nh mt khu an ton, cc tn cng v cc bin php
phng chng.
Mt khu l xu k t b mt ch c ngi dng v h thng bit, v th h thng mc nhin
nhn dng ngi dng duy nht theo gi tr mt khu.
* Tiu chun mt khu an ton.S dng ti thiu 8 k t. Ni chung l mt khu di. Mt
khu gm 3 trong 4 nhm k t sau:
+ K t s (0 -9).
+ Ch in.
+ Ch thng.
+ K hiu c bit trn bn phm (nh @, #, %, &...).
Ghp 2 t khng hiu chnh, ct b (n-1) v tr ca kt qu, chn thm vo 1
k hiu c bit (n l di mt khu c chp nhn). Chn ting nc ngoi.
Chn thut ng gi nh v thi quen hoc mn th thao yu thch.
3. Trnh by vn kho truy nhp t ng
3.1 Khi nim kim sot truy nhp t ng
3.2 Cc phng php kim sot truy nhp T ng: mng ring o, tng la
A. Mng ring o. VPN
Mng ring o khng phi l giao thc, khng phi l phn mm my tnh. l mt chun
cng ngh, cung cp s lin lc an ton gia hai thc th c thc hin bng cch m ha
lin lc trn mt mng khng an ton (v d Internet).
Khi mt bn tin (message) c gi qua mng cng khai, n c chuyn qua mt s my
tnh, Router, Switch hay mt s thit b tng t, trc khi n c ch. Trong qu trnh vn
chuyn, thng ip c th b chn li, b sa i hoc b nh cp.
Ngi qun tr an ninh mng cn bo m nhng yu cu sau:
Ring t (Privacy): Ngi khng c php khng th hiu c s lin lc.
Ton vn (Intergrity): Ngi khng c php khng th so trn s lin lc.
Xc thc (Authenticity): Bo m khng xy ra lin lc sai a ch.
c khi nim r rng hn v VPN, ta cn hiu mt s khi nim sau:
M ha (Encryption): M ha l vic chuyn d liu c th c c (clear text),
v mt nh dng kh th c c (Ciphertext). M ha theo thut ton m ha v
kha b mt. Trong cc sn phm cng nghip v VPN, thng h tr m i xng
v khng i xng.
nh ng hm (Tunneling): nh ng hm l mt c ch dng cho vic
ng gi mt giao thc vo trong mt giao thc khc. Trong ng cnh Internet, nh
ng hm cho php nhng giao thc nh IPX, AppleTalk, c m ha, sau
ng gi trong IP. Trong ng cnh VPN, nh ng hm che giu giao thc lp
mng nguyn thy, bng cch m ha gi d liu ny vo trong mt v bc IP. V
bc IP ny thc ra l mt gi IP, sau c truyn i mt cch bo mt qua mng
Internet. Ti bn nhn, sau khi nhn c gi tin trn, s tin hnh g b v bc
bn ngoi v gii m thng tin trong , tip theo phn phi n thit b truy cp
thch hp. ng hm cng l mt c tnh o trong VPN. Cc cng ngh ng
hm c dng ph bin hin nay cho truy cp VPN gm c: giao thc nh ng
hm im, im PPTN, L2F, L2TP hoc IP Sec, GRE (Generic Route
Encapsulation).
Cht lng dch v (QoS - Quality of Service): Tha thun v Cht lng dch
v thng nh ra mt gii hn cho php v tr trung bnh ca gi tin trong mng.
cng n thi hc phn An ton thng tin - (c) 2009 by Bi Thanh Lim

Ngoi ra, tha thun ny c pht trin thng qua cc dch v c th vi nh cung
cp.
VPN c th ni gn gn l s kt hp ca:
nh ng hm + bo mt + Cc tha thun v QoS
Phn loi:
VPN Site To Site: Kt ni t vn phng chi nhnh n vn phng ca cng ty
thng qua ng ni Lease Line hay DSL.
VPN Site To Remote: H tr cho nhng ngi dng t xa hay i tc c th truy
cp vo mng cng ty qua ng kt ni vi ISP a phng vo Internet
Cc phng thc m ha trong VPN: Cc giao thc VPN nh IPSEC, PPTP, L2TP c
cc gii thut m ha khc nhau m ha d liu:
+ PPTP: S dng DES v Trople DES
+ IPSEC: Triper DES, CAST -128, RC5, IDA
+ p dng cc thut ton m ha bt i xng m ha kha. Dng lc IKE
trao i kha trong mng.
B. Tng la
Tng la (Firewall) l khi nim bao hm mt my tnh hoc mt thit b
phn cng chuyn dng c nhim v kim sot cc kt ni trao i thng tin
gia h thng mng cn c bo v (mng bn trong) vi mt mng c coi
l khng an ton v bo mt (mng bn ngoi thng l Internet ). cng c
th l mt h thng cc thit b c kt ni thnh mt mng trung gian gia hai
mng ny.
Firewall khng ch m bo s an ton cho cc hot ng bnh thng ca
h thng mng m n cn ng vai tr quan trng nh mt gii php qun l
ng tin cy.
Firewall thng c ci t ti im, ni m mng cn c bo v kt ni ti mng
ngoi. Hnh v di y m t Firewall tch ri mng cn bo v vi Internet:
PHN LOI TNG LA (FIREWALL).
+ Da vo v tr hot ng trong mng, phn thnh hai loi: Firewall mc ng dng v
Firewall mc mng.
+ Da vo nguyn l hot ng, c hai loi: Firewall lc gi tin (Filtering Firewall) v
Firewall y quyn (Proxy servers).
Theo cch no th cng ch c 2 loi Firewall c bn:
Firewall lc gi tin.
Firewall y quyn.
V mt nguyn l Firewall hot ng theo nguyn tc sau: Firewall c header ca cc gi
tin nh s hiu cng dch v, a ch ngun, a ch ch, loi dch v, ..., sau so snh cc
thng tin cn thit vi cc lut c thit lp. Ch nhng gi tin no tho mn lut mi c
chuyn tip.