Do An

MC LC
THUT NG VIT TT.....................................................................................i LI NI U......................................................................................................1 CHNG 1: NHN THC TRONG MI TRNG LIN MNG V TUYN..................................................................................................................4 1.1 Vai tr ca nhn thc trong kin trc an ninh ..............................................4 1.2 V tr ca nhn thc trong cc dch v an ninh ............................................4 1.3. Cc khi nim nn tng trong nhn thc......................................................6
1.3.1 Trung tm nhn thc (Authentication Center)...............................................6 1.3.2 Nhn thc thu bao (Subscriber Authentication)..........................................6 1.3.3 Nhn thc tng h (Mutual Authentication) ..............................................6 1.3.4 Giao thc yu cu/p ng (Challenge/Response Protocol).........................7 1.3.5 To kho phin (Session Key Generation)....................................................7
1.4 Mt m kho ring (Private-key) so vi kho cng cng (Public-key)......8 1.5. Nhng thch thc ca mi trng lin mng v tuyn...............................9
1.5.1 Vng tr ngi 1: Cc on ni mng v tuyn............................................10 1.5.2 Vng tr ngi 2: Tnh di ng ca ngi s dng.......................................12 1.5.3 Vng tr ngi 3: Tnh di ng ca thit b .................................................13
CHNG 2: NHNG NG DNG TIM NNG CA CC PHNG PHP KHO CNG CNG TRONG MI TRNG LIN MNG V TUYN................................................................................................................15 2.1. Thut ton kha cng cng Light-Weight cho mng v tuyn.............16
2.1.1 Thut ton MSR...........................................................................................16 2.1.2 Mt m ng cong elp (ECC: Elliptic Curve Cryptography)...................17
2.2. Beller, Chang v Yacobi: Mt m kha cng cng gp phi vn kh khn......................................................................................................................18

2.2.1 Cc phn t d liu trong giao thc MSN ci tin .....................................18 2.2.2 Giao MSR+DH............................................................................................21 2.2.3 Beller, Chang v Yacobi: Phn tch hiu nng............................................21
2.3 Carlsen: Public-light Thut ton Beller, Chang v Yacobi c duyt li ..............................................................................................................................22
Nguyn L Trng - Lp D2001VT i
2.4. Aziz v Diffie: Mt phng php kho cng cng h tr nhiu thut ton mt m.................................................................................................................24
2.4.1 Cc phn t d liu trong giao thc Aziz-Diffie.........................................24 2.4.2 Hot ng ca giao thc Aziz-Diffie ..........................................................25
2.5 Bnh lun v nh gi giao thc Aziz-Diffie .............................................28 2.6 Tng kt mt m kho cng cng trong mng v tuyn............................28 CHNG 3: NHN THC V AN NINH TRONG UMTS........................30 3.1 Gii thiu UMTS..........................................................................................30 3.2. Nguyn l ca an ninh UMTS....................................................................31
3.2.1 Nguyn l c bn ca an ninh UMTS th h 3............................................32 3.2.2 u im v nhc im ca GSM t quan im UMTS............................33 3.2.3 Cc lnh vc tng cng an ninh cho UMTS..............................................35
3.3. Cc lnh vc an ninh ca UMTS................................................................36

3.3.1 An ninh truy nhp mng (Network Access Security)..................................36 3.3.2 An ninh min mng (Network Domain Security)........................................37 3.3.3 An ninh min ngi s dng (User Domain Security) ...............................37 3.3.4 An ninh min ng dng (Application Domain Security)............................38 3.4.5 Tnh cu hnh v tnh r rng ca an ninh (Visibility and Configurability) 38
3.4. Nhn thc thu bao UMTS trong pha nghin cu.....................................40
3.4.1 M t giao thc kho cng cng ca Siemens cho UMTS..........................41 3.4.2 Cc iu kin tin quyt thc hin giao thc Siemens...........................42 3.4.3 Hot ng ca Sub-protocol C ca Siemens .............................................43 3.4.4 nh gi giao thc nhn thc Siemens ................................................46
3.5 Nhn thc thu bao trong vic thc hin UMTS .....................................47 3.6 Tng kt v nhn thc trong UMTS ......................................................50 CHNG 4: NHN THC V AN NINH TRONG IP DI NG .............51 (Mobile IP)..........................................................................................................51 4.1. Tng quan v Mobile IP ...............................................................52
4.1.1 Cc thnh phn logic ca Mobile IP............................................................53 4.1.2 Mobile IP Nguy c v an ninh..................................................................55
4.2. Cc phn t nn tng mi trng nhn thc v an ninh ca Mobile IP...56

4.2.1 An ninh IPSec..............................................................................................57
Nguyn L Trng - Lp D2001VT ii
4.2.2 S cung cp cc kho ng k di Mobile IP ..........................................57
4.3. Giao thc ng k Mobile IP c s............................................................60

4.3.1 Cc phn t d liu v thut ton trong giao thc ng k Mobile IP........60 4.3.2 Hot ng ca Giao thc ng k Mobile IP .............................................61
4.4 Mi quan tm v an ninh trong Mobile Host - Truyn thng Mobile Host ..............................................................................................................................64
4.5.1 Cc phn t d liu trong Giao thc nhn thc Sufatrio/Lam....................66 4.5.2 Hot ng ca giao thc nhn thc Sufatrio/Lam.......................................68
4.6. H thng MoIPS: Mobile IP vi mt c s h tng kho cng cng y ..........................................................................................................................69

4.6.1 Tng quan v h thng MoIPS .................................................................70 4.6.2 Cc c tnh chnh ca kin trc an ninh MoIPS.........................................72
4.7 Tng kt an ninh v nhn thc cho Mobile IP............................................76 KT LUN.........................................................................................................78 TI LIU THAM KHO..................................................................................79
Nguyn L Trng - Lp D2001VT
iii
THUT NG VIT TT
3GPP AH AMF AuC AUTN AV CA CAPI CCITT CH COA CRL CS DARPA DES DH DNS DSP EA ECC ECDSA EC-EKE ESP FA GSM HA IDEA IEEE 3rd Generation Partnership Project Authentication Header Authentication and Key Management Field Authentication Center Authentication Token Authentication Vector Certification Authority Cryptographic Application Program Interface Consultative Committee for International Telephony and Telegraphy Corresponding Host Care of Address Certificate Revocation List Certificate Server Defense Advanced Research Projects Agency Data Encryption Standard Diffie-Hellman Domain Name System Digital Signal Processor External Agent Elliptic Curve Cryptographic Elliptic Curve Digital Signature Algorithm Elliptic Curve-Encrypted Key Exchange Encapsulating Security Protocol Foreign Agent Global Systems for Mobile Communications Home Agent International Data Encryption Algorithm Institute of Electrical and Electronic Engineers n i tc th h ba Mo u nhn thc Trng qun l kho v nhn thc Trung tm nhn thc Th nhn thc Vc t nhn thc Chnh quyn chng nhn Giao din chng trnh ng dng U ban t vn v in bo v in thoi quc t My i tc Chm sc a ch Danh sch thu hi chng nhn Server chng nhn C quan cc d n nghin cu tin tin quc phng Chun mt m d liu H thng tn min B x l tn hiu s Tc nhn ngoi Mt m ng cong Elp Thut ton ch k s ng cong Elp Trao i kho mt m ng cong Elp Giao thc an ninh ng gi Tc nhn khch H thng thng tin di ng ton cu Tc nhn nh Thut ton mt m s liu quc t Vin k thut in v in t
IMEI
International Mobile Equipment Identifier
IMSR Improved Modular Square Root IMT-2000 International Mobile Telecomunications2000 IMUI International Mobile User Identifier IPSec ISAKMP ITU KDC LAN MAC MH MoIPS MSR PDA PKI RAND RCE RFC RPC SN SNBS SPD SPI UMTS USIM RSA Internet Protocol Security Internet Security Association and Key Management Protocol International Telecommunications Union Key Distribution Center Local Area Network Message Authentication Code Mobile Host Mobile IP Security Modular Square Root Personal Digital Assistant Public-Key Infrastructure Random number Radio Control Equipment Request For Comments Remote Procedure Call Serving Node Serving Network Base Station Security Policy Database Security Parameters Index Universal Mobile Telecommunications System UMTS Subscriber Identity Module Rivest, Shamir and Adleman
B nhn dng thit b di ng quc t Modul cn bc 2 ci tin Vin thng di ng th gii2000 B nhn dng ngi s dng di ng th gii An ninh giao thc Internet Giao thc qun l kho v lin kt an ninh Internet Lin minh vin thng quc t Trung tm phn phi kho Mng ni b M nhn thc bn tin My di ng An ninh an ninh di ng Modul cn bc hai Tr gip s c nhn C s h tng kho cng cng S ngu nhin Thit b iu khin v tuyn Yu cu ph bnh Cuc gi th tc xa Node phc v Trm gc mng phc v C s d liu chnh sch an ninh Ch mc cc tham s an ninh H thng vin thng di ng ton cu Modul nhn dng thu bao UMTS
LI NI U
Cng ngh thng tin v tuyn to ra s thay i su sc theo cch m mi ngi tng tc vi nhau v trao i thng tin trong x hi chng ta. Mt thp k qua, cc m hnh ang thnh hnh cho c cc h thng in thoi v cc mng my tnh l cc m hnh m ngi s dng tip cn mng t hp in thoi hoc trm my tnh c ni bng dy ti c s h tng lin mng rng hn. Ngy nay, cc m hnh dch chuyn n mt m hnh ni m mng tip cn ngi s dng bt k khi no h xut hin v s dng chng. Kh nng lin lc thng qua cc my in thoi t ong trong khi ang di chuyn l thc hin c v cc h thng cho truy nhp Internet khng dy ngy cng ph bin. Tim nng cung cp mm do v cc kh nng mi ca thng tin v tuyn cho ngi s dng v cc t chc l r rng. Cng thi im , vic cung cp cc c s h tng rng khp cho thng tin v tuyn v tnh ton di ng gii thiu nhng nguy c mi, c bit l trong lnh vc an ninh. Thng tin v tuyn lin quan n vic truyn thng tin qua mi trng khng kh, in hnh l bng cc sng v tuyn hn l thng qua mi trng dy dn khin cho vic chn hoc nghe ln cc cuc gi khi ngi s dng thng tin vi nhau tr nn d dng hn. Ngoi ra, khi thng tin l v tuyn th khng th s dng v tr kt ni mng ca ngi s dng nh l mt phn t nh gi nhn dng chng. khai thc tim nng ca cng ngh ny mi ngi phi c th chuyn vng t do vi cc sn phm thng tin di ng c v t quan im c s h tng mng t nht mi ngi c th xut hin t do trong nhng v tr mi. Trong khi cc c tnh ny cung cp cho ngi s dng cc tin ch mi th nh cung cp dch v v nh qun tr h thng phi i mt vi nhng thch thc v an ninh cha c tin l. Lun vn ny s tm hiu ti v nhn thc thu bao v n lin quan n mi trng mng v tuyn. Theo ng cnh ny mt thu bao l ngi s dng: chng hn mt khch hng ca mt dch v in thoi t ong hoc mt ngi s dng mt dch v truy nhp Internet khng dy. Nhn thc thu bao l mt thnh phn then cht ca an ninh
thng tin trong bt k mi trng mng no, nhng khi ngi s dng l di ng th nhn thc m nhn cc thnh phn mi. Nhng nghin cu y tm hiu c ch nhn thc thu bao trong hai mi trng lin mng. u tin l mng t ong s h tr truyn thng bng cc my in thoi t ong. Mng ny ang tri qua mt cuc pht trin t cng ngh th h th hai sang th h th 3 v cc phng php trong nhn thc thu bao km theo cng ang thay i. Mi trng mng th hai l Giao thc Internet di ng (Mobile IP), mt giao thc c pht trin trong nhng nm 90 ca th k 20 cho php Internet h tr tnh ton di ng. iu quan trng l nhn ra rng hai mi trng ny c ngun gc khc nhau. Mi trng t ong s c trnh by trong nghin cu ny chng hn nh UMTS bt ngun t cc mng in thoi. V mt lch s nhim v chnh ca mng ny l h tr cc cuc hi thoi v phng php thit lp cc mch cung cp mt kt ni lin tc gia cc im u cui. Giao thc Internet di ng l mt s m rng ca kin trc lin mng Internet hin c trong tp trung vo vic h tr cho truyn thng gia cc my tnh v kiu lu lng l s liu hn l thoi. Trong th gii Internet, nhim v quan trng nht l nh tuyn v phn phi cc gi d liu hn l thit lp cc knh tm thi im-im. Ngoi nhng s khc nhau ny theo ngun gc mng t ong s v mi trng Internet trong Mobile IP hot ng chng ta cn gp phi s khc nhau trong cc phng php c thc hin i vi nhn thc v an ninh. Tuy nhin quan trng l hiu rng tt c cc cng ngh truyn thng c cng ngh h tr hi thoi ln cng ngh h tr truyn s liu ngy nay u s dng cng ngh s. V vy, ti cc tng di ca ngn xp giao thc truyn thng, chng s dng cc c ch tng t truyn v nhn thng tin. Hn na, khi truy nhp Internet khng dy pht trin quan trng khng ch i vi my tnh m cn i vi my in thoi t bo th thch thc m hai mi trng lin mng ny phi i mt trong lnh vc an ninh c khuynh hng hp nht. Trong tng lai, nu in thoi t bo ca ai tr thnh mt loi u cui truy nhp Internet chnh th mt kt qu c tnh kh thi lu di l s khc bit gia cng ngh truyn thng t ong v cng ngh ca Internet s khng cn r rng.
Ch quan tm thc s y l lnh vc my tnh, truyn thng v an ninh thng tin v n b nh hng bi lin mng v tuyn v tnh ton di ng. Tuy nhin l lnh vc khng l v phc tp. Nhn thc thu bao l mt ch hp hn v v vy thch hp hn cho phm vi ca lun vn ny. Tuy nhin, d nh ca lun vn ny l s dng nhng khm ph v nhn thc thu bao trong cc mng t ong s theo giao thc Mobile IP nh mt ng knh cho php chng ta nhn thc r rng hn khuynh hng rng hn trong an ninh cho cc mi trng lin mng v tuyn. Chng 1 gii thiu nhn thc v n lin quan n lnh vc ln hn ca my tnh, truyn thng v bo mt thng tin trong mng v tuyn v cung cp mt s c tnh c th ca mi trng mng v tuyn gy tr ngi cho ngi thit k h thng an ninh. Chng 2, trng tm chuyn n vic nghin cu t nhng nm 1990 khng nh rng tn ti phng php cho h thng mt m kho cng cng vi tim nng ln cho mi trng thng tin v tuyn. Chng 3, trng tm chuyn n s xem xt cc giao thc cho cc mng truyn thng t ong bng tn cao th h th 3 c gi l UMTS (Universal Mobile Telecommunications System). Chng 4 kho st nhn thc v n c xut cho ng dng trong min truy nhp Internet khng dy c gi l Mobile IP (Mobile Internet Protocol). Cui cng em xin gi li cm n chn thnh su sc n thy TS. Nguyn Phm Anh Dng, thy Nguyn Vit m v c Phm Th Thu Hin nhit tnh gip em hon thnh ti ny.
H Ni 2005 Nguyn L Trng
CHNG 1: NHN THC TRONG MI TRNG LIN MNG V TUYN

T in New International ca Webster, phin bn nm 1925 nh ngha nhn thc ngha l: Hnh ng v nhn thc hoc trng thi c nhn thc; trao cho quyn hoc th tn nhim bng cc th tc, xc nhn cn thit. ng t authenticate c nh ngha cht ch hn: (1) l a ra tnh xc thc, trao quyn bng cc bng chng, chng nhn hoc cc th tc c yu cu bng lut hoc cn thit dn tn cho th tn nhim ging nh vn bn c xc nhn bng cc con du. (2) l chng minh tnh xc thc; xc nh r tnh chn chnh, c thc hoc tnh chnh thng nh xc nhn mt bc chn dung. 75 nm qua theo ng cnh ca truyn thng v my tnh s, nhng nh ngha ny vn cn c gi tr.
1.1 Vai tr ca nhn thc trong kin trc an ninh

Trong th gii an ninh thng tin, nhn thc ngha l hnh ng hoc qu trnh chng minh rng mt c th hoc mt thc th l ai hoc chng l ci g. Theo Burrows, Abadi v Needham: Mc ch ca nhn thc c th c pht biu kh n gin nhng khng hnh thc v khng chnh xc. Sau khi nhn thc, hai thnh phn chnh (con ngi, my tnh, dch v) phi c trao quyn c tin rng chng ang lin lc vi nhau m khng phi l lin lc vi nhng k xm nhp. V vy, mt c s h tng IT hp nht mun nhn thc rng thc t ngi s dng h thng c s d liu ca cng ty l gim c ngun nhn lc trc khi cho php quyn truy nhp vo d liu nhn cng nhy cm (c l bng cc phng tin mt khu v th thng minh ca ngi dng). Hoc nh cung cp h thng thng tin t ong mun nhn thc my in thoi t ong ang truy nhp vo h thng v tuyn ca h thit lp rng cc my cm tay thuc v nhng ngi s dng c ti khon l mi nht v l cc my in thoi khng c thng bo l b nh cp.
1.2 V tr ca nhn thc trong cc dch v an ninh

Nhn thc l mt trong cc thnh phn thuc v mt tp hp cc dch v cu thnh nn mt phn h an ninh trong c s h tng thng tin hoc tnh ton hin i. Cc dch v
c th cu thnh nn tp hp y c th hi khc ph thuc vo mc ch, ni dung thng tin v mc quan trng ca h thng cha. William Stallings, trong quyn sch ca ng Cryptography and Network Security (Mt m v an ninh mng) cung cp cc dch v bo mt li c gi tr tham kho lu di t nhn thc trong ng cnh h thng chnh xc: Tnh tin cy (Confidentiality): m bo rng thng tin trong h thng my tnh v thng tin c truyn i ch c th truy nhp c c bi cc bn c thm quyn.[.] Nhn thc (Authentication): m bo rng khi ngun ca mt bn tin hoc vn bn in t c nhn dng chnh xc v m bo rng vic nhn dng l khng b li. Tnh ton vn (Integrity): m bo rng ch nhng bn c thm quyn mi c th sa i ti nguyn h thng my tnh v cc thng tin c truyn. [.] Khng thoi thc (Non-repudiation): Yu cu rng c bn nhn ln bn gi khng c t chi truyn dn. iu khin truy nhp (Access Control): Yu cu rng truy nhp ti ti nguyn thng tin c th c iu khin bi hoc cho h thng quan trng. Tnh sn sng (Availability): Yu cu rng ti nguyn h thng my tnh kh dng i vi cc bn c thm quyn khi cn thit. M t ca Stallings xut rng nhng chc nng bo mt h thng ny cho nhng ngi s dng h thng. Nh c ch ra bi ch thch Burrows, Abadi v Needham, quan trng hiu rng khi iu ny l chn thc th cc chc nng ny cng c th p dng cho cc thit b vt l (nhn thc mt my in thoi t ong) hoc p dng vi h thng my tnh (nhn thc mt server mng khng dy). Nhn thc trong cc mng hu tuyn thng thng thu ht cc cng trnh nghin cu v n lc thc hin trong sut hai thp k qua. Tr li nhng nm 1980, trong s cc giao thc nhn thc ni ting cho cc h thng my tnh phn tn l Kerberos (u tin c pht trin ti MIT nh l mt phn ca d n Athena), giao thc ci bt tay RPC (Remote Procedure Call) ca Andrew, giao thc kho cng cng ca Needham-Schroeder
v giao thc X.509 ca CCITT. Tho lun chi tit v cc giao thc nhn thc cho mi trng lin mng v tuyn l phm vi ca ti ny. i vi vic tho lun su sc v cc giao thc Kerberos, CCITT X.509 v cc kha cnh nhn thc tng qut ngi c xem ti liu ca Stallings. i vi vic phn tch hnh thc cc th tc tng ng, s m bo v s yu km ca ca bn giao thc va c cp trn th cc ti liu ca Burrows, Abai, Needham l hu dng.
1.3. Cc khi nim nn tng trong nhn thc

Trong khi lun vn ny trnh nhng tm hiu chi tit v nhn thc trong cc mng khng phi di ng thng thng v cc h thng phn tn th mt vi khi nim trong nhn thc l quan trng i vi vic tho lun trong cc chng tip theo. l:
1.3.1 Trung tm nhn thc (Authentication Center)

Trong cc giao thc lin quan n vic s dng cc kho b mt dnh cho nhn thc, cc kho b mt ny phi c lu tr bi nh cung cp dch v cng vi thng tin v c nhn ngi s dng hoc thu bao trong mt mi trng bo mt cao. Ni ring trong th gii in thoi t ong mt h thng nh th thng c gi l mt Trung tm nhn thc.
1.3.2 Nhn thc thu bao (Subscriber Authentication)

Nhiu cuc tho lun lin quan n nhn thc trong cc mng t ong s bao gm nhn thc thu bao. iu ny ni ti nhn thc ngi s dng dch v in thoi t ong v s xy ra mt cch in hnh khi mt ngi s dng th thit lp mt cuc gi, v vy s ng k mt yu cu vi trm gc mng cho vic cung cp dch v. Nn ch rng Nhn thc thu bao thng ni ti nhn thc t hp in thoi t ong v cc thng tin trn th thng minh ca t hp hn l i vi vic nhn thc ngi s dng thc s l con ngi (mc d vic nhn thc ny d nhin l mc tiu cui cng).
1.3.3 Nhn thc tng h (Mutual Authentication)

Hu ht cc giao thc nhn thc lin quan n hai thnh phn chnh (principals) v c th c cc bn th ba tin cy v d nh Certification Authority ph thuc vo giao thc. Trong nhn thc tng h, c hai principal c nhn thc ln nhau. Mt ch quan
trng l nhn thc khng cn phi tng h, c th ch l mt chiu. Chng hn khi tho lun nhn thc trong cc mng in thoi t ong th h th ba, chng ta s gp phi cc trng hp trong mng nhn thc my in thoi t ong ang tm s dng cc dch v ca n nhng trm gc ca mng khng c nhn thc ti my in thoi ny.
1.3.4 Giao thc yu cu/p ng (Challenge/Response Protocol)

Mt s cc giao thc c tm hiu trong lun vn ny s dng c ch Challenge/Response nh l c s cho nhn thc. Trong kch bn Challenge/Response, bn th nht (first principal) ang mun thc hin nhn thc trn principal th hai to ra mt s ngu nhin v gi n n principal th hai. Trong nhiu giao thc, s ngu nhin ny c truyn ngay lp tc ti Trung tm nhn thc. Principal th hai t hp s nhu nhin ny vi kho b mt ca n theo mt thut ton c tho thun chung. Chui bit kt qu cui cng c xc nh bi t hp Challenge ngu nhin vi kho b mt ca principal th hai ri truyn tr li principal th nht. Trong khi , Trung tm nhn thc -hoc cc pha th ba tin cy tng t - m c quyn truy nhp ti kho b mt ca cc principal, thc hin cng cc tnh ton v chuyn kt qu tr li principal th nht. Principal th nht so snh hai gi tr v nu chng bng nhau th nhn thc principal th hai. Ch rng c ch Challenge/Response khng yu cu principal th nht bit kho b mt ca principal th hai hoc ngc li.
1.3.5 To kho phin (Session Key Generation)

Mc d vic to mt kho phin khng cn thit l mt phn ca nhn thc thu bao theo ngha hp nht, thng n xy ra trong cng qu trnh v v vy s c tho lun trong cc chng sau. Mt kho phin l mt kho s c s dng trong qu trnh mt m cc bn tin c trao i trong mt phin thng tin n gia hai principal. V vy kho phin c phn bit vi kho cng cng hoc kho ring ca ngi s dng h thng, nhng kho in hnh c thi gian tn ti di hn. Cc h thng thng tin thng to ra kho phin vi cc thut ton chy song song vi thut ton thc hin giao thc Challenge/Response (xem trn) v vi nhng thut ton c cng u vo.
Khi nhng thut ng ny xut hin trong cc chng tip theo ca lun vn ny, chng mang ngha c nh ngha trn.
1.4 Mt m kho ring (Private-key) so vi kho cng cng (Publickey)

Khi nim nn tng khc c tho lun trong cc chng tip theo l s phn bit gia mt m kho cng cng v mt m kho ring. Ni chung, vi mt m kho ring (cng c gi l mt m kho i xng) hai bn ang mun trao i cc bn tin mt dng chung kho b mt secret key (thng l mt chui bit ngu nhin c di c tho thun trc). Nhng kho ny l i xng v chc nng theo ngha l principal A c th s dng kho b mt v mt thut ton mt m to ra vn bn mt m (mt bn tin c m ho) t vn bn thun tu (bn tin ban u). Da trn vic nhn bn tin c mt m ny, principal B tho g qu trnh ny bng cch s dng cng kho b mt cho u vo ca thut ton nhng ln ny thc hin ngc li theo mode gii mt m. Kt qu ca php ton ny l bn tin vn bn thun tu ban u (bn tin y nn c hiu theo ngha rng n c th khng phi l vn bn c c m l cc chui bit trong mt cuc hi thoi c m ho s hoc cc byte ca mt file hnh nh s). Nhng v d ph bin ca h thng mt m kho ring i xng gm DES (Data Encryption Standard: Chun mt m s liu). IDEA (International Data Encryption Algorithm: Thut ton mt m s liu quc t) v RC5. Vi cng ngh mt m kho cng cng, khng c kho b mt c dng chung. Mi principal mun c th trao i cc bn tin mt vi cc principal kia s hu kho b mt ring ca chng. Kho ny khng c chia s vi cc principal khc. Ngoi ra, mi principal lm cho public key tr nn cng cng (khng cn phi che giu kho ny - thc t, hot ng ca h thng mt m kho cng cng yu cu nhng principal khc c th d dng truy nhp thng tin ny). Mt m kho cng cng s dng thut ton mt m bt i xng. Ngha l khi principal A tm cch gi mt bn tin an ton ti principal B, A mt m bn tin vn bn thun tu bng cch s dng kho cng cng v bn tin ban u ca B l u vo cho thut ton. iu ny khng yu cu B c nhng hnh ng c bit trong
kho cng cng ca B lun kh dng cho A. Principal A sau truyn bn tin ti principal B. Thut ton mt m kho cng cng hot ng theo cch thc l bn tin c mt m vi kho cng cng ca B ch c th c gii mt m vi kho ring ca B. Khi B khng chia s kho ring ny vi ai th ch c B c th gii mt m bn tin ny. RSA (c t tn theo Ron Rivest, Adi Shamir v Len Adleman) c l l v d ni ting nht ca h thng mt m kho cng cng. Thm na, vic tm hiu chi tit cng ngh mt m kho ring v mt m kho cng cng l phm vi ca lun vn ny. Ngi c xem ti liu ca Stallings tho lun rng v su hn. Mt ti liu nm 1992 ca Beller, Chang v Yacobi cung cp s tho lun chi tit v vic phn bit gia h thng kho ring v kho cng cng trong trng hp c th mng di ng. Trong mng t ong th h th hai nh GSM (Global Systems Mobile), vic s dng cng ngh mt m kho ring tr nn ton cu. Mt s gi nh chung lin quan n cc cng ngh kho cng cng l chng i hi nhiu tnh ton n mc khng th a vo thc t trong mi trng lin mng v tuyn. Nh chng ta s thy trong chng 3, vic nghin cu c tin hnh trong u v gia nhng nm 1990 v cc thut ton mt m kho cng cng processor-light c ti u cho cc mng v tuyn t ra nghi vn cho s thng minh ny. Cuc tranh lun ang din ra v gi tr ca cc phng php kho cng cng v kho ring i vi nhn thc v an ninh l s kho cho vic nghin cu lin quan n hot ng ca mng v tuyn v s chnh n s ng vai tr quyt nh trong vic thit k pht trin cc h thng trong thp k ti.
1.5. Nhng thch thc ca mi trng lin mng v tuyn

Cc mng v tuyn m rng phm vi v mm do trong thng tin v tnh ton mt cch mnh m. Tuy nhin, mi trng lin mng v tuyn vn d l mi trng ng, km mnh m hn v b ng hn cho s xm nhp v gian ln so vi c s h tng mt t c nh. Nhng nhn t ny t ra nhng vn cho nhn thc v an ninh trong mi trng lin mng v tuyn. Chng t ra nhng thch thc m nhng ngi thit k h thng v kin trc an ninh phi vt qua.
Trong mt ti liu xut sc nm 1994 mang ta Nhng thch thc ca tnh ton di ng tng kt s khc nhau gia mi trng lin mng khng dy v c dy v nhng vn mng v tuyn t ra cho k s phn mm, George Forman v John Zahorjan phn bit nhng nhn t xut pht t ba yu cu thit yu: vic s dng lin mng v tuyn, kh nng thay i v tr v nhu cu v tnh di ng khng b gy tr ngi. Trong khi phn tch Forman v Zahorjan l rng H ang kho st nh hng ca mi trng lin mng v tuyn ln ton b phm vi ca k thut phn mm th vn c cu c th c s dng cho nhng u im ln trong vic xc nh tnh hung khi n gn c th vi an ninh v nhn thc. Kt lun ca tc gi vn rt c ch v c th ng dng c cho n ngy nay: Thng tin v tuyn mang n iu kin tr ngi mng, truy nhp n cc ngun ti nguyn xa thng khng n nh v i khi hin thi khng c sn. Tnh di ng gy ra tnh ng hn ca thng tin. Tnh di ng i hi cc ngun ti nguyn hu hn phi sn c x l mi trng tnh ton di ng. Tr ngi cho nhng ngi thit k tnh ton di ng l cch tng thch vi nhng thit k h thng hot ng tt cho h thng tnh ton truyn thng. Nn ch rng trong lnh vc an ninh, vic thit k hot ng tt cho tnh ton truyn thng chnh chng ang trong trng thi thay i lin tc cng thm vi bt nh b sung ti s cn bng ny. Trong phn cn li, ta s xc nh khi qut nhng tr ngi chnh ca mi trng lin mng v tuyn cho cc giao thc nhn thc v an ninh bng cch s dng ba phn c xut bi Forman v Zahojan.
1.5.1 Vng tr ngi 1: Cc on ni mng v tuyn

Theo nh ngha, cc mng v tuyn ph thuc vo cc on ni thng tin v tuyn, in hnh l s dng cc tn hiu sng v tuyn (radio) thc hin truyn dn thng tin t nht l qua mt phn ng k c s h tng ca chng. D nhin, sc mnh to ln ca cng ngh thng tin v tuyn l n c th h tr vic truyn thng ang din ra vi mt thit b di ng chng hn nh mt my in thoi t ong hoc mt my h tr s c nhn (PDA:
Personal Digital Assistant), ngha l thit b di ng. Tuy nhin v nhiu phng din, vic s dng cc on ni v tuyn trong mt mng t ra nhiu vn so vi mng ch s dng dy ng, cp si quang hoc t hp cc c s h tng c nh nh th. Bng tn thp: Tc ti mng v tuyn hot ng ang tng khi cng ngh c ci thin. Tuy nhin, ni chung cc on ni v tuyn h tr truyn s liu thp hn vi ln v ln so vi mng c nh. V d, mng in thoi t ong th h th hai c tho lun trong lun vn ny truyn d liu trn knh ti tc xp x 10Kbits/s. Tc ny s tng ln hn 350Kbits/s mt cht khi cp n cc mng t ong th h th ba. Hin thi, cc h thng LAN khng dy s dng chun 802.11b c th t tc ln ti 11Mbits/s. Tuy nhin nn ch rng tc ny l cho ton b mng, khng phi cho knh thng tin i vi mt my n l, v ch hot ng trong mt vng nh, v d nh mt tng ca mt to nh. Trong mng hu tuyn, Fast Ethernet, hot ng tc 100Mbits/s ang tr thnh mt chun trong cc mng cc to nh, trong khi cc knh ng trc Internet c ly di hot ng ti tc nhiu Gigabits/s. Suy hao s liu thng xuyn: So vi mng hu tuyn, d liu s thng xuyn b suy hao hoc sai hng khi truyn qua on ni v tuyn. Cc giao thc lin mng s dng cc c ch kim tra tnh ton vn s liu c th nhn dng nhng tnh hung ny v yu cu thng tin c truyn, m tc ng s l t hp hiu ng ca bng tn thp. Ngoi vic lm chm tc ti thng tin c truyn chnh xc, suy hao d liu c th tng tnh thay i ca thi gian c yu cu truyn mt cu trc d liu cho trc hoc kt thc chuyn giao. Tnh m ca sng khng gian: Cc mng hu tuyn d c to thnh t dy ng hay cp si quang u c th b r nhnh. Tuy nhin, iu ny c khuynh hng l mt th tc gy tr ngi v mt k thut v vic xm nhp c th thng xuyn c pht hin bng cc thit b gim st mng. Ngc li, khi mng v tuyn gi s liu qua kh quyn bng cch s dng cc tn hiu sng v tuyn (radio) th bt k ai c th nghe c thm ch ch bng cch s dng thit b khng t tin. Nhng s xm nhp nh th l tiu cc v kh pht hin. Trng hp ny t ra mt s e do c bn v an ninh cho mng v
tuyn. Nh chng ta s thy trong nhng chng sau, nhng ngi thit k h thng t ong th h th hai gii quyt nhng nguy c r rng nht c t ra khi con ngi n gin truyn d liu thoi hoc d liu nhy cm qua on ni v tuyn bng cch s dng k thut mt m. Tuy nhin, s phi by pht sinh l rng khp, v khng c gii quyt mt cch trit .
1.5.2 Vng tr ngi 2: Tnh di ng ca ngi s dng

Nh cp, tin b vt bc ca cng ngh lin mng v tuyn l ngi s dng c th di chuyn trong khi vn duy tr c lin lc vi mng. Tuy nhin, nhng c im ny ca lin mng v tuyn lm yu i v loi b mt vi phng on c bn m gip m bo an ninh trong mng hu tuyn. V d, cc mng hu tuyn in hnh trong vn phng, mt my tnh bn ca ngi s dng s lun c kt ni n cng cng trn cng Hub mng (hoc mt phn tng ng ca thit b kt ni mng). Hn na, tp hp cc my tnh, my in, v cc thit b mng khc c kt ni vi mng ti bt k im no theo thi gian c nh qun tr h thng bit v di s iu khin ca nh qun tr ny. Trong mi trng lin mng v tuyn, nhng phng on c bn ny khng cn c p dng. Ngi s dng khng phi l nh qun tr h thng xc nh cng (port) mng no v thm ch mng no h kt ni ti vi thit b di ng ca h. Tng t, mt tp cc thit b kt ni vi mng v tuyn ti bt k im no theo thi gian s ph thuc vo s di chuyn v hnh ng ca c nhn ngi s dng, v ngoi s iu khin ca ngi vn hnh mng. Ngt kt ni v ti kt ni: ngi s dng mng thng tin v tuyn thng xuyn c nguy c b ngt kt ni t ngt t mng. iu ny c th xy ra v nhiu l do: do ngi s dng di chuyn thit b di ng ngoi vng ph sng ca trm gc m chng ang lin lc vi n; do s di chuyn ca ngi s dng gy ra chng ngi vt l - v d nh mt to nh hoc mt ng hm giao thng gia thit b di ng v trm gc; hoc ch bi v tin cy thp ca on ni v tuyn. Cng vy, trong khi vn hnh mng thng tin t ong, v ngi s dng di chuyn t vng ph sng ca trm gc ny n vng khc nn
mng phi truyn s iu khin ca phin truyn thng vi mt hand-off (chuyn giao), gy tr v c th b ngt kt ni. Kt ni mng hn tp: Trong mng hu tuyn in hnh, mt my tnh c kt ni c nh vi cng mng nh. c tnh ca mng ny l s lng bit trc trong khi s thay i - tc l mt h thng nng cp cho file server hoc firewall c th c hoch nh v gim st mt cch cn thn. Tuy nhin, trong mng v tuyn, mt trm di ng v d nh mt my in thoi t ong hoc PDA l c chuyn vng thng xuyn gia cc mng host khc nhau. c tnh ca cc mng ny v cch m chng tng tc vi mng nh ca ngi s dng c th thay i ng k. C tr a ch: Trong mng hu tuyn thng thng, my tnh v cc thit b khc c kt ni vi cng mt mng v gn cng a ch mng (a ch IP trong th gii Internet) trong mt thi gian di. Nu thit b c di chuyn gia cc mng, nh qun tr mng co th cp nht a ch mng. Trong mi trng lin mng v tuyn, cc a ch mng - hoc t nht mng m chng lin quan - phi c qun l trong nhng nguy c v an ninh v phc tp nhiu hn nhiu. Thng tin ph thuc v tr: Tnh hung ni n thng tin v tr l song song vi tnh hung trong trng hp c tr a ch. Trong mng hu tuyn, v tr ca cc thit b tnh ton tng i tnh v c ngi qun tr bit trc. Trong mi trng v tuyn, v tr ca cc thit b truyn thng v tnh ton thay i thng xuyn. C s h tng lin mng v tuyn khng ch phi bm v tr li nhng s thay i v tr ny cung cp dch v cho ngi s dng m n cn phi cung cp s phn phi an ton bo v thng tin v tr. Trong mi trng v tuyn, bo v tnh bo mt ca ngi s dng d nhin gm: bo v ni dung bn tin v cuc hi thoi chng li s xm nhp, ngoi ra yu cu h thng gi tnh ring t v tr ngi s dng h thng.
1.5.3 Vng tr ngi 3: Tnh di ng ca thit b

khai thc tim nng ca mng v tuyn, ngi s dng yu cu cc thit b truyn thng v tnh ton c th mang c d dng. Mt c s h tng truyn thng v tnh ton di ng s khng c s dng rng ri nu con ngi phi mang my tnh
bn khai thc. V vy, cc sn phm in t thng dng ngy nay v d nh in thoi t ong, PDA, my tnh xch tay, camera s c ni mng v nhng thit b ging nh vy c thit k mang theo ngi khi di chuyn. Nh Forman v Zahorjan ni: Cc my tnh bn ngy nay khng c d nh mang theo bn ngi, v th vic thit k chng l t do v mt s dng khng gian, ngun ni cp v nhit. Ngc li, vic thit k, my tnh di ng cm tay nn c gng c c nhng tnh cht ca mt chic ng h eo tay: nh gn, nh, bn, chng thm v tui th ngun di. Mt s bao hm hin nhin lin quan n an ninh ca tnh di ng ca thit b l: bt k sn phm no c thit k mang theo v s dng khi di chuyn u d dng b nh cp. Khng ch l mt my in thoi t ong - mt mc tiu n gin ca bn trm m t quam im ca h thng, rng khng cn nghi ng g na thit b ang di chuyn t th trn ny n th trn khc mc d by gi n c th ang thuc quyn s hu ca mt ai khng phi ngi s hu. Nhn t di ng cng p t nhng gii hn khc ln ngi thit k cc sn phm tnh ton v truyn thng di ng v mt nhn thc v an ninh. Nhng iu ny bao gm: Tc b x l: Nng lc x l c cho bi cc mch tch hp IC c s dng trong cc thit b nh in thoi t ong v PDA ang tng theo thi gian nhng cha t n tc b x l ca my tnh bn hoc cc server mng. Thut ton mt m v nhn thc yu cu s tnh ton thm ch l rt ln. trong mt vi ng dng v an ninh trong mi trng v tuyn v d nh mt m v gii mt m mt cuc thoi c tin hnh thng qua my in thoi t ong th cc th tc an ninh phi thc thi gn nh thi gian thc. V vy, nng lc x l kh dng trn thit b di ng gii hn s la chn ca ngi thit k h thng an ninh cho mi trng v tuyn. Dung lng lu tr gii hn: V cc l do tng t, mt lng d liu c lu tr trong thit b tnh ton v truyn thng di ng nh hn dung lng lu tr d liu ca my tnh bn hoc server. Mc d t quan trng hn tc b x l nhng nhn t ny cng nh hng n s la chn c thc hin trong khi thit k h thng an ninh cho mng v tuyn.
S vn hnh cng sut nh: Cc sn phm in t di ng hot ng da vo pin. Bt k cng vic no c thc hin bi b x l trong my in thoi t ong hoc PDA tiu hao nng lng v v vy lm gim tui th ca ngun. Theo quan im ca ngi s dng sn phm, khi an ninh l c im quan trng th vic thc hin n c t ln hng u. V vy, thm ch c th thc thi thut ton nhn thc hoc an ninh tn nhiu cng vic x l theo quan im k thut, th s tiu tn nng lng ngun nui c l khng th chp nhn c. Nh c th thy t danh sch ny, nhng tr ngi m ngi thit k kin trc v h thng bo mt cho mng v tuyn phi i mt l rt ln lao, v chng khc nhau theo c loi hnh ln mc so vi trng hp trong mng hu tuyn thng thng. Thc t, nhng nhn t ny gii thch ti sao s quan tm v an ninh trong mi trng v tuyn khc vi s xem xt tng ng v mng hu tuyn. Mt khuynh hng ng quan tm l truy nhp Internet khng dy ang pht trin ngy cng rng khp, v nhiu mng nh v mng lin kt ang kt hp cht ch vi cc thnh phn v tuyn. V l do ny, cc nhn t c phc tho trong phn ny s c cp sau tng nh hng ln vic thit k h thng an ninh m khng d nh cho mi trng v tuyn thun tu.
CHNG 2: NHNG NG DNG TIM NNG CA CC PHNG PHP KHO CNG CNG TRONG MI TRNG LIN MNG V TUYN
Trong nhng nm 1980, khi cc giao thc bo mt cho GSM ang c pht trin, s ph bnh c ni n nhiu nht v mt m kha cng cng cng nh mng v tuyn lin quan l cc giao thc yu cu vic x l qu nhiu. Chng hn, RSA c c tnh l yu cu tnh ton gp 1000 ln so vi cng ngh mt m kha ring. Cho trc gii hn ca cc my in thoi t ong di dng c tc x l ln tui th ngun, ngi thit k mng t ong nhn thy iu ny phi tr mt gi qu cao.
2.1. Thut ton kha cng cng Light-Weight cho mng v tuyn
Bt u vo u nhng nm 1990, cc nh nghin cu tm ra cc thut ton lun phin yu cu phi thc hin t x l hn. Cc thut ton ny c th c p dng cho nhn thc v an ninh trong mi trng lin mng v tuyn. Trong s ny c k thut MSR (Module Square Root) v mt vi bin th ca ECC (Elliptic Curve Cryptography: Mt m ng cong). Nhng thut ton ny s c m t khi qut trong cc phn nh di y.
2.1.1 Thut ton MSR

Thut ton MSR c gii thiu bi M.O.Rabin nm 1979, v sau c nghin cu cho tim nng trong cc h thng thng tin c nhn bi Beller, Chang v Yacobi u nhng nm 1990. Ging nh hu ht cc thut ton mt m, phng php y l da trn s hc modul v ph thuc vo s phc tp ca vic phn tch ra tha s nhng s ln. Ni chung, MSR hot ng nh sau. Kha cng cng l mt modul, N, l tch ca hai s nguyn t ln, p v q (trong , khi thc hin trong thc t, p v q in hnh l nhng s nh phn c di t 75 n 100 bt). T hp p v q to thnh thnh phn kha ring ca thut ton. Nu Principal A mun chuyn bn tin tin cy M ti Principal B, u tin A tnh C M2 mod N, trong C l on vn bn mt m pht sinh v M2 l gi tr nh phn ca bn tin M c bnh phng. Ch rng y l php ton modul v th ly gi tr phn d modul N. Khi nhn c on vn bn m ha C, principal B, ngi bit p v q c th o ngc qu trnh ny bng cch ly ra modul cn bc 2 ca C lp ra M (ngha l M SQRT(C) mod N). i vi pha khng c quyn truy nhp n cc gi tr ca p v q, thc hin gii php b cn tr do s kh khn ca tha s N khng c thut ton phc tp a thc. Ngoi s tht rng n tr gip mt m kha ring/kha cng cng v ch truyn bn tin, MSR c mt u im ln th hai khi n c s dng cho mi trng v tuyn. Vic ti thut ton c s dng my in ton l bt i xng. Tnh modul bnh phng cn cho mt m yu cu t tnh ton hn nhiu (ch mt php nhn modul) so vi ly modul cn bc 2 tr li vn bn thng (iu ny yu cu php tnh s m). V vy, nu chc nng m ha c th c t trn trm di ng, v chc nng gii mt m trn trm gc, mt
cch l tng MSR p ng nhng hn ch c t ra bi my in thoi c b x l chm v d tr ngun gii hn.
2.1.2 Mt m ng cong elp (ECC: Elliptic Curve Cryptography)

Trong nhng nm gn y, ECC cng ni ln nh mt k thut mt m tim nng cho cc ng dng trong cc mng v tuyn. Trng tm t vo vic ti thiu cc yu cu cho ti nguyn b x l dnh cho mt m trong trm di ng, sc mnh ca mt m cho mi bt kha tr thnh mt phm cht quan trng. Ni chung ngi ta chp nhn rng mt m vi ECC s dng cc kha 160 bt a ra xp x cng mc bo mt nh RSA c kha 1024 bt v t nht mt nghin cu ch ra rng ECC thm ch c kha 139 bt cng cung cp c mc bo mt ny. Koduri, Mahajan, Montague, v Moseley xut mt phng php nhn thc t hp cc mt khu c nhn ngn vi mt m da trn ECC. Cc tc gi s dng hai bin th ca phng php ECC c bn, EC-EKE (Elliptic Curve Encrypted Key Exchange: Trao i kha mt m ng cong elp) v SPECKE (Simple Password Elliptic Curve Key Exchange: Trao i kha ng cong mt khu n gin). C hai bin th u yu cu cc Principal ang lin lc tho thun mt password, nh ngha ton hc ca mt ng cong elip c th, v mt im trn ng cong ny, trc khi thit lp mt phin truyn thng (mc d khng c nghin cu trong ti liu ny, mt trung tm nhn thc c th cung cp cc thng tin cn thit cho cc Principal nh mt s trao i nhn thc). Khi thc hin th mt th tc nhn thc cho cc mi trng v tuyn s dng ECDSA (Elliptic Curve Digital Signature Algorithm: Thut ton ch k s ng cong elp), Aydos, Yanik v Koc s dng cc my RISC 80MHz ARM7TDMI nh l b x l mc tiu (ARM7TDMI c s dng trong cc ng dng s trong cc sn phm di ng c thit k lin lc thng qua mng v tuyn). Bng cch s dng kha ECC di 160 bit, vic to ch k ECDSA yu cu 46,4 ms, i vi 92,4 ms cho s xc minh ch k. Vi mt di kha 256 bt phi mt ti 153,5 ms cho vic to ch k v 313,4 ms cho vic xc minh. Cc tc gi kt lun rng cch tip cn ECDSA da trn ECC ti vic xc minh thu bao l mt s la chn thc t cho mi trng v tuyn.
2.2. Beller, Chang v Yacobi: Mt m kha cng cng gp phi vn kh khn

Trong mt bi vit nm 1993 ca IEEE Journal on Selected Areas in Communications, Beller, Chang v Yacobi nh ngha cc cch tip cn cho nhn thc v mt m d liu trong cc ng dng mng v tuyn da trn mt m kha cng cng. Phng php u tin c gi l Gii php kha cng cng MSR ti thiu s dng phng php MSR v chnh quyn trung ng tin cy lu gi mt modulus N v cc tha s cu thnh p v q. Khi cc thu bao bt u cc hp ng dch v ca chng, mt chng nhn b mt c a vo trong t hp in thoi m t hp ny cng s dng modul N. Gii php kha cng cng MSN ti thiu c s yu km rng ngi mo nhn cng trm gc nu thnh cng sau c th mo nhn ngi s dng. Giao thc th hai trong ba giao thc ny, giao thc MSR ci tin (IMSR) gii quyt im yu km ny bng cch thm vic nhn thc mng ti trm di ng. Cui cng, giao thc th 3 Giao thc MSR+DH b sung s trao i kha Diffie-Hellman vo phng php Modul cn bc 2 c s. Cc mc nh di y khm ph giao thc MSR ci tin chi tit hn. Mt s ch sau c cung cp v cch m giao thc MSR+DH b sung vo kh nng ca IMSR, cng vi mt li ch thch v s quan trng ca giao thc ca Beller, Chang, v Yacobi.
2.2.1 Cc phn t d liu trong giao thc MSN ci tin

Trong giao thc IMSR, c Trm gc mng phc v (SNBS: Serving Network Base Station) ln Chnh quyn chng nhn (CA: Certification Authority) gi cc kha cng cng c m t khi tho lun v MSR, biu din tch ca hai s nguyn t ln p v q, ci m to thnh cc kha ring. Mi trm gc mng gi mt chng ch, nhn c t Chnh quyn chng nhn, p dng hm bm h cho ID mng ca trm gc mng v cho kha cng cng ca n. Beller, Chang v Yacobi s dng thut ng Thit b iu khin v tuyn (RCE: Radio Control Equipment) xc nh thc th chc nng iu khin cc cng truyn thng trn mng v tuyn. V chng ta s dng trm gc xc nh chc nng ny trong cc chng khc ca lun vn nn nht qun vn thut ng ny s c s
dng y. (Thut ng ca Beller, Chang v Yacobi cng c sa i trong mt vi chi tit gi nht qun). Cc phn t v chc nng d liu then cht trong giao thc IMSR bao gm:
1. IDBS (Base Station Identifier): B nhn dng duy nht ca trm gc mng v tuyn
(trong ng cnh ny l mt trm gc trong mng phc v hoc mng khch).
2. IDMS (Mobile Station Identifier): B nhn dng duy nht trm di ng. iu ny
tng ng vi IMSI (International Mobile Subscriber Identity : Nhn dng thu bao di ng quc t) trong giao thc nhn thc GSM.
3. NBS (Public Key of Base Station): NBS, kha cng cng ca trm gc l tch ca 2 s
nguyn t ln, pBS v qBS, ch trm gc ca mng v Chnh quyn chng nhn (CA) bit.
4. NCA (Public Key of CA): NCA, kha cng cng ca CA tng t l tch ca 2 s
nguyn t ln, pCA v qCA, ch CA c bit.
5. Ks (Session Key): Mt kha phin cho mt m d liu n sau trong phin truyn
thng, c m phn trong giao thc nhn thc.
6. RANDX (Random Number): Mt s ngu nhin c chn bi trm di ng trong

khi xc nh Ks.
7. h (Hash Function): h l hm bm mt chiu, tt c cc Principal u bit, hm ny

gim cc i s u vo ti c ca cc modulus (ngha l cng di nh NBS v NCA).
8. Trm gc kim tra tnh hp l ca chng nhn bng cch bnh phng gi tr chng
nhn modul NCA, v so snh n vi gi tr ca h (IDBS, NBS) (c tnh ton mt cch c lp). Nu cc gi tr trng khp vi nhau th trm di ng thng qua, nu khc n hy b phin truyn thng.
9. Trm di ng chn mt s ngu nhin c gi l RANDX c chc nng nh kha

phin Ks. Trm di ng sau tnh mt gi tr gi l a, trong a RANDX2 mod NBS. Trm di ng sau s gi a n trm gc.
10. Server mng tnh gi tr RANDX (trong thc t y l kha phin Ks) bng cch tnh
RANDX sqrt(a) mod NBS. Ch rng k nghe trm khng th thc hin c tnh ton ny bi v k nghe trm khng truy cp c cc tha s p v q ca trm gc. C trm gc ln trm di ng by gi dng chung kha phin Ks.
11. By gi trm di ng s dng kha phin Ks, hm f, v mt chui m tnh ra mt gi

tr gi l b, trong b f(Ks, m). Chui m trn mc ni IDMS v CertMS vi nhau. Trm di ng truyn b ti trm gc mng.
12. Trm di ng s dng s hiu bit ca n v kha phin Ks gii mt m b v ly ra

m. T chui m, trm gc ly ra chng nhn cho trm di ng CertMS, v tnh CertMS2 mod NCA. Gi tr ny c so snh vi g(IDMS) mod NCA. Nu kt qu trng nhau, th trm di ng trong thc t l ng v kho phin c xc nhn. Hot ng ca giao thc IMSR c m t theo s trong hnh 2.1. Ch rng, trong khi hnh v ch m t giao tip gia trm di ng v trm gc mng, th quyn xc nhn cng l mt phn quan trng ca c s h tng. Tuy nhin vi giao thc IMSR cho trc, th CA c yu cu khi trm gc c thit lp v khi thu bao ng k dch v tr thi im phin ring. iu ny c u im gim yu cu cho truyn thng khong cch xa t cc mng phc v n mng nh trong khi thit lp mt phin truyn thng.
Trm di ng
Trm gc mng phc v
Yu cu m phin
Tnh Cert BS = SQRT(h(ID BS, NBS)) mod N CA [IDBS, N BS, Cert BS]
Kim tra xem h(IDBS, NBS) = CertBS2 mod N C A
Ch : NBS v NCA tng ng l cc kho cng cng ca trm gc mng v CA. [a] Tnh RANDX = SQRT(a) mod NBS; Thit lp kho phin Ks = RANDX
Chn RANDX; Tnh a = RANDX2 mod NBS; Thit lp kho phin Ks = RANDX
[b] Thit lp m = (IDM S, CertM S); Tnh b = f(Ks, m)
Ly ra CK(i) v IK(i)
Ch : h l mt hm bm ; g l hm mt chiu. C hai hm to ra cc gi tr vi di bt bng vi kho cng cng .
Tnh m = f1(Ks, b); Ly ra Cert BS t m ; Kim tra xem Cert BS2 mod N CA = g(IDM S) mod NC A
Hnh 2.1: Biu minh ho hot ng ca thut ton IMSR
2.2.2 Giao MSR+DH

Beller, Chang v Yacobi thng bo mt s yu km quan trng trong giao thc IMSR. Trm gc mng c cung cp vi cc thng tin b mt v trm di ng m trm gc chng minh l khng tin cy, v vy trong tng lai n c th ng vai tr trm gc v nhn cc dch v mt cch gian ln. Gii php m cc nh nghin cu t ra cho vn ny l b xung kho chuyn i Diffie-Hellman vo giao thc IMSR. Vi s tng cng ny, s tip xc b hn ch i vi nhng thnh vin ni b m bit c cc gi tr p v q cho CA.
2.2.3 Beller, Chang v Yacobi: Phn tch hiu nng

Mt phn quan trng c xut bi Beller, Chang v Yacobi v kh nng pht trin ca giao thc kho cng cng v d nh nhng giao thc h xut trong ti liu nm 1993 l phn tch hiu nng. Nh ch trc y, tt c ba giao thc l bt i xng
theo yu cu tnh ton. V pha server, cc giao thc ny yu cu ly ra modul cn bc 2 mt qu trnh i hi nhiu tnh ton thm ch ngay c khi cc tha s nguyn t p v q c sn. Tuy nhin vi cc server mt m chuyn dng trong trm gc mng, tc gi bin lun rng iu ny l kh dng thm ch bng cch s dng phn cng nm 1993. Ngc li, gnh nng tnh ton b p t bi IMSR trn my cm tay l nh. Ch cn n hai php nhn modul. Mc tnh ton ny c th qun l mt cch d dng ngay c vi b vi x l 8 bt. Khi b xung kho chuyn i Diffie-Hellman vo th vi giao thc MSR+DH, khi lng tnh ton tng ln ti 212 php nhn modul trong giao thc nhn thc, thc hin cc modul 512 bt. iu ny l khng thc t i vi cc my cm tay ch c trang b mt b vi iu khin. Tuy nhin tc gi bin lun rng, vi cc chun phn cng nm 1993 th c th trin khai c cho my cm tay c trang b mt DSP (Digital Subscriber Processor: B x l tn hiu s) v sn sng c th thc hin trong nm 2001.
2.3 Carlsen: Public-light Thut ton Beller, Chang v Yacobi c duyt li

Trong mt ti liu nm 1999 xut hin trong Operating System Review, Ulf Carlsen nh gi v ph bnh phng php kho cng cng c xut bi Beller, Chang v Yacobi (BCY) c m t trong phn trc. Carlsen ng vi BCY rng giao thc MSR n gin d b tn cng ni bn trm gi mo l trm gc hp php to ra 2 s nguyn t p v q ring ca n, v chuyn tch N ti trm di ng nh th n l kho cng cng thc. Theo Carlsen, nhng chng nhn giao thc IMSR cng c s yu km trong chng khng cha cc d liu lin quan n thi gian v d nh d liu ht hn. iu ny ngha l IMSR d b tn cng pht li trong chng nhn c c s dng li bi bn tn cng sau khi kho phin tng ng c tit l. Gii php tim nng gii quyt vn ny l gm vic thm tem thi gian vo chng nhn IMSR, lm cho CA hot ng online nh mt thnh phn tham gia tch cc trong giao thc, hoc to v phn phi quyn thu hi giy php.
Carlsen xut hai giao thc tng cng cho cc giao thc c a ra bi BCY nhm tng cng vic m bo an ninh trong khi vn gi c mt vi u im ca phng php kho cng cng.
Giao thc tr li kho b mt (Secret Key Responder Protocol): Giao thc ny gii thiu li mt kho b mt c x l bi trm di ng cng nh server tin cy (trusted server) m ring bit vi trm di ng v trm gc mng. Trusted server bit kho ring ca trm di ng v v vy c th gii mt m mt nonce c mt m bi trm di ng vi kho ring ca trm di ng. Nonce c s dng m bo ng thi hn trao i bn tin nhn thc; trong khi s c mt ca trusted server trong hnh nh cho php trm di ng khi to phin truyn thng m khng phi qung b nhn dng ring ca n mt cch r rng.
Giao thc an ninh u cui-n-u cui (End to End Security Protocol): Carlsen ch ra rng nhiu s bo mt cho mng v tuyn m nhn an ninh ca mng v tuyn. Tuy nhin, iu ny l gi thuyt ti u thi qu: Ngi s dng ngh rng di dng an ninh di ng v t tin tng vo hiu qu ca vic o c an ton c iu khin bi ngi vn hnh. V vy yu cu ca ngi s dng l cc dch v bo mt end -to- end (cc thnh phn mng c iu khin bi ngi vn hnh khng th can thip n) nn c cung cp. Mt kha cnh th v ca Giao thc bo mt u cui n u cui l, trc khi kho phin c to ra v c trao i th giao thc yu cu hai ngi nghe nhn thc ID ca nhau bng cch nhn ra ging ni ca nhau v xc nhn n (Giao thc v vy khng hu dng khi tng tc vi nhng ngi nghe m ngi s dng khng quen bit). Ni chung, Carlsen t lc quan hn Beller, Chang v Yacobi rng phng php kho
cng cng c th thc hin mt mc hiu nng cho php chng c th linh ng s dng trong cc h thng mng v tuyn thc. Do hiu nng v thi gian hn ch, cng ngh kho cng cng hin thi khng thch hp cho vic cung cp tin cy nhn dng ch trong giao thc responder. Ngoi ra chng ta thy rng u im ca cng ngh kho cng cng gim khi server online v c th l
trusted server c yu cu. iu ny t ti u hn cho vic s dng cng ngh kho cng cng nh mt gii php chung cho nhn thc v tnh ring t trong cc giao thc PCS (Personal Communications Services: Cc dch v thng tin c nhn) khi tin cy nhn dng ch c yu cu. Vn ny hin ra r rng c bit trong cc vng th, ni m s cc my di ng c t ng thi ti mt cng v tuyn c th c th ln n hng trm.
2.4. Aziz v Diffie: Mt phng php kho cng cng h tr nhiu thut ton mt m
Trong mt bi vit nm 1994 trong IEEE Personal Communications, Ashar Aziz v Witfield Diffie cng xut mt giao thc cho cc mng v tuyn s dng giao thc kho cng cng cho nhn thc v to kho phin, v mt phng php kho ring cho mt m d liu trong mt phin truyn thng. Ging nh xut ca Beller, Chang v Yacobi c m t trn, phng php ca Aziz v Diffie s dng chng nhn s v CA. Mt c tnh ring bit ca phng php Aziz-Diffie l n cung cp s h tr r rng cho trm di ng v trm gc mng m phn thut ton mt m kho ring no s c s dng thc hin tnh tin cy d liu.
2.4.1 Cc phn t d liu trong giao thc Aziz-Diffie

Cc phn t d liu quan trng trong giao thc nhn thc c xut bi Aziz v Diffie gm:
1. RCH1 (Random Chanllenge): RCH1 l mt gi tr yu cu ngu nhin c to
bi trm di ng trong pha khi to ca giao thc nhn thc. Aziz v Diffie xut di 128 bt.
2. CertMS (Certificate of the Mobile Station): Certificate ca trm gc cha cc phn
t d liu di y: S Sri (Serial number), thi gian hiu lc, tn my, kho cng cng ca my v tn CA. Ni dung v nh dng Cert tun theo CCITT X.509. Cert c k vi bn tin digest c to vi kho ring ca CA. Nhn dng cha trong CA ny trong Cert cho php Principal khc m bo an ton kho cng cng CA.
3. CertBS (Certificate of Base Station): CertBS c cng cc phn t v cu trc nh
ca trm di ng.
4. KUMS (Public Key): Kho cng cng ca trm di ng. 5. KUBS (Public Key): Kho cng cng ca trm gc. 6. RAND1; RAND2 (Random Numbers): RAND1, c to bi trm gc v
RAND2, m trm di ng to ra c s dng trong vic to kho phin.

7. Ks (Session Key): Kho phin c to thng qua vic s dng c RAND1 ln
RAND2.
8. SKCS (List of Encription Protocols): SKCS cung cp mt danh sch cc giao
thc mt m d liu kho ring m trm di ng c th s dng cho vic mt m d liu c truyn dn trong mt phin truyn thng.
9. Sig (Digital Signatures): Nhng ch k s di giao thc Aziz-Diffie, c to ra
bng cch s dng kho ring ca ng k principal, v c p dng bng cch p dng kho cng cng ca ngi k.
2.4.2 Hot ng ca giao thc Aziz-Diffie

Chui trao i bn tin gia trm di ng v trm gc mng trong giao thc AzizDiffie bao gm:
1. Trm di ng gi bn tin request-to-join (yu cu tham gia) ti mt trm gc
mng trong vng ln cn ca n. Bn tin request to join cha ba phn t chnh: s c to ngu nhin ng vai tr nh mt yu cu (challenge), RCH1; chng nhn trm di ng, CertMS; v mt danh sch cc thut ton mt m d liu kho ring m trm di ng c th h tr, SKCS. 2. Trm di ng xc nhn gi tr ca ch k trn chng nhn ca trm di ng. Ch rng iu ny chng nhn rng chnh chng nhn cng l iu xc nhn c gi tr m khng phi l chng nhn nhn c t trm di ng cng trm di ng m
chng nhn pht hnh ti. Nu chng nhn khng c gi tr th trm gc kt thc phin; nu khc n tip tc.
3. Trm gc tr li trm di ng bng cch gi chng nhn ca n, CertBS; mt s ngu
nhin, RAND1, mt m bng cch s dng kho cng cng ca trm di ng; v la chn thut ton mt m kho ring t cc thut ton c gii thiu bi trm di ng. Trm gc chn t s giao nhau ca tp cc thut ton c gii thiu bi trm di ng v tp cc thut ton m trm gc h tr thut ton m n xem l a ra bo mt cao. di kho c m phn n di ti thiu m trm di ng c kh nng x l v trm gc h tr. Trm gc tnh ton mt ch k bn tin bng cch s dng kho ring trn mt tp cc gi tr m cha gi tr mt m RAND1, thut ton mt m d liu c chn, challenge RCH1 ban u nhn c t trm di ng v danh sch ban u cc thut ton mt m ng c.
4. Trm di ng xc nhn tnh cht hp l ca chng nhn n nhn c t trm
gc. Trm di ng cng xc nhn ch k trm gc bng cch gii mt m tp cc gi tr n nhn c trong bn tin k, bng cch s dng kho cng cng ca trm gc. Nu gi tr RCH1 v gi tr cc thut ton mt m ng c nhn c t trm gc ph hp vi nhng gi tr ny c truyn ban u bi trm di ng th nhn dng trm gc c xc nhn. Nu khc trm di ng kt thc phin truyn thng. 5. Trm di ng ly ra gi tr RAND1 bng gii mt m s dng kho ring ca n.
6. Trm di ng by gi to ra mt gi tr ngu nhin th hai, RAND2 c cng di
bt nh RAND1 v lm php ton logic XOR hai chui. Chui to ra bi RAND1RAND2 s cu thnh mt kho phin cho phin truyn thng ny. Trm di ng mt m gi tr RAND2 theo kho cng cng ca trm gc. 7. Trm di ng gi gi tr mt m RAND2 ti trm gc. N cng tnh ton ch k ca n trn mt tp cc gi tr cha gi tr mt m RAND2, v gi tr mt m RAND1 m n nhn c trc y t trm gc. (Bi v gi tr mt m RAND1 ny by gi c k vi kho ring ca trm di ng nn trm gc c mt c ch
xc nhn vic nhn thc trm di ng). Trm di ng gi cc phn t d liu ny ti trm gc. 8. Trm gc xc nhn ch k trn bn tin va nhn c t trm di ng bng cch s dng kho cng cng trm di ng. Nu ch k c xc nhn, trm gc chp nhn trm di ng nh mt thu bao hp l.
9. Trm gc gii mt m gi tr RAND2 bng cch s dng kho ring ca n. Trm
gc by gi c th to ra RAND1RAND2, n cng nm gi kho phin. (Ch rng m bo an ton kho phin RAND1RAND2, mt k xm nhp cn truy nhp vo kho ring ca c trm gc ln trm di ng t c kh nng hn l mt trong hai b xm nhp). ng ch rng ch k s c thm vo bn tin c gi bi trm gc trong bc 3 trn c ba vai tr khc nhau sau y: (1) nhn thc bn tin, (2) cung cp s tr li yu cu (Challenge) ti bn tin u tin ca trm di ng, v (3) nhn thc bn tin u tin nhn c thng qua vic cha danh sch ban u cc thut ton ng c. Cng ch rng, trong khi CA khng lin quan trc tip n chui giao thc nhn thc th CA k cc xc nhn c trm gc ln trm di ng trong mt bc u tin. vch ra s trao i bn tin trong giao thc Aziz-Diffie, hy xem hnh 2.2. Aziz v Diffie nhn mnh tnh hung ni m khng ch c mt CA m c nhiu CA c yu cu trong mt mng hot ng rng tun theo c t CCITT X.509. Trong trng hp ny, bn tin th 2, c gi trm gc ti trm di ng, s bao gm khng ch chng nhn trm gc m cn cha ng dn chng nhn m s cho php chng nhn c cng nhn hp l trong mt phn cp cc CA.
Trm di ng Bn tin Request-to-Join [RCH1, CertMS, SKCS]
Trm gc mng phc v
Ch : SKCS l mt danh sch cc thut ton mt m d liu ng c .
[CertBS, RAND1, RCH1, SKCS c chn]
Xc nhn tnh hp l ca Cert MS
Xc nhn tnh hp l ca Cert BS; Xc nhn ch k ca BS
Ch : Trong bn tin trn, RAND1 c mt m vi kho cng cng ca MS , Mt chui cha Enc(RAND1), SKCS c chn, RCH1, v SKCS c k vi kho ring ca trm gc .
To RAND2; Thit lp kho phin Ks = RAND1 XOR RAND2
RAND2 Xc nh tnh hp l ch k ca MS
Ch : Trong bn tin trn, RAND2 c mt m vi kho cng cng ca BS. Mt chui cha Enc (RAND2), Enc(RAND1) c k vi kho ring ca trm di dng .
Gii mt m RAND2; Thit lp kho phin Ks = RAND1 XOR RAND2
Hnh 2.2: S minh ho chui trao i bn tin trong giao thc Aziz-Diffie.
2.5 Bnh lun v nh gi giao thc Aziz-Diffie

Ngc vi kin trc cc giao thc th h hai, Aziz v Diffie nhn mnh giao thc h tr nhn thc tng h. Cc chng nhn s v mt CA ng mt vai tr quan trng trong phng php lai kho ring v kho cng cng. Giao thc ny ch bo v on ni v tuyn chnh xc nhng Aziz v Diffie mun cho php c ch bo mt end-to-end hot ng mc ng dng v mc truyn ti trong khi giao thc ca h hot ng tng mng. Mt kha cnh quan trng phn bit giao thc ny vi cc giao thc khc c m t trong chng ny l Aziz-Diffie to ra mt c ch r rng cho php trm di ng v trm gc mng m phn v chn trong s cc giao thc mt m d liu ng c.
2.6 Tng kt mt m kho cng cng trong mng v tuyn

T quan im ca nhng ngi thit k v vn hnh mng thng tin t ong, cc cng trnh c m t trong chng ny r rng l vt thi i. Cc phng php kho cng cng c tn thnh bi BCY, Carlsen v Aziz v Diffie gn y ni ln, trong khi
kinh nghim nhn c t chng trong lnh vc Internet th chng cha c chng minh trong mi trng mng t ong thng mi din rng. Bng cch tp trung vo cc phng php tnh ton va phi nh MSR v mt m ng cong elp, vic nghin cu y tm kim mi quan tm lin quan ti hiu nng v kh nng m rng. T u n gia nhng nm 1990, s tri rng vn l qu ln cho cc nh vn hnh mng. Tuy nhin khi th gii mng, thm ch i vi cc lu lng thoi hng ti c ch da trn IP v khi Internet tr thnh mt m hnh ni bt cho tt c cc loi truyn thng d liu th s vic ny s thay i.
Chng 3: Nhn thc v an ninh trong UMTS
CHNG 3: NHN THC V AN NINH TRONG UMTS 3.1 Gii thiu UMTS
H thng vin thng di ng ton cu (UMTS) l mt c cu t chc c phi hp bi Lin minh vin thng quc t (ITU) h tr cc dch v thng tin v tuyn th h ba. UMTS l mt phn ca mt c cu t chc ln hn l IMT-2000. Vai tr chnh ca c UMTS v IMT-2000 l to ra mt nn tng cho thng tin di ng khuyn khch vic gii thiu phn phi ni dung s v cc dch v truy nhp thng tin m b xung cho thng tin thoi thng thng trong mi trng v tuyn. Thc hin mc tiu ny r rng i hi bng tn rng hn 10Kbit/s sn c trong hu ht h thng th h th hai, v th UMTS s h tr tc truyn s liu ln ti 2 Mbits/s. Ph cho lu lng UMTS, cng nh vic thc hin IMT-2000 trn th gii ri vo khong gia 1870GHz v 2030GHz. Giy php u tin cho h thng UMTS c thc hin Chu u. Ti Nht Bn, cc k hoch yu cu vic trin khai sm IMT-2000 bng tn cao tng thch vi cc dch v t ong bt u t thng 5-2001. Trn ton th gii, vic trin khai c s h tng UMTS s tip tc gia nm 2001 n 2005 vi nhit tnh ban u c th b kim ch bi thc t th trng - nhng h thng ny t i vi cc nh cung cp dch v, v i hi mt s lng ln cc thu bao to ra li nhun. Mt bo co gn y c pht hnh bi UMTS Forum a ra mt vi u im v th h ba: Th h 3 mang n nhiu tnh di ng hn ti Internet, xy dng trn c tnh di ng duy nht nhm cung cp nhn tin nhm, cc dch v da trn v tr, cc thng tin c nhn ho v gii tr. Nhiu dch v th h ba mi s khng da trn Internet, chng thc s l cc dch v di ng thun tu. Vo nm 2005, nhiu d liu hn thoi s chy qua mng di ng. Theo quan in ny v tim nng ca cc dch v thng tin v tuyn th h th ba, cc thu bao s khng ch thng tin vi nhau qua mng. H s ti cc ni dung giu tnh ho v tn hng cc tr chi trong khi ang di chuyn. H s trao i cc vn bn qua u cui v tuyn ca h. V h s tin hnh mt phm vi rng cc giao dch thng mi in t t bt k ni no h xut hin. Mc d chi tit v cch cc nh cung cp dch v s b
xung vo tm nhn ny thng qua vic thc hin h thng thc cha c xc nh, mt iu r rng l - mt mc bo mt thng tin v nhn thc thu bao cao s l cp bch v bt buc. Nhiu cng trnh gn y trong vic nh ngha kin trc an ninh cho UMTS c tin hnh trong mt s cc d n nghin cu c ti tr bi Lin minh Chu u v cc chng trnh quc gia Chu u. Nhng d n ny bao gm ASPeCT (Advanced Security for Personal Communications TechnologyACTS program), MONET (part of RACE Program) v 3GS3 (Third Generation Mobile Telecommunications System Security Studies: Nghin cu an ninh h thng vin thng di ng th h ba) (theo chng trnh UK LINK). Mt d n gn y hn, USECA (UMTS Security Architecture: Kin trc an ninh UMTS) c ch o bi cc nh nghin cu ti Vodafone ang nh ngha mt tp y cc giao thc an ninh v cc th tc cho mi trng UMTS. Phm vi ca d n l rng, bao gm cc nghin cu su mim con: cc c im v yu cu bo mt, cc c ch bo mt, kin trc bo mt, c s h tng kho cng cng, modul thng tin thu bao (USIM), v bo mt u cui (handset). Cc kin trc quan trng khc trong s pht trin ca cc giao thc an ninh v nhn thc UMTS c gi l 3GPP (Third-Generation Partnership Project: D n hp tc th h ba), mt d n quc t bao gm nhng thnh vin t Bc M v Chu .
3.2. Nguyn l ca an ninh UMTS

Cc mng t ong th h hai c d nh m ra mt k nguyn mi thng tin v tuyn bng rng, thc y ph cc dch v thng tin v gii tr khng kh thi vi cng ngh th h hai hin thi. Tuy nhin t s khi u ngi thit k kin trc an ninh cho UMTS c gng xy dng trn kin trc sn c v hot ng mt cch hiu qu, c bit l trong c s h tng GSM. Mt phn iu ny l bi v n c ngha xy dng trn cng ngh c chng minh; mt phn n pht sinh t thc t khng th chi ci rng trong nhiu nm UMTS s phi cng tn ti v cng hot ng vi mng t ong th h hai.
3.2.1 Nguyn l c bn ca an ninh UMTS th h 3

Rt sm cc nhm lm vic chu trch nhim v vic pht trin kin trc an ninh v cc giao thc cho mi trng UMTS thng qua ba nguyn l c bn:
(1) Kin trc an ninh UMTS s xy dng trn cc c im an ninh ca cc h thng
th h th hai. Cc c im mnh m ca cc h thng 2G s c duy tr.

(2) An ninh UMTS s ci thin trn an ninh ca cc h thng th h hai. Mt vi l
hng an ninh v nhc im ca cc h thng 2G s c gii quyt.

(3) An ninh UMTS cng s a ra nhiu c im mi v cc dch v bo mt mi
khng c mt trong cc h thng 2G. Khi nim ny to ra mt iu g tt hn GSM nhng khng phi l mt iu g hon ton khc. S i mi trong UMTS nn c iu khin khng ch bi tim nng k thut thun tu m cn bi nhng yu cu v mi trng quan trng v tp cc dch v tham gia cho cc mng v tuyn th h ba. Theo ng cnh ny, vo gia nm 1999 3GPP nh ngha mt tp cc c im an ninh mi hu dng cho UMTS, v cho cc h thng th h ba ni chung. Cc c im an ninh mi cu thnh vic m t v cc c tnh then cht ca mi trng th h ba. Nhng im then cht nh sau: (1) S c nhng nh cung cp dch v mi v khc nhau ngoi cc nh cung cp cc dch v vin thng v tuyn. S bao gm cc nh cung cp ni dung v cc nh cung cp dch v s liu; (2) Cc h thng di ng s c nh v nh mt phng tin truyn thng yu thch cho ngi dng a chung hn cc h thng ng dy c nh;
(3) S c nhiu dch v tr trc v pay-as-you-go. Vic thu bao di hn gia ngi
s dng v ngi vn hnh mng c th khng phi l mt m hnh quen thuc; (4) Ngi s dng s c quyn iu khin nhiu hn i vi cc profile dch v ca h v i vi cc kh nng u cui ca h.
(5) S c cc cuc tn cng ch ng vo ngi s dng; (6) Cc dch v phi thoi s quan trng nh cc dch v thoi hoc quan trng hn;
(7) Cc my cm tay di ng s c s dng nh mt nn tng cho thng mi in
t. Nhiu th thng minh a ng dng s c s dng tr gip nn tng ny. Khi quan tm n cc c im ca mi trng th h ba, nhm cng tc 3GPP phc tho nhng c im no ca cc h thng an ninh th h hai c gi li, nhng s yu km no ca th h hai phi c gii quyt trong UMTS, v ni m kin trc an ninh UMTS s gii thiu nhng kh nng mi.
3.2.2 u im v nhc im ca GSM t quan im UMTS

Cc kh nng th h hai c a ti xc nh cc phn t h thng di y (cc on vn bn gii thch c ly ra t ti liu hp tc 3GPP): (1) Nhn thc thu bao: Cc vn vi cc thut ton khng ph hp s c gii quyt. Nhng iu kin ch n s la chn nhn thc v mi quan h ca n vi mt m s c tht cht v lm r rng.
(2) Mt m giao din v tuyn: Sc mnh ca mt m s ln hn so vi mt m c
s dng trong cc h thng th h hai iu ny p ng nguy c c t ra bi nng lc tnh ton ngy cng tng sn c i vi vic phn tch mt m ca mt m giao din v tuyn. (3) tin cy nhn dng thu bao s c thc hin trn giao din v tuyn.
(4) SIM (Subscriber Identity Module: Modul nhn dng thu bao) s l modul an ninh
phn cng c th ly ra c ring r vi my cm tay theo tnh nng an ninh ca n (ngha l SIM l mt th thng minh). (5) Cc c im an ninh toolkit phn ng dng SIM cung cp knh tng ng dng an ton gia SIM v server mng nh s c tnh n. (6) Hot ng ca cc c im an ninh h thng s c lp vi ngi s dng (ngha l ngi s dng khng phi lm bt c iu g kch hot cc c tnh an ninh).
(7) Yu cu cho mng nh tin cy cc mng phc v thc hin mt mc tnh nng an ninh s c ti thiu ha. Trong lnh vc nhn thc thu bao, phn tch ny thng bo cc vn pht sinh xung quanh cc thut ton GSM c quyn v yu km. Tuy nhin mt s tho mn c bn vi phng php ca cc h thng th h hai i vi nhn thc cng l hin nhin m nh chng ta s thy nh hng ln vic ra quyt nh cho nhn thc thu bao trong UMTS: Mt danh sch nhng khim khuyt trong cc giao thc an ninh th h th hai m UMTS phi quan tm cng l hu dng. Nhng vn nh sau: (1) Cc cuc tn cng ch ng trong trm gc b gi mo l c kh nng xy ra (thiu nhn thc mng i vi my cm tay di ng). (2) Kho phin v d liu nhn thc trong khi c che y trong cc tuyn v tuyn li c truyn mt cch r rng gia cc mng. (3) Mt m khng m rng phc tp i vi li mng, dn n vic truyn cc vn bn r rng ca ngi s dng v cc thng tin bo hiu qua cc tuyn vi ba. (4) Thiu chnh sch mt m v nhn thc ng nht qua cc mng nh cung cp dch v to c hi cho vic xm nhp. (5) C ch ton vn d liu cng ang thiu. Cc c ch nh th ngoi vic tng tin cp cn cung cp vic bo v chng li s mo nhn trm gc. (6) IMEI (International Mobile Equipment Identifier: B nhn dng thit b di ng quc t) l mt s nhn dng khng an ton. (7) S gian ln v s can thip hp php (b nghe trm bi cc chnh quyn thc thi lut) c x l nh l mt s gii quyt n sau hn l trong pha thit k GSM ban u. (8) C mt thit st v kin thc mng nh v iu khin cch m mng phc v s dng cc tham s nhn thc cho cc thu bao mng nh chuyn vng trong vng phc v ca mng phc v.
Chng 3: Nhn thc v an ninh trong UMTS (9) mm do nhm cp nht v b xung cc tnh nng bo mt theo thi gian
duy tr tnh ph bin cc giao thc an ninh h thng l khng cn thit. Yu cu sau i vi ngi thit k UMTS nhm nh ngha nhiu s tng cng cho cc th tc v giao thc an ninh th h hai m gi li cc c im ca an ninh th h hai m gii quyt nhng thiu st trn ca th h hai v iu s cho php tnh lin thng gia hai min trong nhng nm ti.
3.2.3 Cc lnh vc tng cng an ninh cho UMTS

Trong mt ti liu thng 3-2000 c gii thiu ti Hi tho IAB v lin mng v tuyn, N.Asokan ca trung tm nghin cu Nokia cung cp tng kt di y v cc lnh vc then cht trong UMTS s gii thiu nhng tng cng cho cc ch an ninh GSM. Nhn thc tng h: Mng phc v c nhn thc ti cc thu bao di ng cng nh thu bao di ng c nhn thc ti mng. Tng s h tr cho anh ninh v mt m d liu trong mng li.
Tng di kho chng li cc cuc tn cng mnh: Nh c bit, cc thut ton mt m s liu GSM th h hai c di kho hiu qu ch 40 bt v ngi ta ngh c th b ph v gn nh trong thi gian thc. Cc kho cho mt m s liu trong UMTS s l 128 bt.
Tnh an ton nhn dng ngi s dng s c tng cng thng qua vic s dng kho nhm. Cc thut ton mt m UMTS c bn s c thc hin cng khai c quan tm n cc ph bnh thng xuyn v GSM.
S h tr cho tnh ton vn cng nh tnh an ton s c cung cp. Mt khi nim quan trng trong lnh nhn thc thu bao cho UMTS l mng khch
quan tm c tr ph hn l v vic nhn dng ngi s dng. V vy mt s nhn mnh v mi quan tm ca mng khch l vic trao quyn cung cp cc dch v hn l vic
nhn thc. Cc h thng thc hin vic nhn thu bao nhn mnh s tng tc gia thu bao di ng v mng nh, vi cc thng tin trao quyn c truyn ti mng m s cung cp cc dch v ti thu bao di ng (mng khch). Theo cch ny, nhn thc c th c thc hin m khng phi m phn v tnh tin cy nhn dng thu bao.
3.3. Cc lnh vc an ninh ca UMTS

Mt mc tiu mc cao cho vic thit k kin trc an ninh cho UMTS l to mt c cu t chc c th pht trin theo thi gian. Nh trong trng hp thit k mng Internet, mt phng php quan trng modul ho kin trc an ninh bng cch to ra mt tp cc tng v sau lin kt mt tp cc phn t cng vi cc mc tiu thc hin v thit k h thng ti nhng tng ny. Nhng modul ny c ngi thit k gi l cc domain (min) v hin thi s c nm domain:
3.3.1 An ninh truy nhp mng (Network Access Security)

Mt s cc c im an ninh cung cp cho ngi s dng s truy nhp an ton ti cu trc c s h tng UMTS v cc c im bo v ngi s dng chng li cc cuc tn cng trn cc tuyn v tuyn khng dy cho cc mng mt t. Cc phn t then cht bao gm:
Tnh tin cy nhn dng ngi s dng: IMUI v cc thng tin nhn dng c nh
khc lin quan n ngi s dng khng c phi by cho nhng k nghe ln.
Nhn thc tng h: C u cui di ng v trm gc ca mng phc v c
nhn thc i vi nhau, ngn nga cc cuc tn cng mo nhn trn c hai pha ca phin truyn thng.
Tnh tin cy ca s liu bo hiu v s liu ngi s dng: Thng qua mt m
mnh m, c ni dung ca phin truyn thng thu bao ln thng tin bo hiu lin quan c bo v trong khi truyn dn qua on ni v tuyn.
Ton vn s liu v nhn thc khi u: Thc th nhn trong mt phin truyn
thng c th xc nhn rng cc bn tin nhn c khng b thay i khi truyn v rng n thc s c khi u t pha c yu cu.
3.3.2 An ninh min mng (Network Domain Security)

Tp cc c im an ninh cho php cc node trong c s h tng mng ca nh cung cp trao i cc d liu vi s m bo an ninh v bo v chng li s xm nhp tri php c s h tng mng hu tuyn.
Nhn thc phn t mng: Kh nng ca cc thnh phn c s h tng mng bao
gm nhng kh nng thuc v cc nh cung cp dch v khc nhau nhn thc nhau v d liu nhy cm c trao i.
Tnh tin cy ca d liu c trao i: Vic bo v d liu c trao i gia cc
phn t mng khi cc cuc nghe ln. iu ny in hnh s c thc hin thng qua mt m.
Ton vn d liu v nhn thc ban u: iu ny l song song vi cc kha cnh
ton vn d liu v nhn thc ban u ca An ninh truy nhp mng nhng p dng i vi mi quan h gia cc phn t mng. Khi mt phn t mng truyn d liu n phn t khc, node nhn c th xc nhn rng d liu khng b thay i khi truyn, v n thc s khi u vi phn t mng c thng bo nh ngun gc khi u. Thm na, nhng tnh cht ny phi p dng qua cc mng ca cc nh cung cp dch v khc nhau.
3.3.3 An ninh min ngi s dng (User Domain Security)

Tp cc c im an ninh gn vo s tng tc gia mt ngi s dng v my cm tay UMTS ca h. Mt mc tiu quan trng trong min ny l ti thiu thit hi v gian ln c th xy ra khi mt my cm tay b nh cp.
Nhn thc User-to-USIM: Nhn thc trong min con ny gn vo mi quan h
gia mt thu bao ring v th thng minh SIM trong my cm tay UMTS ca h. gii hn s hot ng i vi ch s hu hoc mt nhm c nhn c quyn, ngi s dng c th cn cung cp PIN khi to mt phin truyn thng.
on ni USIM-Terminal: V th thng minh tr gip USIM (c gn trong th
thng minh) c th di chuyn c, nn cng cn thit bo v an ton mi quan
h gia USIM v my cm tay UMTS. in hnh iu ny s c thc hin thng qua mt s nhng b mt dng chung trong c USIM ln u cui bi cc nh cung cp dch v khi dch v c khi to. on ni USIM-Terminal ngn nga th USIM ca ngi s dng khng b chn vo trong my cm tay khc v b s dng khi khng c quyn.
3.3.4 An ninh min ng dng (Application Domain Security)

Cc c im an ninh cho php s trao i an ton cc bn tin mc ng dng gia my cm tay v h thng ca nh cung cp dch v th ba. Trong kin trc UMTS, vic cung cp cn c thc hin cho cc nh vn hnh mng hoc cc nh cung cp dch v khc to ra cc ng dng nm trong USIM hoc trong t hp.
Nhn tin an ton: Nhn tin an ton s cung cp mt knh an ton cho vic truyn
cc bn tin gia USIM v server mng.

Tnh tin cy lu lng ngi s dng trn ton mng: Vic bo v cc bn tin
khi cc cuc nghe ln - in hnh l thng qua mt m trn cc on mng hu tuyn cng nh v tuyn ca ton b kin trc h tng mng.
3.4.5 Tnh cu hnh v tnh r rng ca an ninh (Visibility and Configurability)

Tp cc tnh nng qua ngi s dng h thng c th bit cc c im an ninh no ang hot ng v iu khin cc dch v no ang c s dng a ra mt tp nht nh cc dch v an ninh.
Tnh r rng: Ngi s dng h thng thng qua cc c ch c cung cp bi c
s h tng UMTS c th xc nh c c im an ninh no ang hot ng ti bt k im no theo thi gian v mc an ninh l g.

Tnh nh hnh: Ngi s dng thng qua c ch c cung cp bi c s h tng
UMTS c th yu cu tp cc dch v an ninh no phi ang hot ng trc khi ngi s dng mt dch v nht nh. Chng hn, logic ny c th p dng cho enable v disable vic s dng m PIN c nhn vi USIM trong my cm tay ca
ai hoc p dng cho vic quyt nh nh vic chp nhn cc cuc gi n m khng c mt m. Chia ton b lnh vc an ninh thnh cc min theo kiu ny c mt vi u im. Th nht, n x l bng cch chia nh ton b khng gian vn thnh cc min con ri rc (hn na, quan tm nhiu n phc tp c x l nh th no trong mi quan h vi cc giao thc lin mng Internet). Ngoi ra, bng vic to ra cc modul an ninh vi cc giao din c bit r c th cp nht hoc thay th cc thnh phn ca kin trc an ninh m khng phi lm li ton b vic kinh doanh. Ch : Cc t di y c s dng cho cc min anh ninh UMTS trong hnh 3.1. NAS: Network Access Security NDS: Network Domain Security UDS: User Domain Security ADS: Application Domain Security Hnh 3.1 cung cp s minh ho v ton b mi trng UMTS vi ch th v ni m nm min an ninh nh tr trong s tng tc gia cc phn t khc nhau ca mi trng.
Mc ng dng ADS ng dng ngi dng ng dng nh cung cp dch v
Mc Home/Serving Thit b u cui (Handset) UDS Module nhn dng cc dch v ngi dng (USIM) NAS NAS NDS NAS NAS Mng phc v (SN) Mi trng nh (HE)
NAS Mobile Termination
Mc truyn ti
Mng truy nhp
Hnh 3.1: S minh ho ni nm min an ninh UMTS nh tr trong cc mi quan h gia cc thnh phn ca ton b mi trng mng UMTS. [Ngun: S. Putz]
3.4. Nhn thc thu bao UMTS trong pha nghin cu

Nh ch trn y trong chng ny, kin trc an ninh UMTS xut pht ch yu t cc d n c ti tr bi Cng ng Chu u v vi quc gia thnh vin ca n. Phn ny quan tm n cc giao thc nhn thc thu bao c pht trin kh sm trong qu trnh pht trin UMTS thng qua d n ASPeCT (Advanced Security for Personal Communications) theo chng trnh ACT. D n ASPeCT nghin cu nhiu phng php nhn thc thu bao trong UMTS, vi cc bo co ban u c trnh vo 2-1996. Cc bo co ny c th c xem nh mang tnh cht khm ph; n nhn mnh vo vic tip nhn cc giao thc nhn thc thu bao c xut t cc t chc quan tm v sau phn tch cc giao thc ny p dng vo cc yu cu UMTS. Thng 2-1996 bo co ASPeCT m t cc xut cho nhn
thc thu bao v to kho phin trong UMTS c trnh bi Royal Holloway, Siemens v KPN. xut ca Royal Holloway da trn c ch yu cu-p ng (ChallengeResponse) tng t vi c ch trong GSM. Giao thc ny a ra nhn thc tng h gia trm di ng v trm gc mng v tng cng an ninh nh v ngi s dng (an ninh nh v ngi s dng c thc hin bng cch ch s dng b nhn dng ngi s dng hin thi v trnh s truyn dn ca b nhn dng vnh cu ca thu bao di ng trong clear-text qua on ni v tuyn). Hai giao thc c xut khc ca Siemens v KPN l rt khc nhau trong chng bt ngun t cc k thut kho cng cng. Cc phn di y m t phng php c xut bi Siemens.
3.4.1 M t giao thc kho cng cng ca Siemens cho UMTS

Giao thc da trn kho cng cng cho nhn thc v to kho phin c xut bi Siemens s dng nhiu nhm trng hu hn hoc cc phn nhm ng cong elp nh phng php kho cng cng c s. Trong c hai trng hp, an ninh mt m ph thuc vo vic vn thut ton ri rc kh khn hay khng. Giao thc do Siemens xut yu cu CA tin cy v mt Certification Server (CA) an ton m c th to cc chng nhn cha cc kho cng cng kh dng i vi c thu bao v nh vn hnh mng v ph hp vi cc phng php c s h tng kho cng cng c in. Mt phn khc ca c s h tng l mt danh sch thu hi (revocation list) ghi li cc b nhn dng thu bao, ngi khng cn t cch nhn dch v. xut ca Siemens thc s c ba phn, l cc giao thc con c nh r A, B v C. Ba giao thc ny cp cc trng hp hi khc nhau:
Sub-protocol A: x l trng hp ni m cc bn copy c nhn thc ca kho
cng cng trm di ng v mng phc v kh dng trong server mng phc v v my di ng tng ng v v vy khng cn thit phi trao i trong phin truyn thng.
Chng 3: Nhn thc v an ninh trong UMTS Sub-protocol B: x l cc trng hp ni m chng ch c gi tr ca kho xc nhn
cng cng trm di ng l kh dng trong my cm tay di ng nhng khng phi trn server mng phc v, v mt chng nhn c gi tr kho tho thun cng cng ca ngi vn hnh mng nhng khng phi trong my cm tay di ng.
Sub-protocol C: x l trng hp ni khng c bn copy c nhn thc kho cng
cng ca thu bao di ng kh dng trn server mng phc v v khng c bn copy c nhn thc kho cng cng ca nh vn hnh mng trong my cm tay di ng. Trong tho lun ny, chng ta s quan tm n Sub-protocol C, v iu ny a ra ci nhn tt nht ti cc kha cnh giao thc kho cng cng v c s h tng lin quan n xut ca Siemens.
3.4.2 Cc iu kin tin quyt thc hin giao thc Siemens

Sub-protocol C do Siemens xut cho nhn thc thu bao lm vic hiu qu, mt s cc iu kin tin quyt phi c thc hin. ng ch trong s ny l: Vic nhn dng ngi vn hnh mng trn mng phc v c bit trc i vi trm di ng.

Ngi vn hnh mng phc v gi cc kho tho thun cng cng s v gs. Trm di ng s hu h thng ch k bt i xng vi kh nng chuyn i ch k b mt Sigu.
CS gi danh sch thu hi (revocation list) mi nht i vi cc kho cng cng ca ngi vn hnh mng v cc thu bao di ng. C CS v server ca ngi vn hnh mng phc v c th to v xc nhn tem thi gian (time-stamp).
C server ca ngi vn hnh mng phc v v trm di ng gi kho cng cng ca CS. Kho ny cn thit xc nhn tnh hp l ca cc v c pht hnh bi CS.
CS khng ch cp kho private-public gm kho ring u v kho cng cng gs.
Trm di ng gi mt bn copy c gi tr kho cng cng g ca CS.
CS s hu kho xc nhn cng cng PK_NO cn xc nhn cc ch k c to bi server ca ngi vn hnh mng phc v bng cch s dng kho ch k ring SK_NO.
3.4.3 Hot ng ca Sub-protocol C ca Siemens

Sub-protocol C bao gm s trao i nm pha cc bn tin gia trm di ng (my cm tay ca thu bao), server ca ngi vn hnh mng phc v v CS. CS truy nhp ti kho cng cng c cp php cho trm di ng. Mt kha cnh ct yu ca giao thc ny l trong khi ngi vn hnh mng trnh mt chng nhn cha kho cng cng ca n ti trm di ng, trm di ng khng cn thit phi trnh mt chng nhn tng ng ti server ca mng phc v. Ngi vn hnh mng c th tm cc thng tin cn thit thng qua CS. Sub-protocol ca Siemens c trnh by nh hnh 3.2. y l tng quan v cc bc: Trm di ng khi to phin truyn thng. u tin n to mt s ngu nhin g(RNDU). Sau trm di ng tnh ton, (1) L=gu(RNDU), bng cch s dng kho cng cng gu ca CS, v (2) chui mt m Enc(L, IMUI) trong IMUI l b nhn dng duy nht (B nhn dng ngi s dng di ng quc t: International Mobile User Identifier) ca trm di ng.
Trm di ng gi g(RNDU), IDCS v Enc(L, IMUI) ti server ca nh vn hnh mng. Ch rng IDCS l b nhn dng ca CS trong kho cng cng ca trm di ng c th c bo v (n c th thuc v nh cung cp dch v nh ca thu bao di ng). iu ny cu thnh Bn tin 1 (Message 1).
Server ca nh vn hnh mng ly li kho cng cng ca n gs v to mt nhn thi gian TS1. Server sau s dng hm bm (hash function) h3 cng vi thut ton ch k SigNO v kho ring ca n SK_NO k chui (TS1||gs|| |g(RNDU) || Enc(L,IMUI)|).
Server ca nh vn hnh mng gi chui di y qua mng v tuyn ti CS: TS1, gs, g(RNDU), Enc(L, IMUI), SigNO(h3(TS1 || gs || g(RNDU) || Enc(L, IMUI))). iu ny cu thnh Bn tin 2 (Message 2).
CS: (1) s dng thut ton xc nhn VerNO v kho cng cng ca nh vn hnh mng PK_NO xc nhn bn tin; (2) kim tra tem thi gian T1; (3) tnh L bng cch s dng kho cng cng ca thu bao di ng, L = (g(RNDU)u); (4) gii mt m Enc(L, IMUI) bng cch s dng thut ton gii mt m Dec v kho L; (5) ly li CertU, chng nhn cho thu bao di ng t c s d liu thu bao ca n; (6) kim tra kho cng cng gs ca nh vn hnh mng v chng nhn ca thu bao CertU da vo revocation lists; (7) to mt chng nhn CertN bng cch s dng kho cng cng ca nh vn hnh mng v k chng nhn ny; (8) to tem thi gian TS1; v (9) tnh ton mt ch k trn chui TS||IDNO||CertU. CertN bao gm SigCS(H3(credentials)), trong credentials l g(RNDU), gs, IDNO v data3. Data3 l mt tu chn.
CS gi mt bn tin gm CertN, TS2 || IDNO || CertU, SigCS(TS2 || IDNO || CertU) ti server ca nh vn hnh mng. iu ny cu thnh Bn tin 3.
Server ca nh vn hnh mng s dng thut ton xc nhn VerCS v kho cng cng ca CS PK_CS xc nhn Bn tin 3. Sau Server ca nh vn hnh mng: (1) tnh ton mt CertN c rt gn c gi l CertN*, CertN* bao gm gs || SigCS(h3 (credentials)); (2) tnh chui ngu nhin (g(RNDU)s) bng cch s dng kho ring ca n; (3) to kho phin Ks, trong Ks = h1(g(RNDU)s || RNDN); (4) to kho nhn thc AUTHN = h2(Ks), trong h2 l mt hm bm th 2; v (5) to chui mt m Enc(Ks, data1 || data3), trong data1 l mt nonce c to bi server ca nh vn hnh mng.
Server ca nh vn hnh mng gi ti trm di ng qua on ni v tuyn RNDN, AUTHN, CertN* v Enc(Ks, data1, data3). iu ny cu thnh Bn tin 4 (Message 4).
Trm di ng by gi lm cng vic xc nhn vic truyn dn v to cc phn t d liu m n cn tip tc phin truyn thng. u tin trm di ng s dng thut ton xc nhn VerCS v kho cng cng ca CS xc nhn ch k trn CertN v xy dng li credentials. Trm di ng sau tnh: (1) gs(RNDU) bng cch s dng kho cng cng ca nh vn hnh mng; (2) kho phin Ks trong Ks by gi bng h1(gs(RNDU) || RNDN); (3) kho nhn thc AUTHN, trong AUTHN = h2(Ks); v (4) chui data1 || data3 bng cch s dng thut ton gii mt m Dec v kha phin Ks. Bng cch s dng thut ton mt m Enc vi kho phin ng vai tr input, trm di ng sau to: (1) Enc(Ks, SigU(h3(Ks || data1 || data2))), v (2) Enc(Ks, data2). Trm di ng gi Enc(Ks, SigU(h3(Ks || data1|| data2))) v Enc(Ks, data2) tr li server ca nh vn hnh mng qua on ni v tuyn. Vic truyn dn ny cu thnh Bn tin 5 (Message 5) l bn tin cui cng trong qu trnh trao i giao thc Siemens.
Server ca nh vn hnh mng sau thc hin mt vi tnh ton v so snh cui cng hon thnh qu trnh nhn thc v khi to phin truyn thng. u tin, server ca nh vn hnh mng s dng kho phin Ks gii mt m tt c cc phn ca bn tin nhn c t trm di ng. Khi server bit Ks, data1 v data2 n tip tc tnh ton h3(Ks || data1 || data2) theo quyn hn ring ca n. Sau n s dng thut ton xc nhn VerU v kho cng cng ca trm di ng PK_U ly ra h3(Ks || data1 || data2) t SigU(h3(Ks, data1, data2)). Server so snh gi tr tnh ton c vi gi tr va ly ra. Nu hai gi tr ging nhau th trm di ng c nhn thc.
Trm di ng
Server mng phc v
Server chng nhn
(M1) gRNDu, IDCS, Enc(L, IMUI) (M2) TS1, gRNDu, ID CS, Enc(L, IMUI), SigN0 (h3(TS1 || gs || gRNDu || Enc(L, IMUI)))
(M3) CertN, TS2 || IDN0 || CertU, SigC S(TS2 || ID N0 || CertU) (M4) RNDn, AUTHN , CertN*, Enc(Ks, data1 || data3)
(M5) Enc(K s, SigU(Ks || data1 || data2)), Enc(Ks, data2)
Hnh 3.2: S minh ho s trao i cc bn tin trong giao thc nhn thc ca Siemens cho UMTS, Sub-protocol C. Mt trong s cc tin li ca Sub-protocol C c xc nhn bi cc nh nghin cu ASPeCT Project l duy tr tnh tin cy nhn dng ngi s dng: IMUI ch c gi di dng mt m t khi bt u giao thc. Cng quan trng khng km l vic s dng cc tem thi gian m bo tnh hin thi ca cc chng nhn, v cn tr cc tn cng. Cng ng ch cc trng nh data1, data2 v data3 - c nhn dng trong m t trn nh l cc nonce c th c to ra ng vai tr kp v thc s truyn thng tin gia CS, server mng v trm di ng.
3.4.4 nh gi giao thc nhn thc Siemens

Chng ta r rng t m t Sub-protocol C trong phng php Siemens cho nhn thc thu bao v to kho phin, iu ny l rt khc so vi nhng g chng ta thy trong mng th h hai. xut ca Siemens da trn kin trc an ninh kho cng cng ang pht trin mnh, bao gm mt CS c qun l bi CA tin cy. Phng php ny bao gm cc chng nhn s cho c cc thu bao di ng ln nh vn hnh mng cng vi vic s dng
ch k s v cc thut ton bm. Cc giao thc c xut ny l phc tp nhng s cung cp mc an ninh cao v tnh m rng nu c trin khai c th mt cch y . Nh chng ta s thy, y khng phi l phng php nhn thc thu bao m cc nh thit k chn nh l nn tng thc s cho vic thc hin h thng. Mc d cc l do khng hon ton r rng, mt kh nng l xut ca Siemens khi u hon ton t s k tha c s h tng GSM lm cho s hot ng lin i vi th h hai mt cch kh khn. Cng l s tht rng cc bo co ca ASPeCT Project l khng nhiu khi m t v mt m thc s, cc giao thc ch k s, cc thut ton xc nhn v bm c s dng lm cho vic m phng hiu nng h thng kh khn hn.
3.5 Nhn thc thu bao trong vic thc hin UMTS
V thi im thc hin cc h thng truyn thng v tuyn s dng cng ngh UMTS n, cc nhm lm vic 3GPP chuyn s tp trung ra khi nghin cu l thuyt c m t trong phn trc. Trong vic ra quyt nh c th lin quan n nhn thc thu bao trong UMTS, cc nh hoch nh 3GPP chn s dng s ging vi nhn thc GSM nht vi cc tng cng c la chn. Giao thc UMTS ny s dng mt phng php da trn kho cng cng i xng trong Trung tm nhn thc ca mng nh thu bao v th thng minh USIM trong my cm tay ca ngi s dng dng chung mt kho b mt. Ngoi ra v nhn thc by gi c hoch nh cho vic thc hin trong UMTS nn n khc vi nhn thc trong th h hai mt vi im quan trng sau: (1) Modul nhn dng thu bao (SIM hoc trong mng UMTS l USIM) trong my cm tay v Trung tm nhn thc (AuC) dng chung mt s chui cng nh kho b mt. S chui khng phi l mt gi tr c nh m thay i theo thi gian. (2) Ngoi nhn thc thu bao chun, trm gc ca mng khch c nhn thc i vi trm di ng nh l mt phn ca giao thc nhn thc. (3) Trong pha nhn thc, UMTS thit lp mt kho phin cho mt m d liu trong phin truyn thng v mt kho th 2 thc hin m bo ton vn d liu.
(4) Cc thut ton mt m ca UMTS s c t ti domain cng cng ph bnh v phn tch. Nhng bc chnh trong giao thc UMTS nhn thc tng h v thit lp kho phin nh sau. S song song vi giao thc challenge-response ca GSM nn bit r rng. (Thut ng ang c s dng m t cc phn t then cht ca c s h tng v cc giao thc nhn thc UMTS khc v mt vi kha cnh so vi nhng g chng ta thy trong GSM Chng ta s dnh s phn bit ny trong m t di y). (1) Node phc v (SN: Serving Node) gi B ghi nh v tm tr VLR (Visitor Location Register) yu cu d liu nhn thc t Mi trng nh (HE) m h tr B ghi nh v thng tr (HLR) v Trung tm nhn thc (AuC). (2) Mi trng nh gi mt mng cc vct nhn thc (AV) ti SN. Mi vct nh th c th c s dng thc hin tho thun kho phin v nhn thc gia SN v USIM trong trm di ng. Mi AV (tng ng vi b ba ca GSM) bao gm: (1) mt s ngu nhin challenge RAND; (2) mt response mong mun cho challenge, XRES; (3) mt kho phin mt m CK; (4) mt kho ton vn d liu IK; v (5) mt th nhn thc AUTN. (3) Mng phc v gi challenge ngu nhin RAND v th nhn thc AUTN ti trm di ng qua on ni v tuyn. (4) USIM trong trm di ng xc nhn rng AUTN l c th chp nhn c (v vy thc hin nhn thc i vi trm di ng). Khi trm di ng to mt response, RES ti challenge ngu nhin v truyn tr li SN. (5) USIM tnh ton phin bn CK v IK ring ca n bng cch s dng RAND, s chui (c nhng trong AUTN) v kho b mt ca n. (6) Mng phc v so snh RES m n nhn c t trm di ng vi XRES. Nu hai gi tr trng nhau th trm di ng c nhn thc.
Chng 3: Nhn thc v an ninh trong UMTS (7) USIM v SN truyn CK ti cc thnh phn ca h thng chu trch nhim v mt
m d liu c truyn, v IK ti cc thnh phn ca h thng chu trch nhim v kim tra tnh ton vn d liu. S ca giao thc nhn thc UMTS c s xem hnh 3.3.
Trm di dng/USIM
Mng phc v/VLR
Home Env/HLR/AuC
Yu cu d liu nhn thc
To cc vect nhn thc (AV) 1n
Lu tr cc vect nhn thc ; Chn AV(i)
Tr li d liu nhn thc AV (1... n)
Yu cu nhn thc ngi s dng RAND(i) || AUTN(i)
Ch : AUTN=SQN (XOR) AK || AMF || MAC AV=RAND || XRES || CK || IK || AUTN
Xc nhn AUTN(i); Tnh ton RES(i) Tr li nhn thc ngi s dng RES(i)
Tnh ton CK(i) v IK(i)
So snh RES(i) v XRES(i)
Ly ra CK(i) v IK(i)
Hnh 3.3: Lung cc bn tin trong giao thc to kho phin v nhn thc UMTS c s. [Ly t J.Salva] Trong giao thc nhn thc nh c m t trn, cc th nhn thc AUTN l mt phn t d liu then cht. AUTN bao gm: (1) S chui (Sequence Number), SQN, thc hin php hoc loi tr (XORed) vi mt kho nc danh AK, (2) Trng qun l kho v nhn thc, AMF (Authentication and Key Management Field), v (3) mt M nhn thc bn tin, MAC (Message Authentication Code). Mc ch ca kho nc danh l che y Sequence Number m nu b tit l c th cung cp cc thng tin v nhn dng v v tr ca
thu bao. AMF c th mang nhng thng tin t Trung tm nhn thc ti trm di ng v cc vn nh s dng cc thut ton to kho v nhn thc. N cng hng dn trm di ng s dng mt kho trong s cc kha b mt. Giao thc nhn thc UMTS s dng nm hm mt chiu (one-way) c k hiu t f1 n f5 to cc gi tr thnh phn ca chui AUTN v AV. Cc u vo cho cc hm ny l kho b mt ca thu bao, challenge s ngu nhin RAND v Sequence Number. Hnh 3.4 cung cp mt s v cch giao thc ny hot ng trong Trung tm nhn thc.
To SQN
To RAND
SQN
Ch : SQN = Sequence Number AMF = Authentication & Key Management Field RAND = Random Challenge AMF
RAND
Kho b mt K
Hm f1
Hm f2
Hm f3
Hm f4
Hm f5
MAC
XRES
CK
IK
AK
Ch : MAC = Message Authentication Code XRES = Expected Response (to Random Challenge) CK = Cipher (Data Encyption) Key IK = Integrity Key AK = Anomynity Key
Ch : AUTN = SQN (XOR) AK || AMF || MAC AV = RAND || XRES || CK || IK AUTN
Hnh 3.4: To chui Vct nhn thc UMTS v Th nhn thc (AUTN) trong Trung tm nhn thc. [ly t J.Salva]
3.6 Tng kt v nhn thc trong UMTS

Qu trnh thit lp pha u tin ca vic nhn thc UMTS trn cc giao thc nhn thc thu bao l mt qu trnh lu di v phi thc hin nhiu ln. Nh chng ta thy,
mt vi cng trnh nghin cu ban u m nhn nh l mt cng trnh tin thn cho UMTS trong cc chng trnh Chu u nh ACTS tp trung vo mt gii php vi mt phn t mnh cc phng php m ho. Tuy nhin trong pha thc hin cui cng vic bt buc phi xy dng trn cc thnh tu GSM hin c v duy tr tnh lin thng vi GSM c chng minh l p o. Mt ln na cc phng php kho cng cng i xng li chin thng. Tuy nhin kin trc kho cng cng cu UMTS quan tm n nhiu thiu st ca h thng t ong th h hai, bao gm vic nhn thc ca mng i vi trm di ng, nhn dng ngi s dng v tnh tin cy nh v, tnh ton vn d liu v s dng cc thut ton mt m thch hp.
CHNG 4: NHN THC V AN NINH TRONG IP DI NG (Mobile IP)
Nhng ngi thit k mng in thoi t ong s th h hai v ba tho lun trong cc chng u tin ca lun vn ny bt u h tr truyn thng di ng ngha l sau ht l ton b quan im v in thoi t ong. Mt khc Internet ban u khi u nh l mt mng nhm kt ni cc my tnh ti nhng v tr c nh. Theo mt s phng din khc cc mi trng cng khc nhau mt cch ng k. Chng hn cc mng t ong th h hai c thit k truyn ch yu l lu lng thoi v h tr cc knh truyn thng gia cc bn trong cuc thoi th mng t ong th h ba s quan tm nhiu hn n truyn thng s liu ngoi lu lng thoi. Mt khc, nhng ngi thit k Internet tm cch to ra mt mng cho vic truyn dn s liu gia cc my tnh (voice over IP xut hin sau) v s dng chuyn mch gi hn l thit lp cc knh nh mt m hnh truyn dn chnh. Trong nhng nm 1980, th gii ni m cc my tnh t trong cc phng my hoc trn cc bn ca ngi s dng ti nhng v tr c nh vi a ch mng c nh bt u b ph v. Trong tng lai cc my tnh bao gm khng ch cc my tnh xch tay m cn bao gm cc thit b nh cc PDA (Personal Digital Assistant), Web pad, v my in thoi t ong thng minh - s n vi ngi s dng, nhng ngi mun kt ni ti Internet t bt c ni no h xut hin ti bt c thi im no. M hnh v cch m cc a ch mng c chnh sa trong th gii Internet c dy thng qua vic can thip ca cc nh qun tr h thng, gn cc a ch IP mi v vic cu hnh li cc my (machine) v c s h tng mng khng cn c chp nhn. Mt iu g phi c a ra cung cp s h tr cho tnh ton di ng trong mi trng Internet. Giao thc c pht trin thng qua IETF (Internet Engineering Task Force: Nhm c trch k thut Internet) l giao thc Internet di ng hay ngn gn l Mobile IP. Mc tiu ca Mobile IP l tr gip truy nhp Internet cho cc thit b tnh ton di chuyn t ni ny n ni khc m khng yu cu thay i ton b c s h tng Internet ngay lp tc bao hm tnh di ng.
4.1. Tng quan v Mobile IP

Trong kin trc Internet hin thi, giao thc Internet Version 4 hoc IPv4, Mobile IP l mt tu chn. Cc mng c gng h tr tnh ton di ng c th b xung Mobile IP,
trong khi cc mng ch cung cp cc dch v cho cc my tnh c dy khng cn thay i. Trong tng lai, IP Version 6 s h tr tnh di ng nh mt phn ca cc giao thc Internet chung vi s tha nhn truy nhp Internet c dy cng tr nn rt quan trng.
4.1.1 Cc thnh phn logic ca Mobile IP

Nh cp trn, khi ngun ca IPv4 v cc mng t ong s chng ta nghin cu trong lun vn ny l rt kh khn. Tuy nhin mc logic cc phn t ca kin trc Mobile IP rt gn vi cc khi nim quen thuc hin nay trong mng t ong s. V d, di mobile IP, mi thit b tnh ton di ng c mt mng nh tuy rng mi my cm tay t ong trong mi trng GSM cng c mt mng nh. Trn mng nh ny, trong th gii Mobile IP l mt h thng phn mm c gi l Home Agent (Tc nhn nh) chy trn mt node mng. Chc nng chnh ca Home Agent l duy tr cc thng tin, bao gm cc kho mt m, thuc v cc my tnh di ng - c gi l Mobile Host (MH) N coi mng nh l mng nh ca n. Home Agent cng bm cc v tr hin thi ca Mobile Host m n chu trch nhim v v vy ti mc khi nim n ph hp vi t hp B ghi nh v thng tr/Trung tm nhn thc (HLR/AuC) trong GSM. Hn na, mi Mobile Host di Mobile IP c mt a ch logic c nh - a ch giao thc Internet (hay a ch IP) ca n trn mng nh tuy rng mi my cm tay GSM c mt b nhn dng duy nht c nhng trong th thng minh SIM ca n. Di giao thc Mobile IP, khi Mobile Host chuyn vng ra ngoi min iu khin ca mng nh (d nhin n c th tng tc vi mng nh ca n nhng trng hp ny khng quan tm), n c th thit lp mt kt ni Internet thng qua mng con Internet khc c cung cp h tr IP. Mt mng con host nh th s c cc cng v tuyn (cc khi thu/pht v tuyn) c th trao i cc tn hiu vi Mobile Host. Cng phi c mt trn mng host mt h thng c gi l mt tc nhn khch (FA: Foreign Agent). FA tng tc vi Mobile Host trong khi n c kt ni vi mng host cung cp cc dch v ti n v thng tin thay mt n vi HA. Tm li, khi Mobile Host c gng thit lp truyn thng t mng host khi n ang chuyn vng, u tin n s khi to truyn thng vi FA trn mng . Sau n s
truyn mt bn tin vi c a ch IP ring ca n ln Chm sc a ch mi ca n (a ch IP ca FA) m FA chuyn tip ti HA. Nhn v xc nhn bn tin ny, HA thc hin rng buc cp nht (Binding Update) bng cch to mt bng u vo ghi li cc chm sc a ch mi cng vi cc Mobile Host c th ny. Mt thnh phn khc trong s ca Mobile IP l my i tc (CA: Corresponding Host). CA c th l bt k my tnh no trn Internet m c gng giao tip vi Mobile Host. Di Mobile IP, CA khng cn bit rng Mobile Host ang chuyn vng ra khi mng nh (y l gi thit n gin ho quan trng ca Mobile IP) v n gin truyn cc gi khi truyn thng vi MH theo cch thng thng ti mng nh. y HA, bit rng Mobile Host ang chuyn vng v Chm sc a ch hin thi ca n, nhn cc gi i v hng Mobile Host v chuyn tip chng ti FA ti Chm sc a ch hin thi ny trong mt qu trnh c gi l triangular routing (nh tuyn tay ba). FA sau chuyn tip cc gi ti Mobile Host qua on ni v tuyn m chng thit lp. Kin trc chung ca Mobile IP c minh ho trong hnh 4.1. Ch rng cc mng bao gm HA v FA cn thit phi thc hin Mobile IP v c kh nng h tr di ng. Tuy nhin, mt kha cnh then cht ca Mobile IP l CA v cc thnh phn khc ca nn tng Internet c gii thiu bi m my Internet trong s mng khng cn bit g v giao thc ny.
D liu c nh tuyn bng cch s dng a ch mng nh Corresponding Host
C s h tng mng
Router
Home Agent chn cc gi v ng hm Router
Home Agent
Router
Foreign Agent D liu c gi ti Foreign Agent thng qua ng hm IP (IP Tunnel) Mobile Host D liu c tch gi v c chuyn tip ti MH thng qua on ni v tuyn
Hnh 4.1: S minh ho cc thnh phn then cht ca kin trc Mobile IP.
4.1.2 Mobile IP Nguy c v an ninh

Nh mt s m rng i vi giao thc Internet thng thng (IPv4), Mobile IP, nhm cung cp s h tr di ng cho chuyn vng host, pht sinh cc nguy c v an ninh. Trong thc t hu ht cc nh phn tch ng rng nhng nguy c ln nht m Mobile IP gp phi nm trong min an ninh. Nh trong trng hp mng t ong s, cc on ni v tuyn gia Mobile Host v FA d tip xc vi vic nghe trm v tim nng tip xc vi cc cuc tn cng mo nhn. Tuy nhin, khng ging nh mng t ong truyn thng trong mng Internet c dy khng chy trn mng c quyn ca mt hay mt vi nh cung cp dch v thng tin v tuyn m trn mng Internet m. V vy nguy c an ninh trong phn mng hu tuyn c l ln hn trong mng t ong s. John Zao v Matt Condell ca BBN xc nh hai lnh vc an ninh c th trong Mobile IP:
Kh nng mt node c hi bt chc vic nhn dng node di ng v nh hng li cc gi tin i n node di ng ti cc v tr mng khc; Nguy c v cc node th ch tim n (n t cc min qun tr mng khc nhau) nhm tin hnh cc cuc tn cng ch ng/th ng ti cc node khc khi chng s dng chung cc ti nguyn mng v cc dch v c a ra bi cc mng con h tr di ng. Cc giao thc nhn thc ngi s dng c tho lun trong chng ny u quan tm n hai nguy c an ninh ny nhng thc hin theo cc phng php khc nhau.
4.2. Cc phn t nn tng mi trng nhn thc v an ninh ca Mobile IP

Giao thc Mobile IP xc nh vic s dng Cc m nhn thc bn tin (MAC) - c gi l authenticator (b nhn thc) theo cch ni c t nhn thc Mobile IP - nhn thc v cung cp tnh ton vn d liu cho cc bn tin iu khin c trao i gia Home Agent v Mobile Node. Trong khi MAC khng c u nhim trong c t Mobile IP th phng php MAC c th cng c p dng cho cc bn tin c trao i vi cc u vo khc chng hn nh FA. Thut ton MAC ly cc bn tin c truyn v mt kho b mt l cc input v to ra mt chui bt c di c nh nh l u ra. Nu b pht v b thu s dng chung kho b mt ny th b thu c th to ra MAC ring ca n t bn tin m n nhn c. B thu sau so snh chui c to ra vi MAC nhn c vi bn tin. Nu trng nhau, iu ny xc nhn rng (1) khng c ai thay i ni dung bn tin khi truyn, v (2) ngun bn tin phi l cc bn mong i (trong ngun cc bn tin phi bit kho b mt to ra mt MAC thch hp). Giao thc Mobile IP xc nh MD5, theo mode tin t thm hu t (ngha l m MAC c gn vo c trc v sau ni dung bn tin) nh l thut ton to MAC mc nh. Cc thut ton khc c th c trin khai theo tho thun hai bn ca cc bn tng ng.
4.2.1 An ninh IPSec

Mt khi nim nn tng then cht trong nhn thc v an ninh cho Mobile IP v khi nim v lin kt an ninh (SA: Security Association). SA l mt mi quan h mt chiu, c nh ngha trc gia ngi gi v ngi nhn nh ngha phng php an ninh no i vi an ninh Internet c thc hin trong thng tin t ngi gi n ngi nhn, v p dng cc tham s no. Trong trng hp truyn thng song hng c th tn ti hai lin kt an ninh nh th vi mi lin kt nh ngha mt hng truyn thng. Cc SA nh ngha tp cc dch v IPSec no (An ninh giao thc Internet) c a vo tng IP hay tng mng (Layer 3) trong ngn xp giao thc Internet. Trong mt gi tin IP, ba tham s c ly cng vi nhn dng duy nht mt lin kt an ninh: l a ch ch IP; B nhn dng giao thc an ninh, n xc nh lin kt an ninh p dng cho Authentication Header (AD) hay i vi Encapsulating Security Payload (ESP); v mt chui bt c gi l Ch s cc tham s an ninh (SPI: Security Parameters Index), n c lin kt duy nht vi mt lin kt an ninh cho trc. Trong mt router hoc cc phn t thch hp ca c s h tng mng trn mt mng, ti c mt file c gi l C s d liu chnh sch an ninh (SPD: Security Policy Database) nh ngha cc qui tc da trn cc ni dung cc trng ny trong gi tin IP. Ph thuc vo thit lp trong trng SPI v v tr ca host ch, cc kiu v mc an ninh khc nhau c th b p t vo cc gi tin i ra ngoi. iu ny cho php cc thnh phn Mobile Host, Home Agent, Foreign Agent v trong mt s trng hp c Corresponding Host trong mt phin truyn thng Mobile IP chn ch an ninh thch hp.
4.2.2 S cung cp cc kho ng k di Mobile IP

V mt c s h tng nh Mobile IP pht trin rt nhanh nn khng th gi s rng mt Mobile Host (MH) ang chuyn vng s c bt k lin kt trc no vi FA trn cc mng m n tm tr. Mt vn chnh l cch cung cp cho MH v FA cc kho ng k chung mt cch an ton khi bt u phin truyn thng. Ton b cc hng i trong s pht trin Mobile IP l hon thnh bc ny thng qua c s h tng kho cng cng c th truy nhp ton cu (PKI: Public-Key Infrastructure), nhng v kin trc ny cha c tnh kh dng rng ri nn vi bc trung gian phi c thc hin nh l mt gii php chuyn
tip. Chng hn, Charles Perlins xut p dng nm k thut thc hnh hin thi. Cc k thut ny c xem xt theo trt t u tin bi MH v FA vi k thut u tin c la chn (c th c thc hin bng nhn cng). Nm s la chn ny l: Nu FA v MH dng chung mt lin kt an ninh, hoc c th thit lp mt lin kt thng qua ISAKMP hoc SKIP, th FA tip tc chn kho ng k ny. Nu FA v HA ca MH dng chung mt lin kt an ninh th HA c th to mt kho ng k v truyn n ti FA c mt m vi kho cng cng ny.
Nu FA c kho cng cng ring ca n th FA c th yu cu HA ca MH to ra mt kho ng k v thng tin n ti FA c mt m vi kho cng cng ny.
Nu MH gi mt kho cng cng, n c th cha kho ny trong yu cu ng k ca n, vi FA th to mt kho ng k v truyn n ti MH c mt m vi kho cng cng ny.
FA v MH c th s dng mt giao thc trao i kho Diffie-Helman thit lp mt kho ng k chung. La chn Diffie-Helman gi thit mt mc u tin thp bi v phc tp tnh ton
ca n c th p t mt gnh nng trn host di ng v do to ra tr. Trong hu ht cc kch bn m Perkins xut, MH v HA s dng chung mt lin kt an ninh theo cch suy din. V vy, nu HA v FA s dng chung cc thng tin m HA c th truyn mt kho b mt ti FA th HA c th hot ng nh l mt Trung tm phn phi kho (KDC: Key Distribution Center). Chng hn nu HA v FA s dng chung mt kho b mt thng qua mt lin kt an ninh gia chng th k thut di y, s dng thut ton MD5, c th c s dng truyn mt kho phin hoc kho ng k t HA n FA.
HA gi chui di y ti FA: String1 = MD5(secret||regrep||seret) Kr Trong secret l kho ring c s dng chung gia HA v FA, Kr l kho ng k ang c truyn thng, v regrep l mt reply cho bn tin yu cu ng k c gi bi FA ti HA. Nhn c bn tin ny (String1), FA by gi c th tnh ton: String2 = MD5(secret||regrep||secret) FA sau c th ly ra kho ng k n gin bng cch thc hin mt ton t XOR nh sau: Kr = String1 String2
Khi vng mt mt lin kt an ninh c thit lp gia HA v FA, mt phng php tng t c th c thc hin nu FA c th to ra mt kho cng cng kh dng.
Trong trng hp m FA v Mobile Node s dng chung mt lin kt an ninh (iu ny t xy ra hn trng hp MN s dng chung mt kho b mt vi HA) th FA v MN c th m phn trc tip mt kho ng k, m khng cn s dng HA nh mt Trung tm phn phi kho. iu tng t c th c hon thnh nu MN to ra kho cng cng kh dng cho FA.
4.3. Giao thc ng k Mobile IP c s

Di Mobile IP, Khi MH thy chnh n trong mt min mng mi, n phi thit lp lin lc vi FA cho mng v khi to chui giao thc ng k thng tin cho HA ca n v v tr hin thi ca n. Giao thc ng k ny cu thnh mt thnh phn nhn thc quan trng trong th gii Mobile IP. Nu MS ang hot ng trong phm vi a l iu khin mng nh ca n th d nhin FA s khng hot ng v truyn thng v nhn thc s xy ra trc tip gia MS v HA. Trong m t ny chng ta s xem xt cc trng hp chung nht trong MH ang chuyn vng v FA c yu cu trong chuyn giao. Giao thc ng k Mobile IP cung cp hai c ch chng li cc cuc tn cng lp li (replay): c cc tem thi gian v cc nonce u c h tr, v cc principal trong phin truyn thng c th chn gia hai bin th ca giao thc ny ph thuc vo ci no chng mun s dng. Trong m t cc phn nh di y, chng ta s phc tho giao thc ng k Mobile IP vi cc tem thi gian.
4.3.1 Cc phn t d liu v thut ton trong giao thc ng k Mobile IP

Cc phn t d liu then cht v cc thut ton trong giao thc ng k c nh ngha bi c t Mobile IP nh sau:
1. MHHM (Home Address of the Mobile Node): a ch IP ca MH trn mng
nh ca n (ch rng iu ny s khc vi Care of Address trn mng ca FA).

2. MHCOA (Care of Address of the Mobile Node): a ch IP ca MH trn
mng m n ang tm tr. Trong hu ht cc trng hp, iu ny s tng ng vi a ch IP ca FA.
Chng 3: Nhn thc v an ninh trong UMTS 3. HAID (Address of Home Agent): a ch IP ca HA trn mng nh ca MH. 4. FAID (Addresss of Foreign Agent): a ch IP ca FA trn mng m MH
ang tm tr.
5. TMH, THA (Time Stamps): TMH v THA l cc tem thi gian c pht hnh bi
MH v HA tng ng.
6. Enc(K, M): Mt m bn tin M theo kho K. 7. MAC(K, M): To mt MAC (Message Authentication Code) t bn tin M
theo kho K.
8. KSMH-HA (Shared Secret Key): KSMH-HA l mt kho b mt c dng chung
gia MH v HA. N khng c dng chung vi FA hoc cc phn t khc ca c s h tng mng.
9. Request: Mt mu bt ch th rng cc bn tin di y l mt bn tin yu
cu.
10. 11.
Reply: Mt mu bt ch th rng bn tin di y l mt bn tin tr li. Result: Mt gi tr ch th kt qu ca mt request c gi ti HA
(tip nhn, loi b, gii thch cho s loi b, v.v). Ch rng Kho b mt dng chung l mt phn t ca mt m kho ring c gi li trong th h tr gip di ng u tin cho Internet. N c th s khng cn thit trong tng lai, nu c s h tng kho cng cng tr thnh kh dng.
4.3.2 Hot ng ca Giao thc ng k Mobile IP

Cc bc chnh khi thc thi giao thc ng k Mobile IP tin hnh nh sau: 1. MH s s hu mt tem thi gian nhn c trc t HA trn mng nh ca n. iu ny tr gip trong vic ng b cc tem thi gian ring ca n vi cc tem thi gian ca HA.
2. MH truyn mt bn tin yu cu ti FA. Bn tin yu cu ny cha cc phn
t di y: Request Designator, ID ca FA (a ch IP ca n), ID ca HA, a ch nh ca MH, Care-of-Address ca MH, v mt tem thi gian c pht hnh bi MH. Chui ny c theo sau bi m MAC m MH to ra bng cch p dng thut ton MD5 cho cc phn t trong bn tin yu cu cng vi kho b mt KSMH-HA m n s dng chung vi HA. 3. FA chuyn tip c bn tin yu cu ln MAC tng ng ti HA. Ch rng cc phn t d liu trong bn tin yu cu khng cha kho b mt c truyn i mt cch r rng, v th FA c th c a ch ca FA. 4. Khi nhn c vic truyn dn t FA, HA tnh MAC ring ca n trn bn tin yu cu ca MH. Nu gi tr tnh c ph hp vi MAC nhn c trong truyn dn th MH c nhn thc v ni dung bn tin yu cu c xc nhn l khng b thay i.
5. HA by gi to ra mt bn tin tr li cha cc phn t d liu di y:
Reply Designator, Result Code, ID ca FA (a ch IP ca FA), ID ca HA, a ch nh ca MH, v mt tem thi gian TS. Tem thi gian ny s bng vi tem thi gian c pht hnh bi MH nu gi tr ny nm trong ca s hin thi c th chp nhn c i vi HA. Mt khc tem thi gian ny s l tem thi gian c thit lp bi HA, nhm cho php vic ti ng b xy ra. HA cng tnh ton mt MAC trn cc phn t d liu ny bng cch s dng kho b mt m n s dng chung vi MH v gi kt qu cng vi bn tin. (Ch rng vi cc bin th prefix plus suffix ca thut ton MD5 th hai phin bn ca MAC c gi i thc s nhng trong s di y iu ny b b qua v tnh n gin). HA truyn bn tin tr li v MAC ny n FA. 6. FA chp nhn vic truyn dn c m t trong bc 5 t HA, v chuyn n ti MH qua on ni v tuyn.
7. MH tnh ton MAC ring ca n trn bn tin tr li v so snh kt qu vi
MAC m n nhn c cng vi bn tin tr li t FA. Nu hai gi tr MAC trng nhau th HA c nhn thc ti MH v ni dung bn tin tr li c xc nh hp l.
Ti thi im ny, MH, FA, HA c th s dng mt trong cc phng php c khuyn ngh bi Perkins thit lp mt kho ng k, hoc kho phin m s c s dng mt m d liu trong phin truyn thng ny. Hnh 4.2 minh ho s trao i cc bn tin trong Giao thc ng k Mobile IP.
Mobile Host
Foreign Host
Home Agent
[M1=Request, FAIB , HAIB, MHH M , MH COA, TMH || MAC(KSMH-HA,M1)]
[M1 || MAC(KS MH-HA,M1)]
[M3=Reply, Result, FAIB, HAIB, MH HM, TMN hoc THA || MAC(KSMH-HA,M3)]
[M3 || MAC(KSMH-HA,M3)]
Ch : Trong M3, nu tem thi gian t MH khng thuc ca s tip nhn th HA loi b yu cu nhng cung cp tem thi gian ring ca n cho php MH ng b li ng h ca n.
Hnh 4.2: S phc tho s trao i cc bn tin trong Giao thc ng k Mobile IP. [Ly t Sufatrio v Lam] Ch rng vic thit lp mt kho ng k phi khng tit l kho b mt dng chung ti FA, v iu ny s to thnh mt k h nghim trng v an ninh.. Cng ch
rng, trong khi kho ng k c th c thit lp thng qua ng dng kho cng cng, nu c s h tng kho cng cng ang trong trng thi hot ng th n cng c th c thit lp bng cc la chn ngha l khng yu cu PKI.
4.4 Mi quan tm v an ninh trong Mobile Host - Truyn thng Mobile Host
Hu ht mi s tho lun v giao thc Mobile IP tp trung vo truyn thng gia Corresponding Host (CS) v Mobile Host vi mt gi nh ngm rng CH nm mt v tr c nh trong Internet. D nhin, truy nhp Internet khng dy pht trin, kch bn m trong hai MH, c hai chuyn vng t do, c gng truyn thng ang tr nn ngy mt quan trng. Trong mt bi vit nm 1998 c trnh by ti hi ngh Glocom nm 1998, Alessandra Giovanardi v Gianluca Mazzini xut cc giao thc nhm ti u hiu nng truyn thng trong MH - Kch bn MH. Vn trong truyn thng gia hai MH theo giao thc Mobile IP l vn nh tuyn tay ba (triangular routing) pht trin nhanh. Trong trng hp m CH c nh c gng thng tin vi mt MH ang chuyn vng, u tin n s gi cc gi tin ca n ti ti mng nh ca MH, ni m chng b chn bi HA. HA sau chuyn tip cc gi tin ny ti v tr hin thi MH (s gin tip ny c gi l nh tuyn tay ba). Cc gi tin c truyn theo hng khc, mc d u tin chng phi c gi qua on ni v tuyn t MH ti FA, c th di chuyn trc tip ti CH (CH c a ch IP c nh). Tuy nhin vi hai MH cc gi di chuyn theo hai hng u tin c gi ti cc mng nh ca cc MH tng ng nh tuyn tay ba tr thnh nh tuyn hai hng. gii quyt vn nh tuyn tay ba ny, Giovanardi v Mazzini xut vic s dng tc nhn ngoi (EA: External Agent). EA pht trin s hiu bit v v tr hin thi ca hai MH v cc FA tng ng ca chng. Mt ng hm an ton sau c th c thit lp nn cc tuyn gia hai FA ny, v vy loi b c nh tuyn tay ba hai hng. Theo s truyn thng MH-to-MH ny, Giovanardi v Mazzini ch ra rng cn thit cc c ch an ninh bo v chng li c cc MH gian ln ln cc thc th m nc danh
c s h tng mng nhm sp xp cc ng hm an ton gia cc FA. Cc tc gi xut mt ch an ninh bao gm nm phn t hay cc mc nh sau:
1.
Tch hp a ch IP v a ch MAC: Khi tin hnh nhn thc cc MH thng
qua HA, mt a ch c to ra l s tch hp ca a ch IP v a ch MAC (Media Access Control) ca MH c s dng hn l ch s dng ch a IP. V a ch MAC l mt chui bt duy nht c nhng trong phn cng hoc phn sn nn n kh sa i v bt chc hn a ch IP da trn phn mm. V vy HA duy tr mt b nh cache cha cp a ch IP/MAC c s dng trong nhn thc cc MH.
2.
Hashing cc a ch MAC: m bo hn na vic chng li vic chn cc
thng tin a ch, FA p dng cc hm bm mt chiu ti a ch MAC ca MH v gi i gi tr ny hn l chnh a ch MAC ti HA cng vi a ch IP ca MH. HA sau c th s dng a ch IP m n nhn c tham chiu bng cc cp a ch IP/MAC ca n, ly ra a ch MAC mong mun, v p dng thut ton bm i vi MAC ny. Nu gi tr kt qu trng vi gi tr bm nhn c t FA th MH c nhn thc.
3.
S hu kho cng cng dng chung: Khi nim y l tt c cc h thng
tc nhn trong cng ng xc nh dng chung mt kho b mt. Khi truyn dn cc bn tin gia cc agent, mt hm bm c p dng ti t hp bn tin ny, hoc mt phn ca bn tin v mt kho b mt. Agent nhn sau c th to gi tr bm ring ca n v xc nhn rng bn tin khi u t mt node s hu kho b mt ny.
4.
S dng cc tem thi gian: ngn chn cc cuc tn cng, cc nhn thi
gian c cha trong bn tin iu khin d bn tin c nhn thc hay khng. H thng nhn nh gi nhn thi gian trong bn tin v tip nhn cc bn tin ny nu tem ny ri vo ca s xc nh. Giao thc ny yu cu vi mc ng b thi gian gia cc agent, c thc hin thng qua vic s dng RFC 1305 NTP.
5.
S dng m kho thng ip: Theo giao thc con ny, kho b mt dng
chung c th c s dng mt m cc bn tin iu khin trong trng thi ton vn
v mt m kho thng ip sau c to ra c gn vo bn tin. iu ny gip m bo c tnh tin cy v ton vn cc bn tin c trao i gia cc h thng agent. Nn ch rng nhng xut ca Giovanardi v Mazzini trong phn ny quan tm ch yu n an ninh v nhn thc v n p dng cho s tng tc gia cc HA, FA v External Agent trong tng tc Mobile IP. Cng quan trng thc hin cc bc bo v on ni thng tin v tuyn gia MH v FA. 4.5. Phng php lai cho nhn thc theo giao thc Mobile IP Nhn thc theo giao thc ng k c s trong Mobile IP c trnh by trn cn thit phi gi li mt phng php da trn kho cng cng. N b ph bnh l khng c tnh m rng i vi nhng mi trng trong nhiu t chc qun l mun tng tc v mun cc MH ca h tn dng cc dch v thng qua cc mng c qun l bi cc t chc khc. Trong mt ti liu nm 1999, Sufatrio v Kwok Yan Lam xut mt kho ring lai, mt phng php kho cng cng cho nhn thc theo Mobile IP c thit k gii quyt vn tnh m rng m khng phi thay i cn bn s trao i bn tin trong giao thc ng k Mobile IP. iu ny c thc hin bng cch cho php HA ng vai tr c agent nhn thc kho cng cng v Trung tm phn phi kho (KDC) cho cc kho phin. Sufatrio v Lam chng minh rng y l s la chn c ngha cho c s h tng kho cng cng (PKI) ang pht trin mnh, trong MH v HA in hnh thuc v cng mt t chc.
4.5.1 Cc phn t d liu trong Giao thc nhn thc Sufatrio/Lam

Cc phn t d liu chnh c s dng trong Giao thc nhn Sufatrio/Lam nh sau:
CA (Certification Authority: Chnh quyn chng nhn): CA chu trch
nhim v vic pht hnh cc chng nhn (certificate) trong c s h tng kho HAID, FAID (Cc b nhn dng ca HA v FA): HA v FA c nhn dng bi cc a ch IP tng ng ca chng.
MHHM (a ch nh ca MH): a ch nh ca MH bao gm a ch IP trn
mng nh ca n.
MHCOA (Care-of-Address ca MH): Chm sc a ch hin thi ca MH
c to thnh bi a ch mng ca FA.

NMH, NHA, NFA (Nonces): Cc Nonce c pht hnh bi MH, HA, v FA
tng ng.
TMH, THA (Time Stamps): Cc tem thi gian c to bi MH v HA tng
ng.
KSHA-MH (Symmetric Private Key: Kho ring i xng): Mt kho i
xng c dng chung gia HA v MH.

KRHA, KRFA, KRCA (Private Keys: Cc kho ring): Cc kho ring trong
cc cp kho ring/kho cng cng thuc cc cp kho khng i xng ca HA, FA v CA tng ng.
KUHA, KUFA, KUCA (Public Keys: Cc kho cng cng): Cc kho cng
cng trong cc cp kho ring/kho cng cng thuc cc cp kho bt i xng ca HA, FA v CA tng ng.
CertHA, CertFA (Certificates: Cc chng nhn): Cc chng nhn s ca HA
v FA tng ng.
Request, Reply, Advert (Message-Type Codes: M kiu bn tin): Chui
bt ch th cc kiu bn tin yu cu, tr li v qung co tng ng.

Sig (K, Mx) (Digital Signature: Ch k s): Mt ch k s c to bng
cch p dng kho K i vi bn tin Mx.

MAC(K, Mx) (Message Authentication Code: M nhn thc bn tin):
Mt MAC c to bng cch p dng kho K ti bn tin Mx.
4.5.2 Hot ng ca giao thc nhn thc Sufatrio/Lam

Giao thc nhn thc da trn kho cng cng ti thiu c xut bi Sufatrio v Lam nm 1999 lin quan n s trao i bn tin di y gia MH, FA v HA.
FA lm cho MH bit c s kh dng ca n thng qua vic truyn dn bn tin
qung co agen. Qung co agent bao gm chng nhn ca FA v mt chui bn tin M1 bao gm mt m ch th rng y l mt bn tin qung co agent, a ch IP ca FA, v Care-of-Address m s c gn cho MH. FA cng gn mt ch k s c to ra bng cch p dng kho ring KRFA ca cp kho ring/kho cng cng ca n vo bn tin M1.
MH tr li bng cch gi tr li FA chui bn tin M2. M2 bao gm mt m ch
th mt yu cu dch v, a ch IP ca FA, a ch IP ca HA ca MH, a ch nh ca MH, COD ca HM (va nhn c t FA), mt nonce c to bi HA, mt nonce c to bi MH, v mt phin bn ca bn tin M1 nhn c trong bc trc. MH k bn tin ny vi kho b mt KSMH-HM, kho ny c s dng chung vi HA ca n. FA nhn bn tin M2 v chuyn tip n ti HA ca MH, gn mt nonce ca ring n.
HA u tin nh gi tnh hp l ca ch k trn bn tin M2, bng cch s dng
phin bn ca kho b mt dng chung ca n KSMH-HA. HA xc nhn rng cc a ch IP cho cc FA c xc nh trong s trng khp bn tin M1 v bn tin M2 v sau nh gi tnh hp l ca chng nhn ca FA thng qua kh nng ca n nh mt trung tm nhn thc kho cng cng. HA sau cng c th nh gi tnh hp l ca ch k s ca FA trn bn tin M1, ly ra kho cng cng KUFA t chng nhn ca FA.
HA gi tr li FA chng nhn ca n, CertHA cng vi mt chui bn tin M4. M4
cha mt m ch th rng y l mt reply ng k, mt m ch ch kt qu yu cu
ng k, a ch IP ca FA, a ch IP ca HA, a ch nh ca MH, mt nonce c to bi HA, v mt nonce c to trc bi MH. Mt ch k s c to vi kho b mt c dng chung bi HA v MH c gn vo chui M4, v nonce c gi bi FA sau c gn vo chui ny, cu thnh bn tin M3. n lt HA k M3 bng cch s dng kho ring t cp kho ring/kho cng cng ca n.
Khi nhn c bn tin ny t HA, FA m nhn cc bc di y: (1) nh gi
tnh hp l phin bn nonce ca n NFA nhn c t HA; (2) nh gi tnh hp l ca ch k s trn bn tin M3, bng cch s dng kho cng cng ca HA; v (3) to mt u vo bn ghi vi bn tin ny m sau ng vai tr nh mt bng chng rng n cung cp dch v ti MH. FA cng ly ra bn tin M4, nh c m t trong bc 5 trn t ton b qu trnh truyn dn n nhn c t HA. FA sau chuyn bn tin M4 ti MH qua on ni v tuyn.
MH s dng kho b mt KSMH-HA nh gi tnh hp l ch k trn bn tin M4
(iu ny lm cho giao thc Sufatrio/Lam tr thnh mt thit k lai kho ring v kho cng cng). Ba thc th HA, FA v MH by gi c nhn thc ti nhau v c th tip tc phin truyn thng ca chng. S hot ng ca giao thc Sufatrio/Lam xem hnh 4.3. Thc t, MH khng nhn thc FA mt cch trc tip nhng c th m bo rng HA lm nh vy khi n nhn c bn tin M4 v nh gi tnh hp l ca ch k trn bn tin ny. Ch k ny ly t mt b mt m ch ny MH dng chung vi HA. Theo giao thc Sufatrio/Lam, MH khng phi thc hin nh gi chng nhn hoc kim tra cc revocation list, v vy gim gnh nng x l v truyn thng trn khi di ng.
4.6. H thng MoIPS: Mobile IP vi mt c s h tng kho cng cng y

Khi truy nhp Internet pht trin ngy cng mnh v khi c thm nhiu t chc vn hnh mng m cha cc MH hoc mun cung cp cc dch v thng tin qua c s h tng Mobile IP th c s h tng kho cng cng (PKI) tr nn hp dn hn. Vic to ra mt c
s h tng PKI nh th cho tnh ton di ng l mt tr ngi kh vt qua. Tuy nhin nghin cu c tin hnh bi John Zao v cc ng nghip ti BBN Technology v cc t chc cng tc trong thit k v thc hin h thng MoIPS (Mobile IP Security) cung cp mt kin trc mu cho mt c s h tng nh th v h m v an ninh Mobile IP c th thc hin nh th no trong tng lai.
Mobile Host
Foreign Host
Home Agent
[M1=Advert, FAIB, HAIB, MHHM, MHCOA|| Sig(KR FA, M1) || CertFA] Qung co tc nhn [M2=Request, FAIB, HA IB, MHHM, MHCOA, NH A, NMH, Tc nhn qung co bn tin || Sig(KSMH-HA, M2) ] ng k Mobile IP [M3=Reply, Result, HAIB, FAIB, MHHM, TMN hoc TH A || MAC(KSMH-H A, M3)] nh gi tnh hp l bng cch s dng KSMH-HA Xc nhn FAID trong qung co tc nhn=FAID trong M2 nh gi tnh hp l CertFA nh gi tnh hp l ch k trn M 1 bng cch s dng kho cng cng FA
[ng k Mobile IP, Message || N FA ]
nh gi tnh hp l NFA nh gi tnh hp l CertHA nh gi tnh hp l ch k trn M bng cch s dng kho cng cng HA Log Message [M4]
[M3=M4, N FA || Sig(KRHA, M3) || CertHA]
Ch : M4=Reply, Result, FAIB, HAIB, N HA, N MH, Sig(KSMH-HA, M4)
nh gi tnh hp l ch k trn M 4 bng cch s dng KSMH-H A
Hnh 4.3: S minh ho hot ng ca giao thc Sufatrio/Lam cho nhn thc trong mi trng Mobile IP. [Ly t Sufatrio v Lam]
4.6.1 Tng quan v h thng MoIPS

Nh c thit k bi Zao v nhng ngi khc, nh mc tiu ca n, h thng MoIPS c cc dch v an ninh phn phi sau: (1) nhn thc cc bn tin iu khin Mobile IP trong cp nht v tr, (2) p dng iu khin truy nhp qua cc MH mun s dng cc ti
nguyn trong mng khch, v (3) cung cp cc ng hm an ninh cho cc gi tin IP c nh hng li.
Nhn thc trong qu trnh cp nht v tr: MoIPS h tr c giao thc Mobile IP c bn ln ci c gi l Mobile IP nh tuyn ti u ho. Theo Mobile IP nh tuyn ti u ho, CS m cung cp h tr di ng c th c thng bo v v tr hin thi ca MH m chng mun truyn thng, v vy loi b s quanh co ca nh tuyn tay bao thng qua mng nh. Nguy c an ninh l cc cuc tn cng nh hng li lu lng xa, trong mt k mo danh ch dn CH chuyn tip cc gi tin ti mt v tr khc v tr m MH ang c tr hin thi. Theo MoIPS, mi ng k Mobile IP v cp nht rng buc (l s thay i ca bn tin v tr c chuyn n CH) bao gm mt ui nhn dng 64-bit (identification tag) ngn chn cc cuc tn cng v mt hoc nhiu phn m rng nhn thc (authentication extension) cung cp tnh ton vn d liu v nhn thc ban u thng qua vic s dng MAC c to bi hm bm. MoIPS cng cung cp cc cp kho mt m cho vic s dng gia MH v FA, gia FA v HA, v gia MH v Corresponding Agent.
iu khin truy nhp cho cc Mobile Host: Theo kin trc MoIPS, c cc node u cui (nh MH v CH) v cc tc nhn h tr di ng (HA v FA) gi cc chng nhn X.509 cha cc tham s kho cng cng cng nh cc thng tin v nhn dng v s sp nhp cc thc th. Cc chng nhn c pht hnh thng qua cc phn cp CA theo cch b rng buc bi chun X.509. Mt FA c th s dng chng nhn ca mt MH nhn thc MH, v thnh cng ca qu trnh nhn thc c bao hm khi FA chuyn tip mt yu cu ng k t MH n HA. Tuy nhin quyn s dng ti nguyn mng lin quan n vic kim tra cc trng thi ca MH m xy ra trong qu trnh nhn thc (chng hn, kim tra liu ngi s hu MH c phi ang tr ho n khng). Ch c HA tin hnh kim tra trng thi ny. Mt s kim tra thnh cng v v vy quyn s dng cc ti nguyn mng c yu cu l c php nu HA gi li tr li ti FA.
ng hm an ninh cc gi tin IP (Secure Tunneling of IP Packets): Trong th gii Mobile IP, cc gi d liu di chuyn gia cc Mobile Node, FA, HA v CS (m
nh chng ta thy c th l MH) i qua Internet rng ln v khng c bo v, v t nht mt phn truyn dn ca chng i qua mt on ni v tuyn. Cc bc phi c thc hin bo v cc gi tin chng li cc cuc nghe trm v s sa i cc gi tin. Kin trc h thng MoIPS xc nh rng HA v FA chu trch nhim v vic m bo rng tt c vic truyn thng vi MH s dng cc ng hm an ninh cho tnh ton vn d liu, nhn thc khi u v khi cn c c tnh tin cy d liu. MoIPS xc nh vic s dng kiu xuyn ng hm giao thc an ninh ng gi (ESP: Encapsulation Security Protocol) ca IPSec nh l phng php thc hin cc mc tiu an ninh ny. Cc bn truyn thng m phn cc c ch bo mt v mt m c s dng trong c cu t chc ESP, nhng tt c cc gi s c ng gi trong mt header IPSec v mt header IP m rng m nhn dng cc im u cui ca ng hm. thc hin iu ny, MoIPS cha mt module h thng h tr IPSec v ISAKMP (Internet Security Association and Key Management Protocol). So vi cc giao thc nhn thc chng ta nghin cu trong cc chng trc cho cc mng t ong s th MoIPS c s khi u r rng hn trong th gii giao thc Internet ngc vi cc giao thc c quyn ca cc mng truyn thng t ong. Cng r rng hn l s ph thuc vo mt m kho cng cng v cc phn t ca PKA, bao gm cc chng nhn s v mt tp cc CA lin quan vi nhau.
4.6.2 Cc c tnh chnh ca kin trc an ninh MoIPS

MoIPS cung cp mt v d tt nht v phng php kho cng cng chng ta gp phi i vi an ninh v nhn thc trong mi trng Mobile IP. V vy cn xc nh mt vi thnh phn then cht ca kin trc an ninh ny. 1. Nh chng ta thy, ti mc giao thc Internet, MoIPS p dng bin th ESP ca IPSec v ISAKMP cng vi Mobile IP. Cc m rng nh tuyn ti u ti Mobile IP c tr gip.
2. i vi cc chng nhn s kho cng cng, MoIPS s dng c t X.509 Version 3
vi danh sch chng nhn revocation Version 2 (CRL: Certificate Revocation List). i vi kho cha chng nhn, nhng ngi thit k ca MoIPS s dng h thng
tn min (DNS: Domain Name System) Internet chun. Theo cc tc gi, phng php ny c vi u im: (1) s dng h thng DNS c bit r v c s dng rng ri gip gii quyt vn pht hin server; (2) cc chng nhn cng cng loi b yu cu v truyn dn thi gian thc cc kho, v s cn thit vi mt c s h tng ca trung tm phn phi kho (KDC: Key Distribution Center), v c th thc hin vi Kerberos; v (3) yu cu v phng php c tnh m rng cao: chng ta phi c mt cng ngh c th thit lp cc b mt c chia s gia mt s ln cc node tri rng nhiu min Internet 3. Phn cp CA theo MoIPS gi nh mt kin trc nhiu cy. Mi cy trong cu trc c mt CA nh (TLCA: Top-Level CA), cc CA cc mc gia (MLCA: MiddleLevel CA) hoc mc 0, v mt tng cc CA mc thp hn. Cc CA mc thp hn chu trch nhim v mt khi cc a ch k nhau v pht hnh cc chng nhn MoIPS ti cc thc th Mobile IP m c cc a ch IP ri vo phm vi (chng hn, tt c cc node trn mt mng cho trc s c kh nng c phc v bi cng mt CA). Vic xc nhn cho c cho php gia cc TLCA v cc MLCA. 4. Vic tham gia vo MoIPS yu cu vic s hu mt chng nhn. Mi thc th mun tham gia vo trong cc phin truyn thng trong mi trng MoIPS d l MH, FA, HA hay CH c kh nng nhn bit tnh di ng - phi m bo an ton mt chng nhn X.509 V3 vi mt profile c th c xc nh cho MoIPS. Cc chng nhn cho cc CH ch l mt yu cu khi MoIPS tr gip Mobile IP nh tuyn ti u ho an ton. 5. Trong cc chng nhn MoIPS, a ch IP ca thc th c s dng nh trng tn ch chng nhn cho cc MH, FA, HA v cc CH. Khi iu ny c ngha l chng nhn phi c pht hnh li khi c s thay i a ch IP bi mt thc th th n cho php mt h thng my tnh hot ng, chng hn nh c HA v FA nm trn cc giao din khc nhau. Ngc li trong trng hp CA, tn min theo qui tc tiu chun c s dng nh l tn ch trn chng nhn, loi b yu cu v tra tn min trong trng hp ny.
Chng 3: Nhn thc v an ninh trong UMTS 6. MoIPS s dng thut ton bm SHA-1 to cc ch k s trn cc chng nhn
X.509. MoIPS s dng mt k thut ging Diffie-Helman (DH) to cc kho mt m, nh cc kho phin. Mi chng nhn MoIPS cha cc gi tr cng cng DH cn thit h tr trao i to kho Diffie-Helman. B mt Diffie-Helman v s lp li s nhn dng bo v chng tn cng c a vo hm HMAC (MoIPS s dng hm HMAC-MD5) nh cc thnh phn kho v bn tin tng ng. u ra sau c s dng trong qu trnh nhn thc cc bn tin iu khin Mobile IP bng cch tr li chui u ra v bn tin iu khin thng qua hm HMAC.
7. MoIPS s dng RSA CryptoKi CAPI (Cryptographic Application Program
Interface: Giao din lp trnh ng dng mt m) nh mt c ch qua truy nhp cc engine mt m. Cng c tr gip l PF Key CAPI dnh cho qun l cc kho ngn hn (nh cc kho phin) v cc lin kt an ninh. Nhng ngi thit k MoIPS to ra mt API th ba, c gi l Cert_API, nhm cung cp mt tuyn gia cc module qun l kho v cc b xc nhn chng nhn ca h thng. 8. MoIPS s dng cc trng m rng chnh sch kho trong cc chng nhn truyn thng tin cn cho iu khin truy nhp theo Mobile IP. 9. Theo Mobile IP, ng hm IPSec an ton c th c thit lp t MH n FA, t MH ti HA, v t FA ti HA. Ngoi ra, ngoi tm nh hng ca MoIPS/Mobile IP c th thit lp mt ng hm an ninh gia MH v CH nhm cung cp mt m u cui n u cui v an ton thng tin. Cc thc th Mobile IP hot ng trong mi trng MoIPS c th yu cu thit lp cc ng hm IPSec bng cch thm mt trng m rng chn ng hm IPSec vo cc bn tin Khn ni tc nhn Mobile IP (Mobile IP Agent Solicitation), Qung co tc nhn, v yu cu ng k chun. Chi tit v ng hm c thit lp sau c m phn gia cc thc th thng qua ISAKMP. Mt nguyn mu ban u ca mi trng MoIPS, c pht trin bi cc nh nghin cu BBC v vic ti s dng cc module h thng sm c pht trin ti CMU v i hc State Porland c hon thnh vo nm 1997. Nhng im then cht l: (1) kh
nng nhn c cc chng nhn X.509 v cc danh sch thu hi t cc server DNS nh l cc bn ghi ti nguyn X509CCRRL; (2) kh nng xc nhn cc chng nhn X.509 v CRL bng cch i theo phn cp CA nhiu cy; (3) kh nng nhn thc cc bn tin ng k Mobile IP c cu to theo c t IETF thng qua cc kho phin c to ra bi thut ton kho cng cng c m t trn; v (4) vic tch hp MH ti cc ng hm CH IPSec vi vic nh hng li cc gi tin Mobile IP. S khi minh ho cc module h thng ca nguyn mu MoIPS xem hnh 4.4.
Module qun l kho (Portland State) Module qun l kho Zero-Message PF-Key API Module giao thc qun l kho & lin kt, an ninh Internet Cert API
Module Mobile IP (CMU)
B xc nhn Cert X.509
Tm np Cert v Module proxy FA
Module rng buc DNS
CryptoKi CAPI Module IPSec (Portland State) Module giao thc pht hin chng nhn
CryptoKi CAPI
Crypto Engine RSA REF / Fortezza
Hnh 4.4: S khi ca nguyn mu mi trng MoIPS. (Ly t Zao v et al) Cc ng dng mc tiu cho cc phin bn tng cng ca MoIPS gm vic thc hin m rng cc h tr IPSec v Mobile IP nh tuyn ti u ho cho cc mng ring o cha cc MH. Cc tc gi xc nh mt yu cu cho vic iu tra v vic qun l v tr nhanh v qun l tinh vi hn cc lin kt an ninh.
4.7 Tng kt an ninh v nhn thc cho Mobile IP

Chng ny nghin cu mt phm vi rng cc phng php cho an ninh v nhn thc ngi s dng trong mi trng Mobile IP. Nh c thit lp vi Giao thc ng k Mobile IP, cc phng php kho cng cng i xng c th c s dng theo Mobile IP. Tuy nhin, chng l hiu qu nht khi mt t chc qun l kho iu khin mi trng tnh ton di ng, hoc khi mt tp nhng ngi tham gia chnh m phn trc cc mi quan h qua li, nh trong tnh hung cc tho thun chuyn vng gia cc nh cung cp dch v t ong. Nhng v d v cc trng hp nh th cha mt tp on vi nhiu a im cung cp h tr tnh ton di ng ti cc nhn vin ca n, hoc mt nh cung cp cc dch v truyn thng v tuyn to ra cc dch v truy nhp Internet khng dy kh dng thng qua c s h tng xc nh nhng khng phi ton cu. y l nhng v d quan trng nhng mc tiu cui cng ca Mobile IP c th cho rng l mt kch bn trong cc h thng ca hng nghn cc nh cung cp dch v thng tin qua mng ca hng trm nh cung cp cc dch v truy nhp Internet khng dy. Giao thc ng k Mobile IP c s khng th m rng i vi mc ny. Cng c nghin cu trong chng ny l Giao thc Sufatrio/Lam a ra mt phng php light-weight cho nhn thc ngi s dng bng cch s dng vic lai ghp hai k thut mt m i xng v khng i xng v bng cch khin HA thc hin nhim v gp i nh mt Trung tm phn phi kho. Cui cng, chng ta khm ph h thng MoIPS ca John Zao v cc ng nghip ca anh y thng qua mt chin lc kho cng cng i xng ang pht trin mnh da trn cc chng nhn X.509 v mt c s h tng kho cng cng hon chnh. Nhiu phn t ca kin trc ny tin ti trng thi m chng c th c s dng nh mt nn tng cho thc hin thng mi tri vi nguyn mu nghin cu. MoIPS v vy khng th thy s pht trin ca n trong cc h thng da trn Mobile IP th h th nht. Tuy nhin, s lin kt cht ch mt m kho cng cng v mt PKI hon chnh vi Mobile IP s a ra mt hng trong tng lai gii quyt cc vn ln v tnh m rng.
KT LUN
Lun vn ny ch yu l xem li cc ti liu v cc kho st c khuynh hng hin i v then cht ang nghin cu trong nhn thc thu bao cho cc mng t ong s v Internet khng dy. iu ny xc nh vic thc hin then cht v mt vi nghin cu ch o trong lnh nc ny cung cp mt phc tho cho cng vic hin thi, c gng lm ni bt nhng vn , khuynh hng quan trng nht v a ra d n cho vic u t trong tng lai. Tuy nhin quan trng nhn thy ton b lnh vc nhn thc v an ninh cho mi trng lin mng v tuyn l mt cng vic ang pht trin. Nhiu vn nh s cnh tranh ang din ra gia cng ngh kho mt m kho cng cng (public key) v kho ring (private key) vn cn cha c gii quyt, ng thi nhng nn tng tnh ton v truyn thng c s ang pht trin khng ngng. Cng ngh an ninh cho thng tin v tuyn s tip tc thay i nhanh chng trong thp k ti v tim nng thc hin c cng ngh v tnh cht e do ti an ninh pht trin theo thi gian. T mt nghin cu nh lun vn ny c th d on mt s thnh phn ca l trnh pht trin. Cc phn t cn li chc chn vn cn b n. iu khng mong mun thc y chnh n hng ti lch s ca Internet mt cch thng xuyn v c l s tip tc nh vy vi tn s ngy cng tng v lch s Internet khng dy ang m ra.
TI LIU THAM KHO

1. Gio trnh thng tin di ng GSM. Bin son: TS. Nguyn Phm Anh
Dng
2. Gio trnh thng tin di ng th h ba. Bin son: TS: Nguyn Phm
Anh Dng
3. 3G Wireless Networks: Clint Smith and Daniel Collins and others.
McGraw-Hill, 2002.
4. Subscriber Authentication and Security in Digital Cellular Network.
Howard Wolfe Curtis, PDF File.

Do An

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Do An

Uploaded by

Copyright:

Available Formats

MC LC

2.2. Beller, Chang v Yacobi: Mt m kha cng cng gp phi vn kh khn......................................................................................................................18

3.3. Cc lnh vc an ninh ca UMTS................................................................36

4.2. Cc phn t nn tng mi trng nhn thc v an ninh ca Mobile IP...56

4.2.2 S cung cp cc kho ng k di Mobile IP ..........................................57

4.3. Giao thc ng k Mobile IP c s............................................................60

4.6. H thng MoIPS: Mobile IP vi mt c s h tng kho cng cng y ..........................................................................................................................69

Nguyn L Trng - Lp D2001VT

International Mobile Equipment Identifier

H Ni 2005 Nguyn L Trng

CHNG 1: NHN THC TRONG MI TRNG LIN MNG V TUYN

1.1 Vai tr ca nhn thc trong kin trc an ninh

1.2 V tr ca nhn thc trong cc dch v an ninh

1.3. Cc khi nim nn tng trong nhn thc

1.3.1 Trung tm nhn thc (Authentication Center)

1.3.2 Nhn thc thu bao (Subscriber Authentication)

1.3.3 Nhn thc tng h (Mutual Authentication)

1.3.4 Giao thc yu cu/p ng (Challenge/Response Protocol)

1.3.5 To kho phin (Session Key Generation)

1.4 Mt m kho ring (Private-key) so vi kho cng cng (Publickey)

1.5. Nhng thch thc ca mi trng lin mng v tuyn

1.5.1 Vng tr ngi 1: Cc on ni mng v tuyn

1.5.2 Vng tr ngi 2: Tnh di ng ca ngi s dng

1.5.3 Vng tr ngi 3: Tnh di ng ca thit b

2.1.1 Thut ton MSR

cch l tng MSR p ng nhng hn ch c t ra bi my in thoi c b x l chm v d tr ngun gii hn.

2.1.2 Mt m ng cong elp (ECC: Elliptic Curve Cryptography)

2.2. Beller, Chang v Yacobi: Mt m kha cng cng gp phi vn kh khn

2.2.1 Cc phn t d liu trong giao thc MSN ci tin

6. RANDX (Random Number): Mt s ngu nhin c chn bi trm di ng trong

7. h (Hash Function): h l hm bm mt chiu, tt c cc Principal u bit, hm ny

9. Trm di ng chn mt s ngu nhin c gi l RANDX c chc nng nh kha

11. By gi trm di ng s dng kha phin Ks, hm f, v mt chui m tnh ra mt gi

12. Trm di ng s dng s hiu bit ca n v kha phin Ks gii mt m b v ly ra

Trm gc mng phc v

Kim tra xem h(IDBS, NBS) = CertBS2 mod N C A

[b] Thit lp m = (IDM S, CertM S); Tnh b = f(Ks, m)

Ch : h l mt hm bm ; g l hm mt chiu. C hai hm to ra cc gi tr vi di bt bng vi kho cng cng .

Hnh 2.1: Biu minh ho hot ng ca thut ton IMSR

2.2.2 Giao MSR+DH

2.2.3 Beller, Chang v Yacobi: Phn tch hiu nng

2.3 Carlsen: Public-light Thut ton Beller, Chang v Yacobi c duyt li

2.4.1 Cc phn t d liu trong giao thc Aziz-Diffie

3. CertBS (Certificate of Base Station): CertBS c cng cc phn t v cu trc nh

RAND2, m trm di ng to ra c s dng trong vic to kho phin.

2.4.2 Hot ng ca giao thc Aziz-Diffie

Trm di ng Bn tin Request-to-Join [RCH1, CertMS, SKCS]

Trm gc mng phc v

Ch : SKCS l mt danh sch cc thut ton mt m d liu ng c .

[CertBS, RAND1, RCH1, SKCS c chn]

Xc nhn tnh hp l ca Cert MS

Xc nhn tnh hp l ca Cert BS; Xc nhn ch k ca BS

To RAND2; Thit lp kho phin Ks = RAND1 XOR RAND2

Gii mt m RAND2; Thit lp kho phin Ks = RAND1 XOR RAND2

2.5 Bnh lun v nh gi giao thc Aziz-Diffie

2.6 Tng kt mt m kho cng cng trong mng v tuyn

Chng 3: Nhn thc v an ninh trong UMTS

Chng 3: Nhn thc v an ninh trong UMTS

3.2. Nguyn l ca an ninh UMTS

Chng 3: Nhn thc v an ninh trong UMTS

3.2.1 Nguyn l c bn ca an ninh UMTS th h 3

th h th hai. Cc c im mnh m ca cc h thng 2G s c duy tr.

hng an ninh v nhc im ca cc h thng 2G s c gii quyt.