Upload
infoseach
View
282
Download
1
Embed Size (px)
Citation preview
I HC BCH KHOA H NI KHOA CNG NGH THNG TIN
BO CO TNG KT TI NGHIN CU THEO NGH NH TH H THNG AN NINH THNG TIN DA TRN SINH TRC HC Bio-PKI (Bio-PKI Based Information Securyty System) CH NHIM TI: PGS.TS. NGUYN TH HONG LAN
732704/5/2009 H NI - 2009
B GIO DC V O TOTrng i hc Bch khoa H Ni
BO CO TNG HP ti nhim v theo ngh nh th H thng an ninh thng tin da trn sinh trc hc Bio-PKI (Bio-PKI Based Information Security System)M s: 12/2006/H-NT
Ch nhim ti PGS.TS Nguyn Th Hong Lan Khoa Cng ngh thng tin, i hc Bch khoa H Ni
H Ni 1 - 2009
MC LCPhn I. THNG TIN CHUNG V TI................................................................... 8 Phn II. BO CO NGHIN CU TNG HP ....................................................... 10Chng 1. KHO ST V GIAO DCH IN T, CC YU CU AN NINH THNG TIN V XC NH NHIM V CA TI................................ 10
1.1. Khi qut chung...................................................................................................... 10 1.2. Kho st v thng mi in t, giao dch in t trn th gii ............................ 11 1.2.1.Giao dch thng mi in t ........................................................................ 11 1.2.2.Tnh hnh ng dng thng mi in t trn trn th gii............................. 12 1.3. Tnh hnh pht trin cc giao dch in t Vit Nam v c s php l ............... 13 1.3.1.Tnh hnh pht trin cc giao dch in t Vit Nam .................................. 13 1.3.2.H thng php l cho thng mi in t ca Vit Nam............................... 14 1.3.3.Mt s vn ca giao dch thng mi in t Vit Nam ....................... 15 1.4. Nhu cu v an ton bo mt thng tin trong giao dch in t............................... 15 1.5. Khi qut v cc gii php cng ngh bo mt an ton thng tin v an ninh mng............................................................................................................... 16 1.5.1.Cc cng ngh mt m ................................................................................. 16 1.5.2.Cc cng ngh chng thc ........................................................................... 16 1.5.3.Cng ngh sinh trc hc ............................................................................... 17 1.5.4.Cng ngh bo v h thng v mng ........................................................... 17 1.5.5.Cng ngh bo v mng ............................................................................... 18 1.6. Xc nh nhim v ca ti ................................................................................. 18 Chng 2. SINH TRC HC V H THNG AN NINH BO MT THNG TIN DA TRN SINH TRC HC............................................................. 19
2.1. Tng quan v sinh trc hc .................................................................................... 19 2.2. H thng sinh trc hc............................................................................................ 20 2.2.1.Khi qut v h thng sinh trc hc .............................................................. 20 2.2.2.Cc c im ca h thng sinh trc hc ..................................................... 21 2.3. nh gi hiu nng v cht lng hot ng ca h sinh trc hc ....................... 24 2.3.1.Vn li trong hot ng ca h sinh trc .................................................. 24 2.3.2.Cc tham s nh gi cht lng. ................................................................ 24 2.4. H thng an ninh bo mt da trn trc hc.......................................................... 25 2.4.1.Dng sinh trc hc qun l v bo v kha................................................... 25 2.4.2.Dng sinh trc hc sinh kha ................................................................... 27
1
Chng 3.
C S H TNG KHA CNG KHAI PKI V VN AN TON TRONG H THNG PKI ............................................................................ 28
3.1. H mt m kha cng khai..................................................................................... 28 3.1.1.Khi qut v h mt m kha cng khai ....................................................... 28 3.1.2.Ch k s ...................................................................................................... 30 3.2. H tng kha cng khai PKI ................................................................................... 31 3.2.1.Khi qut chung v PKI ................................................................................. 31 3.2.2.Cc m hnh kin trc ca PKI ...................................................................... 32 3.2.3.Kin trc cc thnh phn trong hot ng PKI.............................................. 35 3.3. Cc giao dch in t vi h tng kha cng khai ................................................. 37 3.3.1.Cc dch v ca PKI ...................................................................................... 37 3.3.2.Xc thc an ton trong giao dch in t....................................................... 37 3.3.3.c im khi trin khai PKI ........................................................................... 38 3.4. Vn an ton trong h thng PKI ........................................................................ 39
Phn III. BO CO KT QU NGHIN CU CA TI ..................................... 40Chng 4. NGHIN CU PHN TCH V XY DNG M HNH GII PHP H THNG BioPKI .......................................................................................... 40
4.1. Vn kt hp sinh trc vo h tng kha cng khai PKI..................................... 40 4.2. Phn tch cc hng tip cn nghin cu h thng BioPKI .................................. 41 4.2.1.Gii php 1: i snh c trng sinh trc thay mt khu xc thc ch th........................................................................................................... 41 4.2.2.Gii php 2: kt hp k thut nhn dng sinh trc vi k thut mt m, m ha bo mt kha c nhn ............................................................... 42 4.2.3.Gii php 3: dng sinh trc hc sinh kha c nhn.................................. 43 4.3. xut m hnh gii php h thng BK-BioPKI ca ti .................................... 43 4.3.1.H thng li h tng kha cng khai PKI. ..................................................... 45 4.3.2.H thm nh xc thc sinh trc vn tay trc tuyn ...................................... 46 4.3.3.M hnh tch hp h sinh trc vo h tng kha cng khai thnh h BKBioPKI ........................................................................................................... 46 4.4. Gii php cng ngh thit k v trin khai h thng BK-BioPKI ............................ 47 4.4.1.Cu hnh mng h thng v thit b .............................................................. 47 4.4.2.Ni dung xy dng v trin khai ton b cc thnh phn h thng BK-BioPKI ..................................................................................................... 47 4.4.3.Phng n phn tch thit k xy dng h thng BK-BioPKI ....................... 47 Chng 5. PHN TCH THIT K V XY DNG PHN MM H THM NH XC THC SINH TRC VN TAY.................................................. 49
5.1. H thm nh sinh trc vn tay trong h thng BK-BioPKI..................................... 49
2
5.2. Phn tch thit k v xy dng Phn h sinh trc 1: H thm nh c trng vn tay sng, trc tuyn trong h thng BK-BioPKI............................................... 50 5.2.1.Phn tch thit k chc nng......................................................................... 50 5.2.2.Phn tch chc nng v cc thut ton ......................................................... 515.2.2.1. Chc nng thu nhn nh vn tay .................................................................. 51 5.2.2.2. Chc nng x l nh vn tay v trch chn c trng ................................... 52
5.2.3.Xy dng v lp trnh cc khi chc nng Phn h sinh trc 1 .................... 61 5.2.4.Th nghim v kt qu.................................................................................. 625.2.4.1. Kch bn th nghim tch hp phn h vo h thng .................................... 62 5.2.4.2. Kt qu th nghim. ...................................................................................... 63
5.3. Phn tch thit k v xy dng Phn h sinh trc 2: H sinh kha sinh trc bo mt kha c nhn trong h BK-BioPKI............................................................ 64 5.3.1.Phn tch cc chc nng............................................................................... 64 5.3.2.Thut ton sinh kha t sinh trc vn tay ..................................................... 65 5.3.3.Thit k phn mm sinh kha sinh trc bo v kha c nhn ...................... 705.3.3.1. Thit k s khi ........................................................................................ 70 5.3.3.2. Cc thut ton ............................................................................................... 70 5.3.3.3. Xy dng biu phn cp chc nng h phn mm sinh trc.................... 73
5.3.4.Th nghim v kt qu.................................................................................. 75 Chng 6. PHN TCH THIT K V XY DNG H THNG H TNG KHA CNG KHAI PKI CHO H THNG BK-BIOPKI........................................ 77
6.1. Phn tch cc yu cu v gii php thit k h thng BK-BioPKI .......................... 77 6.2. Gii php cng ngh v thit k h thng BK-BioPKI ............................................ 78 6.2.1.Phn tch gii php cng ngh xy dng h thng ....................................... 78 6.2.2.Gii thiu v th vin OpenSSL.................................................................... 78 6.3. Phn tch thit k cc thnh phn chc nng ca h thng BK-BioPKI ................ 82 6.4. Thit k xy dng v lp trnh phn mm c s cc chc nng hot ng h thng BK-BioPKI................................................................................................ 83 6.4.1.Cc tnh hung hot ng giao dch c s ca h thng .............................. 83 6.4.2.Thit k cc giao dch c s ca h thng .................................................... 84 6.5. Thit k cc thnh phn chnh trong c s h tng kha cng khai ca h thng BK BioPKI.................................................................................................. 95 6.6. Thit k xy dng v lp trnh phn mm ngi dng trong h thng BK-BioPKI............................................................................................................... 99 6.6.1.Phn tch yu cu.......................................................................................... 99 6.6.2.Gii php v phn tch cc chc nng .......................................................... 99 6.6.3.Xy dng kch bn cc chc nng phn mm ngi dng ......................... 101 6.6.4.Thit k c s d liu phn mm ................................................................ 110
3
Chng 7.
THIT K TCH HP H THNG AN NINH THNG TIN BKBIOPKI V TH NGHIM ....................................................................... 113
7.1. H thng tch hp v yu cu thit k.................................................................. 113 7.2. xut m hnh tch hp 2 phn h sinh trc vn tay vo c s h tng PKI thnh h BK-BioPKI....................................................................................... 113 7.3. Thit k tch hp phn h sinh trc 1 thm nh vn tay ngi dng .................. 113 7.4. Thit k tch hp Phn h sinh trc 2 sinh kha sinh trc bo v kha c nhn.. 118 7.4.1.Phn h sinh trc sinh kha bo v kha c nhn...................................... 118 7.4.2.M hnh tch hp phn h sinh trc sinh kha bo v kha c nhn vo h thng v thit k h thng ............................................................... 119 7.4.3.Thit k cc kch bn hot ng tch hp.................................................... 122 7.5. Xy dng th nghim ng dng ch k s trong h thng BK-BioPKI v th nghim.................................................................................................................. 124 7.5.1.Mc ch ca ch k s ............................................................................... 124 7.5.2.Vn xc thc .......................................................................................... 124 7.5.3.Xc thc trong h PKI ................................................................................. 125 7.5.4.Thit k ng dng trn c s h thng BK BioPKI................................... 127 7.5.5.Thit k trin khai ng dng........................................................................ 128 7.5.6.Th nghim ng dng v kt qu ............................................................... 134 Chng 8. THIT K V XY DNG CC PHN MM NG DNG AN TON THNG TIN TRONG H BIOPKI............................................................. 135
8.1. Tng quan cc ng dng an ton thng tin.......................................................... 135 8.2. ng dng k v m ha thng ip ..................................................................... 136 8.2.1.Phn tch yu cu truyn thng tin bo mt ................................................ 136 8.2.2. Xy dng ng dng k v m ha thng ip s dng du hiu sinh trc 1378.2.2.1. M t cc yu cu v chc nng ca h thng ........................................... 137 8.2.2.2. Qu trnh m ha v gii m thng ip...................................................... 138 8.2.2.3. Ch k s v xc thc................................................................................. 138
8.2.3. Thit k chi tit cc chc nng ca h thng ............................................. 138 8.2.4. Cc cng ngh s dng trong chng trnh............................................... 146 8.2.5. Th nghim v nh gi............................................................................. 147 8.3. ng dng th nghim kim sot bo mt truy cp t xa ..................................... 148 8.3.1.Yu cu tng cng bo mt truy cp t xa v gii php........................... 148 8.3.2.Phn tch v thit k ng dng th nghim................................................. 149 8.3.3.Kch bn ng dng, kch bn th nghim v kt qu th nghim ............... 150 8.4. ng dng an ton trao i thng tin trn SMS..................................................... 154 8.4.1.Yu cu ca ng dng ................................................................................ 154 8.4.2.Gii php truyn thng tin cy bng SMS ................................................... 155
4
8.4.3.Phn tch thit k ng dng ........................................................................ 156 8.4.4.nh gi v th nghim .............................................................................. 161 8.5. Kt chng........................................................................................................... 163
Phn IV. TNG HP CC KT QU V KT LUN ............................................ 1641. Cc kt qu t c ca ti theo cc sn phm ghi trong thuyt minh nhim v......................................................................................................... 164 1.1. Tm tt cc yu cu khoa hc i vi sn phm to ra (kt qu dng II v III)... 164 1.2 Kt qu cc sn phm dng cc bo co ng k.......................................... 164 1.3 Kt qu cc sn phm ng k ........................................................................ 164 2. Kt qu phi hp vi Malaysia. ............................................................................. 169 2.1. c im qu trnh hp tc .................................................................................. 165 2.2. Cc hot ng phi hp nghin cu .................................................................... 166 2.3. Tip tc pht trin Hp tc vi Malaysia ............................................................. 166 3. Cc kt qu khc..................................................................................................... 171 3.2. Cc bi bo khoa hc........................................................................................... 171 3.3. Hi tho m rng.................................................................................................. 172 4. Tm tt v s dng kinh ph..................................................................................... 173 5 . Kt lun v hng pht trin.................................................................................... 173 5.1. Nhn xt nh gi chung...................................................................................... 173 5.2. V tin thc hin ............................................................................................. 173 5.3. Hng pht trin .................................................................................................. 174
TI LIU THAM KHO ............................................................................................ 176
5
DANH SCH CC CN B V SINH VIN THAM GIA THC HIN TIA. DANH SCH CC CN B THAM GIA TRC TIP 1. PGS.TS Nguyn Th Hong Lan 2. TS Nguyn Linh Giang 3. TS H Quc Trung 4. ThS Bnh Qunh Mai 5. ThS Nguyn Anh Hon 6. TS Ng Hng Sn 7. KS Nguyn Th Hin Khoa CNTT, HBK HN, ch nhim ti Khoa CNTT, HBK HN Khoa CNTT, HBK HN Khoa CNTT, HBK HN Khoa CNTT, HBK HN Khoa CNTT, HBK HN Khoa CNTT, HBK HN
B. DANH SCH CC CN B THAM GIA T VN 1. PGS.TS ng Vn Chuyt 2. ThS Vn Uy 3. ThS Ng Minh Dng Khoa CNTT, HBK HN Khoa CNTT, HBK HN Vin Khoa hc hnh s, B Cng An
C. DANH SCH CC SINH VIN THAM GIA THC HIN TI 1. Cc sinh vin i hc Tm tt cc phin bn thit k trin khai theo tin Phin bn h thng BioPKI Ver.1 (thng 6 n 12- 2006) Nghin cu v th nghim cc thut ton: Thu nhn vn tay, trch chn c trng, sinh kha sinh trc v thm nh xc thc vn tay Nghin cu cc hng tip cn h thng BioPKI Xy dng phng n v mi trng phn mm h thng BioPKI da trn b th vin m OpenSSL v ngn ng C++
Danh sch nhm sinh vin tt nghip 6-2006 tham gia ti: 1. L Anh Tun TTM - K46 2. Ng Trng Cnh TTM K46 3. Nguyn Sinh Chung Tin Php K46 4. Nguyn Vn Hnh KSCLC K46 Phin bn h thng BK-BioPKI Ver.2 (thng 1-2007 n 6-2007) Phn tch thit k cc m un c s h tng h thng PKI: CA, RA User Tip tc nghin cu v th nghim cc thut ton sinh trc hc vn tay Xy dng v thit k phn mm phn h sinh trc hc (Biometric) bao gm: K m sinh trc v thm nh vn tay trong h thng BK-BioPKI
6
Danh sch nhm sinh vin tt nghip 6-2007 tham gia ti: 1. Nguyn Thc Hiu 2. Nguyn Quang Th 3. Phm Quang Thnh 4. Nguyn Hong Anh 5. Phm S Lm 6. Tng Mnh Cng TTM - K47 TTM - K47 TTM - K47 Tin Php - K47 KSCLC - K47 TTM - K47
Phin bn h thng BK-BioPKI Ver. 3.1 v phin bn Ver.4 tch hp h thng (thng 7-2007 n 6-2008) Phn tch thit k pht trin v lp trnh ton b Protoptye c s h tng h thng BKBioPKI trong mi trng mng PTN Phn tch thit k pht trin phn h sinh trc Biometric vi 2 mun v th nghim vo ng dng h thng Ver.4 Phn tch thit k tch hp phn h sinh trc vo ton b h thng BK-BioPKI phin bn Ver.4 Xy dng m hnh kch bn 3 ng dng trong h BK-BioPKI Ver. 4
Danh sch nhm sinh vin tt nghip 6-2008 tham gia thit k pht trin h thng BioPKI v tham gia vit bo co tng hp ti: 1. L Tin Dng (trng nhm) 2. Bi Thnh t 3. Nguyn Th Thu Hng 4. Trn Hi Anh 5. Dng Vn 6. Hong Trn c 7. Ng Tin Dng 8. Trn Nguyn Ngc 9. V Ngc H TTM - K48 TTM - K48 KSTN - K48 Tin Php - K48 Tin Php - K48 TTM - K48 TTM - K48 TTM - K48 TTM - K48
2. Cc hc vin cao hc tt nghip thc s theo hng ti 1. Trn Tun Vinh kha 2003-2005 bo v 2006 2. Nguyn Anh Ti kha 2004-2006 bo v 2007 3. V Thanh Thng 4. L Quang Tng 5. L Trn V Anh 6. H Tin Dng kha 2005-2007 bo v 2007 kha 2006-2008 bo v 11- 2008 kha 2006-2008 bo v 11- 2008 kha 2006-2008 bo v 11- 2008
7
Phn I.1. Tn ti
THNG TIN CHUNG V TI
H thng an ninh thng tin da trn sinh trc hc Bio-PKI (Bio-PKI Based Information Security System)M s: 12/ 2006/ H-NT 2. Ch nhim ti: PGS. TS Nguyn Th Hong Lan Hc hm, hc v, chuyn mn: PGS.TS ngnh Cng ngh Thng tin Chc danh: Ph Trng khoa Cng ngh Thng tin, i hc Bch Khoa H Ni in thoi c quan : (84. 4) 38.68.25.96 in thoi nh ring : (84. 4) 38.32.89.25 Email: [email protected] 3. C quan ch tr i hc Bch Khoa H Ni, Khoa Cng ngh Thng tin S 1 ng i C Vit, H Ni 4. H v tn Ch nhim pha i tc nc ngoi: TS. Ong Thian Song Chc danh: Gim c iu hnh Trung tm nghin cu Sinh trc hc (CBB) Trng i hc a phng tin Malaysia (MMU) Tel: +606-252.33.43 Fax: +606-231.88.40 Emal: [email protected] 5. C quan i tc nc ngoi: Trng i hc a phng tin Malaysia (Malaysia Multimedia University -MMU), Trung tm nghin cu Sinh trc hc v Sinh Tin hc (Center of Biometrics and Bioinformatics CBB) Khoa Khoa hc v Cng ngh thng tin (Faculty of Information Science and Technology - FIST) Malaysia Multimedia University (MMU), Jalan Ayer Keroh Lama, 75450 Melaka Malaysia http:///www.mmu.edu.my 6. Thi gian thc hin ti: T 6/2006 n 6/2008 7. Tng kinh ph thc hin ti: 800.000.000 VN
8
Tng kinh ph cp 2006: 450.000.000 VN Tng kinh ph cp 2007: 350.000.000 VN ti nhn c cp kinh ph n 6/2008. 8. Mc tiu ca Nhim v H thng an ninh thng tin (Bio-PKI Based Information Security System) kt hp cc du hiu c trng sinh trc hc vn tay con ngi vo h tng c s bo mt kha cng khai PKI l hng nghin cu mi cho php mang li nhng u im hn cc h thng kha cng khai hin c v an ton bo mt, v tnh xc thc thm nh trong cc giao dch, cc dch v in t qua mng my tnh. Mc tiu ca Nhim v ti theo ngh nh th hp tc vi Malaysia ch yu bao gm: Nghin cu xut phng n kt hp cc c trng ca vn tay vi m bo mt kha cng PKI to kha m sinh trc hc h BioPKI. Xy dng th nghim h tng c s h thng an ninh thng tin Bio-PKI (protoptype). Thit k v xy dng th nghim phn mm h thng an ninh thng tin da trn m sinh trc hc Bio-PKI nhm hng ti ng dng trong xc thc, thm nh sinh trc hc v kim sot truy cp dng trong cc lnh vc an ninh, thng mi in t, ngn hng, giao dch in t, chnh ph in t. Tch hp cc kt qu nghin cu ca 2 pha Vit Nam v Malaysia, th nghim pht trin ng dng h thng Bio-PKI.
9. Yu cu khoa hc i vi sn phm to ra (kt qu dng III) Tn sn phm:
H thng an ninh thng tin da trn m sinh trc hc Bio-PKI (gi tt l H thng an ninh thng tin Bio-PKI), bao gm: Kt qu gii php tch hp c trng vn tay vi m bo mt trong h PKI thnh h BioPKI. Kt qu th nghim Prototype v h tng h thng BioPKI thm nh vn tay trong h BioPKI. Kt qu phn mm my tnh cho h thng BioPKI, phn h sinh trc bao gm: phn mm phn h m ha kha sinh trc hc vn tay BioPKI v phn mm xc thc thm nh vn tay. Bo co phn tch h thng v hng xy dng ng dng trong xc thc thm nh vn tay v iu khin truy nhp trong h BioPKI. Bo co tng hp ti. Cc sn phm khc: o to thc s, k s Cc bi bo khoa hc
-
-
9
Phn II. BO CO NGHIN CU TNG HPChng 1. KHO ST V GIAO DCH IN T, CC YU CU AN NINH THNG TIN. XC NH NHIM V CA TI1.1. Khi qut chungNhng nm cui ca th k XX v u th k XXI chng kin s ln mnh vt bc ca mng Internet c v quy m v cht lng. Internet c ng dng rng ri mi ngnh ngh, lnh vc kinh t, x hi v an ninh. Tnh ph bin rng ri khin Internet v ang l nn tng c s cho cc giao dch thng mi ton cu v cc ng dng ca giao dch in t to thnh mt hnh thc x hi o vi cc c trng ring bit. Trong mi trng x hi tht, mi quan h gia cc i tc thng c xc nh r rng bi qu trnh gp g, k kt thng din ra mt cch trc tip, khng hoc t thng qua phng tin truyn thng trung gian. Cc t chc chnh ph, doanh nghip v cc c nhn khi tham gia giao dch in t lun i hi khng nhng phi bo v ton vn thng tin lu chuyn trn Internet m cn phi cho h cm gic tin cy ging nh khi giao dch trn giy t. H mun nhng ngi tham gia ng l nhng ngi c yu cu, v mi c nhn phi chu trch nhim v hnh vi lin quan ca mnh trong giao dch khi c s c xy ra. Tuy nhin, mi trng mng khng phi lun an ton. c trng ca Internet l tnh o v tnh t do, mi ngi u c th tham gia v t li du vt c nhn ca mnh. Vic xc thc mi c nhn qua mng thng l kh khn nn nguy c xy ra gi mo nh danh, b la o trc tuyn l rt cao. y l va l im mnh v cng l im yu ca giao dch in t qua mng Internet. Nhng nm gn y cc hnh thc phm ti trong mi trng mng v cng ngh cao tng nhanh chng cng vi s pht trin ca cng ngh. Mc d cc c im trn, tnh tin li, ph dng v hiu qu ca cng ngh cao ang lm thay i cuc sng v cc giao dch in t thng mi in t ngy cng pht trin nhanh chng trn phm vi th gii. V th nhu cu xy dng mt h thng bo mt an ton thng tin, m bo giao tip gia nhng ngi dng mt cch an ton, c nh danh v chng ph nhn tr nn ht sc cp thit trong phm vi mi quc gia cng nh phm vi ton cu. Hin nay vn nghin cu cc gii php nhm m bo an ton thng tin, bo mt d liu trong cc giao dch in t qua mi trng mng lun l vn thi s c tt c cc quc gia v cc t chc quc t quan tm c v phng din php l v phng din k thut v cng ngh. Gii php an ninh da trn cc du hiu sinh trc hc l mt trong cc hng nghin cu mi ang c th gii quan tm pht trin v p dng. Trn thc t cng c cc sn phm qung co trong cc giao dch in t nh th ngn hng sinh trc hc, th mua hng, th an ninh, h chiu sinh trc hc ..., tuy nhin hin nay vn cha c cc
10
sn phm thng mi c trin khai rng ri c hiu qu cao trn thc t, hn na vic nghin cu lin quan n sinh trc hc con ngi lun l vn nhy cm c c th ca tng quc gia. Bi vy gii php ny vn lun c c bit quan tm nghin cu v pht trin. ti nghin cu H thng an ninh thng tin da trn m sinh trc hc Bio-PKI (BioPKI InfoSec System) theo ngh nh th hp tc vi Malaysia do pha Malaysia ngh, c thc hin trn c s hp tc nghin cu gia trng i hc a phng tin Malaysia (MMU) v trng i hc Bch Khoa H Ni (HUT). Malaysia l mt nc pht trin trong khu vc ng Nam , c iu kin a l v mi trng tng i gn vi Vit Nam, i hc a phng tin Malaysia (MMU) l trng c uy tn ca Malaysia v c iu kin c s vt cht kh hin i. Hp tc vi Malaysia l trong iu kin hin nay l ph hp vi iu kin nc ta, cho php chng ta c th tip cn mc ph mt mt vi nn cng ngh cao, mt khc tip cn v trnh nghin cu khoa hc ha nhp khu vc v tin ti ha nhp vi th gii.
1.2. Kho st v thng mi in t, giao dch in t trn th gii 1.2.1. Giao dch thng mi in tNgy nay, cng vi cc ng dng cng ngh thng tin, hnh thc thng mi truyn thng ang dn thay i sang mt hnh thc khc, l thng mi in t. Thng mi in t bt u xut hin t nhng nm 1970 vi s ra i ca hot ng chuyn nhng qu in t gia cc ngn hng thng qua cc mng an ton t nhn. Thp k 1980, bin gii thng mi in t m rng n cc hot ng trao i ni b d liu in t v th vin in t. Cc dch v trc tuyn bt u xut hin vo gia nhng nm 1980. Ch n thp k 1990, thng mi in t mi chuyn t cc h thng cc b sang mng ton cu Internet. Hng lot cc tn tui ln (Amazon.com, Yahoo!, eBay.com, NTTDoMoCo, Dell, Electrolux, WallMart ...) khng nh v gp phn vo s tng trng nhanh chng gi tr giao dch thng qua thng mi in t. Ngy nay ngi ta hiu khi nim thng mi in t thng thng l tt c cc phng php tin hnh kinh doanh v cc quy trnh qun tr thng qua cc knh in t m trong Internet (hay t nht l cc k thut v giao thc c s dng trong Internet) ng mt vai tr c bn v cng ngh thng tin c coi l iu kin tin quyt. Thng thng c 3 i tng chnh tham gia vo hot ng thng mi in t l: Ngi tiu dng C (Consumer) gi vai tr quyt nh s thnh cng ca thng mi in t; Doanh nghip B (Business) ng vai tr l ng lc pht trin thng mi in t v Chnh ph - G (Government) gi vai tr nh hng, iu tit v qun l cc hot ng thng mi in t. Cc hnh thc hot ng ca giao dch thng mi in t: Th in t (e-mail): cc t chc, c nhn c th gi th cho nhau mt cch trc tuyn thng qua mng. y l hnh thc ph bin nht v d thc hin nht, hu nh mi ngi mi la tui u c th s dng.
11
Thanh ton in t (e-payment): l vic thanh ton tin thng qua h thng mng (chng hn nh: tr lng bng cch chuyn tin trc tip vo ti khon, tr tin mua hng bng th tn dng, th mua hng...). Ngoi ra, thanh ton in t cn p dng trong cc dch v nh: trao i d liu in t ti chnh (FEDI) phc v cho vic thanh ton in t gia cc cng ty giao dch vi nhau bng in t; tin mt Internet (Internet Cash) l tin mt c mua t mt ni pht hnh (ngn hng hoc t chc tn dng) ri c chuyn i sang cc ng tin khc thng qua Internet; ti tin in t (electronic purse) l ni tin mt Internet, ch yu l th thng minh smart card, tin c tr cho bt k ai c c th; giao dch ngn hng s ho (digital banking), giao dch chng khon s ho (digital securities trading) phc v cho cc hot ng thanh ton gia ngn hng vi khch hng, gia ngn hng vi cc i l thanh ton, gia h thng ngn hng ny vi h thng ngn hng khc hay thanh ton trong ni b mt h thng ngn hng. Trao i d liu in t (EDI) l vic chuyn giao thng tin t my tnh in t ny sang my tnh in t khc bng phng tin in t, c s dng mt tiu chun c tha thun cu trc thng tin, cng vic trao i thng l giao dch kt ni, t hng giao dch gi hng hoc thanh ton. Truyn ti ni dung: tin tc, phim nh, chng trnh pht thanh, truyn hnh, chng trnh phn mm, v my bay, v xem phim, hp ng bo him ... c s ho v truyn gi theo mng. Mua bn hng ho hu hnh: hng ho hu hnh l tt c cc loi hng ho m con ngi s dng c cho bn v c chn mua thng qua mng nh: t, xe my, thc phm, vt dng, thuc, qun o ... Ngi mua xem hng, chn hng ho v nh cung cp trn mng, sau xc nhn mua v tr tin bng thanh ton in t. Ngi bn sau khi nhn c xc nhn mua v tin in t ca ngi mua s gi hng ho theo ng truyn thng n tay ngi mua. Cc hnh thc hot ng ca thng mi in t vn ang ngy mt m rng v c nhiu sng to. Ngy nay, rt nhiu ngnh cng nghip cng nh cc lnh vc x hi khc nhau cng tham gia vo th trng thng mi in t. V nh vy, li ch m thng mi in t em li cho cuc sng ca con ngi hin i cng ngy mt m rng hn, nng cao hn.
1.2.2. Tnh hnh ng dng thng mi in t trn trn th giiCng vi s pht trin mnh m ca Internet ton cu th cc dch v ng dng giao dch in t cng pht trin mt cch nhanh chng, c bit l cc dch v thng mi in t. C nhiu cc thng k khc nhau v doanh s thng mi in t v nhng thng k y c s khc bit ng k. Theo s liu tnh ton ca Forrester Research - mt cng ty nghin cu Internet Massachusetts, M - doanh s thng mi in t trn ton th gii khng ngng tng nhanh: nm 1997 t 36 t USD, nm 2000 t hn 700 t USD v nm 2002 t khong 2.293,5 t USD .... Theo mt thng k gn y nht ca Miniwatts Marketing Group th tnh n ht thng 3 nm 2008, M vn l quc gia ng u th gii v s lng ngi s dng Internet (trn 218 triu ngi), chim 71,9% dn s trong nc v 15,5%
12
ngi dng th gii, tc tng trng giai on 2000-2008 l 128,9%. Xp th 2 sau M l Trung Quc chim 14,9% ngi dng th gii, tc tng trng giai on 2000-2008 l 833,3%. Nht Bn ng th 3 trong bng xp hng, Hn Quc ng th 9 v Vit Nam ng th 17 sau Indonesia. S pht trin ca thng mi in t dng nh khng c gii hn mc d gp kh nhiu tr ngi. C th l trong nhng nm qua, tuy c thi gian cc cng ty thng mi in t gp phi khng t kh khn, song t l tng vic lm trong cc cng ty ny (khong 10%) vn tng nhanh hn t l tng vic lm ca ton b nn kinh t. Nhng cng vic lin quan n mng Internet cng tng khong 30%. Theo kt qu iu tra ca Cng ty Tnh bo kinh t (EIU) thuc tp ch The Economist, trin vng pht trin thng mi in t trn th gii rt ti sng, c bit l khu vc Chu . Thng mi in t cng lc cng pht trin trn th gii v doanh thu do thng mi in t mang li cng tng gn gp i mi nm, l l do nhiu nc ang ro rit khuyn khch, thc y v xy dng c s cho vic pht trin thng mi in t. V mt php l, hin nay trn th gii hu ht cc nc ng dng thng mi in t u xy dng cho mnh nhng o lut v quy nh ring nhm bo v quyn li cho nhng ngi tham gia vo th trng ny cng nh n nh x hi v pht trin kinh t.
1.3. Tnh hnh pht trin cc giao dch in t Vit Nam v c s php l 1.3.1. Tnh hnh pht trin cc giao dch in t Vit NamTrong bng xp hng ca Miniwatts Marketing Group, tnh n ht thng 3 nm 2008, Vit Nam ng th 17 trong top cc quc gia c nhiu ngi s dng Internet nht th gii. Tnh n ht nm 2007, Vit Nam chng ta hin c s ngi s dng Internet nhiu th nm khu vc Chu , sau Trung Quc, Nht Bn, n , Hn Quc v Indonexia. Vi tc pht trin mnh m nh vy nn cc ng dng ca Internet, c bit l cc dch v thng mi in t c tip nhn mt cch nhanh chng. Thng mi in t bt xut hin ti Vit Nam t nhng nm 90 v n nm 2006 l nm c ngha c bit i vi thng mi in t Vit Nam. l nm u tin thng mi in t c php lut tha nhn chnh thc khi Lut Giao dch in t, Lut Thng mi (sa i), B lut Dn s (sa i) v Ngh nh Thng mi in t c hiu lc. Nm 2006 cng l nm u tin trin khai K hoch tng th pht trin thng mi in t giai on 2006-2010 theo Quyt nh s 222/2005 /Q-TTg ngy 15 thng 9 nm 2005 ca Th tng Chnh ph. Theo kt qu kho st iu tra ca B Cng thng nm 2007 v mc sn sng ng dng thng mi in t trong cc doanh nghip thuc cc ngnh ngh khc nhau ca Vit Nam cho thy trung bnh mi doanh nghip c 22.9 my tnh (nm 2006 l 17.6), 89% doanh nghip c t 1 n 50 my, trong ngnh ngn hng, ti chnh, t vn, bt ng sn v dch v cng ngh thng tin - thng mi in t c t l trang b my tnh cao nht. Bn cnh , tnh hnh o to cng ngh thng tin v thng mi in t cng c s bin chuyn nhanh chng v cng ngy cng c quan tm u t hn. Nm 2004, chi ph cho o to ch chim bnh qun 12,3% tng s chi ph cng ngh thng tin ca doanh nghip th
13
nm 2007, con s ny tng ln n 20,5%. Hn na, trong s cc doanh nghip c kho st th c n 97% doanh nghip kt ni Internet. iu ny cho thy sn sng cho thng mi in t ca cc doanh nghip l rt cao. Kt qu iu tra trong 2 nm 2006 v 2007 cho thy ng dng thng mi in t ca doanh nghip ngy cng m rng trn mi cp v pht trin nhanh nhng ng dng c phc tp cao. T l doanh nghip c website nm 2007 l 38%, t l tham gia sn giao dch l 10%, t l kt ni c s d liu vi i tc l 15% v c n 80% doanh nghip c kho st c s dng hnh thc ng dng thng mi in t ph bin l e-mail trong c 65% doanh nghip nhn t hng qua th in t. Trong cc doanh nghip hin nay, t l cn b chuyn trch v thng mi in t cng gia tng r rt vi mc trung bnh l 2.7 ngi trong mt doanh nghip, tng gp i so vi con s 1.5 ca nm 2006. Trong nm 2006 nh du s hi nhp kinh t quc t su sc v ton din ca Vit Nam. Vit Nam tr thnh thnh vin chnh thc th 150 ca T chc Thng mi Th gii (WTO). Vit Nam cng thc hin tt vai tr nc ch nh ca Din n Hp tc kinh t Chu Thi Bnh Dng (APEC), th hin cam kt tip tc m ca nn kinh t vi th gii. Tin trnh hi nhp kinh t quc t i hi cc doanh nghip phi quan tm thc s n vic nng cao kh nng cnh tranh. Trong bi cnh , thng mi in t l mt cng c quan trng c nhiu doanh nghip quan tm ng dng. S quan tm ca doanh nghip i vi thng mi in t c th hin qua cc hot ng giao dch mua bn ti cc sn thng mi in t (e-Marketplace), dch v kinh doanh trc tuyn, s lng cc website doanh nghip ... ng o doanh nghip nhn thy nhng li ch thit thc ca thng mi in t thng qua vic ct gim c chi ph giao dch, tm c nhiu bn hng mi t th trng trong nc v nc ngoi, s lng khch hng giao dch qua th in t nhiu hn. Nhiu doanh nghip k c hp ng vi cc i tc thng qua sn giao dch thng mi in t. Trn thc t thanh ton in t lin tc l tr ngi ln i vi s pht trin ca thng mi in t trong giai on t nm 2005 ti 2007. Tuy nhin, nm 2007 nh du s pht trin nhanh chng ca lnh vc ny. tm chnh sch v m, u nm 2007 Chnh ph ra mt vn bn quan trng lin quan ti thanh ton in t c hiu lc, l Quyt nh s 291/2006/Q-TTg ngy 29 thng 12 nm 2006 ca Th tng Chnh ph ph duyt n thanh ton khng dng tin mt giai on 20062010 v nh hng n nm 2020. Hin nay h thng cc ngn hng thnh vin ca Smartlink v Banknetvn chim khong 90% th phn th c nc v ang lin kt vi nhau tng bc thng nht ton th trng th. Cc ngn hng thng mi xy dng l trnh chuyn dn t cng ngh s dng th t sang cng ngh chip in t. Hu ht cc nghip v t Ngn hng Nh nc ti cc ngn hng thng mi v cc t chc tn dng c ng dng cng ngh thng tin.
1.3.2. H thng php l cho thng mi in t ca Vit NamLut giao dch in t c ban hnh nm 2005 vng vi Ngh nh s 57/2006/N-CP v Thng mi in t l ngh nh u tin hng dn Lut giao dch in t, c ban hnh vo ngy 9/6/2006. Tip theo l lut Cng ngh thng tin c ra i nm 2006, l
14
c s php l quan trng to ra mi trng php l cho thng mi in t pht trin. Tip theo cc lut c mt lot cc vn bn quy phm php lut hng dn 2 lut ny c ban hnh trong nm 2007. Ngay trong nm 2007 Chnh ph ban hnh lin tip cc ngh nh quan trng, l: - Ngh nh s 26/2007/N-CP quy nh chi tit thi hnh Lut Giao dch in t v Ch k s v Dch v chng thc ch k s, - Ngh nh s 27/2007/N-CP v Giao dch in t trong hot ng ti chnh, - Ngh nh s 35/2007/N-CP v Giao dch in t trong hot ng ngn hng, - Ngh nh s 63/2007/N-CP quy nh x pht vi phm hnh chnh trong lnh vc cng ngh thng tin, - Ngh nh s 64/2007/N-CP v ng dng cng ngh thng tin trong hot ng ca c quan nh nc.
1.3.3. Mt s vn ca giao dch thng mi in t Vit NamBn cnh nhng thnh cng v thun li ca s pht trin nhanh chng, thng mi in t ca Vit Nam cng ang phi i mt vi mt s vn ln lm cn tr s pht trin v m rng th trng, hp tc quc t. Trong cc vn , vn an ton thng tin, an ninh mng, ti phm lin quan n thng mi in t ang l nhng vn cp bch cn gii quyt. Nhng hnh vi li dng cng ngh phm ti ngy mt gia tng; tnh trng t nhp ti khon, trm thng tin th thanh ton gy nh hng khng nh n cc hot ng thng mi in t lnh mnh. Trn thc t hnh thc thanh ton in t hay giao dch in t Vit Nam cho n nay hu nh vn cha thc s p ng c nhu cu ca ngi dng do cc vn lut php, v ngn hng v cc nh cung cp dch v thanh ton trung gian. Do vy, ngi mua hng trn mng cui cng vn phi thanh ton bng tin mt hoc chuyn khon cho nh cung cp qua 1 thit b trung gian khc m khng c th thanh ton trc tip trn website bn hng. Chnh iu ny gy cn tr khng t n cc hot ng trc tuyn, gia tng chi ph v tn hi kinh t ca ngi tham gia.
1.4. Nhu cu v an ton bo mt thng tin trong giao dch in tLi ch ca thng mi in t v giao dch in t i vi nn kinh t quc dn cng nh s pht trin v mt cng ngh v th trng ton cu l v cng to ln. Tuy nhin, song hnh cng vi nhng thun li bao gi cng ny sinh v tn ti kh khn. Vn ng lo ngi nht hin nay m tt c cc quc gia u phi i mt l s tn cng, ph hoi ca mt s phn t x hi, gy nh hng khng nh n nn kinh t. Mt vn bc xc c t ra l nghin cu pht tin cc gii php an ton thng tin cho thng mi in t v giao dch in t qua mng. Vn m bo an ninh quc gia trong thi i ton cu ho v thng tin tr thnh mt thch thc ln ngay c vi cc quc gia c mt nn cng ngh thng tin hng mnh.
15
Ti H Ni, cui thng 3/2008 va qua din ra Hi tho Th gii an ninh bo mt Security World 2008. Nhng bo co, tham lun ti Hi tho u cho thy vn an ninh cc website, c bit website ca cc cng ty chng khon l nhng mi quan ngi ln trong nm 2007. Vi nhng din bin xy ra, an ninh mng Vit Nam nm 2007 thc s l mt nm bt n v c coi l nm bo ng . Hng nghn virus mi xut hin, nhng cuc tn cng c ch ch ca gii hacker vo cc website ca cc c quan, t chc v doanh nghip ... gy ra nhng hu qu nht nh cho cc n v ny. Nhiu hot ng phm php, li dng Internet lm mi trng hot ng, tnh trng pht tn th rc, virus ... tng theo cp s nhn.
1.5. Khi qut v cc gii php cng ngh bo mt an ton thng tin v an ninh mngVn bo mt an ton thng tin v an ninh mng lun l bi ton kh thch thc cc quc gia trn phm vi ton cu. Hin c nhiu gii php, nhiu sn phm cng ngh c nghin cu v ng dng, tuy nhin vn ny vn lun l vn thi s v thch thc. Trong phn di y s im qua cc gii php cng ngh v lnh vc ny trn c s cc chng sau s tp trung trnh by gii php nghin cu ca ti, c t trong bc tranh ton cnh chung ca cc gii php cng ngh.
1.5.1.
Cc cng ngh mt m
Cng ngh mt m l nn tng ca tt c cc cng ngh bo v thng tin. Cng ngh ny cung cp 5 dch v c bn: m bo b mt, ton vn d liu, chng thc thng ip, chng thc ngi dng v chng chi b. i vi mt m kho i xng, vic nghin cu c thc hin trong lnh vc cng ngh ng dng mt m khi. Mt m kho cng khai, RSA v ECC u c pht trin ng thi. Tuy nhin rt nhiu nghin cu ca RSA v ECC c thc hin nhm gii quyt nhng yu t sai st tng nng sut tnh ton. c bit, mt s nghin cu nh: thut ton modular, thut ton trng hu hn, v thut ton ng cong elp c thc hin. Ngoi ra, cc nghin cu cng c thc hin mt cch ng b v mt giao thc thit lp kho, chng trnh ng dng mt m, v cng ngh phn tch bn vng trong lnh vc kho i xng.
1.5.2.
Cc cng ngh chng thc
Cc cng ngh chng thc c chia thnh 2 nhm l cng ngh h tng kha cng khai PKI (Public Key Infratruction) v cng ngh PMI. Cng ngh PKI da trn nn tng h mt m kha cng khai cng vi cc chnh sch, cc kin trc h thng v c ch s dng cc kho cng khai v tnh ton vn ca chng ch s to thnh c s h tng an ton cho cc giao dch in t trn mng. Hin nay h tng PKI v ang c ng dng rng ri trn th gii. Cc cng ngh h thng PKI da trn h m kho cng khai cng ang c pht trin cng vi cc sn phm c lin kt vi lnh vc dch v ng dng nhm tng cng chc nng VA (Validation Authority), chc nng khi phc kho, tng cng s dng th thng minh v chp nhn cc dch v bo mt, chp nhn phng thc mt m ng cong elip trong thut ton ch k s, tch hp cng ngh khng dy vo cc sn phm chng
16
thc, xy dng h thng PKI ton cu. Bn cnh cng ngh PKI, cng ngh PMI c dng trong vic qun l cc quyn ca ngi s dng. PMI c th c phn thnh 2 loi: EAM (Extranet Access Management) v 3A (Authentication/ Authorization/ Administration).
1.5.3.
Cng ngh sinh trc hc
Sinh trc hc l o cc c im v hnh vi (ch k, dng i, thi quen g phm) hoc cc thuc tnh vt l mang tnh duy nht ca c th con ngi (vn tay, ging ni, khun mt, mng mt, ADN...). Cng ngh sinh trc hc c dng o cc c im vt l v c im hnh vi ca con ngi bng cc thit b t ng v s dng cng c o lng xc nh cc c nhn, phn chiu thng tin nhn c t mt phn ca c th hoc t cc c im hnh vi c nhn. Cng ngh ny c mt li th l khng c ri ro khi cho thu (nhng) mt khu hoc th ID cho ngi khc, hoc lm mt, chim ot hay sao chp chng. V mt cng ngh hin ti, mt (face), vn tay v mng mt (iris) c a vo s dng, mt s cng ngh sinh trc khc nh: gn (vein) mu bn tay, DNA, dng iu (gait), chiu cao, keystroke v mu tai (ear pattern) cng ang c thc y pht trin. Hng hin nay l kt hp cng ngh a sinh trc (multi biometrics) vi cc cng ngh n sinh trc (single biometrics) v vic kt hp cng ngh vo th thng minh cng ang c pht trin. Cc vn v tiu chun ho qu trnh x l, vn chuyn, v lu tr thng tin sinh trc hc vn ang c tho lun. Hng nghin cu tch hp phng php thm nh xc thc sinh trc hc vo h tng kha cng khai PKI to thnh h BioPKI cho php xc thc, thm nh ngi dng khi s dng kho b mt trong hot ng ca h thng PKI. y l mt trong cc gii php ang c quan tm nghin cu nhm m bo s nh hng ln nhau thng qua cc tiu chun, t ng kho v chng thc ngi qun l hp l, d dng p dng cc chc nng quan trng ca chng ch trong cc h thng.
1.5.4. Cng ngh bo v h thng v mngCng ngh bo v h thng v mng c dng bo v my tnh v thng tin ca cc t chc hoc c nhn nhm chng li cc hnh ng tri php nh: gi mo, thay th, tit l, xm nhp vo nhng thng tin c truyn i qua mng truyn thng nh internet. Cc lnh vc chnh ca cng ngh ny l bo mt my tnh v my ch, firewall, pht hin xm nhp, pht hin v qun l xm nhp. Vic pht trin cng ngh ny bao gm pht hin vi rt, cc tp d liu c nhn, PC firewall, kim sot truy nhp dch v, kim sot truy nhp server, cng ngh mt m, bo mt h iu hnh, cc cng c phn tch nhc im, server firewall v tch hp cc gii php bo mt. Cng ngh bo mt my tnh l mt vn nng bng v c quan tm mt cch c bit. Cng ngh bo mt server cng ang c pht trin nhm b p nhng thiu st ca SSH, n nh bo mt DHMS v ci tin nhc im i ph vi xm nhp. Trong lnh vc cng ngh chng xm nhp, IDWG (Intrusion Detection Exchange Format) v INCH ca IETF pht trin cc tiu chun trao i thng tin trong vic pht hin xm nhp v cc cng c tnh ton ri ro; bn cnh cn pht trin tiu chun bo mt ca SHSLOG.
17
1.5.5. Cng ngh bo v mngCng ngh bo v mng l cng ngh ci tin tnh n nh ca h thng mng nhm chng li cc hnh ng tri php nh: gi mo, thay th, tit l, xm nhp vo nhng thng tin c truyn i qua mi trng mng nh internet. Cc lnh vc cng ngh chnh l: cng ngh bo mt IP (IPSec) - l kin trc bo mt ca tng mng; bo mt tng truyn d liu (TLS security) - l kin trc bo mt cho tng truyn d liu Multicast, kin trc bo mt cho cc dch v khng dy, kin trc cho cng ngh pht hin v ngn chn xm nhp, kin trc qun l bo mt kt hp, v kin trc bo mt mng th h mi (next-generation network). Thng thng, giao thc HTTPS (HTTP/TLS) c s dng m bo an ton cho cc dch v web thng qua cc cng ngh trn. Cc trnh duyt web cng h tr SSL v2.0, SSL v3.0 v TLS v1.0 v gn y l truyn ID v mt khu c m ho. Cng nh cc cng ngh ng dng khc, OpenSSL, Plannet SSL v PowerTCP SSL thng sn sng cung cp ng truyn m ho qua Internet v Intranet, SecureNetterm h tr TLS v ws-ftp (cung cp cc dch v ftp an ton). Giao thc bo mt IPSec - l cng ngh ct li trong vic xy dng VPN - c vn hnh c 2 phng thc: transport mode v tunnel mode. Tuy nhin, tunnel mode ch yu c dng duy tr tnh b mt ca cc lung truyn gi d liu.
1.6. Xc nh nhim v ca tiH thng an ninh thng tin (Bio-PKI Based Information Security System) kt hp cc du hiu c trng sinh trc hc vn tay con ngi vo m bo mt vi kha cng khai PKI, l hng nghin cu mi cho php mang li nhng u im hn cc h thng m kha cng khai hin c v an ton bo mt, v tnh xc thc thm nh trong cc giao dch, cc dch v in t qua mng my tnh. Mc tiu ca nhim v hp tc vi Malaysia theo ngh nh th ch yu bao gm: - Nghin cu xut phng n kt hp cc c trng ca vn tay vi m bo mt kha cng PKI to m sinh trc hc Bio-PKI. - Xy dng th nghim h tng c s h thng an ninh thng tin Bio-PKI (protoptype). Thit k v xy dng th nghim phn mm h thng an ninh thng tin da trn m sinh trc hc Bio-PKI nhm hng ti ng dng trong cng tc xc thc, thm nh sinh trc hc v kim sot truy cp dng trong cc lnh vc an ninh, thng mi in t, ngn hng, giao dch in t, chnh ph in t. Kt qu nghin cu phi hp ca 2 pha Vit Nam v Malaysia th nghim pht trin ng dng h thng Bio-PKI.
18
Chng 2. SINH TRC HC V H THNG AN NINH BO MT THNG TIN DA TRN SINH TRC HC2.1. Tng quan v sinh trc hcThut ng sinh trc hc (Biometric) c dng ghp theo ting Hy Lp t 2 t: Bio (thuc v thc th sinh vt sng) v metriko (k thut o, o lng), thut ng ny c hnh thnh trong qu trnh pht trin loi ngi v c bit n t lu th hin cc c trng v th cht hay v hnh vi ca tng c th con ngi. C nhiu loi c trng sinh trc hc: vn tay (Fingerprint), lng bn tay (Palm print), dng hnh hc bn tay (Hand geometry), ch k vit tay (Hand written Signature), khun mt (Face), ting ni (Voice), con ngi mt (Iris), vng mc (Retina), ADN Nhng c trng ny c pht hin t rt sm nhn dng, xc thc ch th con ngi v hin nay ang c quan tm nghin cu trin ng dng trong cc lnh vc an ninh, quc phng, thng mi. Nh vy sinh trc hc c coi l o cc c im v hnh vi (ch k, dng i, thi quen) hoc cc thuc tnh vt l mang tnh duy nht ca c th con ngi cho php nhn din c th con ngi. Cc c trng sinh trc hc ca c th ngi c s dng phi m bo cc tiu chun sau y: Tnh rng ri: cho bit mi ngi thng thng u c c trng ny, to kh nng s dng h thng an ninh sinh trc hc cho mt s lng ln ngi. Tnh phn bit: c trng sinh trc hc gia hai ngi bt k phi khc nhau, m bo s duy nht ca ch th. Tnh n nh: c trng phi c tnh n nh trong mt thi gian tng i di. Tnh d thu thp: kh thi trong s dng, c trng sinh trc hc phi d dng thu nhn mu khi ng k, kim tra xc thc. Tnh hiu qu: vic xc thc sinh trc phi chnh xc, nhanh chng v ti nguyn cn s dng chp nhn c. Tnh chp nhn c: qu trnh thu thp mu sinh trc phi c s ng ca ngi ngi dng. Chng gi mo: kh nng mu sinh trc kh b gi mo C nhiu c trng sinh hc khc nhau c s dng. Mi loi c im mnh v im yu ring. Tuy nhin khng mt c trng no tha mn tt y tt c cc yu cu ca mt c trng sinh trc hc nu trn, ngha l khng c mt c trng sinh trc hc hon ton ti u [6]. Trong cng trnh nghin cu [9] mt bng di y so snh khi qut cc tiu chun nh gi tng ng cc c trng sinh trc hc:
19
c trng sinh trc hc
Tnh rng ri
Tnh phn bit
Tnh n nh
Tnh d thu thp
Tnh hiu qu
Tnh chp nhn c
Chng gi mo
Vn bn tay Dng hnh hc bn tay Vn tay Dng i Khun mt Nhit Khun mt Thi quen g phm Mi Tai Vng mc Mng mt Ch tay Ging ni Ch k ADN
M M M M H H L H M H H M M L H
M M H L L H L H M H H H L L H
M M H L M L L H H M H H L L H
M H M H H H M L M L M M M H L
M M H L L M L L M H H H L L H
M M M H H H M M H L L M H H L
L M M M H L M L M L L M H H L
Bng 2.1: So snh cc cng ngh nhn dng sinh trc hc
Ch : cc k hiu c ngha nh sau: H (cao), M (trung bnh) v L (thp).
2.2. H thng sinh trc hc 2.2.1. Khi qut v h thng sinh trc hc
H thng sinh trc hc (Biometric System) thc cht l mt h nhn dng da trn cc c im v hnh vi hay thuc tnh vt l ca ngi cn nhn dng [9]. H thng sinh trc hc c phn ra thnh hai loi chnh [13]: H thm nh (Verification): H thng thc hin i snh 1-1 gia mu sinh trc hc thu nhn c (Biometric sample) vi mu dng sinh trc hc (biometric template) c trong h thng t trc. Kt qu tr li cu hi mu sinh trc thu nhn c lin quan ti mu dng sinh trc hay khng, thng thng trong h thm nh kt hp vi thng tin nh danh ch th thc hin chc nng xc thc thm nh sinh trc (Authentication). Trong h xc thc thm nh i hi cao v chnh xc kt qu tr li cu hi sinh trc hc sng thu nhn c (biometric sample) c phi l sinh trc ca ch th lu trong h thng khng? Nhn dng (Identification, Recognition): H thng thc hin chc nng tm kim (1-n) t mt c s d liu tm mt mu sinh trc c th trong cc mu khun dng sinh trc thu thp t trc v sau thc hin i snh xp x nhn dng phn lp (Classification) hoc nhn dng ng nht (Identification), v d nh vic tm mu vn tay ti phm trong h s cc vn tay, t xc nh danh tnh ca ch s hu vn tay. S khi chc nng ca 2 loi h thng sinh trc c minh ha trong Hnh 2.1. Cc thnh phn chc nng ch yu ca h thng sinh trc hc [13]: - Thu nhn (Sensor, Capture): thu nhp mu sinh trc hc v biu din di dng s ha. - X l v trch chn c trng (Feature Extraction): Thc hin cc php x l phn tch v trch chn cc c trng t mu sinh trc hc.
20
- i snh (Matching): thc hin so snh cc c trng va trch chn vi khun mu sinh trc c trc. - Ra quyt nh (Decision): da trn kt qu i snh s khng nh danh tnh ngi dng (vi h nhn dng) hoc l mt cu tr li ng hoc sai v mu sinh trc hc so vi khun mu sinh trc c t trc (vi h thm nh). Hot ng ca h thng sinh trc bao gm 2 giai on c bn: - ng k (Enrollment): ng k mu sinh trc vo h thng - Thm nh hoc nhn dng (Verification/ Identification)
Hnh 2.1. S khi chc nng ca 2 loi h thng sinh trc.
2.2.2. Cc c im ca h thng sinh trc hca/ Cc vn v thu nhn v biu din mu sinh trc nh sau: Xc thc bng mt khu truyn thng dng Password khng cn s dng cc phng php nhn dng mu phc tp, m ch cn i snh trc tip mt khu. C ch ny cho php xy dng h xc thc mt khu m bo tnh chnh xc, n nh, hiu qu ng nh thit k. Tuy nhin vn khng an ton v im yu nht ca h thng l thng thng mt khu ch gm 6-8 k t, mt khu ny d dng b nh cp, b qun hay b mo danh, khi xy ra mt an ton mt khu, ton b h thng an ton ca h thng s sp . i vi sinh trc hc, mu sinh trc c tnh bn vng cao, kh gi mo dnh danh v chp php m bo an ton cho h thng. Mt khc khi thu nhn cc mu sinh trc sng v x l biu din trch chn c trng, cc kt qu ny ph thuc rt nhiu vo yu t nh phng php ly mu, mi trng ly mu, trng thi tng tc ca ngi ly mu vi thit b v ty theo loi sinh trc thu nhn [7,10]. Thu nhn mu sinh trc khng n nh
21
Nh ni, tn hiu sinh trc hc thu nhn c ph thuc vo c trng sinh l, hnh vi tng tc ca ngi dng V d nh vi thu nhn mu vn tay t my qut (trng hp thu nhn mu c coi l l tng nht), s khc nhau v lc n ca ngn tay ln thit b qut, v tr n ngn tay ln mt phng qut u nh hng ti kt qu thu nhn nh vn tay. V cc ngn tay khng phi l i tng c nh v qu trnh chiu b mt u ngn tay ln mt phng qut khng tuyt i chnh xc, nn vi lc n khc nhau, cc phn khc nhau ca vn tay s c qut nh v d hnh di y:
Hnh 2.2. Thu nhn mu sinh trc khng n nh
i vi nhn dng khun mt, do gc chp hnh khun mt khng th tuyt i ging nhau mi ln ly mu, nn kt qu ly mu ph thuc vo v tr chp hnh khun mt. V th cc mu thu c u c s khc vi nhau. Thay i ca c trng sinh trc Ngoi vic kh khn v qu trnh thu nhn, c sinh trc hc cn b nh hng bi ngoi cnh bn ngoi. Vi vn tay, cc hot ng lm vic, tai nn lao ng u tc ng ti cht lng hnh nh trn u ngn tay. Kt qu thu nhn cn thay i khi ngi dng c eo trang sc, v d nh nhn khi nhn dng hnh dng bn tay. Nhn dng khun mt c th gp kh khn sau mt khong thi gian v di v kiu tc, ru ngi dng thay i, hoc b tai nn nh hng ti khun mt Tt c cc tc ng ngoi cnh u thay i ln ti kt qu thu nhn mu. Tc ng ca mi trng Cc tc ng ca mi trng ti thi im thu nhn cng nh hng ti kt qu mu sinh trc. V d nh m, sch ca da, nh hng ca tui tc, bnh tt v da nh hng ti mu vn tay (Hnh 2-3).
Hnh 2.3. nh hng ca mi trng ln mu vn tay
22
Ngoi ra, cc thut ton phn tch c trng sinh trc hc t mu thu nhn cng khng hon ho v c mt li nht nh. Kt qu l i snh hai mu sinh trc hc c ging nhau hay khng l qu trnh nhn dng mu v ra quyt nh kh phc tp b/ i snh sinh trc hc Do cc nguyn nhn nh hng nu trn, i snh sinh trc hc khng th thc hin mt cch tuyt i nh vi mt khu truyn thng. Thng thng, i snh sinh trc hc thng dng cch i snh tng i gia hai mu, s ging nhau ca tng thnh phn nh c nh gi bng cho im (matching score). Khi s im i snh ln vt ngng nh trc, c th coi l hai mu sinh trc gn tng t nhau. V d vi nhn dng vn tay, cc thnh phn nh c so snh l im kt thc (ridge ending) v im r nhnh (ridge bifurcation), gi chung l im c trng cc b (minutiae). Cc im ny c tch ra bng thut ton trch chn c trng vn tay. Cc im c trng cc b c nh v bng ba tham s (x, y, ) vi (x, y) biu din ta tng i ca im v biu din hng ca nh ti im . Thng thng, mt mu vn tay tt c t 20-70 im c trng cc b.
Hnh 2.4. im c trng cc b ca vn tay
Qu trnh i snh vi mt mu vn tay khc thc hin bng cch so snh v tr tng i gia cc im c trng cc b vi nhau qua thut ton i snh. Kt qu thut ton tr v l t s im i snh c chp nhn (matching score):
23
Hnh 2.5. i snh vn tay.
Kt qu minh ha trong hnh 2-5(a), hai vn tay khc nhau cho ra im i snh l 4, trong hnh 2-5(b), hai vn tay ging nhau cho ra im i snh l 49. Gi tr ti a ca im i snh l 100.
2.3. nh gi hiu nng v cht lng hot ng ca h sinh trc hc 2.3.1. Vn li trong hot ng ca h sinh trcKhi hot ng mt h sinh trc hc thng gp hai vn v li sau y: - Li khi i snh mu sinh trc ca hai ngi khc nhau nhng cho kt qu l ca cng mt ngi. Li ny c gi l loi b sai (false reject hay false match). - Li khi i snh hai mu sinh trc ca cng mt ngi nhng cho kt qu sai, v cho rng l ca hai ngi khc nhau. Li ny c gi l chp nhn sai (false accept hay false nonmatch).
2.3.2. Cc tham s nh gi cht lng. o lng mc li ca h thng, cc o thng dng c nh ngha nh sau FMR (False Match Rate): cn gi l FAR (False Accept Ratio)- T s chp nhn sai : cho bit t l tr li l ng i vi d liu vo l sai FNMR (False Nonmatch Rate): cn gi l FRR (False Rejection Ratio) - T s t chi sai: cho bit t l tr li l sai i vi d liu vo l ng.
24
Hai o ny c rng buc vi nhau: nu FMR cao th FNMR s gim tng i v ngc li. Mc chp nhn c ca FMR v FNMR ty thuc vo tng h xc thc sinh trc c th. Vi h yu cu tnh bo mt cao, v t nng vn an ton ca xc thc hn s tin dng ca ngi dng, th FMR s nh v FNMR s cao. Ngoi hai o trn, ngi ta cn s dng o FTC (Failure To Capture - thu nhn mu tht bi) v FTE (Failure to Enroll chp nhn mu tht bi) nh gi hiu nng ca h xc thc sinh trc hc.
2.4. H thng an ninh bo mt da trn trc hcH sinh trc hc c nhng u im m h bo mt thng thng khng c, nghin cu h thng an ninh, bo mt sinh da trn sinh trc hc (Biometric Security System) c quan tm nghin cu v ng dng. Hng nghin xy dng h thng trn c s kt hp h thng sinh trc hc vi h mt m (Biometric Cryptosystem) ang l vn thi s c quan tm nghin cu pht trin. S kt hp ny nhm mc tiu nng cao tnh an ton ca h mt m da trn cc u im ca h thng sinh trc hc. H thng an ninh, bo mt sinh trc hc (Biometric based Security System) da trn s nhn bit hoc thm nh cc c trng v th cht hay v hnh vi con ngi nhn dng, xc thc tng ch th [1,3,7,8]. Cng vi s pht trin nhanh chng ca CNTT v truyn thng, h thng an ninh da trn nhn dng, thm nh xc thc sinh trc hc v ang c quan tm nghin cu v c nhiu trin khai ng dng trong nhng nm gn y trn th gii. i vi cc giao dch in t v truyn thng, y l mt trong cc hng tip cn mi v an ninh thng tin v mng, an ton d liu. Phng php ny m ra trin vng ln v an ton trong cc giao dch in t, chnh ph in t, thng mi in t Cc lnh vc nghin cu v h thng an ninh sinh trc hc (Biometric Security Systems) - Cc cc nghin cu c bn v cc loi sinh trc hc, v phng php trch chn c trng sinh trc v v nhn dng, thm nh xc thc ch th con ngi. - Cc h nhn dng, thm nh xc thc sinh trc hc ch th trong h thng - H thng an ninh sinh trc hc trn c s h tng kha cng khai PKI (gi l h thng BioPKI) - Mt m sinh trc hc (Biometric Cryptography) Trong h mt m thng thng, im yu thng qu trnh bo v, qun l v phn phi kha. Nguy c ny e da cc mc tiu v xc thc v chng ph nhn. H sinh trc hc c ng dng gii quyt vn . Hin nay c hai hng tip cn kt hp sinh trc hc v mt m hc nh sau [9]: Dng sinh trc hc qun l kha (biometric-based key release) Dng sinh trc hc to kha (biometric-based key generation).
2.4.1. Dng sinh trc hc qun l v bo v khaNguyn tc ca phng php ny l qu trnh i snh sinh trc hc tch ring vi qu trnh m ha ca mt m hc. i snh thc hin theo kch bn: nu mu sinh trc i snh
25
chp nhn c so vi mu khun dng sinh trc lu tr, h s gii phng kha m t ni lu tr an ton, nh smart-card hay c s d liu trn my ch.
Hnh 2.6. Hai m hnh bo v kha trong h bo mt
Hnh 2.6 minh ha hai m hnh bo v kha trong h bo mt: m hnh th nht (hnh a) s dng mt khu truyn thng bo v kha m, y l m hnh bo v kha truyn thng v thng dng; m hnh th hai (hnh b) dng vn tay bo v kha m, y l dng kt hp sinh trc hc vi mt m hc. c im ca hng tip cn ny nh sau: Cn phi truy cp ti mu khun dng sinh trc hc thc hin i snh mu. Qu trnh xc thc ngi dng v qu trnh gii phng kha khi ni lu tr hon ton tch ri nhau (offline). Qu trnh thm nh xc thc ch th khng lin quan trc tip cc giao dch trn mng Hng gii php - Gii php dng sinh trc ti cc thit b u cui (End-User dng cng ngh nhng). Thng l gii php theo cc dng thit b theo cng ngh nhng. - K thut ch yu: KT nhn dng, i snh thm nh sinh trc hc t CSDL lu tr ti thit b nhng, t chnh xc cao. - ng dng: Thng dng cc gii php kha sinh trc ti thit b u cui, cht lng ph thuc vo dng thit b. Mt s vn an ton vi m hnh tip cn trn: Kh nng mu khun dng sinh trc hc b mt hay s dng li: Mu khun dng sinh trc hc c dng khi xc thc, v th t ra vn v an ton lu tr mu nh dng. Cch gii quyt c th l chuyn i mu khun dng sinh trc sang mt min biu din khc: H(X) vi X l mu khun dng sinh trc v H l hm chuyn i mt chiu khng th o ngc, c trng cho tng h mt khc nhau. Nhng cch gii quyt ny sinh ra kh khn khi thc hin i snh sinh trc trn min khng gian x l khc.
26
Chng s dng li mu sinh trc hc: Mt mu sinh trc hc thu nhn c h mt ny c th b s dng li ti mt h mt khc. trnh nguy c trn, c th thit k sao cho mu sinh trc hc ch c dng cho ring bit tng h mt khc nhau. iu ny thc hin khi cho thm mt vi thnh phn d liu b sung vo mu nh dng, tng t nh trong h xc thc mt m truyn thng. Thnh phn b sung ny gi l salt, c tnh cht c th cho tng h mt. Tch ri gia xc thc v gii phng kha: Do hai qu trnh tch ri nhau, nn kt qu ca xc thc c nguy c b tn cng sa i t sai thnh ng khi truyn ti kt qu, dn ti ph v an ton xc thc ca h thng.
2.4.2. Dng sinh trc hc sinh khaNghin cu kt hp k thut sinh trc vi k thut mt m, mt m sinh trc (Biometric Encryption) nhm nghin cu to ra kha m t mu khun dng v mu sinh trc trong h thng. Hng tip cn Biometric Cryptosystem cho php kt hp cht ch sinh trc hc vi mt m hc nhm khc phc cc im yu ca phng php bo v kha v cho php thc hin qu trnh thm nh xc thc ch th tch hp trc tip vo trong cc giao dch trn mng. y l hng nghin cu ch yu hin nay. Tuy nhin phng php to kha t mu sinh trc hc gp phi cc kh khn chnh sau [7,9]: - Kh khn khi cn phi sinh ra chui bit chnh xc t cc mu sinh trc thu nhn. Cc mu sinh trc hc thu nhn c t qu trnh khng n nh, chu nhiu tc ng ca nhng yu t ngu nhin khc nhau. V nguyn tc khng th thu c cc chui bt ng nht tuyt i t cc mu sinh trc sng ca cng mt ch th. Do vy chui bit c trng sinh trc thng khng chnh xc dng lm kha. y l kh khn ch yu ca phng php ny. - Vn s dng mu sinh trc hc vi nhiu h: Do kh nng ch sinh c mt kha t mt loi mu sinh trc hc, iu ny nh hng ti an ton ca cc h mt cn li khi mt h mt b tn cng. Gii php ca vn ny l thm mt phn d liu c trng c vai tr lm tham s cho kha sinh ra, nhm tng a dng ca kha i vi tng h mt. - Tnh ton phc tp. Cc gii thut tnh ton hin nay sinh ra kha t mu sinh trc yu cu lng tnh ton ln. Nhng vn kh nu trn l mc tiu nh hng nghin cu ca ti. Trong chng ny trnh by tng quan v h thng sinh trc hc v h thng an ninh bo mt da trn sinh trc hc: khi nim, cc thnh phn, hot ng; cc yu cu i vi h thng. Trong cc chng tip sau s trnh by nghin cu v gii php kt hp h bo mt sinh trc hc vo h tng c s kha cng khai PKI. Chng 4 tip theo s tp trung trnh by h tng PKI, h tng c s cho cc giao dch in t hin nay v cc vn an ton trong h PKI.
27
Chng 3. C S H TNG KHA CNG KHAI PKI V VN AN TON TRONG H THNG3.1. H mt m kha cng khaiMt m l mt cng c bao gm cc nguyn tc, phng tin v phng thc chuyn i d liu nhm n du ni dung thng tin, cng c tnh xc thc ca thng tin, ngn chn s thay i, tnh t chi, v vic s dng tri php thng tin. y l mt trong cc phng tin mang tnh cng ngh c dng m bo an ton cho d liu ca cc h thng thng tin v truyn thng. Mt m cng c th c dng bo v tnh b mt ca nhng d liu nh ti chnh hoc c nhn k c khi d liu c lu tr hay vn chuyn. Ngoi ra, n cng c th dng kim tra tnh ton vn ca d liu bng vic pht hin d liu b thay th hay cha v xc nh ngi hoc thit b gi n. Nhng k thut ny l rt quan trng i vi vic pht trin v s dng cc mng thng tin truyn thng ton cu v nhng cng ngh khc, nh pht trin thng mi in t. Mt m bao gm hai quy trnh hot ng tri ngc nhau: m ho v gii m. ng trn gc s dng my tnh trong vic bo mt thng tin, m ho l qu trnh p dng mt thut ton vo mt bn tin r sinh ra mt bn tin m. Bn tin m s xut hin nh l nhng th v ngha i vi mi ngi v tnh c c n, nhng c th bin i ngc li thnh bn tin r i vi nhng ngi c c thut ton ph hp. Qu trnh bin i bn tin m thnh bn tin r gi l qu trnh gii m . Qu trnh m ho thng c iu khin bi mt kho, thc cht l mt chui cc bt s dng lm cc tham s cho thut ton m ho. Qu trnh gii m cng c iu khin bi mt kho lm tham s cho thut ton gii m, v c th l ging hoc khc vi kho dng m ho [2]. Hin nay, trn th gii thng s dng 2 h mt c bn l Mt m kho b mt (Secret Key Cryptography) v Mt m kho cng khai (Public Key Cryptography).
3.1.1. Khi qut v h mt m kha cng khaiH mt m kho cng khai, cn gi l h mt m khng i xng (asymmetric Cryptography), s dng hai kho khc nhau cho qu trnh m ha v gii m: mt kho (kho cng khai public key) m ho, v kho kia (kho ring private key) gii m. Hai kho ny c quan h vi nhau v mt ton hc, nhng t kho cng khai khng th tm ra c kho ring. Trng h mt ny, nu A mun gi cho B mt bn tin mt, A trc tin s ly kho cng khai ca B t c s d liu cng cng v kho cng khai. Sau A s s dng kho cng khai ca B m ho bn tin, ri gi cho B. Pha B s s dng kho ring ca mnh gii m bn tin m. Nh vy l, ch B mi c th gii c bn tin m m A to ra. H mt ny c thc hin nh vo c tnh rt quan trng ca cp kho l khng th xc nh c kho gii m nu ch cn c vo cc thng tin v thut ton v kho m ho.
28
Nguyn tc ch yu ca h m PKI l dng c 1 cp kha cho mi giao dch khi dng mt kha kha ny m ha th s kha kia dng gii m v ngc li.
Hnh 3.1. Hot ng trao i thng tin bo mt trong h kha khng i xng
Trong hot ng trao i thng tin bo mt thng ip trong h kha khng i xng, thng dng kha cng khai m ha v dng kha ring kha c nhn gii m, nh vy ch ngi no l ch s hu kha c nhn th mi c th gii m c bn tin m ha. Khc vi h mt m kha i xng s dng mt kha b mt duy nht va m ha v gii m, phng php mt m dng cp kha cng khai v kha ring m ha v gii m thng tin. Cp kha ny tuy vn lin quan n nhau theo kiu tng ng 1-1, nhng nu bit kha ny th khng th suy ra kha kia c, do , phng php m ha ny c tn m ha bt i xng. Yu cu c bn vi mt h mt m ha cng khai [2]: Khng th tm ra c kha gii m nu bit thut ton v kha m ha. C 2 kha trong cp kha ny u c th dng m ha, kha cn li s gii m thng ip do kha th nht m ha. (y l yu cu khng bt buc nhng hu ht cc thut ton thng dng trong cng ngh m ha cng khai u c c im ny). Trong cp kha ny, kha cng khai c cng b rng ri, kha ring c gi b mt cho ch nhn ca n. Vn bo v b mt an ton kha c nhn ca ch s hu l im mu cht ca h thng kha cng khai.
29
Bn gi tin A
Thm m
Bn nhn tin B
Thng ip
M ha
M ha
Knh truyn
M ha
M ha
Thng ip
K RA
KUB
KRBKhi sinh kha
Khi sinh kha
KUA
Hnh 3.2. S hot ng h mt kha cng khai m bo tnh xc thc v tnh mt
Cng vic m ha v gii m c th m t tm tt nh sau: Mi u cui trong h thng mng sinh mt cp kha dng cho vic m ha v gii m cc thng ip m n nhn c. Mi u cui ny cng khai ha mt kha dng m ha ca n. Kha cn li c u cui ny gi cho ring mnh. Nu A mun gi mt thng ip cho B, A dng kha cng khai ca B m ha. Khi nhn c thng ip ny, B dng kha ring ca mnh gii m. Ch B c kha ring ny nn ngoi B ra, khng ai c th gii m thng ip .
3.1.2. Ch k s tng v ch k in t cng tng t nh ch k vit tay m chng ta vn dng. N dng k ln cc thng tin cn gi i nhm mc ch xc nhn tnh trung thc ca thng tin v ca ngi gi tin. Ngi nhn c th bit c ch k ny c ng hay khng v c phi ca ngi gi thc s hay khng. Ngoi ra, cng nh ch k vit tay, ch k in t c trng cho ch nhn ca n, k khc khng th bt chc c. Ch k in t c biu din trong my tnh bi mt xu cc s nh phn. N c to ra bi mt tp lut, mt tp tham s c trng ca ngi k, cng ton b d liu m n c dng k ln. C mt thut ton c kh nng to ra ch k bng kha ring v xc minh ch k bng kha cng khai tng ng. Mi ngi dng s hu mt cp kha ring / kha cng khai. Kha cng khai c cng b i chng, tuy nhin kha ring th ch c ch nhn ca n bit. Do vy, bt k ai cng c th xc minh ch k ca ngi khc bng kha cng khai tng ng, nhng vic to ra ch k th ch ngi s hu cp kha ny mi lm c. Mt hm bm c dng trong qu trnh to ch k. Mc ch ca n l nn d liu, bin mt mu tin thnh mu tin tm lc. Sau , mu tin tm lc ny c p dng thut ton sinh ch k. Ch k c chuyn i cho pha nhn cng vi d liu k [2]. Pha nhn lm nhim v kim tra xc minh mu tin va nhn c cng ch k i km bng cch dng kha cng khai ca ngi nhn. Pha nhn cng dng mt hm bm
30
nh trn thc hin trn d liu c k, thu c bn bm th nht. Song song vi vic , n dng kha cng khai ca ngi gi, gii m ch k thu c bn d liu bm th hai. Nu 2 bn bm ny ging nhau, ch k c xc thc, ngc li th khng.
Hnh 3.3. M hnh s dng ch k s
Thut ton v ch k in t xc minh tnh ton vn ca d liu v nhn dng ca ngi k. Thut ton ny c dng cho th in t, hay mt s hot ng qua mng khc nh chuyn tin, trao i d liu, phn phi phn mm, lu tr d liu v mt s ng dng khc m trong c yu cu v an ton v ton vn d liu.
3.2. H tng kha cng khai PKI 3.2.1. Khi qut chung v PKISng kin h tng kha cng khai PKI (Public Key Infrastructure, vit tt l PKI) ra i nm 1995, khi m cc t chc cng nghip v cc chnh ph xy dng cc tiu chun chung da trn phng php m ho h tr mt h tng bo mt trn mng Internet. Ti thi im , mc tiu c t ra l xy dng mt b tiu chun bo mt tng hp cng cc cng c v l thuyt cho php ngi s dng cng nh cc t chc (doanh nghip hoc phi li nhun) c th to lp, lu tr v trao i cc thng tin mt cch an ton trong phm vi c nhn v cng cng. PKI bn cht l mt h thng cng ngh va mang tnh tiu chun, chnh sch, va mang tnh ng dng c s dng khi to, lu tr v qun l cc chng thc in t (digital certificate) cng nh cc m kho cng cng v c nhn. Hin nay c rt nhiu cch nh ngha khc nhau v PKI tu theo gc nghin cu hoc ng dng c s h tng ny. Tuy nhin, mt cch c bn nht c th nh ngha c s h tng kho cng khai l mt h thng cng ngh, chun, cu trc v cc chnh sch phi hp vi nhau nhm bo m tnh b mt v an ton thng tin trn Internet s dng mt m kho cng khai [2]. C s h tng kha cng khai PKI l khung lm vic bao gm cu trc t chc cc thnh phn hot ng c phn cng v phn mm h thng, cng vi cc chnh sch, cc
31
th tc qun l v phn phi kha, qun l, cp pht cc chng ch s (digital certificate) v chng thc cc chng ch s. Nn tng mt m ca PKI chnh l h thng mt m kha cng khai. Nh vy PKI l mt c s h tng h thng va mang tnh m hnh va mang tnh cng ngh v cc chun, va l m hnh kin trc va l h thng cc giao dch v ng dng cho php thc hin khi to, lu tr, qun l cc chng ch s (Digital certificate), qun l v phn phi cc kho cng khai, kha c nhn v c ch chng thc chng ch s [11,12]. Hin nay trn th gii PKI c xy dng v trin khai thnh cc kin trc h thng c th bao gm t chc phn cng, phn mm, cc chnh sch quy tc, cc th tc, cc giao dch trong h thng v cc chun. Cng ngh lm nn tng cho cc hot ng chng thc l cng ngh mt m kho cng khai. Cc thnh phn c bn nht trong cng ngh mt m kho cng khai bao gm cc thut ton to cp kho cng khai/ kho ring, cc thut ton bo mt, c ch m ho v gii m thng tin, phng php to ra ch k in t v cu trc ca chng ch s. Cc thnh phn ch yu ca PKI bao gm [11]: - CA (Certificate Authority): B phn thm quyn pht hnh chng ch v chng thc - RA (Registration Authority): B phn thm quyn ng k chng ch, - Certificate Holder- User: ngi s dng trong h thng PKI, ch th chng ch, - Digital Certificate Distribution System: H thng phn phi chng ch s, kho cha - Relying Party: Cc thc th lin quan s dng chng ch. Cc hot ng giao dch c s trong h PKI bao gm: To yu cu chng ch s; Pht hnh chng ch s; cng b chng ch s; s dng/ hy b chng ch s; chng thc chng ch s, bo v kha c nhn ca ngi dng chng ch s. S lc v cng ngh v k thut, c cc chun h thng PKI vi cc nh dng chng ch s khc nhau [12]: - Chng thc s theo chun X.509: Do nhm PKIX ca IETF xy dng, dng giao thc bo mt SSL, IPSec, s dng cho m hnh kin trc PKI phn cp. - Chng thc s SPKI - Simple Public Key Infrastructure. - Chng thc s PGP - Pretty Good Privacy: Do Phil Zimmermann thit k vo nm 1991, chun m ha th in t v chng thc ch k s bng chng nhn PGP, s dng m hnh PKI li Web of Trust.
3.2.2. Cc m hnh kin trc ca PKIV mt l thuyt th c nhiu kiu m hnh PKI. Mi m hnh c cc thuc tnh v t chc v s tin cy ring nh s lng cc CA trong mt PKI, im tin cy ca ngi dng cui trong mt PKI, v quan h tin cy gia cc CA trong mt PKI c nhiu CA [2,11,12] . Tuy nhin, thc t ch c mt s m hnh PKI sau y l c trin khai: Kin trc mt CA n - Single CA architecture
32
Hnh 3.4. Kin trc CA n
Kin trc cy phn cp - Hierarchical architecture
Hnh 3.5. Kin trc CA phn cp
Kin trc mt li - Mesh architecture
33
Hnh 3.6. Cu trc CA dng li
Kin trc hn hp - Hybrid architecture
Hnh 3.7. Kin trc PKI dng hn hp
34
3.2.3. Kin trc cc thnh phn trong hot ng PKIC th thy trn hnh v di y s phi hp hot ng ca 5 thnh phn c bn trong kin trc ca PKI [11]:
Hnh 3.8. Kin trc cc thnh phn PKI
Cc thc th u cui (End Entities EE)
Trn thc t, mt EE c th l ngi dng cui, hoc mt thit b nh router, my ch, mt x l, hay bt k th g c th c gn l i tng ca h thng chng ch kha cng khai. Tm li, EE c th c hiu l khch hng ca cc dch v PKI. Thm ch, mt nh cung cp cc dch v PKI cng i khi c coi l EE, v d mt RA c th coi l EE ca CA (CA v RA s c gii thch c th sau). Cc EE b rng buc bi cc chng ch. V d nh cc server v cc ngi dng u cui phi c kt np vo PKI trc khi c th tham gia nh mt thnh vin ca PKI. B phn thm quyn pht hnh chng ch (Certificate Authority CA)
Cc kha cng khai c phn tn theo cc chng ch. Bi th, CA l mt phn v cng quan trng trong kin trc PKI v n l n v duy nht k v pht hnh cc chng ch kha cng khai (CA s dng kha ring ca mnh k cc chng ch). Thc cht ca cng vic l lin kt tn i tng vi kha cng khai, cng nhn rng i tng s hu kha cng khai tng ng. CA cng ng thi chu trch nhim pht hnh cc danh sch chng ch b hy (CRL) nu n khng y quyn cho mt n v chuyn trch lm vic ny (CRL Issuer). CA cng thc hin mt s tc v qun tr nh ng k cho ngi dng, tuy nhin vic ny thng c y thc cho RA (Registration Authority) (RA s c gii thch r rng sau). Trong qu trnh hot ng, CA cn kim nhim c vic lu v khi phc kha mc d cng vic ny cng c th c y thc cho mt b phn chuyn trch.
35
Trong kin trc PKI, thng thng, cc EE c nh cu hnh vi mt hay nhiu mc tin cy no . Nhng mc ny c coi l im xut pht cho cc qu trnh xc minh tip theo. Chnh CA ng vai tr lm c s cho s an ton v tin cy ny. B phn thm quyn ng k (Registration Authority RA)
RA l mt thnh phn khng bt buc phi c trong kin trc PKI. Tuy nhin s xut hin ca n l rt hu ch v s gim nh s lng cng vic m CA phi lm. Nh chng ta ni trn, RA thng tham gia vo qu trnh ng k cho cc EE. Cng vic ny bao gm c vic xc minh cc thng tin m EE dng ng k vi PKI. Ngoi ra, RA cn m nhim mt s cng vic khc, gm: - Thit lp v xc nhn thng tin c nhn ca mt thc th. - Pht tn thng tin chia s ti cc ngi dng, phc v vic xc thc trong mt tin trnh khi to trc tuyn. - Khi to tin trnh chng nhn bi mt CA. Lc ny, RA ng vai tr mt EE. - Cung cp cc thng tin cn thit vi t cch mt ngi dng cui. - Thc hin vic qun l vng i ca cc kha, chng ch. Mc d RA c th gnh vc rt nhiu cng vic gip CA, nhng n khng bao gi c giao quyn pht hnh chng ch kha cng khai, y lun l c quyn ca CA. Tm li, vic xut hin ca RA mang li 2 li ch chnh: - Gim chi ph, c bit l i vi cc t chc phn tn trn din rng, c th phn tn cc RA qun l gip CA. - Vic gim nh cng vic cho CA gip CA c th ngh ngi nhiu hn. Do s gim thiu c cc c hi tn cng nhm vo CA . Chng ch v h thng kho lu tr cc chng ch
Trong vic dng kha cng khai, chng ch l mt vn bn in t c CA k cho cc EE, cng nhn tnh ng n v xc thc ca cc thng tin m EE dng giao tip. Kho lu tr cc chng ch thng l mt th mc. Tuy nhin, trong kin trc PKI, kho ny thc cht l mt cch no lu cc thng tin lin quan ca PKI, v d nh cc chng ch kha cng khai, cc CRL. Trong chun X.500, kho lu tr ny l mt th mc my ch m my khch c th truy cp qua giao thc LDAP (Lightweight Directory Access Protocol), hoc ly file trn my ch qua giao thc FTP (File Transfer Protocol), giao thc HTTP (Hyper Text Transfer Protocol). Ngoi ra, kho ny cn p ng c mt s yu cu t pha h thng my khch. V d c th tr li cho my khch v tnh trng ca cc chng ch, xem chng b hy cha. Tuy nhin, li ch c bn ca cc kho lu tr ny chnh l vic cc EE c ni tm cc chng ch v cc CRL. V d khi A mun giao tip vi B, A phi bit c kha cng khai ca B, v kha c th tm thy trong kho lu tr ny. Danh sch cc chng ch b hy
36
(CRL - Certificate Revocation List) v b phn pht hnh (CRL Issuers). CRL cha danh sch cc chng ch b hy, km theo ch k in t m bo s ton vn v xc thc ca n. Ch k trong CRL thng chnh l ca thc th k v pht hnh cc chng ch trong CRL ny. Cc CRL thng c lu c th d dng thc hin xc minh cc chng ch khi lm vic off-line. Thng thng, CA pht hnh cc chng ch s no th s ng thi chu trch nhim pht cc thng tin v cc chng ch b hy trong s . Tuy nhin, CA cng c th y thc cho mt b phn khc chuyn pht hnh cc thng tin ny, chnh l b phn pht hnh CRL (CRL Issuer). Trong trng hp , cc CRL c pht hnh gi l cc CRL gin tip.
3.3. Cc giao dch in t vi h tng kha cng khai 3.3.1. Cc dch v ca PKI m bo qu trnh truyn thng an ton. Cung cp mt knh truyn thng tin cy gia PKI v khch hng. T vn khch hng cc gii php, cng nh thc hin truyn thng tin cy gia cc khch hng. Ta c th k n mt s cc dch v ng dng PKI: Secure e-mail (s dng giao thc, v d nh Secure Multipurpose Internet Mail Extensions Version 2, S/MIMEv2, [RFC2311, RFC2312] hoc S/MIMEv3 [RFC2632, RFC2633]) Secure Web server access (s dng giao thc, v d nh Transport Layer Security, or TLS, [RFC2246]) A secure Virtual Private Network, or VPN (s dng giao thc, v d nh IPsec/IKE [RFC2401, RFC2411]) V d nh vi secure-email, c th thc thi bi dch v ca PKI nh sau: Khch hng s s dng gi phn mm i km ca PKI m ha email ri truyn email qua cc vng mng khng an ton s dng c php chun S/MIME m khng cn phi lo lng v tnh ton vn, tnh xc thc, tnh mt ca email . Chng ph nhn: bt k ti liu ti pht tn trn mn bt u t mt nh phn phi hp l th u b PKI tm ra ai l ch th ca n, gip m bo quyn li ca khch hng. Cc PKI cng c th hp tc vi nhau to ra mt mi trng truyn thng kh l tng cho khch hng. PKI cng cung cp lun c cc dch v v phn quyn, i vi mt ti liu, cn c vo ni dung chng ch c th cho bit khch hng nhng quyn g i vi loi ti liu .
3.3.2. Xc thc an ton trong giao dch in t Di gc nhn v bo mt thng tin phi m bo cc yu cu sau:
- Yu cu v bo mt thng tin: trong giao dch in t xut hin rt nhiu thng tin ring t cn c gi mt tng mc khc nhau. l cc thng tin v c nhn khch hng (danh tnh, a ch, a ch th in t, cc thng tin v ti khon ngn hng); cc thng tin v ti khon ca doanh nghip ti cc ngn hng.
37
Yu cu v tnh ton vn thng tin: thng tin giao dch c m ha di dng chui bit/byte v c truyn qua mi trng mng Internet. Nh chng ta bit, mng Internet hon ton l mt h thng m, rt d b tn cng v xm nhp. Cc thng tin giao dch khng nhng b l m hon ton c th b thay i vi mc ch xu. Yu cu v chng thc ngun gc thng tin: cc thng tin trong giao dch in t u c ch th ca n (khch hng, doanh nghip, trung tm x l d liu, ngn hng ). Yu cu v chng thc ngun gc thng tin gm c 2 kha cnh: - Ai l ch th ca thng tin? - Chng t chi ngun gc thng tin? Cc yu cu v an ton h thng khc: chng tn cng v xm nhp vo website, trung tm d liu, chng n cp thng tin khch hng.
Xc thc tr thnh mt yu cu cp thit v ti quan trng ngay t khi cc tng v thng mi in t mi ra i. Trong qu trnh pht trin v gii quyt vn xc thc th chng ch s to bi h tng kha cng khai PKI (Public Key Infrastructure) ni ln nh mt gii php u vit hng u. Tuy nhin, mt trong nhng vn ni cm l bo v cc chng ch s v cc kha ring t (kha b mt).
3.3.3. c im khi trin khai PKI Nhng li ch c th nhn thy khi trin khai PKI l [12]: - Tit kim thi gian lm vic, v d nh th t, bo co, hp ng c th gi theo con ng in t thay v dng con ng vt l nh truyn thng. - Ngi dng c th dnh thi gian vo cc cng vic phi lm tay, thay v lun qun vi cc cng vic ca c s h tng bo mt. - S qun l tp trung, thng nht s gim bt lng ti nguyn cho cng vic qun tr. - Gi vt liu thp hn, cn t khng gian lu tr hn, t d tha hn. - Gim tn tht do mt mt thng tin. - Kh nng to mng ring o (Virtual Private Network VPN) qua mt mng cng cng nh Internet c th lm gim chi ph so vi vic thu mt ng dy ring. - C th to ra li nhun t vic kinh doanh mt s dch v, v d nh vic kim tra tnh hp l ca cc giao dch ti chnh bng ch k in t v chng ch s. Nhc im v kh khn khi trin khai PKI
Tuy nhin bn cnh cc im mnh, cng c mt s im ng cn nhc khi c nh trin khai PKI: - H thng phc tp, kin trc cn ph thuc cc chnh sch - Tnh php l ca chng ch s.
38
3.4. Vn an ton trong h thng PKIMc d h thng PKI c coi l gii php cho vn an ninh v xc thc hin nay, nhng bn thn h thng cng nh c ch, m hnh hot ng ca n vn cn s h. Cc s h ny khng nht thit n t c ch mt m hc, vn c cng ng mt m kim nghim, m n t nhiu nhn t ch quan v khch quan khc nhau, trong phi k ti yu t con ngi. Mt h PKI v c bn vn tn ti mt s ri ro v bo mt sau: Mt kha c nhn, gi mo kha cng khai, gi mo nh danh ch th [3,18]. An ton kha c nhn
Trong h thng PKI hin nay, kha c nhn c lu tr trn phng tin truyn thng nh trn my tnh ca ngi dng, hoc smartcard v phng tin ny c bo v truy cp bng mt mt khu c bo v truy cp bng mt mt khu di 6 n 8 k t, an ton ca ngi dng ph thuc c vo mt khu ny. C ch m bo an ton cho kha c nhn bng mt khu khng th hin c tnh chng ph nhn trong mt m hc. Bn thn mt khu c nhiu nguy c d b l, hoc b mt bi virus, b nh cp bi cc chng trnh m c hi. Khi kha c nhn mt s rt nguy him, th bt c ai cng c th gi mo ngi v khng ch l mt thng tin m cn c th dn n v c h thng. Nh vy an ton bo mt khi dng cp kha trong h thng ph thuc vo mt khu. Bo mt kha c nhn l vn quan trng trong h thng c s h tng PKI v cng l im yu trong hot ng ca cc h PKI truyn thng. Gi mo kha cng khai: Trng hp kha ny c bo v bng ch k ca CA, tc l kim tra c bng kha cng khai ca CA, c nguy c k tn cng thay th kha ca CA trn my ngi dng, sau tin hnh thay th kha cng khai ca ngi dng bng kha gi. Gi mo kha cng khai dn n l thng tin trong h thng. nh danh i tng: Chng ch s c cha tn ca i tng v phi c thm cc thng tin b sung trnh trng hp nh danh sai do cc thng tin c nhn ca ngi dng trng nhau Trong cc nguy c v bo mt k trn ta thy nguy c ln nht trong PKI l b mt kha c nhn. Vn ny c th c gii quyt bng mt c ch xc thc nh danh mnh hn mt khu truyn thng. l sinh trc hc. Do sinh trc hc mang bn cht chng ph nhn, kh nng gi mo, mt trm c trng sinh trc hc thp hn nhiu so vi mt khu, nn y l gii php tng i hon thin cho vn an ton v s dng kha c nhn.
39
Phn III. BO CO KT QU NGHIN CU CA TIChng 4. NGHIN CU PHN TCH V XY DNG M HNH GII PHP H THNG BioPKI4.1. Vn kt hp sinh trc vo h tng kha cng khai PKINh trnh by cc chng trn, ngy nay h tng kha cng khai PKI l nn tng cho nhiu ng dng bo mt pht trin cho cc giao dch in t qua mng Internet. Tuy nhin, trong h thng PKI vn tn ti vn v an ton trong vic qun l v bo v kha c nhn. Vn ny c nghin cu t lu, c rt nhiu cc gii php khc nhau c a ra gii quyt vn . Mt trong nhng gii php ang c quan tm nghin cu l kt hp sinh trc hc vi PKI tng cng kh nng an ton cho h thng PKI nhm loi b nguy c s dng tri php kha c nhn. Khi qut v mt h thng BioPKI c minh ha trong Hnh 4.1.
Hnh 4.1. Hng tip cn h thng BioPKI
Tuy nhin h thng BioPKI khng phi ch l mt php cng n gin gia h tng kha cng khai PKI vi mt h sinh trc hc no . Vic nghin cu xy dng h thng BioPKI cn gii quyt cc vn ch yu sau: H thng xc thc thm nh sinh trc (Biometric Verification-Authentication System) vi cc vn v kh thm nh sinh trc sng v v cc loi sinh trc ( trnh by chng 2) H tng kha cng khai PKI: Kin trc, chnh sch, cng ngh v cc vn k thut ( trnh by chng 3) M hnh kt hp hai h thng: Biometric security system v PKI system
40
Hn na, nghin cu xy dng h BioPKI lin quan n nhiu vn t c s php l, chnh sch, m hnh kin trc, m hnh tch hp n phn tch thit k h thng, thit k cc gii thut v cc gii php k thut thc thi. Cc phn tip theo ca chng ny s trnh by phn tch cc hng tip cn BioPKI trn c s xy dng gii php v h thng Bio-PKI.
4.2. Phn tch cc hng tip cn nghin cu h thng BioPKIHin nay c 3 hng tip cn ch yu nghin cu v gii php h BioPKI [3,5,7]: - Gii php 1: i snh c trng sinh trc thay mt khu (password) xc thc ch th - Gii php 2: Tch hp k thut nhn dng sinh trc vo qu trnh m ha bo mt, mt m sinh trc bo v kha c nhn - Gii php 3: Sinh kha c nhn trc tip t cc c trng sinh trc hc
4.2.1. Gii php 1: i snh c trng sinh trc thay mt khu xc thc ch thM hnh nguyn tc hot ng ca h thng xc thc dng thm nh sinh trc vn tay thay mt khu c minh ha trong hnh 4.2.
Hnh 4.2. H thng xc thc mt khu v xc thc thm nh sinh trc vn tay
Theo gii php ny, ngi dng mi khi s dng h thng PKI cn gi km theo thng tin sinh trc hc chng minh bn thn. H thng PKI s thc hin cc cc th tc xc thc thng thng v thc hin i snh thng tin sinh trc ca ngi dng km theo ti thi im vi mu sinh trc lu trong qu trnh ng k. Gii php 1 cho php lm tng tnh tin cy ca h thng PKI, nhng cn phi lu mt s c im sau: H thm nh xc thc sinh trc da trn k thut i snh mu thng thng ca k thut nhn dng, d kh thi. Khi cc mu sinh trc c lu tr tp trung ti Server, t ra vn bo m an ton cho my ch lu tr v qu trnh truyn cc c trng sinh trc t ni lu tr n ni s dng i snh.
41
Qu trnh i snh c trng thm nh sinh trc tch ri qu trnh hot ng mt m trong h PKI. Kt qu i snh c trng sinh trc l iu kin h thng tip tc thc hin cc hot ng khc, hn na cc kt qu thng c gi qua mi trng mng truyn thng, do vy c ny sinh nguy c b tn cng vo knh truyn thng nhm lm sai lch kt qu tr li.
c trng sinh trc hc c gi t ngi dng ti my ch i snh nn c th b mt trm v dn n tn cng gi mo. u im l tn dng cc k thut v i snh sinh trc hc hin c, d thc hin trn thit b nhng. Khi kt hp vi gii php cng ngh nhng c th t chc lu ti thit b nhng c nhn, tuy nhin an ton bo mt cn ph thuc vo an ton ca dng thit b lu tr mu v giao thc truyn thng bo mt t ni lu tr n ni s dng.
4.2.2. Gii php 2: kt hp k thut nhn dng sinh trc vi k thut mt m, m ha bo mt kha c nhnTheo hng tip cn ny, nhiu phng php ang c quan tm nghin cu, ni bt l phng php m ha bo mt sinh trc BE (Biometric Encryption) [1,7]. Qu trnh m ha bo mt m sinh trc hc l qu trnh m ha gn kt s PIN hay kha m sinh trc vi c trng sinh trc sao cho sau c kha m v c trng sinh trc gc u khng cn lu tr v khi phc chnh xc. Tuy nhin kha sinh trc ch c to li ng khi mu sinh trc hc sng ca ch th xut hin trong qu trnh thm nh. S khi m hnh h thng da trn k thut BE c trnh by trong hnh 4.3
Hnh 4.3. H thng BioPKI xc thc thm nh sinh trc theo phng php mt m sinh trc hc (Biometric Encryption- BE)
42
y l hng nghin cu mi ang c nhiu ngi quan tm nghin cu hin nay, cc c im ca phng php ny nh sau: H thm nh xc thc sinh trc da trn kha m sinh trc trnh phi i snh mu sinh trc trc tip, cho php chp nhn khng n nh khi thu nhn cc du sinh trc sng trc tuyn, gii quyt mt vn kh mu cht ca cc h thng thm nh sinh trc. Lu cc kha m sinh trc thay cho lu trc tip cc mu sinh trc, cho php t chc lu tr phn tn v an ton Qu trnh i snh sinh trc c tch hp vo qu trnh hot ng mt m trong cc giao dch s dng chng ch s ca h PKI. Qu trnh thm nh ch th gn lin vi c ch trao i kha trong cc hot ng giao dch lm tng an ton lu tr v bo v truy cp kha c nhn. kh v phc tp ca cc thut ton mt m sinh trc (Biometric Encyption), i hi nhiu nghin cu v m hnh v thut ton.
4.2.3. Gii php 3: dng sinh trc hc sinh kha c nhn tng chnh ca hng ny l kha c nhn c sinh trc tip da trn c trng sinh trc hc v c dng k cc d liu. u im ln nht ca gii php ny l n khng cn ni lu tr, do vy loi b nguy c tn cng kha c nhn. Mt khc, h thng rt thun tin khi bn thn ngi dng mang theo kha c nhn s dng bt k u, khng cn thit phi c a lu tr hoc smartcard [13]. Kha cng khai s c sinh tng ng vi kha c nhn ny theo thut ton RSA.Enrollment Template
Sample
Accept Shape matching Reject Feature coding
Code string
Private key generation
Forgery
Hnh 4.4. H thng BioPKI dng kha c nhn sinh trc hc
Trn thc t gii php 3 kh kh thi, kh trin khai ng dng v c nhng gii hn v l thuyt. nh hng nghin cu v h thng BioPKI s nghin cu hai gii php 1 v 2 v tp trung nghin cu gii php 2.
4.3. xut m hnh gii php h thng BK-BioPKI ca ti
43
Theo hng nghin cu BioPKI [5], khung lm vic ca h thng BioPKI trong mi trng mng c trnh by trong hnh 4.5 di y.
CA for Public Keys ClientBiometrics Devices Extraction Biometric key Storage -Biometric Verification
Server
Computer Network
CSDL CA CSDL BioInfor
CA for Biometrics InformationHnh 4.5. Khung lm vic ca h thng trong mi trng mng
t c cc kt qu nghin cu theo cc yu cu nhim v, ni dung nghin cu ca nhim v ti c xc nh bao gm t nghin cu v phng din l thuyt xy dng m hnh gii php h thng an ninh da trn sinh trc hc vn tay kt hp vi h tng kha cng khai BioPKI n nghin cu v phng din k thut phn tch thit k ton b h thng BioPKI v la chn gii php cng ngh thc thi ci t trin khai h thng trong mi trng mng phng th nghim. Trn c s xy dng v th nghim mt s ng dng v ch k s v bo mt thng ip trong h thng BioPKI. xut m hnh h thng an ninh thng tin da trn sinh trc hc BioPKI bao gm cc thnh phn h thng sau: H thng li h tng kha cng khai PKI H thng sinh trc thm nh xc thc sinh trc vn tay trc tuyn (Fingerprint Biometric System) M hnh tch hp h sinh trc vo h tng kha cng khai v xy dng h thng tch hp BioPKI (gi tn l BK-BioPKI) M hnh mc khung cnh h thng BK-BioPKI c trnh by trong Hnh 4.6.
44
Certificate Certificate
Certificate
Hnh 4.6. M hnh mc khung cnh h thng BioPKI
4.3.1. H thng li h tng kha cng khai PKI.Nh trnh by phn trn, nhim v ch yu ca ti tp trung vo vn tng cng bo mt kha c nhn trong hot ng h thng PKI, ti la chn gii php xy dng h thng PKI da trn m hnh kin trc CA n lm h thng li nghin cu gii php tch hp h thng sinh xc thc thm nh sinh trc vo h PKI xc thc sinh trc ngi dng. H thng h tng c s PKI ca ti c xy dng m bo y cc thnh phn ch yu ca m hnh PKI, bao gm: - B phn thm quyn xc thc v cp chng ch (CA) - B phn thm quyn ng k (RA) - H thng phn phi, qun l chng ch s - chng th s (Certificate) - Lu tr chng ch s (CR) - Ngi dng trong h thng (user) Cc hot giao dch c s trong h thng PKI bao gm: - ng k ngi dng - Xin cp chng ch - Cp pht v qun l chng ch s - Gia hn hay hy b chng ch s - Thc hin c ch s dng chng ch s, xc thc ch k s
45
4.3.2. H thm nh xc thc sinh trc vn tay trc tuynH thng thm nh xc thc sinh trc da trn m hnh c bn di y:
Hnh 4.7. M hnh h thng thm nh xc thc sinh trc
Theo m hnh ny h thng sinh trc ca h BioPKI dng sinh trc vn tay sng c ly trc tuyn t thit b scanner. Hot ng ca h thng sinh trc gm 2 phn h chc nng hot ng bao gm: Pha ng k sinh trc (Enrollment): - ng k ngi dng - Ly du vn tay sng trc tuyn t thit b - X l nh trch chn c trng - M ha - Lu tr c trng Pha xc thc v thm nh (Verification and Authentication): - Ly du vn tay sng trc tuyn t thit b - X l nh trch chn c trng - i snh thm nh trc tuyn (online) xc thc vn tay ca ch th ngi dng
4.3.3. M hnh tch hp h sinh trc vo h tng kha cng khai thnh h BKBioPKITrn c s nghin cu cc hng tip cn BioPKI nh phn tch trong phn 4.2, ti nghin cu xut m hnh tch hp h thng kt hp gii php 1 v gii php 2. M hnh mc khung cnh c trnh by trong hnh 4.6, bao gm: - H thng li PKI trn c s kin trc CA n c xy dng trn c s b th vin m OpenSSL v ngn ng C++ vi Windows 2003. Trung tm xc thc CA server m nhim cc chc nng c bn ca CA h PKI. Trong giai on hin ti trong h thng RA c vai tr qun l ngi dng, lu tr kha c nhn c bo mt bng sinh trc vn tay. Ton b cc giao thc ca cc giao dch c s ga RA v CA c thit k v ci t lm c s tch hp h sinh trc to thnh h BioPKI.
46
- H sinh thm nh sinh trc vn tay sng trc tuyn bao gm 2 phn h sinh trc: Phn h sinh trc thm nh trc tuyn vn tay ngi dng (theo hng tip cn gii php 1, gi l Phn h sinh trc 1); Phn h sinh trc sinh kha sinh trc vn tay bo mt kha c nhn ca ngi dng trong h thng (theo hng tip gii php 2 gi l Phn h sinh trc 2). H sinh trc c tch hp vo h BioPKI ti my user v c qun l bi RA v xc thc bi CA, chi tit ca m hnh tch hp s c trnh by trong chng 5 v chng 7.
4.4. Gii php cng ngh thit k v trin khai h thng BK-BioPKI 4.4.1. Cu hnh mng h thng v thit b- Cu hnh mng cc b cho h thng BK-BioPKI trong giai on ny bao gm mt my Server v cc my Client (users) kt ni hot ng trong mi trng mng tc nghip ti phng th nghim khoa CNTT HBK HN - Thit b qut vn tay: Scaner Futronic model 9880, Futronic's FS82 USB 2.0 Fingerprint scanner with scanning window size is 16x24mm; Image resolution is 480x320 pixel, 500 DPI; Raw fingerprint image file size is 150K byte; with Live Finger Detection (LFD). - H thng li PKI c thit k trn c s b th vin m ngun m OpenSSL, theo chun X509. - Tt c cc my trong phng th nghim c ci t mi trng lp trnh Windows XP SP1, b cng c lp trnh Microsoft visual studio 2003, h qun tr c s d liu MySQL.
4.4.2. Ni dung xy dng v trin khai ton b cc thnh phn h thng BKBioPKITon b h thng BK-BioPKI c thit k xy dng trn cu hnh h thng phn cng v lp trnh ton b bao gm cc thnh phn h thng: - H thng phn mm c s BK-PKI: s trnh chi tit trong chng 6 - H thng phn mm sinh trc Fingerprint Biometric Verification: s trnh chi tit trong chng 5. - H thng phn mm tch hp BK-BioPKI: s trnh chi tit trong chng 7 - H thng phn mm cc ng dng trong h thng BK-BioPKI: s trnh by chi tit trong chng 8.
4.4.3. Phng n phn tch thit k xy dng h thng BK-BioPKI Mc d hin ti c cc phn mm m v h PKI nh OpenCA, trong giai on ny ti chn phng n: Phn tch thit k v xy dng h thng li h tng kha cng khai PKI theo chun trn c s dng b th vin OpenSSL trin khai cc hot ng giao dch trong mi trng mng phng ti th nghim. Vi phng n ny cho php lm ch ton b h thng PKI th nghim m hnh gii php tch hp BioPKI. Phn tch thit k h thng sinh trc ca h BioPKI
47
- ti la chn dng sinh trc vn tay sng v xy dng h thng trn c s kt hp 2 hng tip cn BioPKI: gii php 1 v gii php 2 (H thng sinh trc vn tay gm 2 phn h sinh trc 1 v phn h sinh trc 2 c trnh by chi tit trong chng 5). - Dng thit b scanner USB qut vn tay thng dng, gi thnh r. Ngn ng lp trnh: C++, Matlab
Cc ni dung phn tch thit k xy dng v ci t h thng BK-BioPKI s c trnh by chi tit trong cc chng 5, 6, 7 v 8 tip theo y.
48
Chng 5. PHN TCH THIT K V XY DNG PHN MM H THM NH XC THC SINH TRC VN TAY5.1. H thm nh sinh trc vn tay trong h thng BK-BioPKI.V m hnh h thng PKI cng vi c ch xc thc chng ch s trn c s h mt m kha cng khai v nguyn tc v l thuyt l m bo an ton nh cc phng php m ha v gii m cng vi knh truyn thng bo mt dng giao thc SSL. Tuy nhin, l hng ca trong hot ng ca h thng PKI li lin quan n chnh yu t ngi dng. Tht vy chng ta c th thy c tc hi nghim trng khi mt ngi dng nh mt kha c nhn hoc qun mt khu hoc b l mt khu gii m kha c nhn, t , ngi dng s mt ht an ton cc thng tin, d liu c m ha, hoc nguy him hn, nu h b k xu s dng tri php kha c nhn lm cc bt c vic g hn mun (s dng ch k s), v sau ngi dng khng th t chi c nhng thng tin c k bng kha c nhn ca h b mt. Mt trong cc hng nghin cu gii quyt vn l xy dng cc gii php an ninh thng tin da trn sinh trc hc trn c s kt hp h xc thc sinh trc vo h tng kha cng khai PKI to thnh h BioPKI. ti nghin cu xut gii php. H thm nh xc thc sinh trc vn tay trong h thng BK-BioPKI bao gm 2 phn h: Phn h sinh trc thm nh trc tuyn vn tay ngi dng (theo hng tip cn gii php 1 v BioPKI, gi l Phn h sinh trc 1). Phn h sinh trc sinh kha sinh trc vn tay bo mt kha c nhn ca ngi dng trong h thng (theo hng tip gii php 2 v BioPKI, gi l Phn h sinh trc 2) Mi phn h sinh trc bn thn n l mt h thng thm nh xc thc sinh trc vn tay sng trc tuyn, bao gm 2 qu trnh hot ng ch yu: - ng k (Enrollment) - Thm nh xc thc (Verification Authentication) Sau y s
![[Quản trị hệ thống phân phối] Mô hình hệ thống phân phối online](https://img.dokumen.tips/doc/110x75/55a532891a28abac5f8b4673/quan-tri-he-thong-phan-phoi-mo-hinh-he-thong-phan-phoi-online.jpg)
