TLS - Giao thức bảo mật Web

Hong Minh<br /> Thanh Thuy<br /> <br /> <br /> Thuang mai didn tu (TMDT) boat ddng tidn mang thuc bio mat nhu: Safari va Mozilla Firefox phien<br /> Intemet, tuy nhien tien Intemet laitidman rit nhieu bin 2 su dung TLS 1.0; Intemet Explorer 8 (tiong<br /> rui ro nhu viec gii mao thdng tin, thay ddi thdng tin Windows 7 va Windows Server 2008 R2) va Opera<br /> vi bi mit thdng tin. TMDT cing phit trien thi nguy 10 su dung TLS1.2. Vay nguyen nhan nao de TLS<br /> CO gap phai riii ro eua eae ben tham gia la cang ldn. duac tin tudng den nhu vay?<br /> De dam bao loi ieh eho eie ben tham gia TMDT ddi<br /> SO Ll/OC VE TLS<br /> hdi Intemet ein giii quydt vin de de dim bio loi<br /> ich cQng nhu vin de an toin, an ninh cho cic giao TLS la bien the cua SSL - Ld cde giao thire ed<br /> dieh tien mang, cic vin de vd bao ve bi mat, tinh the dupe su dung dd thiet lap vd sir dung mdt kdnh<br /> rieng tu, khdng the chdi cai ngudn gdc thdng tin. Va tmyen thdng an toan giQa hai trinh img dimg<br /> de dip ling duoc ydu cau dd, rit nhidu trinh duyet (khdch hang - may ehu) ed ttao ddi thdng tin. SSL<br /> Web da su dung 0ao thuc bao mat de tao cae kenh dupe thidt ke bdi td chuc Netscape Communications,<br /> an toin trong qui trinh giao dieh TMDT, mdt tiong toy nhidn nd lai cd nhiing nhupc didm nghiem trpng<br /> nhQng giao thue dd li TLS. Hiu hdt cic trinh duyet ddi hdi can phai ed su thay ddi de dam bao tinh an<br /> Web hidn nay ddu sir dung 0ao thuc TLS lam 0ao todn trong TMDT trd nen cao hem. Vd TLS ra ddi do<br /> <br /> Policy Decision Point<br /> <br /> <br /> IMVs<br /> <br /> <br /> <br /> <br /> TAP CHI CNTT&TTKY 2 (7.2011) 39<br />  AN TOAN BAO MAT<br /> <br /> <br /> <br /> do SUtidnhdnh thuc hidn tidu ehuan hda giao thue E\/IAP4, POPS, MAPA, P0P3.<br /> dang SSL dudi su gidm sat cua co quan dac trdch ky<br /> QUA T R I N H THUONG Ll/ONG TLS<br /> thudt Intemet (IETF).<br /> Bude I: Khach hdng gui mdt tm rihdn mang ten<br /> TLS 1.0 ldn dau tien dupe quy dinh trong RFC<br /> CUentHeUo de xdc dinh phien ban cao nhat cua<br /> 2246 vdo thang 1 nam 1999 de lam ban cap nhdt<br /> giao thue TLS ma trinh duyet Web su dung, mdt ma<br /> eua phien ban SSL 3.0. Tuy nhien su khde biet giQa<br /> sd ngau nhidn, mdt danh sdeh cdc bd mat ma va<br /> eae giao thue trong hai ban Id khdng rd ret ldm.<br /> phuong phdp nen dupe hd trp.<br /> TLS I. I dupe quy dinh trong RFC 4346 vdo thang 4<br /> Bude 2: May ehu phan hdi lai bdng tm nhdn<br /> nam 2006 va phidn ban eudi cimg TLS 1.2 dupe quy<br /> ServerHeUo (bao gdm phidn ban giao thire TLS dupe<br /> dinh trong RFC 5246 la vdo thang 8 nam 2008.<br /> chpn, ma sd ngdu nhien, bp mat ma vd phuong phap<br /> TLS LAM GIAO THU'C BAO MAT RIENG nen to lua chpn dupe khdch hdng dua ra, mdy chu<br /> TLS da dupe xdy dung ridng thanh giao thue ehi Cling cd the gui mdt phidn id lam phan tm nhan thuc<br /> dimg cho bao mat. Trong dd, mpt tdng bao mat dac hien qud trinh thuong lupng ndi tidp). Mdy chu gui<br /> biet da dupe them vdo kidntiiieeua giao thue Uitemet. tin nhan Certificate (toy thudc vdo bd mat ma dupe<br /> 6 dudi cimg la giao thuc Uitemet (IP) chiu ttdeh nhidm chpn). Mdy chu ydu edu gidy chimg nhdn tu khdch<br /> vd dinh toydn tin nhdn tten mang. Giao thue Kiem hdng de ket ndi ed the dupe cd hai ben chimg thue,<br /> sodt Tmyen ddn (TCP) cd nhiem vu dam bao dp dang sir dung tin nhan CertifieateRequest. Cudi eung mdy<br /> tin edy eho thdng tin Udn lae. Phia ttdn cimg la Giao chu gui tm nhan ServerHeUoDone de eho bidt nd da<br /> thuc Tmydn sieu van ban (HTTP) cd the xdc dinh dupe thue hien qud trinh thuong lupng.<br /> eac ehitidteua qua trmhtoongtde giQa cdctiinhduyet Bude3:Khdehhanggiii tin nhdn CUentKeyExchange<br /> Web vd may ehii Web. TLS thdm vao tmh nang bao ma cd the cd chua PreMasterSecret, khda edng edng<br /> dam an toan bang each van hdnh nhu mdt giao thuc hoac khdng cd gi. PreMasterSecret dupe ma hda<br /> bao mat rieng ddi hdi rat it su thay ddi ttong cde giao bdng cdch su dung khda edng cdng cua gidy chimg<br /> thue da ndi ttdn va dudi day. nhdn may chu. Sau dd, khdch hang vd may ehu se<br /> Vd hidn nay, TLS dang dupe nghien eim them vide su dung ede sd ngdu nhien vd PreMasterSecret (pre_<br /> dp dung QKD (Quantum Key Distribution) de dam master_secret dupe suy to ham phdn bd khda gidng<br /> bao su an todn toyet ddi trong qua trinh trao ddi nhu RSA hay Diffie-HeUman) dd tinh todn "master<br /> khda giQa hai ben tham gia. Dd Id ly do tai sao nd secret" (bi mat ehinh). Tat ea eac dQ Udu khda khde<br /> cd the bao dam an toan cho eae img dung Intemet dupe su dung eho kdt ndi nay ddu xuat phdt tu bi<br /> khac nhu HTTP, SMTP, NNTP, LDAP, FTP, telnet. mat ehinh nay (cac gid tri ngdu nhidn dupe khach<br /> <br /> <br /> "BftfP<br /> HTTP HT'l'PS SSL<br /> HTTP TLS' '•'^'M<br /> tfrcp" TCP<br /> J """ liii IJTrf '^1<br /> '-:.