Upload
congtuhenze-bt
View
257
Download
0
Embed Size (px)
Citation preview
8/2/2019 NSec 4.0.1 - Symmetric Encryption
1/64
NETWORK SECURITY
SYMMETRIC ENCRYPTION
11
8/2/2019 NSec 4.0.1 - Symmetric Encryption
2/64
Hai k thut m ha ch yu
M ha i xng
o Bn gi v bn nhn s dng chung mt kha
o Cn gi l
o M ha truyn thng
o M ha kha ring / kha n / kha b mt
o L k thut m ha duy nht trc nhng nm 70
o Hin vn cn c dng rt ph bin
M ha kha cng khai (bt i xng)o Mi bn s dng mt cp kha
o Mt kha cng khai + Mt kha ring
o Cng b chnh thc nm 1976
An ninh Mng 22
8/2/2019 NSec 4.0.1 - Symmetric Encryption
3/64
Mt s cch phn loi khc
Theo phng thc x l
o M ha khi
o Mi ln x l mt khi nguyn bn v to ra khi bn m tng ng (chnghn 64 hay 128 bit)
o
M ha lungo X l d liu u vo lin tc (chng hn mi ln 1 bit)
Theo phng thc chuyn i
o M ha thay th
o Chuyn i mi phn t nguyn bn thnh mt phn t bn m tng ng
o M ha hon v
o B tr li v tr cc phn t trong nguyn bn
33
8/2/2019 NSec 4.0.1 - Symmetric Encryption
4/64
M hnh h m ha i xng
An ninh Mng 44
Kha b mt dng chungbi bn gi v bn nhn
Kha b mt dng chungbi bn gi v bn nhn
Gii thut m ha Gii thut gii m
Nguyn bnu vo
Nguyn bnu ra
Bn m
truyn i
M ha
Y = EK(X)
Gii m
X = DK(Y)
8/2/2019 NSec 4.0.1 - Symmetric Encryption
5/64
M hnh h m ha i xng
Gm c 5 thnh phno Nguyn bn
o Gii thut m ha
o Kha b mto Bn m
o Gii thut gii m
An ninh ph thuc vo s b mt ca kha,khng ph thuc vo s b mt ca gii thut
An ninh Mng 55
8/2/2019 NSec 4.0.1 - Symmetric Encryption
6/64
Ph m
L n lc gii m vn bn c m hakhng bit trc kha b mt
C hai phng php ph m
o Vt cno Th tt c cc kha c th
o Thm m
o Khai thc nhng nhc im ca gii thut
o Da trn nhng c trng chung ca nguyn bn hoc mt scp nguyn bn - bn m mu
An ninh Mng 66
8/2/2019 NSec 4.0.1 - Symmetric Encryption
7/64
Phng php ph m vt cn
V l thuyt c th th tt c cc gi tr khacho n khi tm thy nguyn bn t bn m
Da trn gi thit c th nhn bit c nguyn
bn cn tm Tnh trung bnh cn th mt na tng s cc
trng hp c th
Thc t khng kh khi nu di kha ln
An ninh Mng 77
8/2/2019 NSec 4.0.1 - Symmetric Encryption
8/64
Thi gian tm kim trung bnh
An ninh Mng 88
Kch thckha (bit)
S lng kha Thi gian cn thit
(1 gii m/s)
Thi gian cn thit
(106 gii m/s)
32
56
128
168
26 k t
(hon v)
232 = 4,3 x 109
256 = 7,2 x1016
2128 = 3,4 x1038
2168 = 3,7 x
1050
26! = 4 x 1026
231 s = 35,8 pht
255 s = 1142 nm2127 s = 5,4 x 1024nm
2167 s = 5,9 x 1036nm
2 x 1026 s =
6,4 x 1012nm
2,15 ms
10,01 gi5,4 x 1018 nm
5,9 x 1030 nm
6,4 x 106 nm
Tui v tr : ~ 1010 nmKha DES di 56 bitKha AES di 128+ bit
Kha 3DES di 168 bit
8/2/2019 NSec 4.0.1 - Symmetric Encryption
9/64
Cc k thut thm m
Ch c bn mo Ch bit gii thut m ha v bn m hin c
Bit nguyn bn
o
Bit thm mt s cp nguyn bn - bn m Chn nguyn bn
o Chn 1 nguyn bn, bit bn m tng ng
Chn bn m
o Chn 1 bn m, bit nguyn bn tng ng
Chn vn bn
o Kt hp chn nguyn bn v chn bn m
An ninh Mng 99
8/2/2019 NSec 4.0.1 - Symmetric Encryption
10/64
An ninh h m ha
An ninh v iu kino Bn m khng cha thng tin xc nh duy nht nguyn
bn tng ng, bt k vi s lng bao nhiu v tc mytnh th no
o
Ch h m ha n mt ln l an ninh v iu kin An ninh tnh ton
o Tha mn mt trong hai iu kin
o Chi ph ph m vt qu gi tr thng tin
o Thi gian ph m vt qu tui th thng tin
o Thc t tha mn hai iu kin
o Khng c nhc im
o Kha c qu nhiu gi tr khng th th ht
An ninh Mng 1010
8/2/2019 NSec 4.0.1 - Symmetric Encryption
11/64
M ha thay th c in
Cc ch ci ca nguyn bn c thay th bicc ch ci khc, hoc cc s, hoc cc khiu
Nu nguyn bn c coi nh mt chui bit ththay th cc mu bit trong nguyn bn bng ccmu bit ca bn m
An ninh Mng 1111
8/2/2019 NSec 4.0.1 - Symmetric Encryption
12/64
H m ha Caesar
H m ha thay th xut hin sm nht & n gin nht
S dng u tin bi Julius Caesar vo mc ch quns
Dch chuyn xoay vng theo th t ch ci
o Kha k l s bc dch chuyn
o Vi mi ch ci ca vn bn
o t p = 0 nu ch ci l a, p = 1 nu ch ci l b,...
o
M ha : C = E(p) = (p + k) mod 26o Gii m : p = D(C) = (C - k) mod 26
V d : M ha "meet me after class" vi k = 3
An ninh Mng 1212
8/2/2019 NSec 4.0.1 - Symmetric Encryption
13/64
Ph m h m ha Caesar
Phng php vt cno Kha ch l mt ch ci (hay mt s gia 1 v 25)
o Th tt c 25 kha c th
o D dng thc hin
Ba yu t quan trng
o Bit trc cc gii thut m ha v gii m
o Ch c 25 kha th
o
Bit v c th d dng nhn ra c ngn ng ca nguyn bn V d : Ph m "GCUA VQ DTGCM"
An ninh Mng 1313
8/2/2019 NSec 4.0.1 - Symmetric Encryption
14/64
H m ha n bng
Thay mt ch ci ny bng mt ch ci khc theo trtt bt k sao cho mi ch ci ch c mt thay th duynht v ngc li
Kha di 26 ch ci
V d
o Kha
a b c d e f g h i j k l m n o p q r s t u v w x y z
M N B V C X Z A S D F G H J K L P O I U Y T R E W Qo Nguyn bn
i love you
An ninh Mng 1414
8/2/2019 NSec 4.0.1 - Symmetric Encryption
15/64
Ph m h m ha n bng
Phng php vt cno Kha di 26 k t
o S lng kha c th = 26! = 4 x 1026
o Rt kh thc hin
Khai thc nhng nhc im ca gii thut
o Bit r tn s cc ch ci ting Anh
o C th suy ra cc cp ch ci nguyn bn - ch ci bn m
o
V d : ch ci xut hin nhiu nht c th tng ng vi 'e'o C th nhn ra cc b i v b ba ch ci
o V d b i : 'th', 'an', 'ed'
o V d b ba : 'ing', 'the', 'est'
An ninh Mng 1515
8/2/2019 NSec 4.0.1 - Symmetric Encryption
16/64
Cc tn s ch ci ting Anh
Nguyn i Th An ninh Mng 1616
Tnstngi(%)
8/2/2019 NSec 4.0.1 - Symmetric Encryption
17/64
V d ph m h n bng
Cho bn mUZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZ
VUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSX
EPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
Tnh tn s ch ci tng i on P l e, Z l t
on ZW l th v ZWP l the
Tip tc on v th, cui cng c
it was disclosed yesterday that several informal but
direct contacts have been made with political
representatives of the viet cong in moscow
An ninh Mng 1717
8/2/2019 NSec 4.0.1 - Symmetric Encryption
18/64
H m ha Playfair (1)
H m ha nhiu cho Gim bt tng quan cu trc gia bn m v
nguyn bn bng cch m ha ng thi nhiu chci ca nguyn bn
S dng 1 ma trn ch ci 5x5 xy dng trnc s 1 t kha
o in cc ch ci ca t kha (b cc ch trng)
o in nt ma trn vi cc ch khc ca bng ch cio I v J chim cng mt ca ma trn
An ninh Mng 1818
8/2/2019 NSec 4.0.1 - Symmetric Encryption
19/64
H m ha Playfair (2)
V d ma trn vi t kha MONARCHY M O N A R
C H Y B D
E F G I/J K
L P Q S T U V W X Z
M ha 2 ch ci mt lc
o Nu 2 ch ging nhau, tch ra bi 1 ch in thm
o
Nu 2 ch nm cng hng, thay bi cc ch bn phio Nu 2 ch nm cng ct, thay bi cc ch bn di
o Cc trng hp khc, mi ch ci c thay bi ch ci khc cnghng, trn ct ch ci cng cp
An ninh Mng 1919
8/2/2019 NSec 4.0.1 - Symmetric Encryption
20/64
Ph m h m ha Playfair
An ninh m bo hn nhiu h m ha nch
C 26 x 26 = 676 cp ch ci
o
Vic gii m tng cp kh khn hno Cn phn tch 676 tn s xut hin thay v 26
Tng c qun i Anh, M s dng rng ri
Bn m vn cn lu li nhiu cu trc canguyn bn
Vn c th ph m c v ch c vi trm cpch ci cn gii m
An ninh Mng 2020
8/2/2019 NSec 4.0.1 - Symmetric Encryption
21/64
H m ha Vigenre
L mt h m ha a bng
o S dng nhiu bng m ha
o Kha gip chn bng tng ng vi mi ch ci
Kt hp 26 h Ceasar (bc dch chuyn 0 - 25)
o Kha K = k1k2...kd gm d ch ci s dng lp i lp li vi cc chci ca vn bn
o Ch ci th i tng ng vi h Ceasar bc chuyn i
V d
o Kha : deceptivedeceptivedeceptive
o Nguyn bn : wearediscoveredsaveyourself
o Bn m : ZICVTWQNGRZGVTWAVZHCQYGLMGJ
An ninh Mng 2121
8/2/2019 NSec 4.0.1 - Symmetric Encryption
22/64
Ph m h m ha Vigenre
Phng php vt cn
o Kh thc hin, nht l nu kha gm nhiu ch ci
Khai thc nhng nhc im ca gii thut
o Cu trc ca nguyn bn c che y tt hn h Playfair
nhng khng hon ton bin mto Ch vic tm di kha sau ph m tng h Ceasar
o Cch tm di kha
o Nu di kha nh so vi di vn bn, c th pht hin 1 dy vnbn lp li nhiu ln
o Khong cch gia 2 dy vn bn lp l 1 bi s ca di kha
o T suy ra di kha
An ninh Mng 2222
8/2/2019 NSec 4.0.1 - Symmetric Encryption
23/64
H m ha kha t ng
Vigenre xut t kha khng lp li m c gnvo u nguyn bn
o Nu bit t kha s gii m c cc ch ci u tin
o S dng cc ch ci ny lm kha gii m cc ch cc tip
theo,...
V d :
o Kha : deceptivewearediscoveredsav
o nguyn bn : wearediscoveredsaveyourself
o M ha : ZICVTWQNGKZEIIGASXSTSLVVWLA
Vn c th s dng k thut thng k ph m
o Kha v nguyn bn c cng tn s cc ch ci
An ninh Mng 2323
8/2/2019 NSec 4.0.1 - Symmetric Encryption
24/64
n mt ln
L h m ha thay th khng th ph c
xut bi Joseph Mauborgne
Kha ngu nhin, di bng di vn bn, ch sdng mt ln
Gia nguyn bn v bn m khng c bt k quan hno v thng k
Vi bt k nguyn bn v bn m no cng tn ti mt
kha tng ng Kh khn vic to kha v m bo phn phi kha
an ninh
An ninh Mng 2424
8/2/2019 NSec 4.0.1 - Symmetric Encryption
25/64
M ha hon v c in
Che y ni dung vn bn bng cch sp xpli trt t cc ch ci
Khng thay i cc ch ci ca nguyn bn
Bn m c tn s xut hin cc ch ci gingnh nguyn bn
An ninh Mng 2525
8/2/2019 NSec 4.0.1 - Symmetric Encryption
26/64
H m ha hng ro
Vit cc ch ci theo ng cho trn mt shng nht nh
Sau c theo tng hng mt
V do Nguyn bn : attack at midnight
o M ha vi cao hng ro l 2
o
a t c a m d i ho t a k t i n g t
o Bn m : ATCAMDIHTAKTINGT
An ninh Mng 2626
H h h
8/2/2019 NSec 4.0.1 - Symmetric Encryption
27/64
H m ha hng
Vit cc ch ci theo hng vo 1 s ct nht nh
Sau hon v cc ct trc khi c theo ct
Kha l th t c cc ct
V d
o Kha : 4 3 1 2 5 6 7
o Nguyn bn : a t t a c k p
o s t p o n e
d u n t i l t
w o a m x y z
o Bn m :
TTNAAPTMTSUOAODWCOIXKNLYPETZ
An ninh Mng 2727
8/2/2019 NSec 4.0.1 - Symmetric Encryption
28/64
M ha tch hp
Cc h m ha thay th v hon v khng anton v nhng c im ca ngn ng
Kt hp s dng nhiu h m ha s khin vic
ph m kh hno Hai thay th to nn mt thay th phc tp hn
o Hai hon v to nn mt hon v phc tp hn
o Mt thay th vi mt hon v to nn mt h m ha
phc tp hn nhiu
L cu ni t cc h m ha c in n cc hm ha hin i
An ninh Mng 2828
8/2/2019 NSec 4.0.1 - Symmetric Encryption
29/64
M ha khi
So vi m ha lungo M ha khi x l thng bo theo tng khi
o M ha lung x l thng bo 1 bit hoc 1 byte mi ln
Ging nh thay th cc k t rt ln ( 64 bit)
o Bng m ha gm 2n u vo (n l di khi)
o Mi khi u vo ng vi mt khi m ha duy nht
o Tnh thun nghch
o di kha l n x 2n bit qu ln
Xy dng t cc khi nh hn
Hu ht cc h m ha khi i xng da trn cu trc h m haFeistel
An ninh Mng 2929
8/2/2019 NSec 4.0.1 - Symmetric Encryption
30/64
Mng S-P
Mng thay th (S) - hon v (P) xut bi Claude Shannon vonm 1949
L c s ca cc h m ha khi hin i
Da trn 2 php m ha c in
o Php thay th : Hp S
o Php hon v : Hp P
an xen cc chc nng
o Khuch tn : Hp P (kt hp vi hp S)
o Pht ta cu trc thng k ca nguyn bn khp bn m
o Gy ln : Hp S
o Lm phc tp ha mi quan h gia bn m v kha
An ninh Mng 3030
8/2/2019 NSec 4.0.1 - Symmetric Encryption
31/64
Hp S
An ninh Mng 3131
0
1
2
3
4
5
6
7
u vo
3 bit
0
1
0
0
1
2
3
45
6
7
1
1
0
u ra
3 bit
Lu : Hp S c tnh thun nghch
8/2/2019 NSec 4.0.1 - Symmetric Encryption
32/64
Hp P
An ninh Mng 3232
Lu : Hp P c tnh thun nghch
u vo
4 bit
1
1
0
1
1
0
1
1
1
1
0
1
10
1
1
8/2/2019 NSec 4.0.1 - Symmetric Encryption
33/64
M ha Feistel
xut bi Horst Feistel da trn khi nim hm ha tch hp thun nghch ca Shannon
Phn mi khi di 2w bit thnh 2 na L0 v R0
X l qua n vng Chia kha K thnh n kha con K1, K2,..., Kn
Ti mi vng i
o Thc hin thay th na bn tri Li-1 bng cchXOR n vi F(Ki, Ri-1)
o F thng gi l hm chuyn i hay hm vng
o Hon v hai na Li v RiAn ninh Mng 3333
8/2/2019 NSec 4.0.1 - Symmetric Encryption
34/64
An ninh Mng 3434
Nguyn bn (2w bit)
w bit w bitL0 R0
Vng 1
K1
L1 R1
F+
Kn
Ln Rn
F+Vng n
. . .. . .
Ln+1 Rn+1
Bn m (2w bit)
8/2/2019 NSec 4.0.1 - Symmetric Encryption
35/64
Cc c trng h Feistel
di khio Khi cng ln cng an ninh (thng 64 bit)
di kha
o Kha cng di cng an ninh (thng 128 bit)
S vng
o Cng nhiu vng cng an ninh (thng 16 vng)
Gii thut sinh m con
o Cng phc tp cng kh ph m
Hm vng
o Cng phc tp cng kh ph m
nh hng n ci t v phn tch
An ninh Mng 3535
8/2/2019 NSec 4.0.1 - Symmetric Encryption
36/64
Gii m Feistel
Ging gii thut m ha, ch khco Bn m l d liu u vo
o Cc kha con c dng theo th t ngc li
Ti mi vng kt qu u ra chnh l cc d liuu vo ca qu trnh m ha
o i vi qu trnh m ha
o Li = Ri-1
o Ri = Li-1 F(Ri-1, Ki)
o i vi qu trnh gii m
o Ri-1 = Li
o
Li-1 = Ri F(Li, Ki) An ninh Mng 3636
Chun m ha d liu
8/2/2019 NSec 4.0.1 - Symmetric Encryption
37/64
Chun m ha d liu
DES (Data Encryption Standard) c cng nhnchun nm 1977
Phng thc m ha c s dng rng ri nht
Tn gii thut l DEA (Data Encryption Algorithm)
L mt bin th ca h m ha Feistel, b xung thmcc hon v u v cui
Kch thc khi : 64 bit
Kch thc kha : 56 bit
S vng : 16
Tng gy nhiu tranh ci v an ninh
An ninh Mng 3737
8/2/2019 NSec 4.0.1 - Symmetric Encryption
38/64
Gii thut m ha DES
An ninh Mng 3838
Nguyn bn (64 bit)
giao hon thun
vng 1K1
vng 2 K2
vng nKn
giao hon nghch
Bn m (64 bit)
hon i 32 bit
Kha 56 bit
. . .
giao hon
dch vng trigiao hon
dch vng trigiao hon
dch vng trigiao hon
. . .
8/2/2019 NSec 4.0.1 - Symmetric Encryption
39/64
Mt vng DES
3939
Li-
1m rng g/hon
hp S
giao hon
Ri-1
x Ki
xLi Ri
--- 48 bit
--- 48 bit
--- 32 bit
--- 32 bit
Ph DES
8/2/2019 NSec 4.0.1 - Symmetric Encryption
40/64
Ph m DES
Kha 56 bit c 256 = 7,2 x 1016 gi tr c th Phng php vt cn t ra khng thc t
Tc tnh ton cao c th ph c kha
o
1997 : 70000 my tnh ph m DES trong 96 ngyo 1998 : Electronic Frontier Foundation (EFF) ph m DES bng
my chuyn dng (250000$) trong < 3 ngy
o 1999 : 100000 my tnh ph m trong 22 gi
Vn cn phi nhn bit c nguyn bn Thc t DES vn c s dng khng c vn
Nu cn an ninh hn : 3DES hay chun mi AES
An ninh Mng 4040
H h 3DES
8/2/2019 NSec 4.0.1 - Symmetric Encryption
41/64
H m ha 3DES
S dng 3 kha v chy 3 ln gii thut DESo M ha : C = EK3[DK2[EK1[p]]]
o Gii m : p = DK1[EK2[DK3[C]]]
di kha thc t l 168 bit
o Khng tn ti K4 = 56 sao cho C = EK4(p)
V sao 3 ln : trnh tn cng "gp nhau gia"
o C = EK2(EK1(p)) X = EK1(p) = DK2(C)
o Nu bit mt cp (p, C)o M ha p vi 256 kha v gii m C vi 256 kha
o So snh tm ra K1 v K2 tng ng
o Kim tra li vi 1 cp (p, C) mi; nu OK th K1 v K2 l kha
An ninh Mng 4141
Ch h ti ti
8/2/2019 NSec 4.0.1 - Symmetric Encryption
42/64
Chun m ha tin tin
AES (Advanced Encryption Standard) c cng nhnchun mi nm 2001
Tn gii thut l Rijndael (Rijmen + Daemen)
An ninh hn v nhanh hn 3DES
Kch thc khi : 128 bit
Kch thc kha : 128/192/256 bit
S vng : 10/12/14
Cu trc mng S-P, nhng khng theo h Feistel
o Khng chia mi khi lm i
An ninh Mng 4242
C h h khi kh (1)
8/2/2019 NSec 4.0.1 - Symmetric Encryption
43/64
Cc h m ha khi khc (1)
IDEA (International Data Encryption Algorithm)
o Khi 64 bit, kha 128 bit, 8 vng
o Theo cu trc mng S-P, nhng khng theo h Feistel
o Mi khi chia lm 4
o
Rt an ninho Bn quyn bi Ascom nhng dng min ph
Blowfish
o Khi 64 bit, kha 32-448 bit (ngm nh 128 bit), 16 vng
o Theo cu trc h Feistelo An ninh, kh nhanh v gn nh
o T do s dng
An ninh Mng 4343
C h h khi kh (2)
8/2/2019 NSec 4.0.1 - Symmetric Encryption
44/64
Cc h m ha khi khc (2)
RC5o Pht trin bi Ron Rivest
o Khi 32/64/128 bit, kha 0-2040 bit, 0-255 vng
o n gin, thch hp cc b x l c rng khc nhau
o
Theo cu trc h Feistel
CAST-128
o Pht trin bi Carlisle Adams v Stafford Tavares
o Khi 64 bit, kha 40-128 bit, 12/16 vng
o C 3 loi hm vng dng xen k
o Theo cu trc h Feistel
o Bn quyn bi Entrust nhng dng min ph
An ninh Mng 4444
Cc phng thc m ha khi
8/2/2019 NSec 4.0.1 - Symmetric Encryption
45/64
Cc phng thc m ha khi
ECB (Electronic Codebook)o M ha tng khi ring r
CBC (Cipher Block Chaining)
o Khi nguyn bn hin thi c XOR vi khi bn m trc
CFB (Cipher Feedback)o M phng m ha lung (n v s bit)
o s bit m ha trc c a vo thanh ghi u vo hin thi
OFB (Output Feeback)
o s bit tri u ra trc c a vo thanh ghi u vo hin thi
CTR (Counter)
o XOR mi khi nguyn bn vi 1 gi tr thanh m m ha
An ninh Mng 4545
Ph th ECB
8/2/2019 NSec 4.0.1 - Symmetric Encryption
46/64
Phng thc ECB
An ninh Mng 4646
M ha
p1
C1
K M ha
p2
C2
K M ha
pN
CN
K...
M ha
Gii m
C1
p1
K Gii m
C2
p2
K Gii m
CN
pN
K...
Gii m
h i ECB
8/2/2019 NSec 4.0.1 - Symmetric Encryption
47/64
nh gi ECB
Nhng khi lp li trong nguyn bn c th thyc trong bn m
Nu thng bo di, c th
o
Gip phn tch ph mo To c hi thay th hoc b tr li cc khi
Nhc im do cc khi c m ha c lp
Ch yu dng gi thng bo c t khio V d gi kha
An ninh Mng 4747
Ph th CBC
8/2/2019 NSec 4.0.1 - Symmetric Encryption
48/64
Phng thc CBC
An ninh Mng 4848
M ha
p1
C1
K M ha
C2
K M ha
CN
K...
M ha
Gii m
C1
p1
K Gii m
C2
p2
K Gii m
CN
pN
K
...
Gii m
p2 pNIV
CN-1
CN-1IV
h i CBC
8/2/2019 NSec 4.0.1 - Symmetric Encryption
49/64
nh gi CBC
Mi khi m ha ph thuc vo tt c cc khi nguyn bn trc
o S lp li cc khi nguyn bn khng th hin trong bn m ha
o Thay i trong mi khi nguyn bn nh hng n tt c cc khibn m v sau
Cn 1 gi tr u IV bn gi v bn nhn u bito Cn c m ha ging kha
o Nn khc nhau i vi cc thng bo khc nhau
Cn x l c bit khi nguyn bn khng y cui cng
Dng m ha d liu ln, xc thc
An ninh Mng 4949
M ha CFB
8/2/2019 NSec 4.0.1 - Symmetric Encryption
50/64
M ha CFB
An ninh Mng 5050
Thanh ghi dch64-s bit | s bit
M ha
Chns bit
B i64-s bit
p1
K
64
64
ss
C1
IV
Thanh ghi dch64-s bit | s bit
M ha
Chns bit
B i64-s bit
p2
K
64
64
ss
C2
Thanh ghi dch64-s bit | s bit
M ha
Chns bit
B i64-s bit
pM
K
64
64
ss
CM
...
s
CM-1
Gii m CFB
8/2/2019 NSec 4.0.1 - Symmetric Encryption
51/64
Gii m CFB
An ninh Mng 5151
Thanh ghi dch64-s bit | s bit
M ha
Chns bit
B i64-s bit
p1
K
64
64
s
s
IV
Thanh ghi dch64-s bit | s bit
M ha
Chns bit
B i64-s bit
p2
K
64
64
s s
C2
Thanh ghi dch64-s bit | s bit
M ha
Chns bit
B i64-s bit
pM
K
64
64
ss
CM
...
s
CM-1
C1
nh gi CFB
8/2/2019 NSec 4.0.1 - Symmetric Encryption
52/64
nh gi CFB
Thch hp khi d liu nhn c theo tng nv bit hay byte
Khng cn n thng bo lm trn khi
Cho php s lng bit bt ko K hiu CFB-1, CFB-8, CFB-64,...
L phng thc lung ph bin nht
Dng gii thut m ha ngay c khi gii m Li xy ra khi truyn 1 khi m ha s lan rng
sang cc khi tip sau
An ninh Mng 5252
M ha OFB
8/2/2019 NSec 4.0.1 - Symmetric Encryption
53/64
M ha OFB
An ninh Mng 5353
Thanh ghi dch64-s bit | s bit
M ha
Chns bit
B i64-s bit
p1
K
64
64
s
s
C1
IV
Thanh ghi dch64-s bit | s bit
M ha
Chns bit
B i64-s bit
K
64
64
Thanh ghi dch64-s bit | s bit
M ha
Chns bit
B i64-s bit
K
64
64...
s
OM-1
p2 s
s
C2
pM s
s
CM
Gii m OFB
8/2/2019 NSec 4.0.1 - Symmetric Encryption
54/64
Gii m OFB
An ninh Mng 5454
Thanh ghi dch64-s bit | s bit
M ha
Chns bit
B i64-s bit
p1
K
64
64
s
s
IV
Thanh ghi dch64-s bit | s bit
M ha
Chns bit
B i64-s bit
K
64
64
Thanh ghi dch64-s bit | s bit
M ha
Chns bit
B i64-s bit
K
64
64...
s
OM-1
C1
p2
sC2
pM
sCM
nh gi OFB
8/2/2019 NSec 4.0.1 - Symmetric Encryption
55/64
nh gi OFB
Tng t CFB ch khc l phn hi ly t ura gii thut m ha, c lp vi thng bo
Khng bao gi s dng li cng kha v IV
Li truyn 1 khi m ha khng nh hng ncc khi khc
Thng bo d b sa i ni dung
Ch nn dng OFB-64 C th tit kim thi gian bng cch thc hin
gii thut m ha trc khi nhn c d liu
An ninh Mng 5555
Phng thc CTR
8/2/2019 NSec 4.0.1 - Symmetric Encryption
56/64
Phng thc CTR
An ninh Mng 5656
M ha
M ha
Bin m
p1
K M ha
Bin m + 1
p2
K M ha
Bin m + N - 1
pN
K...
Gii m
C1 C2 CN
M ha
Bin m
C1
K M ha
Bin m + 1
C2
K M ha
Bin m + N - 1
CN
K...p1 p2 pN
nh gi CTR
8/2/2019 NSec 4.0.1 - Symmetric Encryption
57/64
nh gi CTR
Hiu qu caoo C th thc hin m ha (hoc gii m) song song
o C th thc hin gii thut m ha trc nu cn
C th x l bt k khi no trc cc khikhc
An ninh khng km g cc phng thc khc
n gin, ch cn ci t gii thut m ha,khng cn n gii thut gii m
Khng bao gi s dng li cng gi tr kha vbin m (tng t OFB)
An ninh Mng 5757
B tr cng c m ha
8/2/2019 NSec 4.0.1 - Symmetric Encryption
58/64
B tr cng c m ha
Gii php hu hiu v ph bin nht chng licc mi e da n an ninh mng l m ha
thc hin m ha, cn xc nh
o
M ha nhng go Thc hin m ha u
C 2 phng n c bn
o
M ha lin kto M ha u cui
An ninh Mng 5858
M ha lin kt
8/2/2019 NSec 4.0.1 - Symmetric Encryption
59/64
M ha lin kt
Cng c m ha c sp t 2 u ca mi lin ktc nguy c b tn cng
m bo an ninh vic lu chuyn thng tin trn tt ccc lin kt mng
Cc mng ln cn n rt nhiu cng c m ha
Cn cung cp rt nhiu kha
Nguy c b tn cng ti mi chuyn mch
o
Cc gi tin cn c m ha mi khi i vo mt chuyn mchgi c c a ch phn u
Thc hin tng vt l hoc tng lin kt
An ninh Mng 5959
M ha u cui
8/2/2019 NSec 4.0.1 - Symmetric Encryption
60/64
M ha u cui
Qu trnh m ha c thc hin 2 h thngu cui
m bo an ninh d liu ngi dng
Ch cn mt kha cho 2 u cui m bo xc thc mc nht nh
Mu lu chuyn thng tin khng c bo v
o Cc phn u gi tin cn c truyn ti tng minh
Thc hin tng mng tr ln
o Cng ln cao cng t thng tin cn m ha v cngan ninh nhng cng phc tp vi nhiu thc th vkha An ninh Mng 6060
Kt hp cc phng n m ha
8/2/2019 NSec 4.0.1 - Symmetric Encryption
61/64
Kt hp cc phng n m ha
An ninh Mng 6161
PSN : Packet-switching nodeCng c m ha u cui
Cng c m ha lin kt
Qun l kha b mt
8/2/2019 NSec 4.0.1 - Symmetric Encryption
62/64
Qun l kha b mt
Vn i vi m ha i xng l lm saophn phi kha an ninh n cc bn truyn tin
o Thng h thng mt an ninh l do khng qun ltt vic phn phi kha b mt
Phn cp kha
o Kha phin (tm thi)
o Dng m ha d liu trong mt phin kt ni
o
Hy b khi ht phin
o Kha ch (lu di)
o Dng m ha cc kha phin, m bo phn phi chngmt cch an ninh
An ninh Mng 6262
Cc cch phn phi kha
8/2/2019 NSec 4.0.1 - Symmetric Encryption
63/64
Cc cch phn phi kha
Kha c th c chn bi bn A v gi theong vt l n bn B
Kha c th c chn bi mt bn th ba, sau gi theo ng vt l n A v B
Nu A v B c mt kha dng chung th mtbn c th gi kha mi n bn kia, s dngkha c m ha kha mi
Nu mi bn A v B u c mt knh m han mt bn th ba C th C c th gi khatheo cc knh m ha n A v B
An ninh Mng 6363
Phn phi kha t ng
8/2/2019 NSec 4.0.1 - Symmetric Encryption
64/64
Phn phi kha t ng
1.
Host gi gi tin yu cu kt ni2. FEP m gi tin; hi KDC kha phin3. KDC phn phi kha phin n 2 host4. Gi tin m c truyn i
FEP = Front End Processor
KDC = Key Distribution Center