Athttt 2010

An ton H thng Thng tin
Trn c Khnh B mn HTTT Vin CNTT&TT H BKHN
Thng tin chung

Tn hc phn:
An ton H thng Thng tin
Thi lng: 45 tit nh gi

70% im thi vit 30% im qu trnh
Ging vin
Trn c Khnh B mn HTTT, Khoa CNTT, P. 325, nh C1 khanhtd@it-hut.edu.vn
Ti liu tham kho

Introduction to Computer Security.
Matt Bishop
Security in Computing, Fourth Edition.

Charles P. Pfleeger, Shari Lawrence Pfleeger
Handbook of Applied Cryptography.

A. Menezes, P. van Oorschot and S. Vanstone
Chuyn An ton & Bo mt.

Nguyn Khanh Vn
Cc Bi ging v An ton My tnh.

H Berkerley, MIT, H Edinburgh
Mc tiu chung
Sinh Sinh Sinh Sinh vin vin vin vin khng ng gt nm c kin thc t im thi tt thch mn hc
Mc tiu mn hc
Nm vng cc khi nim c bn trong an ton HTTT: mi e da, bin php ngn chn Nm c c s ca l thuyt mt m
nh gi tin cy ca cc HTTT Xc nh cc l hng bo mt, e da ca cc HTTT Hng n xy dng chnh sch v ra gii php an ton bo mt cho cc HTTT
Cc h mt m ng dng: ch k s, xc thc, giao thc truyn thng bo mt, thng mi in t,
Ni dung
Khi nim c bn v an ton thng tin Mt m hc
Mt m c in v cc h mt m ha cng khai Ch k in t, k thut hm bm Giao thc mt m v an ton thng tin
An ton cc HTTT
An An An An ton ton ton ton phn mm h iu hnh c s d liu mng, Web
S cn thit ca An ton HTTT

Thit hi an ton HTTT Thit hi thi gian: theo vin SANS, my tnh khng c bo v ch sng st < 20 trn internet Thit hi kinh t: ~ t USD hng nm
1. 2. 3. 4. Vi rt T chi dch v
[CERT]: Mi nguy
[CERT]: S c
[CERT]: Quy m, Tnh phc tp
Hi/p
Nhng nm v trc, mt s tin tc c tuyn dng vo cc cng ty hay t chc trn th gii m h ph hoi. Gn y khuynh hng ny gim r rt. Bn ngh g v s thay i ny? N tt hay xu? V sao?
An ton
Mc tiu ca an ton l bo v ti sn trnh khi cc mi e da, s dng cc bin php ngn chn Ti sn no? Mi e da no? Bin php ngn chn no?
An ton HTTT
Ti sn: phn cng, phn mm, d liu Mi e da: ph hoi, can thip, sa i Bin php ngn chn: m ha, kim sot thng qua phn mm/phn cng/cc chnh sch
An ton HTTT
3 Mc tiu: B mt (Confidentiability): ti sn ch c truy nhp bi nhng ngi c quyn Ton vn (Intergrity): ti sn ch c to/xa/sa i bi nhng ngi c quyn Sn dng (Availability): ti sn sn sng p ng s dng cho nhng ngi c quyn
Hi/p
Nhng bin php ngn chn no ang c s dng trn my tnh c nhn ca bn? Cc bin php ny nhm ngn chn nhng e da no?
An ton HTTT - Mi e da
Phn mm c tnh (Malware) Phishing Spam T chi dch v (Denial of service) Truy nhp tri php (Unauthorized access) Giao dch gian ln (Fraudulent transaction)
An ton HTTT - Bin php

Giao thc m ha Kim tra ngi s dng + mt khu Qut/dit phn mm c tnh Gii hn truy nhp Phn quyn trong h iu hnh Tng la H thng pht hin t nhp Th thng minh m ha Kha
Cc ch
Mt m hc An ton phn mm An ton h iu hnh An ton c s d liu An ton mng, Web
Trm t bng my tnh xch tay

2007, chic BMW X5 ca David Beckham b nh cp Madrid K cp s dng my tnh xch tay, ng ten v phn mm b kha ng ten thu sng pht ra t chp RFID c ci trong kha Phn mm c dng th tt c cc kh nng m ha (hng nghn t) Ngun:
http://www.msnbc.msn.com/id/13507939
2004, cc nh nghin cu ca H Johns Hopkins b c kha ca mt s xe i mi Texas Instruments, nh sn xut chip RFID, b qua li cnh bo ca nhm nghin cu
Gii m Enigma
My m ha v gii m pht minh bi Arthur Scherbius cui th chin th nht Enigma c s dng trong qun i c Quc x trong th chin th hai Cng trnh gii m Enigma ca qun ng minh c cc s gia nh gi l rt gn 2 nm thi gian th chin Mt trong nhng lc lng gii m ni ting l nhm HUT 8 ca Anh, do Alain Turing dn u
Cc ch (1)
Mt m hc
H Mt m c in H Mt m kha b mt H Mt m kha cng khai Hm bm, ch k s Qun l kha, giao thc mt m,
Tn cng iPhone
2007, cc nh nghin cu ca Independent Security Evaluators pht hin mt l hng to iu kin cho k t nhp kim sot iPhone Trnh duyt Safari ca iPhone chy vi c quyn admin -> phn mm c tnh chy vi c quyn admin t nhp thng qua im truy nhp khng dy (wireless access point) Cc trang Web Email, SMS c cha cc ng dn n cc trang web b chim ot
Ngun:
http://securityevaluators.com/content/case-studies/iphone//
Cc ch (2) & (3)

An ton phn mm
Cc mi e da Cc bin php an ton Sot li Kim nh Lp trnh an ton
An ton h iu hnh
Cc mi e da Cc bin php an ton Phn quyn, iu khin truy nhp, Sandbox Trusted computing
500 000 trang Web b tn cng

2008, hn na triu trang Web, trong c c cc trang ca Lin Hp Quc b tn cng Tn cng dng SQL injection Khai thc l hng trong SQL Server ca Microsoft Ngun:
http://www.computerworld.com/s/article/9080580/Huge _Web_hack_attack_infects_500_000_pages
Cc ch (4)
An ton c s d liu
Cc mi e da Cc bin php an ton
Gii php a tng
t nhp hp th Gmail
2008, ti hi ngh Defcon hacker mt nh nghin cu demo mt cng c cho php t nhp vo hp th Gmail, ngay c khi cc phin truy nhp hp th c m ha (https:// thay v http:// ) t nhp thng qua vic nh cp Session Cookie
Session Cookie chng nhn my tnh ng nhp thnh cng Session Cookie b nh cp s c s dng nh mt chng nhn hp l truy nhp hp th Gmal
Ngun: Washington Post
Cc ch (5)
An ton mng, Web
Cc mi e da Tn cng t chi dch v Spam Phn mm c tnh Cc cng c bo v
Mt m & ng dng
Mt m hc
Mt m hc (Cryptology)
Mt m (Cryptography) M thm (Cryptanalysis)
Mt m
Tng cng cc tnh cht B mt v Ton vn thng tin: cc php m ha Xy dng cc k thut trao i thng tin b mt: cc giao thc mt m
M thm
Ph m
Lch s ngnh Mt m
Giai on Tin s (~ 2000, TCN) Nhng du hiu u tin ca Mt m xut hin bn b sng Nile, Ai Cp Giai on Mt m th cng (~ 50, TCN) Php m ha Ceasar Giai on Mt m c hc (cho n Th chin 2) My Enigma c Cc nghin cu v Gii m Anh Giai on Mt m in t Da vo Ton hc v Tin hc c t nn mng bi Shanon, Diffie v Hellman Kha b mt (DES, AES,), Kha cng khai (RSA, ElGamal, )
Trao i thng tin b mt

Alice v Bob trao i thng tin b mt, c m ha Eve v Charlie tn cng bng gii m
Eve Alice Tn cng th ng Bob
Charlie
Tn cng ch ng
Mc tiu An ton
B mt (Confidentiality) Ton vn (Integrity) Xc thc (Authentication) Chng ph nhn (Non-repudiation)
Ch
H mt m c in H mt m kha b mt (i xng) H mt m kha cng khai (bt i xng) Hm bm, ch k s Qun l kha, giao thc mt m,
H mt m
H Mt m = B 5 (K,M,C,E,D) Khng gian Kha (Key): K Khng gian Tin (Message/Plaintext): M Khng gian M (Cipher): C Hm m ha (Encryption)
E: K x M -> C
Hm gii m (Decryption)
D: K x C -> M
Ch
H mt m c in
M ha Tin
Gii m
Tin ban u
H mt m c in
M hon v M n th
M hon v
Cc k t trong Tin c hon v cho nhau
M hon v
Hon v ct
c1 c6 c11 c2 c7 c12 c3 c8 c4 c9 c5 c10
chuyn thnh
c1 c12 .. c6 c3 . c11 c8 . c2 . c7 .
Hon v ct
Tin
T H I S S A M E S A G E O S H O H O WA O L U M A R T R N S P O I T I O WOR K I S T W C N A S N S
Hon v ct
Tin
T H I S S A M E S A G E O S H O H O WA O L U M A R T R N S P O I T I O WOR K I S T W C N A S N S
M
t s oa ha l r i m u t s e mr i s n a s n a s g p e o t s o i s t h i o o w n h w o o w r a k c s
M n th
Mi k t c thay th bng mt k t khc
M n th
M Ceasar: c = m + n m: k t trong Tin c: k t tng ng trong M n: dch chuyn +: php cng modulo 26 V d: n = 3 Tin: ABCDEFGHIJKLMNOPQRSTUVWXYZ M: defghijklmnopqrstuvwxyzabc
M Ceasar
Tin
TREATY IMPOSSIBLE
M Ceasar
Tin
TREATY IMPOSSIBLE
M
WUHDWB LPSRVVLEOH
Ch
H mt m kha i xng
Duy nht mt kha cho qu trnh m ha v gii m
C = E(K,M) M = D(K,C)
Kha phi c gi b mt
H mt m kha i xng
Kha duy nht
M ha Tin
Gii m
Tin ban u
Cc H mt m kha i xng
M lung
M Vigenre M Vernam
M khi
DES AES
M lung
n v m ha c bn l cc k t
Cc k t trong Tin c m ha tch bit
M Vigenre
Kha
Tin
M Vigenre
Kha
BENCH A LIMERICK PACKS LAUGHS ANATOMICAL B ENCHBENC HBENC HBENCH BENCHBENCH
Tin Ni di Kha M ha
Kha: Tin: M:
B ENCHBENC HBENC HBENCH BENCHBENCH A LIMERICK PACKS LAUGHS ANATOMICAL B PVOLSMPM WBGXU SBYTJZ BRNVVNMPCS
M Vernam
K t l cc bit Kha
K = K1K2K3Kn S ngu nhin Ki Mi Ci = Ki xor Mi
Tin
M = M1M2M3Mn
0 0 1 1
0 1 0 1
0 1 1 0
M
C = C1C2C3Cn trong Ci = Ki xor Mi
M khi
n v m ha c bn l cc khi k t Cc tham s bao gm kch thc khi v chiu di kha
Kch thc khi ln chng tn cng bng thng k Chiu di kha ln chng tn cng vt cn
Data Encryption Standard (DES)

Lch s ~ 1970, NIST ku gi xy dng h mt m dnh cho cng chng 1974, IBM xy dng DES trn nn tng ca h Lucifer 1979, chun ha Mc tiu Mc ch s dng rng ri an ton cao Khng ph thuc vo tnh b mt ca thut ton ng dng ATM Truy nhp t xa
Data Encryption Standard (DES)

DES
Khi 64 bit Kha 56 bit 16 vng lp m ha Mi vng kt hp Hon v + n th
Kha 56 bit
Tin
M ha DES
M ha DES
TIN 64-bit Hon v u IP Vng 1 Vng 2 ...... Vng 16 Hon v cui FP M 64-bit K1 48-bit K2 48-bit K16 48-bit KHA 64-bit KS
IP, FP
IP 58 60 62 64 57 59 61 63 50 52 54 56 49 51 53 55 42 44 46 48 41 43 45 47 34 36 38 40 33 35 37 39 26 28 30 32 25 27 29 31 18 20 22 24 17 19 21 23 10 12 14 16 9 11 13 15 2 4 6 8 1 3 5 7 40 39 38 37 36 35 34 33 8 7 6 5 4 3 2 1 48 47 46 45 44 43 42 41 16 15 14 13 12 11 10 9 FP 56 55 54 53 52 51 50 49 24 23 22 21 20 19 18 17 64 63 62 61 60 59 58 57 32 31 30 29 28 27 26 25
IP(b1b2b64) = b58b50b7 FP(b1b2b64) = b40b8b25
KS
KS1 57 1 10 19 63 7 14 21 49 58 2 11 55 62 6 13 41 50 59 3 47 54 61 5 33 42 51 60 39 46 53 28 25 34 43 52 31 38 45 20 17 26 35 44 23 30 37 12 9 18 27 36 15 22 29 4 14 3 23 16 41 30 44 46 17 28 19 7 52 40 49 42 11 15 12 27 31 51 39 50 KS2 24 6 4 20 37 45 56 36 1 21 26 13 47 33 34 29 5 10 8 2 55 48 53 32
KS1 chuyn khi 64 bit thnh khi 2 khi 28 bit KS2 chuyn 2 khi 28 bit thnh khi 48 bit
KS2 (b1b2b56) = b14b17b32 KS1(b1b2b64) = b57b49b36 b63b55b4
KS
Kha ban u K (C0,D0) = KS1(K) Ki = KS2 (Ci,Di)
Ci
Dch chuyn vng trn sang tri 1 bit Ci-1 nu i = 1,2,9,16 Dch chuyn vng trn sang tri 2 bit Ci-1 trong cc trng hp khc
Tng t cho Di
Vng lp DES
32 bit tri 32 bit phi E xor S-boxes P xor 32 bit tri 32 bit phi kha 48-bit
E, P
E 32 4 8 12 16 20 24 28 1 5 9 13 17 21 25 29 2 6 10 14 18 22 26 30 3 7 11 15 19 23 27 31 4 8 12 16 20 24 28 32 5 9 13 17 21 25 29 1 16 29 1 5 2 32 19 22 7 12 15 18 8 27 13 11 P 20 28 23 31 24 3 30 4 21 17 26 10 14 9 6 25
E(b1b2b32) = b32b1b1 P(b1b2b32) = b16b7b25
S-Boxes
Chuyn khi 48 bit thnh khi 32 bit 8 khi 6 bit: S1, S2,,S8 (b1b2b3b4b5b6) Chuyn S1 thnh khi 4 bit
b1b6 cho gi tr thp phn i b2b3b4b5 cho gi tr thp phn j kt qu ti dng i ct j ca bng S1
0 0 1 2 3 14 0 4 15 1 4 15 1 12 2 13 7 14 8 3 1 4 8 2 4 2 14 13 4 5 15 2 6 9 6 11 13 2 1 7 8 1 11 7 8 3 10 15 5 9 10 6 12 11 10 6 12 9 3 11 12 11 7 14 12 5 9 3 10 13 9 5 10 0 14 0 3 5 6 15 7 8 0 13
Tng t i vi S2,S3,,S8 (c bng ring)
S-Boxes
Chuyn S1 (110001) thnh khi 4 bit
b1b6 (11) cho gi tr thp phn i (3) b2b3b4b5 (1000) cho gi tr thp phn j (8): kt qu (5) ti dng i (3) ct j (8) ca bng S1
0 0 1 2 3 14 0 4 15
1 4 15 1 12
2 13 7 14 8
3 1 4 8 2
4 2 14 13 4
5 15 2 6 9
6 11 13 2 1
7 8 1 11 7
8 3 10 15 5
9 10 6 12 11
10 6 12 9 3
11 12 11 7 14
12 5 9 3 10
13 9 5 10 0
14 0 3 5 6
15 7 8 0 13
5 (Thp phn) = 0101 (Nh phn)
Gii m DES
S dng cng mt dy kha Th t cc kha o ngc Hon i 2 na tri, phi Thc hin cng s vng lp
im yu DES
Tm kha bng vt cn S dng tnh b loi tr s kh nng kha
256 kh nng
c = DES (k , m) c = DES ( k , m )
V d
1011 = 0100
Kha yu M thm

c = DES(k, m) v m = DES(k, c) c = DES(k1,m) v c = DES(k2,m) Vi sai Tuyn tnh Davies
3DES
M ha
c = E(k3,(D(k2,E(k1,m)))
Gii m
m = D(k1,(E(k2,D(k3,c)))
La chn kha
k1,k2,k3 c lp k1,k2 c lp v k3 = k1 k1=k2=k3
Advanced Encryption Standard (AES)

1997, NIST ku gi xy dng mt h mt m mi thay th DES H Rijndael ca Daemen v Rijmen c la chn 2001, h Rijndael c chun ha thnh AES Da trn l thuyt Trng Galois Khi 128 bit Kha 128, 192, 256 bit n vng lp m ha, ph thuc vo chiu di kha
Kha 128 bit, n = 10 Kha 192 bit, n = 12 Kha 256 bit, n = 14
Mi vng kt hp Hon v + n th
Mt m & ng dng
Ch
Ti sao H mt m kha cng khai

H mt m kha i xng khng p ng c 2 mc tiu an ton
Xc thc Alice v Bob trao i thng tin b mt Alice cn phi bit thng tin chc chn n t Bob, v ngc li Chng ph nhn Alice v Bob trao i thng tin b mt Nu Alice gi thng tin no cho Bob th Alice khng th chi b thng tin l ca mnh
Ti sao H mt m kha cng khai

Qun l kha i xng l mt vn nan gii
Trong cc h kha i xng, mi cp ngi dng phi c kha ring N ngi dng cn N * (N-1)/2 kha Vic qun l kha tr nn phc tp khi s lng ngi dng tng
H mt m kha cng khai

Mi ngi dng c 1 kha ring v 1 kha cng khai
Kha ring b mt Kha cng khai c th chia x
Qun l kha
N ngi dng cn N kha cng khai c xc thc H tng kha cng khai PKI
H mt m kha cng khai

M ha dng kha cng khai k
C = E(k,M)
Gii m dng kha ring K

M = D(K,C)
Kha cng khai Kha ring
M ha Tin
Gii m
Tin ban u
H mt m kha cng khai

M ha dng kha ring K
C = E(K,M)
Gii m dng kha cng khai k

M = D(k,C)
Kha ring Kha cng khai
M ha Tin
Gii m
Tin ban u
Kha b mt vs. Kha cng khai

Kha b mt S kha Bo v kha ng dng Tc 1 Kha c gi b mt B mt v ton vn d liu Nhanh Kha cng khai 2 1 kha b mt 1 kha cng khai Trao i kha Xc thc Chm
H mt m kha cng khai

L thuyt nn tng
phc tp S hc ng d (Modular Arithmetic)
Cc h Mt m kha cng khai

RSA MerkleHellman ElGamal Rabin ng cong lip (Elliptic Curve)
phc tp
phc tp tnh ton (thi gian) Gii quyt cc vn P
Vn d: lp P Vn kh: lp NP
Gii quyt cc vn NP
S trng hp phi xt n l mt hm a thc S trng hp phi xt n l hm ly tha
Cc h mt m kha cng khai da trn kh/phc tp ca gii thut b kha
S hc ng d
S hc ng d
a mod n a op b mod n op = +, -, *, /, ^
V d:
40 mod 6 = 4 5 + 2 mod 6 = 1 9 4 mod 3 = 2 5 * 3 mod 6 = 3 4/2 mod 3 = 2 2^4 mod 6 = 4
S hc ng d
a mod n S d ca a chia n a + b mod n S d ca a + b chia n a - b mod n S d ca a - b chia n a * b mod n S d ca a * b chia n a ^ b mod n Th tc bnh phng a / b mod n Gii thut Euclide m rng
Th tc bnh phng
Da vo tnh cht
a*b mod n = ((a mod n)*(b mod n)) mod n
Tnh a^25
a^25 = a^(11001) a^(11001) = a^(10000+1000+1) a^(10000+1000+1) = a^10000 * a^1000 * a^1 a^10000 * a^1000 * a^1 = a^16 * a^8 * a^1
phc tp (O(logb*(logs)^2)) Hiu qu hn phng php tnh ly tha bng php nhn ng d (O(b*(logs)^2))
Th tc bnh phng
ModExp1(a,b, s) Vo: 3 s nguyn dng a,b,s sao cho a < s bn1 b1b0 l biu din nh phn ca b, n = [logb] Ra: a^b mod s p[0] = a mod s for i = 1 to n1 p[i] = p[i1]^2 mod s r=1 for i = 0 to n1 if b[i] = 1 then r = r*p[i] mod s return r
Bi tp
Tnh 6^73 mod 100
73 = 2^0 + 2^3 + 2^6 6^73 = 6 * 6^(2^3)*6^(2^6) 6 = 6 mod 100 6^(2^3) = 16 mod 100 6^(2^6) = -4 mod 100 6^73 = 6 * (16) * (-4) = 16 mod 100
Gii thut Euclide m rng

Gii thut Euclide
Tnh SCLN(a,b) Da trn tnh cht
Nu a > b th SCLN(a,b) = SCLN(a mod b,b)

Tnh 2 s x, y sao cho
a*x + b*y = SCLN(a,b)
Gii quyt bi ton tm x sao cho

a*x = 1 mod s

Extended-Euclid(a,b) Vo: 2 s nguyn dng a,b Ra: 3 s nguyn x,y,d sao cho d = SCLN(a,b) v ax+by = d 1. 2. 3. 4. Nu b = 0 th tr v (1,0,a) Tm q, r sao cho a = b*q+r (x,y,d) = Extended-Euclid(b, r) Tr v (y,xq*y,d)
Bi tp
Dng gii thut Euclide m rng tm SCLN(120,23)
a 120 23 5 3 2 1 b 23 5 3 2 1 0 q 5 4 1 1 2 _ r 5 3 2 1 0 _ x -9 2 -1 1 0 1 y 47 -9 2 -1 1 0 d 1 1 1 1 1 1
Bi tp
Dng gii thut Euclide m rng tm tm x sao cho 51*x mod 100 = 1
Nu a*x mod n = 1 th tn ti k trong a*x = 1 + n*k Ta c a*x n*k = 1 t y = -k, ta c a*x + b*y = 1 Tm x,y bng gii thut Euclide m rng x = -49, y = 25
H Mt m kha cng khai RSA

RSA
1978 Rivest, Shamir v Adlerman pht minh ra h mt m RSA H mt m kha cng khai ph bin v a nng nht trong thc t S dng cc kt qu trong s hc ng d Da trn phc tp ca bi ton
phn tch s nguyn ra tha s nguyn t
RSA To kha
Chn ngu nhin 2 s nguyn t p, q n=p*q Chn e sao cho 1 < e < (p-1) * (q-1) SCLN(e, (p-1) * (q-1)) = 1 Chn d sao cho 1 < d < (p-1) * (q-1) e*d = 1 mod (p-1) * (q-1) Kha cng khai (n,e) Kha ring (p,q,d)
RSA To kha
V d
p = 11, q = 23 n = 11*23 = 253 (p-1)*(q-1) = 10*22=220 SCLN(e,220) = 1
gi tr nh nht e = 3
p dng gii thut Euclide m rng

d = 147
RSA M ha
M ha s dng kha cng khai
Tin m Kha cng khai (n,e) M
c = mê mod n
RSA M ha
V d
p = 11, q = 23 n = 11*23 = 253 (p-1)*(q-1) = 10*22=220 e=3 d = 147 Tin m = 165 M
c = 165^3 mod 253 = 110
RSA Gii m
Tin m Kha cng khai (n,e) Kha ring (p,q,d) M c = mê mod n Gii m
m = c^d mod n
RSA Gii m
V d
p = 11, q = 23 n = 11*23 = 253 (p-1)*(q-1) = 10*22=220 e=3 d = 147 M c = 165^3 mod 253 = 110 Tin m = 110^147 mod 253 = 165
RSA nh l RSA
Nu (n,e) l kha cng khai (p,q,d) l kha ring 0 <= m < n th (mê)^d mod n = m
RSA nh l Euler & Fermat

Nu ef(n) l s s nguyn dng nh hn n v nguyn t cng nhau vi n x v n l hai s nguyn t cng nhau th xêf(n) = 1 mod n
RSA- an ton
RSA v bi ton phn tch tha s nguyn t
Kha cng khai (n,e) Kha ring (p,q,d) c gi b mt an ton ca RSA da trn kh/phc tp ca bi ton tnh (p,q,d) t (n,e) p,q l 2 s nguyn t,
n = p*q e,d c tnh t p,q Do bi ton trn qui v bi ton PTTSNT(n)
RSA- an ton
La chn p,q
m bo rng bi ton PTTSNT(n) thc s kh Trnh tnh trng p,q ri vo nhng trng hp c bit m bi ton trn tr nn d dng
V d: p-1 c cc tha s nguyn t nh
p,q phi c di ti thiu l 512 bt p,q xp x nhau
RSA- an ton
La chn e
e nh nht c th e khng nh qu trnh b tn cng theo dng low exponent
La chn d
d khng nh qu (d < n/4) trnh tn cng dng low decryption
RSA Hiu nng

Nhn, chia, s d php chia Tnh ly tha modulo
mê mod n c^d mod n
Tc rt chm so vi DES
RSA Bi tp
Cho p = 7, q = 11. Gi s Alice dng kha cng khai (n,e) = (77,17). Tm kha ring. Bit rng cc k t t A n Z c biu din bng cc s nguyn t 00 n 25. Du cch c biu din bng s 26. Bob mun gi cho Alice Tin HELLO WORLD s dng h mt m RSA. Tnh M tng ng.
RSA Bi tp
p n
(p,q,d) = (7,11,53) Tin
H E L L O W O R L D 07 04 11 11 14 26 22 14 17 11 03
M
28 16 44 44 42 38 22 42 19 44 75
Cc Mt m kha cng khai khc

MerkleHellman ElGamal Rabin ng cong lip (Elliptic Curve)
Bi tp
Chng minh nh l Euler & Fermat Chng minh nh l RSA
Mt m & ng dng
Ch
Nhu cu ton vn thng tin

Cc ng dng ch trng mc tiu Ton vn
Ti liu c s dng ging ht ti liu lu tr Cc thng ip trao i trong mt h thng an ton khng b thay i/sa cha
Nim phong ti liu/thng ip

Nim phong khng b sa i/ph hy ng ngha vi ti liu/thng ip ton vn Nim phong: bm (hash), tm lc (message digest), c s kim tra (checksum) To ra nim phong: hm bm
Hm bm
Mc tiu an ton
Ton vn (Integrity)
Hm bm c kha
u vo l mt chui c chiu di bin thin, v u ra c chiu di c nh
Tin:
h: *K n
Ct (Digest): Kha: K
h l hm mt chiu (one way function)

h c tnh phi ng lng (weak collision resistence)

cho x, rt kh tm y /= x sao cho h(x,k) = h(y,k) rt kh tm c x /= y sao cho h(x,k) = h(y,k)
bit y, rt kh tm x sao cho h(x,k)=y nhng rt kh tnh
h c tnh phi ng cht (strong collision resistence)
Hm bm khng kha
u vo l mt chui c chiu di bin thin, v u ra c chiu di c nh
h : * n
Tin:
Ct (Digest):
h l hm mt chiu (one way function)

h c tnh phi ng lng (weak collision resistence)

cho x, rt kh tm y /= x sao cho h(x) = h(y) rt kh tm c x /= y sao cho h(x) = h(y)
bit y, rt kh tm x sao cho h(x)=y nhng rt kh tnh
h c tnh phi ng cht (strong collision resistence)
K thut to hm bm
Dng cc hm m ha
CBC RMDP DM
Dng cc php ton s hc ng d

QCMDC DP
Dng cc hm thit k c bit

MD4/5 SHA/SHS
K thut to hm bm
Dng cc hm m ha
CBC RMDP DM

QCMDC DP

MD4/5 SHA/SHS
CBC - Chaining Block Cipher

Mt m i xng
Hm m ha E Kha K
Hm bm
M = M1M2Mn Hi = E(K,Mi xor Hi-1) H = Hn
RMDP Rabin, Matyas, Davise, Price

Mt m i xng
Hm m ha E Kha l cc khi ca tin
Hm bm
M = M1M2..Mn H0 = r (r ngu nhin) Hi = E(Mi,Hi-1) H= Hn
DM Davies, Meyer
Mt m i xng
Hm m ha E Kha l cc khi ca tin
Hm bm
M = M1M2..Mn H0 = r (r ngu nhin) Hi = E(Mi,Hi-1) xor Hi-1 H = Hn
K thut to hm bm
Dng cc hm m ha
CBC RMDP DM

QCMDC DP

MD4/5 SHA/SHS
QCMDC Quadratic Congruential Manipulation Dectection Code

M = M1M2Mn
Mi khi n bit
N l s nguyn t sao cho

N >= 2^(n-1)
Hm bm
H0 = r (r ngu nhin) Hi = (Hi-1+Mi)^2 mod N H = Hn
DP Davies, Price
M = M1M2Mn N l s nguyn t sao cho
N >= 2^r
Hm bm
H0 = 0 Hi = (Hi-1 xor Mi)^2 mod N H = Hn
K thut to hm bm
Dng cc hm m ha
CBC RMDP DM

QCMDC DP

SHA/SHS MD4/5
SHA-1
SHA = Secure Hash Algorithm c xut v bo tr bi NIST Dng trong h DSS (Digital Signature Standard) ca NIST c s dng rng ri
SSL, PGP, SSH, S/MIME, IPSec
SHA-1
u vo bi s ca 512 bit Gi tr bm 160 bit 80 vng lp tnh ton
Vng lp SHA-1
Vng lp SHA-1
A,B,C,D,E khi 32 bit Kt hng s ca vng lp t Wt c tnh t cc khi ca Tin <<< dch chuyn cc bit sang tri cng modulo 32 F l hm kt hp cc php ton logic
not, and, or, xor
MD5
MD = Message Digest MD5 c xut bi Rivest vo nm 1991 c s dng rng ri
Truyn tp tin Lu tr mt khu
MD5
u vo 512 bit Gi tr bm 128 bit 64 vng lp tnh ton
Vng lp MD5
Vng lp MD5
A,B,C,D khi 32 bit Ki hng s ca vng lp i Mi khi 32 bit ca Tin <<< dch chuyn cc bit cng modulo 32 F l hm kt hp cc php ton logic
not, and, or, xor
Tn cng Hm bm
e da/mi nguy
Nghch l sinh nht Trong mt nhm 23 ngi, xc sut c hai ngi c cng mt sinh nht l khng nh hn 1/2 Tn cng dng sinh nht Tnh N gi tr bm trong thi gian v khng gian cho php Lu tr cc gi tr bm tm ra ng Xc sut ng
Nu N > 2^(n/2) gi tr bm, th xc sut ng l > 1/2, trong n l di ca chui gi tr bm
Ch k s
1976, Diffie & Hellman ln u tin cp n khi nim Ch k s 1989, phin bn thng mi Ch k s u tin trong Lotus Notes, da trn RSA ng dng
Hp ng s Bu c in t Giao dch ngn hng
Ch k s
Mc tiu an ton
Xc thc (Authentication) Chng ph nhn (Non-repudiation)
H ch k s
Thut ton to ch k
K hiu S u vo l mt thng tin m Ch k S(m)
Thut ton kim nh ch k

K hiu V u vo l thng tin m v ch k km theo s V(m,s) = true khi v ch khi s = S(m)
K thut to Ch k s
Mt m kha cng khai Mt m kha cng khai + Hm bm
RSA + Hm bm ElGamal + Hm bm DSA
Ch k s dng Mt m kha cng khai

RSA
Chn ngu nhin 2 s nguyn t p, q n=p*q Chn e sao cho 1 < e < (p-1) * (q-1) SCLN(e, (p-1) * (q-1)) = 1 Chn d sao cho 1 < d < (p-1) * (q-1) e*d = 1 mod (p-1) * (q-1) Kha cng khai: (n,e) Kha ring: (p,q,d) M ha: c = mê mod n Gi m: m = c^d mod n
Ch k s dng RSA
Tin m Kha cng khai (n,e) Kha ring (p,q,d) To ch k
s = m^d mod n
Kim nh ch k
m =? sê mod n
Ch k s dng RSA
e da/mi nguy
Tn cng dng tro kha Tn cng dng chn tin, da trn c im nhn tnh ca RSA Nu m1^d mod n l ch k ca m1, m2^d mod n l ch k ca m2, th (m1*m2)^d mod n l ch k ca m1*m2 Tn cng dng khng Tin Ly kha cng khai k ca Alice To tin m v ch k s ca m sao cho m v s c cng nhn bi thut ton kim nh s dng k
Ch k s dng Mt m kha cng khai + Hm bm

Tng cng an ton bng kt hp
H mt m kha cng khai Hm bm
Thut ton to ch k
Hm m ha s dng kha ring Hm bm
Thut ton kim nh ch k

Hm gii m s dng kha cng khai Hm bm
Chun Ch k s - DSS
To ch k
Tin Hm bm Tm lc Kha cng khai Kha ring Sinh ch k Ch k Hp l/ Khng hp l Kim nh ch k
Kim nh ch k
Tin Hm bm Tm lc
Ch k s RSA + Hm bm
Cc thng s
Hm bm h 2 s nguyn t p,q
Ch k s RSA + Hm bm
To kha
n = p*q Chn e sao cho 1 < e < (p-1) * (q-1) SCLN(e, (p-1) * (q-1)) = 1 Chn d sao cho 1 < d < (p-1) * (q-1) e*d = 1 mod (p-1) * (q-1) Kha cng khai (n,e) Kha ring (p,q,d)
Ch k s RSA + Hm bm
To ch k
Tin m Ch k s = h(m)^d mod n
Ch k s RSA + Hm bm
Kim nh ch k
Ch k s Tin m Kim nh h(m) ?= sê mod n
Ch k s ElGamal + Hm bm
Cc thng s
Hm bm h S nguyn t p S nguyn g sao cho
g^c = b mod p trong b,p nguyn t cng nhau
To kha
Chn a sao cho 0 < a < p-1
A = gâ mod p a c gi l logarit ri rc ca A
Kha cng khai

(p,g,A)
Kha ring
a
To ch k
Tin m Chn k sao cho
0 < k < p-1 k nguyn t cng nhau vi p-1
Ch k
r = g^k mod p s = k^(-1) * (h(m) a*r) mod (p-1)
Kim nh ch k
Ch k (r,s) Tin m Kim nh
0<r<p 0 < s < p-1 A^r*r^s ?= g^h(m) mod p
Ch k s DSA
Cc thng s
Hm bm h S nguyn t q S nguyn p sao cho
p-1 la bi s ca q
S nguyn g sao cho

g = x^((p-1)/q) mod p trong x < p
Ch k s DSA
To kha
Chn a < q
A = gâ mod p
Kha cng khai

(p,q,g,A)
Kha ring
a
Ch k s DSA
To ch k
Tin m Chn k sao cho 0 < k < q Ch k
r = (g^k mod p) mod q s = k^(-1) * (h(m) + a*r) mod q
Ch k s DSA
Kim nh ch k
Ch k (r,s) Tin m Kim nh
0<r<q 0<s<q r = ((g^(s^(-1)*h(m) mod q) A^(r*s^(-1) mod q)) mod p) mod q
Mt m & ng dng
Ch
H Mt m khng Kha H Mt m kha b mt (i xng) H Mt m kha cng khai (bt i xng) Hm bm, ch k s Qun l kha, giao thc mt m,
Qun l kha, giao thc mt m,

Qun l kha
Kha i xng TTP Kha cng khai PKI
Giao thc mt m Thng nht kha

Diffie-Hellman
Xc thc
Needham-Schroeder

Qun l kha

Diffie-Hellman
Xc thc
Needham-Schroeder
Qun l kha
Qun l kha l mt vn quan trng
Tnh b mt: kha i xng Tnh ton vn: kha i xng, kha cng khai
Gii php qun l kha

Kha i xng Trng ti (Trusted Third Party) Kha cng khai PKI (Public Key Infrastructure)
Qun l kha i xng

M hnh c bn trao i thng tin kha i xng
A2 A3
A1
A4
A6
A5
M hnh c bn trao i thng tin kha i xng

u im
D dng thm bt cc thc th
Nhc im
Mi thc th phi lu tr nhiu kha di hn trao i vi cc thc th khc Thng nht, chia x kha kh khn i hi cc thc th phi tin tng nhau
Qun l kha i xng nh trng ti

Trng ti (Trusted Third Party)
Thc th c tt c cc thc th tham gia khc tin tng Mi thc th tham gia chia x mt kha i xng vi Trng ti Hai thc th trao i thng tin bng kha i xng c Trng ti to ra
Qun l kha i xng nh Trng ti
A2 E(k2,k) A1 E(k,m) k
A3
TTP
Ngun kha
A4
E(k6,k) A6 A5
Qun l kha i xng nh Trng ti

u im
D dng thm bt cc thc th Mi thc th ch cn lu tr mt kha i di hn
Nhc im
Tt cc cc cuc trao i thng tin u cn tng tc ban u vi Trng ti Trng ti phi lu tr nhiu kha i xng di hn Trng ti phi x l khi lng ln thng tin Nu Trng ti b e da, tt c cc trao i thng tin u b e da
Qun l kha cng khai

M hnh c bn trao i thng tin kha cng khai
c = E(e6,m) A2: d2 A3: d3
Th mc cng cng
A1: d1 e6 c A1: e1 A2 : e2 A3 : e3 A4 : e4 A5 : e5 A6 : e6 A5:d5 A4: d4
m = D(d6,c) A6: d6

u im
Khng cn TTP Th mc cng cng c th c lu tr cc b cng cc thc th S kha lu tr bng s thc th tham gia
Nhc im
Tn cng ch ng

Tn cng ch ng
A2: d2 c = E(e*,m) K tn cng: d* e* A3: d3
Th mc cng cng
A1: e1 A2 : e2 A3 : e3 A4 : e4 A5 : e5 A6 : e6 e* A5:d5 A4: d4
c = E(e6,m) m = D(d6,c) A6: d6
Qun l kha cng khai nh PKI

H tng kha cng khai (PKI)
L mt h tng an ton trong cc dch v c xy dng v cung cp da trn cc khi nim v k thut kha cng khai Mc tiu ca PKI ni kha cng khai vi thc th thng qua mt thc th c tin cy c thm quyn cp pht chng nhn s
Certificate Authority
Cc hp phn ca PKI
Pht hnh chng nhn (Certificate Issuance) Mt hay nhiu thc th tin cy c quyn pht hnh chng nhn Cc thc th ny gi l Certificate Authorities Thu hi chng nhn (Certificate Revocation) Thu hi chng nhn ht hn s dng Sao lu/Phc hi/Cp nht kha (Key Backup/Recovery/Update) Sao lu kha ring Phc hi trong trng hp b mt Cp nht kha m bo an ton Tem thi gian (Time Stamping) Thi gian cp pht chng nht

M hnh trao i thng tin
V(A6||e6,s6) c = E(e6,m) A2: d2 A3: d3
Certificate Authority
Cp chng nhn
A1: d1 c
A6||e6,s6 A1, A2, A3, A4, A5, A6,
e1, e2, e3, e4, e5, e6,
s1 s2 s3 s4 s5 s6
= = = = = =
S(A1||e1) S(A2||e2) S(A3||e3) S(A4||e4) S(A5||e5) S(A6||e6)
A4: d4
m = D(d6,c) A6: d6
A5:d5

u im
Chng tn cng ch ng CA ch cp chng nhn, khng tham gia vo vic trao i thng tin gia cc bn C th gim thiu tng tc vi CA bng cch lu cc chng nhn cc b
Nhc im
Nu thut ton sinh ch k ca CA b e da, tt c cc trao i thng tin u b e da tin cy hon ton da trn CA

Qun l kha

Diffie-Hellman
Xc thc
Needham-Schroeder
Giao thc
Giao thc
Mt chui cc bc thc hin Cc bc thc hin phi tng minh Tt c cc tnh hung phi c d tnh v c cc bc thc hin trc C t nht 2 bn tham d Cc bn tham d phi hiu bit v tun th cc bc thc hin
Giao thc mt m
Giao thc truyn thng = Giao thc trong cc bc thc hin l trao i thng tin Giao thc mt m = Giao thc truyn thng + Mt m hc Thng thng mt giao thc mt m kt hp cc kha cnh sau
Thng nht kha Xc thc M ha Chng ph nhn
M t giao thc mt m
Cc thc th tham gia giao thc Cc bc thc hin ca giao thc
1. Bc 1 2. Bc 2 3.
Mt bc thc hin
Alice gi cho Bob thng tin M
Aice -> Bob: M
Giao thc mt m SSL/TLS

SSL/TLS
Giao thc mt m trao i thng tin trn Internet SSL c pht trin bi Netscape TLS k tha t SSL phin bn 3.0 ng dng
Duyt Web, Email, IM, VoIP, Thng mi in t: Visa, MasterCard, American Express,
Khi to phin SSL/TLS

Cc pha khi to SSL/TSL
1. Bt tay 2. Thng lng la chn gii thut
Thng nht kha: RSA, Diffie-Hellman, M ha kha i xng: 3DES, AES, Ch k s: RSA, DSA, Hm bm: SHA, MD5,
3. Xc thc 4. Thng nht kha
Khi to phin SSL/TLS

1. 2. 3. 4. 5. 6. 7. 8. Client cho Server C -> S: Hi, Im Client Server cho Client S -> C: Hi, Im Server Server xc thc vi Client S -> C: PK, sig(PK) Client kim nh ch k sig(PK) Client to ra mt s ngu nhin b mt MS Client gi Server MS m ha C - > S: y=E(PK,MS) Server gii m y MS = D(K,y) Client v Server to 2 kha b mt K1, K2 = h(MS)
Qun l kha, chia x b mt

Qun l kha

Diffie-Hellman
Xc thc
Needham-Schroeder
Thng nht kha

Trao i thng tin b mt vi tc nhanh
Mt m kha i xng
Thit lp v trao i kha

Cc thc th tham gia phi thng nht kha i xng Qu trnh thng nht kha phi m bo
Tnh b mt Tnh ton vn
Giao thc Diffie-Hellman

1976, Diffie v Hellman pht minh giao thc thng nht kha
Hnh thnh v trao i kha chung b mt trn mt knh truyn tin khng an ton
S dng cc kt qu trong l thuyt nhm s nguyn nhn tnh ng d Da trn phc tp ca bi ton
Logarit ri rc
Diffie-Hellman
1. Alice (A) chn v gi cho Bob (B) s nguyn t p v mt phn t nguyn thy g thuc nhm nhn tnh mod p
A -> B: p,g
2. 3. 4. 5. 6.
Alice chn mt s t nhin ngu nhin a v gi gâ mod p cho Bob Bob chn mt s t nhin ngu nhin b v gi g^b mod p cho Alice Alice tnh (g^b mod p)â mod p Bob tnh (gâ mod p)^b mod p Kha chung b mt g^(a*b) mod p
B -> A: g^b mod p A -> B: gâ mod p
Diffie-Hellman
V d: p = 23, g = 5, a = 6, b = 15 1. Alice gi Bob p=23, g=5
2. Alice chn a=6, v gi Bob gâ mod p = 5^6 mod 23 = 8 3. Bob chn b=15, v gi Alice g^b mod p = 5^15 mod 23 = 19 4. Alice tnh 5. Bob tnh
B -> A: 19 19^6 mod 23 = 2 8^15 mod 23 = 2 A -> B: 8 A -> B: 23,5
6. Kha K = 2
an ton ca Diffie-Hellman
Kha b mt
Bi ton Diffie-Hellman Bit g, gâ, g^b. Tm g^(a*b)? Bi ton Logarit ri rc Bit gâ. Tm a?
Tnh xc thc
Tn cng dng Man-in-the-middle Alice v Bob mun thng nht kha b mt Eve l k gia Alice v Eve thng nht g^(a*e) Bob v Eve thng nht g^(b*e)

Qun l kha

Diffie-Hellman
Xc thc
Needham-Schroeder
Xc thc
Rt nhiu ng dng i hi cc thc th tham gia phi chng minh danh tnh
M hnh Client-Server an ton
Qu trnh cc nhn danh tnh ca cc thc th phi m bo

Tnh ton vn
Chng mo danh
Giao thc Needham-Schroeder

1978, Needham v Schroeder pht minh giao thc xc thc trn mng my tnh khng an ton
Chng minh nhn dng ca cc thc th trao i thng tin Ngn chn nghe ln, thay i thng tin
ng dng
Xc thc trong m hnh Client-Server: Kerberos
2 loi giao thc

Kha i xng Kha cng khai
Needham-Schroeder kha i xng

Alice (A) mun trao i thng tin vi Bob (B) Alice v Bob cng tin tng mt Server (S) trung gian
Kas kha i xng gia A va S Kbs kha i xng gia B va S Na v Nb l cc nonce Kab l kha i xng gia A v B
Needham-Schroeder kha i xng

1. 2. 3. 4. 5. A gi thng tin ca mnh v B cho S A -> S: A,B,Na S gi kha Kab cho A, thng tin c m ha S -> A: {Na,Kab,B,{Kab,A}_Kbs}_Kas A gi kha Kab cho Bob, thng tin c m ha A -> B: {Kab,A}_Kbs B tr li A nhn c kha Kab, thng tin c m ha B -> A: {Nb}_Kab A bo B rng A sn sng v ang gi kha Kab, thng tin c m ha A -> B: {Nb-1}_Kab
Tn cng Needham-Schroeder kha i xng

Tn cng Replay
Charlie ly c {Kab,A}_Kbs v s dng Kab mt phin trao i thng tin khc vi Bob m Bob khng pht hin c
Ngn chn tn cng Replay

Gii php dng trong Kerberos
Tem thi gian (Timestamp) Nonce
Needham-Schroeder kha cng khai

Alice (A) mun trao i thng tin vi Bob (B) Alice v Bob cng tin tng mt Server (S) trung gian
Ka v ka kha ring v cng khai ca A Kb v kb kha ring v cng khai ca B Ks v ks kha ring v cng khai ca S Na v Nb l cc nonce
Needham-Schroeder kha cng khai

1. 2. 3. 4. 5. 6. 7. A S A B S B A yu cu S kha cng khai ca B A -> S: A,B gi kha cng khai ca B cho A S -> A: {kb,B}_Ks gi nonce ca mnh cho B A -> B: {Na,A}_kb yu cu S kha cng khai ca A B -> S: B,A gi kha cng khai ca A cho B S -> B: {ka,A}_Ks gi nonce ca mnh v ca A cho A B -> A: {Na,Nb}_ka khng nh nhn c nonce ca B A ->B: {Nb}_kb
Tn cng Needham-Schroeder kha cng khai
Tn cng Man-in-the-middle
1. 2. 3. 4. 5. A -> I: {Na,A}_ki I -> B: {Na,A}_kb B -> I: {Na,Nb}_ka I -> A: {Na,Nb}_ka A -> I: {Nb}_ki
6. I -> B: {Nb}_kb
middle
Thay
Ngn chn tn cng Man-in-the-
B -> A: {Na,Nb}_ka
Bi
B -> A: {Na,Nb,B}_ka
An ton Phn mm
An ton Phn mm
Phn mm c tnh
Cc phn mm c tnh thng gp Cc bin php ngn chn
Li phn mm
Cc li phn mm thng gp Cc bin php an ton
Kim th (Testing) Kim nh hnh thc (Formal Verification) Lp trnh an ton (Secure Coding)
An ton Phn mm
Phn mm c tnh
Li phn mm
Phn mm c tnh
Chy theo ch nh ca ngi lp trnh ra n Chy v phn ng theo cch bt thng, khng trng i t pha ngi dng n nu trong h thng, hoc gn vo cc phn mm khng c tnh C th lm c mi th m mt phn mm c th lm
Cc phn mm c tnh thng gp

Vi rut (Virus)

Trojan horse
Gn vo mt chng trnh, pht tn bn sao ra khc chng trnh khc C cc tnh nng bt thng Pht ng khi iu kin c tha mn Pht ng khi n hn thi gian Cho php truy nhp tri php cc tnh nng Pht tn bn sao qua mng Nhn bn n khi khng cn ti nguyn
Bom logic (Logic bomb)
Bom thi gian (Time bomb) Trapdoor
Su (Worm)
Th (Rabbit)
Kch hot Virus

Virus ch gy hi khi c kch hot
Virus chy cng vi mt chng trnh khc chy bi ngi dng Virus chy khi m tp nh km trong emails, tp nh, tp ha
M virus ni vo m chng trnh
M virus bao quanh m chng trnh
M virus tch hp vo m chng trnh
Virus ti liu
Ti liu
Slide Spreadsheet
Lnh
Macro Bin Th tc Truy nhp tp, CSDL Gi h thng
Virus ot quyn kim sot
Ni n nu Virus
Vng Boot (Boot Sector) B nh (Memory-Resident) ng dng (Application Program) Th vin (Library)
Boot Sector Virus
Du hiu nhn bit Virus

M virus c kiu mu c bit
C th nhn bit cc on m ca tng loi virus Chng trnh nhim virus s ln hn chng trnh ban u V tr virus nh km khng thay i
Cch thc pht ng v hu qu
Nhn dng Code Red

/default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNN %u9090%u6858%ucbd3%u7801%u9090%u6858%u cdb3%u7801%u9090%u6858 %ucbd3%u7801%u9090%u9090%u8190%u00c3%u 0003%ub00%u531b%u53ff %u0078%u0000%u00=a HTTP/1.0
Cch thc pht ng v hu qu

nh km tp

Xm nhp trong b nh Ly lan qua a

Thay i th mc, tp
Thay i bng tn hiu ngt Ti ln b nh khi c tn hiu ngt n tn hiu ngt, gi hm h thng Thay i tp h thng/tp thc thi Ly lan vo vng Boot, chng trnh h thng, chng trnh v d liu n gi h thng Thay i kt qu
Pht tn ly lan n nu
Cc bin php ngn chn

S dng phn mm thng mi t ngun tin cy Kim th phn mm trn mt my tnh/h thng tch bit M tp nh km ch khi no bit r ngun gc Lu ni an ton mt phin bn c th ti to ca h thng ang s dng S dng phn mm qut dit virus
Mt s ng nhn v virus
Virus ch ly nhim trn cc h thng MS Windows Virus khng th thay i cc file hidden hoc read-only Virus ch xut hin trong tp d liu, chng trnh Virus ch pht tn thng qua qua a, email Virus khng th tn ti trong b nh sau khi reboot power off/on Virus ly nhim trn phn cng
An ton Phn mm
Phn mm c tnh
Li phn mm
An ton Phn mm
Phn mm c tnh
Li phn mm
Li phn mm
Lp trnh vin thng mc li
khng c khng c tnh nhng i khi gy hu qu nghim trng
Cc li phn mm thng gp
Trn b m (Buffer Overflow)
Array Index Out of Bound
Khng y (Incomplete Mediation)

Implicit Cast, Integer Overflow
ng b (Synchronization)
File stat()/open()
Li trn b m
1. 2. 3. 4. 5. 6. int authenticated = 0; int (*fnptr)(); void vulnerable() { char buf[80]; gets(buf); }
iu g xy ra nu u vo c hn 80 byte
authenticated /= 0 int (*fnptr)() tr n m ca hm khc
Li khng y
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. char buf[80]; void vulnerable() { int len = read_int_from_network(); char *p = read_string_from_network(); if (len > sizeof buf) { error("length too large, nice try!"); return; } memcpy(buf, p, len); } void *memcpy(void *dest, const void *src, size_t n); typedef unsigned int size_t; iu g s xy ra?
len l s m, copy mt on b nh khng l
Li ng b
1. int openfile(char *path) { 2. struct stat s; 3. if (stat(path, &s) < 0) 4. return -1; 5. if (!S_ISRREG(s.st_mode)) { 6. error("only allowed to regular files; nice try!"); 7. return -1; 8. } 9. return open(path, O_RDONLY); 10. } iu g s xy ra? trng thi h thng thay i gia stat() v open()
An ton Phn mm
Phn mm c tnh
Li phn mm
An ton Phn mm
Phn mm c tnh
Li phn mm
Kim th
Mc ch ca kim th l tm ra li ca h thng
Nu khng tm ra li, chng ta hi vng rng h thng l an ton
Quy trnh kim th

1. 2. 3. 4. 5. 6. n v (Unit Testing) Tch hp (Integration Testing) Chc nng (Function Testing) Hiu nng (Performance Testing) Cng nhn (Acceptance Testing) Ci t (Installation Testing)
Mt s loi hnh kim th c bit

Hi quy (Regression Testing)
Nu h thng c thay i, chnh sa
Xon (Fuzz Testing)

Cc trng hp c bit, d b khai thc v tn cng
Cc tip cn trong kim th

Hp en (Black-box)
Khng c thng tin v cu trc bn trong ca phn mm Dng cho tt c cc mc ca quy trnh kim th
Hp trng (White-box)
Bit cu trc bn trong ca phn mm Thng dng cho kim th n v
Hp xm (Grey-box)
Hn hp en: kim th Trng: thit k ca kim th
An ton Phn mm
Phn mm c tnh
Li phn mm
Kim nh hnh thc

Mc ch ca kim nh hnh thc l chng minh h thng an ton
Cc tip cn trong kim nh hnh thc

Kim nh m hnh (Model checking)
Phn mm c c t bng mt m hnh Qu trnh kim nh thc hin bng cch duyt tt c cc trng thi thng qua tt c cc chuyn tip
Suy din logic (Logical Inference)

u vo ca phn mm b rng buc bng mt biu thc logic Tng t vi u ra Bn thn phn mm cng b rng buc bng mt biu thc logic
Kim nh hnh thc s dng suy din logic
u vo
Chng trnh u ra
u vo + iu kin trc
Chng trnh + iu kin
u ra +iu kin sau
iu kin trc (Precondition)

1. /* Requires: n >= 1 */ 2. int fact(int n) { 3. int t; 4. if (n == 1) 5. return 1; 6. t = fact(n-1); 7. t *= n; 8. return t; 9. }
iu kin sau (Postcondition)

1. /* Ensures: returnvalue >= 0 */ 2. int fact(int n) { 3. int t; 4. if (n == 1) 5. return 1; 6. t = fact(n-1); 7. t *= n; 8. return t; 9. }
iu kin trong chng trnh

1. int fact(int n) { 2. int t; 3. if (n == 1) 4. return 1; 5. /* n>=2 */ 6. t = fact(n-1); 7. /* t>=0 */ 8. t *= n; 9. /* t>=0 */ 10. return t; 11. }
iu kin
1. /* Requires: n >= 1; Ensures: returnvalue >= 0 */ 2. int fact(int n) { 3. int t; 4. if (n == 1) 5. return 1; 6. /* n>=2 */ 7. t = fact(n-1); 8. /* t>=0 */ 9. t *= n; 10. /* t>=0 */ 11. return t; 12. }
An ton Phn mm
Phn mm c tnh
Li phn mm
Lp trnh an ton (Secure Coding)

Nguyn tc
M un (Modularity) ng gi (Encapsulation) Giu thng tin (Information Hiding)
M un
Thit k cc hp phn
Mt mc tiu/nhim v Nh n gin c lp
ng gi
Giu thng tin v cch thc ci t cc hp phn
V d: lp o C++, giao din Java
Gim thiu chia x gia cc hp phn

V d: cc th vin
Cc hp phn tng tc thng qua cc giao din

V d: tng tc gia cc i tng thng qua cc phng thc
Giu thng tin

Mt hp phn nh mt hp en nhn t pha ngoi
V d: mt lp C++, Java
Cc phn t bn ngoi khng th thay i sa cha thng tin mt cch c v tri php
V d: cc thuc tnh private, protected
Lp trnh an ton (Secure Coding)

Mt s quy tc thc hnh
S dng mt chun lp trnh Lp trnh phng th
Kim tra d liu u vo/u ra S dng c quyn thp nht c th
Thit k theo chnh sch an ton S dng cc cng c m bo cht lng

Kim th Kim nh Duyt li m
An ton H iu hnh
H iu hnh
Vai tr
Giao din gia phn cng v phn mm Qun l ti nguyn Cung cp cc phng tin bo v phn cng v ng dng
An ton H iu hnh
Cc vn bo v trong H iu hnh
Bo v b nh v a ch Bo v tp Xc thc ngi dng
iu khin truy nhp

Cc m hnh KTN KTN trong Unix, Windows NT/2000
Nguyn tc thit k H iu hnh

Gim st thm quyn (Reference Monitor) Phn hoch (Separation)/Cch ly (Isolation) Thit k phn tng (Layered Design)
An ton H iu hnh
iu khin truy nhp Nguyn tc thit k H iu hnh

Bo v b nh v a ch
Lm th no ngn chn mt chng trnh/ngi dng can thip vo khng gian b nh ca chng trnh/ngi dng khc?
Phn on (Segmentation) Phn trang (Paging)
Phn on (Segmentation)
Phn chia chng trnh thnh cc on
Tng ng vi cc on d liu, cc chng trnh con Mi on c quyn khc nhau (R,W,E)
Phn chia b nh vt l thnh cc on

Tng ng vi, cc mng d liu ngi dng hoc cc on m chng trnh
Mi on c mt tn duy nht
<Name,Offset>
H iu hnh phi duy tr mt bng cc on
on logic v on vt l
Tnh a ch on
Phn trang (Paging)

Phn chia chng trnh thnh cc trang (page) cng kch thc Phn chia b nh vt l thnh cc khung trang (page frame) cng kch thc
512 n 4096 byte
Mi trang c mt tn duy nht

<Page,Offset>
H iu hnh phi duy tr mt bng cc trang
Tnh a ch trang
Kt hp Phn on v Phn trang

u im ca phn on
Bo v b nh bng cch phn quyn theo chng trnh/ngi dng H iu hnh kim sot vic quyn c/ghi/thc hin trn b nh
u im ca phn trang
Tc
Trong cc h iu hnh hin i

Kt hp Phn on+Phn trang
Kt hp Phn on v Phn trang
Bo v tp
Bo v nhm
Tt c ngi dng c phn thnh nhm Quyn s dng c mt ngi dng thit lp cho mnh v c nhm
Bo v c th
Mi ngi dng c mt s quyn
Quyn s dng lu di Quyn s dng tm thi
Bo v tp
H thng tp UNIX/LINUX
Mi tp c ch s hu v nhm s hu Quyn c thit lp bi ch s hu
R,W,E setid, owner, group, other
Ch c ch s hu v root mi c php thay i quyn
Xc thc ngi dng

H iu hnh qun l nhiu ngi dng
Ai l ai?
Gii php xc thc ngi dng

Mt khu Mt s c im sinh trc hc
Xc thc bng mt khu

H iu hnh lu tr mt tp ngi dng/mt khu
Tp thng thng Thng tin lu dng vn bn an ton thp Tp m ha M ha c tp hoc ch m ha mt khu an ton ph thuc vo h mt m
tng cng an ton

Mt khu di, trnh cha cc thng tin c bit Thay i mt khu u n phng tn cng dng ng nhp gi
Thng k la chn mt khu
Xc thc bng sinh trc hc

Cc c im sinh trc hc
Vn tay, mt, khun mt, ch vit
Xc thc bng sinh trc hc tng i mi

Pht trin nhanh trong nhng nm
Mt s nhc im
Gi thnh Tc / chnh xc Gi mo
An ton H iu hnh
iu khin truy nhp


iu khin truy nhp

Rt nhiu i tng c truy nhp
B nh Phn cng Tp Thng tin h thng: bng, c ch bo v, lnh c quyn
Vn an ton t ra
Ai c truy nhp g vi c quyn no?
C ch iu khin truy nhp

Truy nhp th mc
Mi i tng cn bo v ging nh mt tp Mi ngi dng c mt s quyn nht nh trn mt s tp
Danh sch iu khin truy nhp

Danh sch cc i tng truy nhp Mi i tng c mt danh sch cc ch th
Ma trn iu khin truy nhp

Mt chiu l danh sch cc ch th Mt chiu l danh sch cc i tng truy nhp tng ng vi cc ch th
Truy nhp th mc Directory Access
ng dn truy nhp th mc
Danh sch iu khin truy nhp Access Control List
Ma trn iu khin truy nhp Access Control Matrix

BIBLIOG TEMP F HELP.TXT C_COM P X LINKER SYS_CL OCK R PRINTE R W USER A ORW ORW ORW R X
USER B
USER S
RW
USER T
SYS_M GR USER_S VCS
RW
OX
OX
ORW
KTN trong UNIX/LINUX

Dng ACL i vi cc tp, thuc tnh rwx cho Ch s hu Nhm Tt c V d drwxrwxrwx Alice Accounts -rw-r------ Bob Accounts Cc chng trnh chy trong lc h thng khi ng c c quyn qun tr (root) Cc chng trnh khc chy vi quyn ngi dng (user)
KTN trong UNIX/LINUX

Lm th no duy tr b 3 (ngi dng, chng trnh, tp)
UNIX/LINUX dng suid v sgid
Vn an ton
suid root
Vn theo di thc thi chng trnh

Thu hi c quyn
Vn qun l tin trnh

Tin trnh c mt group id
KTN trong WINDOWS NT/2000

Qun l (nhm) ngi dng s dng Active Directory Xc thc s dng Kerberos Cc thuc tnh ca tp mn hn UNIX/LINUX
read, write, execute, accessdenied, accessallowed, systemaudit,
Vn qun tr c ton quyn

Dng Registry, mt hnh thc ca ACL
An ton H iu hnh
iu khin truy nhp


Gim st thm quyn

Phn quan trng nht ca h iu hnh L mt tp cc iu khin truy nhp cc i tng
B nh, thit b, tp, thng tin cc tin trnh,
c im
Khng bao gi b suy yu, t lit Lun c gi n khi mt i tng c yu cu s dng Nh gn, c th d dng phn tch v kim th v m bo tnh y
Gim st thm quyn
Phn hoch/Cch ly
Phn hoch vt l Cc tin trnh khc nhau s dng cc thit b khc nhau Phn hoch thi gian Cc tin trnh vi yu cu khc nhau thc hin ti cc thi gian khc nhau Phn hoch logic (Cch ly) Ngi dng/tin trnh thc hin nhim v ca mnh trong khng gian ca mnh Phn hoch mt m Ngi dng/tin trnh giu thng tinh ca mnh
Thit k phn tng

1. Li an ton (Security Kernel) 2. Li h iu hnh 3. H iu hnh
1. ng b 2. Cp pht 1. Phn cng 2. An ton
4. ng dng
1. Sp t, Chia x, Qun l b nh 2. H thng tp, Cp pht thit b 3. Tnh nng khc
Thit k phn tng

Mt m un = nhiu m un hp phn
Mi m un hp phn thuc mt tng khc nhau ca kin trc a tng
V d: M un xc thc ngi dng

1. 2. 3. 4. Cp nht thng tin ngi dng So snh thng tin ngi dng Tm kim ngi dng Giao din xc thc ngi dng
Thit k phn tng
Mun xc thc trong thit k phn tng
An ton C s d liu
C s d liu
Tp hp cc d liu c quan h c lu tr (tp trung hoc phn tn) ngi dng c th truy nhp khi cn
Mc tiu an ton CSDL

B mt
D liu nhy cm
Ton vn
Vt l Logic
Sn dng iu khin truy nhp Xc thc ngi dng
An ton CSDL
Cc mi e da CSDL
Cp nht CSDL D liu nhy cm Suy din
Thit k CSDL tin cy

CSDL a tng
An ton CSDL
Cc mi e da CSDL
Thit k CSDL tin cy

CSDL a tng
Cp nht CSDL
S c h thng
H thng b s c khi ang cp nht CSDL
Tng tranh
Nhiu ngi dng truy nhp sa i cng lc vo cng d liu
S c h thng: v d CSDL vn phng phm

Kho cha vn phng phm
Giy, bt,
Qun tr kho chu trch nhim t mua vn phng phm Phng, ban s dng vn phng phm
Mi vn phng phm c mt quota kinh ph vn phng phm c nh
CSDL vn phng phm: mt kch bn cp nht

Phng k ton yu cu 50 hp ghim giy Gi s cn 107 hp ghim giy trong kho Qun tr kho s t hng nu s lng hp ghim giy nh hn 100
Cc bc thc hin kch bn

1. Kim tra kho cn 50 hp hay khng. Nu khng, yu cu b t chi. Kt thc giao tc 2. Cn s lng. Lm php tr (10750=57) 3. Tr quota kinh ph ca phng k ton 4. Kim tra s lng hp c di 100 hay khng (57). t mua thm 5. Gi 50 hp ghim giy cho phng k ton
S c kch bn
iu g xy ra nu c s c h thng sau cc bc 1,2,3,4
Gii php phng chng s c h thng

Gii php 2 pha
1. Intent
1. Thu thp ti nguyn v thng tin, tnh ton v chun b d liu cho pha sau 2. nh du kt thc pha Intent
Set COMMIT-FLAG
2. Commit
1. Thc hin cp nht CSDL vi cc d liu chun b pha trc 2. nh du kt thc pha Commit
Unset COMMIT-FLAG
V d gii php 2 pha: cp nht CSDL vn phng phm

Intent 1. Kim tra gi tr COMMIT-FLAG. Nu khc 0, ch cho n khi COMMIT-FLAG bng 0 2. So snh s hp ghim giy ang c vi s yu cu; nu s yu cu ln hn, kt thc 3. Tnh TCLIPS = ONHAND - REQUISITION 4. Xem BUDGET hin nay ca phng k ton. Tnh TBUDGET = BUDGET - COST, trong COST l gi thnh ca 50 hp ghim 5. Kim tra TCLIPS < 100 hay khng; nu ng, TREORDER = TRUE; nu khng TREORDER = FALSE
V d gii php 2 pha: cp nht CSDL vn phng phm

Commit 1. COMMIT-FLAG = 1 2. Cp TCLIPS vo CLIPS trong CSDL 3. Cp TBUDGET vo BUDGET trong CSDL 4. Cp TREORDER vo REORDER trong CSDL 5. Chun b giy bo giao hng cho phng k ton. Ghi ch giao tc hon thnh vo log 6. COMMIT-FLAG = 0
Tng tranh: v d CSDL v my bay

Vn phng du lch A
SELECT (SEAT-NO = '11D') ASSIGN 'MOCK,E' TO PASSENGER-NAME
Vn phng du lch B
SELECT (SEAT-NO = '11D') ASSIGN 'EHLERS,P' TO PASSENGER-NAME
Gii php tng tranh

Cp nht CSDL l mt thao tc c bn
Ch mt thao tc cp nht thc hin trn mt d liu H qun tr CSDL s bo v d liu ang c cp nht Khi thao tc cp nht mt d liu kt thc, cc thao tc kh mi c quyn thc hin trn d liu
D liu nhy cm
D liu cng chng khng nn c Loi d liu nhy cm
Bng Bn ghi Trng
D liu nhy cm
Cc loi r g d liu nhy cm
D liu chnh xc Cn Kt qu m Tn ti Gi tr xc xut
Bo v d liu nhy cm
H qun tr CSDL qun l truy nhp d liu nhy cm bng iu khin truy nhp
Suy din
Suy din d liu nhy cm t d liu khng nhy cm
Suy din
Cc loi tn cng suy din
Trc tip (Direct) Gin tip (Indirect)
Tng (Sum) m (Count)
V d
Name Adams Bailey Chin Dewitt Earhart Fein Groff Hill Koch Liu Majors Sex M M F M F F M F F F M Race C B A B C C C B C A C Aid 5000 0 3000 1000 2000 1000 4000 5000 0 0 2000 Fines 45. 0. 20. 35. 95. 15. 0. 10. 0. 10. 0. Drugs 1 0 0 3 1 0 3 2 1 2 2 Dorm Holmes Grey West Grey Holmes West West Holmes West Grey Grey
V d: tn cng trc tip

List NAME where SEX=M DRUGS=1
Tr v thng tin lin quan n Adam H CSDL c th t chi cu truy vn ny v qu c bit
List NAME where (SEX=M and DRUGS=1) or (SEX /= M and SEX /= F) or (DORM=AYRES)
Cu truy vn phc tp hn nhng kt qu ging nh trn
V d: tn cng gin tip

Dng tng (Sum): tng ca kinh ph h tr theo gii tnh v khu vc
Holmes M F Total 5000 7000 12000 Grey 3000 0 3000 West 4000 4000 8000 Total 12000 11000 23000
V d: tn cng gin tip

Dng m kt hp tng (Count & Sum): s sinh vin theo gii tnh v khu vc
Holmes M F Total 1 2 3 Grey 3 1 4 West 1 3 4 Total 5 6 11
Bin php ngn chn tn cng suy din

Phn tch cu truy vn Ngy trang thng tin Loi b thng tin nhy cm
An ton CSDL
Cc mi e da CSDL
Thit k CSDL tin cy

CSDL a tng
CSDL a tng
Cc tng CSDL tng ng vi mc nhy cm ca d liu Cc tip cn
Phn ngn (Partitioning) M ha (Encryption) Kha Kha ton vn (Integrity Lock) Kha nhy cm (Sensitive Lock) Front-end tin cy (Trusted Front-end) B lc giao hon (Commutative Filter) Ca s (Window/View)
Phn ngn
CSDL c chia thnh cc CSDL khc nhau mc nhy cm khc nhau u im
Qun l an ton nhiu mc khc nhau
Nhc im
D tha Khng kt hp d liu cc mc nhy cm khc nhau
M ha
Mi d liu nhy cm s c m ha bng mt kha tng ng u im
Qun l an ton nhiu mc khc nhau
Nhc im
Tc Khng gian lu tr
Kha ton vn
Mc tiu m bo tnh ton vn v gii hn truy nhp Kha
Checksum
Tnh ton bng hm m ha hoc hm bm Gi tr ph thuc vo Data ID + Data + Sensitivity Label
Kha nhy cm
Mc tiu che giu nhy cm ca d liu Kha
M
Tnh ton bng hm m ha hoc hm bm Gi tr ph thuc vo Data ID + Sensitivity Level
Front-end tin cy
Hot ng ging Gim st thm quyn iu khin truy nhp CSDL
1. 2. 3. 4. 5. Xc thc ngi dng Kim tra quyn ngi dng Gi truy vn cho h qun tr CSDL Nhn kt qu truy vn Phn tch nhy cm ca kt qu truy vn, so snh vi quyn ngi dng 6. nh dng li kt qu truy vn 7. Gi kt qu truy vn cho ngi dng
B lc giao hon
Hot ng ging Front-end tin cy iu khin truy nhp CSDL
1. 2. 3. 4. 5. 6. Xc thc ngi dng Kim tra quyn ngi dng nh dng li truy vn Gi truy vn cho h qun tr CSDL Nhn kt qu truy vn Phn tch nhy cm d liu ca kt qu truy vn, so snh vi quyn ngi dng 7. nh dng li kt qu truy vn 8. Gi kt qu truy vn cho ngi dng
Ca s
Mc tiu gii hn tm nhn ca ngi dng theo quyn
Quyn c, ghi
Mi ca s l mt tp con ca CSDL
Mi tp con tng ng vi d liu m ngi dng c quyn s dng
An ton Mng v Web

An ton Mng v Web

An ton Mng An ton Web
An ton Mng v Web

Mng my tnh
Mi trng s dng Tp v kch thc Phng tin truyn thng Cp, Cp quang, Vi sng, Hng nga, Satellite Giao thc 7 tng OSI: Vt l, Lin kt D liu, Mng, Vn chuyn, Phin, Trnh din, ng dng a ch MAC, IP nh tuyn Loi mng LAN, WAN, Internets
An ton Mng
Cc mi e da Thm d Nghe trm Mo danh, la o L hng trang Web T chi dch v M lu ng Cc bin php ngn chn M ha Xc thc Tng la Pht hin t nhp
An ton Mng
Thm d
Qut cng (Port Scan)
Thu thp thng tin i tng tn cng
dch v, cng ang hot ng (HTTP:80, POP:110, SMTP:25, FTP:21) phin bn h iu hnh phin bn ng dng
Tham kho danh sch cc l hng ca cc phin bn Thc hin tn cng
Nghe trm
ng truyn cp
S dng packet sniffer Lp trnh li card
Wireless
Tn hiu rt d b nghe trm
S dng ng ten
Mo danh, la o
Phng on thng tin xc thc ca i tng tn cng on mt khu Nghe trm thng tin xc thc ca i tng tn cng Nghe trm mt khu Tn dng l hng c ch xc thc Trn b m Thng tin xc thc cng cng Thit b mng qun l bi SNMP Man-in-the-middle Phishing
L hng trang Web

Trn b m Dot-Dot-Slash
../..
Gi phng thc pha my ch
T chi dch v
Trn kt ni (Connection Flooding)
Tn cng giao thc TCP, UDP, ICMP
Ping, Smurf, Syn Flood
DNS (Domain Name Server)

Tn dng li Buffer Overflow thay i thng tin nh tuyn
DNS cache poisoning
T chi dch v phn tn (DDoS)

Dng cc Zombie ng lot tn cng
M lu ng
Cookie Scripts
Cookie lu thng tin ngi dng (phin, lu di) Tn cng cc trang ASP, JSP, CGI, PHP
ActiveX M Java
Applet
Auto Exec Bot
.exe, .doc Trojan Horse
An ton Mng
M ha
M ha lin kt
M ha end-to-end
Thng tin c m ha tng Data Link ca m hnh OSI Thng tin c m ha tng Application ca m hnh OSI Trao i thng tin gia ngi dng v Firewall thng qua knh m ha Mt m cng khai v chng nhn SSH, SSL, IPSec
VPN (Virtual Private Network) PKI
Giao thc mt m
Xc thc
Mt khu mt ln
Password Token
H Challenge-Response Xc thc s phn tn Kerberos
Tng la
Cng c lc thng tin di chuyn gia mng bn trong v mng bn ngoi
V d: Mng LAN v Internet
Mc tiu ngn chn nguy c n t mng bn ngoi Thc hin ngn chn thng qua chnh sch an ton
Tng la
Cc loi tng la Lc gi (Packet Filtering Gateways) Duyt trng thi (Stateful Inspection Firewalls) Cng ng dng (Application Proxies) Gc (Guards) C nhn (Personal Firewalls)
Pht hin t nhp

Kim tra ngi dng v hot ng h thng Ghi li cu hnh h thng pht hin nguy c nh gi tnh ton vn ca h thng v d liu Pht hin cc dng tn cng Pht hin cc hot ng bt thng thng qua phn tch thng k Sa cha li cu hnh h thng Ci t v vn hnh cc h thng by t nhp
Pht hin t nhp

Cc loi h thng pht hin t nhp H pht hin t nhp da trn mu H pht hin t nhp dng Heuristics H pht hin t nhp hot ng b mt H Tripwire
An ton Mng v Web

SQL Injection
SQL
Structured Query Language Ngn ng truy vn CSDL
SQL Injection
Tn cng SQL Injection
statement = SELECT * FROM users WHERE name = + userName + ; iu g xy ra nu userName = a or t=t iu g xy ra nu userName = a';DROP TABLE users;
SQL Injection
Bin php ngn chn
Mc lp trnh
Kim sot cht ch u vo Loi b cc k t c bit
mc CSDL
Dng lnh prepare nh dng cu truy vn
Phn tch tnh cu truy vn

Pht hin iu kin t = t
Kim th
Mt s vn an ton Internet khc

Tn cng XSS
Scripts, PhP,
Qun l Cookie
Xc thc B mt: thng tin ngi dng
An ton Browser
Ton vn: malware, ti khon B mt: mt khu, mail, thng tin d liu

Athttt 2010

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Athttt 2010

Hochgeladen von

Copyright:

Verfügbare Formate

An ton H thng Thng tin

Trn c Khnh B mn HTTT Vin CNTT&TT H BKHN

Thng tin chung

Thi lng: 45 tit nh gi

Ti liu tham kho

Security in Computing, Fourth Edition.

Handbook of Applied Cryptography.

Chuyn An ton & Bo mt.

Cc Bi ging v An ton My tnh.

Cc h mt m ng dng: ch k s, xc thc, giao thc truyn thng bo mt, thng mi in t,

S cn thit ca An ton HTTT

[CERT]: Quy m, Tnh phc tp

An ton HTTT - Bin php

Trm t bng my tnh xch tay

Cc ch (2) & (3)

500 000 trang Web b tn cng

Ngun: Washington Post

Trao i thng tin b mt

Kha duy nht

Data Encryption Standard (DES)

Data Encryption Standard (DES)

IP(b1b2b64) = b58b50b7 FP(b1b2b64) = b40b8b25

E(b1b2b32) = b32b1b1 P(b1b2b32) = b16b7b25

Tng t i vi S2,S3,,S8 (c bng ring)

5 (Thp phn) = 0101 (Nh phn)

c = DES(k, m) v m = DES(k, c) c = DES(k1,m) v c = DES(k2,m) Vi sai Tuyn tnh Davies

Advanced Encryption Standard (AES)

Ti sao H mt m kha cng khai

Ti sao H mt m kha cng khai

H mt m kha cng khai

H mt m kha cng khai

Gii m dng kha ring K

H mt m kha cng khai

Gii m dng kha cng khai k

Kha b mt vs. Kha cng khai

H mt m kha cng khai

Cc h Mt m kha cng khai

S trng hp phi xt n l mt hm a thc S trng hp phi xt n l hm ly tha

Cc h mt m kha cng khai da trn kh/phc tp ca gii thut b kha

Gii thut Euclide m rng

Gii thut Euclide m rng

Gii quyt bi ton tm x sao cho

Gii thut Euclide m rng

H Mt m kha cng khai RSA

p dng gii thut Euclide m rng

RSA nh l Euler & Fermat

n = p*q e,d c tnh t p,q Do bi ton trn qui v bi ton PTTSNT(n)

p,q phi c di ti thiu l 512 bt p,q xp x nhau

RSA Hiu nng

Cc Mt m kha cng khai khc

Nhu cu ton vn thng tin

Nim phong ti liu/thng ip

h l hm mt chiu (one way function)

h c tnh phi ng lng (weak collision resistence)

bit y, rt kh tm x sao cho h(x,k)=y nhng rt kh tnh

h c tnh phi ng cht (strong collision resistence)

h l hm mt chiu (one way function)

h c tnh phi ng lng (weak collision resistence)

bit y, rt kh tm x sao cho h(x)=y nhng rt kh tnh

h c tnh phi ng cht (strong collision resistence)

Dng cc php ton s hc ng d

Dng cc hm thit k c bit

Dng cc php ton s hc ng d