Beruflich Dokumente
Kultur Dokumente
Ging vin
Trn c Khnh B mn HTTT, Khoa CNTT, P. 325, nh C1 khanhtd@it-hut.edu.vn
Mc tiu chung
Sinh Sinh Sinh Sinh vin vin vin vin khng ng gt nm c kin thc t im thi tt thch mn hc
Mc tiu mn hc
Nm vng cc khi nim c bn trong an ton HTTT: mi e da, bin php ngn chn Nm c c s ca l thuyt mt m
nh gi tin cy ca cc HTTT Xc nh cc l hng bo mt, e da ca cc HTTT Hng n xy dng chnh sch v ra gii php an ton bo mt cho cc HTTT
Ni dung
Khi nim c bn v an ton thng tin Mt m hc
Mt m c in v cc h mt m ha cng khai Ch k in t, k thut hm bm Giao thc mt m v an ton thng tin
An ton cc HTTT
An An An An ton ton ton ton phn mm h iu hnh c s d liu mng, Web
[CERT]: Mi nguy
[CERT]: S c
Hi/p
Nhng nm v trc, mt s tin tc c tuyn dng vo cc cng ty hay t chc trn th gii m h ph hoi. Gn y khuynh hng ny gim r rt. Bn ngh g v s thay i ny? N tt hay xu? V sao?
An ton
Mc tiu ca an ton l bo v ti sn trnh khi cc mi e da, s dng cc bin php ngn chn Ti sn no? Mi e da no? Bin php ngn chn no?
An ton HTTT
Ti sn: phn cng, phn mm, d liu Mi e da: ph hoi, can thip, sa i Bin php ngn chn: m ha, kim sot thng qua phn mm/phn cng/cc chnh sch
An ton HTTT
3 Mc tiu: B mt (Confidentiability): ti sn ch c truy nhp bi nhng ngi c quyn Ton vn (Intergrity): ti sn ch c to/xa/sa i bi nhng ngi c quyn Sn dng (Availability): ti sn sn sng p ng s dng cho nhng ngi c quyn
Hi/p
Nhng bin php ngn chn no ang c s dng trn my tnh c nhn ca bn? Cc bin php ny nhm ngn chn nhng e da no?
An ton HTTT - Mi e da
Phn mm c tnh (Malware) Phishing Spam T chi dch v (Denial of service) Truy nhp tri php (Unauthorized access) Giao dch gian ln (Fraudulent transaction)
Cc ch
Mt m hc An ton phn mm An ton h iu hnh An ton c s d liu An ton mng, Web
2004, cc nh nghin cu ca H Johns Hopkins b c kha ca mt s xe i mi Texas Instruments, nh sn xut chip RFID, b qua li cnh bo ca nhm nghin cu
Gii m Enigma
My m ha v gii m pht minh bi Arthur Scherbius cui th chin th nht Enigma c s dng trong qun i c Quc x trong th chin th hai Cng trnh gii m Enigma ca qun ng minh c cc s gia nh gi l rt gn 2 nm thi gian th chin Mt trong nhng lc lng gii m ni ting l nhm HUT 8 ca Anh, do Alain Turing dn u
Cc ch (1)
Mt m hc
H Mt m c in H Mt m kha b mt H Mt m kha cng khai Hm bm, ch k s Qun l kha, giao thc mt m,
Tn cng iPhone
2007, cc nh nghin cu ca Independent Security Evaluators pht hin mt l hng to iu kin cho k t nhp kim sot iPhone Trnh duyt Safari ca iPhone chy vi c quyn admin -> phn mm c tnh chy vi c quyn admin t nhp thng qua im truy nhp khng dy (wireless access point) Cc trang Web Email, SMS c cha cc ng dn n cc trang web b chim ot
Ngun:
http://securityevaluators.com/content/case-studies/iphone//
An ton h iu hnh
Cc mi e da Cc bin php an ton Phn quyn, iu khin truy nhp, Sandbox Trusted computing
http://www.computerworld.com/s/article/9080580/Huge _Web_hack_attack_infects_500_000_pages
Cc ch (4)
An ton c s d liu
Cc mi e da Cc bin php an ton
Gii php a tng
t nhp hp th Gmail
2008, ti hi ngh Defcon hacker mt nh nghin cu demo mt cng c cho php t nhp vo hp th Gmail, ngay c khi cc phin truy nhp hp th c m ha (https:// thay v http:// ) t nhp thng qua vic nh cp Session Cookie
Session Cookie chng nhn my tnh ng nhp thnh cng Session Cookie b nh cp s c s dng nh mt chng nhn hp l truy nhp hp th Gmal
Cc ch (5)
An ton mng, Web
Cc mi e da Tn cng t chi dch v Spam Phn mm c tnh Cc cng c bo v
Mt m & ng dng
Trn c Khnh B mn HTTT Vin CNTT&TT H BKHN
Mt m hc
Mt m hc (Cryptology)
Mt m (Cryptography) M thm (Cryptanalysis)
Mt m
Tng cng cc tnh cht B mt v Ton vn thng tin: cc php m ha Xy dng cc k thut trao i thng tin b mt: cc giao thc mt m
M thm
Ph m
Lch s ngnh Mt m
Giai on Tin s (~ 2000, TCN) Nhng du hiu u tin ca Mt m xut hin bn b sng Nile, Ai Cp Giai on Mt m th cng (~ 50, TCN) Php m ha Ceasar Giai on Mt m c hc (cho n Th chin 2) My Enigma c Cc nghin cu v Gii m Anh Giai on Mt m in t Da vo Ton hc v Tin hc c t nn mng bi Shanon, Diffie v Hellman Kha b mt (DES, AES,), Kha cng khai (RSA, ElGamal, )
Charlie
Tn cng ch ng
Mc tiu An ton
B mt (Confidentiality) Ton vn (Integrity) Xc thc (Authentication) Chng ph nhn (Non-repudiation)
Ch
H mt m c in H mt m kha b mt (i xng) H mt m kha cng khai (bt i xng) Hm bm, ch k s Qun l kha, giao thc mt m,
H mt m
H Mt m = B 5 (K,M,C,E,D) Khng gian Kha (Key): K Khng gian Tin (Message/Plaintext): M Khng gian M (Cipher): C Hm m ha (Encryption)
E: K x M -> C
Hm gii m (Decryption)
D: K x C -> M
Ch
H mt m c in H mt m kha b mt (i xng) H mt m kha cng khai (bt i xng) Hm bm, ch k s Qun l kha, giao thc mt m,
H mt m c in
M ha Tin
Gii m
Tin ban u
H mt m c in
M hon v M n th
M hon v
Cc k t trong Tin c hon v cho nhau
M hon v
Hon v ct
c1 c6 c11 c2 c7 c12 c3 c8 c4 c9 c5 c10
chuyn thnh
c1 c12 .. c6 c3 . c11 c8 . c2 . c7 .
Hon v ct
Tin
T H I S S A M E S A G E O S H O H O WA O L U M A R T R N S P O I T I O WOR K I S T W C N A S N S
Hon v ct
Tin
T H I S S A M E S A G E O S H O H O WA O L U M A R T R N S P O I T I O WOR K I S T W C N A S N S
M
t s oa ha l r i m u t s e mr i s n a s n a s g p e o t s o i s t h i o o w n h w o o w r a k c s
M n th
Mi k t c thay th bng mt k t khc
M n th
M Ceasar: c = m + n m: k t trong Tin c: k t tng ng trong M n: dch chuyn +: php cng modulo 26 V d: n = 3 Tin: ABCDEFGHIJKLMNOPQRSTUVWXYZ M: defghijklmnopqrstuvwxyzabc
M Ceasar
Tin
TREATY IMPOSSIBLE
M Ceasar
Tin
TREATY IMPOSSIBLE
M
WUHDWB LPSRVVLEOH
Ch
H mt m c in H mt m kha b mt (i xng) H mt m kha cng khai (bt i xng) Hm bm, ch k s Qun l kha, giao thc mt m,
H mt m kha i xng
Duy nht mt kha cho qu trnh m ha v gii m
C = E(K,M) M = D(K,C)
Kha phi c gi b mt
H mt m kha i xng
M ha Tin
Gii m
Tin ban u
Cc H mt m kha i xng
M lung
M Vigenre M Vernam
M khi
DES AES
M lung
n v m ha c bn l cc k t
Cc k t trong Tin c m ha tch bit
M Vigenre
Kha
Tin
M Vigenre
Kha
BENCH A LIMERICK PACKS LAUGHS ANATOMICAL B ENCHBENC HBENC HBENCH BENCHBENCH
Tin Ni di Kha M ha
Kha: Tin: M:
B ENCHBENC HBENC HBENCH BENCHBENCH A LIMERICK PACKS LAUGHS ANATOMICAL B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS
M Vernam
K t l cc bit Kha
K = K1K2K3Kn S ngu nhin Ki Mi Ci = Ki xor Mi
Tin
M = M1M2M3Mn
0 0 1 1
0 1 0 1
0 1 1 0
M
C = C1C2C3Cn trong Ci = Ki xor Mi
M khi
n v m ha c bn l cc khi k t Cc tham s bao gm kch thc khi v chiu di kha
Kch thc khi ln chng tn cng bng thng k Chiu di kha ln chng tn cng vt cn
Tin
M ha DES
M ha DES
TIN 64-bit Hon v u IP Vng 1 Vng 2 ...... Vng 16 Hon v cui FP M 64-bit K1 48-bit K2 48-bit K16 48-bit KHA 64-bit KS
IP, FP
IP 58 60 62 64 57 59 61 63 50 52 54 56 49 51 53 55 42 44 46 48 41 43 45 47 34 36 38 40 33 35 37 39 26 28 30 32 25 27 29 31 18 20 22 24 17 19 21 23 10 12 14 16 9 11 13 15 2 4 6 8 1 3 5 7 40 39 38 37 36 35 34 33 8 7 6 5 4 3 2 1 48 47 46 45 44 43 42 41 16 15 14 13 12 11 10 9 FP 56 55 54 53 52 51 50 49 24 23 22 21 20 19 18 17 64 63 62 61 60 59 58 57 32 31 30 29 28 27 26 25
KS
KS1 57 1 10 19 63 7 14 21 49 58 2 11 55 62 6 13 41 50 59 3 47 54 61 5 33 42 51 60 39 46 53 28 25 34 43 52 31 38 45 20 17 26 35 44 23 30 37 12 9 18 27 36 15 22 29 4 14 3 23 16 41 30 44 46 17 28 19 7 52 40 49 42 11 15 12 27 31 51 39 50 KS2 24 6 4 20 37 45 56 36 1 21 26 13 47 33 34 29 5 10 8 2 55 48 53 32
KS1 chuyn khi 64 bit thnh khi 2 khi 28 bit KS2 chuyn 2 khi 28 bit thnh khi 48 bit
KS2 (b1b2b56) = b14b17b32 KS1(b1b2b64) = b57b49b36 b63b55b4
KS
Kha ban u K (C0,D0) = KS1(K) Ki = KS2 (Ci,Di)
Ci
Dch chuyn vng trn sang tri 1 bit Ci-1 nu i = 1,2,9,16 Dch chuyn vng trn sang tri 2 bit Ci-1 trong cc trng hp khc
Tng t cho Di
Vng lp DES
32 bit tri 32 bit phi E xor S-boxes P xor 32 bit tri 32 bit phi kha 48-bit
E, P
E 32 4 8 12 16 20 24 28 1 5 9 13 17 21 25 29 2 6 10 14 18 22 26 30 3 7 11 15 19 23 27 31 4 8 12 16 20 24 28 32 5 9 13 17 21 25 29 1 16 29 1 5 2 32 19 22 7 12 15 18 8 27 13 11 P 20 28 23 31 24 3 30 4 21 17 26 10 14 9 6 25
S-Boxes
Chuyn khi 48 bit thnh khi 32 bit 8 khi 6 bit: S1, S2,,S8 (b1b2b3b4b5b6) Chuyn S1 thnh khi 4 bit
b1b6 cho gi tr thp phn i b2b3b4b5 cho gi tr thp phn j kt qu ti dng i ct j ca bng S1
0 0 1 2 3 14 0 4 15 1 4 15 1 12 2 13 7 14 8 3 1 4 8 2 4 2 14 13 4 5 15 2 6 9 6 11 13 2 1 7 8 1 11 7 8 3 10 15 5 9 10 6 12 11 10 6 12 9 3 11 12 11 7 14 12 5 9 3 10 13 9 5 10 0 14 0 3 5 6 15 7 8 0 13
S-Boxes
Chuyn S1 (110001) thnh khi 4 bit
b1b6 (11) cho gi tr thp phn i (3) b2b3b4b5 (1000) cho gi tr thp phn j (8): kt qu (5) ti dng i (3) ct j (8) ca bng S1
0 0 1 2 3 14 0 4 15
1 4 15 1 12
2 13 7 14 8
3 1 4 8 2
4 2 14 13 4
5 15 2 6 9
6 11 13 2 1
7 8 1 11 7
8 3 10 15 5
9 10 6 12 11
10 6 12 9 3
11 12 11 7 14
12 5 9 3 10
13 9 5 10 0
14 0 3 5 6
15 7 8 0 13
Gii m DES
S dng cng mt dy kha Th t cc kha o ngc Hon i 2 na tri, phi Thc hin cng s vng lp
im yu DES
Tm kha bng vt cn S dng tnh b loi tr s kh nng kha
256 kh nng
c = DES (k , m) c = DES ( k , m )
V d
1011 = 0100
Kha yu M thm
3DES
M ha
c = E(k3,(D(k2,E(k1,m)))
Gii m
m = D(k1,(E(k2,D(k3,c)))
La chn kha
k1,k2,k3 c lp k1,k2 c lp v k3 = k1 k1=k2=k3
Mi vng kt hp Hon v + n th
Mt m & ng dng
Trn c Khnh B mn HTTT Vin CNTT&TT H BKHN
Ch
H mt m c in H mt m kha b mt (i xng) H mt m kha cng khai (bt i xng) Hm bm, ch k s Qun l kha, giao thc mt m,
Qun l kha
N ngi dng cn N kha cng khai c xc thc H tng kha cng khai PKI
M ha Tin
Gii m
Tin ban u
M ha Tin
Gii m
Tin ban u
phc tp
phc tp tnh ton (thi gian) Gii quyt cc vn P
Vn d: lp P Vn kh: lp NP
Gii quyt cc vn NP
S hc ng d
S hc ng d
a mod n a op b mod n op = +, -, *, /, ^
V d:
40 mod 6 = 4 5 + 2 mod 6 = 1 9 4 mod 3 = 2 5 * 3 mod 6 = 3 4/2 mod 3 = 2 2^4 mod 6 = 4
S hc ng d
a mod n S d ca a chia n a + b mod n S d ca a + b chia n a - b mod n S d ca a - b chia n a * b mod n S d ca a * b chia n a ^ b mod n Th tc bnh phng a / b mod n Gii thut Euclide m rng
Th tc bnh phng
Da vo tnh cht
a*b mod n = ((a mod n)*(b mod n)) mod n
Tnh a^25
a^25 = a^(11001) a^(11001) = a^(10000+1000+1) a^(10000+1000+1) = a^10000 * a^1000 * a^1 a^10000 * a^1000 * a^1 = a^16 * a^8 * a^1
phc tp (O(logb*(logs)^2)) Hiu qu hn phng php tnh ly tha bng php nhn ng d (O(b*(logs)^2))
Th tc bnh phng
ModExp1(a,b, s) Vo: 3 s nguyn dng a,b,s sao cho a < s bn1 b1b0 l biu din nh phn ca b, n = [logb] Ra: a^b mod s p[0] = a mod s for i = 1 to n1 p[i] = p[i1]^2 mod s r=1 for i = 0 to n1 if b[i] = 1 then r = r*p[i] mod s return r
Bi tp
Tnh 6^73 mod 100
73 = 2^0 + 2^3 + 2^6 6^73 = 6 * 6^(2^3)*6^(2^6) 6 = 6 mod 100 6^(2^3) = 16 mod 100 6^(2^6) = -4 mod 100 6^73 = 6 * (16) * (-4) = 16 mod 100
Bi tp
Dng gii thut Euclide m rng tm SCLN(120,23)
a 120 23 5 3 2 1 b 23 5 3 2 1 0 q 5 4 1 1 2 _ r 5 3 2 1 0 _ x -9 2 -1 1 0 1 y 47 -9 2 -1 1 0 d 1 1 1 1 1 1
Bi tp
Dng gii thut Euclide m rng tm tm x sao cho 51*x mod 100 = 1
Nu a*x mod n = 1 th tn ti k trong a*x = 1 + n*k Ta c a*x n*k = 1 t y = -k, ta c a*x + b*y = 1 Tm x,y bng gii thut Euclide m rng x = -49, y = 25
RSA To kha
Chn ngu nhin 2 s nguyn t p, q n=p*q Chn e sao cho 1 < e < (p-1) * (q-1) SCLN(e, (p-1) * (q-1)) = 1 Chn d sao cho 1 < d < (p-1) * (q-1) e*d = 1 mod (p-1) * (q-1) Kha cng khai (n,e) Kha ring (p,q,d)
RSA To kha
V d
p = 11, q = 23 n = 11*23 = 253 (p-1)*(q-1) = 10*22=220 SCLN(e,220) = 1
gi tr nh nht e = 3
RSA M ha
M ha s dng kha cng khai
Tin m Kha cng khai (n,e) M
c = m^e mod n
RSA M ha
V d
p = 11, q = 23 n = 11*23 = 253 (p-1)*(q-1) = 10*22=220 e=3 d = 147 Tin m = 165 M
c = 165^3 mod 253 = 110
RSA Gii m
Tin m Kha cng khai (n,e) Kha ring (p,q,d) M c = m^e mod n Gii m
m = c^d mod n
RSA Gii m
V d
p = 11, q = 23 n = 11*23 = 253 (p-1)*(q-1) = 10*22=220 e=3 d = 147 M c = 165^3 mod 253 = 110 Tin m = 110^147 mod 253 = 165
RSA nh l RSA
Nu (n,e) l kha cng khai (p,q,d) l kha ring 0 <= m < n th (m^e)^d mod n = m
RSA- an ton
RSA v bi ton phn tch tha s nguyn t
Kha cng khai (n,e) Kha ring (p,q,d) c gi b mt an ton ca RSA da trn kh/phc tp ca bi ton tnh (p,q,d) t (n,e) p,q l 2 s nguyn t,
RSA- an ton
La chn p,q
m bo rng bi ton PTTSNT(n) thc s kh Trnh tnh trng p,q ri vo nhng trng hp c bit m bi ton trn tr nn d dng
V d: p-1 c cc tha s nguyn t nh
RSA- an ton
La chn e
e nh nht c th e khng nh qu trnh b tn cng theo dng low exponent
La chn d
d khng nh qu (d < n/4) trnh tn cng dng low decryption
Tc rt chm so vi DES
RSA Bi tp
Cho p = 7, q = 11. Gi s Alice dng kha cng khai (n,e) = (77,17). Tm kha ring. Bit rng cc k t t A n Z c biu din bng cc s nguyn t 00 n 25. Du cch c biu din bng s 26. Bob mun gi cho Alice Tin HELLO WORLD s dng h mt m RSA. Tnh M tng ng.
RSA Bi tp
p n
(p,q,d) = (7,11,53) Tin
H E L L O W O R L D 07 04 11 11 14 26 22 14 17 11 03
M
28 16 44 44 42 38 22 42 19 44 75
Bi tp
Chng minh nh l Euler & Fermat Chng minh nh l RSA
Mt m & ng dng
Trn c Khnh B mn HTTT Vin CNTT&TT H BKHN
Ch
H mt m c in H mt m kha b mt (i xng) H mt m kha cng khai (bt i xng) Hm bm, ch k s Qun l kha, giao thc mt m,
Hm bm
Mc tiu an ton
Ton vn (Integrity)
Hm bm c kha
u vo l mt chui c chiu di bin thin, v u ra c chiu di c nh
Tin:
h: *K n
Ct (Digest): Kha: K
Hm bm khng kha
u vo l mt chui c chiu di bin thin, v u ra c chiu di c nh
h : * n
Tin:
Ct (Digest):
K thut to hm bm
Dng cc hm m ha
CBC RMDP DM
K thut to hm bm
Dng cc hm m ha
CBC RMDP DM
Hm bm
M = M1M2Mn Hi = E(K,Mi xor Hi-1) H = Hn
Hm bm
M = M1M2..Mn H0 = r (r ngu nhin) Hi = E(Mi,Hi-1) H= Hn
DM Davies, Meyer
Mt m i xng
Hm m ha E Kha l cc khi ca tin
Hm bm
M = M1M2..Mn H0 = r (r ngu nhin) Hi = E(Mi,Hi-1) xor Hi-1 H = Hn
K thut to hm bm
Dng cc hm m ha
CBC RMDP DM
Hm bm
H0 = r (r ngu nhin) Hi = (Hi-1+Mi)^2 mod N H = Hn
DP Davies, Price
M = M1M2Mn N l s nguyn t sao cho
N >= 2^r
Hm bm
H0 = 0 Hi = (Hi-1 xor Mi)^2 mod N H = Hn
K thut to hm bm
Dng cc hm m ha
CBC RMDP DM
SHA-1
SHA = Secure Hash Algorithm c xut v bo tr bi NIST Dng trong h DSS (Digital Signature Standard) ca NIST c s dng rng ri
SSL, PGP, SSH, S/MIME, IPSec
SHA-1
u vo bi s ca 512 bit Gi tr bm 160 bit 80 vng lp tnh ton
Vng lp SHA-1
Vng lp SHA-1
A,B,C,D,E khi 32 bit Kt hng s ca vng lp t Wt c tnh t cc khi ca Tin <<< dch chuyn cc bit sang tri cng modulo 32 F l hm kt hp cc php ton logic
not, and, or, xor
MD5
MD = Message Digest MD5 c xut bi Rivest vo nm 1991 c s dng rng ri
Truyn tp tin Lu tr mt khu
MD5
u vo 512 bit Gi tr bm 128 bit 64 vng lp tnh ton
Vng lp MD5
Vng lp MD5
A,B,C,D khi 32 bit Ki hng s ca vng lp i Mi khi 32 bit ca Tin <<< dch chuyn cc bit cng modulo 32 F l hm kt hp cc php ton logic
not, and, or, xor
Tn cng Hm bm
e da/mi nguy
Nghch l sinh nht Trong mt nhm 23 ngi, xc sut c hai ngi c cng mt sinh nht l khng nh hn 1/2 Tn cng dng sinh nht Tnh N gi tr bm trong thi gian v khng gian cho php Lu tr cc gi tr bm tm ra ng Xc sut ng
Nu N > 2^(n/2) gi tr bm, th xc sut ng l > 1/2, trong n l di ca chui gi tr bm
Ch k s
1976, Diffie & Hellman ln u tin cp n khi nim Ch k s 1989, phin bn thng mi Ch k s u tin trong Lotus Notes, da trn RSA ng dng
Hp ng s Bu c in t Giao dch ngn hng
Ch k s
Mc tiu an ton
Xc thc (Authentication) Chng ph nhn (Non-repudiation)
H ch k s
Thut ton to ch k
K hiu S u vo l mt thng tin m Ch k S(m)
K thut to Ch k s
Mt m kha cng khai Mt m kha cng khai + Hm bm
RSA + Hm bm ElGamal + Hm bm DSA
Ch k s dng RSA
Tin m Kha cng khai (n,e) Kha ring (p,q,d) To ch k
s = m^d mod n
Kim nh ch k
m =? s^e mod n
Ch k s dng RSA
e da/mi nguy
Tn cng dng tro kha Tn cng dng chn tin, da trn c im nhn tnh ca RSA Nu m1^d mod n l ch k ca m1, m2^d mod n l ch k ca m2, th (m1*m2)^d mod n l ch k ca m1*m2 Tn cng dng khng Tin Ly kha cng khai k ca Alice To tin m v ch k s ca m sao cho m v s c cng nhn bi thut ton kim nh s dng k
Thut ton to ch k
Hm m ha s dng kha ring Hm bm
Chun Ch k s - DSS
To ch k
Tin Hm bm Tm lc Kha cng khai Kha ring Sinh ch k Ch k Hp l/ Khng hp l Kim nh ch k
Kim nh ch k
Tin Hm bm Tm lc
Ch k s RSA + Hm bm
Cc thng s
Hm bm h 2 s nguyn t p,q
Ch k s RSA + Hm bm
To kha
n = p*q Chn e sao cho 1 < e < (p-1) * (q-1) SCLN(e, (p-1) * (q-1)) = 1 Chn d sao cho 1 < d < (p-1) * (q-1) e*d = 1 mod (p-1) * (q-1) Kha cng khai (n,e) Kha ring (p,q,d)
Ch k s RSA + Hm bm
To ch k
Tin m Ch k s = h(m)^d mod n
Ch k s RSA + Hm bm
Kim nh ch k
Ch k s Tin m Kim nh h(m) ?= s^e mod n
Ch k s ElGamal + Hm bm
Cc thng s
Hm bm h S nguyn t p S nguyn g sao cho
g^c = b mod p trong b,p nguyn t cng nhau
Ch k s ElGamal + Hm bm
To kha
Chn a sao cho 0 < a < p-1
A = g^a mod p a c gi l logarit ri rc ca A
Kha ring
a
Ch k s ElGamal + Hm bm
To ch k
Tin m Chn k sao cho
0 < k < p-1 k nguyn t cng nhau vi p-1
Ch k
r = g^k mod p s = k^(-1) * (h(m) a*r) mod (p-1)
Ch k s ElGamal + Hm bm
Kim nh ch k
Ch k (r,s) Tin m Kim nh
0<r<p 0 < s < p-1 A^r*r^s ?= g^h(m) mod p
Ch k s DSA
Cc thng s
Hm bm h S nguyn t q S nguyn p sao cho
p-1 la bi s ca q
Ch k s DSA
To kha
Chn a < q
A = g^a mod p
Kha ring
a
Ch k s DSA
To ch k
Tin m Chn k sao cho 0 < k < q Ch k
r = (g^k mod p) mod q s = k^(-1) * (h(m) + a*r) mod q
Ch k s DSA
Kim nh ch k
Ch k (r,s) Tin m Kim nh
0<r<q 0<s<q r = ((g^(s^(-1)*h(m) mod q) A^(r*s^(-1) mod q)) mod p) mod q
Mt m & ng dng
Trn c Khnh B mn HTTT Vin CNTT&TT H BKHN
Ch
H Mt m khng Kha H Mt m kha b mt (i xng) H Mt m kha cng khai (bt i xng) Hm bm, ch k s Qun l kha, giao thc mt m,
Xc thc
Needham-Schroeder
Xc thc
Needham-Schroeder
Qun l kha
Qun l kha l mt vn quan trng
Tnh b mt: kha i xng Tnh ton vn: kha i xng, kha cng khai
A1
A4
A6
A5
Nhc im
Mi thc th phi lu tr nhiu kha di hn trao i vi cc thc th khc Thng nht, chia x kha kh khn i hi cc thc th phi tin tng nhau
A2 E(k2,k) A1 E(k,m) k
A3
TTP
Ngun kha
A4
E(k6,k) A6 A5
Nhc im
Tt cc cc cuc trao i thng tin u cn tng tc ban u vi Trng ti Trng ti phi lu tr nhiu kha i xng di hn Trng ti phi x l khi lng ln thng tin Nu Trng ti b e da, tt c cc trao i thng tin u b e da
Th mc cng cng
A1: d1 e6 c A1: e1 A2 : e2 A3 : e3 A4 : e4 A5 : e5 A6 : e6 A5:d5 A4: d4
m = D(d6,c) A6: d6
Nhc im
Tn cng ch ng
Th mc cng cng
A1: e1 A2 : e2 A3 : e3 A4 : e4 A5 : e5 A6 : e6 e* A5:d5 A4: d4
Cc hp phn ca PKI
Pht hnh chng nhn (Certificate Issuance) Mt hay nhiu thc th tin cy c quyn pht hnh chng nhn Cc thc th ny gi l Certificate Authorities Thu hi chng nhn (Certificate Revocation) Thu hi chng nhn ht hn s dng Sao lu/Phc hi/Cp nht kha (Key Backup/Recovery/Update) Sao lu kha ring Phc hi trong trng hp b mt Cp nht kha m bo an ton Tem thi gian (Time Stamping) Thi gian cp pht chng nht
Certificate Authority
Cp chng nhn
A1: d1 c
s1 s2 s3 s4 s5 s6
= = = = = =
A4: d4
m = D(d6,c) A6: d6
A5:d5
Nhc im
Nu thut ton sinh ch k ca CA b e da, tt c cc trao i thng tin u b e da tin cy hon ton da trn CA
Xc thc
Needham-Schroeder
Giao thc
Giao thc
Mt chui cc bc thc hin Cc bc thc hin phi tng minh Tt c cc tnh hung phi c d tnh v c cc bc thc hin trc C t nht 2 bn tham d Cc bn tham d phi hiu bit v tun th cc bc thc hin
Giao thc mt m
Giao thc truyn thng = Giao thc trong cc bc thc hin l trao i thng tin Giao thc mt m = Giao thc truyn thng + Mt m hc Thng thng mt giao thc mt m kt hp cc kha cnh sau
Thng nht kha Xc thc M ha Chng ph nhn
M t giao thc mt m
Cc thc th tham gia giao thc Cc bc thc hin ca giao thc
1. Bc 1 2. Bc 2 3.
Mt bc thc hin
Alice gi cho Bob thng tin M
Aice -> Bob: M
Xc thc
Needham-Schroeder
S dng cc kt qu trong l thuyt nhm s nguyn nhn tnh ng d Da trn phc tp ca bi ton
Logarit ri rc
Diffie-Hellman
1. Alice (A) chn v gi cho Bob (B) s nguyn t p v mt phn t nguyn thy g thuc nhm nhn tnh mod p
A -> B: p,g
2. 3. 4. 5. 6.
Alice chn mt s t nhin ngu nhin a v gi g^a mod p cho Bob Bob chn mt s t nhin ngu nhin b v gi g^b mod p cho Alice Alice tnh (g^b mod p)^a mod p Bob tnh (g^a mod p)^b mod p Kha chung b mt g^(a*b) mod p
B -> A: g^b mod p A -> B: g^a mod p
Diffie-Hellman
V d: p = 23, g = 5, a = 6, b = 15 1. Alice gi Bob p=23, g=5
2. Alice chn a=6, v gi Bob g^a mod p = 5^6 mod 23 = 8 3. Bob chn b=15, v gi Alice g^b mod p = 5^15 mod 23 = 19 4. Alice tnh 5. Bob tnh
B -> A: 19 19^6 mod 23 = 2 8^15 mod 23 = 2 A -> B: 8 A -> B: 23,5
6. Kha K = 2
an ton ca Diffie-Hellman
Kha b mt
Bi ton Diffie-Hellman Bit g, g^a, g^b. Tm g^(a*b)? Bi ton Logarit ri rc Bit g^a. Tm a?
Tnh xc thc
Tn cng dng Man-in-the-middle Alice v Bob mun thng nht kha b mt Eve l k gia Alice v Eve thng nht g^(a*e) Bob v Eve thng nht g^(b*e)
Xc thc
Needham-Schroeder
Xc thc
Rt nhiu ng dng i hi cc thc th tham gia phi chng minh danh tnh
M hnh Client-Server an ton
ng dng
Xc thc trong m hnh Client-Server: Kerberos
Tn cng Man-in-the-middle
1. 2. 3. 4. 5. A -> I: {Na,A}_ki I -> B: {Na,A}_kb B -> I: {Na,Nb}_ka I -> A: {Na,Nb}_ka A -> I: {Nb}_ki
6. I -> B: {Nb}_kb
middle
Thay
B -> A: {Na,Nb}_ka
Bi
B -> A: {Na,Nb,B}_ka
An ton Phn mm
Trn c Khnh B mn HTTT Vin CNTT&TT H BKHN
An ton Phn mm
Phn mm c tnh
Cc phn mm c tnh thng gp Cc bin php ngn chn
Li phn mm
Cc li phn mm thng gp Cc bin php an ton
Kim th (Testing) Kim nh hnh thc (Formal Verification) Lp trnh an ton (Secure Coding)
An ton Phn mm
Phn mm c tnh
Cc phn mm c tnh thng gp Cc bin php ngn chn
Li phn mm
Cc li phn mm thng gp Cc bin php an ton
Kim th (Testing) Kim nh hnh thc (Formal Verification) Lp trnh an ton (Secure Coding)
Phn mm c tnh
Chy theo ch nh ca ngi lp trnh ra n Chy v phn ng theo cch bt thng, khng trng i t pha ngi dng n nu trong h thng, hoc gn vo cc phn mm khng c tnh C th lm c mi th m mt phn mm c th lm
Trojan horse
Gn vo mt chng trnh, pht tn bn sao ra khc chng trnh khc C cc tnh nng bt thng Pht ng khi iu kin c tha mn Pht ng khi n hn thi gian Cho php truy nhp tri php cc tnh nng Pht tn bn sao qua mng Nhn bn n khi khng cn ti nguyn
Su (Worm)
Th (Rabbit)
Virus ti liu
Ti liu
Slide Spreadsheet
Lnh
Macro Bin Th tc Truy nhp tp, CSDL Gi h thng
Ni n nu Virus
Vng Boot (Boot Sector) B nh (Memory-Resident) ng dng (Application Program) Th vin (Library)
Thay i th mc, tp
Thay i bng tn hiu ngt Ti ln b nh khi c tn hiu ngt n tn hiu ngt, gi hm h thng Thay i tp h thng/tp thc thi Ly lan vo vng Boot, chng trnh h thng, chng trnh v d liu n gi h thng Thay i kt qu
Pht tn ly lan n nu
Mt s ng nhn v virus
Virus ch ly nhim trn cc h thng MS Windows Virus khng th thay i cc file hidden hoc read-only Virus ch xut hin trong tp d liu, chng trnh Virus ch pht tn thng qua qua a, email Virus khng th tn ti trong b nh sau khi reboot power off/on Virus ly nhim trn phn cng
An ton Phn mm
Phn mm c tnh
Cc phn mm c tnh thng gp Cc bin php ngn chn
Li phn mm
Cc li phn mm thng gp Cc bin php an ton
Kim th (Testing) Kim nh hnh thc (Formal Verification) Lp trnh an ton (Secure Coding)
An ton Phn mm
Phn mm c tnh
Cc phn mm c tnh thng gp Cc bin php ngn chn
Li phn mm
Cc li phn mm thng gp Cc bin php an ton
Kim th (Testing) Kim nh hnh thc (Formal Verification) Lp trnh an ton (Secure Coding)
Li phn mm
Lp trnh vin thng mc li
khng c khng c tnh nhng i khi gy hu qu nghim trng
Cc li phn mm thng gp
Trn b m (Buffer Overflow)
Array Index Out of Bound
ng b (Synchronization)
File stat()/open()
Li trn b m
1. 2. 3. 4. 5. 6. int authenticated = 0; int (*fnptr)(); void vulnerable() { char buf[80]; gets(buf); }
iu g xy ra nu u vo c hn 80 byte
authenticated /= 0 int (*fnptr)() tr n m ca hm khc
Li khng y
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. char buf[80]; void vulnerable() { int len = read_int_from_network(); char *p = read_string_from_network(); if (len > sizeof buf) { error("length too large, nice try!"); return; } memcpy(buf, p, len); } void *memcpy(void *dest, const void *src, size_t n); typedef unsigned int size_t; iu g s xy ra?
len l s m, copy mt on b nh khng l
Li ng b
1. int openfile(char *path) { 2. struct stat s; 3. if (stat(path, &s) < 0) 4. return -1; 5. if (!S_ISRREG(s.st_mode)) { 6. error("only allowed to regular files; nice try!"); 7. return -1; 8. } 9. return open(path, O_RDONLY); 10. } iu g s xy ra? trng thi h thng thay i gia stat() v open()
An ton Phn mm
Phn mm c tnh
Cc phn mm c tnh thng gp Cc bin php ngn chn
Li phn mm
Cc li phn mm thng gp Cc bin php an ton
Kim th (Testing) Kim nh hnh thc (Formal Verification) Lp trnh an ton (Secure Coding)
An ton Phn mm
Phn mm c tnh
Cc phn mm c tnh thng gp Cc bin php ngn chn
Li phn mm
Cc li phn mm thng gp Cc bin php an ton
Kim th (Testing) Kim nh hnh thc (Formal Verification) Lp trnh an ton (Secure Coding)
Kim th
Mc ch ca kim th l tm ra li ca h thng
Nu khng tm ra li, chng ta hi vng rng h thng l an ton
Hp trng (White-box)
Bit cu trc bn trong ca phn mm Thng dng cho kim th n v
Hp xm (Grey-box)
Hn hp en: kim th Trng: thit k ca kim th
An ton Phn mm
Phn mm c tnh
Cc phn mm c tnh thng gp Cc bin php ngn chn
Li phn mm
Cc li phn mm thng gp Cc bin php an ton
Kim th (Testing) Kim nh hnh thc (Formal Verification) Lp trnh an ton (Secure Coding)
u vo
Chng trnh u ra
u vo + iu kin trc
iu kin
1. /* Requires: n >= 1; Ensures: returnvalue >= 0 */ 2. int fact(int n) { 3. int t; 4. if (n == 1) 5. return 1; 6. /* n>=2 */ 7. t = fact(n-1); 8. /* t>=0 */ 9. t *= n; 10. /* t>=0 */ 11. return t; 12. }
An ton Phn mm
Phn mm c tnh
Cc phn mm c tnh thng gp Cc bin php ngn chn
Li phn mm
Cc li phn mm thng gp Cc bin php an ton
Kim th (Testing) Kim nh hnh thc (Formal Verification) Lp trnh an ton (Secure Coding)
M un
Thit k cc hp phn
Mt mc tiu/nhim v Nh n gin c lp
ng gi
Giu thng tin v cch thc ci t cc hp phn
V d: lp o C++, giao din Java
Cc phn t bn ngoi khng th thay i sa cha thng tin mt cch c v tri php
V d: cc thuc tnh private, protected
An ton H iu hnh
Trn c Khnh B mn HTTT Vin CNTT&TT H BKHN
H iu hnh
Vai tr
Giao din gia phn cng v phn mm Qun l ti nguyn Cung cp cc phng tin bo v phn cng v ng dng
An ton H iu hnh
Cc vn bo v trong H iu hnh
Bo v b nh v a ch Bo v tp Xc thc ngi dng
An ton H iu hnh
Cc vn bo v trong H iu hnh
Bo v b nh v a ch Bo v tp Xc thc ngi dng
Bo v b nh v a ch
Lm th no ngn chn mt chng trnh/ngi dng can thip vo khng gian b nh ca chng trnh/ngi dng khc?
Phn on (Segmentation) Phn trang (Paging)
Phn on (Segmentation)
Phn chia chng trnh thnh cc on
Tng ng vi cc on d liu, cc chng trnh con Mi on c quyn khc nhau (R,W,E)
Mi on c mt tn duy nht
<Name,Offset>
on logic v on vt l
Tnh a ch on
Tnh a ch trang
u im ca phn trang
Tc
Bo v tp
Bo v nhm
Tt c ngi dng c phn thnh nhm Quyn s dng c mt ngi dng thit lp cho mnh v c nhm
Bo v c th
Mi ngi dng c mt s quyn
Quyn s dng lu di Quyn s dng tm thi
Bo v tp
H thng tp UNIX/LINUX
Mi tp c ch s hu v nhm s hu Quyn c thit lp bi ch s hu
R,W,E setid, owner, group, other
Mt s nhc im
Gi thnh Tc / chnh xc Gi mo
An ton H iu hnh
Cc vn bo v trong H iu hnh
Bo v b nh v a ch Bo v tp Xc thc ngi dng
Vn an ton t ra
Ai c truy nhp g vi c quyn no?
ng dn truy nhp th mc
USER B
USER S
RW
USER T
RW
OX
OX
ORW
Vn an ton
suid root
An ton H iu hnh
Cc vn bo v trong H iu hnh
Bo v b nh v a ch Bo v tp Xc thc ngi dng
c im
Khng bao gi b suy yu, t lit Lun c gi n khi mt i tng c yu cu s dng Nh gn, c th d dng phn tch v kim th v m bo tnh y
Phn hoch/Cch ly
Phn hoch vt l Cc tin trnh khc nhau s dng cc thit b khc nhau Phn hoch thi gian Cc tin trnh vi yu cu khc nhau thc hin ti cc thi gian khc nhau Phn hoch logic (Cch ly) Ngi dng/tin trnh thc hin nhim v ca mnh trong khng gian ca mnh Phn hoch mt m Ngi dng/tin trnh giu thng tinh ca mnh
4. ng dng
An ton C s d liu
Trn c Khnh B mn HTTT Vin CNTT&TT H BKHN
C s d liu
Tp hp cc d liu c quan h c lu tr (tp trung hoc phn tn) ngi dng c th truy nhp khi cn
Ton vn
Vt l Logic
An ton CSDL
Cc mi e da CSDL
Cp nht CSDL D liu nhy cm Suy din
An ton CSDL
Cc mi e da CSDL
Cp nht CSDL D liu nhy cm Suy din
Cp nht CSDL
S c h thng
H thng b s c khi ang cp nht CSDL
Tng tranh
Nhiu ngi dng truy nhp sa i cng lc vo cng d liu
Qun tr kho chu trch nhim t mua vn phng phm Phng, ban s dng vn phng phm
Mi vn phng phm c mt quota kinh ph vn phng phm c nh
S c kch bn
iu g xy ra nu c s c h thng sau cc bc 1,2,3,4
2. Commit
1. Thc hin cp nht CSDL vi cc d liu chun b pha trc 2. nh du kt thc pha Commit
Unset COMMIT-FLAG
Vn phng du lch B
SELECT (SEAT-NO = '11D') ASSIGN 'EHLERS,P' TO PASSENGER-NAME
D liu nhy cm
D liu cng chng khng nn c Loi d liu nhy cm
Bng Bn ghi Trng
D liu nhy cm
Cc loi r g d liu nhy cm
D liu chnh xc Cn Kt qu m Tn ti Gi tr xc xut
Bo v d liu nhy cm
H qun tr CSDL qun l truy nhp d liu nhy cm bng iu khin truy nhp
Suy din
Suy din d liu nhy cm t d liu khng nhy cm
Suy din
Cc loi tn cng suy din
Trc tip (Direct) Gin tip (Indirect)
Tng (Sum) m (Count)
V d
Name Adams Bailey Chin Dewitt Earhart Fein Groff Hill Koch Liu Majors Sex M M F M F F M F F F M Race C B A B C C C B C A C Aid 5000 0 3000 1000 2000 1000 4000 5000 0 0 2000 Fines 45. 0. 20. 35. 95. 15. 0. 10. 0. 10. 0. Drugs 1 0 0 3 1 0 3 2 1 2 2 Dorm Holmes Grey West Grey Holmes West West Holmes West Grey Grey
List NAME where (SEX=M and DRUGS=1) or (SEX /= M and SEX /= F) or (DORM=AYRES)
Cu truy vn phc tp hn nhng kt qu ging nh trn
An ton CSDL
Cc mi e da CSDL
Cp nht CSDL D liu nhy cm Suy din
CSDL a tng
Cc tng CSDL tng ng vi mc nhy cm ca d liu Cc tip cn
Phn ngn (Partitioning) M ha (Encryption) Kha Kha ton vn (Integrity Lock) Kha nhy cm (Sensitive Lock) Front-end tin cy (Trusted Front-end) B lc giao hon (Commutative Filter) Ca s (Window/View)
Phn ngn
CSDL c chia thnh cc CSDL khc nhau mc nhy cm khc nhau u im
Qun l an ton nhiu mc khc nhau
Nhc im
D tha Khng kt hp d liu cc mc nhy cm khc nhau
M ha
Mi d liu nhy cm s c m ha bng mt kha tng ng u im
Qun l an ton nhiu mc khc nhau
Nhc im
Tc Khng gian lu tr
Kha ton vn
Mc tiu m bo tnh ton vn v gii hn truy nhp Kha
Checksum
Tnh ton bng hm m ha hoc hm bm Gi tr ph thuc vo Data ID + Data + Sensitivity Label
Kha nhy cm
Mc tiu che giu nhy cm ca d liu Kha
M
Tnh ton bng hm m ha hoc hm bm Gi tr ph thuc vo Data ID + Sensitivity Level
Front-end tin cy
Hot ng ging Gim st thm quyn iu khin truy nhp CSDL
1. 2. 3. 4. 5. Xc thc ngi dng Kim tra quyn ngi dng Gi truy vn cho h qun tr CSDL Nhn kt qu truy vn Phn tch nhy cm ca kt qu truy vn, so snh vi quyn ngi dng 6. nh dng li kt qu truy vn 7. Gi kt qu truy vn cho ngi dng
B lc giao hon
Hot ng ging Front-end tin cy iu khin truy nhp CSDL
1. 2. 3. 4. 5. 6. Xc thc ngi dng Kim tra quyn ngi dng nh dng li truy vn Gi truy vn cho h qun tr CSDL Nhn kt qu truy vn Phn tch nhy cm d liu ca kt qu truy vn, so snh vi quyn ngi dng 7. nh dng li kt qu truy vn 8. Gi kt qu truy vn cho ngi dng
Ca s
Mc tiu gii hn tm nhn ca ngi dng theo quyn
Quyn c, ghi
Mi ca s l mt tp con ca CSDL
Mi tp con tng ng vi d liu m ngi dng c quyn s dng
Mng my tnh
Mi trng s dng Tp v kch thc Phng tin truyn thng Cp, Cp quang, Vi sng, Hng nga, Satellite Giao thc 7 tng OSI: Vt l, Lin kt D liu, Mng, Vn chuyn, Phin, Trnh din, ng dng a ch MAC, IP nh tuyn Loi mng LAN, WAN, Internets
An ton Mng
Cc mi e da Thm d Nghe trm Mo danh, la o L hng trang Web T chi dch v M lu ng Cc bin php ngn chn M ha Xc thc Tng la Pht hin t nhp
An ton Mng
Cc mi e da Thm d Nghe trm Mo danh, la o L hng trang Web T chi dch v M lu ng Cc bin php ngn chn M ha Xc thc Tng la Pht hin t nhp
Thm d
Qut cng (Port Scan)
Thu thp thng tin i tng tn cng
dch v, cng ang hot ng (HTTP:80, POP:110, SMTP:25, FTP:21) phin bn h iu hnh phin bn ng dng
Nghe trm
ng truyn cp
S dng packet sniffer Lp trnh li card
Wireless
Tn hiu rt d b nghe trm
S dng ng ten
Mo danh, la o
Phng on thng tin xc thc ca i tng tn cng on mt khu Nghe trm thng tin xc thc ca i tng tn cng Nghe trm mt khu Tn dng l hng c ch xc thc Trn b m Thng tin xc thc cng cng Thit b mng qun l bi SNMP Man-in-the-middle Phishing
T chi dch v
Trn kt ni (Connection Flooding)
Tn cng giao thc TCP, UDP, ICMP
Ping, Smurf, Syn Flood
M lu ng
Cookie Scripts
Cookie lu thng tin ngi dng (phin, lu di) Tn cng cc trang ASP, JSP, CGI, PHP
ActiveX M Java
Applet
An ton Mng
Cc mi e da Thm d Nghe trm Mo danh, la o L hng trang Web T chi dch v M lu ng Cc bin php ngn chn M ha Xc thc Tng la Pht hin t nhp
M ha
M ha lin kt
M ha end-to-end
Thng tin c m ha tng Data Link ca m hnh OSI Thng tin c m ha tng Application ca m hnh OSI Trao i thng tin gia ngi dng v Firewall thng qua knh m ha Mt m cng khai v chng nhn SSH, SSL, IPSec
Giao thc mt m
Xc thc
Mt khu mt ln
Password Token
Tng la
Cng c lc thng tin di chuyn gia mng bn trong v mng bn ngoi
V d: Mng LAN v Internet
Mc tiu ngn chn nguy c n t mng bn ngoi Thc hin ngn chn thng qua chnh sch an ton
Tng la
Cc loi tng la Lc gi (Packet Filtering Gateways) Duyt trng thi (Stateful Inspection Firewalls) Cng ng dng (Application Proxies) Gc (Guards) C nhn (Personal Firewalls)
SQL Injection
SQL
Structured Query Language Ngn ng truy vn CSDL
SQL Injection
Tn cng SQL Injection
statement = SELECT * FROM users WHERE name = + userName + ; iu g xy ra nu userName = a or t=t iu g xy ra nu userName = a';DROP TABLE users;
SQL Injection
Bin php ngn chn
Mc lp trnh
Kim sot cht ch u vo Loi b cc k t c bit
mc CSDL
Dng lnh prepare nh dng cu truy vn
Kim th
Qun l Cookie
Xc thc B mt: thng tin ngi dng
An ton Browser
Ton vn: malware, ti khon B mt: mt khu, mail, thng tin d liu