Upload
dao-le-tung
View
54
Download
5
Embed Size (px)
DESCRIPTION
Tiểu luận kỹ thuật mã hóa PGP
Citation preview
I HC NNG
TRNG I HC BCH KHOA
KHOA CNG NGH THNG TIN Tel. (84-511) 736 949, Website: itf.ud.edu.vn, E-mail: [email protected]
BO CO TIU LUN MN HC
AN TON V BO MT MNG
NGNH KHOA HC MY TNH
TI :
K THUT M HA PGP
Nhm HV: 1. Trn Tn Phc
2. o L Tng
Lp Cao hc KHMT Kha 28 (2013 2015)
NNG, 12/2014
mailto:itf.ud.edu.vn
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 1
MC LC
LI NI U ..................................................................................................... 3
Chng 1. CC KHI NIM C BN ........................................................... 4
1. Gii thiu ................................................................................................. 4
2. K thut m ha ..................................................................................... 4
2.1. Khi nim h m ha .......................................................................... 4
2.2. H m ha kha i xng................................................................... 5
2.3. H m ha kha bt i xng (h m ha kha cng khai) ............... 5
2.4. Ch k s ............................................................................................ 6
2.5. Hm bm ............................................................................................ 7
Chng 2. TM HIU K THUT M HA PGP ....................................... 8
1. Gii thiu v h m ha PGP ................................................................. 8
2. Cc thut ton s dng trong PGP ....................................................... 8
2.1. M ha i xng ................................................................................. 8
2.2. M ha bt i xng ......................................................................... 10
2.3. Hm Hash ......................................................................................... 11
Chng 3. QUY TRNH THC HIN M HA ......................................... 13
1. M ha ................................................................................................... 13
1.1. Chun b file ..................................................................................... 13
1.2. Ch k s .......................................................................................... 14
1.3. Nn ................................................................................................... 14
1.4. M ha .............................................................................................. 14
1.5. Tnh tng thch Email .................................................................... 14
2. Gii m ................................................................................................... 15
3. Kha ....................................................................................................... 15
3.1. Kha cng khai ................................................................................. 16
3.2. Kha b mt ...................................................................................... 16
4. Ch k s ............................................................................................... 17
5. Nn.......................................................................................................... 19
6. M ha v gii m thng ip ............................................................. 19
Chng 4. H THNG MINH HA .............................................................. 22
1. Chun b ................................................................................................ 22
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 2
2. Qun l kha ......................................................................................... 22
2.1. To kha ........................................................................................... 22
2.2. Chng ch thu hi ............................................................................. 24
2.3. To kha b mt v kha cng khai.................................................. 27
2.4. Nhp kha cng khai v upload ln my ch .................................. 31
3. M ha v gii m ................................................................................. 34
3.1. M ha .............................................................................................. 34
3.2. Gii m ............................................................................................. 36
4. To ch k in t ................................................................................ 36
KT LUN ........................................................................................................ 38
TI LIU THAM KHO ................................................................................ 39
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 3
LI NI U
Vi s pht trin mnh m ca mng my tnh c bit l s ra i ca
mng ton cu (Internet), n gip cho mi ngi khp trn th gii c th trao
i thng tin v lin lc vi nhau mt cch chnh xc, d dng trong mt thi gian
ngn nht.
Trong mi trng mng, mt lng tin hay mt khi d liu khi c gi i
t ngi gi n ngi nhn thng phi qua nhiu nt, nhiu trm vi nhiu
ngi s dng khc nhau, khng ai dm bo m rng thng tin n ngi nhn
khng b sao chp, khng b nh cp hay khng b xuyn tc
Chng ta nghe nhiu v my tnh v nhng mi e do t Internet i vi
s ring t ca chng ta, hay nhng k nh cp mt khu, nhng k sn tin
chuyn nghip, nhng k quy nhiu, chng s khng bao gi bung tha chng
ta.
Chnh bi l do ny m vn an ton d liu trn mng ni ring v an ton
d liu ni chung l mt trong nhng vn ang c quan tm hng u khi
nghin cu n truyn d liu trn mng. Vic xut ra cc h mt m ha
d liu trc khi truyn hoc trc khi lu l mt trong nhng cng vic cp bch,
khi d liu c m ha th k tn cng d c ly c d liu th chng
cng kh c kh nng gii m. c bit l vi mt h thng m ha c nh
gi kh nng bo mt cc k cao l h m ha PGP.
Chnh v nhng l do trn nhm chng em chn ti: K thut m
ha PGP c th o su nghin cu v cch thc hot ng, cc thut ton s
dng trong n, ng dng thc tin cng nh vic xy dng v ci t h thng
minh ha.
Do trnh chuyn mn cha nhiu nn khng th trnh khi nhng thiu
st. V vy em rt mong nhn c s gp ca cc thy v cc bn nhm
chng em c th hon thin tt hn ti ny.
Cui cng em xin chn thnh cm n TS. Nguyn Tn Khi tn tnh
gip nhm chng em hon thnh ti ny.
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 4
Chng 1. CC KHI NIM C BN
1. Gii thiu
Gii thiu v cc phng php bo v thng tin truyn thng:
Xy dng h thng cc bc tng la.
p dng cc phng php xc thc.
Thit lp mng ring o, cc h thng cnh bo truy cp tri php
Da vo cc c ch an ton bo mt trn, chng ta khng c cch no m
bo an ton (tnh b mt, ton vn v xc thc) ca thng tin gia hai i tng
bt k (v khng c cch tng qut no xc nh tin cy gia chng trc
khi truyn thng).
Phn di y s cp n mt s phng php bo v thng tin bng
mt m (cryptography). Phng php ny c xem nh l mt phng php b
sung bo v thng tin cho h thng hin thi.
2. K thut m ha
2.1. Khi nim h m ha
M ha d liu l c ch chuyn i d liu sang mt nh dng khc khng
th c c, c th ngn cn nhng truy cp bt hp php khi d liu trao i
trong mi trng mng khng an ton. V nhng ngi tham gia lin lc hiu
c ni dung ca nhau th ngoi thut ton m ha d liu, h phi thng nht
vi nhau v kha m ha v gii m.
Theo quan im ton hc, h m ha c nh ngha l mt b nm (P, C,
K, E, D) trong :
P l tp hu hn cc bn r c th.
C l tp hu hn cc bn m c th.K l tp hu hn cc kha c th.
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 5
E l tp cc hm lp m.
D l tp cc hm gii m.
Vi mi , c mt hm lp m , : v mt hm gii m
, : sao cho (()) = , .
2.2. H m ha kha i xng
H m ha kha i xng hay l h m ha m kha m ha c th d tnh
ton c t kha gii m v ngc li. Trong nhiu trng hp, kha m ha v
kha gii m l ging nhau. Thut ton ny yu cu ngi gi v ngi nhn phi
tha thun trc mt kha khi thng bo c gi i, v kha ny phi c tuyt
i gi b mt gia 2 ngi. H m ha ny cn c gi l h m ha kha b
mt.
M hnh m ha s dng kha i xng c m t nh sau:
Hnh 1. M hnh m ha kha i xng
2.3. H m ha kha bt i xng (h m ha kha cng khai)
H m ha kha cng khai hay cn c gi l h m ha bt i xng s
dng mt cp kha, kha m ha cn gi l kha cng khai (public key) v kha
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 6
gii m c gi l kha b mt hay kha ring (private key). Trong h mt ny,
kha m ha khc vi kha gii m. Ch s hu gi kha ring v cho cng khai
kha m ha (public key). Bt c ai cng c th s dng kha cng khai (public
key) m ha thng ip v gi i, nhng ch c ngi s hu kha ring
(private key) mi c th gii m c. V cp kha ny khng th suy ra nhau,
tc l nu c kha cng khai th cng khng c cch no c th suy ra c
kha ring.
M hnh s dng kha bt i xng c m t trong hnh sau:
Hnh 2. M hnh m ha kha bt i xng
2.4. Ch k s
Qu trnh m ha thng ip vi kha ring ca ngi gi gi l qu trnh
k s.
S ch k l mt b nm (P, A, K, S, V), trong :
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 7
P l mt tp hu hn cc vn bn c th
A l mt tp hu hn cc ch k c th
K l mt tp hu hn cc kha c th
S l tp cc thut ton k
V l tp cc thut ton kim th
Vi mi , c mt thut ton ,
: v mt thut ton kim th ,
: {, }, tha mn iu kin sau y
, :
(, ) = {, = ()
, ()
2.5. Hm bm
Hm bm c hiu l cc thut ton khng m ha ( y ta dng thut
ng bm thay cho m ha), n c nhim v bm thng ip c a vo
theo mt thut ton mt chiu no , ri a ra mt bn bm vn bn i din
c kch thc c nh. Gi tr ca hm bm l duy nht v kh c th suy ngc
li ni dung thng ip t gi tr bm ny. Hm bm mt chiu h c hai c tnh
quan trng sau:
Vi thng ip u vo x thu c bn bm z = h(x) l duy nht.
Nu d liu trong thng ip x thay i hay b xa ha thnh thng ip
x th () ().
Hm bm ng dng trong vic to v kim tra tnh ton vn ca ch k s.
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 8
Chng 2. TM HIU K THUT M HA PGP
1. Gii thiu v h m ha PGP
PGP (Pretty Good Privacy) l mt phn mm my tnh dng m ha d
liu v xc thc. PGP c cng b u tin bi Philip R. Zimmermann nm 1991
trong thi gian ang lm vic ti PKWARE. K t , phn mm ny c nhiu
ci tin v hin nay tp on PGP cung cp nhiu phn mm da trn nn tng
ny. Vi mc tiu ban u l phc v cho m ha th in t, PGP hin nay
tr thnh mt gii php m ha cho cc cng ty ln, chnh ph v c nhn. Cc
phn mm da trn PGP c dng m ha v bo v thng tin lu tr trn
my tnh xch tay, my tnh bn, my ch v trong qu trnh trao i thng qua
email, IM hoc chuyn file. Giao thc hot ng ca h thng ny c nh hng
ln v tr thnh mt trong hai tiu chun m ha (tiu chun cn li l S/MIME).
PGP thng c s dng cho ch k in t, m ha v gii m text,
email, tp tin, th mc, cc phn vng ca a cng hay tng tnh bo mt trong
vic truyn ti email.
2. Cc thut ton s dng trong PGP
2.1. M ha i xng
2.1.1. IDEA
IDEA ra i t nhng nm 1991 c tn IPES (Improved Proposed Encyption
Standard). n nm 1992 c i tn thnh International Data Encrytion
Algorithm. Tc gi l Xuejia Lai v James Massey. Thit k loi m ny da trn
php cng modulo 2(OR), php cng modulo 216 v php nhn modulo 216+1 (s
nguyn t 65537). Loi m ny rt nhanh v phn mm (mi chp x l ca my
tnh c nhn c th thc hin php nhn bng mt lnh n). IDEA c cp bng
sng ch v bng ny do cng ty Ascom Tech AG ca Thu s cp. n nay
cha c cuc tn cng no cho php hu c hon ton thut ton IDEA. Do
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 9
y l mt thut ton c an ton cao. IDEA l loi m khi s dng mt Cha
kha 128 bit m ha d liu trong nhng khi 64 bt vi 8 vng lp. Mi ln
lp IDEA s dng 3 php ton khc nhau, mi php ton thao tc trn hai u vo
16 bt sn sinh mt u ra 16 bt n. Ba php ton l:
1. Php XOR theo bt.
2. Php cng modulo 216 vi u vo v u ra l nhng s nguyn khng
du 16 bt. Hm ny ly hai s nguyn 16 bit lm du vo v sn sinh
mt tng 16 bt; nu b trn sang bt th 17, th bit ny b vt b.
Php nhn s nguyn theo modulo 216+1. vi u vo v u ra l nhng s
nguyn 16 bt. Tr trng hp c khi u l 0 th c xem nh 216.
2.1.2. 3DES
Thut ton DES (Data Encryption Standard) c chnh ph M to ra nm
1977 (NIST v NSA) da trn cc cng vic m IBM lm. DES thuc loi m
khi 64 bits vi kho di 64 bits. Thut ton DES u tin c nghin cu
trong thi gian di.
Thut ton 3DES ci thin mnh ca thut ton DES bng vic s dng
mt qu trnh m ha v gii m s dng 3 kha. Cc chuyn gia xc nh rng
3DES rt an ton. Nhc im ca n l chm hn mt cch ng k so vi cc
thut ton khc. Bn thn DES chm do dng cc php hon v bit. L do duy
nht dng 3DES l n c nghin cu rt k lng.
2.1.3. AES
AES (Advanced Encryption Standard) c da trn mt nguyn tc thit
k c bit n nh l mt mng hon v thay th. l nhanh chng c hai
phn mm v phn cng. Khng ging nh thut ton tin nhim ca n, DES,
AES khng s dng mng Feistel. AES c kch thc khi l 128 bit v kch
thc kha 128, 192, hoc 256 bit.
http://translate.googleusercontent.com/translate_c?hl=vi&langpair=en%7Cvi&rurl=translate.google.com.vn&twu=1&u=http://en.wikipedia.org/wiki/Substitution-permutation_network&usg=ALkJrhgnJ_vtajf4UpIha-QfI33Pv7_asQhttp://translate.googleusercontent.com/translate_c?hl=vi&langpair=en%7Cvi&rurl=translate.google.com.vn&twu=1&u=http://en.wikipedia.org/wiki/Computer_software&usg=ALkJrhgVKcSTwhYWJ5hqMFLZ7Vrqu8P5Kghttp://translate.googleusercontent.com/translate_c?hl=vi&langpair=en%7Cvi&rurl=translate.google.com.vn&twu=1&u=http://en.wikipedia.org/wiki/Hardware&usg=ALkJrhip-vgL9ANQG1Atl_AZ4uCstklAighttp://translate.googleusercontent.com/translate_c?hl=vi&langpair=en%7Cvi&rurl=translate.google.com.vn&twu=1&u=http://en.wikipedia.org/wiki/Feistel_network&usg=ALkJrhh2mzmzxB8dq1BBhC9RyO_rEaD2fAhttp://translate.googleusercontent.com/translate_c?hl=vi&langpair=en%7Cvi&rurl=translate.google.com.vn&twu=1&u=http://en.wikipedia.org/wiki/Block_size_%28cryptography%29&usg=ALkJrhh88BaY09lA_wJRW9JCWjTFAQnhmwhttp://translate.googleusercontent.com/translate_c?hl=vi&langpair=en%7Cvi&rurl=translate.google.com.vn&twu=1&u=http://en.wikipedia.org/wiki/Bit&usg=ALkJrhiEnoeAOozdQY0pTJPo1x4tQhBbYQhttp://translate.googleusercontent.com/translate_c?hl=vi&langpair=en%7Cvi&rurl=translate.google.com.vn&twu=1&u=http://en.wikipedia.org/wiki/Key_size&usg=ALkJrhhwTFUfVT-Q2P8aFtNldz9CBwiy2Ahttp://translate.googleusercontent.com/translate_c?hl=vi&langpair=en%7Cvi&rurl=translate.google.com.vn&twu=1&u=http://en.wikipedia.org/wiki/Key_size&usg=ALkJrhhwTFUfVT-Q2P8aFtNldz9CBwiy2A
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 10
2.2. M ha bt i xng
2.2.1. RSA
Thut ton RSA c pht minh nm 1978. Thut ton RSA c hai kha:
kha cng khai (hay kha cng cng) v kha b mt (hay kha c nhn). Mi
kha l nhng s c nh s dng trong qu trnh m ha v gii m. Kha cng
khai c cng b rng ri cho mi ngi v c dng m ha. Nhng thng
tin c m ha bng kha cng khai ch c th c gii m bng kha b mt
tng ng. Ni cch khc, mi ngi u c th m ha nhng ch c ngi bit
kha c nhn (b mt) mi c th gii m c.
Thut ton s dng ch m ha khi P, C l mt s nguyn (0, n)
Nhc li: C= EPU (P) : m ha kha PU
P= DPR(EPU (P)) : gii m kha PR (ko cho php tnh c PR
t PU)
- Dng m ha/gii m:
C= Pe mod n
P= cd mod n = Ped mod n
PU = {e, u} -> Public
PR = {d, n} -> Private
- Ngi gi v ngi nhn bit gi tr ca n v e, nhng ch ngi
nhn bit gi tr ca d
- Mc ch: tm cc gi tr e, d, n (chn) tnh P v C
Nhn xt:
- C th tm gi tr ca e, d, n sao cho Ped = P mod n vi P < n
- Khng th xc nh d nu bit e v n
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 11
2.2.2. ElGamal/ Diffie Hellman
Trong PGP thut ton Diffie Hellman c gi l DH v thng c dng
trao i kho v khng c dng k. V nu dng k th ch k s kh
ln. Trong lc , ElGamal c th dng k v bo mt mc d ch k s phi
dng hai s cng kch thc l 1024 bit trong khi RSA ch cn mt con s c
di l 1024 bit. i vi DSA th ch cn 2 con s c di l 160 bit.
2.2.3. DSA
DSA l mt phin bn c bit ca ElGamal. y l phin bn ElGamal cn
mt lng ln cc tnh ton i vi con s c di 1024 bit, mc d cc con s
ch k c chn ra l mt tp con ca 2160 phn t. Cc nh thit k thnh
cng khi to ra mt th tc ch cn 160 bit th hin nhm con ca cc phn t
. iu ny lm cho cc ch k c sinh ra c kch thc kh nh, n ch
cn hai con s c ln l 160 bit thay v phi dng hai s ln c di 1024 bit.
2.3. Hm Hash
Hm hash c nh ngha l mt nh x
H: X-->{0,1}k
Trong X l khng gian cc bn r di tu , {0,1}k l tp cc dy s
0,1 c di K cho trc. Hm Hash c xy dng sao cho tha mn cc tnh
cht c bn sau:
1. Tnh cht mt chiu
2. Hm Hash yu
3. Hm Hash mnh
Hm hash c gi l tho mn tnh cht mt chiu nu cho trc gi tr
hash (gi tr c rt gn) Z th v mt tnh ton khng th tm c gi tr
thng bo x sao cho Z = h(x). Tuy nhin cho trc thng bo x th vic xc nh
Z = h(x) li c thc hin nhanh chng.
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 12
Hm h c gi l c tnh cht yu nu cho trc mt thng bo x th v
mt tnh ton khng th tm c mt thng bo xx (x,x X) sao cho h(x) =
h(x).
Cn hm hash c gi l c tnh cht mnh nu tng thc hnh khng th
tm c 2 thng bo x, xX khc nhau sao cho h(x) = h(x). Cc phin bn trc
PGP s dng hm bm MD5 bm d liu cn hin nay MD5 c thay bng
thut ton SHA.
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 13
Chng 3. QUY TRNH THC HIN M HA
Hai dch v chnh m PGP cung cp cho ngi dng l: m ha v xc thc
thng ip. Khi thit k mt ng dng bo mt email, ngi thit k phi ng
u vi hai vn chnh, trc ht, phi bo mt ng dng bng nhng gii thut
no?
Trong trng hp ca PGP, nhng dch v ca n da vo ba gii thut:
IDEA (m ha kha b mt), RSA (m ha kha cng khai) v MD5 (Hm bm
an ton). Trong phn ny chng ta s nghin cu ton b nhng bc thc hin
ca PGP trong truyn v nn thng ip v nhng thng bo x l thng ip.
Sau chng ta s tm hiu chi tit nhng bc chnh ca qu trnh x l ny.
1. M ha
Hot ng thc t ca PGP gi v nhn thng ip bao gm nm dch
v: ch k s, m ha thng ip trong PGP. Quy trnh thc hin theo cc bc
sau:
Hnh 1. Qu trnh m ha mt thng ip trong PGP
1.1. Chun b file
Mi ln thc hin, PGP ch x l mt file. Nhng file c x l bi PGP
ni chung thng l vn bn. y l dng ph bin nht ca truyn thng email.
Nhng PGP c th chp nhn bt k file no, k c file nh phn, file PICT... Mt
trong nhng dch v tin li do PGP cung cp cho php ngi dng gi file theo
ng email bnh thng.
Bn r K NnM ha
M ha kha phin
nh dng ASCII
Armor
Bn m
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 14
1.2. Ch k s
Khi nhn file u vo, bc u tin ca PGP l to mt ch k s gn
vo file. y ch l mt dch v la chn. Nu ngi gi yu cu ch k s, PGP
s to mt m bm ca file v sau m ha m bm vi RSA s dng cho kha
ring t ngi gi. Kt qu m ha m bm l ch k s cho file ny. Ch k s
bo m file ny l ca ngi gi v file khng b bin dng.
1.3. Nn
Vic nn li s gip tit kim thi gian truyn, khng gian a v quan trng
hn l gip tng cng tnh bo mt ca mt m. Hu ht cc k thut phn tch
m ha c tm thy trong bn r ph mt m. Nn lm gim bt i cc m
hnh ny, qua gip tng cng kh nng chng gii m. Tuy nhin ngi dng
c th la chn dng nn hoc khng.
1.4. M ha
u tin ngi dng s s dng thut ton m ha i xng m ha bn r
bng mt kha chung (cn gi l kha phin). Tip theo ngi dng s s dng
cp kha cng khai b mt c to bi thut ton m ha bt i xng. S dng
kha cng khai trong cp kha cng khai b mt m ha kha phin c to ra
sau qu trnh m ha bn r bng thut ton m ha i xng.
Phn m ha thng ip gi i ca PGP s dng c hai thut ton m ha
i xng v m ha bt i xng tn dng u th ca c hai. Thut ton m
ha bt i xng m bo vic phn phi kha phin trong h thng vi bo
mt cao cn thut ton m ha b mt c u th v tc m ha v gii m
(nhanh hn c 1000 ln).
1.5. Tnh tng thch Email
Nu k, nn hoc m ha c thc hin trn file gc th khi d liu c
sn sinh ra l nhng d liu nh phn. Tuy nhin, nhiu h thng email khng th
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 15
x l vi d liu nh phn m ch c th x l nhng file vn bn. Khc phc hn
ch ny, PGP chuyn i d liu nh phn thnh nhng k t c th in c. PGP
s dng khun dng ASCII armor chuyn i d liu.
2. Gii m
Hnh di m t qu trnh gii m mt thng ip trong PGP. V c bn,
gii m, PGP ch cn thc hin o ngc cc bc ca qu trnh m ha.
Hnh 2. Qu trnh gii m mt thng ip trong PGP
u tin PGP s thc hin vic chuyn file bn m v li dng nh phn
thc hin gii m. Tip theo ngi dng s s dng kha ring t ca mnh trong
cp kha cng khai ring t thc hin vic gii m kha phin. Sau khi c
c kha phin thc hin vic qu trnh gii m bn r. Vic gii nn s c
thc hin khi phc y cc m hnh trong vn bn. Cui cng l vic kim
tra ch k xem vn bn c b sa i hay xm phm trong qu trnh truyn i
hay cha.
3. Kha
Kha l mt gi tr lm vic vi mt thut ton m ha to ra mt bn
m c th. V c bn kha l nhng con s rt ln. Kch thc ca kha c o
bng bit. Trong cc thut ton m ha, kha cng ln th tnh bo mt cng cao.
Tuy nhin kch thc ca cp kha cng khai b mt so vi kha thng
thng l khng h lin quang vi nhau. Nh mt kha thng thng 80 bit c
sc mnh tng ng vi mt kha cng khai 1024 bit. Kch thc kha l quan
Bn mChuyn v file
m ha
Khi phc kha phin
Gii mGii nn
Kim tra ch
kBn r
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 16
trng cho s an ton, nhng cc thut ton c s dng cho tng loi l rt khc
nhau.. V th khng th so snh ch kch thc kha ca cc h mt m vi nhau.
Nn tng nhng thao tc ca PGP l yu cu mi ngi dng c mt cp
kha cng khai b mt cng nh cc bn sao chp cc kha cng khai ca ngi
nhn. Mc d mt cp kha cng khai b mt v mt ton hc l c lin quan
n nhau, n rt kh c th suy ra c mt kha b mt nu nh ch c kha
cng khai. Tuy nhin, vn c th suy ra c kha b mt nu c thi gian v
kh nng tnh ton. iu ny dn n mt vn rt quan trng l lm sao
chn ra c mt kha ng kch c, tc l ln c th m bo an ton v
nh c th p dng mt cch nhanh chng. Ngoi ra bn cng cn phi xem
xt nhng ai c th c gng c cc tp tin ca bn, h c bao nhiu thi gian v
kh nng h c th.
Kha c lu tr dng m ha. PGP lu tr cc kha trong hai tp tin
trn a cng ca bn. Mt cho kha cng cng v mt cho kha b mt. Nhng
tp tin ny c gi l mt vng kha.
3.1. Kha cng khai
PGP thng lu li nhng cha kha cng khai m ngi dng thu c. Cc
kha ny c tp hp v lu li trn vng kha cng khai. Mi mc vng gm
cc phn:
Kha cng khai.
User ID ch nhn ca kha cng khai ny, tn c trng ca ch nhn.
Mt keyID, l nh danh cho kha ny.
Thng tin khc lin quan n tin cy ca kha v ch nhn ca n.
3.2. Kha b mt
s dng PGP, ngi dng cn phi c mt kha b mt. Nu mun ngi dng
c th to nhiu kha b mt. Vng kha b mt cha ng thng tin ca mi kha.
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 17
Kha ring gm 128 bit c sinh ra nh mt passphrase v hm bm MD5.
User ID.
Key ID ca kha cng khai tng ng.
4. Ch k s
Mt ch k s phc v cng mt mc ch nh mt ch k vit tay. Tuy
nhin mt ch k vit tay rt d dng b gi mo. Mt ch k s cao cp hn mt
ch k vit tay l gn nh khng th lm gi, v n l minh chng cho ni dung
ca thng tin cng nh danh tnh ca ngi k.
Ch k s cho ngi nhn thng tin xc minh tnh xc thc ca ngun gc
thng tin, v cng xc nhn rng thng tin cn nguyn vn. Mt ch k s cng
khai rt quan trng trong cung cp chng thc v ton vn d liu.
Cch thc lm vic ca ch k s c m t trong hnh 3.
Hnh 3. Lc k trn mt thng ip PGP
Ngi gi to ra mt thng ip.
1. PGP s dng MD5 bm thng ip to ra mt m bm 128 bit.
2. Ngi gi ly kha b mt trn vng kha s dng.
Ti liu cha
k
To gi tr
bm bng
MD5
Thm ch k
s vo ti
liu
Ch k
To ch k
bng RSA
Kha b mt ca ngi gi
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 18
3. PGP m ha m bm bng RSA s dng cha kha b mt ca ngi gi,
v gn kt qu vo thng ip. Key ID ca kha cng khai ca ngi gi
tng ng gn lin vi ch k.
Hnh 4. Lc kim tra ch k trn mt thng ip
PGP ca ngi nhn
1. PGP ly Key ID c gn trong ch k v s dng n ly kha cng
khai ng t vng kha cng khai.
2. PGP s dng RSA vi kha cng khai ca ngi gi gii m khi phc
m bm.
3. PGP to ra mt m bm mi cho thng ip v so snh n vi m bm gii
m. Nu c hai trng nhau, thng ip c xc thc.
S kt hp ca MD5 v RSA cung cp mt s ch k s hiu qu. Vi sc
mnh ca RSA, ngi nhn chc chn rng ch ngi s hu ring vi kha thch
hp mi c th to ch k. Vi sc mnh ca MD5, ngi nhn chc chn rng
Vng kho
cng khai ca
ngi nhn
Gn key ID
cho ch k
Kha cng khai
ca ngi gi
Gii m ch
k bng RSA
To gi tr
bm bng
MD5
So snh
Thng ip
c k
Ch k
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 19
khng ai khc c th to ra mt thong ip mi m m bm trng vi m bm ca
thng ip gc v v vy khng th trng vi ch k ca thng ip gc.
5. Nn
PGP s mc nh nn thng ip sau khi k nhng trc qu trnh m ha. iu
ny c li cho vic ct gi khng gian va cho truyn thng email va cho lu
tr trn my tnh. PGP s dng gii thut Zip nn thng ip. Thc cht gii
thut Zip tm kim nhng chui k t lp li trong d liu vo v thay th nhng
chui nh vy vi nhng m gn hn.
6. M ha v gii m thng ip
Mt dch v c bn khc ca PGP cung cp l m ha nhng thng ip truyn
i hoc ct gi trn my tnh. Trong c hai trng hp u s dng gii thut m
ha truyn thng IDEA. Nhng phin bn mi nht, PGP s dng thut ton AES
thay v IDEA.
Trong khi cc thut ton m ha lun ch trng vo vn phn phi kha. Th
vi PGP mi kho truyn thng ch c s dng mt ln; vi mi thng ip ch
c mt kha 128 bt ngu nhin c to ra. V ch c s dng mt ln, nn
kho phin c gn vo thng ip v truyn cng vi thng ip. bo v
kho phin, PGP s dng RSA vi kho cng cng ca ngi nhn.
Hnh 5 minh ha vn ny bao gm cc bc sau:
1. PGP ch to mt s 128 bit ngu nhin nh vic bm passphrase ca ngi
gi bng MD5 v s dng n lm kha phin cho thng ip.
2. PGP m ha thng ip s dng kha phin.
3. PGP m ha kha phin vi RSA. S dng kha cng khai ca ngi nhn
c gn vo kha phin m ha.
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 20
Hnh 5. Lc m ha thng ip trong PGP
Hnh 6 m t qu trnh gii m thng ip.
1. PGP ly key ID c gn vo thng ip v s dng n ly kha b mt
ng t vng kha b mt. Mt ngi dng c th c hn mt kha ring.
2. Ngi nhn cung cp mt passphrase. N cho php PGP gii m kha ring
ca ngi nhn.
3. PGP s dng RSA vi kha ring gii m v khi phc kha phin.
4. PGP s dng kha phin gii m thng ip.
Vng kho
cng khai
ca
ngi gi
Dng MD5 bm
passphrasse to cha
kho phin mt ln
128 bt
M ho kho
phin bng
RSA
Thng ip
nn
M ho
thng ip
nn
Kha cng khai
ca ngi nhn
Thng ip
v bn sao
kha phin
m ha
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 21
Hnh 6. Lc gii m thng ip trong PGP
Vng kha b
mt ca ngi
nhn
Thng ip
gii m
nhng vn
b nn.
Gn key ID
cho kho b
mt
Kha phin
v thng
ip m
ho
Gii m
Gii m
kho b mt
Gii m bng
kha b mt
RSA
Passphrase ca
ngi nhn
Kha b mt ca ngi
nhn
Kha phin mt ln
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 22
Chng 4. H THNG MINH HA
1. Chun b
1. Ci t chng trnh qun l kha Gnu4win
2. Ci t chng trnh qun l Mail Mozilla Thunderbird s dng 2 email
chy minh ha:
3. Ci t tin ch m rng h tr m ha mail Enigmail cho chng trnh
Mozilla Thunderbird.
2. Qun l kha
2.1. To kha
Vo Enigmail Qun l kha.
Vo To ra Cp kha mi
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 23
Cc thuc tnh:
- Ti khon/ Tn ngi dng: l ti khon mail ang s dng trn Mozzila
Thunderbird.
- Cm t mt khu (Passphrase): nhp mt khu s dng. m bo an
ton thng tin cho Cm t mt khu cng nh mt khu ng nhp vo
ti khon, Cm t mt khu ny ch cung cp mt ln. Nu nh mt Cm
t mt khu th khng th k message hay gii m ti liu nhn c. Cm
t mt khu phi di, kh. Nu khng mun t cm t mt khu
th c th chn nt Khng c cm t mt khu.
- Kha ht hn: mc nh ca chng trnh l 5 nm. C th thay i n hoc
chn Kha khng c hn.
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 24
- Nng cao: chn kch c kha v kiu m ha. hai thut ton m ha DSA
v RSA cung cp 3 size m ha d liu. Nu gi ti liu trong mt thi
gian ngn th nn s dng 1024bits, v ty theo s nm s dng chn
kch c kha cho hp l. Nu kch c kha cng cao th qu trnh to kha
cng mt nhiu thi gian m ha d liu.
Chn To ra kha
2.2. Chng ch thu hi
2.2.1. To chng ch thu hi
Mc ch: thu hi li kha cp khi khng s dng cp kha na hoc
khi b mt kha b mt.
Vo To ra Chng nhn thu hi t tn v lu chng ch thu hi.
Nhp Passphrase (Cm t mt khu) c to.
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 25
Mt chng ch thu hi s c dng nh sau.
2.2.2. Thu hi kha
Nhy chut phi vo kha Thu hi kha
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 26
Kim tra xem kha b thu hi hay cha. V d s dng email
[email protected] kim tra xem th kha b mt ca email
[email protected] b thu hi hay cha.
Vo my phc v kha Tm kim kha
Chn server upload kha cng khai ln.
Thng bo kha cng khai trn server c ti v.
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 27
Email [email protected] c mu xm m chng t kha cng khai
ny c thu hi.
2.3. To kha b mt v kha cng khai
Khi qu trnh to kha hon tt, PGP s to ra mt cp kha cng khai v
b mt. Kha b mt l kha ring phi lu tr cn thn m bo an ton thng
tin ca kha. m bo iu nn dng phn mm nn li v t mt khu
bo v cho kha. Kha cng khai dng gii m, c th gi cho i tc dng
m ha thng ip gi i.
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 28
Vo Tp tin Xut kha ra tp tin
Chn Xut cc kha B mt ra. Nn nn li v lu kha b mt mt ni
an ton nhm bo v thng tin ca kha b mt.
Mt kha b mt s c dng nh sau:
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 29
Tng t bn cng lm nh vy to ra kha cng khai. Vo Tp tin
Xut kha ra tp tin
Chn Ch xut kha cng ra thi.
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 30
Mt kha cng khai c to c dng nh sau:
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 31
Sau khi to kha cng khai, nn gi kha cng khai cho cc i tc tham
gia lin lc. Vo Tp tin Gi kha cng bng th in t .
Thng tin ca kha cng khai s c nh km trong ni dung th gi ti
nhng ngi tham gia. Sau khi nhn c, ngi tham gia nhp kha t tp tin
c th s dng kha ny m ha thng ip.
2.4. Nhp kha cng khai v upload ln my ch
2.4.1. Nhp kha cng khai
m ha thng ip trc khi gi i th ngi nhn phi gi kha cng
khai cho i tc ca mnh, v ngi gi phi nhp kha cng khai vo, dng kha
cng khai ca ngi nhn m ha.
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 32
Vo Tp tin Nhp kha vo t tp tin chn ng kha ca ngi nhn
Open.
Thng bo qu trnh nhp kha thnh cng.
Kha ca ngi nhn s xut hin trn ca s chng trnh.
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 33
2.4.2. Upload kha cng khai ln my ch lu tr
Chn kha mun upload ln my ch lu tr my phc v kha Ti
kha cng ln.
Chn my ch mun lu tr. C rt nhiu my ch lu tr thng dng
lu tr kha cng khai:
- Sks.mit.edu
- Centserver.pgp.com
- Subkeys.pgp.net
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 34
- Pgp.mit.edu
- Pool.sks-keyservers.net
- Zimmerman.mayfirst.org
3. M ha v gii m
3.1. M ha
Sau khi c kha cng khai ca ngi nhn v nhp kha vo trong chng
trnh. Ta tin hnh son tho th gi i.
m ha th gi i, nhy chut vo nt Enigmail trn thanh cng c.
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 35
Chn hai ty chn Force Encryption (m ha thng ip gi i) v Force
Signing (k thng ip gi i) v nhn OK.
Khi gi thng ip n cho ngi nhn, chng trnh s bt nhp
Passphrase (Cm t mt khu).
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 36
Sau khi nhp mt khu, thng ip s c m ha v gi i.
3.2. Gii m
Khi nhn c thng ip m ha t i tc gi i. Th khi vo xem tin
nhn, chng trnh s bt buc nhp Passphrase (cm t mt khu).
Khi nhp ng Passphrase th ni dung tin nhn s c gii m, nu khng
th vn s dng m ha.
4. To ch k in t
Chng trnh cung cp cc ch k tin cy c th c s dng to ra cc
chng thc s (Certiface Authentication). Mt ch k tin cy c th chng t rng
mt kha thc s thuc v mt ngi s dng v ngi ng tin cy k xc
nhn mt kha mc thp hn.
- Mc 0 tng ng vi ch k trong m hnh mng li tn nhim.
- Mc 1 tng ng vi ch k ca mt CA v n c kh nng xc nhn
cho mt s lng khng hn ch cc ch k mc 0.
- Mc 2 tng t nh ch k trong danh sch cc CA mc nh trong trnh
duyt internet; n cho php to ra cc CA khc.
k xc thc mt ch k ca i tc l ng ca ngi s hu, nhy
chut phi vo kha ca i tc K tn kha.
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 37
C 4 mc ty chn v mc kim tra i vi kha ca i tc. Chn mc
no thy hp l nht v OK.
Chng trnh s yu cu nhp Passphrase. Nhp ng Passphrase v OK.
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 38
KT LUN
Vi mc ch nghin cu v k thut m ha PGP. ti tm hiu v
cc khi nim i vi k thut m ha PGP, cc thut ton lin quan v quy trnh
thc hin m ha ca PGP. Mt s vn c nhm lm sng t v trnh by
trong bo co, tuy nhin vn cn mt s mt hn ch nhm cha lm c.
Nhng vn t c:
o Trnh by tng quan cc k thut m ha.
o Gii thiu v k thut m ha PGP, cc thut ton lin quan.
o Quy trnh thc hin m ha ca PGP.
o Ci t h thng minh ha k thut m ha PGP.
Cc mt hn ch:
o Cha trnh by mt cch c th v r rng hn v k thut m ha
PGP v cc thut ton lin quan.
o Cha nghin cu v cc ng dng ca PGP.
An ton v bo mt mng
Nhm 7 KHMT K28 Trang 39
TI LIU THAM KHO
[1]. Website www.vi.wikipedia.org
[2]. Website www.pgpi.org
[3]. Nguyn Tn Khi, An ton thng tin mng, H Bch Khoa Nng, 2013.
[4]. Larry L.Peterson and Bruce S. Davie, Computer Networks, Morgan
Kaufmann, Fifth Edition, 2012.
[5]. Network Associates, An Introduction to Cryptography, 1990-1999.
http://www.vi.wikipedia.org/http://www.pgpi.org/