Professional Documents
Culture Documents
SYMMETRIC ENCRYPTION
11
Hai k thut m ha ch yu
M ha i xng
o
M ha truyn thng
Mi bn s dng mt cp kha
o
M ha khi
Mi ln x l mt khi nguyn bn v to ra khi bn m tng ng (chng hn 64 hay 128 bit)
M ha lung
X l d liu u vo lin tc (chng hn mi ln 1 bit)
M ha thay th
Chuyn i mi phn t nguyn bn thnh mt phn t bn m tng ng
M ha hon v
B tr li v tr cc phn t trong nguyn bn
33
M hnh h m ha i xng
Kha b mt dng chung bi bn gi v bn nhn Kha b mt dng chung bi bn gi v bn nhn
Bn m truyn i
Nguyn bn u vo
Gii thut m ha
Nguyn bn u ra
M ha Y = EK(X)
Gii m X = DK(Y)
An ninh Mng
44
M hnh h m ha i xng
Gm c 5 thnh phn
o o o o o
An ninh Mng
55
Ph m
Vt cn
Th tt c cc kha c th
o
o
Thm m
Khai thc nhng nhc im ca gii thut Da trn nhng c trng chung ca nguyn bn hoc mt s cp nguyn bn - bn m mu
An ninh Mng
66
Phng php ph m vt cn
V l thuyt c th th tt c cc gi tr kha cho n khi tm thy nguyn bn t bn m Da trn gi thit c th nhn bit c nguyn bn cn tm Tnh trung bnh cn th mt na tng s cc trng hp c th Thc t khng kh khi nu di kha ln
An ninh Mng
77
128
168 26 k t
5,4 x 1018 nm
5,9 x 1030 nm 6,4 x 106 nm
2168 = 3,7 x 1050 Kha DES di 56 bit (hon v) Kha AES di 128+ bit 4 x 1026 26! = Kha 3DES di 168 bit
Tui v tr : ~ 1010 nm
6,4 x 1012
An ninh Mng
88
Cc k thut thm m
Ch c bn m
o
Bit nguyn bn
o
Chn nguyn bn
o
Chn bn m
o
Chn vn bn
o
An ninh h m ha
An ninh v iu kin
o
Bn m khng cha thng tin xc nh duy nht nguyn bn tng ng, bt k vi s lng bao nhiu v tc my tnh th no Ch h m ha n mt ln l an ninh v iu kin
M ha thay th c in
Cc ch ci ca nguyn bn c thay th bi cc ch ci khc, hoc cc s, hoc cc k hiu Nu nguyn bn c coi nh mt chui bit th thay th cc mu bit trong nguyn bn bng cc mu bit ca bn m
An ninh Mng
1111
H m ha Caesar
H m ha thay th xut hin sm nht & n gin nht S dng u tin bi Julius Caesar vo mc ch qun s Dch chuyn xoay vng theo th t ch ci
o
Ph m h m ha Caesar
Phng php vt cn
o
Ba yu t quan trng
o
V d : Ph m "GCUA VQ DTGCM"
An ninh Mng
1313
H m ha n bng
Thay mt ch ci ny bng mt ch ci khc theo trt t bt k sao cho mi ch ci ch c mt thay th duy nht v ngc li Kha di 26 ch ci
V d
o
Kha
a b cd e fg h i j k l mnopqr st u vw x y z MNBVCXZASDFGHJKLPOIUYTREWQ
o
Nguyn bn
i love you
An ninh Mng
1414
Ph m h m ha n bng
Phng php vt cn
o
C th nhn ra cc b i v b ba ch ci
V d b i : 'th', 'an', 'ed' V d b ba : 'ing', 'the', 'est' An ninh Mng 1515
Cc tn s ch ci ting Anh
Nguyn i Th
Tn s tng i (%)
An ninh Mng
1616
V d ph m h n bng
Cho bn m
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
An ninh Mng
1717
H m ha Playfair (1)
H m ha nhiu ch
o
Gim bt tng quan cu trc gia bn m v nguyn bn bng cch m ha ng thi nhiu ch ci ca nguyn bn
in cc ch ci ca t kha (b cc ch trng)
An ninh Mng
1818
H m ha Playfair (2)
M C E L U
O H F P V
N Y G Q
A B
R D
I/J K S T Z
W X
M ha 2 ch ci mt lc
o
Ph m h m ha Playfair
Vic gii m tng cp kh khn hn Cn phn tch 676 tn s xut hin thay v 26
H m ha Vigenre
L mt h m ha a bng
o
V d
o
Kha :
deceptivedeceptivedeceptive
An ninh Mng
2121
Ph m h m ha Vigenre
Phng php vt cn
o
Cu trc ca nguyn bn c che y tt hn h Playfair nhng khng hon ton bin mt Ch vic tm di kha sau ph m tng h Ceasar Cch tm di kha
Nu di kha nh so vi di vn bn, c th pht hin 1 dy vn bn lp li nhiu ln Khong cch gia 2 dy vn bn lp l 1 bi s ca di kha T suy ra di kha
An ninh Mng
2222
H m ha kha t ng
V d :
o
Kha : M ha :
deceptivewearediscoveredsav ZICVTWQNGKZEIIGASXSTSLVVWLA
nguyn bn : wearediscoveredsaveyourself
n mt ln
L h m ha thay th khng th ph c xut bi Joseph Mauborgne Kha ngu nhin, di bng di vn bn, ch s dng mt ln Gia nguyn bn v bn m khng c bt k quan h no v thng k Vi bt k nguyn bn v bn m no cng tn ti mt kha tng ng Kh khn vic to kha v m bo phn phi kha an ninh
An ninh Mng 2424
M ha hon v c in
Che y ni dung vn bn bng cch sp xp li trt t cc ch ci Khng thay i cc ch ci ca nguyn bn Bn m c tn s xut hin cc ch ci ging nh nguyn bn
An ninh Mng
2525
H m ha hng ro
Vit cc ch ci theo ng cho trn mt s hng nht nh Sau c theo tng hng mt V d
o o
o
Bn m : ATCAMDIHTAKTINGT
An ninh Mng 2626
H m ha hng
Vit cc ch ci theo hng vo 1 s ct nht nh Sau hon v cc ct trc khi c theo ct Kha l th t c cc ct V d
o
Kha :
4 3 1 2 5 6 7
Nguyn bn : a t t a c k p
o s t p o n e d u n t i l t
w o a m x y z
o
Bn m :
TTNAAPTMTSUOAODWCOIXKNLYPETZ
An ninh Mng
2727
M ha tch hp
Cc h m ha thay th v hon v khng an ton v nhng c im ca ngn ng Kt hp s dng nhiu h m ha s khin vic ph m kh hn
o o o
Hai thay th to nn mt thay th phc tp hn Hai hon v to nn mt hon v phc tp hn Mt thay th vi mt hon v to nn mt h m ha phc tp hn nhiu
L cu ni t cc h m ha c in n cc h m ha hin i
An ninh Mng 2828
M ha khi
So vi m ha lung
o
M ha khi x l thng bo theo tng khi M ha lung x l thng bo 1 bit hoc 1 byte mi ln
Ging nh thay th cc k t rt ln (
o
64 bit)
Bng m ha gm 2n u vo (n l di khi)
Mi khi u vo ng vi mt khi m ha duy nht
Tnh thun nghch
di kha l n x 2n bit qu ln
Xy dng t cc khi nh hn
Hu ht cc h m ha khi i xng da trn cu trc h m ha Feistel
An ninh Mng
2929
Mng S-P
Mng thay th (S) - hon v (P) xut bi Claude Shannon vo nm 1949 L c s ca cc h m ha khi hin i Da trn 2 php m ha c in
o
Khuch tn : Hp P (kt hp vi hp S)
Pht ta cu trc thng k ca nguyn bn khp bn m
Gy ln : Hp S
Lm phc tp ha mi quan h gia bn m v kha
An ninh Mng
3030
Hp S
u vo 3 bit
0 1 0
0 1 2 3 4 5 6 7
0 1 2 3 4 5 6 7
u ra 3 bit
1
0
An ninh Mng
3131
Hp P
u vo 4 bit
1 1
1 0
1 1 1 0
1 0 1 1
1 0
1
1
An ninh Mng
3232
M ha Feistel
xut bi Horst Feistel da trn khi nim h m ha tch hp thun nghch ca Shannon Phn mi khi di 2w bit thnh 2 na L0 v R0 X l qua n vng Chia kha K thnh n kha con K1, K2,..., Kn Ti mi vng i
o
Thc hin thay th na bn tri Li-1 bng cch XOR n vi F(Ki, Ri-1)
F thng gi l hm chuyn i hay hm vng
o o
Hon v hai na Li v Ri
An ninh Mng
3333
R0
K1
. . .
Vng n
. . .
+ F
R1 Kn
Rn Rn+1
3434
Cc c trng h Feistel
di khi
o
di kha
o
S vng
o
Hm vng
o
Gii m Feistel
i vi qu trnh m ha
Li = Ri-1 Ri = Li-1 F(Ri-1, Ki)
o
o
i vi qu trnh gii m
Ri-1 = Li
Li-1 = Ri
F(Li, Ki)
An ninh Mng
3636
Chun m ha d liu
DES (Data Encryption Standard) c cng nhn chun nm 1977 Phng thc m ha c s dng rng ri nht Tn gii thut l DEA (Data Encryption Algorithm) L mt bin th ca h m ha Feistel, b xung thm cc hon v u v cui Kch thc khi : 64 bit
giao hon
giao hon
. . .
vng n Kn giao hon
. . .
hon i 32 bit
giao hon nghch Bn m (64 bit) An ninh Mng 3838
Mt vng DES
<-----32 bit------> <-----32 bit------>
Li1
Ri-1
m rng g/hon --- 48 bit
x
hp S
Ki
--- 48 bit --- 32 bit --- 32 bit
giao hon
x
Li Ri
3939
Ph m DES
Kha 56 bit c 256 = 7,2 x 1016 gi tr c th Phng php vt cn t ra khng thc t Tc tnh ton cao c th ph c kha
o
1997 : 70000 my tnh ph m DES trong 96 ngy 1998 : Electronic Frontier Foundation (EFF) ph m DES bng my chuyn dng (250000$) trong < 3 ngy 1999 : 100000 my tnh ph m trong 22 gi
H m ha 3DES
C = EK2(EK1(p))
X = EK1(p) = DK2(C)
Nu bit mt cp (p, C)
M ha p vi 256 kha v gii m C vi 256 kha So snh tm ra K1 v K2 tng ng Kim tra li vi 1 cp (p, C) mi; nu OK th K1 v K2 l kha An ninh Mng 4141
AES (Advanced Encryption Standard) c cng nhn chun mi nm 2001 Tn gii thut l Rijndael (Rijmen + Daemen) An ninh hn v nhanh hn 3DES Kch thc khi : 128 bit Kch thc kha : 128/192/256 bit S vng : 10/12/14 Cu trc mng S-P, nhng khng theo h Feistel
o
An ninh Mng
4242
Khi 64 bit, kha 128 bit, 8 vng Theo cu trc mng S-P, nhng khng theo h Feistel
Mi khi chia lm 4
Blowfish
o
An ninh Mng
4343
RC5
o
Pht trin bi Ron Rivest Khi 32/64/128 bit, kha 0-2040 bit, 0-255 vng n gin, thch hp cc b x l c rng khc nhau Theo cu trc h Feistel
CAST-128
o
Pht trin bi Carlisle Adams v Stafford Tavares Khi 64 bit, kha 40-128 bit, 12/16 vng Theo cu trc h Feistel Bn quyn bi Entrust nhng dng min ph An ninh Mng
4444
CTR (Counter)
o
M ha C1
M ha C2 M ha
...
M ha CN
C1
C2
CN
Gii m
Gii m
...
Gii m
p1
p2
Gii m An ninh Mng
pN
4646
nh gi ECB
Nhc im do cc khi c m ha c lp
V d gi kha
An ninh Mng
4747
CN-1
K M ha C1 K M ha C2 M ha C1 K IV p1 p2 Gii m K C2 Gii m CN
...
M ha
CN
...
K CN-1
Gii m
pN 4848
nh gi CBC
S lp li cc khi nguyn bn khng th hin trong bn m ha Thay i trong mi khi nguyn bn nh hng n tt c cc khi bn m v sau Cn c m ha ging kha Nn khc nhau i vi cc thng bo khc nhau
Cn 1 gi tr u IV bn gi v bn nhn u bit
o
An ninh Mng
4949
M ha CFB
IV
Thanh ghi dch 64-s bit | s bit Thanh ghi dch 64-s bit | s bit
CM-1
Thanh ghi dch 64-s bit | s bit
64 K M ha K
64 M ha
...
64 K M ha
64
p1 s
Chn s bit B i 64-s bit
64
p2 s
Chn s bit B i 64-s bit
64
pM s
Chn s bit B i 64-s bit
s
s C1
C2
CM
An ninh Mng
5050
Gii m CFB
IV
Thanh ghi dch 64-s bit | s bit Thanh ghi dch 64-s bit | s bit
CM-1
Thanh ghi dch 64-s bit | s bit
64 K M ha 64
Chn s bit B i 64-s bit
64 K s
Chn s bit
M ha 64
B i 64-s bit
...
C2
64 K M ha 64
Chn s bit B i 64-s bit
s C1
CM
p1
p2
pM
An ninh Mng
5151
nh gi CFB
Thch hp khi d liu nhn c theo tng n v bit hay byte Khng cn n thng bo lm trn khi Cho php s lng bit bt k
o
M ha OFB
IV
Thanh ghi dch 64-s bit | s bit Thanh ghi dch 64-s bit | s bit
OM-1
Thanh ghi dch 64-s bit | s bit
64 K M ha 64
Chn s bit B i 64-s bit Chn s bit
64 K M ha 64
B i 64-s bit
...
64 K M ha 64
Chn s bit B i 64-s bit
p1
s
s
s
p2 s
pM s
C1
C2 An ninh Mng
CM 5353
Gii m OFB
IV
Thanh ghi dch 64-s bit | s bit Thanh ghi dch 64-s bit | s bit
OM-1
Thanh ghi dch 64-s bit | s bit
64
64
M ha 64
Chn s bit B i 64-s bit
K
s
M ha 64
Chn s bit B i 64-s bit
...
C2
64
M ha 64
Chn s bit B i 64-s bit
s s C1 p2 s s pM CM
p1
An ninh Mng
5454
nh gi OFB
Tng t CFB ch khc l phn hi ly t u ra gii thut m ha, c lp vi thng bo Khng bao gi s dng li cng kha v IV Li truyn 1 khi m ha khng nh hng n cc khi khc Thng bo d b sa i ni dung
Ch nn dng OFB-64
C th tit kim thi gian bng cch thc hin gii thut m ha trc khi nhn c d liu
An ninh Mng 5555
...
K pN
M ha
CN
...
M ha
C2 p1 p2
Gii m An ninh Mng
CN pN
5656
nh gi CTR
Hiu qu cao
o o
C th thc hin m ha (hoc gii m) song song C th thc hin gii thut m ha trc nu cn
B tr cng c m ha
Gii php hu hiu v ph bin nht chng li cc mi e da n an ninh mng l m ha thc hin m ha, cn xc nh
o o
C 2 phng n c bn
o o
M ha lin kt
M ha u cui
An ninh Mng
5858
M ha lin kt
Cng c m ha c sp t 2 u ca mi lin kt c nguy c b tn cng m bo an ninh vic lu chuyn thng tin trn tt c cc lin kt mng
M ha u cui
Qu trnh m ha c thc hin 2 h thng u cui m bo an ninh d liu ngi dng Ch cn mt kha cho 2 u cui m bo xc thc mc nht nh Mu lu chuyn thng tin khng c bo v
o
Kt hp cc phng n m ha
Cng c m ha u cui PSN : Packet-switching node Cng c m ha lin kt An ninh Mng 6161
Qun l kha b mt
Thng h thng mt an ninh l do khng qun l tt vic phn phi kha b mt Kha phin (tm thi)
Dng m ha d liu trong mt phin kt ni
Phn cp kha
o
o
Hy b khi ht phin
o
o
Kha c th c chn bi bn A v gi theo ng vt l n bn B Kha c th c chn bi mt bn th ba, sau gi theo ng vt l n A v B Nu A v B c mt kha dng chung th mt bn c th gi kha mi n bn kia, s dng kha c m ha kha mi
4.
Host gi gi tin yu cu kt ni FEP m gi tin; hi KDC kha phin KDC phn phi kha phin n 2 host Gi tin m c truyn i
An ninh Mng
6464