Download pdf - NSec 4.0.1 - Symmetric Encryption

8/2/2019 NSec 4.0.1 - Symmetric Encryption

1/64

NETWORK SECURITY

SYMMETRIC ENCRYPTION

11


2/64

Hai k thut m ha ch yu

M ha i xng

o Bn gi v bn nhn s dng chung mt kha

o Cn gi l

o M ha truyn thng

o M ha kha ring / kha n / kha b mt

o L k thut m ha duy nht trc nhng nm 70

o Hin vn cn c dng rt ph bin

M ha kha cng khai (bt i xng)o Mi bn s dng mt cp kha

o Mt kha cng khai + Mt kha ring

o Cng b chnh thc nm 1976

An ninh Mng 22


3/64

Mt s cch phn loi khc

Theo phng thc x l

o M ha khi

o Mi ln x l mt khi nguyn bn v to ra khi bn m tng ng (chnghn 64 hay 128 bit)

o

M ha lungo X l d liu u vo lin tc (chng hn mi ln 1 bit)

Theo phng thc chuyn i

o M ha thay th

o Chuyn i mi phn t nguyn bn thnh mt phn t bn m tng ng

o M ha hon v

o B tr li v tr cc phn t trong nguyn bn

33


4/64

M hnh h m ha i xng

An ninh Mng 44

Kha b mt dng chungbi bn gi v bn nhn

Kha b mt dng chungbi bn gi v bn nhn

Gii thut m ha Gii thut gii m

Nguyn bnu vo

Nguyn bnu ra

Bn m

truyn i

M ha

Y = EK(X)

Gii m

X = DK(Y)


5/64

M hnh h m ha i xng

Gm c 5 thnh phno Nguyn bn

o Gii thut m ha

o Kha b mto Bn m

o Gii thut gii m

An ninh ph thuc vo s b mt ca kha,khng ph thuc vo s b mt ca gii thut

An ninh Mng 55


6/64

Ph m

L n lc gii m vn bn c m hakhng bit trc kha b mt

C hai phng php ph m

o Vt cno Th tt c cc kha c th

o Thm m

o Khai thc nhng nhc im ca gii thut

o Da trn nhng c trng chung ca nguyn bn hoc mt scp nguyn bn - bn m mu

An ninh Mng 66


7/64

Phng php ph m vt cn

V l thuyt c th th tt c cc gi tr khacho n khi tm thy nguyn bn t bn m

Da trn gi thit c th nhn bit c nguyn

bn cn tm Tnh trung bnh cn th mt na tng s cc

trng hp c th

Thc t khng kh khi nu di kha ln

An ninh Mng 77


8/64

Thi gian tm kim trung bnh

An ninh Mng 88

Kch thckha (bit)

S lng kha Thi gian cn thit

(1 gii m/s)

Thi gian cn thit

(106 gii m/s)

32

56

128

168

26 k t

(hon v)

232 = 4,3 x 109

256 = 7,2 x1016

2128 = 3,4 x1038

2168 = 3,7 x

1050

26! = 4 x 1026

231 s = 35,8 pht

255 s = 1142 nm2127 s = 5,4 x 1024nm

2167 s = 5,9 x 1036nm

2 x 1026 s =

6,4 x 1012nm

2,15 ms

10,01 gi5,4 x 1018 nm

5,9 x 1030 nm

6,4 x 106 nm

Tui v tr : ~ 1010 nmKha DES di 56 bitKha AES di 128+ bit

Kha 3DES di 168 bit


9/64

Cc k thut thm m

Ch c bn mo Ch bit gii thut m ha v bn m hin c

Bit nguyn bn

o

Bit thm mt s cp nguyn bn - bn m Chn nguyn bn

o Chn 1 nguyn bn, bit bn m tng ng

Chn bn m

o Chn 1 bn m, bit nguyn bn tng ng

Chn vn bn

o Kt hp chn nguyn bn v chn bn m

An ninh Mng 99


10/64

An ninh h m ha

An ninh v iu kino Bn m khng cha thng tin xc nh duy nht nguyn

bn tng ng, bt k vi s lng bao nhiu v tc mytnh th no

o

Ch h m ha n mt ln l an ninh v iu kin An ninh tnh ton

o Tha mn mt trong hai iu kin

o Chi ph ph m vt qu gi tr thng tin

o Thi gian ph m vt qu tui th thng tin

o Thc t tha mn hai iu kin

o Khng c nhc im

o Kha c qu nhiu gi tr khng th th ht

An ninh Mng 1010


11/64

M ha thay th c in

Cc ch ci ca nguyn bn c thay th bicc ch ci khc, hoc cc s, hoc cc khiu

Nu nguyn bn c coi nh mt chui bit ththay th cc mu bit trong nguyn bn bng ccmu bit ca bn m

An ninh Mng 1111


12/64

H m ha Caesar

H m ha thay th xut hin sm nht & n gin nht

S dng u tin bi Julius Caesar vo mc ch quns

Dch chuyn xoay vng theo th t ch ci

o Kha k l s bc dch chuyn

o Vi mi ch ci ca vn bn

o t p = 0 nu ch ci l a, p = 1 nu ch ci l b,...

o

M ha : C = E(p) = (p + k) mod 26o Gii m : p = D(C) = (C - k) mod 26

V d : M ha "meet me after class" vi k = 3

An ninh Mng 1212


13/64

Ph m h m ha Caesar

Phng php vt cno Kha ch l mt ch ci (hay mt s gia 1 v 25)

o Th tt c 25 kha c th

o D dng thc hin

Ba yu t quan trng

o Bit trc cc gii thut m ha v gii m

o Ch c 25 kha th

o

Bit v c th d dng nhn ra c ngn ng ca nguyn bn V d : Ph m "GCUA VQ DTGCM"

An ninh Mng 1313


14/64

H m ha n bng

Thay mt ch ci ny bng mt ch ci khc theo trtt bt k sao cho mi ch ci ch c mt thay th duynht v ngc li

Kha di 26 ch ci

V d

o Kha

a b c d e f g h i j k l m n o p q r s t u v w x y z

M N B V C X Z A S D F G H J K L P O I U Y T R E W Qo Nguyn bn

i love you

An ninh Mng 1414


15/64

Ph m h m ha n bng

Phng php vt cno Kha di 26 k t

o S lng kha c th = 26! = 4 x 1026

o Rt kh thc hin

Khai thc nhng nhc im ca gii thut

o Bit r tn s cc ch ci ting Anh

o C th suy ra cc cp ch ci nguyn bn - ch ci bn m

o

V d : ch ci xut hin nhiu nht c th tng ng vi 'e'o C th nhn ra cc b i v b ba ch ci

o V d b i : 'th', 'an', 'ed'

o V d b ba : 'ing', 'the', 'est'

An ninh Mng 1515


16/64

Cc tn s ch ci ting Anh

Nguyn i Th An ninh Mng 1616

Tnstngi(%)


17/64

V d ph m h n bng

Cho bn mUZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ

VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX

EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ

Tnh tn s ch ci tng i on P l e, Z l t

on ZW l th v ZWP l the

Tip tc on v th, cui cng c

it was disclosed yesterday that several informal but

direct contacts have been made with political

representatives of the viet cong in moscow

An ninh Mng 1717


18/64

H m ha Playfair (1)

H m ha nhiu cho Gim bt tng quan cu trc gia bn m v

nguyn bn bng cch m ha ng thi nhiu chci ca nguyn bn

S dng 1 ma trn ch ci 5x5 xy dng trnc s 1 t kha

o in cc ch ci ca t kha (b cc ch trng)

o in nt ma trn vi cc ch khc ca bng ch cio I v J chim cng mt ca ma trn

An ninh Mng 1818


19/64

H m ha Playfair (2)

V d ma trn vi t kha MONARCHY M O N A R

C H Y B D

E F G I/J K

L P Q S T U V W X Z

M ha 2 ch ci mt lc

o Nu 2 ch ging nhau, tch ra bi 1 ch in thm

o

Nu 2 ch nm cng hng, thay bi cc ch bn phio Nu 2 ch nm cng ct, thay bi cc ch bn di

o Cc trng hp khc, mi ch ci c thay bi ch ci khc cnghng, trn ct ch ci cng cp

An ninh Mng 1919


20/64

Ph m h m ha Playfair

An ninh m bo hn nhiu h m ha nch

C 26 x 26 = 676 cp ch ci

o

Vic gii m tng cp kh khn hno Cn phn tch 676 tn s xut hin thay v 26

Tng c qun i Anh, M s dng rng ri

Bn m vn cn lu li nhiu cu trc canguyn bn

Vn c th ph m c v ch c vi trm cpch ci cn gii m

An ninh Mng 2020


21/64

H m ha Vigenre

L mt h m ha a bng

o S dng nhiu bng m ha

o Kha gip chn bng tng ng vi mi ch ci

Kt hp 26 h Ceasar (bc dch chuyn 0 - 25)

o Kha K = k1k2...kd gm d ch ci s dng lp i lp li vi cc chci ca vn bn

o Ch ci th i tng ng vi h Ceasar bc chuyn i

V d

o Kha : deceptivedeceptivedeceptive

o Nguyn bn : wearediscoveredsaveyourself

o Bn m : ZICVTWQNGRZGVTWAVZHCQYGLMGJ

An ninh Mng 2121


22/64

Ph m h m ha Vigenre

Phng php vt cn

o Kh thc hin, nht l nu kha gm nhiu ch ci

Khai thc nhng nhc im ca gii thut

o Cu trc ca nguyn bn c che y tt hn h Playfair

nhng khng hon ton bin mto Ch vic tm di kha sau ph m tng h Ceasar

o Cch tm di kha

o Nu di kha nh so vi di vn bn, c th pht hin 1 dy vnbn lp li nhiu ln

o Khong cch gia 2 dy vn bn lp l 1 bi s ca di kha

o T suy ra di kha

An ninh Mng 2222


23/64

H m ha kha t ng

Vigenre xut t kha khng lp li m c gnvo u nguyn bn

o Nu bit t kha s gii m c cc ch ci u tin

o S dng cc ch ci ny lm kha gii m cc ch cc tip

theo,...

V d :

o Kha : deceptivewearediscoveredsav

o nguyn bn : wearediscoveredsaveyourself

o M ha : ZICVTWQNGKZEIIGASXSTSLVVWLA

Vn c th s dng k thut thng k ph m

o Kha v nguyn bn c cng tn s cc ch ci

An ninh Mng 2323


24/64

n mt ln

L h m ha thay th khng th ph c

xut bi Joseph Mauborgne

Kha ngu nhin, di bng di vn bn, ch sdng mt ln

Gia nguyn bn v bn m khng c bt k quan hno v thng k

Vi bt k nguyn bn v bn m no cng tn ti mt

kha tng ng Kh khn vic to kha v m bo phn phi kha

an ninh

An ninh Mng 2424


25/64

M ha hon v c in

Che y ni dung vn bn bng cch sp xpli trt t cc ch ci

Khng thay i cc ch ci ca nguyn bn

Bn m c tn s xut hin cc ch ci gingnh nguyn bn

An ninh Mng 2525


26/64

H m ha hng ro

Vit cc ch ci theo ng cho trn mt shng nht nh

Sau c theo tng hng mt

V do Nguyn bn : attack at midnight

o M ha vi cao hng ro l 2

o

a t c a m d i ho t a k t i n g t

o Bn m : ATCAMDIHTAKTINGT

An ninh Mng 2626

H h h


27/64

H m ha hng

Vit cc ch ci theo hng vo 1 s ct nht nh

Sau hon v cc ct trc khi c theo ct

Kha l th t c cc ct

V d

o Kha : 4 3 1 2 5 6 7

o Nguyn bn : a t t a c k p

o s t p o n e

d u n t i l t

w o a m x y z

o Bn m :

TTNAAPTMTSUOAODWCOIXKNLYPETZ

An ninh Mng 2727


28/64

M ha tch hp

Cc h m ha thay th v hon v khng anton v nhng c im ca ngn ng

Kt hp s dng nhiu h m ha s khin vic

ph m kh hno Hai thay th to nn mt thay th phc tp hn

o Hai hon v to nn mt hon v phc tp hn

o Mt thay th vi mt hon v to nn mt h m ha

phc tp hn nhiu

L cu ni t cc h m ha c in n cc hm ha hin i

An ninh Mng 2828


29/64

M ha khi

So vi m ha lungo M ha khi x l thng bo theo tng khi

o M ha lung x l thng bo 1 bit hoc 1 byte mi ln

Ging nh thay th cc k t rt ln ( 64 bit)

o Bng m ha gm 2n u vo (n l di khi)

o Mi khi u vo ng vi mt khi m ha duy nht

o Tnh thun nghch

o di kha l n x 2n bit qu ln

Xy dng t cc khi nh hn

Hu ht cc h m ha khi i xng da trn cu trc h m haFeistel

An ninh Mng 2929


30/64

Mng S-P

Mng thay th (S) - hon v (P) xut bi Claude Shannon vonm 1949

L c s ca cc h m ha khi hin i

Da trn 2 php m ha c in

o Php thay th : Hp S

o Php hon v : Hp P

an xen cc chc nng

o Khuch tn : Hp P (kt hp vi hp S)

o Pht ta cu trc thng k ca nguyn bn khp bn m

o Gy ln : Hp S

o Lm phc tp ha mi quan h gia bn m v kha

An ninh Mng 3030


31/64

Hp S

An ninh Mng 3131

0

1

2

3

4

5

6

7

u vo

3 bit

0

1

0

0

1

2

3

45

6

7

1

1

0

u ra

3 bit

Lu : Hp S c tnh thun nghch


32/64

Hp P

An ninh Mng 3232

Lu : Hp P c tnh thun nghch

u vo

4 bit

1

1

0

1

1

0

1

1

1

1

0

1

10

1

1


33/64

M ha Feistel

xut bi Horst Feistel da trn khi nim hm ha tch hp thun nghch ca Shannon

Phn mi khi di 2w bit thnh 2 na L0 v R0

X l qua n vng Chia kha K thnh n kha con K1, K2,..., Kn

Ti mi vng i

o Thc hin thay th na bn tri Li-1 bng cchXOR n vi F(Ki, Ri-1)

o F thng gi l hm chuyn i hay hm vng

o Hon v hai na Li v RiAn ninh Mng 3333


34/64

An ninh Mng 3434

Nguyn bn (2w bit)

w bit w bitL0 R0

Vng 1

K1

L1 R1

F+

Kn

Ln Rn

F+Vng n

. . .. . .

Ln+1 Rn+1

Bn m (2w bit)


35/64

Cc c trng h Feistel

di khio Khi cng ln cng an ninh (thng 64 bit)

di kha

o Kha cng di cng an ninh (thng 128 bit)

S vng

o Cng nhiu vng cng an ninh (thng 16 vng)

Gii thut sinh m con

o Cng phc tp cng kh ph m

Hm vng

o Cng phc tp cng kh ph m

nh hng n ci t v phn tch

An ninh Mng 3535


36/64

Gii m Feistel

Ging gii thut m ha, ch khco Bn m l d liu u vo

o Cc kha con c dng theo th t ngc li

Ti mi vng kt qu u ra chnh l cc d liuu vo ca qu trnh m ha

o i vi qu trnh m ha

o Li = Ri-1

o Ri = Li-1 F(Ri-1, Ki)

o i vi qu trnh gii m

o Ri-1 = Li

o

Li-1 = Ri F(Li, Ki) An ninh Mng 3636

Chun m ha d liu


37/64

Chun m ha d liu

DES (Data Encryption Standard) c cng nhnchun nm 1977

Phng thc m ha c s dng rng ri nht

Tn gii thut l DEA (Data Encryption Algorithm)

L mt bin th ca h m ha Feistel, b xung thmcc hon v u v cui

Kch thc khi : 64 bit

Kch thc kha : 56 bit

S vng : 16

Tng gy nhiu tranh ci v an ninh

An ninh Mng 3737


38/64

Gii thut m ha DES

An ninh Mng 3838

Nguyn bn (64 bit)

giao hon thun

vng 1K1

vng 2 K2

vng nKn

giao hon nghch

Bn m (64 bit)

hon i 32 bit

Kha 56 bit

. . .

giao hon

dch vng trigiao hon

dch vng trigiao hon

dch vng trigiao hon

. . .


39/64

Mt vng DES

3939

Li-

1m rng g/hon

hp S

giao hon

Ri-1

x Ki

xLi Ri

--- 48 bit

--- 48 bit

--- 32 bit

--- 32 bit

Ph DES


40/64

Ph m DES

Kha 56 bit c 256 = 7,2 x 1016 gi tr c th Phng php vt cn t ra khng thc t

Tc tnh ton cao c th ph c kha

o

1997 : 70000 my tnh ph m DES trong 96 ngyo 1998 : Electronic Frontier Foundation (EFF) ph m DES bng

my chuyn dng (250000$) trong < 3 ngy

o 1999 : 100000 my tnh ph m trong 22 gi

Vn cn phi nhn bit c nguyn bn Thc t DES vn c s dng khng c vn

Nu cn an ninh hn : 3DES hay chun mi AES

An ninh Mng 4040

H h 3DES


41/64

H m ha 3DES

S dng 3 kha v chy 3 ln gii thut DESo M ha : C = EK3[DK2[EK1[p]]]

o Gii m : p = DK1[EK2[DK3[C]]]

di kha thc t l 168 bit

o Khng tn ti K4 = 56 sao cho C = EK4(p)

V sao 3 ln : trnh tn cng "gp nhau gia"

o C = EK2(EK1(p)) X = EK1(p) = DK2(C)

o Nu bit mt cp (p, C)o M ha p vi 256 kha v gii m C vi 256 kha

o So snh tm ra K1 v K2 tng ng

o Kim tra li vi 1 cp (p, C) mi; nu OK th K1 v K2 l kha

An ninh Mng 4141

Ch h ti ti


42/64

Chun m ha tin tin

AES (Advanced Encryption Standard) c cng nhnchun mi nm 2001

Tn gii thut l Rijndael (Rijmen + Daemen)

An ninh hn v nhanh hn 3DES

Kch thc khi : 128 bit

Kch thc kha : 128/192/256 bit

S vng : 10/12/14

Cu trc mng S-P, nhng khng theo h Feistel

o Khng chia mi khi lm i

An ninh Mng 4242

C h h khi kh (1)


43/64

Cc h m ha khi khc (1)

IDEA (International Data Encryption Algorithm)

o Khi 64 bit, kha 128 bit, 8 vng

o Theo cu trc mng S-P, nhng khng theo h Feistel

o Mi khi chia lm 4

o

Rt an ninho Bn quyn bi Ascom nhng dng min ph

Blowfish

o Khi 64 bit, kha 32-448 bit (ngm nh 128 bit), 16 vng

o Theo cu trc h Feistelo An ninh, kh nhanh v gn nh

o T do s dng

An ninh Mng 4343

C h h khi kh (2)


44/64

Cc h m ha khi khc (2)

RC5o Pht trin bi Ron Rivest

o Khi 32/64/128 bit, kha 0-2040 bit, 0-255 vng

o n gin, thch hp cc b x l c rng khc nhau

o

Theo cu trc h Feistel

CAST-128

o Pht trin bi Carlisle Adams v Stafford Tavares

o Khi 64 bit, kha 40-128 bit, 12/16 vng

o C 3 loi hm vng dng xen k

o Theo cu trc h Feistel

o Bn quyn bi Entrust nhng dng min ph

An ninh Mng 4444

Cc phng thc m ha khi


45/64

Cc phng thc m ha khi

ECB (Electronic Codebook)o M ha tng khi ring r

CBC (Cipher Block Chaining)

o Khi nguyn bn hin thi c XOR vi khi bn m trc

CFB (Cipher Feedback)o M phng m ha lung (n v s bit)

o s bit m ha trc c a vo thanh ghi u vo hin thi

OFB (Output Feeback)

o s bit tri u ra trc c a vo thanh ghi u vo hin thi

CTR (Counter)

o XOR mi khi nguyn bn vi 1 gi tr thanh m m ha

An ninh Mng 4545

Ph th ECB


46/64

Phng thc ECB

An ninh Mng 4646

M ha

p1

C1

K M ha

p2

C2

K M ha

pN

CN

K...

M ha

Gii m

C1

p1

K Gii m

C2

p2

K Gii m

CN

pN

K...

Gii m

h i ECB


47/64

nh gi ECB

Nhng khi lp li trong nguyn bn c th thyc trong bn m

Nu thng bo di, c th

o

Gip phn tch ph mo To c hi thay th hoc b tr li cc khi

Nhc im do cc khi c m ha c lp

Ch yu dng gi thng bo c t khio V d gi kha

An ninh Mng 4747

Ph th CBC


48/64

Phng thc CBC

An ninh Mng 4848

M ha

p1

C1

K M ha

C2

K M ha

CN

K...

M ha

Gii m

C1

p1

K Gii m

C2

p2

K Gii m

CN

pN

K

...

Gii m

p2 pNIV

CN-1

CN-1IV

h i CBC


49/64

nh gi CBC

Mi khi m ha ph thuc vo tt c cc khi nguyn bn trc

o S lp li cc khi nguyn bn khng th hin trong bn m ha

o Thay i trong mi khi nguyn bn nh hng n tt c cc khibn m v sau

Cn 1 gi tr u IV bn gi v bn nhn u bito Cn c m ha ging kha

o Nn khc nhau i vi cc thng bo khc nhau

Cn x l c bit khi nguyn bn khng y cui cng

Dng m ha d liu ln, xc thc

An ninh Mng 4949

M ha CFB


50/64

M ha CFB

An ninh Mng 5050

Thanh ghi dch64-s bit | s bit

M ha

Chns bit

B i64-s bit

p1

K

64

64

ss

C1

IV


M ha

Chns bit

B i64-s bit

p2

K

64

64

ss

C2


M ha

Chns bit

B i64-s bit

pM

K

64

64

ss

CM

...

s

CM-1

Gii m CFB


51/64

Gii m CFB

An ninh Mng 5151


M ha

Chns bit

B i64-s bit

p1

K

64

64

s

s

IV


M ha

Chns bit

B i64-s bit

p2

K

64

64

s s

C2


M ha

Chns bit

B i64-s bit

pM

K

64

64

ss

CM

...

s

CM-1

C1

nh gi CFB


52/64

nh gi CFB

Thch hp khi d liu nhn c theo tng nv bit hay byte

Khng cn n thng bo lm trn khi

Cho php s lng bit bt ko K hiu CFB-1, CFB-8, CFB-64,...

L phng thc lung ph bin nht

Dng gii thut m ha ngay c khi gii m Li xy ra khi truyn 1 khi m ha s lan rng

sang cc khi tip sau

An ninh Mng 5252

M ha OFB


53/64

M ha OFB

An ninh Mng 5353


M ha

Chns bit

B i64-s bit

p1

K

64

64

s

s

C1

IV


M ha

Chns bit

B i64-s bit

K

64

64


M ha

Chns bit

B i64-s bit

K

64

64...

s

OM-1

p2 s

s

C2

pM s

s

CM

Gii m OFB


54/64

Gii m OFB

An ninh Mng 5454


M ha

Chns bit

B i64-s bit

p1

K

64

64

s

s

IV


M ha

Chns bit

B i64-s bit

K

64

64


M ha

Chns bit

B i64-s bit

K

64

64...

s

OM-1

C1

p2

sC2

pM

sCM

nh gi OFB


55/64

nh gi OFB

Tng t CFB ch khc l phn hi ly t ura gii thut m ha, c lp vi thng bo

Khng bao gi s dng li cng kha v IV

Li truyn 1 khi m ha khng nh hng ncc khi khc

Thng bo d b sa i ni dung

Ch nn dng OFB-64 C th tit kim thi gian bng cch thc hin

gii thut m ha trc khi nhn c d liu

An ninh Mng 5555

Phng thc CTR


56/64

Phng thc CTR

An ninh Mng 5656

M ha

M ha

Bin m

p1

K M ha

Bin m + 1

p2

K M ha

Bin m + N - 1

pN

K...

Gii m

C1 C2 CN

M ha

Bin m

C1

K M ha

Bin m + 1

C2

K M ha

Bin m + N - 1

CN

K...p1 p2 pN

nh gi CTR


57/64

nh gi CTR

Hiu qu caoo C th thc hin m ha (hoc gii m) song song

o C th thc hin gii thut m ha trc nu cn

C th x l bt k khi no trc cc khikhc

An ninh khng km g cc phng thc khc

n gin, ch cn ci t gii thut m ha,khng cn n gii thut gii m

Khng bao gi s dng li cng gi tr kha vbin m (tng t OFB)

An ninh Mng 5757

B tr cng c m ha


58/64

B tr cng c m ha

Gii php hu hiu v ph bin nht chng licc mi e da n an ninh mng l m ha

thc hin m ha, cn xc nh

o

M ha nhng go Thc hin m ha u

C 2 phng n c bn

o

M ha lin kto M ha u cui

An ninh Mng 5858

M ha lin kt


59/64

M ha lin kt

Cng c m ha c sp t 2 u ca mi lin ktc nguy c b tn cng

m bo an ninh vic lu chuyn thng tin trn tt ccc lin kt mng

Cc mng ln cn n rt nhiu cng c m ha

Cn cung cp rt nhiu kha

Nguy c b tn cng ti mi chuyn mch

o

Cc gi tin cn c m ha mi khi i vo mt chuyn mchgi c c a ch phn u

Thc hin tng vt l hoc tng lin kt

An ninh Mng 5959

M ha u cui


60/64

M ha u cui

Qu trnh m ha c thc hin 2 h thngu cui

m bo an ninh d liu ngi dng

Ch cn mt kha cho 2 u cui m bo xc thc mc nht nh

Mu lu chuyn thng tin khng c bo v

o Cc phn u gi tin cn c truyn ti tng minh

Thc hin tng mng tr ln

o Cng ln cao cng t thng tin cn m ha v cngan ninh nhng cng phc tp vi nhiu thc th vkha An ninh Mng 6060

Kt hp cc phng n m ha


61/64

Kt hp cc phng n m ha

An ninh Mng 6161

PSN : Packet-switching nodeCng c m ha u cui

Cng c m ha lin kt

Qun l kha b mt


62/64

Qun l kha b mt

Vn i vi m ha i xng l lm saophn phi kha an ninh n cc bn truyn tin

o Thng h thng mt an ninh l do khng qun ltt vic phn phi kha b mt

Phn cp kha

o Kha phin (tm thi)

o Dng m ha d liu trong mt phin kt ni

o

Hy b khi ht phin

o Kha ch (lu di)

o Dng m ha cc kha phin, m bo phn phi chngmt cch an ninh

An ninh Mng 6262

Cc cch phn phi kha


63/64

Cc cch phn phi kha

Kha c th c chn bi bn A v gi theong vt l n bn B

Kha c th c chn bi mt bn th ba, sau gi theo ng vt l n A v B

Nu A v B c mt kha dng chung th mtbn c th gi kha mi n bn kia, s dngkha c m ha kha mi

Nu mi bn A v B u c mt knh m han mt bn th ba C th C c th gi khatheo cc knh m ha n A v B

An ninh Mng 6363

Phn phi kha t ng


64/64

Phn phi kha t ng

1.

Host gi gi tin yu cu kt ni2. FEP m gi tin; hi KDC kha phin3. KDC phn phi kha phin n 2 host4. Gi tin m c truyn i

FEP = Front End Processor

KDC = Key Distribution Center