Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

CHNG 6. CRYPTOGRAPHIC PROTOCOL

Mc ch cui cng ca Cryptography hay bt k chuyn ngnh no ca khoa hc my tnh u l i n gii quyt nhng vn , nhng bi ton do thc t t ra (i khi ngi ta hay qun iu ny). Cryptography gii quyt cc vn lin quan n tnh bo mt (secretcy), tnh xc thc (authenticity), tnh ton vn (intergrity) ... m ngi ta phi lun lun tnh n nhng yu t, nhng c nhn tham gia khng trung thc. Bn l ngi ang nghin cu Cryptography? Bn ang say sa vi cc thut ton, cc k thut ca chuyn ngnh ny? Kin thc ch mang tnh hc thut, chng no m bn cha hc c cch em vn dng chng gii quyt mt vn c th no . im mu cht ny th hin r rng khi chng ta phn tch cc khi nim sau y v cc cryptographic protocols (giao thc mt m). Mt protocol ch n gin l mt chui cc bc thc hin, c it nht 2 bn tham d, c thit k thc hin mt nhim v no . nh ngha ny n gin nhng cht ch. Mt chui cc bc c ngha l mt dy cc bc c th t, c u c cui, bc trc phi c kt thc trc khi thc hin bc sau. C t nht 2 bn tham d c ngha l c th c nhiu ngi cng tham gia thc hin chui bc ny, cn mt ngi lm mt mnh th khng th gi l protocol c. Nu mt ngi thc hin mt chui bc lm ra mt ci bnh th khng th gi chui bc thc hin l mt protocol, nhng vic c thm mt ngi khc tham d vo, chng hn c mi n ci bnh , th c th lm nn mt protocol. Cui cng ghi nh rng, protocol phi l mt thit k nhm t c ti mt kt qu g . Bt k mt ci g trng ging nh mt protocol mhng khng em n mt mc ch no th u khng phi l protocol m ch l mt tr chi lng ph thi gian! Protocols c nhng thuc tnh tt yu ca n: + Cc bn tham d phi c chun b trc bit v hiu protocol vi tt c cc bc ca n, trc khi tht s tham gia vo thc hin. + Cc bn phi ng tuyt i tun th cc bc.
Chng VI - 1 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

+ Protocol phi khng c ch no ti ngha, tt c cc bc phi c vit tng minh, khng c ch no gy nn kh nng hiu nhm. + Protocol phi y . Tt c cc tnh hung bin i u phi c nhn thy trc v c cc bc thc hin tip thich ng Mt cryptographic protocol l mt protocol c vn dng cc kin thc t cryptography t c cc mc tiu v mt an ton v bo mt ca h thng. Cc thnh phn tham gia c th l bn b v tin tng ln nhau, nhng cng c th l nhng k th ca nhau n mc thm ch khng tin nhau ngay c ch l hi gi nhau. Mt cryptographic protocol c th lin quan n cc thut ton ca cryptography nhng thng thng mc ch ca n i xa hn l tnh bo mt thun ty. Cc bn c th tham d vo vic chia s cc phn ca mt b mt dng c trit xut ra mt thng tin gi tr no , c th cng kt hp pht ra mt chui s ngu nhin (nh gieo xc xc), c th chng minh danh tnh (identity) ca mnh cho bn kia, hay ng thi k vo mt vn bn hp ng. Ton b vn ca p dng cryptography y l lm sao d ra v chng li cc kh nng nghe trm hay la di. Nu bn cn cha nghe bit n th gi y bn s hiu lm sao m nhng c nhn hon ton khng tin ln nhau vn c th lm vic vi nhau thc hin cc th tc thng tin thng qua cc mng my tnh. Nguyn tc tng qut thit k nn nhng protocol nh th ny l: Phi lm sao khng c ai, khng c bn no c th thu c nhiu hn, bit c nhiu hn nhng g m thit k ban u gi nh. iu ny thc t l kh thc hin hn nhiu so vi v ngoi ngn gn ca n. Khoa hc la di cng pht trin nhanh nh khoa hc chng li n. Ta s thy nhng v d m trong cc protocol ban u tng nh l an ton c nhng k h nh th no. Vic chng minh mt h thng no l an ton bao gi cng kh hn rt nhiu chng minh khng an ton. Mc ch ca cc protocols Protocols khng phi l ci g xa xi, chnh n l nhng g m ta c th thy v hnh ng theo hng ngy. Chng hn nh t mua hng qua in thoi,
Chng VI - 2 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

cam kt hp ng, chi bi hay l b phiu bu c ... Chng ta qu quen v thng khng phn tch ngn ngnh cc bc trong qu trnh, nhng th tc ca i sng hng ngy m v c kim nghim nhiu trn thc t nn t ra ng tin cy. Gt b tnh cht thng tc (phi hnh thc) ca chng, chng cng ch khc g cc protocol m ta nghin cu trong sch gio khoa. Ngy nay, vi s pht trin v bo ca mt h thng mng my tnh ton cu i n tng gia nh, vic a cc nghi thc th tc lm n bnh thng ca ngi ta ln thc hin qua mng cng l khng bao xa. Nh vy cn phi thit k nhng th tc lm vic tng ng cho my tnh c th thay th cho cc th tc trong i thng. im khc bit c trng y l by gi ngi lm vic vi nhau thng qua cc my tnh, tc l khng cn thy nhau mt chm mt (face-to-face) nh trc kia na. Hn na my tnh khng phi l ngi, n khng th d dng thch nghi vi thay i nh chng ta y. Ly v d nh bn c vic sang lu di mt nc ngoi c cc th tc bu c khc hn vi chng ta th bn cng c th nhanh chng lm quen v thch nghi c. Bn nng t thch nghi ny lm g c my mc cho nn vic xy dng cc protocol cho my tnh l rt kh v phi tnh n mi tnh hung, mi kh nng c th. Rt nhiu cc th tc lm n hng ngy ca chng ta c tin tng da trn s c mt cng nhau ca cc bn i tc, chnh th nn vic xy dng nhng protocol tng ng cho my tnh l khng cn n gin nh l cc th tc i thng m n thay th. Bn c th t hi xem ngi ta c th trao mt chng tin mt cho mt ngi l nh mua hng c c khng. Hay l th hi ngi ta c th chi bi vi mt i phng giu mt m khng c nhn thy tay i phng tro v chia bi nh th no, hay khng. Cng th hi bn c dm gi th cho chnh ph vi phiu bu c ca bn m khng c cc th tc m bo v vic giu tn. Tht l ngy th nu tin rng mi ngi lm vic trn mng my tnh u l ngi trung thc. Cng tht l c tin nu cho rng cc nh qun tr mng, hay thm ch ngay cc nh thit k ra cc mng ny l trung thc n cng. D hu ht l nh th nhng ch cn mt thiu s nh nhng ngi khng trung thc cng gy ra thit hi ln nu chng ta khng c cc bin php m bo.
Chng VI - 3 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

Vi phng php hnh thc ha, chng ta c th th thit k cc protocol ri tm hiu kim tra cc kh nng ca n c ng vng hay khng trc mi kiu loi xm phm ca cc k khng trung thc; t m ci tin pht trin ln chng li c cc kiu tn cng . Bng cch m ngi ta xy dng c cc protocol cho my tnh gii quyt c cc nhim v i sng nu trn nh bi ton chi bi trn mng, mua hng trn mng hay bu c trn mng. Hn na protocol my tnh l mt hnh thc tru tng ha v khng quan tm n vic ci t c th. Mt protocol l ging nhau d n c ci t trn bt c h iu hnh no. V th mt khi chng ta c th khng nh c tin cy ca mt protocol ta c th p dng n bt c u, d l cho my tnh, cho in thoi hay l cho mt l nng bnh vi sng thng minh. Cc bn tham gia vo protocol (the Players) c mt cch tip cn hnh thc thng nht vi tt c cc protocol th mt iu cn thit l c mt qui nh thng nht cch gi tn tt c cc bn tham gia v dnh lu c th vi protocol. Hu ht cc sch thng c mt cch thng nht l s dng mt tp tn ngi trong ting Anh gi cc bn c lin quan, c bit l ch ci u ca mi tn ngi u ng vi ch ci u ca t ting Anh ni ln vai tr ca nhng bn lin quan . Sau y s nu ln tp cc tn c dng trong sch Applied Cryptography ca Bruce Scheneir. Tham gia vo protocol c ti thiu l hai bn v nhiu khi n ba bn bn. Nhng tn ngi dnh cho hai bn ti thiu (bn A v B) l Alice v Bob, cn nu c thm cc bn C v D th s dng thm cc tn Carol v Dave. Nu protocol c cp n vn chng nghe trm th tn ngi Eve s c s dng gi k nghe trm c th (eavesdropper). Ngoi nghe trm, trn mng cn c th c nhng mi nguy him ln hn nhiu n t nhng k c nhng kh nng can thip mnh, chng hn nh cc nh qun tr hay iu phi vin khng trung thc cc my trung gian. Nhng k ny c th khng nhng ch nghe trm m cn c th ch ng ct xn hoc thay th, to gi tin ca bn. Ta hy gi k l Mallory (malicious active attacker). Cc bn tham gia c
Chng VI - 4 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

th mi mt ngi m tt c u tn nhim vo lm chng v phn x nu c tranh ci, ngi ny c coi nh trng ti di ci tn l Trent (Trusted arbitrator)... Sau y l bng danh sch ca cc tn gi hnh thc ca cc bn c th c lin quan trong protocol, ta c th thy chng nh mt danh sch cc tn nhn vt tham gia vo mt v kch no m y ta gi l protocol Alice Bob Carol Dave Eve Bn th nht trong cc protocol Bn th hai trong cc protocol Mt bn tham gia trong cc protocol c 3 n 4 bn Mt bn tham gia trong cc protocol c 4 bn K nghe trm (eavesdropper)

Mallory K tn cng ch ng c nhiu quyn lc trn mng nn rt nguy him (malicious active attacker) Trent Trng ti (trusted arbitrator)

Walter Ngi canh gc (Warden), anh ny c th ng canh gc Alice v Bob trong mt s protocol Peggy Ngi chng minh (prover)

Victor Ngi thm tra (verifier); Peggy cn phi chng minh vi Victor v mt quyn s hu no chng hn nh danh tnh ca anh ta khai l ng, hay anh ta ng l k c thm quyn c truy nhp vo mt ni quan trng Protocols c ngi trng ti Ngi trng ti l ngi phi tha mn cc iu kin sau: + Khng c quyn li ring trong protocol v khng thin v cho mt bn no + Cc bn tham gia c quyn li trong protocol u tin tng vo trng ti rng bt k ci g m anh ta ni v lm u l ng v chnh xc, ng thi tin tng anh ta s hon thnh s mng ca mnh trong protocol (khng b d gia chng i chi)
Chng VI - 5 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

Nh vy trng ti c th ng ra gip hon thnh cc protocol gia nhng bn tham gia khng tin tng ln nhau. Trong i thng, cc lut s thng c mi ra lm trng ti. V d, Alice mun bn mt ci xe cho Bob, mt ngi l. Bob mun tr bng sc, tuy nhin Alice li khng c cch no bit c sc c gi tr tht hay khng. Do vy c ta ch mun c chuyn sc trc khi giao xe cho Bob v y chnh l mu thun b tc v Bob cng ch tin g Alice hn l Alice i vi anh ta cho nn anh ta s khng a sc trc khi nhn c chic xe. Cch gii quyt l nh sau, Alice v Bob s n ch mt lut s c uy tn, Trent, m c hai u tin tng, v mt protocol nh sau s din ra, m bo c tnh trung thc: VD 1 (1) Alice chuyn vt cn bn cho Trent (2) Bob a t sc cho Alice (3) Alice chuyn sc vo ti khon ca c ta vo ngn hng. (4) i mt khong thi gian nht nh n khi sc chuyn xong, Trent s giao hng cho Bob. Nu t sc khng hp l th Alice s bo cho Trent bit vi bng chng c th v Trent s giao tr li hng cho c ta. Trong protocol ny: + Alice tin tng rng Trent s khng trao hng cho Bob tr phi sc c chuyn xong v s chuyn li hng cho c ta nu sec khng c gi tr. + Bob tin tng Trent s gi hng trong thi gian sec c chuyn v s giao n cho anh ta mt khi sc c chuyn xong. + Trent khng quan tm n vic t sc c gi tr tht s v c chuyn c hay khng, anh ta lm phn vic ca mnh trong c hai trng hp c th xy ra ng nh protocol qui nh, n gin bi v anh ta s c tr tin cng trong c hai trng hp. Nh bng cng c th ng ra lm trng ti cho Alice v Bob. Bob c th mt
Chng VI - 6 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

ci sc c chng nhn ca nh bng m mua bn vi Alice: VD2. (1) Bob vit mt sc v chuyn cho nh bng. (2) Sau khi cm mt s tin t ti khon ca Bob bng gi tr ca t sc, nh bng k chng nhn ln sc v chuyn tr li cho Bob. (3) Alice giao xe cho Bob cng lc Bob a Alice t sc c chng nhn ca nh bng. (4) Alice chuyn sc vo nh bng. Protocol ny thc hin c bi v Alice tin tng vo chng nhn ca nh bng, tin rng nh bng s cm gi s tin ca Bob cho c ta m khng s dng n vo u t bt c u. Trn y l hai v d trong s rt nhiu cc th tc mua bn theo c ch c trng ti. Khi nim trng ti l mt khi nim xa nh x hi loi ngi. tng c nhiu loi ngi khc nhau nh cc nh cai tr, cc tu s ... c c thm quyn hnh ng nh trng ti. Trng ti c mt vai tr v v tr chc chn trong x hi ca chng ta; ch mt ln phn bi li nim tin ca qun chng s l liu mng hy b ci uy tn kh kim . Chng hn, mt lut s m chi tr gian ln b pht hin s phi i mt vi kh nng b rt php ra khi lut s on. iu ny xc lp mt h thng hot ng da trn c s ch tn c ph thng nh mt iu lut, gip hot ng x hi tri chy. T tng ny c em p dng vo th gii my tnh, tuy nhin y xut hin mt s vn nht nh i vi cc trng ti my tnh: + C th d dng tm thy v t lng tin vo mt bn th ba trung gian trng ti nu ta bit v c th nhn tn mt h.Tuy nhin nu m hai bn tham gia protocol nghi ng nhau th vic cng t lng tin vo mt bn th ba no nm u khut din trn mng my tnh cng tr nn c th ng ng. + Mng my tnh s phi tn thm chi ph qun l v bo tr my tnh trng ti. Chng ta u bit n chi ph thu lut s, vy ai s ng ra ci ch ph tng ti ny (network overhead)?
Chng VI - 7 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

+ Lun lun c nhng khong tr vn gn lin vi bt k mt protocol c trng ti no.+ Trng ti phi tham gia vo mi giao dch trn mng, iu c ngha s tr nn mt im tht nt ngng c chai (bottleneck), d tc trn mng mt khi protocol c trin khai cho mt ng dng rng ri. Tng cng s trng ti c th gip trnh b tc ny nhng li lm tng thm chi ph qun l bo tr nhng my trng ti . + Bi v tt c mi ngi trn mng u tin trng ti, d gy ra y mt im nhy cm chu p lc tn cng tp trung t cc k rnh rp ph phch h thng. Protocols c ngi phn x. yn tm giao dch, Alice v Bob cn mi c mt ngi trng ti uy tn cao, tuy nhin y s ny sinh vn v vic phi tr s tin xng ng cho ngi ny, r rng l khng phi khng ng k. V vy ngi ta ny sinh ngh chia arbitrated protocol (giao thc c trng ti tham d) thnh hai subprotocol (phn-giao-thc) hai cp di: + Mt l mt protocol khng cn n trng ti, thc hin bt k khi no mun tin hnh giao dch. + Hai l mt arbitrated protocol m ch c s dng khi Alice v Bob ci nhau v mun c ngi phn x. V th trong trng hp ny ta khng dng khi nim ngi trng ti (arbitrator), vi ngha l ngi phi trc tip tham gia vo protocol, m s dng ngi phn x (adjudicator), bao hm ngha ngi ny khng cn phi c mt khi Alice v Bob tin hnh giao dch, m ch c mi n khi Alice v Bob yu cu gii quyt tranh ci. Cng ging nh trng ti, ngi phn x phi khng c quyn li lin can n giao dch ca Alice v Bob v c c hai ngi ny tin tng. Anh ta khng tham gia trc tip vo giao dch nh trng ti nhng s ng ra xc nh xem l giao dch c c tin hnh ng khng v xc nh bn sai bn ng nu nh c tranh ci. Cc thm phn l nhng ngi phn x chuyn nghip. Khc vi cng chng vin, mt thm phn s ch c mi ra khi no c vic tranh ci cn phn x.
Chng VI - 8 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

Alice v Bob c th tin hnh giao dch hp ng m khng cn n thm phn, ngi m s ch c bit n hp ng ny khi no mt trong hai ngi Alice hay Bob li ngi kia ra ta. Protocol dng cho k kt hp ng ny c th c hnh thc ha nh sau: VD3. a. Nonarbitrated protocol (dng ti mi thi im): (1) Alice and Bob tha thun cc iu khon ca hp ng. (2) Alice k hp ng (3) Bob k hp ng b. Adjudicated protocol (ch thc hin khi c tranh ci cn gii quyt): (1) Alice v Bob n gp quan ta nh phn x. (2) Alice a cc chng c ca c ta (3) Bob trnh by cc chng c ca anh ta (4) Quan ta xem xt cc chng c v phn quyt. im khc bit gia ngi trng ti v ngi phn x (dng theo ngha nh y) l ngi phn x khng phi lun lun cn thit. Nu c tranh ci th mi cn ngi phn x, khng c tranh ci th thi. tng dng ngi phn x ny c th em vo p dng trn my tnh. Trong nhng protocol th ny nu c mt bn tham gia m khng trung thc th nhng d liu lu c t protocol s cho php ngi phn x sau ny pht hin c ai l ngi la di. Nh vy thay v ngn chn trc s la o, protocol ngi phn x s pht hin c la di nu xy ra, thc t ny khi c ph bin rng s c tc dng nh ngn chn, lm li bc nhng k c d tm la di. Protocol t x (Self-enforcing protocol) Protocol t x l loi tt nht trong s cc protocol. Loi protocol ny t bn thn n c th m bo c tnh cng bng, khng cn n trng ti trc tip tham gia cm cn ny mc, hay mt thm phn phn x khi c tranh ci. C ngha l protocol loi ny c ch ra sao cho khng th c cc k h
Chng VI - 9 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

cho tranh ci ny sinh. Nu c bn no c chi sai lut th tin trnh s cho php pha bn kia pht hin ra ngay v protocol dng li ngay lp tc. iu mong c r rng l tt c cc protocol u nn ch to nh th, nhng ng tic l khng phi lc no cng c protocol loi ny cho mi tnh hung. Cc dng tn cng i vi protocols Nu nh protocol c coi nh l nghi thc giao tip cc bn lm vic vi nhau th i vi crytographic protocol, bn di ci v ngoi giao l cc k thut, cc thut ton mt m c vn dng, ci t trong cc bc c th ca protocol. Cc tn cng ca k ph hoi, nhm ph hoi tnh an ninh ca h thng cng nh xm phm tnh b mt ring t ca thng tin, l c th hng vo mt trong cc yu t sau: cc x l k thut, cc thut ton mt m hay l chnh bn thn protocol. Trong phn ny chng ta hy gc li kh nng th nht - gi s rng cc k thut v thut ton mt m u l an ton v chng ta ch xem xt kh nng th hai, tc l phn tch cc dng tn cng c th, trong k th li dng cc k h logic ca protocol m kim li hoc ph hoi. Cc dng tn cng ny c th phn thnh hai loi chnh nh sau. Vi dng tn cng th ng 1 , k ch ch ng ngoi nghe trm ch khng gy can thip hay nh hng g n protocol. Mc ch ca n l c gng quan st v thu lm thng tin. Tuy nhin thng tin nghe trm c ch l thng tin c m ha, do k ch cn phi bit cch phn tch gii m th mi dng c 2 . Mc d hnh thc tn cng ny khng mnh nhng rt kh pht hin v k th khng gy ng. V vy ngi ta phi ngh cch ngn chn trc loi tn cng ny. Nh bit, k nghe trm y c gi n thng qua tn Eve. Vi dng tn cng ch ng 3 , k ch l mt th lc trong mng nm nhiu kh nng v phng tin c th ch ng can thip v gy nh hng phc tp. N c th ng gi, np di mt ci tn khc, can thip vo protocol
Passive attacker Tn cng trong trng hp ny, trong ng cnh chung ca Cryptography, thng c gi l Ciphertext Only Attack 3 Active attack
2 1

Chng VI - 10 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

bng nhng thng bo kiu mi, xa b nhng thng bo ang pht trn ng truyn, thay th thng bo tht bng thng bo gi, pht li nhiu ln mt thng bo tht c ghi li trc vi mc ch gy nhiu, ngt ngang chng cc knh thng tin v sa cha vo cc kho thng tin lu trn mng. Cc kh nng khc nhau ny l ph thuc vo t chc mng my tnh v vai tr ca k ch trn mng. K tn cng trong tn cng th ng ch c gng thu lm thng tin t cc bn tham gia protocol, thng qua thu thp cc thng bo truyn i gia cc bn m phn tch gii m. Trong khi k tn cng ch ng c th gy ra cc tc hi rt a dng phc tp. K tn cng c th c mc ch thng thng n thun l tm c tin m n quan tm, nhng ngoi ra n cn c th gy ra cc ph hoi khc nh ph hoi ng truyn v lm sai lc cc thng bo qua li, h thp cht lng hot ng ca h thng hay nghim trng v phc tp hn l tm cch ot quyn truy nhp vo nhng h thng thng tin m ch dnh cho nhng ngi c thm quyn. K ch trong tn cng ch ng qu tht l nguy him, c bit l trong cc protocol m cc bn khc nhau khng nht thit l phi tin nhau. Hn na phi nh rng k ch khng phi ch c th l nhng k xa l bn ngoi m n c th l mt c nhn hp php trong h thng, thm ch ngay chnh l ngi qun tr h thng. Ngoi ra cn c th c nhiu c nhn lin kt vi nhau thnh mt nhm k ch v sc mnh ca chng s tng ln gy nguy him rt nhiu. Nh bit, y ta quy c gi nhng k tn cng ch ng rt nguy him ny qua ci tn Mallory. Mt iu cng c th xy ra l Mallory li l chnh mt i tc trong protocol. Anh ta c th c hnh ng la di hoc l khng chu tun theo protocol. Loi k ch ny c gi l k la o 4 . K la o thuc loi th ng th c th lm ng theo protocol nhng li c tnh thu nht thm thng tin t cc bn i tc hn l c php theo qui nh. K la o ch ng th ph v protocol trong mt c gng la di. Rt kh gi an ton cho mt protocol nu nh phn ln cc bn tham gia u l nhng k la o ch ng, tuy
4

Cheater

Chng VI - 11 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

nhin i khi ngi ta cng c cc bin php cc bn hp php c th d ra c s la o ang din ra. Tt nhin, cc protocol cng cn phi c bo v chng li nhng k la o loi th ng. V d: Trong phn ny chng ta s nghin cu mt s protocol in hnh, qua c mt ci nhn c th v cch thc thit k mt protocol. Trao i tin mt khng cn trao i kha (Shamir 3-pass protocol)

y l mt v d n gin v thit k cryptographic protocol. Sau y l pht biu ca bi ton vi mt hnh thc ca i thng. Gi s Bob mun gi mt bu phm c bit qua bu in cho Alice, ngi m anh ta c quan h trn mc bnh thng. Tuy nhin Bob c l do m ngng ngng khng mun ngi khc c bit l cha ca Alice nhn thy mn qu ny. Hai ngi thng nht qua in thoi s b bu phm vo thng v kha li nhng ny sinh vn tt nhin l Bob khng th gi cha kha i km vi gi hng. Shamir a cch gii quyt 3 bc nh sau:
Chng VI - 12 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

1. Bob b bu phm vo thng v kha bng kha E1, ri gi c i. 2. Alice nhn c thng hng bn ly kha ring E2 ca c ta m kha thm vo ri gi tr li Bob. 3. Bob nhn li c thng hng, m tho kha E1 ri li gi li cho Alice. n y, Alice nhn c thng hng khng suy suyn, ch vic kh n b v phng ring, che l kha li, dng cha ring ca mnh m tho E2 v ly ra vt qu ca Bob. Nhn vin bu in v b m Alice d t m n u cng khng th lm phin c hai bn tr ca chng ta! Mc d cch lm ny hi tn km mt t tht nhng tha mn c mun k cc ca i tr. Quay tr li vi Cryptography, s trn ny c th c p dng chuyn tin b mt gia hai bn A v B l hai bn khng c sn kha b mt dng chung thng nht t trc. Ta hy gi s A s dng h mt m vi kha Z1, B dng h mt m vi kha Z2. Protocol nh sau 5 : 1. A cn gi tin X cho B. A m ha Y1= E Z (X), ri gi Y1 cho B
1

2. B m ho Y2 = EZ2 (Y1) ri gi cho Y=2 cho A. 3. A gii m Y3 = E 1 (Y2 ) ri gi cho Y3 cho B. Z1 By gi B thu c Y3 ch vic gii m thu c X = E 1 (Y3 ) Z1 y iu kin cho Protocol hot ng ng ging nh v d xy ra trong i thng trn l ta phi chn cc h m ho E1 v E2 sao cho tho mn tnh giao hon:

E Z1 ( E Z1 ( X )) = E Z 2 ( E Z

( E Z1

( X ))

(*)

Tht vy, vi iu kin ny ta c th bin i nh sau: Y3 = E 1 (Y2 ) = E 1 (E Z 2 (E Z 2 (X)) Z1 Z1

y ta c E1 =

E 1 , E2 = E 12 l cc php m ho vi cc kho i xng Z1 v Z2. ng tc m kho Z1 Z

tng ng l cc php gii m

E 1 v E 12 Z1 Z
Chng VI - 13 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

= E 1 (E Z1 (E Z 2 (X)) = E Z3 )X) Z1 do B c th ly c X bng cch tnh X = E 1 (Y3 ) Z2 Nh vy xy dng thnh cng protocol ta phi i tm mt thut ton m ha tha mn c (*). iu ny khng phi l tm thng, c nhng php m ha tha mn c (*) nhng li gy nn nhng rc ri khc nh v d sau y: VD4.Ly E1 v E2 l cc one-time-pad 6 , tc l m ha vi b mt tuyt i, ta c

Y 1 = X Z1 Y2 = Y1 Z2 = X Z1 Z2 Y3 = Y2 Z1 = X Z2
Do ta c X= Y3 Z2 Tuy nhin vn l thut ton m ha ny khng th dng c v n ng thi li ko theo tnh cht sau y: Y1 Y2 Y3 = X! (bn hy ly giy bt m th xem)Ngha l Eve ngi gia nghe trm c cc thng bo Y1,Y2,Y3 v ch vic em cng n li l thu c tin gc X (cc stream cipher u c tnh cht ny). Tuy nhin nu ta theo v d sau y th s thnh cng. VD 5. S dng php ly ly tha trong trng Zp. X l mt phn t khc khng ca Zp. Tt c cc user u bit p. Mi user chn ngu nhin mt s e sao cho 1 ( e ( p v (e,p-1)=1.Sau s dng gii thut gcd m rng tnh d = e-1 ( Zp1. Cc s e v d c gi b mt. Sau y l mt v d minh ha bng s c th.
Nhc li One time pad l h m b mt tuyt i duy nht trong kho c chn l mt chui bt ngn nhin c di ng bng tin gi, m c to bng cch em XOR hai chui bit tin gi v kho vo nhau, gii m bng cch ly m XOR li vi chnh kho. Nn nh h ny l phi thc t v kho di nh tin cn gi v ch c tc dng c dng mt ln.
6

Chng VI - 14 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

VD6. Chn p=17. 1. Alice chn eA = 3 v tnh dA =11 (mod 16). 2. Bob chn eB =5 v tnh dB = 13. gi mt thng bo mt m=2 cho Bob, 1. Alice tnh v gi Y1 = 23 = 8 (mod 17) 2. Bob nhn Y1, tnh v gi Y2 cho Alice Y2 = 85 = 9 (mod 17) 3. Alice nhn Y2 = 9, tnh v gi Y3 cho Bob Y3 = Y211 = 911 = 15 (mod 17) 4. Cui cng Bob tm c thng bo m nh sau: m = Y313 = 1513 = 2 (mod 17) Tt nhin, y cha phi l mt protocol phc tp, nhng qua y bn c th c mt hnh dung v cng vic thit k mt cryptographic protocol. Bn ngoi n khoc mt ci v tng i n gin tuy nhin cng vic ny i hi hiu bit rng, nht l v cc cng c ton hc. Ngoi ra chng ta cn cha cp g n vic chng minh protocol l ng n. y ta ni n php chng minh hnh thc, tc l kh nng dng cng c logic hnh thc v cc h tin chng minh mt protocol l ng, hn l da vo phn tch trc gic. y l mt vn rt nan gii v tht ra cn ng, cha c h phng php no hon ton p ng. Do tnh cht phc tp ca vn nn khng cp chi tit y.
Trao i kha m bo 7 (Needham-Schroeder protocol)

Mc ch ca nhng protocol thuc loi ny l: + Chng thc danh tnh: m bo cho tng bn danh tnh i phng khai l
7

Authenticated key exchange protocol. Chng VI - 15 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

ng (chng li mo danh) + Sau khi chng thc xong, xc lp mt kha b mt dng chung gia hai bn s dng v sau trn c s dng truyn tin m i xng b mt.
Needham-Schroeder protocol.

Ta hy hnh dung A v B l hai ngi xa l cha tng lin h v by gi mun ni chuyn bng mt m vi nhau. Hai bn c th lin lc qua in thoi v thng nht l s s dng mt h m i xng vi kha b mt no , DES chng hn, tuy nhin kh khn l hai bn khng th bn nhau chn kha ny qua in thoi c. Nh vy vn mu cht l lm th no c th b mt chn c mt kha cho hai bn l xong. Trong protocol ny, vic s lm c thng qua mt gi s l trong h thng c mt server tin cy S ng trung gian. S vn c kha b mt chung thit lp t trc vi cc user trong h thng, tc l S c th truyn tin b mt vi cc user trong h thng ri. Ta s thit k protocol dng S lm cng c bc cu A v B c th qua thit lp c knh truyn tin ca mnh. tng c th l: + A s lin lc (tt nhin l b mt) vi S, nu danh tnh ca mnh v ca B l ngi m mnh mun nh S lin lc gip h. + S s chn ngu nhin ra mt chui dng lm kha gi l K. + n y bn c th hnh dung n gin l S s gi ngay K ny cho c A v B hai bn c th lin lc vi nhau (*). Tuy nhin nh th khng n - ta s bn lun v kh nng ny sau. y cch x l tip theo l: S s gi tr li cho A mt kha K nhng c m ha theo kha b mt gia B v S, khi A c m ny, A s c th gi n trc tip vi B v B gii m ra s thu c kha K cn thit, bng cch A v B s bt tay nhau v lin lc bt u. Sau y l protocol y : Trc ht chng ta c mt s thng tin vit tt nh sau: + RA, RB l cc s ngu nhin to ra bi A, B nhm chng li replay

Chng VI - 16 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

attack 8 . + K l kha phin c to ra bi S + ZAS v ZBS l cc kha b mt dng chung gia (A, S) v (B, S). Protocol nh sau: 1. A S: A, B, RA 2. S A: E K AS (R A , B, K, E K BS (K, A)) .3 A B : E K BS (K, A) 4. B : E K BS (K, A) 5. A B: EK (RB-1)
B

Gii thch: a. Trc ht ta hy tm khoan khng n cc phn m c RA, RB bc 1, A gi cho S danh tnh ca n v ca B v ngi cn lin lc. bc 2 th A nhn c ca S (sau khi gii m bng kha KAS), cc tin l kha K, danh tnh B v nhc li RA( m bo A lin lc vi ng i tng S ch khng phi tn cha cng ch kit no khc ng gi v l S) v m E K BS (B, A) . Chnh nh c m E K BS (B, A) ny khi A em gi n cho B, bc 3, th B s gii m theo kha KBS l kha ch ring B v S mi c nn B thu c hai tin l kha K v danh tnh ca A. Do B hiu rng A mun ni chuyn vi mnh bng kha b mt K. b. Nh vy n y bn c bn hiu ngha ca 3 bc u, ngoi tr kin dng RA lm g cha c gii p. im tinh vi l ch, nu y m ta khng ch th c th b chi xu bi replay attack: Mallory nghe trm cc cuc ni chuyn gia A v S trc y c th ghi li c mt phn
Relay (pht li) attack l th on lm nhiu h thng lin lc ca i phng bng cch thu li cc thng bo ca i phng pht li vo lc khc lm i phng tng c s v mi tht. chng li cn c b lc cn thn phn bit v vt b nhng thng tin replay .
8

Chng VI - 17 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

hi ca S cho A trc , v by gi nu Mallory dng th thut nh i, xa phn hi tht ca S v pht li phn hi c cho A th A s b nh la v khng c g phn bit tnh c mi. A s dng kha K t trc trong phn hi c lin lc vi B v nu tnh c m kha K ny b l v ri vo tay Mallory ri th tht bi t cho A! Nay ta s dng RA trao i gia A v B th r rng k hoch replay attack ca Mallory s gy cu, v RA l s pht sinh ngu nhin, mi ln mi khc. c. Nu bn hiu phn gii thch trn th by gi bn c th d dng hiu c nt hai bc cui ca protocol. Bi tp: 1. T gii thch hai bc cui 4,5 ca Needham-Schroeder protocol 2. By gi bn hy t gii thch kin cho rng (*) l khng n.
Zero-knowledge protocols

Nu bn nhp cnh vo mt t nc th ngi ta s yu cu bn trnh xem h chiu v Visa, nu bn mun vo mt ta nh c bo v th bn cn phi cho xem chng minh th, nu bn mun i qua mt phng tuyn th bn phi cho bit mt mt khu. Nh vy bn c th chng thc c mnh chnh l mnh v mnh c thm quyn c php lm g th bn phi trnh cho ngi gc xem mt vt s hu gn lin vi bn. Nhng i vi cryptography bn li c th c nhng php mu l nhng protocol m ta khng cn cho xem vt s hu ca ta (coi n nh mt b mt) m vn chng minh c cho ngi thm tra/ngi gc Victor rng ng l tht s ta ang s hu vt . (C phi bn thy n nh mt iu phi l khng?!). Trng hp ny c th rt cn thit 9 . iu ny c th thc hin c thng qua kh nng ca ngi cn chng thc tr li c mt s cu hi ca Victor - tuy nhin khng v th m cc cu tr li li l ra mt cht thng tin cho php Victor c th on c vt s hu b mt . Mt vn hon mt, d Victor-gin ip c ranh ma n u cng ch thu c s 0. Chnh v th nhng protocol ny
Ngi gc ch c ngha v thm tra xem ta c thm quyn ra vo hay khng nhng chnh ngi gc khng c php c thm quyn , v nu nh bn l VIP v CIA ang sn tm thng tin v bn th ngi gc c th dm lm gin ipj cho CIA lm.
9

Chng VI - 18 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

c gi vi ci tn l zero-knowledge protocol. Zero-knowledge protocol cho php cc thao tc quan trng nh chng minh danh tnh (identification) hay trao chuyn kha (key exchange) c th ci t c m khng lm l mt cht b mt no. Nhng tnh cht ny c bit hp dn khi p dng trong smart card. Trc khi nu mt protocol v d trong s ny, ta im qua cc bn tham gia v c th c can thip vo protocol: + Peggy ngi chng minh (the prover): Peggy nm c mt thng tin v mun chng minh cho Victor hay nhng khng mun tit l thng tin . + Victor ngi thm tra (the verifier): Victor c quyn hi Peggy mt lot cu hi cho n khi no anh ta chc chn l Peggy nm c thng tin mt . Victor khng th suy c thng tin ny ngay c khi anh ta c c tnh la o hoc khng tun th protocol. + Eve ngi nghe trm (Eavesdropper): Eve nghe trm cuc i thoi trn mng. Protocol cn phi chng li khng Eve ly c tin ng thi phng replay attack, tc l kh nng Eve sao chp cc thng bo ca Peggy pht i v dng li sau ny la Victor. + Mallory k ch tim nng nguy him nht (the malicious active attacker): Loi ny va nghe trm li va c kh nng can thip bng cch xa, thay th hay sa i cc thng bo ca Peggy v Victor trn mng. B mt cn chng minh l mt mu thng tin nh l mt mt khu, mt kha ring b mt ca mt h kha cng khai hay l mt p s ca mt vn ton hc hc ba. Protocol: Gi s (n,e) l mt h kha cng khai RSA. Gi s Peggie mun chng minh rng c ta bit mt TIN (plaintext) m l b m ha thnh M (ciphertext) c trong h RSA ny, tc l c= me (mod n). 1. P ( V: y=re vi r l mt s ngu nhin modulo n 2. V ( P: b ( {0,1}.
Chng VI - 19 -

Chuyn AT&BM cc h thng my tnh B/m H3T, khoa CNTT, HBKHN

Nguyn Khnh Vn

3. P ( V: z = r ( mb (tc l z=r nu b=0 hoc z=rm nu b=1) 4. V kim tra kt qu nh sau: nu anh ta gi b=0 bc 2 th anh ta kim tra xem c thc ze=y, nu anh ta gi i b=1 bc hai th anh ta kim tra xem ze=yc c ng khng. Bn bc ny c th lp i lp li rt nhiu ln v Victor c th thay i gia gi b=0 v b=1 bc th hai mt cch ngu nhin ty tht yn tm rng thc s Peggie l ch nhn ca thng tin m. Bi tp: Bn c hy t l gii cho mnh nhng nhn xt sau y:1. Peggie thc s (tc l khng phi mo danh), ngi duy nht bit m, th lun lun qua protocol thnh cng. Tnh cht ny c gi tnh y (completeness) 2. Nu Mallory mo danh Peggie th anh ta s tht bi vi xc xut rt cao (ty thuc vo s ln m Victor lp li 4 bc ca protocol). Tnh cht ny c gi tnh vng chi (soundness). 3. D lm th no (tng s ln lp i lp li v thay i gi tr b) Victor cng khng th bit c g hn v m ngoi tr iu rng n l mt gi tr m nu em ly tha s m e th thu c gi tr c 10 .

Cn lu rng bi ton tm logarithm theo modulo (Discrete Logarithm Problem) c coi l bi ton kh v khng c li gii thi gian a thc (tc l vi nhng con s chn ln th thc t khng th tnh ton c d gi s c trong tay cc my tnh mhng ha ca hng chc nm sau).

10

Chng VI - 20 -