B GIO DC V O TO TP ON BU CHNH VIN THNG VIT NAM

HC VIN CNG NGH BU CHNH VIN THNG

--------------------------------------

NGUYN VIT CNG

CNG NGH AN NINH TRONG 3G UMTS

CHUYN NGNH: K THUT IN T M S : 60.52.70 NGI HNG DN KHOA HC: PGS.TS L M T

H NI - 2011 1

Lun vn c hon thnh ti: Hc vin Cng ngh Bu chnh Vin thng Tp on Bu chnh Vin thng Vit Nam

Ngi hng dn khoa hc: PGS.TS L M T

Phn bin 1:

Phn bin 2:

Lun vn s c bo v trc hi ng chm lun vn ti Hc vin Cng ngh Bu chnh Vin thng Vo lc: ....... gi ....... ngy ....... thng ....... .. nm ...............

C th tm hiu lun vn ti: - Th vin Hc vin Cng ngh Bu chnh Vin thng

M u Trong qu trnh pht trin ca thng tin di ng hin ang em li nhiu li ch cho x hi. Cng vi s pht trin ca n l nhng thch thc i vi cc nh cung cp dch v di ng. Mt trong nhng thch thc chnh l vn an ninh trong di ng. Nu khng x l tt s dn n nhiu thit hi to ln. Nhng thch thc ny t ra cc yu cu cho cc nh cung cp dch v v vn nhn thc v bo mt cho thng tin v tuyn v di ng bo v quyn li ca ngi dng v li ch ca chnh bn thn cc nh cung cp. Vi s pht trin ca thng tin v cng ngh my tnh ngi ta a ra cc gii php v nhn thc v bo mt khc nhau. Vn ny trc y, hin ti v tng lai vn cn c nghin cu, tm hiu v pht trin v tm quan trng ca n. Vi ti ca quyn lun vn Cng ngh an ninh trong 3G UMTS, ti mun nm bt c cc cng ngh an ninh trong di ng ni chung v trong 3G UMTS ni ring.

CHNG 1: TNG QUAN AN NINH TRONG THNG TIN DI NG m bo truyn thng an ninh cc mng thng tin di ng phi m bo an ninh trn c s s dng cc cng ngh an ninh. Trong chng ny trc ht ta s xt cc mi e da an ninh sau ta s xt cc phn t chnh tham gia vo vic to nn mi trng an ninh. Cui cng ta s xt cc cng ngh an ninh hng u v cc bin php an ninh c th s dng cho cc gii php thng tin v tuyn. 1.1 TO LP MT MI TRNG AN NINH m bo an ninh u cui u cui ta cn xt ton b m i trng an ninh bao gm ton b mi trng truyn thng: truy nhp mng, cc phn t trung gian cc ng dng my khch (client). An ninh u cui u cui c ngha rng truyn dn s liu an ninh trn ton b ng truyn t u pht n u thu (thng l cc my u cui hay cc client n cc my ch (server)). Trong phn ny ta s xt 5 mc tiu quan trng lin quan n vic to lp mi trng an ninh. - Nhn thc - Ton vn s liu - Bo mt - Trao quyn - Cm t chi 1.2 CC E DA AN NINH a ra c cc gii php an ninh ta cn nhn bit c cc e da tim n. Trong phn ny ta s xt bn him ha e da an ninh thng gp trong mng: ng gi, gim st, lm gi, n trm.

1.3 CC CNG NGH AN NINH Phn ny s xt cc cng ngh cho php gim thiu cc ri ro an ninh, cc khi nim chnh ca cc cng ngh cn p dng cho an ninh u cui u cui trong cc ng dng di ng. 1.3.1 Cng ngh mt m Mc ch chnh ca mt m l m bo thng tin gia hai i tng trn knh thng tin khng an ninh i tng th ba khng th hiu c thng tin g c truyn. Kh nng ny l mt trong cc yu cu chnh i vi mt mi trng an ninh bao gm nhn thc, cc ch k in t v mt m. Cc gii thut v giao thc Mt m ha s liu 1.3.2 Cc gii thut i xng

Hnh 1: Minh ha c ch c s mt m bng kha ring duy nht

1.3.3 Cc gii thut khng i xng

Hnh 2: Nhn thc bng kha cng khai 1.3.4 Cc ch k in t v tm tt bn tin Ch k in t c to ra bng cch tnh ton tm tt bn tin (MD: Message Digest) cho mt ti liu sau MD c kt hp vi thng tin ca ngi k, nhn thi gian v cc thng tin cn thit khc bt k. MD l mt hm nhn s liu u vo c kch c bt k (bn tin) v to ra u ra c kch c c nh c gi l digest (tm tt).Nu ti liu thay i th MD cng thay i.

Hnh 3: Qu trnh s dng cc tm tt (digest) bn tin cung cp cc ch k in t

MD5 v SHA (SHA: Secured Hash Standard Chun lm ri an ninh) l cc thut ton thng c s dng to ra mt digest. 1.3.5 Cc chng nhn s 1.3.6 H tng kha cng khai, PKI Cc phn t ca PKI gm: Cc thm quyn chng nhn (CA) chu trch nhim pht hnh v hy cc chng ch. Cc thm quyn ng k chu trch nhim rng buc cc kha cng khai vi cc nhn dng ca cc s hu kha Cc s hu kha l nhng ngi c cp pht chng nhn v s dng cc chng nhn ny k cc ti liu s. Cc kho lu cc chng nhn cng nh danh sch hy chng nhn Chnh sch an ninh quy nh hng dn mc cao nht ca t chc v an ninh

Hnh 4: PKI da trn phn cp CA phn b

Hnh 5: Nhn thc bng ch k in t Ba chc nng chnh ca PKI bao gm: Chng nhn Cng nhn hp l Hy 1.3.7 Nhn thc bng bn tin nhn thc

Hnh 6: Phng php nhn thc s dng MAC

1.4 CC GIAO THC HNG U Di y l cc giao thc hng u c s dng cho truyn dn s liu an ninh 1.4.1 1.4.2 1.4.3 1.4.4 Lp cc cm an ninh, SSL An ninh lp truyn ti, TLS An ninh lp truyn ti v tuyn, WTLS An ninh IP, IPSec

Hnh 7: Khun dng gi s dng AH trong ch truyn ti v ng hm ca IPSec

Hnh 8: Khun dng gi s dng ESP trong ch truyn ti v ng hm ca IPSec Cc phn t c bn ca IPSec v SPD (Security Policy Database: c s d liu chnh sch an ninh) v SAD (Security Association Database: C s d liu lin kt an ninh). 9

Hnh 9: Th d kin trc IPSec (cc cng v cc my) 1.5 CC BIN PHP AN NINH KHC 1.5.1 Tng la 1.5.2 Cc mng ring o, VPN 1.5.3 Nhn thc hai nhn t 1.5.4 o sinh hc 1.6 AN NINH GIAO THC V TUYN, WAP Trong kin trc an ninh WAP 1.x, ta cn xt hai vn : An ninh mc truyn ti An ninh mc ng dng 1.7 AN NINH MC NG DNG Do qa lu tm n WAP v an ninh lp truyn ti, cc nh thit k thng khng quan tm n mt an ninh lp ng dng. An ninh mc n dng l quan trng v hai l do chnh sau y: (1) khi cn an ninh sau cc im cui ca an ninh lp truyn ti v (2) khi cn truy nhp ni dung trnh by ch khng phi s liu x nghip. iu ny thng xy ra khi chuyn i m, chng hn khi chuyn mt ngn ng nh du siu vn bn HTML vo WML. 10

1.8 AN NINH CLIENT THNG MINH Kin trc client thng minh khng ph thuc vo cng chuyn i giao thc v th n khng b l hng WAP. Tuy nhin cc ng dng ny cng c cc vn an ninh cn gii quyt. Mi khi s liu nm ngoi tng la ca hng, ta lun cn c cc bin php bo v cc thng tin nhy cm. Vi kin trc client thng minh, ta c th m bo an ninh u cui u cui cho s liu x nghip. iu ny khng th thc hin c bi nhiu gii php ca client mng hin nay. Nhn thc ngi s dng An ninh lu gi s liu An ninh mc truyn ti 1.9 M HNH AN NINH TNG QUT CA MT H THNG THNG TIN DI NG

Hnh 10: Kin trc an ninh tng qut ca mt h thng thng tin di ng

11

1.10 KT LUN m bo mi trng an ninh cn 5 phn t sau: nhn thc, ton vn s liu, bo mt, trao quyn v cm t chi. Khi thc hin mt mi trng an ninh, cn nh rng h thng ch a n ninh mc tng ng vi im yu nht ca n. V th ta cn phi bo v mi l hng trong gii php ca mnh m bo rng nhng k khng c php khng th truy nhp vo h thng. thc hin iu ny ta c th phi p dng cc cng ngh an ninh khc nhau nh: mt m kha cng khai, cc chng nhn s, cc ch k s v PKI. Cng c th s dng thm cc bin php khc nh: tng la, VPN, o sinh hc v chnh sch an ninh x nghip duy tr mi trng an ninh. CHNG 2: CNG NGH AN NINH TRONG 3G UMTS UMTS m bo c kt ni chuyn mch knh ln chuyn mch gi tc cao (ln n 10 Mbit/s khi s dng cng ngh HSDPA kt hp vi MIMO). Chng ny s xt ngn gn kin trc UMTS, trnh by chi tit cc tnh nng an ninh cng vi cc tn cng m th h 3 ny c th chp nhn. 2.1 KIN TRC UMTS UMTS R3 h tr c kt ni chuyn mch knh ln chuyn mch gi: n 384Mbit/s trong min CS v 2Mbit/s trong min PS. Mt mng UMTS bao gm ba phn: thit b ngi s dng (UE: User Equipment), mng truy nhp v tuyn mt t UMTS (UTRAN), mng li (CN: Core Network) hnh 12. UE bao gm 3 thit b: thit b u cui (TE), thit b di ng (MT) v modun nhn dng thu bao UMTS (USIM: UMTS Subcriber Identity Module). UTRAN gm cc h thng mng v tuyn (RNS: Radio Network System) v mi RNS bao gm b iu khin mng v tuyn (RNC: Radio Network Controller) v cc BTS ni vi n. Mng li CN bao gm min chuyn mch knh 12

(CS), chuyn mch gi (PS) v HE (Home Enviroment: Mi trng nh). HE bao gm AuC, HLR v EIR.

Hnh 11: Kin trc UMTS 2.2 M HNH KIN TRC AN NINH 3G UMTS Kin trc an ninh trong UMTS c xy dng da trn ba nguyn l sau: Nhn thc B mt Ton vn 2.2.1 Nhn thc Nhn thc trong UMTS c chia thnh hai phn: Nhn thc ngi s dng cho mng Nhn thc mng cho ngi s dng 2.2.2 Bo mt Bo mt trong UMTS t c bng cch mt m ha cc cuc truyn thng gia thu bao v mng bng cch s dng nhn dng tm thi (a phng) thay cho s dng nhn dng ton cu, IMSI. Mt m 13

ha c thc hin gia thu bao (USIM) v RNC v bo mt ngi s dng c thc hin gia thu bao v VLR/SGSN. Cc thuc tnh cn bo mt l: Nhn dng thu bao V tr hin thi ca thu bao S liu ngi s dng (c truyn thoi ln s liu u c gi b mt) S liu bo hiu 2.2.3 Ton vn Thuc tnh cn c bo v ton vn l: Cc bn tin bo hiu Cn lu rng, ti lp vt l, cc bit c kim tra tnh ton vn bng kim tra tng CRC, nhng cc bin php ny ch c thc hin t c cc cuc truyn thng khng mc li trn giao din v tuyn ch khng ging nh ton vn mc truyn ti. 2.3 M HNH AN NINH GIAO DIN V TUYN 3G UMTS Nhn thc 3G UMTS c thc hin c hai chiu: mng nhn thc ngi s dng cho mng v ngi s dng nhn thc mng. c nhn thc, mng phi ng du bn tin gi n UE bng m MAC-A v USIM s tnh ton con du kim tra nhn thc XMAC-A kim tra. Mt m cc bn tin c thc hin cc hai chiu bng KS (Key Stream: Lung kha). KS ny c to ra RNC t CK (CK: Ciphering Key: kha mt m) trong AV do AuC gi xung v USIM t CK c tnh ton t RAND v AUTN do mng gi n. Bo v ton vn c thc hin c hai chiu bng nhn thc ton vn bn tin dc truyn gia RNC v UE. c nhn thc, bn tin pht (UE hoc RNC) phi c ng du bng m MAC-I. Pha thu (RNC hoc UE) tnh ton con du kim tra to n vn XMAC-I kim tra. 14

M hnh an ninh tng qut cho giao din v tuyn 3G UMTS c cho hnh 13

Hnh 12: M hnh an ninh cho giao din v tuyn 3G UMTS 2.3.1 Mng nhn thc ngi s dng m bo nhn thc trn mng UMTS ta cn xt ba thc th: VLR/SGSN, USIM v HE. VLR/SGSN kim tra nhn dng thu bao ging nh GSM, cn USIM m bo rng VLR/SGSN c HE cho php thc hin iu ny.

Hnh 13: Nhn thc ngi s dng ti VRL/SGSN

15

2.3.2 USIM nhn thc mng c nhn thc bi USIM, mng phi gi n USIM mt m c bit 64 bit c gi l MAC-A (Message Authentication Code: M nhn thc bn tin dnh cho nhn thc) n kim tra. MAC-A c gi n UE trong th nhn thc AUTN. Da trn RAND v mt s thng s nhn thc trong AUTN, USIM s tnh ra m kim tra XMAC-A. N so snh XMAC-A vi MAC-A nhn thc t mng, nu chng ging nhau th nhn thc thnh cng. Qu trnh nhn thc mng c cho hnh 15. MAC-A v XMAC-A c tnh ton bng hm f1.

Hnh 14: Nhn thc mng ti USIM 2.3.3 Mt m ha UTRAN Trong qu trnh mt m UMTS, s liu vn bn gc c cng tng bit vi s liu mt n gi ngn nhin ca KS nh thy trn hnh 16. u im ln ca phng php ny l c th to ra s liu mt n trc khi nhn c vn bn th. V th qu trnh mt m c tin hnh nhanh. Gii mt m c thc hin theo cch tng t nh mt m ha.

16

Hnh 15: B mt m lung trong UMTS 2.3.4 Bo v ton vn bo hiu RRC T hnh 17 ta thy qu trnh thc hin bo v ton vn bn tin.

Hnh 16: Nhn thc ton vn bn tin 2.4 NHN THC V THA THUN KHA, AKA AKA c thc hin khi: ng k ngi s dng trong mng dch v Sau mi yu cu dch v Yu cu cp nht v tr Yu cu ng nhp Yu cu hy ng nhp Yu cu thit lp li kt ni 17

2.5 TH TC NG B LI, AKA

Hnh 17: Th tc ng b li ca AKA

2.6 CC HM MT M 2.6.1 Yu cu i vi cc gii thut v cc hm mt m Cc hm v cc gii thut mt m phi p ng cc yu cu cht ch. Cc hm ny phi c thit k tip tc s dng c t nht 20 nm. Cc UE cha cc hm ny khng b gii hn v xut khu v s dng. Thit b mng nh RNC v AuC c th phi chu cc hn ch. Vic xut khu cc nt ny phi tun th tha thun Wassemaar.

18

2.6.2 Cc hm mt m Cc tnh nng an ninh ca UMTS c thc hin bi tp cc hm v cc gii thut mt m. Tt c c 10 hm mt m thc hin cc tnh nng ny: f0-f5,f1*,f5*, f8 v f9. f0 l hm to ra h lnh ngu nhin, 7 hm tip theo l cc hm to kha v th chng u l cc c th nh khai thc. Cc kha c s dng nhn thc ch c to ra USIM v AuC, y l hai min m cng mt nh khai thc phi chu trch nhim. Cc hm f8 v f9 s dng hm li l b mt m khi KASUMI. Cc hm f8 v f9 c s dng trong USIM v RNC v v hai min ny c th thuc cc nh khai thc khc nhau, nn chng khong th c th nh khai thc. Cc hm ny s dng kha b mt chung quy nh trc (K). L do l trnh phn b K trn mng v gi n an ton trng USIM v AuC. Bng 3.1 tng kt cc hm mt m v sn phm ca chng.
Hm f0 f1 f1* f2 f3 f4 f5 f5* f8 f9 Chc nmg Hm to h lnh ngu nhin Hm nhn thc mng Hm nhn thc bn tin ng b li Hm nhn thc ngi s dng Hm rt ra kha mt m Hm rt ra kha ton vn Hm rt ra kha du tn Hm rt ra kha du tn cho hm bn tin ng b li Hm to lung kha (CK) Hm to du n t kha ton vn <khi lung kha> MAC-I/XMAC-I RAND MAC-A/XMAC-A MAC-S/XMAC-S RES/XRES CK IK AK AK u ra

Cc hm f1-f5 v f1* v f5* c thit k c th thc hin trn card IC s dng b vi x l 8 bit hot ng ti tn s 3,25 MHz vi 8kB 19

ROM v 300kB RAM v to ra AK, XMAC-A, RES v IK khng qu 500ms.

Hnh 189: To AV trong AuC 2.6.3 S dng cc hm bnh thng to ra cc thng s an ninh trong USIM

Hnh 19: To cc thng s an ninh trong USIM 20

2.6.4 S dng cc hm ng b li ti USIM Khi USIM nhn thy chui trnh t nhn c nm ngoi di, chc nng to kha bnh thng b hy v USIM bt u to ra th ng b li AUTS (xem hnh 21)

Hnh 20: To AUTS trong USIM 2.6.5 S dng cc hm ng b li ti AuC AuC nhn cp RAND||AUTS t VLR/SGSN v thc hin th tc ng b li, xem hnh 22.

Hnh 21: Th tc ng b li trong AuC 2.6.6 Th t to kha Th t to kha c th khng c thc hin nh m t trn. Th t c m t trn l logic, nhng thc hin c th khc, nu vic thc hin ny hiu qu hn. iu quan trng l cc kha phi sn sng theo th t trnh by trn. 21

2.7 KT LUN Cc h thng di ng th h ba da trn thnh cng ca cc mng GSM/GPRS v a ra cc tnh nng an ninh mi v tng cng ci thin an ninh v bo v cc dch v mi m cc h thng thng tin di ng th hai khng th c. B mt ca cuc gi thoi cng nh b mt ca s liu ngi s dng truyn trn ng v tuyn c bo v. im tng cng an ninh quan trng mt ca UMTS so vi GSM/GPRS l khng ch mng nhn thc thu bao di ng m ngc li thu bao di ng cng nhn thc mng. Ngoi ra phn t quan trng nht lin quan n an ninh l kha K ch c dng chung gia mng UMTS v USIM card khng bao gi c truyn ra ngoi hai v tr ny. Ngoi ra cc thng s an ninh quan trng khc khi truyn trn ng v tuyn u c mt m ha v th o bo khng b nghe trm. C ch nhn thc c thc hin bng cch to vecto nhn thc l hm mt chiu. Ngha l nu ta bit c vecto nhn thc, ta khng th t m ra c cc thng s u vo. C ch ny cho php trao i CK v IK. CK c m rng n 128 bit nn kh b ph hn. Ngoi ra Ipsec ci thin an ninh ti lp mng ca mng li da trn IP v MAPsec bo v cc ng dng cng nh bo hiu. Tt c cc c ch an ninh ny lm cho an ninh ca UMTS c ci thin hn so vi GSM.

22

LI KT Vn cng ngh bo mt trong 3G UMTS v trong di ng ni chung lun cn thay i v pht trin hn na tng cng tnh bo mt v an ninh hn. ti nghin cu mt vi phng php an ninh tuy cn n gin nhng phn no cng ang c s dng trn mng di ng hin ti. C th trong tng lai cc cng ngh c khng cn s dng na v thay th bng cng ngh mi hn, an ton hn.

TI LIU THAM KHO [1] Bi Trng Lin - An ton v bo mt tin tc trn mng, NXB Bu in, H Ni, 2001; [2] TSNguyn Phm Anh Dng - Thng tin di ng 3G, Hc vin Bu chnh Vin thng 2004 [3] TSNguyn Phm Anh Dng An ninh trong thng tin di ng, NXB Bu in [4] Randall K.Nicholls and others Wireless Security, McGraw Hill Telecom,2002 [5] Valtteri Niemi, Kaisa Nyberg, Valtteri Niemi, Kaisa Nyberg - UMTS Security, John Wiley & Sons [6] www.wikipedia.com [7] www.ieee.org

23