An Ninh Trong Thong Tin Di Dong

8/3/2019 An Ninh Trong Thong Tin Di Dong

1/74

Cc chuyn v tuyn III

HC VIN CNG NGH BU CHNH VIN THNG CNG HA X HI CH NGHA VIT NAMC S TI THNH PH H CH MINH c lp T do Hnh phc

---o0o---

AN NINH TRONG CC H THNG THNG TIN DI NGChng 1. Tng quan an ninh thng tin di ng1.1. To lp mt mi trng an ninh ............................................................................ 31.2. Cc e da an ninh ................................................................................................ 31.3. Cc cng ngh an ninh .......................................................................................... 41.4. Cc bin php an ninh khc................................................................................... 51.5. An ninh giao thc v tuyn ................................................................................... 61.6. An ninh mc ng dng ......................................................................................... 71.7. An ninh client thng minh ..................................................................................... 7

1.8. M hnh an ninh tng qut ca mt h thng thng tin di ng............................. 7

1.9. Tng kt................................................................................................................ 8Chng 2. Cng ngh an ninh trong GSM v GPRS2.1. M u ........................................................................................................................... 92.2. Cng ngh an ninh trong GSM ........................................................................................ 92.3. Cng ngh an ninh trong GPRS ..................................................................................... 132.4. Kt lun ........................................................................................................................ 15Chng 3. Cng ngh an ninh trong 3G UMTS3.1. Kin trc UMTS............................................................................................................ 173.2. M hnh kin trc an ninh UMTS .................................................................................. 203.3. M hnh an ninh giao din v tuyn 3G UMTS .......................................................... 21

3.4. Nhn thc v tha thun kha ....................................................................................... 233.5. Th tc ng b li, AKA ............................................................................................. 243.6. Cc hm mt m ........................................................................................................... 253.7. Tng kt cc thng s nhn thc ................................................................................... 283.8. S dng hm f9 tnh ton m ton vn ...................................................................... 293.9. S dng hm bo mt f8 ................................................................................................ 303.10. Thi hn hiu lc kha ................................................................................................ 303.11. Gii thut Kasumi ....................................................................................................... 303.12. Cc vn an ninh cu 3G .......................................................................................... 303.13. Bn lun ...................................................................................................................... 303.14. An ninh mng.............................................................................................................. 31

3.15. An ninh trong mng UMTS R5 ................................................................................... 333.16. Tng kt ...................................................................................................................... 34Chng 4. Cng ngh an ninh trong MIP4.1. Tng quan MIP ............................................................................................................. 354.2. Cc e daan ninh trong s MIP .............................................................................. 364.3. Mi trng an ninh ca MIP ......................................................................................... 364.4. Giao thc ng k MIP c s........................................................................................ 384.5. An ninh trong thng tin MN n MN ............................................................................ 384.6. Phng php nhn thc lai ghp trong MIP ................................................................... 414.7. H thng MoIPS: H tng MIP s dng hon ton kha cng cng ............................... 424.8. Kt lun ........................................................................................................................ 42Chng 5. Cng ngh an ninh trong cdma2000 5.1. Kin trc cdma2000 ...................................................................................................... 44


2/74

Cc chuyn v tuyn IV

5.2. Cc dch v s liu gi trong cdma2000 ........................................................................ 465.3. Nhn thc cdma2000.................................................................................................. 485.4. An ninh giao din v tuyn ......................................................................................... 485.5. Cc nghin cu tng cng an ninh cho cdma2000 ....................................................... 535.6. An ninh MIP v IPSec ................................................................................................... 53

5.7. Kt hp an ninh truy nhp v tuyn vi an ninh MIP v an ninh mng IP ...................... 55

5.8. Tng kt........................................................................................................................ 55Chng 6. An ninh trong chuyn mng 2G sang 3G, hin trng an ninh 2G ti Vit Nam vth gii6.1. An ninh khi chuyn mng gia 2G v 3G ...................................................................... 576.2. Tnh trng an ninh ca 2G hin nay ti Vit Nam v th gii ......................................... 596.3. Cc bin php ci thin an ninh ..................................................................................... 626.4. Kt lun ........................................................................................................................ 63Chng 7. Cc xut tng cng cho an ninh7.1. M u.......................................................................................................................... 647.2. Cc xut tng cng an ninh cho GSM ..................................................................... 647.3. Cc xut tng cng an ninh cho UMTS ................................................................... 66

Chng 8. An ninh WAP8.1 M u........................................................................................................................... 668.2. M hnh WAP ............................................................................................................... 66

8.3. Kin trc an ninh WAP ................................................................................................. 66Chng 9. An ninh lp truyn ti v tuyn (WTLS)9.1. M u.......................................................................................................................... 689.2. SSL v TLS................................................................................................................... 689.3. WTLS ........................................................................................................................... 68


3/74

Cc chuyn v tuyn V

NHN XTCA GIO VIN HNG DN

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------

TP.H Ch Minh, ngy thng nm 2008


4/74

Cc chuyn v tuyn VI


5/74

An Ninh Trong Cc H Thng Thng Tin Di ng

Cc chuyn v tuyn 1

LI NI U

T khi ra i cho n nay, thng tin di ng pht trin qua nhiu th h, v tr thnh mt phn quan trng trong h thng vin thng quc t. S hi t cng

ngh v vin thng nng cao tc truyn dn thng tin. Pht trin vt bc, tc cao v kh nng truy nhp mi lc mi ni ca thng tin di ng p ng nhu cu traoi thng tin v bo mt thng tin ca khch hng.

Vic ng dng bo mt trong thng tin di ng, m bo thng tin v d liuca khch trong cc h thng thng tin di ng vi cc ni dung sau:

Chng 1. Tng quan an ninh thng tin di ng Chng 2. Cng ngh an ninh trong GSM v GPRS Chng 3. Cng ngh an ninh trong 3G UMTS Chng 4. Cng ngh an ninh trong MIP Chng 5. Cng ngh an ninh trong cdma2000 Chng 6. An ninh trong chuyn mng 2G sang 3G, hin trng an ninh 2G ti

Vit Nam v th gii Chng 7. Cc xut tng cng cho an ninh Chng 8. An ninh WAP Chng 9. An ninh lp truyn ti v tuyn (WTLS)

Hi vng quyn lun vn ny s mang li cho ngi c nhng kin thc c bnv An ninh trong cc h thng thng tin di ng. Tuy nhin ni dung cn mt s hnch doiu kin khng cho php nn knh mong ngi c gp .

Hc Vin Cng Ngh Bu Chnh Vin Thng.

Ngy 1 thng 4 nm 2008

SVTH: inh Xun Hip

V Quc Phit

Phm Hng V


6/74


Cc chuyn v tuyn 2

CHNG1: TNG QUAN AN NINH THNG TIN DI NG m bo truyn thng an ninh cc mng thng tin di ng phi m bo an ninh trn

c s s dng cc cng ngh an ninh, sau ta s xt cc cng ngh an ninh hng u v ccbin php an ninh c th s dng cho cc gii php thng tin v tuyn. 1.1To lp mt mi trng an ninh:

m bo an ninh u cui ta cn xt ton b mi trng an ninh bao gm b mi

trng truyn thng: truy cp mng, cc phn t trung gian cc ng dng my khch (client) .Trong phn ny ta s xt 5 mc tiu quan trng lin quan n vic to lp mi trng an ninh. a.Nhn thc:l qu trnh kim tra s hp l ca cc i tngtham gia thng tin. i

vi cc mng v tuyn, qu trnh ny thng c thc hin hai lp: lp mng v lp ngdng. Mng i hi ngi s dng phi c nhn thc trc khi c php truy nhp mng.iu ny c th tim n da trn thit b hay modem c s dng hoc tng minh bng ccc ch khc nhau. Ti lp ng dng, nhn thc quan trng ti hai mc: client v server. t c truy nhp mng, client phi chngt vi server rng bn tin ca n hp l v ngcli trc khi client cho php mt server ni n n (chng hn y xung mt ni dungno ) server phi t mnh nhn thc vi ng dng client. Cch nhn thc n gin nhtnhng cng km an ton nht l kt hp tn ngi s dng v mt khu. Cc phng php

tin tin hn l s dng cc chng nhn s hay ch k in t. b.Ton vn s liu:l s m bo rng s liu truyn khng bthay i hay b ph hoi

trong qu trnh truyn dn t ni pht n ni thu. iu ny c th thc hin bng kim tramt m hay bng m nhn thc bn tin (Message Authentication Code- MAC). Thng tin nyc ci vo chnh bn tin bng cch p dng mt gii thut cho bn tin. kim tra xemchng c ging nhau hay khng. Nu ging nhau pha thu c th an tm rng bn tin khngthay i. Nu cc m ny khc nhau, pha thu loi b bn tin ny.

c.Bo mt: l mt kha cnh rt quan trng ca an ninh v v th thng c ni nnhiu nht. Mc ch ca bo mt l m bo tnh ring t ca s liu chng li s nghehoc c trm t nhng ngi khng c php. Thng thng ngi s dng thng lo lngcc thng tin nh s tn phiu hay cc h s y b c th b xem trm bi cc c nhn c xu. Cch ph bin nht ngn nga s xm phm ny l mt mha s liu. Qu trnh ny

bao gm m ha bn tin vo dng khng th c c i vi bt k my thu no tr my thuch nh.

d.Trao quyn: l qu trnh quyt nh mc truy nhp ca con ngi s dng : ngis dng c quyn thc hin mt s hnh ng. Trao quyn thng thng lin h cht chvi nhn thc. Mt khi ngi s dng c nhn thc, h thng c th c ra mt tps liu, trong khi nh qun tr cng nh ngun tin cy khc truy nhp vo vit s liu.

e.Cm t chi: l bin php buc cc pha phi chu trch nhim v giao dch m chng tham gia khng c t chi. N bao gm nhn dng cc bn sao cho cc bn ny sau khng th t chi vic tham gia giao dch. Thc cht, iu ny c ngha l pha pht v pha

thu thu c bn tin tng t. thc hin qu trnh ny, mi giao dch phi c k bngch k in t v c th c pha th 3 tin cy kim tra v nh du thi gian1.2Cc e da an ninh:

c gii php an ninh cn nhn bit c cc e da tim n: C 4 e da an ninhtim n: ng gi, gim st, lm gi, n trm.

a.ng gi: l nh ca k tm cch truy nhp tri php vo h thng bng cch nggi ngi khc. Nu truy nhp thnh cng, h tr li cc bn tin t c hiu bit su hnv truy nhp vo b phn khc.

b.Gim st: l k thut s dng gim st dng s liu trn mng. Thc cht ca gimst l nghe trm in t. Bng cch nghe s liu mng.

c.Lm ga:tc l lm thay i s liu so vi ban u. Thng l qu trnh ny lin quan n chn truyn dn s liu, mc d n vn xy ra i vi s liu c lu trn server hayclient. S liu b thay i sau c truyn i nh bn gc.


7/74


Cc chuyn v tuyn 3

d.n cp: n cp thit b l vn thng xy ra i vi thng tin di ng. iu nyc bit nghim trng i vi cc ng dng client thng minh v chng thng cha s liukhng i v b mt Kha cc thit b bng t hp tn ngi s dng/ mt khu chng truy nhp d dng; Yu cu nhn thc khi truy nhp ; Khng lu cc mt khu trn thit b; Mt m tt c cc phng tin lu c nh; p dng cc chnh sch an ninh i vi nhung ngi s dng di ng

1.3Cc cng ngh an ninh:a.Cng ngh mt m: Mc ch chnh ca mt m l m bo thng tin gia 2 i

tng, n bao gm nhn thc, ch k in t, mt mb.Cc gii thut v giao thcCng ngh mt m hot ng trn nhiu mc. Mc thp l cc gii thut . Cc gii thut

ny trnh by cc bc cn thit thc hin mt tnh ton bng cc giao thc. Giao thc mt qu trnh hat ng ca cng ngh mt m. Cn c giao thc mnh v ng dng bn vngm bo gii php an ninh.

c.Mt m ha s liu: Li ca mt h thng mt m l mt m ha. Mt m cho php tam bo tnh ring t ca s liu nhy cm. Cch duy nht c c s liu mt m lchuyn i chng v dng gc, qu trnh ny gi l gii m

d.Cc gii thut i xng: Cc gii thut i xng s dng mt kha duy nht mtm v gii m tt c cc bn tin. gii thch mt m ha i xng ta xt qu trnh mt m :Cng hai lung s to ra lung th 3, kiu mt m ny gi l m mt ln.

Computer

Lung s liu0100101

Kha 01011100

Lung s liu pht vo mng

Computer

Lung s mtm thu t mng

Kha 01011100

Lung s liu0100101

Hnh 1.1 Minh ha c ch c s ca mt m bng kha ring duy nht

Phng php mt m trn c mt s nhc im, dikha bng di s liu, c haipha dng chung mt kha; lmth no pht kha n pha thu mt cch an ton.

e.Cc gii thut khng i xng: Cc gii thut khng i xng gii quyt vn chnh xy ra i vi cc h thng kha i xng. S dng hai kha: kha cng khai v kharing. Kha cng khai s dng rng ri trn cc ng khng an ninh, kha ring khng baogi c truyn trn mng n ch cn s dng bi pha i tc cn gii m s liu . Hai khany lin h vi nhau: bng cc s nguyn t v cc hm mt chiu. K thut ny dn nkhng th tnh ton c kha ring da trn kha cng khai. Kha cng di th cng kh phv h thng.Cc h thng kha 64 bit nh DESc th b tn cng khng suy ngh, ngha ltm tng t hp kha n cho n khi tm c kha ng.


8/74


Cc chuyn v tuyn 4

Trong mt m kha cng khai c hai kha c s dng. Mt kha cng khai v mtkha ring ng thi c to lp bng cng mt gii thut. Ngi s dng gi kha ringca mnh nhng a ra kha cng khai cho mi ngi. Kha ring khng bao gi c chias vi mt ngi khc hoc truyn trn mng. Nu ngi s dng A mun gi s liu c

bo v n ngi s dng B mt m ha s liu v yn tm rng ch c ngi s dng B lc th c c s liu ny

Cng c th mt m bn tin bng kha ring v mt m bng kha cng khai. Tuy nhincc bmt m khng i xng cha phi l gii php hon ho. Chn mt kha ring khngphi l chuyn d, nu chn khng cn thn c th d b b v. Ngoi ra cc b mt m khngi xng cung cp gii php cho vn phn phi kha bng cch s dng kha cng khai vkha ring, nhng chng qu phc tp dn n tnh ton chm hn cc b mt m i xng.i vi cc tp s liu ln, y c th tr thnh vn . Trong cc trng hp ny s kt hpcc h thng i xng v khng i xng l mt gii php l tng . S kt hp ny cho ta uim v hiu nng cao hn ca cc gii thut i xng bng cch gi i kha b mt trn ccknh thng tin trn c s s dng cc h thng kha cng khai. Sau khi c hai pha c kha

b mt chung, qu trnh truyn s liu tip theo ca phin s dng cc gii thut kha ixng mt m v gii mt m. y l nguyn l c s ca cng ngh mt m kha cng

khai c s dng trong nhiu giao thc hin nay. f.Nhn thc: Nhn thc c th c gii quyt bng cch s dng mt m ha cng

khai c trnh by trn. Nu mt ngi s dng bit rng kha cng khai m h ang sdng thc cht l thuc v ngi s dng.

V B tr li bng s ngu nhin ca A, A c th tin chc rng bn tin ny c B phtch khng phi ngi khc. V A tr li bng s ngu nhin ca B nn B c th tin chc rngA nhn c bn tin ng. Nhng ngi khc khng th c c cc bn tin ny v hkhng th to ra c cc s ngu nhin ng.1.4Cc bin php an ninh khc:

a. Tng la: l mng an ninh ph bin nht c s dng trong cc mng v cc t chcx nghip, hng. Chng thit lp mt vnh ai gia mng cng cng v mng ring.Tng la l tp hp cc phn mm c t ti mt server cng ring bit hn chtruy nhp cc ti nguyn mng ring t cc ngi s dng thuc mng khc

INTERNET

Server

Nhm cc my ch

Web truy nhp

$

Site c bo v khngcho truy nhp n cc

my ch Web a phngca internet b che du i

vi cng cng

Server

Computer

Computer

Computer

Ngi s dng A Ngi s dng B

Mt m (tn, s ngu nhin A) Gii mt m bng khabng kha cng khai ca B ring ca B

Mt m (s ngu nhin A, s ngu nhin B,kha chia s phin)bng kha cng khai ca B

Mt m (s ngu nhin B)bng kharing cho phin

Hnh 1.2:Nhn thc bng kha cng khai


9/74


Cc chuyn v tuyn 5

Hnh 1.3 Th d v s dnghai tng la vi cc cu hnh khc nhaub. Cc mng ring o, VPN

VPN cho php chuyn mng cng cng (Thng l internet) thnh mng ring. Cngngh ny cho php cc cn b lm vic xa ni n mng cng ty mt cch an ninh. Trckhi c VPN, cc ng thu knh ring c s dng cho mc ch ny. VPN c u imhn cc ng thu ring ch: n tit kim ti nguyn mng bng cch s dng chung mngcng cng v m bo truy nhp an ninh t mi ni c truy nhp mng internet. VPN di ng bt u c tip nhn, hy vng rng tng lai VPN di ng s pht trin nhanh.

c. Nhn thc hai nhn ti vi cc giao dch ngn hng, cn c nhn thc mnh. Phng php hai nhn t p

ng c iu ny. Trong hai phng php ny, ngi s dng p phi p dng hai nhn t nhn thc mnh. Thng th ngi s dng ch bit mt nhn t chng hn s PIN; nhn tth hai l mt th to ra mt khu mt ln. T hp ny s gy kh khn hn i vi truynhp h thng t cc k khng c php.

d. o sinh hc Ngay c khi tng cng an ninh bng nhn thc hai nhn t, nhng ngi s dngkhng c php vn c th lm h hng h thng, chng hn ly c m PIN v th truy

nhp vo h thng ca cng ty. ngn chn tnh trng ny, ta c th thay m PIN bng mt dnh nhn thc mnh hn :

nhn thc sinh hc. o cc s o sinh hce. Chnh sch an ninh

Bin phap an ninh cui cung va th ng la quan trong nht , o la chnh sch an ninh cahng. Chnh sch an ninh ny ch ra tt c cc mt khc nhau ca cc bin php an ninh hng ,

bao gm ca cng ngh , s dung va tit l thng tin m t trong x nghi p .Ngay ca khi m t hangc th p dng giai phap an ninh cng nghmanh , th ton b h thng vn khng an ninh nucc ngi s dng n khng tun th cc ch dn an ninh ca hng . Cn lu y rng cac ke

xm pham lun tm cach anh vao khu yu nht trong h thng, khu yu nay thng dong i s dung1.5An ninh giao thc v tuyn, wap

WAP (Giao th c ng dung v tuyn ) a bich trch vn an ninh cu a no . Vy cac vn an ninh ca WAP l g ? An ninh m c truyn ta i : Vn nay xt n truyn thng gia cc ng dng client va

cc server x nghip . N lin quan n hai giao thc : WTLS s dung trn giao din vtuyn va SSL hay TSL s dung trn mang hu tuyn . S thay i giao th c nay chnh lac s ca vn an ninh WAP .

An ninh m c ng dung : Vn an ninh nay xet n an ninh cu a ng dung client .N baogm ch ky s la m t ma .

H p nht hai lnh vc nay se giai quyt vn an ninh th ng g p trong m t m hnh an ninh nh: nhn thc, tan vn s liu, trao quyn va cm t chi.a. An ninh m c truyn ta i, TLS

An ninh m c truyn ta i (cn gi l an ninh knh ) x l thng tin im n im giam t client v tuyn va ngun s liu x nghi p .

b. WTLSGiao th c an ninh lp truyn tai v tuyn (WTLS) c phat trin ph hp vi cc

c im v tuyn nh:bng thng hp v tr ln. y l ci tin TLS. WTLS tng thm hiuqu ca giao thc v b sung thm nhiu kh nng cho nhng ngi s dng v tuyn . H tr cc gii thut mt m khc: SSL v TLS ch yu s dng mt m ho RSA.

WTLS h tr RSA, DH (Diffi- Hellman) v ECC (Elliptic Curve Crytography) nh ngha chng nhn kho cng khai nn: H tr gi tin UDP


10/74


Cc chuyn v tuyn 6

Tu chn lm ti kho Tp cc cnh bo m rng Cc bt tay ti u

WTLS loi 1: Tng tc du tn gia client v cng WAP, khng c nhn thc; WTLS loi 2: Server nhn thc vi client s dng cc chng nhn WTLS;

WTLS loi 3: Client v cng WAP nhn thc ln nhau. y l dng nhn thc bng cc ththng minh, SIM chng hn c th lu cc chi tit nhn thc trn thit b nhn thc haichiu.

c. L hng WAPTuy WTLS ci thin TLS trong mi trng v tuyn, nhng n li gy ra mt vn

chnh: by gi cn c hai giao thc TLS v WTLS trong kin trc WAP, v th ti ni ti nidin ra chuyn i hai giao thc xut hin im mt an ninh. Chuyn i c thc hin ticng WAP, v th t client n cng WAP WTLS c s dng, cn t cng WAP nserver ca x nghip TLS c sdng:

C hai cch trnh c l hng WAP Chp nhn cng l im xung yu v tm mi cch bo v n :bng tng la,

thit b gim st v chnh sch an ninh nghim ngt. Chuyn cng WAP vo tng la ca hng v t mnh qun l n.

1.6An ninh mc ng dngAn ninh mc ng dng l rt quan trng v hai l do: an ninh sau cc im cui lp

truyn ti, khi cn truy nhp ni dung trnh by ch khng phi s liu x nghip. iu nythng xy ra khi chuyn i m.

Thng thng cc ci t mt nh c t vo mc an ninh cao nht, tuy nhin tacng cn lu n mt vn sau:Mi card WML cn truy nhp n s liu nhy cm cnt vo sendrerer=true trong phn t 1.7An ninh client thng minh

Kin trc client thng minh khng ph thuc vo cng chuyn i giao thc v th nkhng b l hng WAP. Tuy nhin cc ng dng ny cng c cc vn an ninh cn giiquyt. Mi khi s liu nm ngoi tng la. Vi kin trc client thng minh, ta c th m

bo an ninh u cui u cui cho s liu, cc lnh vc n ng dng client thng minh: nhnthc ngi s dng, mt m ha cc s liu lu client, an ninh mc truyn ti.1.8M hnh an ninh tng qut ca mt h thng thng tin di ng

Mc tiu ca vic thit k kin trc an ninh cho mt h thng thng tin di ng l to lpmt chng trinh khung cho php lin tc pht trin. Ging nh vic thit k internet, kintrc an ninh c modun ha. Cc m dun ny c gi l cc min


11/74


Cc chuyn v tuyn 7

ng dng ngiS dng

ng dng nh cung cpDch v

ASDMc ng dng

Thit bu cui

USIM

UDS

Mi trng nh(HE)

NAS

NDS

Mc nh/phc v

Mng phc v(SN)

Kt cui di ng

Mng truy nhp

NAS

Mc truyn ti

Hnh 1.11 Kin trc an ninh tng qut ca mt h thng an ninh di ng

Cu trc an ninh bao gm 5 mun sau: An ninh truy nhp mng (NAS:Network Acces Security): Tp cc tnh nng an ninh

m bo cc ngi s dng truy nhp an ninh n cc dch v do h thng thng tin ding cung cp, c bit l bo v chng li cc tn cng trn cc ng truy nhp vtuyn.

An ninh min mng (NDS: Network Domain Security): Tp cc tnh nng an ninh m bo an ninh cho cc nt mng trong min nh cung cp dch v trao i bo hiuv m bo chng li cc tn cng trn mng hu tuyn.

An ninh min ngi s dng (UDS: User Domain Security) Tp cc tnh nng an ninh m bo truy nhp an ninh n MS.

An ninh mim ng dng (ADS: Application Domain Security): Tp cc tnh nng anninh m bo cc ng dng trong min ngi s dng v min nh cung cp dch vtrao i an ninh cc bn tin.

Kh nng nhn c v lp cu hnh an ninh: Tp cc tnh nng an ninh cho php ngis dng t thng bo v mt tnh nng an ninh c lm vic hay khng

1.9Kt lun m mi trng an ninhcn 5 phn t sau: Nhn thc, ton vn s liu, bo mt, trao

quyn v cm t chi. Khi thc hin mt mi trng an ninh, cn nh rng h thng ch anninh mc tng ng vi nhng im yu nht ca n. V th ta cn bo v mi l hng

trong gii php ca mnh m bo rng nhng k khng c php truy nhp vo h thng.Ta phi mt m ha cng khai, cc chng nhn s, cc ch k s v KPI. Cng c th dngthm cc bin php nh: tng la, VPN, o sinh hc v chnh sch an ninh x nghip duytr mi trng an ninh.

pht trin client mng, WAP kt hp WTLS cho an ninh lp truyn ti. Cn nhrng, mc d y l mt giao thc mnh nhng WAP dn n mt vn an ninh c gi ll hng WAP. L hng ny xy ra ti ni chuyn i WTLS vo TLS. WAP 2x gii quytvn ny bng cch loi b chuyn i gia cc giao thc.

Cc ng dngclient thng minh khng b cc hn ch ny. Cc nh thit k c th hanton kim sot cng ngh an ninh m h p dng.

Vic to lp mi trng an ninh cho cch thng thng tin di ng c thc hin trnmt kin trc tng qut. Kin trc an ninh mang tnh mun cho php nh thit k pht trinh thng an ninh.


12/74


Cc chuyn v tuyn 8

CHNG2: CNG NGH AN NINH TRONG GSM V GPRS 2.1. M u

S sut hin trong h thng thong tin di ng th h hqi em li n tng rng, cc myin thoi k thut s s an ninh i vi nghe trm so vi h thng thong tin di ng tng tth h mt. mn d tnh trng ny c ci thin, nhng vn cn mt s vn khng m

bo v mc an ninh.GPRS l mt tng cng cho mng di ng GSM v c th coi l mt bc trung gian

tin ti h thng di ng th h th ba. GPRS cho php truyn s liu tc cao hn ltruyn bng chuyn mch gi. Ngoi ra n cn ci thin ng k v mt an ninhlin quan nGSM, tuy nhin GPRS vn cn nguy c b xm phm.

Chng ny s tng quan cu trc mng GSM, GPRS v tt c cc tnh nng an ninhc m bo v cc e da an ninh i vi chng.2.2. Cng ngh an ninh trong GSM

Cc giao thc an ninh GSM trong c giao thc nhn thc, da trn cc cng nghmt m i xng trong SIM v AuC cung cp IMSI v kha nhn thc thu bao Ki chotng th bao. Nn tng ca cc giao thc an ninh GSM l kha nhn thc th bao (lu trongSIM v AuC) khng bao gi c pht trn giao din v tuyn. to ra cc m nhn thc(SRES) v kha mt m Kc cho tng cuc gi li ti USIM. Mt s ngu nhin RAND cgi l h lnh c pht trn ng truyn v tuyn. ba thng s : RAND, SRES v Kc cgi l b tam (Triplet) c s dng tha thun kha v mt m. 2.2.1 Kin trc GSM

dnh gi v hiu c cc tnh nng an ninh dp dng trn GSM, trc ht ta cnxem ngn gn kn trc GSM. Mt h thng GSM c t chc thnh ba phn chnh: MS hthng con trm gc, BTS (Base Station Subsystem) v h thng con chuyn mchSS(Switching Subsystem) nh hnh.2.1

text

Trm Di ng(MS)

H Thng Con Trm Gc(BSS)

H thng con chuyn mch(SS)

Um ABIS

SIM

ME

VLR HLR AuC EIR

BTS

BTS

BSC

BTS

BTS

UM

Mng bo hius 7

MSC-GMSC

PSTN,DN,CSPDNPSPDN

A

BSSMSC


13/74


Cc chuyn v tuyn 9

MS cha u cui di ng vi SIM card. SIM l mt thit b an ninh cha tt c ccthng tin cn thit v cc gii thut nhn thc thu bao cho mng. nhn thc thu baocho mng, SIM cha mt my vi tnh gm mt CPU v ba kiu nh. ROM c lp trnhcha h iu hnh, chng trnh ng dng cho GSM v cc gii thut an ninh A3 v A8.RAM c s dng thc hin cc gii thut v nh m cho truyn dn s liu. Cc s liu

nhy cm nh Ki (kha b mt). IMSI (International Mobile Station Identity; s nhn dngthu bao di ng) cc s quay, cc bn tn ngn, thng tin v mng v v thu bao nhTMSI (Temporary Mobile Station Identity: nhn dng vng nh v)c lu trong b nhROM xa bng in (EFPROM).

H thng trm gc BSS bao gm mt s trm thu pht gc (BTS: Base TransceiverStation: trm thu pht gc) v mt s trm iu khin trm gc (BSC: Base StationController). BTS iu khin lu lng v tuyn gia MS v chnh no thng qua giao din vtuyn Um.

H thng con mng cha trung tm chuyn mch cc dch v di ng (MSC: MobileSwitching Station) thc hin tt c cc ng dng cn thit nh tuyn cuc gi hoc tngi s dng v cc mng in thoi di ng khc nhau nh ; ISDN, PSTN, HLR (Home

Location Rgister: B gi nh v thng tr) mang tt c thng tin v thu bao trong vng caGMSC (Gateway MSC: MSC cng) tng ng. VLR(Visitor Location Register:b gi nh vtm tr) cha cc chi tit tm thi v MS lm khch ti MSC hin thi. N cng cha TMSI.Trung tm nhn thc (AuC: Authentication Center) c t ti HLR v mt trong nhng ni

pht i nhng thng s an ninh quan trng nht v m ha gia MS v BTS. TSMI cho phpmt k xu tm cch ly trm thng tin v ti nguyn ngi s dng v theo di v tr ngis dng. Mc ch ca EIR (E quipment Identity Register ; b ghi nhn dng tht b) l nhn dng xem c ng l thit b di ng hay khng. Ni mt cch khch EIR cha tt ccc s se-ri cu tt c cc my di ng b mt hoc b n cp m h thng s khng cho php.Cc ngi s dng s c nhn l en (khng hp l), trng (hp l), xm (b nghi ng).2.2.2. M hnh an ninh cho giao din GSM

Mc ch ca an ninh ny l m bo ring t cho thng tin ngi s dng trn ngtruyn v tuyn.

Mi trng an ninh tren giao din v tuyn GSM c m b bi hai qu trnh: nhnnth v bo mt (xem hnh). GSM ch c dng nhn thc MS. nhn thc MS, mng gi ti cho n lnh RAND. SIM nhn RAND v s dng n vi kha nhn th thu bao Ki clu lm u cho gii thut A3 to ra SRES (tr li k). Sau MS gi SRES gi tri limng, mng kim tra v so snh n vi SRES tng ng to ra AuC, nu trng nhau thnhn th c thnh cng v A8 hp l. Sauk hi nhn thc ngi s dng thnh cng, gii thutA8 s dng kha nhn thc Ki cng vi s ngu nhin RAND to kha mt m Kc. Giithut A5 s dng kha ny kha tn hiu thoi pht trn ng v tuyn v gii mt m tnhiu thoi trn ng v tuyn v gii tn hiu thoi thu c.

Lung mt m ti u dy ny phi c ng b vi lung gii m vi u dy kia lung bt mt m ha v lung bt gii mt m ha trng khp nhau. Ton b qu trnh nhnthc v mt m ha v cc phn t tham gia v cc qu trnh ny trong mng GSM c cho

bi m hnh an ninh giao din v tuyn GSM.Bng 2.1 cho thy chc nng v kch thc ca cc thng s trong b tam v kha Ki.

Thng s M t Kch thc,bit

Ki Kha nhn thc 128

B tam

RAND H lnh gi n SIM 128

SRES Tr li c k nhn thc 32Kc Kha mt m bo mt thoi 64


14/74


Cc chuyn v tuyn 10

C gii thut A3 v A8 u c lu ttrong SIM trnh vic lm gi chng. iu nyc ngha l cc nh khai thc c th quyt nh gii thut no s c s dng c lp vi nhsn xut phn cng v cc nh khai thc mng khc. Nhn thc vn hot ng trong cc nckhc v mng a phngphi hi HLR trong mng nh ca thu bao nhn c nm b

ba. V th mng a phng khng th hiu bt c thng tin no v cc gii thut A3 v A8

c s dng.Nhn thc thu bao GSM

Nhn thc

Thnh cng

=?

A3A3

Ki

RAND

VLRMS

SIMKiRAND

SRESSRES

HLR/AuC

Trung tm nhn thc(AuC) c s dng nhn thc SIM card ca thu bao (hnh2.4). AuC to ra ba thng s (RAND, SRES, Kc) v gi chng xung VLR v c s dngring cho tng cuc gi. Trong qu trnh nhn thc mt cuc gi, VLR gi h lnh RANDn USIM n s dng to ra lnh SRES. Sau MS gi ti SRES n VLR so snh viSRES c lu ti . Nu hai thng s ny trng nhau th nhn thc thnh cng.

Th t nhn thc c khi xng bi AuC. AuC to ra mt s ngu nhin RAND 128

bit gi n MS. Gi thut A3 s dng s ngu nhin nhn c cng ci kha nhn thc Ki(128 bit) lu trong SIM card to ra tr li c k 32 bit(SRES) SRES c pht v phamng v c so snh vi SRES k vng do AuC tnh ton. Nu gi tr SRES do MS tnhton v gi tr SRES do AuC tnh ton ging nhau, th MS c php truy nhp mng. m bo an ninh tt hn, mi ln truy nhp mng s ngu nhin li c thay i dn nthay i SRES.

2.2.4. Mt m ha GSMMc ch ca m ha l m bo tnh ring t cho thng tin ngi s dng trn ng

truyn v tuyn. sau khi nhn thc thnh cng. Ti SIM gii thut A8 nhn kha nhn thcthu bao Ki cng vi RAND l u vo to ra kha mt m Kc (Ciphering Key) 64 bit. Ti

pha mng phc v, kha Kc tng ng n t AuC c VLR lu trong b nh. Rang giithut A5, kha Kc (64 bit) v s khung 24 bit (count) chng ph li, thoic mt m vgii mt m trong MS cung nh trong BTS.


15/74


Cc chuyn v tuyn 11

2.2.5. Cc e da trong an ninh GMSThnh phm an ninh quan trng nht ca GSM l kho nhn thc ngi s dng Ki.

Vic ti to c kha ny cho php nhn bn cc SIM card v nh gim st c tt ccc cuc gi c ngi s dng tin hnh theo kha ny. Tuy nhin tn ti mt c ch anninh gim st tt c cc kha ny trong trng hp xy ra s dng ng thi kha ny v

chm dt ng k ca kha ny.Ni chung c truy nhp mng u cui phi c mng ny cho php. Tuy nhinkhng c mt c ch no kim tra s hp l ca mng. v th c th sy ra cc tn cng nmng bi mt k h no khi k ny c c ch ph hp gi dng mt mng hp l hocmt u cui hp l.

Cng cn lu rng im giao din ni MS ri khi ng bo v ( mc nht nh)v chuyn n PSTN hay mt mng in thoi khc l c bit quan trng t quan im anninh v n d b k xu sm phm. v cng cn lu rng an ninh p dng trn HLR l thamn v n cha tt c cc phn t c bn ca an ninh GSM cng nh IMSI, kho nhn thcKi, s in thoi v cc chi tin tnh cc.

Mt s vn quan trng khc t quan im e da an ninh l cc th t an ninh ni

trn cha chc c nh cung cp dch v GSM mbo hay khng.2.2.6. nh gi an ninh GSMAn ninh GSM da trn nhn thc v bo mt th hin u im vt tri an ninh trong

cc th h thng tin di ng tng t th h 1. Tuy nhin trong GSM c s dng nhiunm nhiu nc trn th gii.Cc c ch an ninh c s cng b tr chch ngy cng tng. Vcho rang ch c cc giao thc c th kim tra l c th tin tng (v cho rng an ninh ch phthuc vo b mt ca cc kha ch khng vo cc gii thut), dn n GSM kh trnh khi btn cng do s ph thuc ca n vo cc gii thut ring A3, A8, A5. nhiu nh phn tch anninh coi cc gi thut l yu im mt m hc. Cc ch trch v an ninh trong GSM nh sau: C hai gii thut A3 v A8 u c s dng nhn thc ngi s dng v to ra cc

kha phin u thc hin bi cc nh cung cp dch v GSM bng gii thut gi lCOMP128. COMP128 c tnh ton o ti Berkeley ch ra rng c th ph v giaothc ny sao 219 ln hi t mt BTS gi mo n GSM SIM trong vng 8 gi. Phn tchk hn v ng dng COMP128 ca GSM cng b pht hin bn thn gii thut ny cng

b yu. gii thut i hi 64 bit, nhng 10 bit trong s cc bit ny lun c t bng0 v th gim ng k an ninh ca ng dng A8. Nu kha Kc b tn hi th k xm

phm c th ng gi VLR hp php m khng cn nh k nhn thc. ngoi ra vic lugi b tam RAND, SRES v Kc trong VLR c s dng s tng thm kh nng bl nht l i vi xm phm t bn trong.

Di s iu khin ca giao thc nhn thc GSM, GSM BTS nhn thc MS yu cu phin thng tin. Tuy nhin khng c nhn thc ngc li t MS n mng, nn MSkhng m bo rng n khng b thng tin vi mt nt gia mo no l GSM BTS. iuny li tr ln ti t h khi chnh h lnh RAND c dung nhn thc li l ht ging to m phin khi c s dng lm u vo cho gii thut A8. ngoi ra giao thc bntin h lnh tr li li khng cha nhn thi gian. V th mt BTs gi thnh cng trongvic gi mo GMS BTS, n c th tm mt kha phin gii m mi bn tin s dngcng kha trong thi gian kh di.

nhn thc GSM (v an ninh GSM ni chung)bo v ng truyn v tuyn gia MS vGSM BTS phc v MS. C ch ny khng bo v truyn dn thng tin gia AuC vmng phc v. vic thiu an ninh trong mng hu tuyn l kh nng chnh l GSM,nht l hin trng truyn dn gia GSM BTS mng hu tuyn thng l mng viba sdn n thng tin d b chn.

Trong s hai phng n ca gii thut mt m v s liu (A5/1 v A5/2), gii thut yuhn l A5/2 c th c xut khu trn ton th gii khng hn ch. Theo BruceSchneier, A5/2 c pht trin di s pht trin ca NSA c th b ph v trong thi


16/74


Cc chuyn v tuyn 12

gian thc vi h s ph v 216. A5/1 mnh hn v c kh nng chi ng tn cng vih s ph v l 240ngha l nu k tn cng s dng phn cng c bit c th gy tnhi thi gian thc.

2.3 Cng ngh an ninh trong GPRS2.3.1. M u

Dch v v tuyn gi chung (GPRS) l mt mng s liu c thit k kt hp vimng GSM hin c. Ni mt cch chnh xc hn, GSM/GPRS cho php lu chuyn mch gi(PS) nh IP v lu lng chuyn mng knh (CS) ng tn ti. phn ny s xt tng quankin trc mng GPRS v cc vn an ninh p dng cho n. 2.3.2 Kin trc GPRS

hiu tt c vn an ninh c p dng v cc vn lin quan n chng. Ta cnphi xem xet ngn gn cu trc v cc c ch ca n.

Hnh 2.5: Kin trc GPRS

MS gm thit b u cui (TE: Terminal Equipment) (PC) u cui di ng. MS c thhot ng trong ba ch ph thuc vo kh nng ca mng v my di ng. Ch A, c th x l ng thi cc chuyn mch knh ln chuyn mch gi. Ch B. cho php MS hoc ch PS hoc ch CS nhng ng thi c hai ch

. Khi MS pht gi, nu kt ni CS c yu cu th truyn dn PS t ng c tvo ch treo.

Ch C, cho php MS thc hin mi ln mt dch v. nu MS ch h tr lu lngPS(GPRS) th n hot ng ch C.Trong BSS, BTS s l c lu lng CS v PS. N chuyn s liu PS n SGSN v CS

n MSC. Ngoi cc tnh nng GSM, HLRcn s dng xc nh xem thu bao GPRS ca ch IP tnh hay ng v im truy nhp no s dng ni mng ngoi. i vi GPRS,

cc thng c trao i gia HLR v SGSN.SGSN s dng lu lng gi IP n t MS ng nhp vo vng phc v ca n v ncng m bo nh tuyn gi nhn c v gi i t n.

GGSN m bo kt ni vi mng chuyn mch gi bn ngoi nh internet hay mngring khc. N kt ni vi mng ng trc GPRS da trn IP. N cng chuyn tt c cc giIP v c s dng trong qu trnh nhn thc v trong cc qu trnh mt m ha.

AuC hot ng ging nh GSM. C th n cha thng tin nhn dng ngi cphp s dng mng GPRS v v th ngn vic s dng tri php. 2.3.3 Nhn thc thu bao GPRS

Th tc nhn thc thu bao GPRS c thc hin theo cch ging nh GSM ch khcmt im l cc th tc ny c thc hin trong SGSN ch khng phi l MSC. Ni mt

cch khc SGSN nhn th MS bng cch nhn thc s liu nhn c t HLR2.3.4. Mt m ha GPRS

TE MT BSS SGSN GGSNInternet

EIR

MSC/

VLR

SMS-GMSC

SMS-IWMSC

HLR/

AuC

SGSNMng li

Gf

Gs Gd Gr Gc

GiGnGb

Um


17/74


Cc chuyn v tuyn 13

Trong GPRS th tc mt m khc vi GSM. Mt gii thut khc mi A5 GPRS 64 bitc s dng. trong thi gian truyn cc gi IP, mi gi s liu c mt m bi gii thutA5GPRS hay GEA (GPRS Encryption Algorithm). GEA l mt gii thut mt m lungi xng. u im ca gii thut ny so vi A5 l c th to u ra ca GEA trc khi bitc vn bn th. Qu trnh mt m c th hin SGSN v MS. Trong trng hp ny

cng cn c ng b gia lung mt m ha v gii mt m. ng b c th hin bi mtgii thut chui kha mt m v m bo rng cc bt u vo v cc hng iu khin qutrnh mt m ha2.3.5. nhn dng b mt ngi s dng

GPRS s dng cng mt th tc nhn dng thu bao ch khc ch MS pht i dnglien kt logic tm thi (TLLI) v nhn dng vngnh tuyn (RAI) n SGSN n x l thtc ny thay cho MMC. TLLI phi i km vi RAI trnh s ti ngha. 2.3.6. Cc e da an ninh GPRS

Cc my n thoi di ng c th i mt vi cc e da an ninh ging nh cc my tnhni mng. k tn cng c th xem, thay i v thc hin cc ng dng hay s lieu lu gitrong my in thoi di ng. KKHng ch u cui m SIM card cng b s e da ca k

xm hi ny. Tuy nhin co th s dng IPsec gii quyt cc nhc im ca IP. Bngcch ny c th bo v tnh ton vn v khng cn thay i giao din IP. Mt trong nhngnhc im ca IPsec l t tin.

Mt im quan trong khc i vi an ninh l kh nng bo v tnh ton vn thng tin giao din v tuyn gia MS v SGSN. Cc k xm phm c th thay i thng tin pht.Chng c thh truy nhp vo s liu an ninh quan trong nh cc kha mt m hay gy nhiui vi hot ng ca mng.

SGSN cng c th b tn thng do k xm phm gi mt mng hay thay i du cui. 2.3.7. M hnh bo hiu nhn thc thu bao GSM v GPRS

Cc th tc bo hiu nhn thc cho php mng GSM/GPRS nhn dng v nhn thcngi s dng bo v ng truyn t cc cuc gi GSM/GPRS.

Trong th tc nhn thc, mt VRL/ SGSN mi cn nhn c b ba (Kc, SRES, RAN )t HLR/ AuC thngqua giao thc MAP ca mng bo hiu SS7. Khi MS nhn c b bany, n nhn thc MS bng cch gi s ngu nhin (RAND) trong bn tin Authentication andCiphering Request. Nhn c s ngu nhin ny. MS s tnh ton s SRES v kha Kc. Sau MS gi s SRES ny n mng. Mng so snh SRES do MS v SRES do VLR nn ct HLR/AuC. Nu hai s ny ging nhau th nhn thc thu bao thnh cng.

Lu rng: Gii thut mt m GPRS (ch cho mng GPRS) c gi n bn tin yu cu nhn thc

v mt m. Mt m ha bt u sau bn tin tr li nhn th v mt m c gi. CKSN nhn dng kha Kc pha MS v mng.

2.3.8. TMSI m bo mc bo mt cao cho cc bn tin v bo v chng s theo di v tr ca thu

bao, b danh nhn dnh c s dng thay cho IMSI. B danh ny c gi l TMSI(Temporary Mobile Subscriber Identity). y l mt s duy nht trong vng phc v caVLR ni MS c ng v cng khai. TMSI ny c th c gii phng v mt TMSI mi c thc n nh cho MS sau khi sy ra nhiu ln mt s kin.

TMSI l mt s nh s c p dng tnh nng bo mt nhn dng thu bao v chp dng bn trong vng iu khin ca VLR. Khi c yu cu, TMSI c cp hoc cp

pht li cho mt IMSI sao cho vng iu khin c th tm c thu bao theo TMSI. TMSIlun c s dng vi LAI (nhn dng vng nh v) : Nhn dng thu bao di ng.

Tm thu bao di ng trong BSS. Truy nhp s liu thu bao di ng trong c s d liu VLR


18/74


Cc chuyn v tuyn 14

cp pht trnh trng lp TMSI sau khi khi ng li VLR, mt b phn ca TMSI cth lien quan n thi gian m n c cp pht. Ngoi ra TMSI cn cha mt trng mt

bt, trng ny c th thay i kkhi VLR khi phc li t u.Qu trnh m bo an ninh trong khi cp pht cho TMSI cho mt thu bao (hnh). Chui

bo v an ninh ny c th hin nh s cng tc ca BSS, MSC, VLR, HLR AuC.

2.3.9. An ninh mng IP bo mt, GGSN v server RADIUS chia s kha mt m m ch chng bit. ISP tora kha chia s ny. Ch c nhn vin tm quyn mi c nhn kha b mt ny t IPS v cth vit gi tr nyv MIB (c s thng tin qun l) khng th c thng tin t MIB v thngtin ny cng khng truyn trn giao din Gi.

Mt khu ca ngi s dng c m ha v c truyn gia RADIUS (GGSN) vserver RADIUS trnh b l. RADIUS h tr hai c ch truyn mt khu : PAP (PasswordAuthentication Protocol) v CHAP (Challenge Handshake Protocol) ty theo s lng ngis dng v mt khu(do ngi s dng cung cp). th n h tr c ch nhn thc c bit. C hai phng php truy nhp:

a)Truy nhp trong sutTruy nhp n internet hhay intranet m khng c nhn thc cu mng c truy nhp.Mng GPRS th hin nhn thc thu bao. Truy nhp trong sut c th s dng internet trc

tp v cc dchv a phng tin khcnh WAP.b)Truy nhp khng trong sut

IPS nhn thc th bao bng RADIUS. Trong trng hp ny h thng ng vai tr nhmt VNAS (Virtual network Accessb Server) kt ni thu bao n mng inernet hayinetranet. N x l nhn thc RADIUS, n nh a ch IP ng v c th tc thit lp tunnel .2.4. KT LUN

An ninh l mt trong vn quan trng nht trong mt mng di ng cn h tr mbo tnh ring t cho cc thu bao. Ni mt cch chnh xc hn l mng di ng phi c khnng bo v ngi s dng chng li gian ln cc v cc gian ln khc ni chung, phi m

bo sao cho cc thng tin v cc chi tit lien quan ti thu bao phi c mt m ha khikh dng i vi ngi s dng hp php nhm ngn chn mi k nghe trm.

Cc c ch c bn nht m bo cc dch v ni trn l dng b mt, nhn thc nhndng v b mt s liu truyn. Ngoi ra nhn thc c s dng nhn dng cc ca hthng c s dng v ch cho php ngi s dng hp l truy nhp, ngn nga cc k xmhi chim dng kt ni. Bo v truyn dn c m bo bo v cc s liu nhy cm cangi s dng trn ng truyn v tuyn.

Cc my in thoi thuc th h in thoi di ng th th th nht c thit k vi cctnh nng an ninh km. V th, th h di ng th hai (GSM) c trin khai nhm mcch m bo tha mn hn v an ninh. Cc c ch nhn thc, mt m ha tn hiu truyn c p dng vi vic s dng cc gii thut mnh. Tuy nhin, GSM c mt s nhc imsau:

GSM ph thuc vo cc k thut mt m i xng. Trong MS v mng chia s mtkha ring duy nht cho tng thu bao. Kha ring Kc c to ra trnh vic truyncc kha ring chia s trn c ng truyn v tuyn ln hu tuyn.

Cc gii thut nhn thc thu bao (A3 v A8) trong GSM l cc gii thut ring. y lnguyn nhn trtrch chnh v giao thc an ninh ny v cc giao thc an ninh ny cng

b tr trch mnh m hn. GSM ch cho php nhn thc thu bao ch khng cho php nhn thc mng. GSM khng cho php bo v ton v bo hiu. GSM khng xt n an ninh trong h tng hutuyn.

V th mt k xm phm c th gi mo mt mng hoc mt ngi s dng v an cpnhng thng tin quan trng. vic s dng tn s v tuyn cng dn n mt e da tim n t


19/74


Cc chuyn v tuyn 15

vic nghe trm cc cuc truyn. Do an ninh khng th hin hiu qu v n c th b phv bi cc k khc nhau.

Tuy nhin ta cn nh rng mc tiu chnh ca an ninh i vi h thng GSM l m bo h thng an ninh ging nh mng in thoi cng cng. v th GSM khng ch thnhcng m cn h tr cht lng thoi tt hn v a dng cc tnh nng cng nh cc dch v

mi. do vy, GSM l mng thnh cng nht tnh ti thi gian ny. GPRS l mt bc tin quan trng trong con ng tin ti th h di ng th ba. Nda trn mng chuyn mch gi cung cp cc dch v internet. mc no GPRS sdng an ninh nh mng GSM. Tuy nhin vi vic s liu khng n BTS lin cng vi mtgii thut A5 mi c s dng mt m ha ln lu lng GPRS tr ln an ton hn. Cce da an ninh ca GPRS rt khc vi GSM chuyn mch knh. H thng GPRS d b xm

phm hn do ng truyn da trn IP. S liu ca GPRS c m ha n tn GPRS. m bo an ninh mng, ngi s dng phi c nhn thc bi RADIUS server cng cmt m ha bng mt kha chia s quy nh trc do IPS cung cp.

Ngoi ra cng cn lu thay i m PIN khi s dng kha K4 kha SIM cng tngcng thm cho GPRS.


20/74


Cc chuyn v tuyn 16

CHNG 3: CNG NGH AN NINH TRONG 3G UMTS

UMTS (Universal Mobile Telecommunication System: h thng thng tin di ng toncu) l h thng thng tin di ng ton cu th h th 3. n UMTS c pht trin biETSI (European Telecommunication Standard Institute) v mt s t chc nghin cu quc t

nhm tng tc s liu so vi GSM/GPRS cung cp cc dch v mi cho ngi s dngv t c mt h thng thng tin thc s ton cu. 3.1 Kin trc UMTS:

UMTS R3 h tr c kt ni chuyn mch knh ln chuyn mch gi: n 384 Mbit/strong min CS v 2Mbit/s trong min PS. Cc kt ni tc cao ny m bo cung cp mttp cc dch v mi cho ngi s dng di ng ging nh trong cc mng in thoi c nhv internet. Cc dch v ny gm: in thoi c hnh (Truyn hnh hi ngh), m thanh chtlng cao (CD).

Mt mng UMTS bao gm ba phn: Thit b ngi s dng (UE : User Equipment,mng truy nhp v tuyn mt t UMTS (UTRAN), mng li (CN: Core network). UE baogm 3 thit b: Thit b u cui (TE), thit b di ng (MT) v mun nhn dng thu bao

UMTS (USIM: UMTS Subcriber Identify Module). UTRAN gm cc h thng mng vtuyn (RNS: Radio Network System) v mi RNS bao gm b iu khin mng v tuyn vcc BTS ni vi n. Mng li CN bao gm min chuyn mch knh (CS) chuyn mch gi(PS) v HE (Home Environment: Mi trng nh. HE gm AuC, HLR, EIR3.1.1 Thit b ngi s dng

UE l ucui ngi s dng, y l h thng nhiu ngi s dng nht v s pht trinca n s nh hng ln cc ng dng v cc dch v kh dng3.1.1.1 Cc u cui

My in thoi khng ch cung cp thoi m cn cung cp cc dch v mi, nn tn can c chuyn thnh u cui. Cc nh thit k c th c sn phm khc nhau nhng tt cu c mng hnh ln v t phm hn so vi 2G. Thit b u cui tr thnh t hp ca my

thoi di ng m em v my tnh bn tay. u cui h tr hai giao din: Giao din Uu nh ngha lin kt v tuyn (giao din

WCDMA). N m nhim tan b kt ni vt l vi mng UMTS. Giao din th hai l giaodin Cu gia UMTS IC card (UICC) v u cui. Giao din ny tun theo tiu chun cho cccard thng minh.

Cc tiu chun ny bao gm: Bn phm (cc phm vt t hay cc phm o trn mng hnh); ng k mt khu mi; Thay i m PIN; Gii chn PIN/PIN2;

Trnh by IMEI; iu khin cuc gi.

3.1.1.2 UICCUICC IC card l mt card thng minh, n c dung lng ln, tc x l cao

3.1.1.3 USIMSIM l lu gi thng tin c nhn (ng k thu bao) ci cng trn card. iu ny thay

i trong UMTS, m dun nhn dng thu bao UMTS c ci nh mt ng dng trn UICC.iu ny cho php lu nhiu ng dng hn v nhiu kha in t hn.

USIM cha cc hm v s liu cn nhn dng v nhn thc thu bao trong mngUMTS. N c th lu c bn sao l lch ca thu bao. Ngi s dng phi t mnh nhn thci vi USIM bng cch nhp m PIN

3.1.2 Mng truy nhp v tuyn UMTS (UTRAN)


21/74


22/74


Cc chuyn v tuyn 18

VRL l bn sao ca HLR cho mng phc v (SN: Seving Network). D liu thu baocn thit cung cp dch v thu bao c sao chp t HLR v lu y. C MSC vSGSN u c VLR ni vi chng.S liu sau y c lu trong VLR

IMSI MSISDN TMSILA hin thi ca thu bao MSC/SGSN hin thi l thu bao kt niNgai ra VRL c th lu gi thng tin v dch v m thu bao c cung cp. C SGSN

v MSC u c thc hin trn cng mt nt vt l vi VRL v th c gi l VRL/SGSN/v VLR/MSC.

3.1.3.5 MSCMSC thc hin cc kt ni CS giau cui v mng. N thc hin cc chc nng bo

hiu v chuyn mch cho cc thu bao vng qun l ca mnh. Chc nng ca MSC trongUMTS ging chc nng MSC trong GSM, nhng n c nhiu kh nng hn. Cc kt n i CSc thc hin trn giao din CS gia UTRAN v MSC. Cc MSC c kt ni n ccmng ngoi qua GMSC.3.1.3.6 GMSC

GMSC c th l mt trong s cc MSC. GMSC chu trch nhim thc hin cc chcnng nh tuyn n vng c MS. Khi mng ngoi tm cch kt ni n PLMN ca mt nhkhai thc, GMSC nhn yu cu thit lp kt ni v hi HLR v MSC hin thi qun l MS. 3.1.3.7 Mi trng nh

Mi trng nh (HE: Home Environment) lu cc l lch thu bao ca hng khai thc.N cng cung cp cho cc mng phcv (SN) cc thng tin v thu bao v v cc cn thit nhn thc ngi s dngv tnh cc cho cc dch v cung cp. Trong phn ny s lit kcc dch v c cung cp v cc dch v b cm.

HLR: HLR l mt c s d liu c nhim v qun l cc thu bao di ng. Mt mng ding c th cha nhiu HLR ty thuc vo s lng thu bao, dung lng ca tng HLR vt chc bn trong mng.

C s d liu ny cha IMSI, t nht mt MSISDN v t nht mt a ch PDP. C IMSIv MSISDN c th s dng lm kha truy nhp n cc thng tin c lu khc. nhtuyn v tnh cc cc cuc gi, HRL cn lu gi cc thng tin v SGSN v VRL no thchin v trch nhim thu bao. Cc dch v khc nh chuyn hng cuc gi, tc s liu vth thoi cng c trong danh sch vng vi cc hn ch dch v .

HLR v AuC l hai nt mng logic, nhng thng c thc hin trong cng mt ntvt l. HLR lu tr thng tin v ngi s dng v ng k thu bao thng tin tnh cc, ccdch v no c cung cp v cc dch v no b t chi v thng tin chuyn hng cuc gi.

Nhng thng tin quan trng nht l hin VLR v SGSN no ang ph trch ngi s dng. AuC: AuC lu gi ton b s liu cn thit nhn thc, mt m ha v bo v s tonvn thng tin cho ngi s dng. N lin kt vi HLR v c thc hin cng vi HLR trongcng mt lp vt l. Tuy nhin cn m bo rng AuC ch cung cp thng tin v cc vectnhn thc (AV) cho HLR.

EIR: EIR chu trch nhim lu cc s nhn dng thit b di ng quc t (IMEI). y ls nhn dng duy nht cho thit b u cui. C s d liu ny chia thnh 3 danh mc: danhmc trng, xm v em. Danh mc trng cha cha cc s IMEI c pht truy nhp mng.Danh mc xm cha IMEI ca cc u cui ang b theo di, cn danh mc en cha chacc s IMEI ca cc u cui b cp, IMEI ca n s b t vo danh mc en v th n cmtruy nhp mng. Danh mc ny cng c th c s dng cm cc s ri my c bit

khng truy nhp mng khi chng khng hat ng theo tiu chun. 1.4 Cc mng ngoi


23/74


Cc chuyn v tuyn 19

Cc mng ngoi khng phi l b phn ca h thng UMTS, nhng chng cn thit m bo truyn thng gia cc nh khai thc. Cc mng ngoi c th l cc mng in thoi:PLMN,PSTN, ISDN hay cc mng s liu nh internet. Min PS kt ni n cc mngs liu cn min CS ni n cc mng in thoi. 1.5 Cc giao din

Vai tr cc nt khc nhau ca mng ch c nh ngha thng qua cc giao din khc

nhau. Cc giao din ny c nh ngha cht ch cc nh sn xut c th kt ni cc /phncng khc nhau ca h.3.1.5.1 Uu: Giao din Uu l WCDMA, giao din v tuyn c nh ngha cho UMTS. Giaodin ny gia nt B v u cui.3.1.5.2 Iu: Giao din Ii kt ni CN v UTRAN. N gm ba phn, IuPS cho min chuynmch gi, IuCS cho min chuyn mch knh v IuBC cho min qung b. CN c th kt nin nhiu UTRAN cho c giao din IuCS v IuPS. Nhng UTRAN ch c th kt ni n mtim truy nhp CN3.2 M hnh kin trc an ninh 3G UMTS

Kin trc an ninh trong UMTS c xy dng da trn ba nguyn l sau :- Nhn thc- B mt- Ton vn

3.2.1 Nhn thcNhn thc xc nh nhn dng ca mt thc th. Mt nt mun nhn thc n mt

ngi no phi trnh din s nhn dng ca mnh. Qu trnh ny c th c thc hinbng cch ch ra s hiu bit v mt b mt m ch c cc nt lin quan bit hay cho mtpha th ba m c hai nt u tin tng xc nhn s nhn dng ca chng. Vic s dng nhnthc c bit quan trng khi chuyn t in thai thun ty trong bn thn ting ca ngim thoi l mt dng nhn thc no sang truyn thng s liu khi khng c s thamgia ca ting thoi.

Nhn thc trong UMTS c chia thnh hai phn:- Nhn thc ngi s dng cho mng- Nhn thc mng cho ngi s dng

3.2.2 Bo mtBo mt m bo an ninh thng tin i vi cc k khng c php. Khi s ngi s

dng u cui khng ngng tng cho c cc cuc gi c nhn ln kinh doanh (Chng hn ccdch v trc tuyn nh trao i giao dch ngn hng ), nhu cu bo mt truyn thng ngycng tng. Bo mt cho UMTS t c bng cch mt m ha cc cuc truyn thng giathu bao v mng v bng cch s dng nhn dng tm thi thay cho nhn dng ton cuIMSI. Mt m ha c thc hin gia thu bao (USIM) v RNC v bo mt ngi s dngc thc hin gia thu bao v VLR/SGSNCc thuc tnh cn bo mt l

- Nhn dng thu bao- V tr hin thi ca thu bao- S liu ngi s dng (Thoi c s liu)- S liu bo hiu

3.2.3 Ton vni khi ta kim tra gc hay ni dung ca mt bn tin. Mc d bn tin ny c th nhn

c t mt pha c nhn thc, bn tin ny c th b gi mo. trnh iu ny, cn cbo v tnh tan vn. Thm ch khng ch bo mt bn tin m cn phi m bo rng y lbn tin chnh thng.

Phng php bo v trong UMTS l to ra cc con du b sung chocc bn tin. Cc

con du ny c th c to ra ti cc nt bit c cc kha c rt ra t cc kha chia sbit trc, K. Cc kha ny c lu trong USIM v AuC. Bo v tnh ton vn c bit cn


24/74


Cc chuyn v tuyn 20

thit, v mng phc v thng c khai thc bi mt nh khai thc khc vi nh khai thcca thu bao.Thuc tnh cn c bo v ton vn l: Cc bn tin bo hiu

Cn lu rng, ti lp vt l, cc bit c kim tra tnh ton vn bng kim tra tngCRC, nhng cc bin php ny ch c thc hin t c cc cuc truyn thng s liukhng mc li trn giao din v tuyn ch khng ging nh ton vn mc truyn ti.

3.3 M hnh an ninh giao din v tuyn 3G UMTSNhn thc 3G UMTS c thc hin c hai chiu : Mng nhn thc ngi s dng chomng v ngi s dng nhn thc mng. c nhn thc, mng phi ng du bn tin gin UE bng m MAC-A v USIM s tnh ton con du kim tra nhn thc XMAC -A kim tra.3.3.1 Mng nhn thc ngi s dng

m bo nhn thc trn mng UMTS ta cn xt ba thc th:VLR/SGSN, USIM vHE. VRL/SGSM kim tra nhn thc thu bao ging nh GSM, cn USIM m bo rngVLR/SGSN c HE cho php thc hin iu ny.

Nhn thc c thc hin ngay sau khi mng phc v nhn dng thu bao. Qu trnhny thc hin khi VLR (trng hp CS) hay SGSN (trng hp PS) gi yu cu n AuC.

Sau VLR/SGSN gi yu cu nhn thc ngi s dng n u cui. Yu cu ny chaRAND v s th nhn thc (AUTN: Authetication Token Number) c pht n USIM.USIM bao gm mt kha ch K(128 bit) c s dng vi hai thng s thu c (RAND vAUTN) tnh ton thng s tr li ca ngi s dng (RES). Sau RES (32 -128 bit) nyc gi li VLR/SGSN v c so snh vi XRES k vng do Auc to ra. Nu hai thng sny trng nhau, nhn thc thnh cng. Qu trnh ny c m t hnh 3.1

K

VLR/SGSN

U

S

I

M

f2

f2 Nhn thc thnh cngBng ?RAND,AUTN

AUTN

RANDRAND

AUTN

KXRES

ng

RES

Hnh 3.1:Nhn thc ngi s dng ti VLR/SGSN3.3.2 USIM nhn thc mng

nhn thc bi USIM, mng phi gi n USIM mt m c bit 64 bit c gi lMAC-A (Message Authentication Code- Authentication: M nhn thc bn tin dnh cho nhnthc) n kim tra. MAC-A gi n EU trong th nhn thc AUTN. Da trn RAND vmt s thng s nhn c trong AUTN, USIM s tnh ra m kim tra XMAC -A. N so snhXMAC-A vi MAC-A nhn c t mng, nu chng ging nhau th nhn thc thnh cng


25/74


Cc chuyn v tuyn 21

K

VLR/SGSN

US

IM

f1

f1 Nhn thc thnh cngBng ?RAND,AUTN

AUTN

RANDRAND

AUTN

K

MAC-Ang

XMAC-A

Hnh 3.2 :Nhn thc mng ti UMSI

3.3.3 Mt m ha UTRANSau khi nhn thc c ngi ln mng, qu trnh thng tin an ninh bt u. c th thc

hin mt m, c hai pha phi tha thun vi nhau v gii thut mt m s c s dng. Qutrnh mt m c thc hin u cui ti b iu khin mng v tuyn. thc hin mtm, RNC v USIM phi to ra lung kha (K hiu KS). KS c tnh ton da trn hm f8theo cc thng s u vo l: Kha mt m CK (Ciphering Key), v mt s thng s khcnh: COUNT-C (s trnh t mt m ha),BEAER (nhn dng knh mang v tuyn),DIRECTION (phng truyn) v LENGTH ( di thc t ca lung kha). RNC nhn cCK trong AV t CN, cn ti USIM CK c tnh tanda trn K, RAND v AUTN nhnc t mng. Sau khi c c CK c hai u, RNC chuyn vo ch mt m bng cch

gi knh an ninh RRC n u cui.

Trong qu trnh mt m UMTS, s liu vn bn gc c cng tng bit vi s liu vnbn gi ngu nhin ca KS. U im ln ca phng php ny l c th to ra s liu mt ntrc khi nhn dng vn bn th. V th qu trnh mt m ha c tin hnh nhanh. Gii mtm c thc hin theo cch tng t nh mt m ha.

Hnh 3.3: B mt m lung UMTS3.3.4 Bo v tan vn bo hiu RRC

Mc ch bo v ton vn l nhn thc cc bn tin iu khin. Qu trnh ny cthc hin trn lp RRC (Radio Resource Connection: Kt ni ti nguyn v tuyn) gia ucui v RNC. nhn thc ton vn bn tin, pha pht (USIM hoc RNC)phi to ra mt du

n c bit MAC-I(32 bit) gn vo bn tin c mt m ha trc khi gi n n pha thu(RNC hoc USIM). Ti pha thu m kim tra ton vn. MAC-I v XMAC-I c tnh thngqua hm f9 da trn u vo: kha ton vn (IK:Intergrity Key), Direction hng, COUNT-1

COUNT-C DIRECTION

BEAER LENGTH

f8CK

KS

(lung kha)Vn bn c mt mVn bn th


26/74


Cc chuyn v tuyn 22

(S trnh t mt m) v Fresh (lm ti) v bn tin bo hiu ( pht hoc thu). Thng sCOUNT-1 ging nh b m c s dng mt m ha . Thng s Fresh c s dng mng chng li k xu chn gi tr u cho COUNT-I. RNC nhn c IK cng vi CK tronglnh ch an ninh, cn USIM phi tnh IK da trn K, RAND v AUTN. T hnh 3.1 cho tathy qu trnh thc hin bo v ton vn bn tin.

Cc th tc an ninh 3G UMTS da trn nhn thc v tha thun kha

(AKA:Authentication and Key Argeement). AKA l cc th tc gia ngi s dng v mng nhn thc ln nhau v cung cp cc tnh nng an ninh nh bo v ton vn v bo mt.

Fff f9

Bn tin bo hiu pht MAC-IBn tin

bo hiu thuXMAC-I

Nhn thcthnh cng

Bng ?

MAC-I

ng

Pha phtDection IK COUNT-I FRESH Pha pht

Dection IK COUNT-I FRESH

Hnh 3.4:Nhn thc ton vn bn tin

3.4 Nhn thc v tha thun kha, AKAAKA c thc hin khi:

ng k ngi s dng trong mng phc vSau mi yu cu dch v;Yu cu cp nht v tr;Yu cu ng nhpYu cu hy ng nhp;Yu cu thit lp li kt ni.

Vc ng k thu bao vo mt mng phc v thng xy ra khi ngi s dng mi btmy hoc chuyn n mt nc khc, v thu bao phi ng k vo mng phc v khi n lnu ni n mng phc v.

Khi u cui thay i vng nh v cn cp nht v tr ca mnh vo HLR, VLRYu cu ng nhp v hy ng nhp l cc th tc kt ni v hy kt ni thu baon mng.

Yu cu dch v v kh nng cc ng dng / giao thc mc cao hn i hi thchin AKA. Chng hn thc hin AKA tng cng an ninh trc khi giao dch ngnhng trc tuyn.


27/74


Cc chuyn v tuyn 23

Yu cu thit lp li kt ni c thc hin khi s lng cc nhn thc a phngc thc hin cc i.

3.4.1 Tng quan AKANhn thc tha thun kha (AKA: Authentication and Key Agreenm l mt trong cc

tnh nng quan trng ca h thng UMTS. Tt c cc dch v khc u ph thuc vo AKA .Chnh v th thc hin c qu trnh ny trong UMTS, AuC phi to ra cc vect nhn

thc AV, da trn bn thng s sau: RAND, kha b mt dng chung qui nh trc, SQN (strnh t) v AMF. AV nhn c s bao gm cc thng s sau: MAC-A, USIM, X-RES, CK,IK, AK. Mng s pht cc thng s RAND cng vi th nhn thc AUTN gm: SQN+AK,AMF v MAC-A n USIM trong MS n to ra AV nhn thc tng ng nh: X-MAC(m nhn thc bn tin k vng), RES ch k nhn thc n vi mng, CK kha mt m bn tin

pht n mng, IK kha ton vn bo v ton vn bn tin, AK v SQN

ME

USMI

Nt

BRNC

MSC/VLR

SGSN

HLR/

AuC

3

4

UE UTRAN CN HE

1

2

Hnh 3.5: Tng quan qu trnh nhn thc v tha thun kha 3.5 Th tc ng b li AKA3.5.1 Th tc ng b li trong USIM

Khi USIM nhn c bn tin Yu cu nhn thc ngi s dng (RAND\\AUTN(i) tVLR/SGSN, n bt u kim tra tnh xc thc ca bn tin. Nu y l bn tin c to ra tiHE, n tin hnh kim tra s trnh t ca AuC bng cch so snh vi s ny vi s trnh tca n. Nu s trnh t ny nm ngoi di, th tc ng b li tin hnh. USIM to ra mt thng b li, AUTS gi n tr li VLR/SGSN.3.5.2 Th tc ng b li trong AuC

AuC nhn bn tin yu cu s liu nhn thc (RAND(i), AUTS , s c ng b) t

VLR/SGSN. N so snh hai s trnh t,

nu thy AV c to ra tip theo c th tip nhnc, n s gi AV ny n VLR/SGSN. Nu khng c AV no trong s c lu nm trongdi c USIM tip nhn, AuC thc hin kim tra s tan vn ca bn tin. Qu trnh ny m borng chnh USIM mun th tc ng b li. Nu nhn thc ny thnh cng, chuitrnh t ca AuC SQN HEc t vo gi tr SQNMS. Sau khi chui trnh t ca AuC ct li, AuC s to ra mt tp cc AV mi. Vi vic to nhiu AV thi gian thc c th chimti ln i vi AuC, nn c th ch mt AV c tr li trong ln tr li u tin. 3.5.3 Th tc ng b li trong VLR/SGSN

Khi nhn thc c S c ng b, VLR/SGSN tm mt h lnh ngu nhin thchhp (RAND) t b nh ca mnh v b sung n n bn tin trc khi gi bn tin ny nHLR cathu bao. Khi nhn c cc AV t cc AuC, n s xa cc AV c m bo rng

cc AV ny s khng dn n s ng b li khc. Sau khi nhn c cc AV mi,VLR/SGSN c th tip tc th tc AKA n USIM.3.5.4 S dng li cc AV


28/74


Cc chuyn v tuyn 24

Vic s dng li cc AV b USIM t chi do kim tra s trnh t. iu ny lm cng trli vic thc hin AKA vi s dng lp li mt AV. Tuy nhin i khi s dung li AV l cnthit. Chng hn khi VLR/SGSN gi i bn tin Yu cu nhn thc ngi s dng nUSIM, nhng li khng nhn c tr li (do mng b s c, accu b cn ). Khi vt quthi hn tm dng chi tr li n s tm cch gi li USIM nhn thc AV ny ln u,n s coi rng s trnh t nhnc nm ngoi di. Trong trng hp ny khi u th tc

ng b li USIM khi u bng cch so snh h lnh ngu nhin va nhn v h lnh ngunhin nhn c trc . Nu chng trng nhau, n s ch cn gi i tr li ca ngi sdng c lu li ln cui cng. V th cn lu tt c cc thng s c t ra ti USIM. 3.5.5 X l cc cuc gi khn

Ngay c khi thc hin cc cuc gi khn vn s thc hin nhn thc. Nhng nu nhnthc b s c kt ni s c thit lp. Cuc gi ch b hy nu bo mt v bo v tan vn btht bi.3.6 Cc hm mt m3.6.1 Yu cu i vi cc gii thut v cc hm mt m

Cc hm v cc gii thut mt m phi p ng cc yu cu cht ch. Cc hm ny phic thit k c th tip tc s dng c t nht 20 nm. Cc UE cha cc hm ny

khng b gii hn v xut khu v s dng. Thit b mng nh RNC v AuC c th phi chucc hn ch. Vic xut khu cc nt ny phi tun th tha thun Wasenaar. Nh vy mi nhkhai thc c th thit lp thit b v gii thut theo lut v giy php a phng v ngi sdng c th chuyn mng bng thit b ca mnh mi khi chuyn n mt hng/nc mi. Khikhng bit cc kha u vo, ta khng th phn bit cc hm ny vi cc hm ngu nhin clp ca cc u vo ca chng. Thay i mt thng s u vo mi ln khng th pht hin

bt k thng tin no v kha b mt K hay trng cu hnh (OP) ca nh khai thc. 3.6.2 Cc hm mt m

Cc tnh nng an ninh ca UMTS c thc hin bi tp cc hm v cc gii thut mtm. Tt c c 10 hm mt m thc hin cc tnh nng ny: f0-f5, f1*, f5*, f8 v f9.

F0 l hm to ra lnh ngu nhin, 7 hm tip theo l cc hm to kha v th chng ul c th nh khai thc. Cc kha c s dng nhn thc ch c to ra USIM vAuC, y l 2 min m cng mt nh khai thc phi chu trch nhim.

Cc hm to ra cc thng s AKA l: f1, f2, f3, f4 v f5 v vic la chn cc hm nyv nguyn tc l ty thuc vo nh khai thc. Do vic thit k gii thut mt m mnh cho cchm ny rt kh, nn 3GPP cung cp 1 tp mu cc gii thut AKA vi tn gi lMILENAGE. Vic cu trc cc gii thut ny da trn 1 gii thut mt m mnh 128 bit cgi l hm li cng vi trng cu trc b sung do nh khai thc la chn. AES c khuynnghs dng cho hm li ca cc hm f1, f2, f3, f4 v f5.

Cc hm f8 v f9 s dng hm li l b mt m khi KASUMI. Cc hm f8 v f9 cs dng trong USIM v RNC v v 2 min ny c th thuc cc nh khai thc khc nhau, nn

chng khng th c th nh khai thc. Cc hm ny s dng kha b mt chung quy nhtrc (K). L do l trnh phn b K trn mng v gi n an ton trong USIM v AuC.Bng 3.1 tng kt cc hm mt m v sn phm ca chng.

Hm Chc nng u raF0 Hm to h lnh ngu nhin RANDF1 Hm nhn thc mng MAC-A/XMAC-AF1* Hm nhn thc bn tin ng b li MAC-S/XMAC-SF2 Hm nhn thc ngi s dng RES/XRESF3 Hm rt ra kha mt m CKF4 Hm rt ra kha ton vn IKF5 Hm rt ra kha du tn AKF5* Hm rt ra kha du tn chohm bn tin ng b li AK


29/74


Cc chuyn v tuyn 25

F8 Hm to lung kha (CK) F9 Hm to du n t kha ton vn MAC-I/XMAC-I

Bng 3.1. Cc hm mt m v u ra ca chng.Cc hm f1-f5, f1* v f5* c thit k c th thc hin trn card IC s dng b v i

x l 8 bit hot ng ti tn s 3,25 MHz vi 8 kB ROM v 300 kB RAM v to ra AK,

XMAC-A, RES v IK khng qu 500ms.Cc hm f1-f5* c gi l cc hm to kha, chng c s dng trong cc th tc

AKA khi u.3.6.3. S dng cc hm bnh thng to AV trong AuC

Khi to ra 1 AV mi, AuC c gi tr ca s trnh t c lu, sau n to ra 1 SQNmi v 1 h lnh ngu nhin RAND mi. Cng vi AMF (Key Management Field) v kha bmt dng chung quy nh trc c lu, bn thng s u vo c chun b s dng.Cc hm s dng cc u vo ny v to ra cc gi tr cho m nhn thc bn tin, MAC-A, ktqu k vng nhn thc ngi s dng, X-RES. Kha mt m (CK), kha ton vn (IK), khanc danh (AK). Sau SQNAK, ta c th nhn thc AUTN gm: SQNAK, AMF vMAC. Qu trnh to AV trong AuC c cho hnh 3.6.

Hnh 3.6: To AV trong AuC3.6.4. S dng cc hm bnh thng to ra cc thng s an ninh trong USIM

to ra cc kha u ra trong USIM, n ch c 1 trong s 4 thng s v AuC c, lkha b mt chia s quy nh trc (K). Cc thng s cn li n phi nhn t AuC.Khi USIM nhn c cp (RANDAUTN), n bt u to ra kha du tn (AK) bng hm f5da trn RAND thu c. Bng XOR AK vi SQN nhn c t th nhn thc, ta xc nhc SQNHE ca AuC. Sau kha b mt chung c s dng cng vi AMF, SQR v

RAND to ra XMAC-A (m nhn thc bn tin k vng).Sau XMAC-A c so snhvi MAC-A.Nu chng trng nhau, USIM nhn thc rng bn tin (cp RANDAUTN) nhnc t HE (v v th SN l thuc HE ny) v c th tip tc cc hm to kha. Nu X -MAC

To RAND

To SQN

AUTN=SQNAKAMFMAC-A

AV:=RANDXRESCKIKAUTN

SQN AMF RAND SQR

K

MAC-A XRES CK IK AK SQNAK


30/74


Cc chuyn v tuyn 26

v MAC khc nhau, bn tin t chi nhn thc ca ngi s dng c gi tr liVLR/SGSN cng vi ch th nguyn nhn v sau ngi s dng hy th tc ny. Nu nhnthc thnh cng, USIM kim tra xem chui trnh t c nm trong di quy nh hay khng(diny c nh ngha bi nh khai thc). Nu s trnh t ny nm trong di quy nh, USIMtip tc to ra RES bng hm f2 da trn cc thng s K v RAND.3.6.5. S dng cc hm ng b li ti USIM

Khi USIM nhn thy chui trnh t nhn c nm ngoi cc chc nng to kha bnhthng b hy v USIM bt u to ra 1 ng b li AUTS.

RAND

K

f5* f1*

AMF

RANDSQNMS

AK

SQNMS AK MAC-S

AUTS

X

X

Hnh 3.7: To AUTS trong USIM

AMF (trng qun l nhn thc v kha) c t bng khng trong bn tin ng b li.Sau hm f1* to ra m bn tin ng b li (MAC -S) vi cc u vo l:s trnh t lutrong USIM SQNMS, h lnh ngu nhin nhn c (RAND), AMF c t bng khng v kha K. Sau MAC-S v XOR SQNMSvi AK c ghp vo AUTS. Cui cng bn tins c ng b cng vi thng s AUTS c gi n VLR/SGSN. Cc hm c bit f1* vf5* ch c s dng cho th tc ng b li. Cc hm ny c xy dng sao cho cc gi trca chng khng lm l cc hm khc.

3.6.6. S dng cc hm ng b li ti AuC

AuC nhn cp RANDAUTS t VLR/SGSN v thc hin th tc ng b li.

SQN MS AK

RAND

K

f5* f1*

AMF

RAND

AK

SQNMS MAC-S

X

X


31/74


Cc chuyn v tuyn 27

Hnh 3.8: Th tc ng b li trong AuC Hm f1* s dng cc thng s u vo RAND, AMF v K to ra m nhn thc ng

b li k vng (XMAC-S). XMAC-S c so snh vi MAC-S, nu trng nhau th th tc sc tin hnh tip.

Hm f5* s dng cc thng s u vo K v RAND to ra kha du tn (AK) vbng XOR SQNMSvi AK tm c SQNMSca USIM.

AuC so snh 2 s trnh t (SQNMS v SQNHE). Nu n nhn thy, rng AV c to tiptheo s c tip nhn, n s gi AV ny tr li VLR/SGSN. Nu khng AV no nm trongdi tip nhn bi USIM, AuC phi t SQNMS =SQNHE. VLR/SGSN s to ra XMAC-S v sosnh n vi MAC-S nhn c t th nhn thc ng b li, AUTS. Qu trnh ny c thchin nhn thc thu bao v nu thnh cng s trnh t ca AuC (SQNHE) c t li bnggi tr SQNMS. Sau khi t li SQNHEca AuC, AuC phi to li 1 tp cc AV mi. 3.6.7. Th t to khaTh t to kha c th khng c thc hin nh m t trn. Th t c m t trn llogic, nhng thc hin c th khc, nu vic thc hin ny hiu qu hn. iu quan trng lcc kha phi sn sngtheo th t trnh by trn.3.7. Tng kt cc thng s nhn thc

Cc thng s sau c s dng trong th tc AKA: - AV- AUTN- RES v XRES- MAC-A v XMAC-A- AUTS- MAC-S v XMAC-S

3.7.1. Cc thng s ca AV

Thng s M tRAND H lnh ngu nhin gi n USIMXRES Kt qu ch i t USIMAUTN Th nhn thc nhn thc AuC vi USIMCK Kha mt m bo mtIK Kha ton vn kim tra tnh ton vn

3.7.2. AUTNTh nhn thc (AUTN) c to ra ti AuC v c gi cng vi h lnh ngu nhin(RAND) t VLR/SGSN n USIM. AUTN c to ra t SQNHE, AMF v MAC-A nh sau:

AUT= SQNHE XOR AKAMFMAC-A.

3.7.3.RES v XRESTr li ca ngi s dng RES c mng s dng nhn thc thu bao. Trc tinXRES c to ra ti AuC v c gi n VLR/SGSN trong AV. Sau USIM to ra RESv gi n n VLR/SGSN, ti y chng c so snh vi nhau. Nu chng trng nhau thngi s dng c mng nhn thc.

RES=f2(K,RAND)

3.7.4. MAC-A v XMAC-AM nhn thc bn tin (MAC-A) v m nhn thc mng k vng (XMAC-A) c s

dng trong AKA USIM nhn thc mng. USIM nhn MAC-A v so snh n vi XMAC-Ac to ra ti ch. Nu chng trng nhau, USIM nhn thc rng mng phc v ang lmvic(c gim nhim v) i din cho HE.

MAC-A=f1(AMF,K,RAND,SQN)3.7.5. AUTS


32/74


Cc chuyn v tuyn 28

Th ng b li c to ra ti USIM khi s trnh t ca HE nm ngoi di s trnh tca chnh n. Khi ny s trnh t ca USIM c gi i trong AUTS n AuC tin hnhth tc ng b li.

AUTS= SQNMSXOR AKMAC-S

3.7.6. MAC-S v XMAC-S

M nhn thc ngb li (MAC-S) v XMAC-S k vng c s dng nhn thcUSIM trc khi t li s trnh t cho AuC. Khi USIM thy s c ng b, n to ra MAC -Sv gi n trong AUTS n AuC. AuC t mnh to ra XMAC -S v so snh chng. Nu chngtrng nhau, bn tin s c ng b c nhn thc v s trnh t ca AuC s c t li bngs trnh t ca USIM.

MAC-S=f1*(AMF,K,RAND)

3.7.7. Kch thc ca cc thng s nhn thc

Thng s nh ngha S bitK Kha b mt chung quy nh trc 128RAND H lnh ngu nhin 128SQN S trnh t 48AK Kha nc danh 48AMF Trng qun l nhn thc 16MAC M nhn thc bn tin 64CK Kha mt m 128IK Kha ton vn 128RES Tr li 32-128X-RES Tr li k vng 32-128AUTN Th nhn thc 128 (16+64+48)AUTS Th nhn thc ng b li 96-128

MAC-I M nhn thc bn tin cho ton vn s liu 32

3.8. S DNG HM F9 TNH TON M TON VN Hm ton vn (f9) c s dng cho thng tin bo hiu trn cc bn tin c pht i

gia UE v RNC. N b sung cc du n vo cc bn tin m bo rng cc bn tin nyc to ra ti nhn dng hp l (USIM hoc SN i din cho HE). Ngoi ra n cng m borng bn tin khng phi l gi mo.3.8.1. Cc thng s u vo cho gii thut ton vn

Thng s M t S bitCOUNT-I S trnh t ton vn 32IK Kha ton vn 128FRESH T c bit pha mng 32DIRECTION Hoc 0 (UERNC) hoc 1 (RNCUE) 1MESSAGE Bn tin bo hiu cng vi nhn dng knh mang v tuyn 3.8.2. MAC-I v XMAC-I

M nhn thc ton vn bn tin cho ton vn s liu (MAC -I) v XMAC-I k vng cs dng sau khi kt thc cc th tc AKA. MAC-I c to ra ti pha pht (hoc USIM hocRNC) v c so snh vi XMAC-I ti pha thu (hoc RNC hoc USIM).Pha pht to raMAC-I vi bn tin l mt u vo v pha thu s dng bn tin i km cho hm ca chnh n to ra XMAC-I. Nu chng trng nhau chng t rng bn tin khng b thay i v gc ca

n c nhn thc. Nu khng trng nhau bn tin b t chi. MAC-I=f9(COUNT-I, Message, DIRECTION, FRESH, IK)3.8.3. Nhn dng UIA


33/74


Cc chuyn v tuyn 29

nhn dng cc gii thut khc nhau c s dng, mi UIA c 1 nhn dng ring 4bit. USIM s cung cp cho RNC thng tin v cc UIA m n h tr v sau RNC quytnh s s dng UIA no.3.9. S DNG HM BO MT F8

Hm mt m f8 l 1 b mt m lung kha to ra 1 khi lung kha. Khi lung khany thc hin XOR vi khi vn bn th ri pht kt qu ln giao din v tuyn. Lung kha

ca b mt m ha l duy nht i vi tng khi. N khng ch to ra 1 kha trn 1 phin thc hin XOR vi tt c cc khi c kch c Length m cn 1 kha mi cho tt c cc khi.V th c pha pht v pha thu phi ng b bng cng 1 b m ti mi thi im bngkhng th gii mt m. 3.9.1. Cc thng s u vo gii thut mt m

Thng s M t S bitCOUNT-C S trnh t mt m ha 32CK Kha mt m 128BEARER Nhn dng knh mang v tuyn 5DIRECTION Hoc 0 (UERNC) hoc 1 (RNCUE) 1LENGTH di thc t ca lung kha 163.9.2. Nhn dng UAE

Cng nh hm ton vn, hm mt m cng c th c qun l bi 2 nh khai thc ti 1thi im. V th cn c nhn dng gii thut mt m UEA. Cc gii thut ging nhau phic s dng ng thi c USIM v RNC. USIM thng bo cho RNC v cc gii thut mtm m n h tr. RNC sau chn gii thut mt m s s dng theo u tin ca nh khaithc v quy nh a phng.3.10. THI HN HIU LC KHA

Thit lp cuc gi khng t ng khi u AKA v m bo rng cc kha c skhng b s dng v thi hn. USIM c cc b m thi gian s dng cc kha ny. Thi hn

cc i s dng kha c quy nh bi nh khai thc v mi khi USIM nhn thy cc khac s dng ht hn, n s khi u VLR/SGSN s dng 1 AV mi. 3.11. CC GII THUT KASUMI

Cc gii thut KASUMI l cc gii thut c s dng trong cc hm f8 v f9. Kasumic xy dng trn b m ha khi Misty do Matsui gii thiu vo nm 1997. Bn quynMisty thuc hng Mitsubishi Electronic, hng ny cho php ETSI s dng cc gii thut nycho UMTS. Cc gii thut Misty sau c iu chnh thch hp hn cho UMTS v sau c gi l KASUMI.3.12. CC VN AN NINH CA 3G

Cc nguyn l an ninh ca 3GPP c xy dng da trn 3 nguyn tc: - An ninh 3G s c xy dng trn an ninh ca cc h thng th h 2(2G) - An ninh 3G s c ci thin an ninh ca cc h thng th h 2 (2G) - An ninh 3G s cung cp cc tnh nng mi v s m bo an ninh cho cc dch v mi

do 3G cung cp.3.12.1. Cc phn t an ninh 2G vn c gi

- Nhn thc thu bao truy nhp dch v- Mt m ha giao din v tuyn- M-un nhn dng thu bao (SIM)- B cng c (Toolkit) ng dng SIM- HE gim thiu tin tng i vi mng phc v (SN)

3.12.2. Cc im yu ca an ninh 2G- Cc tn cng tch cc s dng 1 trm pht gi - Cc kha mt m v nhn thc c truyn l liu trong mng v gia cc mng - Mt m ha s liu v bo hiu khng xu vo mng trnh nh hng phi truyn

trn cc ng vi ba s


34/74


Cc chuyn v tuyn 30

- Kh nng b cp knh trong cc mng dn n khng bo mt - Khng h tr ton vn s liu - IMEI l 1 nhn dng khng an ninh v th cn xt n iu ny - Chn tri php hoc hp php khng c xt n khi thit k 2G - HE khng bit cch thc m SN s dng cc thng s cho cc thu bao chuyn vng

trong SN hin thi

- Cc h thng 2G khng linh hot cho vic cp nht v chc nng an ninh tng lai 3.12.3. Cc tnh nng an ninh v cc dch v mi- Cc nh cung cp dch v khc nhau c th l cc nh cung cp ni dung, cc nh cung

cp dch v s liu v cc nh ch cung cp dch v HLR.- Cng nhiu dch v hn s l dch v tr trc thay cho cc ng k tr sau. - Cc thu bao s c nhiu quyn iu khin hn i vi l lch dch v ca h. - Nhng ngi s dng s c kinh nghim hn i vi cc tn cng tch cc. - Cc dch v phi thoi s ngy cng quan trng hn cc dch v thoi. - u cui s c s dng lm nn tngcho thng mi in t v cc ng dng khc.

3.13. BN LUN3.13.1. M u

Ngi ta thng m t rng cc h thng di ng khng bao gi tt nh cc h thngmng khc. V sao h thng di ng li c cc im khng hon thin? v iu ny nh hngln vic pht trin cc h thng 3G nh th no? 3G UMTS c cc nhc im g trong ccvn an ninh?3.13.2. Cc e da an ninh UMTS

Kiu tn cng thng gp l s tm cch truy nhp vo 1 my u cui. Ngi s dngc th t bo v mnh bng cch thit lp 1 PIN. Nghe trm in t l 1 dng tn cng thnggp khc m ta rt kh pht hin v ngn chn.

Thng tin nhn c t nghe trm c th c s dng cho phng php nh la.Bng phng php ny k tn cng c th s dng a ch IP ca 1 ngi no nhnc cc gi t cc ngi s dng khc.

Mt can thip su hn nghe trm l chim phin. Trong trng hp ny k tn cngchim kt ni hin c v thm ch cc c ch nhn thc mnh hn cng khng th chng lis chim ot ny. Mt dng tn cngkhc l t chi dch v. Tn cng ny c tin hnh

bng cch to ra lu lng gy nhiu lm tc nghn server ch khin cho n khng th cungcp c dch v na. 3.13.3. Mt m ha giao din v tuyn

Trong GSM, mt m ha giao din v tuyn ch xy ragia BTS v MS. V rt nhiuBTS c ni n BSC bng cc ng vi ba s nn cn m bo thng tin gia chng anninh hn. Trong W-CDMA cc bn tin c gi trong cc gi thng tin c m ha c vthi gian ln tn s, ngoi ra chng c XOR vi 1 m tri ph v th kh nghe trm lung

s ca ngi s dng.

tng cng an ninh trong cc giao din v tuyn trong UTRAN, lun lun cn tchcc bo v ton vn. Mt gii php khc l p dng bo mt mng tt c cc kt ni uc an ton.3.13.4. Cc nt cha cc kha

Mi khi ngi s dng chuyn ng vo 1 vng VLR/SGSN mi, cc s nhn dng tmthi ca ngi s dng cn c chuyn giao gia VLR/SGSN c v mi. Cc AV c lucng c th c chuyn giao v khi VLR/SGSN c gi chng, n phi xa cc bn sao caAV mnh. Sau n buc cc RNC xa cc kha c lu. Bng cch hn ch s kha lutrong h thng ta c th gii c ri ro do s dng tri php. 3.13.5. Nhn thc

Nhn thc ngi s dng trong UMTS c thc hin ging nh nhn thc trong GSM.Vn BTS gi mo trong GSM xy ra do khng c nhn thc t pha ngi s dng. Bngcch a ra 1 BTS gi, k mo danh c th buc cc thu bao s dng BTS ny m khng c


35/74


Cc chuyn v tuyn 31

nhn thc v bo mt dn n k xm phm c th nghe c s liu ca ngis dng. trnh nhc im ny trong UMTS nhn thc mng t pha ngi s dng c a ra. Bntin AUTN c gi i t AuC n USIM nhn thc AuC. Bng cch ny, VLR/SGSNthc hin AKA cho thy HE ca ngi s dng tin tng n. V bo v ton vn khng phil ty chn, n cng cho php trnh c cc BTS gi.Tt c cc bn tin bo hiu phi c

bo v ton vn v khng th xy ra chuyn giao n 1 mng khng c php do thiu IK.

3.13.6. Cc thao tc an ninh c lp ngi s dngCc thao tc an ninh UMTS u c lp ngi s dng. USIM v SN t ng thc hinAKA v s dng bo v ton vn, bo mt.

Bo v ton vn lun c thc hin cho cc bn tin bo hiu trong UMTS (tr cc cucgi khn), nhng khng s dng cho s liu ngi s dng; cn bo mt l ty chn nnngi s dng phi c thng bo n s c s dng hay khng. u cui phi cung cpcc kh nng lp cu hnh cho ngi s dng dch v no cn c cung cp ty theo cc dchv an ninh c tch cc cng vi vic khng nh iu ny trn mn hnh.3.13.7. Ton vn s liu

Ton ven s liu ngi s dng khng c cung cp trong UMTS gim ti x ltrong UE v RNC v gim phn b sung bn tin. Tuy nhin khi truyn thng khng c bo

v ton vn, cc bn tin gia USIM v RNC c th b gi mo. Khi truyn tin c bo v tonvn, cc bn tin gi mo s b t chi ti pha thu v cc giao thc lp cao hn s yu cu phtli. Nh vy bo v ton vn s liu UMTS ch c thc hin cc giao thc lp cao. 3.13.8. Bo mt ngi s dng

Bo mt ngi s dng c m bo trong UMTS bng cch s dng cc nhn dngtm thi. Ch c VLR/SGSN l bit c quan h gia IMSI v TMSI. RNC v nt B ch bitTMSI. Cc TMSI c s dng trn ng truyn v tuyn ni n u cui khng cho knghe trm tm ra ai ang ni n nt B. IMSI c coi l 1 b mt v phi c x l b mt.

Nu 1 thu bao di ng v mng thc hin chuyn giao, cc nt mng s ni vi nhau vchuyn giao cc s nhn dng tm thi gia chng trnh l s nhn dng thc s (IMSI).Tuy nhin i khi ngi s dng n 1 SN m khng c cc s nhn dng tm thi t mngny. iu ny thng xy ra khi ngi s dng ng k n 1 mng mi ln u v khi ccnt trong SN ny khng th phn gii s nhn dng tm thi ny khi trao i vi cc nt khc.

Nu xy ra iu ny, VLR/SGSN phi hi s nhn dng c nh (IMSI) ca thu bao v vkhng th c th tc AKA no c thc hin trc khi bit c s nhn dng nn bn tintr li s c gi trong vn bn th t USIM n VLR/SGSN trn giao din v tuyn. y ls e da an ninh ln nht trong UMTS. Vn l ch USIM t nhn dng mnh trong 1SN khc vi mng thuc nh khai thc qun l phi t mnh cung cp 1 s nhn dng toncu.

UE (USIM) SN(VLR/SGSN)

Ly IMSI t USIM

User Identity Requet{ } : Yu cu nhn dng ngi s dng

User Identity Respon{IMSI } : Tr li nhn dng ngi s dng2

1

Hnh 3.8: Nhn dng ngi s dng theo IMSI

3.13.9. e da an ninh do tn cng bng cch pht li


36/74


Cc chuyn v tuyn 32

Cc tn cng bng cch pht li trn h thng trong cc bn tin b chn v sau c pht li. iu ny kh d dng thc hin v s gy ra cc vn khi sdng cc binu vo hoc s liu c nh, v th khc phc nhc im ny cc s trnh t c sdng. Cc s trnh t ca cc AV c a ra trnh vic SN hay cc mng khc tm cchs dng 1 AV nhiu ln nhn thc v to kha. Khi ng h ch bn tin trong VLR/SGSN chy ht n s yu cu pht li cng bn tin yu cu nhn thc ngi s dng. Cc hm

f8 v f9 c cc b m trnh cc tn cng pht li. Vi cc b m khc nhau cho ngln v ng xung, i khi cc b m ny s c cng cc gi tr u vo, tuy nhin gibn tin ng hng s nhn dng hng c s dng. C th coi rng h thng UMTS anton i vi cc tn cng pht li. 3.13.10. Truyn thng khng an ninh trong CN

Truyn thng gia cc nt mng trong CN vn chac m bo an ninh. V th ccbn tin c truyn gia cc nt ny dng vn bn th. iu ny dn n d nghe trm sliu ca ngi s dng v cc bn tin bo hiu trn cc ng ny v t cc ng ny c thsao chp li cc AV.3.13.11. di kha

di cc kha trong UMTS hin nay l 128 bit. Ti thi im hin nay v trong tng

lai gn nh vy l . Tuy nhin cng sut tnh ton ca my tnh khng ngng tng nn trongtng lai di ny c th tng ln. 3.13.12. Giu tn ti cc dch v mc cao hn

Ngi s dng phi c kh nng lp cu hnh cc dch v c th bit c v tr hinthi ca mnh m vn du tn i vi cc ng dng mc cao hn. Ngi s dng phi c khnng t chi cc ng dng ca nh cung cp dch v, khi cc ng dng ny i hi theo dicc thi quen ca ngi s dng.3.13.13. Mt m ha u cui- u cui

V mt m ha v bo v ton vn kt cui ti RNC nn bn tin c th b lm gi trongCN. Mt s dch v ch yu cu bo v ton vn gia u cui v RNC nhng 1 s dch vkhc nhy cm hn cn c gi b mt t u cui n u cui. m bo ton vn v

bo mt truyn thng cn s dng mt m ha u cui- u cui. C s liu v lu lngthoi u c mt m ha v iu ny s tng an ton c nhn cho ngis dng.3.14. AN NINH MNG

Tnh nng quan trng nht c s dng bo v lu lng trong min mng l giaothc IPSec. N m bo tnh b mt v ton vn cho truyn thng ti lp IP. Ngoi vic bov mng da trn IP, 1 c ch an ninh c bit c gi l MAPSEC c pht trin

bo v cc giao thc v cc ng dng hin c.3.14.1. IPSec

Cc phn chnh ca IPSec l tiu nhn thc (AH: Authentication Header), ti tin anninh ng bao (ESP: Encapsulation Security Payload) v trao i kha Internet (IKE: InternetKey Exchange).

IPSec c s dng bo v cc gi IP. Qu trnh ny c thc hin bi ESP, n mbo c b mt ln ton vn, cn AH ch m bo tnh ton vn m thi. C ESP v AH ucn cc kha thc hin nhn thc v mt m ha cc gi. V th trc khi s dng ESP vAH cn m phn cc kha ny.

Tn ti 2 ch ESP: ch truyn ti v ch truyn tunnel. Trong ch truyn titon b gi IP tr tiu u c mt m ha. Sau 1 tiu ESP mi c b sung giatiu IP v phn va c mt m ha. Sau cng m nhn thc bn tin (MAC) c tnhton cho ton b, tr tiu IP v MAC c t vo cui gi. Ti pha thu, tnh ton vnc m bo bng cch loi b tiu IP khi u gi v MAC khi cui gi. Sau thchin hm MAC v so snh u ra ca n vi MAC trong gi, nu ton vn thnh cng tiu

ESP c loi b v phn cn li c gii m.


37/74


Cc chuyn v tuyn 33

Trong ch tunnel, 1 tiu mi c b sung ti u gi sau qu trnh c tinhnh nh ch truyn ticho gi mi nhn c. iu ny c ngha l tiu IP ca gigc c bo v.3.14.2. MAPSec

Mc ch ca MAPSec l bo v b mt cng nh ton vn cc tc nghip MAP. Bo vMAPSec c thc hin trong 3 ch . Trong ch th nht an ninh khng c m bo,

trong ch th hai ch bo v ton vn, cn trong ch th ba c b mt ln ton vn uc m bo. m bo b mt, tiu ca tc nghip MAP c mt m ha. Mt tiu an ninh

c b sung ch dn cch gii mt m. m bo ton vn, mt MAC na c tnhton da trn ti tin ca cc tc nghip MAC gc v tiu an ninh. Mt thng s thay itheo thi gian cng c s dng trnh tn cng bng cch pht li. 3.15. AN NINH TRONG MNG UMTS R53.15.1. M hnh IMS ca UMTS R5

UMTS R5 ch thay i mng li chuyn mch gi cn phn chuyn mch knh camng li c th l MSC/GMSC ca cc kin trc trc. R5 a 2 phn t chnh vo mng li:

- Min mng li mi- c gi l h thng con a phng tin Internet (IMS: InternetMultimedia Subsystem)

- Nng cp cc GSN h tr thoi thi gian thc v cc dch v nhy cm tr khc hayIMS

3.15.2. Kin trc an ninh IMSTrong min PS, dch v ch c cung cp khi thit lp 1 lin kt an ninh gia thit b

di ng v mng. IMS v bn cht l 1 h thng xp chng ln min PS, v th cn phi c 1lin kt an ninh ring gia client a phng tin v IMS trc khi cho php truy nhp ccdch v a phng tin.

Cc kha nhn thc IMS v cc hm ti pha ngi s dng c lu ti UICC. Cckha nhn thc IMS v cc hm c th c lp logic vi cc kha v cc hm s dng nhn thc cho min PS. Tuy nhin iu ny khng cn tr vic s dng cc kha nhn thcv cc hm chung cho nhn thc c min IMS ln min PS. 3.16. TNG KT

Cc h thng di ng th h 3 da trn thnh cng ca cc mng GSM/GPRS v a racc tnh nng an ninh mi v tng cng ci thin an ninh v bo v cc dch v mi mcc h thng thng tin di ng th h th 2 khng th c. B mt ca cuc gi thoi cng nhb mt ca s liu ngi s dng truyn trn ng v tuyn c bo v.

im tng cng an ninh quan trng nht ca UMTS so vi GSM/GPRS l khng chmng nhn thc thu bao di ng m ngc li thu bao di ng cng nhn thc mng. Ngoira phn t quan trng nht lin quan n an ninh l kha K c dng chung gia mngUMTS v USIM card khng bao gi c truyn ra ngoi 2 v tr ny. Ngoi ra cc thng s

an ninh quan trng khc khi truyn trn ng v tuyn u c mt m ha v tnh m bokhng b nghe trm. C ch nhn thc c thc hin bng cch to ra vc -t nhn thc, takhng th tm ra c cc thng s u vo. C ch ny cho php trao i IK v CK. CKc m rng n 128 bit nn kh b ph hn. Ngoi ra IPSec ci thin an ninh ti lp mngca mng li da trn IP v MAPSec bo v cc ng dng cng nh bo hiu. Tt c cc cch an ninh ny lm cho an ninh ca UMTS c ci thin hn so vi GSM.


38/74


Cc chuyn v tuyn 34

CHNG 4: CNG NGH AN NINH TRONG MIP4.1. Tng quan MIP

xut tt nht x l chuyn giao di ng v m l MIP. Trong MIP khng phthuc vo im ni mng hin thi, my di ng lun nhn dng bng a ch nh ca n. Khira khi mng nh my di ng nhn c 1 a ch khc c gi l CoA (Care of Address:chm sc a ch) lin quan n v tr hin thi ca my di ng. MIP gii quyt vn di

ng bng cch lu gi 1 chuyn i ng gia nhn dng c nh v CoA ca my di ng.CoA hot ng nh 1 nh v tm thi. 4.1.1. Khi nim chung v MIP

MIP l s ci tin ca IP cho php tip tc thu cc b s liu mi ni m cc b s liuny nhp mng. N bao gm 1 s cc bn tin iu khin b sung cho php cc nt IP linquan n qun l tin cy cc bng nh tuyn IP ca chng.

MIP c thit k p ng cc mc tiu sau i vi cc nt di ng (thay i imtruy nhp mng Internet) vi tn sut nhiu ln trong 1 giy. Tuy nhin giao thc ny cnghot ng rt tt ngay c khi tn sut di ng ca nt di ng bt u t n thi gian tontrnh cho cc bn tin iu khin giao thc MIP. Nm c trng sau c coi l yu cu cho m giao thc MIP phi tha mn:

- Mt nt di ng phi c kh nng lin lc vi cc nt khc sau khi thay i im truynhp Internet lp lin kt ca n.- Nt di ng phi c kh nng lin lc vi cc nt khc khng p dng MIP. - Tt c cc bn tin v v tr c s dng pht n cc nt khc phi c nhn thc

bo v chng li cc tn cng lm lch hng. - Lin kt nt di ng thng l lin kt v tuyn. Lin kt ny c th c rng bng

nh hn v tl li cao hn cc mng hu tuyn thng thng. Ngoi ra nt di ng sdng ngun c-qui nn vic ti thiu ha tiu th cng sut l rt quan trng. V th cc

bn tin qun tr c pht trn lin kt m nt di ng trn tip nhp mng phic ti thiu ha v kch thc ca cc bn tin ny phi cng nh cng tt.

- MIP khng gy ra cc hn ch b sung cho vic n nh cc a ch IP Mc ch ca MIP l cho php nt chuyn ng t 1 mng con IP ny n 1 mng con

IP khc, n va ph hp cho vic di ng qua cc mi trng khng ng nht ln cc mitrng ng nht. Ngha l MIP to iu kin cho vic di ng t mt on Ethernet ny non Ethernet khc cng nh cho php di ng t 1 on Ethernet ny n LAN v tuyntrong khi vn gi nguyn ach IP ca nt sau khi chuyn dch. 4.1.2. Cc thc th ca MIP

MIP a vo cc thc th chc nng sau:- MN (Mobile Node: Nt di ng) hay MN (Mobile Host: my di ng). Nt di ng l

my hay b nh tuyn thay i im truy nhp mng t 1 mng hay 1 mng con nyn 1 mng hay 1 mng con khc. Nt di ng c th thay i v tr ca mnh m khng

thay i a ch ca n. N c th duy tr lin lc vi cc nt Internet khc ti mi v trkhi vn gi nguyn a ch Internet ca mnh vi gi thit rng vn c kt ni lp linkt n im truy nhp mng.

- CN (Correspondent Node: Nt i tc) hay CH (Correspondent Host: My i tc).My/nt i tc l my c nh hoc di ng thng tin vi my di ng MN c xt.

- HA (Home Agent: Tc nhn nh). Tc nhn nh l mt b nh tuyn mng nh cant di ng c nhim v truyn ng hm (Tunnel) cc b s liu n nt di ng khint ny ra khi mng nh v duy tr thng tin v tr cho nt di ng.

- FA (Foreign Agent: Tc nhn ngoi). Tc nhn ngoi l mt b nh tuyn ti mngngoi nh tuyn cc dch v n nt di ng ni

An Ninh Trong Thong Tin Di Dong

Documents