Está en la página 1de 88

HC VI#N CNG NGH# B%U CHNH VI&N THNG

KHOA VI&N THNG I





() N
T*T NGHI#P (,I HC

" ti:
AN NINH TRONG 3G UMTS








Ng!i th$c hi&n: Ph.m V0n Qu2nh











H N5i 2010

P
H
,
M

V
8
N

Q
U
9
N
H


































A
N

N
I
N
H

T
R
O
N
G

3
G

U
M
T
S













































































H
0
7
V
T
T
D


Hc vin cng ngh bu chnh vin thng




n
tt nghip i hc


truyn dn wdm v ng dng
trn mng truyn dn
ng trc bc-nam









HC VI#N CNG NGH# B%U CHNH VI&N THNG
KHOA VI&N THNG I



() N
T*T NGHI#P (,I HC


)* ti: AN NINH TRONG 3G UMTS







Ng!i th$c hi&n: Ph.m V0n Qu2nh
L+p: H07VTTD
Ng!i h+ng d-n: Ths. Nguy;n Vi>t Minh











H Ni 2010

tI n tt nghip i hc
H v tn: Phm V#n Qu%nh.
Lp: H07VTTD.
Khoa: Vi(n Thng I.
Ngnh: ,i-n t. - Vi(n thng.

Tn ti:
AN NINH TRONG 3G UMTS

Ni dung n:

- T1ng quan v4 3G UMTS.
- An ninh trong thng tin di 56ng.
- Gi7i php an ninh trong 3G UMTS.

Ngy giao 54 ti: //..
Ngy n6p 58 n: //..

Ngy thng nm 2010
Gio vin h/9ng d<n




Ths. Nguy;n Vi>t Minh


Hc Vin Cng Ngh Bu Chnh Vin Thng
Khoa Vin Thng I



Cng Ho X Hi Ch Ngha Vit Nam
c lp T do Hnh phc

!"#$ %&' ()* $+,-. ",/$+ 01$2

.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................



im : (Bng ch : .. )


Ngy thng nm 2010




!"#$ %&' ()* $+,-. 3"4$ 5.6$2

.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................
.................................................................................................



im : (Bng ch : .. )


Ngy thng nm 2010

M0c l0c
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
i
M@C L@C
M@C L@C.................................................................................................................. i
THUBT NGC VIET TFT........................................................................................ iii
DANH M@C HNH VG ......................................................................................... viii
DANH M@C BHNG BIJU ...................................................................................... ix
LLI NI (NU........................................................................................................... 1
CH%MNG I: TONG QUAN VP 3G UMTS............................................................. 3
1.1 T1ng quan l6 trnh pht tri=n thng tin di 56ng................................................. 3
1.2 ,>c 5i=m c: b7n c?a 3G UMTS....................................................................... 4
1.3 CS, PS, cc loi l/u l/Ang v dBch vD 5/Ac 3G UMTS hE trA .......................... 6
1.3.1 Chuy=n mch knh v chuy=n mch gi ............................................................. 6
1.3.2 Cc l/u l/Ang v dBch vD 5/Ac 3G UMTS hE trA................................................ 8
1.4 KiFn trc 3G UMTS R3.................................................................................. 10
1.4.1 ThiFt bB ng/Hi s. dDng...................................................................................... 10
1.4.2 Mng truy nhIp v tuyFn m>t 5Jt UMTS.......................................................... 12
1.4.3 Mng li ........................................................................................................... 13
1.4.4 Cc mng ngoi ................................................................................................ 16
1.4.5 Cc giao di-n.................................................................................................... 16
1.5 KiFn trc 3G UMTS R4.................................................................................. 17
1.6 KiFn trc 3G UMTS R5.................................................................................. 19
1.7 KFt luIn.......................................................................................................... 21

CH%MNG II: AN NINH TRONG THNG TIN DI (QNG................................ 22
2.1 To lIp mi tr/Hng an ninh ............................................................................ 22
2.1.1 NhIn thKc......................................................................................................... 22
2.1.2 Ton vLn sM li-u ............................................................................................... 22
2.1.3 B7o mIt ............................................................................................................ 22
2.1.4 Trao quy4n ....................................................................................................... 23
2.1.5 CJm tN chMi ...................................................................................................... 23
2.2 Cc 5e dOa an ninh ......................................................................................... 23
2.2.1 ,ng gi7........................................................................................................... 23
2.2.2 Gim st ........................................................................................................... 23
2.2.3 Lm gi7 ............................................................................................................ 24
2.2.4 Pn cRp.............................................................................................................. 24
2.3 Cc cng ngh- an ninh ................................................................................... 25
2.3.1 Cng ngh- mIt m............................................................................................ 25
2.3.2 Cc gi7i thuIt 5Mi xSng..................................................................................... 25
2.3.3 Cc gi7i thuIt bJt 5Mi xSng ............................................................................... 27
2.3.4 NhIn thKc......................................................................................................... 28
2.3.5 Cc chT k 5i-n t. v tm tRt b7n tin................................................................ 29
2.3.6 Cc chSng chV sM .............................................................................................. 30
2.3.7 H tXng kha cng khai PKI ............................................................................. 31
2.3.8 NhIn thKc bYng b7n tin nhIn thKc..................................................................... 34
2.4 An ninh giao thSc v tuyFn............................................................................. 36
2.4.1 An ninh l9p truy4n t7i v tuyFn (WTLS) .......................................................... 36
2.4.2 LE h1ng WAP .................................................................................................. 37
2.4.3 WAP 2.x........................................................................................................... 38
M0c l0c
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
ii
2.5 M hnh an ninh t1ng qut c?a m6t h- thMng thng tin di 56ng....................... 38
2.6 An ninh trong GSM........................................................................................ 39
2.6.1 M hnh an ninh cho giao di-n v tuyFn ........................................................... 39
2.6.2 Cc hn chF trong an ninh GSM....................................................................... 40
2.7 KFt luIn.......................................................................................................... 42

CH%MNG III: GIHI PHP AN NINH TRONG 3G UMTS................................. 43
3.1 M hnh kiFn trc an ninh 3G UMTS............................................................. 43
3.1.1 NhIn thKc......................................................................................................... 43
3.1.2 B7o mIt ............................................................................................................ 43
3.1.3 Ton vLn .......................................................................................................... 44
3.2 Cc hm mIt m............................................................................................. 45
3.2.1 Yu cXu 5Mi v9i cc gi7i thuIt v cc hm mIt m ............................................ 45
3.2.2 Cc hm mIt m............................................................................................... 45
3.2.3 S. dDng cc hm mIt m 5= to AV trong AuC................................................ 50
3.2.4 S. dDng cc hm mIt m 5= to cc thng sM an ninh trong USIM................... 50
3.2.5 S. dDng cc hm 5= 58ng b6 li ti USIM........................................................ 51
3.2.6 S. dDng cc hm 5= 58ng b6 li ti AuC .......................................................... 52
3.2.7 ThS tK to kha ................................................................................................ 53
3.3 Cc thng sM nhIn thKc .................................................................................. 53
3.3.1 Cc thng sM c?a vec-t: nhIn thKc (AV)........................................................... 53
3.3.2 ThZ nhIn thKc mng (AUTN) ........................................................................... 54
3.3.3 Tr7 lHi c?a ng/Hi s. dDng v gi trB k% vOng (RES&XRES) ............................. 54
3.3.4 MAC-A&XMAC-A ......................................................................................... 54
3.3.5 ThZ 58ng b6 li (AUTS) ................................................................................... 54
3.3.6 MAC-S&XMAC-S........................................................................................... 54
3.3.7 Kch c[ c?a cc thng sM nhIn thKc.................................................................. 55
3.4 M hnh an ninh cho giao di-n v tuyFn 3G UMTS........................................ 55
3.4.1 Mng nhIn thKc ng/Hi s. dDng......................................................................... 56
3.4.2 USIM nhIn thKc mng...................................................................................... 57
3.4.3 MIt m ha UTRAN........................................................................................ 57
3.4.4 B7o v- ton vLn bo hi-u RRC......................................................................... 58
3.5 NhIn thKc v th\a thuIn kha AKA............................................................... 59
3.5.1 T1ng quan v4 AKA .......................................................................................... 60
3.5.2 Cc th? tDc AKA.............................................................................................. 60
3.6 Th? tDc 58ng b6 li AKA............................................................................... 62
3.7 An ninh trong 3G UMTS R5 .......................................................................... 63
3.7.1 An ninh mi4n mng NDS.................................................................................. 63
3.7.2 An ninh IMS..................................................................................................... 65
3.8 KFt luIn.......................................................................................................... 72
KET LUBN............................................................................................................... ix
TI LI#U THAM KHHO......................................................................................... x




Thu7t ng8 vi:t t<t
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
iii
THUBT NGC VIET TFT

1G The First Generation H- thMng di 56ng thF h- m6t
2G The Second Generation H- thMng di 56ng thF h- hai
3G The Third Generation H- thMng di 56ng thF h- ba
3GPP Third Generation Partnership
Project
,4 n 5Mi tc thF h- thS 3
A
ACL Access Control List Danh sch 5i4u khi=n truy nhIp
ADS Application Domain Security An ninh mi4n Sng dDng
AES Advantage Encryption Standard Tiu chu]n mIt m ha tin tiFn
AH Authentication Header Tiu 54 nhIn thKc
AKA Authentication and Key Agreement NhIn thKc v th\a thuIn kha
AMF Authentication Management Field Tr/Hng qu7n l nhIn thKc
AMPS Advanced Mobile Phone System H- thMng 5i-n thoi tin tiFn
ATM Asynchronous Transfer Mode Ph/:ng thSc truy4n bJt 5Mi xSng
AuC Authentication Center Trung tm nhIn thKc
AUTN Authentication Token ThZ nhIn thKc mng
AV Authentication Vector Vec-t: nhIn thKc
B
BG Border Gateway C1ng bin gi9i
BICC Bearer Independent Call Control ,i4u khi=n cu6c gOi 56c lIp knh
mang
BTS Base Transceiver Station Trm thu pht gMc
C
CA Certificate Authority Th]m quy4n chSng nhIn
CK Cirphering Key Kha mIt m
CN Core Network Mng li
CRL Certificate Revocation List Danh sch h?y chSng nhIn
CRNC Control RNC RNC 5i4u khi=n
CS Circuit Switching Chuy=n mch knh
CSCF Connection State Control Function ChSc n#ng 5i4u khi=n trng thi
kFt nMi
D
DES Data Encryption Standard Tiu chu]n mIt m ho sM li-u
DNS Domain Name System H- thMng tn mi4n
DRNC Drifting RNC RNC tri
E
ECC Elliptic Curve Cryptography M6t loi gi7i thuIt mIt m ha
EIR Equipment Identify Register Thanh ghi nhIn dng thu bao
ESP Encapsulation Security Payload T7i tin an ninh 5ng bao
F
Thu7t ng8 vi:t t<t
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
iv
FDD Frequency Division Duplexing Song cng phn chia theo tXn sM
FDM Frequency Division Multiplexing Ghp knh phn chia theo tXn sM
G
GGSN Gate GPRS Support Node Nt hE trA GPRS c1ng
GMSC Gate-MSC MSC c1ng
GPS Global Positioning System H- thMng 5Bnh vB ton cXu
GSM Global System for Mobile
Communication
H- thMng thng tin di 56ng
ton cXu
GTP GPRS Tunnel Protocol Giao thSc 5/Hng hXm GPRS
H
HE Home Environment Mi tr/Hng nh
HLR Home Location Register Thanh ghi 5Bnh vB th/Hng tr
HSS Home Subscriber Server Server thu bao ti nh
I
I-CSCF Interrogating CSCF CSCF h\i
IDEA International Data Encryption
Algorithm
Gi7i thuIt mIt m ha sM li-u quMc
tF
IETF Internet Engineering Task Force Nhm 5>c trch Internet
IK Integrity Key Kha ton vLn
IKE Internet Key Exchange Trao 51i kha Internet
IMEI International Mobile Equipment
Identifier
NhIn dng thu bao di 56ng quMc
tF
IMPI IMS Private Identity NhIn dng ring IMS
IMPI Internet Multimedia Public
Identifier
NhIn dng cng c6ng 5a ph/:ng
ti-n Internet
IMPU IMS Public Identify NhIn dng cng c6ng IMS
IMS IP Multimedia CN Subsystem H- thMng con mng li 5a ph/:ng
ti-n IP
IMSI International Mobile Subscriber
Identifier
NhIn dng thu bao di 56ng quMc
tF
IP Internet Protocol Giao thSc Internet
IPsec IP Security An ninh IP
ISDN Integrated Sevices Digital Network Mng sM tch hAp 5a dBch vD
ISIM IMS Subscriber Identify Module M dun nhIn dng thu bao IMS
ISIM Internet Services Multimedia
Identity Module
M dun nhIn dng dBch vD 5a
ph/:ng ti-n Internet
ITU International Telecommunication
Union
Lin minh vi(n thng quMc tF
K
K Master Key Kha ch?
KS Key Stream Lu8ng kha
L
LA Local Area Vng 5Bnh vB
Thu7t ng8 vi:t t<t
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
v
M
MAC Message Authentication Code M nhIn thKc b7n tin
MAC-A MAC- Authentication M nhIn thKc b7n tin dnh cho
nhIn thKc
MAC-I MAC-Integrity MAC dnh cho ton vLn
MACsec MAC Security An ninh MAP
MD Message Degest Tm tRt b7n tin
ME Mobile Equipment ThiFt bB di 56ng
MEGACO Media Gateway Controller B6 5i4u khi=n c1ng ph/:ng ti-n
MGCF Media Gateway Control Function ChSc n#ng 5i4u khi=n c1ng cc
ph/:ng ti-n
MGW Media Gateway C1ng ph/:ng ti-n
MIP Mobile Internet Procol Giao thSc Internet di 56ng
MRF Multimedia Resource Function ChSc n#ng ti nguyn 5a ph/:ng
ti-n
MS Mobile Station Trm di 56ng
MSC Mobile Services Switching Center Trung tm chuy=n mch cc dBch
vD di 56ng
N
NAI Network Access Identify NhIn dng truy nhIp mng
NAS Network Access Security An ninh truy nhIp mng
NDS Network Domain Security An ninh mi4n mng
NMT Nordic Mobile Telephone System H- thMng 5i-n thoi di 56ng BRc
u
P
PCM Pulse Code Modulation ,i4u chF xung m
P-CSCF Proxy CSCF CSCF ?y thc
PDP Packet Data Protocol Giao thSc DS li-u gi
PIN Personal Identification Number SM nhIn dng c nhn
PKI Public Key Infrastructure H tXng kha cng khai
PLMN Public Land Mobile Network Mng di 56ng cng c6ng m>t 5Jt
PS Packet Switching Chuy=n mch gi
PSTN Public Switched Telephone
Network
Mng 5i-n thoi chuy4n mch
cng c6ng
P-TMSI Packet- TMSI TMSI gi
Q
QoS Quality of Service ChJt l/Ang dBch vD
R
RA Routing Area Vng chuy=n mch
RAN Radio Access Network Mng truy nhIp v tuyFn
RAND Random Number SM ng<u nhin/ h l-nh ng<u nhin
RES User Respone Tr7 lHi c?a ng/Hi s. dDng
RNC Radio Network Controller B6 5i4u khi=n mng v tuyFn
Thu7t ng8 vi:t t<t
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
vi
RSA Ron Rivest, Adi Shamir and
Leonard Adelman Algorithm
Gi7i thuIt mIt m c?a ba 58ng tc
gi7 Ron Rivest, Adi Shamir and
Leonard Adelman
RSGW Roaming Signalling Gateway C1ng bo hi-u chuy=n mng
RTP Real Time Transport Protocol Giao thSc truy4n t7i thHi gian thKc
S
S-CSCF Serving CSCF CSCF phDc vD
SDP Session Description Protocol Giao thSc miu t7 phin
SGSN Serving GPRS Support Node Nt bE trA GPRS phDc vD
SHA Security Hash Algorithm ThuIt ton lm rMi an ninh
SIP Session Initiation Protocol Giao thSc kh^i to phin
SMR Special Mobile Radio V tuyFn di 56ng 5>c bi-t
SQN Sequence Number SM trnh tK
SRES Signed RESponse Tr7 lHi 5/Ac k
SRNC Serving RNC RNC phDc vD
SS7GW Signaling System No.7 Gateway C1ng h- thMng bo hi-u sM 7
SSL Secure Sockets Layer L9p cc 1 cRm an ninh
T
TACS Total Access Communications
Systems
H- thMng truy4n thng truy nhIp
ton b6
TDD Time Division Duplexing Song cng phn chia theo thHi
gian
TDM Time Division Multiplexing Ghp knh phn chia theo thHi
gian
TE Terminal Equipment ThiFt bB 5Xu cuMi
TLS Transport Layer Security An ninh l9p truy4n t7i
TMSI Temporary Mobile Subscriber
Identity
NhIn dng di 56ng tm thHi
TSGW Transport Signalling Gateway C1ng bo hi-u truy4n t7i
U
UA User Agent Tc nhn ng/Hi s. dDng
UAC UA Client UA khch
UAS UA Server UA ch?
UDS User Domain Security An ninh mi4n ng/Hi s. dDng
UE User Equipment ThiFt bB ng/Hi s. dDng
UEA UMTS Encryption Algorithm Gi7i thuIt mIt m UMTS
UIA UMTS Integrity Algorithm Gi7i thuIt ton vLn UMTS
UICC UMTS IC Card ThZ vi mch UMTS
UMTS Univesal Mobile
Telecommunication System
H- thMng viFn thng di 56ng ton
cXu
URI Unified Resource Identifier NhIn dng ti nguyn 58ng dng
USIM UMTS Subscriber Identify Module Mdun nhIn dng thu bao UMTS
Thu7t ng8 vi:t t<t
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
vii
UTRAN UMTS Terrestrial Radio Access
Network
Mng truy nhIp v tuyFn m>t 5Jt
UMTS
V
VC Virtual Channel ,/Hng truy4n 7o
VLR Visitor Location Register Thanh ghi 5Bnh vB tm thHi
VoIP Voice over Internet Protocol Thoi trn n4n IP
VP Virtual Packet Gi 7o
W
WAP Wireless Application Protocol Giao thSc Sng dDng v tuyFn
WAPsec WAP Security An ninh WAP
WCDMA Wideband Code Division Multiple
Access
,a truy nhIp phn chia theo m
b#ng r6ng
WTLS Wireless Transfer Security Layer An ninh l9p truy4n t7i v tuyFn
X
XMAC-A Expected-MACA MAC-A k% vOng
XMAC-I Expected-MACI MAC-I k% vOng
XRES Expected User Respone Tr7 lHi k% vOng c?a ng/Hi s. dDng
Danh m0c hnh v=
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
viii
DANH M@C HNH VG
Hnh 1.1 Qu trnh pht tri=n c?a cc n4n t7ng thng tin di 56ng tN 1G 5Fn 3G........... 4
Hnh 1.2 KiFn trc 3G UMTS R3.............................................................................. 10
Hnh 1.3 KiFn trc 3G UMTS R4............................................................................. 18
Hnh 1.4 KiFn trc mng 5a ph/:ng ti-n 3G UMTS R5. ........................................... 20
Hnh 2.1 Minh hOa c: chF c: s^ c?a mIt m bYng kha duy nhJt.............................. 26
Hnh 2.2 Qu trnh s. dDng tm tRt b7n tin 5= cung cJp cc chT k 5i-n t................ 29
Hnh 2.3 NhIn thKc bYng chT k 5i-n t.................................................................... 33
Hnh 2.4 Ph/:ng php nhIn thKc s. dDng MAC. ...................................................... 35
Hnh 2.5 KiFn trc an ninh t1ng qut c?a m6t h- thMng thng tin di 56ng. ................ 38
Hnh 2.6 M hnh an ninh cho giao di-n v tuyFn ^ GSM. ........................................ 39
Hnh 3.1 Qu trnh mIt m ha v gi7i mIt m ha bYng hm f8............................... 47
Hnh 3.2 NhIn dng ton vLn b7n tin v9i s. dDng hm ton vLn f9. .......................... 48
Hnh 3.3 Qu trnh to cc AV trong AuC................................................................. 50
Hnh 3.4 Qu trnh to cc thng sM an ninh trong USIM. ......................................... 51
Hnh 3.5 To AUTS trong USIM. ............................................................................. 52
Hnh 3.6 Th? tDc 58ng b6 li trong AuC. .................................................................. 53
Hnh 3.7 M hnh an ninh cho giao di-n v tuyFn ^ 3G UMTS................................. 56
Hnh 3.8 NhIn thKc ng/Hi s. dDng ti VLR/SGSN. .................................................. 57
Hnh 3.9 NhIn thKc mng ti USIM. ......................................................................... 57
Hnh 3.10 B6 mIt m lu8ng trong UMTS.................................................................. 58
Hnh 3.11 NhIn thKc ton vLn b7n tin. ...................................................................... 59
Hnh 3.12 T1ng quan qu trnh nhIn thKc v th\a thuIn kha AKA. ......................... 60
Hnh 3.13 Th? tDc 58ng b6 li c?a AKA. .................................................................. 62
Hnh 3.14 KiFn trc an ninh IMS. ............................................................................. 67
Hnh 3.15 KiFn trc an ninh IMS c?a UMTS R5....................................................... 68
Hnh 3.16 ,#ng k v nhIn thKc trong IMS. ............................................................. 70




Danh m0c b>ng bi@u
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
ix
DANH M@C BHNG BIJU
B7ng 1.1 Phn loi cc dBch vD ^ 3G UMTS. .............................................................. 9
B7ng 3.1 Cc hm mIt m......................................................................................... 46
B7ng 3.2 Kch c[ cc thng sM nhIn thKc. ................................................................. 55
L!i ni BCu
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
1
LLI NI (NU
% Vi(t Nam trong nh*ng n-m g0n 1y, ngnh cng nghi(p vi2n thng ni
chung v thng tin di 14ng ni ring 1 c nh*ng b+6c pht tri9n v+:t b;c. T< ch> c
hai nh cung c?p dAch vC di 14ng, cho 1En nay 1 c bFy nh cung c?p dAch vC di
14ng. Cng v6i 1, sG l+:ng thu bao di 14ng khng ng<ng t-ng ln, yu c0u cHa
khch hng sJ dCng dAch vC di 14ng cKng ngy m4t cao h7n. i(n thoLi di 14ng giM
1y khng chN 19 dng 19 nghe gPi nh+ tr+6c n*a, m n 1 trQ thnh m4t 10u cuGi di
14ng v6i 10y 1H cc tnh n-ng 19 phCc vC mPi nhu c0u cHa con ng+Mi. BRng chiEc 1i(n
thoLi cHa mnh ng+Mi sJ dCng c th9 giSi tr, truy c;p d* li(u phCc vC vi(c hPc hnh,
nghin cTu hay giao l+u, hPc hUi, khng nh*ng thE ng+Mi sJ dCng cn c th9 dng n
19 thVc hi(n cc giao dAch kinh doanh, giao dAch ngn hng trVc tuyEn, v6i tGc 14
cao khng thua km g cc mLng c dy. 9 nh*ng 1i"u nu trn trQ thnh hi(n thVc,
cc nh cung c?p dAch vC di 14ng tLi Vi(t Nam 1 v 1ang cho ra mWt khch hng vi2n
thng h( thGng thng tin di 14ng thE h( thT ba (3G).
Xc 1i9m nYi b;t nh?t cHa h( thGng ny l tGc 14 xJ l d* li(u cao v loLi hnh
dAch vC phong ph, 1a dLng. Tuy nhin, 19 khch hng c th9 yn tm v tin t+Qng khi
sJ dCng dAch vC th v?n 1" an ninh, an ton thng tin trong h( thGng thng tin di 14ng
thE h( thT ba phSi 1+:c 1Xt ln hng 10u. BQi d* li(u 1+:c truy"n trn mLng di 14ng
giM 1y khng chN 17n thu0n l thoLi, m l d* li(u cHa cc phin giao dAch trVc
tuyEn. NEu khng 1Sm bSo an ton thng tin th thi(t hLi v" kinh tE l v cng to l6n.
V6i 1" ti: An ninh trong 3G UMTS trong 1Z n tGt nghi(p cHa mnh, em
hy vPng tm hi9u v" v?n 1" an ninh trong h( thGng thng tin di 14ng thE h( thT ba cKng
nh+ cc giSi php 19 bSo m;t v bSo v( ton v[n thng tin cHa ng+Mi sJ dCng khi
1+:c truy"n trong h( thGng.
N4i dung cHa quy9n 1Z n bao gZm ba ch+7ng:
Ch+7ng 1: TRng quan vT 3G UMTS. N4i dung cHa ch+7ng ny 1" c;p 1En l4
trnh pht tri9n cHa h( thGng thng tin di 14ng, cc 1Xc 1i9m, loLi hnh dAch vC m h(
thGng thng tin di 14ng thE h( thT ba cung c?p. Ph0n cuGi ch+7ng c 1" c;p 1En cc
c?u trc cHa h( thGng 3G UMTS, t< R3, R4 1En R5.
Ch+7ng 2: An ninh trong thng tin di U5ng. N4i dung cHa ch+7ng 1" c;p 1En
cc 1e dPa an ninh 1Gi v6i h( thGng thng tin di 14ng v cc giSi php 19 1Sm bSo an
L!i ni BCu
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
2
ton thng tin trong cc h( thGng thng tin di 14ng. CuGi ch+7ng c 1" c;p 1En an
ninh trong h( thGng thng tin di 14ng thE h( thT hai.
Ch+7ng 3: GiVi php an ninh trong 3G UMTS. y l ph0n n4i dung chnh
cHa quy9n 1Z n. N4i dung 1" c;p 1En cc nguyn l c7 bSn 19 xy dVng m4t kiEn trc
an ninh cho h( thGng 3G UMTS. Cc bi(n php cC th9 19 bSo v( an ton thng tin khi
truy"n trn giao di(n v tuyEn cHa h( thGng. Tm hi9u cC th9 qu trnh nh;n thVc v
thUa thu;n kha AKA, cc hm m;t m 1+:c sJ dCng v cc thng sG nh;n thVc lin
quan. V 1Xc bi(t cuGi ch+7ng c 1" c;p 1En c?u trc an ninh cho h( thGng 3G UMTS
phin bSn R5.
CuGi cng, con xin cSm 7n cha, m[ v ton th9 gia 1nh 1 tLo 1i"u ki(n tGt
nh?t 19 con hon thnh tGt quy9n 1Z n ny. Em xin chn thnh cSm 7n th0y gio
Nguy2n ViEt Minh, cng cc th0y, c gio trong HPc Vi(n 1 chN bSo v h+6ng d\n em
trong suGt thMi gian hPc t;p v lm 1Z n tGt nghi(p. Ti xin cSm 7n bLn b trong l6p,
trn di2n 1n 1 gip 1] ti r?t nhi"u v6i nh*ng tnh cSm chn thnh nh?t.


BWc Ninh, Ngy 20 thng 01 n-m 2010
Sinh vin (k)



PhLm V-n Qu^nh
)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
3
CH%MNG I: TONG QUAN VP 3G UMTS

1.1 TRng quan l5 trnh pht triXn thng tin di U5ng
H- thMng thng tin di 56ng 5/Ac chia thnh ba thF h-: thS nhJt (1G); thS hai
(2G) v thS ba (3G).
Cc h- thMng 1G 57m b7o truy4n d<n t/:ng tK dKa trn cng ngh- ghp knh
phn chia theo tXn sM (FDM) v9i kFt nMi mng li dKa trn cng ngh- ghp knh phn
chia theo thHi gian (TDM). V dD 5i=n hnh cho h- thMng ny l h- thMng 5i-n thoi di
56ng tin tiFn (AMPS), 5/Ac s. dDng trn ton n/9c M_ v h- thMng 5i-n thoi di
56ng BRc u (NMT). Thng th/Hng cc cng ngh- 1G 5/Ac tri=n khai ti m6t n/9c
ho>c nhm cc n/9c, khng 5/Ac tiu chu]n ha b^i cc c: quan tiu chu]n quMc tF
v khng c 5Bnh dnh cho s. dDng quMc tF.
Khc v9i 1G, cc h- thMng 2G 5/Ac thiFt kF 5= tri=n khai quMc tF. ThiFt kF 2G
nhJn mnh h:n v4 tnh t/:ng thch, kh7 n#ng chuy=n mng phSc tp v s. dDng
truy4n d<n tiFng sM ha trn giao di-n v tuyFn. Cc th dD 5i=n hnh v4 cc h- thMng
2G l: GSM v cdmaOne (dKa trn tiu chu]n TIA IS-95).
C th= coi m6t h- thMng thng tin di 56ng l 3G nFu n 5p Sng m6t sM cc yu
cXu 5/Ac lin minh vi(n thng quMc tF (ITU) 54 ra sau 5y:
+ Hot 56ng ^ m6t trong sM cc tXn sM 5/Ac Jn 5Bnh cho cc dBch vD 3G;
+ Ph7i cung cJp d<y cc dBch vD sM li-u m9i cho ng/Hi s. dDng bao g8m c7 5a
ph/:ng ti-n, 56c lIp v9i cng ngh- giao di-n v tuyFn;
+ Ph7i hE trA truy4n d<n sM li-u di 56ng ti 144 kb/s cho cc ng/Hi s. dDng di
56ng tMc 56 cao v truy4n d<n sM li-u ln 5Fn 2Mb/s cho cc ng/Hi s. dDng cM 5Bnh
ho>c di 56ng tMc 56 thJp;
+ Ph7i cung cJp cc dBch vD sM li-u gi (cc dBch vD khng dKa trn kFt nMi
chuy=n mch knh (CS) 5Fn mng sM li-u dKa trn chuy=n mch gi (PS));
+ Ph7i 57m b7o tnh 56c lIp c?a mng li v9i giao di-n v tuyFn.
M6t sM h- thMng 2G 5ang tiFn ha 5Fn t nhJt m6t phXn cc yu cXu trn. ,i4u
ny d<n 5Fn m6t hIu qu7 khng mong muMn l lm sai l-ch thuIt ngT "cc thF h-".
Ch`ng hn GSM v9i hE trA sM li-u knh 5/Ac phn loi nh/ h- thMng 2G thuXn ty.
Khi t#ng c/Hng thm dBch vD v tuyFn gi chung (GPRS), n tr^ nn ph hAp v9i
)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
4
nhi4u tiu chu]n 3G. D<n 5Fn n khng h`n l 2G cang nh/ 3G m l loi "giTa cc
thF h-", v thF h- thMng GSM 5/Ac t#ng c/Hng GPRS hi-n nay 5/Ac gOi l h- thMng
2,5G. Trong khi thKc tF v<n thu6c loi 2G, t nhJt l v4 ph/:ng di-n cng ngh- truy4n
d<n v tuyFn.
Hnh 1.1 m t7 qu trnh pht tri=n c?a cc thF h- thng tin di 56ng.

Hnh 1.1 Qu trnh pht tri9n cHa cc n"n tSng thng tin di 14ng t< 1G 1En 3G.

1.2 (Yc UiXm cZ bVn c[a 3G UMTS
H- thMng thng tin di 56ng thF h- thS 3 5/Ac xy dKng v9i mDc 5ch cho ra 5Hi
m6t mng di 56ng ton cXu v9i cc dBch vD phong ph, bao g8m: thoi; nhRn tin;
Internet v dT li-u b#ng r6ng. Ti Chu u h- thMng thng tin di 56ng thF h- thS 3 5
5/Ac tiu chu]n ho b^i vi-n tiu chu]n vi(n thng Chu u (ETSI) ph hAp v9i tiu
chu]n IMT-2000 c?a ITU. H- thMng c tn l h- thMng vi(n thng di 56ng ton cXu
(UMTS). UMTS 5/Ac xem l h- thMng kF thNa c?a h- thMng thF h- thS 2 (GSM),
nhYm 5p Sng cc yu cXu pht tri=n c?a cc dBch vD di 56ng v Sng dDng Internet.
3G UMTS 5/Ac pht tri=n b^i 54 n 5Mi tc thF h- thS 3 (3GPP). S. dDng d7i
tXn quMc tF 2GHz nh/ sau: 5/Hng ln: 1885-2025 MHz; 5/Hng xuMng: 2110-2200
MHz.
)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
5
H- thMng 3G UMTS s. dDng cng ngh- 5a truy nhIp phn chia theo m b#ng
r6ng (WCDMA). WCDMA l cng ngh- 5/Ac s. dDng cho phXn giao di-n v tuyFn
c?a h- thMng 3G UMTS. Cc thng sM n1i bIt 5>c tr/ng cho WCDMA nh/ sau:
+ WCDMA s. dDng tr7i ph1 chuEi trKc tiFp (DSSS). b 5y cc bit thng tin 5/Ac
tr7i ra trong m6t b#ng tXn r6ng bYng cch nhn dT li-u cXn truy4n v9i cc bit gi7 ng<u
nhin (gOi l chip). Cc bit ny xuJt pht tN cc m tr7i ph1 CDMA. ,= hE trA tMc 56
bit cao (ln t9i 2Mb/s), cXn s. dDng cc kFt nMi 5a m v h- sM tr7i ph1 khc nhau.
+ WCDMA c tMc 56 chip l 3,84 Mc/s d<n 5Fn b#ng thng c?a sng mang xJp
xV 5MHz, nn 5/Ac gOi l h- thMng b#ng r6ng. V9i b#ng thng ny WCDMA c th= hE
trA cc tMc 56 dT li-u cao c?a ng/Hi dng v 5em li nhTng lAi ch hi-u suJt xc 5Bnh.
Cc nh vIn hnh mng c th= s. dDng nhi4u sng mang 5MHz 5= t#ng thm dung
l/Ang, cang c th= s. dDng cc l9p tF bo phn cJp. Kho7ng cch giTa cc sng mang
thKc tF c th= 5/Ac chOn trong kho7ng tN 4,4MHz 5Fn 5MHz, tu% thu6c vo nhi(u
giTa cc sng mang.
+ WCDMA hE trA tMt cc tMc 56 dT li-u ng/Hi dng khc nhau hay ni cch khc
l hE trA tMt 5>c tnh b#ng thng theo yu cXu. MEi ng/Hi s. dDng 5/Ac cJp cc khung
c 56 r6ng 10ms, trong khi tMc 56 ng/Hi s. dDng 5/Ac giT khng 51i. Tuy nhin dung
l/Ang ng/Hi s. dDng c th= thay 51i giTa cc khung. Vi-c cJp pht nhanh dung l/Ang
v tuyFn thng th/Hng sd 5/Ac 5i4u khi=n b^i mng 5= 5t 5/Ac thng l/Ang tMi /u
cho cc dBch vD dT li-u gi.
+ WCDMA hE trA hai m hnh hot 56ng c: b7n. ChF 56 song cng phn chia
theo tXn sM (FDD) v song cng phn chia theo thHi gian (TDD). Trong chF 56 FDD,
5/Hng ln v 5/Hng xuMng s. dDng cc sng mang 5MHz c tXn sM khc nhau. Trong
khi ^ chF 5M TDD, cc 5/Hng ln v xuMng s. dDng cng tXn sM nh/ng ^ cc kho7ng
thHi gian khc nhau.
+ WCDMA hE trA hot 56ng c?a cc trm gMc dB b6. ,i4u ny khc v9i h- thMng
58ng b6 IS-95, nn khng cXn chu]n thHi gian ton cXu nh/ ^ h- thMng 5Bnh vB ton
cXu (GPS). Vi-c tri=n khai cc trm gMc micro v trm gMc indoor sd d( dng h:n khi
nhIn tn hi-u m khng cXn GPS.
+ WCDMA p dDng k_ thuIt tch sng kFt hAp trn c7 5/Hng ln v 5/Hng
xuMng dKa vo vi-c s. dDng knh hoa tiu.
+ Giao di-n v tuyFn WCDMA 5/Ac xy dKng m6t cch kho lo theo cch c?a
cc b6 thu RAKE tin tiFn, c kh7 n#ng tch sng c?a nhi4u ng/Hi dng v cc anten
thch Sng thng minh, giao di-n v tuyFn c th= 5/Ac tri=n khai b^i cc nh 5i4u khi=n
mng nh/ m6t h- thMng 5/Ac chOn lKa 5= t#ng dung l/Ang v vng ph? sng.
)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
6
1.3 ChuyXn m.ch knh, chuyXn m.ch gi, cc lo.i l]u l]^ng v d_ch va
U]^c 3G UMTS hb tr^
1.3.1 ChuyXn m.ch knh v chuyXn m.ch gi
1.3.1.1 Chuy@n m2ch knh
a. Chuy9n mLch knh
L s: 58 chuy=n mch trong 5 thiFt bB chuy=n mch thKc hi-n cc cu6c truy4n
tin bYng cch thiFt lIp kFt nMi chiFm m6t ti nguyn mng nhJt 5Bnh trong suMt cu6c
truy4n tin. KFt nMi ny l tm thHi, lin tDc v dnh ring. Tm thHi v n chV 5/Ac duy
tr trong thHi gian cu6c gOi. Lin tDc v n 5/Ac cung cJp lin tDc m6t ti nguyn nhJt
5Bnh (b#ng thng hay dung l/Ang v cng suJt) trong suMt thHi gian cu6c gOi. Dnh
ring v kFt nMi ny v ti nguyn chV dnh ring cho cu6c gOi ny. ThiFt bB chuy=n
mch s. dDng cho chuy=n mch knh (CS) trong cc t1ng 5i c?a h- thMng 2G thKc
hi-n chuy=n mch knh trn c: s^ ghp knh theo thHi gian. Trong 5 mEi knh c tMc
56 64Kb/s v v thF ph hAp cho vi-c truy4n cc Sng dDng lm vi-c ti tMc 56 cM 5Bnh
64Kb/s (ch`ng hn tiFng 5/Ac m ho PCM).
b. DAch vC cHa chuy9n mLch knh
L dBch vD trong 5 mEi 5Xu cuMi 5/Ac cJp pht m6t knh ring v n ton
quy4n s. dDng ti nguyn c?a knh ny trong thHi gian cu6c gOi, tuy nhin ph7i tr7
ti4n cho ton b6 thHi gian ny d c truy4n tin hay khng. DBch vD chuy=n mch knh
c th= 5/Ac thKc hi-n trn chuy=n mch knh (CS) ho>c chuy=n mch gi (PS). Thng
th/Hng dBch vD ny 5/Ac p dDng cho cc dBch vD thHi gian thKc (nh/ thoi).
1.3.1.2 Chuy@n m2ch gi
a. Chuy9n mLch gi
L s: 58 chuy=n mch thKc hi-n phn chia sM li-u c?a m6t kFt nMi thnh cc gi
c 56 di nhJt 5Bnh v 5/Ac truy4n 5Fn n:i nhIn theo thng tin gRn trn tiu 54 c?a
tNng gi. b chuy=n mch gi (PS) ti nguyn mng chV bB chiFm dDng khi c gi cXn
truy4n. Chuy=n mch gi cho php nhm tJt c7 cc sM li-u c?a nhi4u kFt nMi khc nhau
phD thu6c vo n6i dung, ki=u hay cJu trc sM li-u thnh cc gi c kch th/9c ph hAp
v truy4n chng trn m6t knh chia sZ. Vi-c nhm cc sM li-u cXn truy4n 5/Ac thKc
hi-n bYng ghp knh thMng k v9i Jn 5Bnh ti nguyn 56ng. Cc cng ngh- s. dDng
cho chuy=n mch gi c th= l Frame Relay, ATM ho>c IP.
)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
7
b. Cc dAch vC cHa chuy9n mLch gi
L dBch vD trong 5 nhi4u 5Xu cuMi cng chia sZ m6t knh v mEi 5Xu cuMi chV
chiFm dDng ti nguyn c?a knh ny khi c thng tin cXn truy4n v n chV ph7i tr7 ti4n
theo l/Ang tin 5/Ac truy4n trn knh. DBch vD chuy=n mch gi chV c th= 5/Ac thKc
hi-n trn chuy=n mch gi (PS). DBch vD ny rJt ph hAp cho cc dBch vD phi thHi gian
thKc (nh/ sM li-u). Tuy nhin, nhH sK pht tri=n c?a cng ngh- dBch vD ny cang 5/Ac
p dDng cho cc dBch vD thHi gian thKc (nh/ VoIP).
Chuy=n mch gi c th= thKc hi-n trn c: s^ ATM ho>c IP.
Ph+7ng thTc truy"n d\n khng 1Zng b4 (ATM): l cng ngh- thKc hi-n phn
chia thng tin cXn pht thnh cc tF bo 53 byte 5= truy4n d<n v chuy=n mch. M6t tF
bo ATM g8m 5 byte tiu 54 (c chSa thng tin 5Bnh tuyFn) v 48 byte t7i tin (chSa sM
li-u c?a ng/Hi s. dDng). ThiFt bB chuy=n mch ATM cho php chuy=n mch nhanh
trn c: s^ chuy=n mch phXn cSng tham chu]n theo thng tin 5Bnh tuyFn trong tiu 54
m khng thKc hi-n pht hi-n lEi trong tNng tF bo. Thng tin 5Bnh tuyFn trong tiu 54
g8m: 5/Hng d<n 7o (VP) v knh 7o (VC). ,i4u khi=n kFt nMi bYng VC (t/:ng Sng v9i
knh c?a ng/Hi s. dDng) v VP (l m6t b cc VC) cho php vi-c khai thc v qu7n l
c kh7 n#ng m^ r6ng v c 56 linh hot cao. Thng th/Hng VP 5/Ac thiFt lIp trn c:
s^ sM li-u c?a h- thMng ti thHi 5i=m xy dKng mng. Vi-c s. dDng ATM trong mng
li c nhi4u /u 5i=m: c th= qu7n l l/u l/Ang kFt hAp v9i RAN, cho php thKc hi-n
cc chSc n#ng CS v PS trong cng m6t kiFn trc v thKc hi-n khai thc cang nh/ 5i4u
khi=n chJt l/Ang lin kFt.
Chuy9n mLch hay Router IP: cang l m6t cng ngh- thKc hi-n phn chia thng
tin pht thnh cc khMi 5/Ac gOi l t7i tin (Payload). Sau 5 mEi khMi 5/Ac gn m6t
tiu 54 chSa cc thng tin 5Ba chV cXn thiFt cho chuy=n mch. Trong thng tin di 56ng
do vB tr c?a 5Xu cuMi di 56ng thay 51i nn cXn ph7i c thm tiu 54 b1 sung 5= 5Bnh
tuyFn theo vB tr hi-n thHi c?a MS. Qu trnh 5Bnh tuyFn ny 5/Ac gOi l truy4n 5/Hng
hXm (Tunnel). C hai c: chF 5= thKc hi-n 5i4u ny: IP di 56ng (MIP) v giao thSc
5/Hng hXm GPRS (GTP). Tunnel l m6t 5/Hng truy4n m ti 5Xu vo c?a n gi IP
5/Ac 5ng bao vo m6t tiu 54 mang 5Ba chV n:i nhIn (trong tr/Hng hAp ny l 5Ba chV
hi-n thHi c?a my di 56ng) v ti 5Xu ra gi IP 5/Ac tho bao bYng cch loi b\ tiu 54
bOc ngoi.
)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
8
V 3G UMTS 5/Ac pht tri=n tN nhTng n#m 1999 khi m ATM l cng ngh-
chuy=n mch gi ch? 5o nn cc tiu chu]n cang 5/Ac xy dKng trn cng ngh- ny.
Tuy nhin hi-n nay v t/:ng lai mng vi(n thng sd 5/Ac xy dKng trn c: s^ Internet.
V thF cc chuy=n mch gi sd l chuy=n mch ho>c Router IP.
1.3.2 Cc l]u l]^ng v d_ch va U]^c 3G UMTS hb tr^
V 3G UMTS cho php truy4n d<n nhanh h:n, nn truy nhIp Internet v cc l/u
l/Ang thng tin sM li-u khc sd pht tri=n nhanh. Ngoi ra 3G UMTS cang 5/Ac s.
dDng cho cc dBch vD tiFng. Ni chung 3G UMTS hE trA cc dBch vD try4n thng 5a
ph/:ng ti-n. V thF mEi ki=u l/u l/Ang cXn 57m b7o m6t mSc QoS nhJt 5Bnh tu% theo
Sng dDng c?a dBch vD, 5/Ac phn loi nh/ sau:
+ LoLi h4i thoLi (Conversational, rt): thng tin t/:ng tc yu cXu tr( nh\ (v dD
nh/ thoi);
+ LoLi luZng (Streaming, rt): thng tin m6t chi4u 5i h\i dBch vD lu8ng v9i tr(
nh\ (v dD nh/ phn phMi truy4n hnh thHi gian thKc);
+ LoLi t+7ng tc (Interactive, nrt): 5i h\i tr7 lHi trong m6t thHi gian nhJt 5Bnh v
te l- lEi thJp (v dD trnh duy-t Web, truy nhIp Server);
+ LoLi n"n (Background, nrt): 5i h\i cc dBch vD nE lKc nhJt 5/Ac thKc hi-n trn
n4n c: s^ (v dD E-mail, file t7i xuMng).
Mi tr/Hng hot 56ng c?a 3G UMTS 5/Ac chia thnh bMn vng v9i cc tMc 56
bit (R
b
) phDc vD nh/ sau:
+ Vng 1: trong nh, pico, R
b
2Mb/s;
+ Vng 2: thnh phM, micro, R
b
384Kb/s;
+ Vng 2: ngoi , macro, R
b
144Kb/s;
+ Vng 4: Ton cXu, R
b
= 12,2Kb/s.
C th= t1ng kFt cc dBch vD do 3G UMTS cung cJp ^ b7ng 1.1.





)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
9
KiXu Phn lo.i D_ch va chi ti>t
DBch vD di
56ng
DBch vD di 56ng Di 56ng 5Xu cuMi/ di 56ng c nhn/ di 56ng
dBch vD
DBch vD thng tin
5Bnh vB
- Theo di di 56ng/ theo di di 56ng thng
minh
DBch vD m thanh - DBch vD m thanh chJt l/Ang cao (16-64Kb/s)
- DBch vD truy4n thanh AM (32-64Kb/s)
- DBch vD truy4n thanh FM (64-384Kb/s)
DBch vD
vi(n thng
DBch vD sM li-u - DBch vD sM li-u tMc 56 trung bnh (64-
144Kb/s)
- DBch vD sM li-u tMc 56 t/:ng 5Mi cao
(144Kb/s-2Mb/s)
- DBch vD sM li-u tMc 56 cao ( 2Mb/s)
DBch vD 5a
ph/:ng ti-n
- DBch vD Video (384Kb/s)
- DBch vD hnh chuy=n 56ng (384Kb/s-2Mb/s)
- DBch vD hnh chuy=n 56ng thHi gian thKc
( 2Mb/s)
DBch vD Internet
5:n gi7n
DBch vD truy nhIp Web (384Kb/s-2Mb/s)
DBch vD Internet
thHi gian thKc
DBch vD Internet (384Kb/s-2Mb/s)


DBch vD
Internet
DBch vD internet
5a ph/:ng ti-n
DBch vD Website 5a ph/:ng ti-n thHi gian thKc
( 2Mb/s)
BSng 1.1 Phn loLi cc dAch vC Q 3G UMTS.
3G UMTS 5/Ac xy dKng theo ba pht hnh chnh 5/Ac gOi l R3, R4, R5.
Trong 5 mng li R3 v R4 bao g8m hai mi4n: mi4n chuy=n mch knh (CS) v mi4n
chuy=n mch gi (PS). Vi-c kFt hAp ny ph hAp cho giai 5on 5Xu khi PS ch/a 5p
Sng tMt cc dBch vD thHi gian thKc nh/ thoi v hnh 7nh. Khi ny mi4n CS sd 57m
nhi-m cc dBch vD thoi, cn sM li-u 5/Ac truy4n trn mi4n PS. R4 pht tri=n h:n R3 ^
)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
10
chE mi4n CS chuy=n sang chuy=n mch m4m v thF ton b6 mng truy4n t7i giTa cc
nt chuy=n mch 54u trn IP.
1.4 Ki>n trc 3G UMTS R3
3G UMTS hE trA c7 chuy=n mch knh (CS) l<n chuy=n mch gi (PS) (tMc 56
trong CS: 384Mb/s v 2M/ps trong PS). V9i tMc 56 nh/ vIy c th= cung cJp thm
nhi4u dBch vD m9i giMng nh/ trong 5i-n thoi cM 5Bnh v Internet cho khch hng. Cc
dBch vD ny bao g8m: 5i-n thoi c hnh, m thanh chJt l/Ang cao v tMc 56 truy4n dT
li-u cao ti 5Xu cuMi. M6t tnh n#ng khc cang 5/Ac 5/a ra cng v9i 3G UMTS l
lun lun kFt nMi 5Fn Internet, 3G UMTS cang cung cJp vB tr tMt h:n v v thF hE
trA tMt h:n cc dBch vD dKa trn vB tr.
CJu trc bao g8m 3 phXn:
ThiFt bB ng/Hi s. dDng (UE) bao g8m: thiFt bB 5Xu cuMi (TE), thiFt bB di 56ng
(ME), modul nhIn dng thu bao UMTS (USIM);
Mng truy nhIp v tuyFn m>t 5Jt UMTS (UTRAN) bao g8m: B6 5i4u mng v
tuyFn (RNC), nt B (cc trm gMc BTS);
Mng li (CN) bao g8m: Mi4n chuy=n mch knh (CS), mi4n chuy=n mch gi
(PS), mi tr/Hng nh (HE).

Hnh 1.2 KiEn trc 3G UMTS R3.
1.4.1 Thi>t b_ ng]ci sd dang
ThiFt bB ng/Hi s. dDng (UE) l 5Xu cuMi mng UMTS c?a ng/Hi s. dDng. C
th= ni 5y l phXn h- thMng c nhi4u thiFt bB nhJt v sK pht tri=n c?a n 7nh h/^ng
l9n 5Fn cc Sng dDng v cc dBch vD kh7 dDng c?a cng ngh- 3G. Gi thnh c?a UE
)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
11
gi7m nhanh chng sd to 5i4u ki-n cho ng/Hi s. dDng mua thiFt bB c?a 3G UMTS.
,i4u ny 5t 5/Ac nhH tiu chu]n ha giao di-n v tuyFn v ci 5>t mOi tr tu- ti thZ
thng minh (USIM).
1.4.1.1 Cc BCu cuFi
V thiFt bB 5Xu cuMi by giH ngoi cung cJp cc dBch vD thoi cn cung cJp thm
cc dBch vD sM li-u m9i, nn tn c?a n 5/Ac chuy=n thnh 5Xu cuMi. Cc nh s7n suJt
5 5/a ra rJt nhi4u 5Xu cuMi dKa trn cc khi ni-m m9i, nh/ng trn thKc tF chV m6t sM
t l 5/Ac 5/a vo s7n xuJt. M>c d, cc 5Xu cuMi dK kiFn khc nhau v4 kch th/9c v
thiFt kF song tJt c7 chng 54u c mn hnh l9n v t phm h:n so v9i thiFt bB 2G. S^ df
nh/ vIy l 5= hE trA ng/Hi s. dDng 5Xu cuMi s. dDng thm nhi4u dBch vD sM li-u m9i.
V thF 5Xu cuMi tr^ thnh m6t t1 hAp c?a 5i-n thoi di 56ng, modem v my tnh cXm
tay.
,Xu cuMi hE trA hai giao di-n: giao di-n U
u
l lin kFt v tuyFn giTa UE v9i
UTRAN (giao di-n WCDMA). N 57m b7o ton b6 kFt nMi vIt l v9i mng UMTS;
giao di-n thS hai l giao di-n C
u
giTa USIM v9i 5Xu cuMi. Giao di-n ny tun theo tiu
chu]n cho cc thZ thng minh.
M>c d cc nh s7n xuJt c rJt nhi4u t/^ng v4 thiFt bB song hO v<n ph7i tun
theo m6t tIp tMi thi=u cc 5Bnh nghfa tiu chu]n, 5= cc khch hng s. dDng cc 5Xu
cuMi khc nhau c th= truy nhIp 5Fn m6t sM cc chSc n#ng c: s^ bYng cng m6t cch.
Cc tiu chu]n ny bao g8m:
+ Bn phm (phm vIt l ho>c phm 7o);
+ ,#ng k mIt kh]u m9i;
+ Thay 51i m PIN;
+ Gi7i ch>n PIN/PIN2;
+ Trnh by IMEI;
+ ,i4u khi=n cu6c gOi.
Cc phXn cn li c?a giao di-n sd dnh ring cho nh s7n xuJt v ng/Hi s. dDng
5= c th= chOn cho mnh 5Xu cuMi dKa trn hai tiu chu]n l thiFt kF v giao di-n. Giao
di-n l sK kFt hAp c?a kch c[ v thng tin do mn hnh cung cJp (mn hnh nt
chm), cc phm v menu.

)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
12

1.4.1.2 UICC (UMTS IC Card)
UMTS IC Card l m6t thZ thng minh. ,i4u m ta quan tm 5Fn n l dung
l/Ang nh9 v tMc 56 b6 x. l do n cung cJp, Sng dDng USIM chy trn UICC.
1.4.1.3 USIM
Trong GSM, SIM Card l/u trT thng tin c nhn (5#ng k thu bao). ,i4u ny
5/Ac thay 51i trong 3G UMTS, USIM 5/Ac ci nh/ m6t Sng dDng trn UICC. ,i4u
ny cho php l/u nhi4u Sng dDng v nhi4u chT k 5i-n t. (kha) h:n, phDc vD cho
nhi4u mDc 5ch khc (v dD nh/ m truy nhIp giao dBch ngn hng an ninh). Ngoi ra
c th= dng nhi4u USIM trn cng 1 UICC 5= c th= truy nhIp t9i nhi4u mng khc
nhau.
USIM chSa cc hm v sM li-u cXn thiFt 5= nhIn dng v nhIn thKc thu bao
cho mng UMTS. N c th= l/u c7 b7n sao h8 s: c?a thu bao.
Ng/Hi s. dDng ph7i tK mnh nhIn thKc 5Mi v9i USIM bYng cch nhIp m PIN.
,i4u ny 57m b7o chV ng/Hi s. dDng 5ch thKc m9i c th= truy nhIp 5/Ac vo mng
UMTS. Mng chV cung cJp cc dBch vD cho ng/Hi s. dDng no s. dDng 5Xu cuMi v9i
USIM 5/Ac 5#ng k.
1.4.2 M.ng truy nhep v tuy>n mYt Uft UMTS
Mng truy nhIp v tuyFn m>t 5Jt UMTS (UTRAN) l lin kFt giTa ng/Hi s.
dDng v mng li (CN). N bao g8m cc phXn t. 5= 57m b7o v 5i4u khi=n cc cu6c
truy4n thng trong mng UMTS.
UTRAN 5/Ac 5Bnh nghfa giTa hai giao di-n: giao di-n I
u
giTa UTRAN v CN,
giao di-n ny g8m hai phXn I
u
PS cho mi4n chuy=n mch gi v I
u
CS cho mi4n chuy=n
mch knh; giao di-n U
u
giTa UTRAN v9i UE. GiTa hai giao di-n ny l cc nt B v
cc b6 5i4u khi=n mng v tuyFn (RNC).
1.4.2.1 RNC
RNC chBu trch nhi-m qu7n l v 5i4u khi=n ti nguyn c?a cc trm gMc BTS
(nt B). ,y cang chnh l 5i=m truy nhIp dBch vD m UTRAN cung cJp cho mng li
CN. N 5/Ac nMi 5Fn CN bYng hai kFt nMi, m6t cho mi4n PS 5Fn SGSN v m6t cho
mi4n CS 5Fn MSC.
)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
13
M6t nhi-m vD t/:ng 5Mi quan trOng c?a RNC l b7o v- sK b mIt v ton vLn
thng tin. Sau khi th? tDc nhIn thKc v th\a thuIn kha (AKA) hon tJt cc kha b
mIt v ton vLn 5/Ac l/u ti RNC. Sau 5, cc kha ny 5/Ac s. dDng b^i cc hm an
ninh f8 v f9.
RNC c nhi4u chSc n#ng logic ty thu6c vo vi-c n phDc vD nt no, ng/Hi s.
dDng 5/Ac kFt nMi vo m6t RNC phDc vD (SRNC). Khi ng/Hi ny chuy=n 5Fn m6t
RNC khc nh/ng v<n kFt nMi v9i RNC ca, m6t RNC tri (DRNC) sd cung cJp ti
nguyn v tuyFn cho ng/Hi s. dDng ny. Nh/ng SRNC v<n qu7n l kFt nMi c?a ng/Hi
s. dDng ny 5Fn CN. ChSc n#ng cuMi cng c?a RNC l RNC 5i4u khi=n (CRNC). MEi
nt B c m6t CRNC chBu trch nhi-m qu7n l ti nguyn v tuyFn cho n.
1.4.2.2 Nt B
GiMng nh/ trong GSM, nt B (cc BTS) c nhi-m vD thKc hi-n kFt nMi v tuyFn
vIt l giTa 5Xu cuMi v9i n. N nhIn tn hi-u giao di-n I
ub
tN RNC v chuy=n vo tn
hi-u v tuyFn trn giao di-n U
u
. N cang thKc hi-n m6t sM thao tc qu7n l ti nguyn
v tuyFn c: s^ nh/: 5i4u khi=n cng suJt vng trong. Tnh n#ng ny 5= phng ngNa
vJn 54 gXn xa. Nghfa l nFu tJt c7 cc 5Xu cuMi 54u pht cng m6t cng suJt, th cc
5Xu cuMi gXn nt B nhJt sd che lJp tn hi-u tN cc 5Xu cuMi ^ xa. Nt B ki=m tra cng
suJt thu 5/Ac tN cc 5Xu cuMi khc nhau v thng bo cho chng t#ng ho>c gi7m cng
suJt, sao cho nt B lun thu 5/Ac cng suJt nh/ nhau tN tJt c7 cc 5Xu cuMi.
1.4.3 M.ng li
Mng li (CN) chia lm ba phXn: mi4n PS, CS v HE. Mi4n PS 57m b7o cc
dBch vD sM li-u cho ng/Hi s. dDng bYng cc kFt nMi 5Fn mng Internet v cc mng sM
li-u khc bYng cng ngh- IP. Mi4n CS 57m b7o cc dBch vD 5i-n thoi 5Fn cc mng
khc bYng cc kFt nMi TDM. Cc nt B 5/Ac kFt nMi v9i nhau bYng 5/Hng trDc c?a nh
khai thc, th/Hng s. dDng ATM ho>c IP.
1.4.3.1 SGSN
Nt hE trA GPRS phDc vD (SGSN) l nt mng chnh c?a mi4n PS, n kFt nMi
5Fn UTRAN thng qua giao di-n I
u
PS v 5Fn GGSN thng qua giao di-n G
n
. SGSN
chBu trch nhi-m cho tJt c7 kFt nMi PS c?a tJt c7 cc thu bao. N l/u trT hai ki=u dT
li-u thu bao: thng tin 5#ng k thu bao v thng tin vB tr thu bao.
SM li-u thu bao l/u trong SGSN g8m:
)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
14
+ SM nhIn dng thu bao quMc tF (IMSI);
+ SM nhIn dng thu bao tm thHi gi (P-TMSI);
+ ,Ba chV giao thSc sM li-u gi (PDP).
SM li-u vB tr thu bao l/u trong SGSN g8m:
+ Vng 5Bnh vB thu bao (RA);
+ SM VLR;
+ ,Ba chV GGSN c?a tNng GGSN c kFt nMi tch cKc.
1.4.3.2 GGSN
Nt hE trA GPRS c1ng (GGSN) l m6t SGSN c1ng c nhi-m vD kFt nMi v9i cc
mng sM li-u khc. TJt c7 cc cu6c truy4n thng sM li-u tN thu bao 5Fn cc mng
ngoi 54u qua GGSN. Cang giMng nh/ SGSN, n l/u hai ki=u sM li-u: thng tin 5#ng
k thu bao v thng tin vB tr thu bao. GGSN nMi 5Fn Internet thng qua giao di-n G
i

v 5Fn cc c1ng bin gi9i (BG) thng qua giao di-n G
p
.
SM li-u thu bao l/u trong GGSN g8m: IMSI; ,Ba chV PDP.
SM li-u vB tr l/u trong GGSN g8m: 5Ba chV SGSN hi-n thu bao 5ang nMi 5Fn.
1.4.3.3 BG
C1ng bin gi9i (BG) l c1ng giTa mi4n PS c?a mng UMTS v9i cc mng
PLMN khc. ChSc n#ng chnh c?a nt ny giMng nh/ t/Hng l.a c?a Internet, 5= 57m
b7o mng an ninh chMng li cc tJn cng bn ngoi.
1.4.3.4 VLR
Thanh ghi 5Bnh vB tm thHi (VLR) l b7n sao c?a HLR cho mng phDc vD SN.
DT li-u thu bao cXn thiFt 5= cung cJp cc dBch vD thu bao 5/Ac sao chp tN HLR v
l/u ti 5y, c7 MSC v SGSN 54u c VLR nMi v9i chng.
SM li-u 5/Ac l/u trong VLR g8m: IMSI; MSISDN; TMSI (nFu c); LA hi-n
thHi c?a thu bao; MSC/SGSN hi-n thHi m thu bao nMi 5Fn.
Ngoi cc sM li-u nu trn VLR cn l/u giT thng tin v4 cc dBch vD m thu
bao 5/Ac cung cJp. C7 SGSN v MSC 54u 5/Ac thKc hi-n trn cng m6t nt vIt l v9i
VLR. V thF gOi l VLR/SGSN hay VLR/MSC.
1.4.3.5 MSC
Trung tm chuy=n mch cc dBch vD di 56ng (MSC) thKc hi-n kFt nMi CS giTa
5Xu cuMi v9i mng. N thKc hi-n cc chSc n#ng bo hi-u v chuy=n mch cho cc thu
)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
15
bao trong vng qu7n l c?a mnh. ChSc n#ng c?a MSC trong UMTS cang giMng nh/
trong GSM. Song n c nhi4u kh7 n#ng h:n, cc kFt nMi CS 5/Ac thKc hi-n trn giao
di-n I
u
CS giTa UTRAN v MSC. Cc MSC 5/Ac nMi v9i mng ngoi 5/Ac gOi l
GMSC.
1.4.3.6 GMSC
MSC c1ng (GMSC) c th= l m6t trong sM cc MSC. GMSC thKc hi-n cc chSc
n#ng 5Bnh tuyFn 5Fn vng c MS. Khi mng ngoi tm cch kFt nMi 5Fn UMTS,
GMSC nhIn yu cXu thiFt lIp kFt nMi v h\i VLR v4 MSC hi-n thHi 5ang qu7n l MS.
1.4.3.7 HE
Mi tr/Hng nh (HE) l/u cc h8 s: thu bao c?a cc hng khai thc. N cang
cung cJp cho cc mng phDc vD (SN) cc thng tin v4 thu bao, c/9c 5= nhIn thKc
ng/Hi s. dDng v tnh c/9c cc dBch vD m ng/Hi s. dDng 5 s. dDng.
a. Thanh ghi 1Anh vA th+Mng tr (HLR)
HLR l c: s^ dT li-u c nhi-m vD qu7n l cc thu bao di 56ng, m6t mng di
56ng c th= chSa nhi4u HLR ty thu6c vo sM l/Ang thu bao, dung l/Ang c?a t/Hng
HLR v t1 chSc bn trong mng.
C: s^ dT li-u ny chSc IMSI, t nhJt m6t MSISDN (sM thu bao c trong danh
b 5i-n thoi) v t nhJt m6t 5Ba chV PDP. C7 IMSI v MSISDN c th= s. dDng lm
kha 5= truy nhIp 5Fn cc thng tin 5/Ac l/u khc. ,= 5Bnh tuyFn v tnh c/9c cu6c
gOi, HLR cn l/u giT thng tin v4 SGSN v VLR no hi-n 5ang qu7n l thu bao. Cc
dBch vD khc nh/ chuy=n h/9ng cu6c gOi, tMc 56 sM li-u v th/ thoi cang c trong
danh sch cng v9i cc hn chF v4 dBch vD hay hn chF v4 chuy=n mng.
HLR v AuC l hai nt mng logic, nh/ng th/Hng 5/Ac thKc hi-n trong cng
m6t nt vIt l. HLR l/u giT mOi thng tin v4 ng/Hi s. dDng v 5#ng k thu bao nh/
thng tin tnh c/9c, cc dBch vD no 5/Ac cung cJp v cc dBch vD no bB tN chMi,
thng tin chuy=n h/9ng cu6c gOi. Nh/ng thng tin quan trOng nhJt l hi-n VLR v
SGSN no 5ang qu7n l thu bao.
b. Trung tm nh;n thVc AuC
AuC l/u giT ton b6 sM li-u cXn thiFt 5= nhIn thKc, mIt m ha v b7o v- ton
vLn thng tin cho ng/Hi s. dDng. N lin kFt v9i HLR v 5/Ac thKc hi-n cng v9i
)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
16
HLR trong cng m6t nt vIt l. Tuy nhin, cXn 57m b7o rYng AuC chV cung cJp thng
tin v4 cc vec-t: nhIn thKc (AV) cho HLR.
AuC l/u giT kha ch? K cho tNng thu bao cng v9i tJt c7 cc hm to kha tN
f0 5Fn f5. N to ra cc AV c7 trong thHi gian thKc khi SGSN/VLR yu cXu hay khi t7i
x. l thJp, l<n cc AV dK trT.
c. Thanh ghi nh;n dLng thiEt bA EIR
EIR chBu trch nhi-m l/u cc sM nhIn dng thiFt bB di 56ng quMc tF (IMEI), 5y
l sM nhIn dng duy nhJt cho thiFt bB 5Xu cuMi. C: s^ dT li-u 5/Ac chia lm ba danh
mDc: danh mDc trRng, xm v 5en. Danh mDc trRng chSa cc IMEI 5/Ac php truy
nhIp mng. Danh mDc xm chSa cc IMEI c?a cc 5Xu cuMi 5ang bB theo di, cn
danh mDc 5en chSa cc IMEI c?a cc 5Xu cuMi bB cJm truy nhIp mng. Khi m6t 5Xu
cuMi 5/Ac thng bo bB mJt cRp, IMEI c?a n sd bB li-t vo danh mDc 5en. V thF n bB
cJm truy nhIp mng. Danh mDc ny cang c th= 5/Ac dng 5= cJm cc seri my 5>c
bi-t khng 5/Ac truy nhIp mng khi chng khng hot 56ng theo tiu chu]n.
1.4.4 Cc m.ng ngoi
Cc mng ngoi khng ph7i l b6 phIn c?a UMTS nh/ng chng cXn thiFt 5=
57m b7o truy4n thng giTa cc nh khai thc. Cc mng ngoi c th= l cc mng 5i-n
thoi nh/ PSTN, ISDN, PLMN khc ho>c Internet
1.4.5 Cc giao dign
Vai tr c?a cc nt khc nhau c?a mng chV 5/Ac 5Bnh nghfa thng qua cc giao
di-n khc nhau. Cc giao di-n ny 5/Ac 5Bnh nghfa ch>t chd 5= cc nh s7n xuJt c th=
kFt nMi cc phXn cSng khc nhau c?a hO.
1.4.5.1 Giao di&n C
u

Giao di-n C
u
l giao di-n chu]n cho cc thZ thng minh. Trong UE 5y l n:i
kFt nMi giTa USIM v UE.
1.4.5.2 Giao di&n U
u

Giao di-n U
u
l giao di-n v tuyFn c?a WCDMA trong UMTS. ,y l giao
di-n m qua 5 UE truy nhIp vo phXn cM 5Bnh c?a mng. Giao di-n ny nYm giTa nt
B v 5Xu cuMi.
1.4.5.3 Giao di&n I
u

)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
17
Giao di-n I
u
kFt nMi UTRAN v CN. N g8m hai phXn, I
u
PS cho mi4n chuy=n
mch gi, I
u
CS cho mi4n chuy=n mch knh. CN c th= kFt nMi 5Fn nhi4u UTRAN cho
c7 giao di-n I
u
CS v I
u
PS. Nh/ng m6t UTRAN chV c th= kFt nMi 5Fn m6t 5i=m truy
nhIp CN.
1.4.5.4 Giao di&n I
ur

,y l giao di-n giTa cc RNC. Ban 5Xu 5/Ac thiFt kF 5= 57m b7o chuy=n giao
m4m giTa cc RNC, nh/ng trong qu trnh pht tri=n nhi4u tnh n#ng m9i 5/Ac b1
sung. Giao di-n ny 57m b7o bMn tnh n#ng n1i bIt sau:
+ Di 56ng giTa cc RNC;
+ L/u thng knh ring;
+ L/u thng knh chung;
+ Qu7n l ti nguyn ton cDc.
1.4.5.5 Giao di&n I
ub

Giao di-n I
ub
nMi nt B v RNC. Khc v9i GSM 5y l giao di-n m^.

1.5 Ki>n trc 3G UMTS R4
SK khc nhau c: b7n giTa R3 v R4 l ^ mng li (CN). Ti 5y chuy=n mch
phn tn v chuy=n mch m4m 5/Ac 5/a vo 5= thay thF cho cc MSC truy4n thMng.
V4 c: b7n MSC 5/Ac chia thnh cc MSC Server v cc c1ng ph/:ng ti-n
(MGW). MSC Server chSa tJt c7 cc phXn m4m 5i4u khi=n cu6c gOi v qu7n l di
56ng ^ m6t MSC tiu chu]n, tuy nhin n khng chSa ma trIn chuy=n mch. Ma trIn
chuy=n mch li 5/Ac nYm trong MGW v 5/Ac MSC Server 5i4u khi=n, c th= 5>t ^
xa MSC Server.
Bo hi-u 5i4u khi=n cc cu6c gOi chuy=n mch knh 5/Ac thKc hi-n giTa cc
RNC v MSC Server. Cn 5/Hng truy4n cho cc cu6c gOi chuy=n mch knh 5/Ac
thKc hi-n giTa cc RNC v MGW. Thng th/Hng MGW nhIn cc cu6c gOi tN RNC v
5Bnh tuyFn cc cu6c gOi ny 5Fn n:i nhIn, trn cc 5/Hng trDc gi. Trong nhi4u tr/Hng
hAp 5/Hng trDc gi s. dDng giao thSc truy4n t7i thHi gian thKc (RTP) trn giao thSc
IP. TN hnh 1.3 ta thJy l/u l/Ang sM li-u gi tN RNC 5i qua SGSN v t9i GGSN trn
mng 5/Hng trDc IP. Nh/ vIy, c7 sM li-u v tiFng 54u c th= s. dDng truy4n t7i IP bn
trong mng li. ,y l mng truy4n t7i hon ton IP.
)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
18
HSS/
HLR
Sniff er Serv er moni t or ing/ anal ysi s
Sniffe r Se rve r moni t o ri ng/ anal y sis
SS7
PSTN
Sniff er Serve r moni t or ing/ anal ysi s Sniff er Se rve r mo ni t or ing/ anal ysi s
Internet
Iub
PCM
RNC
GGSN SGSN
RNC
Iub
Iur
Gi
(IP)
GMSC Server
IP
H248/IP
RTP/IP
MGW
Nt B
Nt B
SS7 GW
MSC Server
H248/IP
Gn
(GTP/IP)
Iu-ps
SS7 GW
Iu-cs (iu
khin)
Iu-cs
(Vt mang)
MGW

Hnh 1.3 KiEn trc 3G UMTS R4.
Ti n:i m m6t cu6c gOi truy4n 5Fn m6t mng khc (v dD nh/ PSTN) sd c
m6t c1ng cc ph/:ng ti-n MGW 5/Ac 5i4u khi=n b^i MSC Server c1ng (GMSC
Server). MGW ny sd chuy=n tiFng thoi, 5/Ac 5ng gi thnh PCM tiu chu]n 5= 5/a
5Fn PSTN. V thF, chuy=n 51i m chV cXn thKc hi-n ti 5i=m ny. V dD ta gi7 thiFt
rYng nFu tiFng ^ giao di-n v tuyFn 5/Ac truy4n ti tMc 56 12,2K/ps th tMc 56 ny chV
ph7i chuy=n thnh 64Kb/s ^ MGW giao di-n v9i PSTN. Truy4n t7i ki=u ny cho php
tiFt ki-m 5ng k= 56 r6ng b#ng tXn, nhJt l khi MGW 5>t cch xa nhau.
Giao thSc 5i4u khi=n giTa MSC Server ho>c GMSC Server v9i MGW l giao
thSc H.248. Giao thSc ny do ITU v IETF c6ng tc pht tri=n. N c tn l
MEGACO (5i4u khi=n c1ng cc ph/:ng ti-n). Giao thSc giTa MSC Server v9i GMSC
Server c th= l m6t giao thSc bJt k%. 3GPP 54 nghB s. dDng (khng bRt bu6c) giao
thSc 5i4u khi=n cu6c gOi 56c lIp knh mang (BICC).
Trong nhi4u tr/Hng hAp MSC Server hE trA cc chSc n#ng c?a GMSC Server.
Ngoi ra, MGW cn c kh7 n#ng giao di-n v9i RAN v PSTN. Khi 5 cu6c gOi 5Fn
ho>c tN PSTN c th= chuy=n thnh n6i ht. NhH vIy c th= tiFt ki-m 5ng k= 5Xu t/.
,= lm v dD ta xt tr/Hng hAp khi m6t RNC 5/Ac 5>t ti thnh phM A v 5/Ac
5i4u khi=n b^i m6t MSC 5>t ti thnh phM B. Gi7 s. thu bao thnh phM A thKc hi-n
cu6c gOi n6i ht. NFu khng c cJu trc phn bM, cu6c gOi cXn chuy=n tN thnh phM A
)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
19
5Fn thnh phM B (n:i c MSC) 5= 5Ju nMi v9i thu bao PSTN ti chnh thnh phM A.
V9i cJu trc phn bM, cu6c gOi c th= 5/Ac 5i4u khi=n ti MSC Server ^ thnh phM B
nh/ng 5/Hng truy4n cc ph/:ng ti-n thKc tF c th= v<n ^ thnh phM A, nhH vIy gi7m
5ng k= yu cXu truy4n d<n v gi thnh khai thc mng.
HLR ^ 5y c th= 5/Ac gOi l Server thu bao ti nh (HSS). HSS v HLR c
chSc n#ng t/:ng 5/:ng nhau, ngoi trN giao di-n v9i HSS l giao di-n trn c: s^
truy4n t7i gi (v dD nh/ IP). Trong khi HLR s. dDng giao di-n SS7 dKa trn c: s^ bo
hi-u sM 7. Ngoi ra cn c cc giao di-n (khng c trn hnh vd) giTa SGSN v9i
HLR/HSS v giTa GGSN v9i HLR/HSS.
RJt nhi4u giao di-n 5/Ac s. dDng bn trong mng li l cc giao thSc trn c: s^
gi s. dDng IP ho>c ATM. Tuy nhin, mng ph7i giao di-n v9i cc mng truy4n thMng
qua vi-c s. dDng cc c1ng ph/:ng ti-n MGW. Ngoi ra mng cang ph7i giao di-n v9i
cc mng SS7 tiu chu]n. Giao di-n ny 5/Ac thKc hi-n thng qua SS7GW. ,y l
c1ng m ^ m6t pha n hE trA truy4n t7i b7n tin SS7 trn 5/Hng truy4n t7i SS7 tiu
chu]n, ^ pha kia n truy4n t7i cc b7n tin Sng dDng SS7 trn mng gi (IP ch`ng hn).
Cc thKc th= nh/ MSC Server, GMSC Server v HSS lin lc v9i c1ng SS7 (SS7GW)
bYng cch s. dDng cc giao thSc truy4n t7i 5/Ac thiFt kF 5>c bi-t mang cc b7n tin SS7
^ mng IP. B6 giao thSc ny 5/Ac gOi l Sigtran.

1.6 Ki>n trc 3G UMTS R5
B/9c pht tri=n tiFp theo c?a 3G UMTS l 5/a ra kiFn trc mng 5a ph/:ng
ti-n IP (hnh 1.4) trong R5. B/9c pht tri=n ny th= hi-n sK thay 51i ton b6 m hnh
cu6c gOi. b 5y c7 tiFng v sM li-u 54u 5/Ac x. l giMng nhau trn ton b6 5/Hng
truy4n tN 5Xu cuMi c?a ng/Hi s. dDng 5Fn n:i nhIn cuMi cng. C th= ni kiFn trc ny
l sK h6i tD ton di-n c7 tiFng v sM li-u.
TN hnh vd ta thJy, tiFng v sM li-u khng cXn cc giao di-n cch bi-t chV c m6t
giao di-n I
u
duy nhJt mang tJt c7 cc ph/:ng ti-n. Trong mng li giao di-n ny kFt
cuMi ti SGSN v khng c MGW ring.

)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
20
SS7
HSS/
HLR
Snif fe r S er ve r moni t or i ng/ ana l ysi s
Sn iff er Se rv e r mon i t or in g/a nal ysi s
SS7
PSTN
Sn iffe r Se rv er moni t or i ng /an al y sis
S nif fe r S er ve r mo ni t or i ng/ ana l ysi s
Internet
Iub
Gr
PCM
RNC
GGSN
SGSN
RNC
Iub
Iur
Gn Gi
Gi
MRF
T-SGW
Mc
Mg
Mr
Gi
Cx
CSCF
R-SGW
CSCF
MGCF
MGW
Node B
Node B
Cx
Iu

Hnh 1.4 KiEn trc mLng 1a ph+7ng ti(n 3G UMTS R5.
Ta cang thJy c m6t sM phXn t. mng m9i nh/: chSc n#ng 5i4u khi=n trng thi
kFt nMi (CSCF); chSc n#ng ti nguyn 5a ph/:ng ti-n (MRF); chSc n#ng c1ng cc
ph/:ng ti-n (MGCF); c1ng bo hi-u truy4n t7i (TSGW) v c1ng bo hi-u chuy=n
mng (RSGW).
M6t nt quan trOng c?a kiFn trc ton vLn IP l thiFt bB ng/Hi s. dDng 5/Ac
t#ng c/Hng rJt nhi4u, nhi4u phXn m4m 5/Ac ci 5>t ^ UE. Trong thKc tF, UE hE trA
giao thSc kh^i to phin (SIP). UE tr^ thnh m6t tc nhn c?a ng/Hi s. dDng SIP. Nh/
vIy UE c kh7 n#ng 5i4u khi=n cc dBch vD l9n h:n tr/9c rJt nhi4u.
ChSc n#ng 5i4u khi=n trng thi kFt nMi (CSCF) qu7n l vi-c thiFt lIp duy tr v
gi7i phng cc phin 5a ph/:ng ti-n 5Fn v 5i tN ng/Hi s. dDng. N bao g8m cc chSc
n#ng nh/ phin dBch v 5Bnh tuyFn. CSCF hot 56ng nh/ m6t Server 5i di-n.
SGSN v GGSN l phin b7n t#ng c/Hng c?a cc nt 5/Ac s. dDng ^ GPRS v
3G UMTS R3 v R4. ,i=m khc nhau duy nhJt l ^ chE cc nt ny khng chV hE trA
dBch vD sM li-u gi m c7 dBch vD chuy=n mch knh (v dD nh/ tiFng thoi). V thF cXn
hE trA cc kh7 n#ng chJt l/Ang dBch vD (QoS) ho>c bn trong SGSN v GGSN, ho>c t
nhJt l ^ cc Router kFt nMi trKc tiFp v9i chng.
)D n tFt nghi&p B2i hGc Ch"ng 1: THng quan v* 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
21
ChSc n#ng ti nguyn 5a ph/:ng ti-n (MRF) l chSc n#ng lIp cXu h6i nghB,
5/Ac s. dDng 5= hE trA cc tnh n#ng nh/ t1 chSc cu6c gOi nhi4u pha v dBch vD h6i
nghB.
C1ng bo hi-u truy4n t7i (TSGW) l m6t c1ng bo hi-u SS7 5= 57m b7o t/:ng
tc SS7 v9i cc mng tiu chu]n ngoi nh/ PTSN. TSGW hE trA cc giao thSc Sigtran.
C1ng bo hi-u chuy=n mng (RSGW) l m6t nt 57m b7o t/:ng tc bo hi-u
v9i cc mng di 56ng hi-n c s. dDng SS7 tiu chu]n. Trong nhi4u tr/Hng hAp TSGW
v RSGW cng t8n ti trn m6t n4n t7ng.
MGW thKc hi-n t/:ng tc v9i cc mng ngoi ^ mSc 5/Hng truy4n 5a ph/:ng
ti-n. MGW ^ kiFn trc R5 c chSc n#ng giMng nh/ ^ R4, MGW 5/Ac 5i4u khi=n b^i
chSc n#ng 5i4u khi=n c1ng cc ph/:ng ti-n (MGCF). Giao thSc 5i4u khi=n giTa cc
thKc th= l H.248.
MGCF lin lc v9i CSCF thng qua giao di-n SIP.
CXn l/u rYng pht hnh cJu trc ton IP ^ R5 l m6t t#ng c/Hng c?a kiFn trc
R3 v R4. N 5/a thm vo m6t vng m9i trong mng, 5 l vng 5a ph/:ng ti-n IP
(IMS). Vng m9i ny cho php mang c7 tiFng v sM li-u trn IP, trn ton tuyFn nMi
5Fn my cXm tay. Vng ny s. dDng mi4n chuy=n mch gi PS cho mDc 5ch truy4n
t7i s. dDng SGSN, GGSN, G
n
, G
i
l cc nt v giao di-n thu6c vng PS.

1.7 K>t luen
Trong ch/:ng ny chng ta 5 5i tm hi=u m6t cch chung nhJt v4 lBch s. pht
tri=n c?a h- thMng thng tin di 56ng thF gi9i; cc 5>c tnh 5>c tr/ng, cc loi hnh dBch
vD v l/u l/Ang m h- thMng 3G UMTS hE trA. ,>c bi-t ^ cuMi ch/:ng chng ta 5 5i
tm hi=u lXn l/At kiFn trc c?a ba phin b7n c?a 3G UMTS (R3; R4; R5). Qua 5 gip
ta c ci nhn t1ng quan v4 h- thMng 3G UMTS. TN 5 lm c: s^ 5= 5i su nghin cSu
cc ch/:ng tiFp theo, 5>c bi-t l ch/:ng chnh c?a quy=n 58 n (ch/:ng 3).
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
22
CH%MNG II: AN NINH TRONG THNG TIN DI (QNG

2.1 T.o lep mi tr]cng an ninh
An ninh 5Xu cuMi l sK 57m b7o cho truy4n d<n sM li-u 5/Ac an ton, nguyn
vLn trn ton b6 5/Hng truy4n tN 5Xu pht 5Fn 5Xu thu. ,= 57m b7o 5/Ac 5i4u ny, ta
cXn xt 5Fn ton b6 mi tr/Hng truy4n thng. N bao g8m truy nhIp mng; cc phXn
t. trung gian v cc Sng dDng my khch. C n#m mDc tiu quan trOng v lin quan
5Fn vi-c to lIp mi tr/Hng an ninh:
2.1.1 Nhen thhc
NhIn thKc l qu trnh ki=m tra tnh hAp l- c?a cc 5Mi t/Ang tham gia thng tin
trong cc mng khng dy. Qu trnh ny 5/Ac thKc hi-n ti hai l9p: l9p mng v l9p
Sng dDng. L9p mng 5i h\i ng/Hi s. dDng ph7i 5/Ac nhIn thKc, tr/9c khi 5/Ac php
truy nhIp. L9p Sng dDng nhIn thKc quan trOng ti hai mSc my khch (Client) v my
ch? (Server). ,= 5/Ac truy nhIp mng Client ph7i chSng t\ v9i Server rYng b7n tin
c?a n ph7i hAp l-. ,8ng thHi tr/9c khi Client cho php m6t Server nMi 5Fn n, Server
ph7i tK mnh nhIn thKc v9i Sng dDng Client. Cch nhIn thKc 5:n gi7n nhJt km an
ton l s. dDng Username v Password. M6t sM ph/:ng php tin tiFn h:n l s. dDng
chSng nhIn sM (chT k 5i-n t.).
2.1.2 Ton vin sj ligu
Ton vLn sM li-u l sK 57m b7o sM li-u truy4n thng khng bB thay 51i hay ph
hoi trong qu trnh truy4n tN n:i pht 5Fn n:i thu. BYng cch p dDng m6t gi7i thuIt
cho b7n tin, m6t m nhIn thKc b7n tin (MAC) 5/Ac ci vo b7n tin 5/Ac g.i 5i. Khi
pha thu nhIn 5/Ac b7n tin ny, n tnh ton MAC v so snh v9i MAC ci trong b7n
tin. NFu chng giMng nhau th chSng t\ b7n tin gMc khng bB thay 51i, nFu n khc
nhau th pha thu sd loi b\ b7n tin ny.
2.1.3 BVo met
B7o mIt l m6t kha cnh rJt quan trOng c?a an ninh v v thF th/Hng 5/Ac ni
5Fn nhi4u nhJt. MDc 5ch c?a n l 5= 57m b7o tnh ring t/ c?a sM li-u chMng li sK
nghe, 5Oc tr6m sM li-u tN nhTng ng/Hi khng 5/Ac php. Cch ph1 biFn nhJt 5/Ac s.
dDng l mIt m ha sM li-u. Qu trnh ny bao g8m m ha b7n tin vo dng khng
5Oc 5/Ac 5Mi v9i bJt k% my thu no, ngoi trN my thu ch? 5Bnh.
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
23
2.1.4 Trao quyTn
Trao quy4n l qu trnh quy 5Bnh mSc 56 truy nhIp c?a ng/Hi s. dDng, ng/Hi
s. dDng 5/Ac quy4n thKc hi-n m6t sM hnh 56ng. Trao quy4n th/Hng lin h- mIt thiFt
v9i nhIn thKc. M6t khi ng/Hi s. dDng 5 5/Ac nhIn thKc, h- thMng c th= quyFt 5Bnh
ng/Hi s. dDng 5/Ac lm g. Danh sch 5i4u khi=n truy nhIp ACL th/Hng 5/Ac s.
dDng cho qu trnh ny. V dD, m6t ng/Hi s. dDng chV c th= truy nhIp 5= 5Oc m6t tIp
tin sM li-u. Trong khi 5 nh qu7n l ho>c m6t ngu8n tin cIy khc c th= truy nhIp 5=
viFt, s.a chTa tIp tin sM li-u 5.
2.1.5 Cfm tk chji
CJm tN chMi l bi-n php bu6c cc pha ph7i chBu trch nhi-m v4 giao dBch m
chng 5 tham gia, khng 5/Ac php tN chMi tham gia giao dBch. ,i4u ny c nghfa l
c7 bn pht v bn thu 54u c th= chSng minh rYng pha pht 5 pht b7n tin, pha thu
5 thu 5/Ac b7n tin t/:ng tK. ,= thKc hi-n qu trnh ny, mEi giao dBch ph7i 5/Ac k
bYng m6t chT k 5i-n t. v 5/Ac pha thS ba tin cIy ki=m tra v 5nh dJu thHi gian.
2.2 Cc Ue dla an ninh
MuMn 5/a ra cc gi7i php an ninh, tr/9c hFt ta cXn nhIn biFt cc 5e dOa ti4m
]n c nguy hi 5Fn an ninh c?a h- thMng thng tin. Sau 5y l cc 5e dOa an ninh
th/Hng g>p trong mng.
2.2.1 (ng giV
L 5Bnh c?a kZ truy nhIp tri php vo m6t Sng dDng ho>c m6t h- thMng bYng
cch 5ng gi7 ng/Hi khc. NFu kZ 5ng gi7 truy nhIp thnh cng, hO c th= to ra cc
cu tr7 lHi gi7 dMi v9i cc b7n tin 5= 5t 5/Ac hi=u biFt su h:n v truy nhIp vo cc
b6 phIn khc c?a h- thMng. ,ng gi7 l vJn 54 chnh 5Mi v9i an ninh Internet v v
tuyFn Internet, kZ 5ng gi7 c th= lm cho cc ng/Hi s. dDng chnh thMng tin rYng
mnh 5ang thng tin v9i m6t ngu8n tin cIy. ,i4u ny v cng nguy hi=m, v thF ng/Hi
s. dDng ny c th= cung cJp thng tin b1 sung c lAi cho kZ tJn cng 5= chng c th=
truy nhIp thnh cng 5Fn cc b6 phIn khc c?a h- thMng.
2.2.2 Gim st
MDc 5ch c?a gim st l theo di, gim st dng sM li-u trn mng. Trong khi
gim st c th= 5/Ac s. dDng cho cc mDc 5ch 5ng 5Rn, th n li th/Hng 5/Ac s.
dDng 5= sao chp tri php sM li-u mng. ThKc chJt gim st l nghe tr6m 5i-n t.,
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
24
bYng cch ny kZ khng 5/Ac php truy nhIp c th= lJy 5/Ac cc thng tin nhIy c7m
gy hi cho ng/Hi s. dDng, cc Sng dDng v cc h- thMng. Gim st th/Hng 5/Ac s.
dDng kFt hAp v9i 5ng gi7. Gim st rJt nguy hi=m v n d( thKc hi-n nh/ng kh pht
hi-n. ,= chMng li cc cng cD gim st tinh vi, mIt m ha sM li-u l ph/:ng php
hTu hi-u nhJt. D kZ s. dDng tri php c truy nhIp thnh cng vo sM li-u 5 5/Ac
mIt m nh/ng cang khng th= gi7i mIt m 5/Ac sM li-u ny. V vIy, ta cXn 57m b7o
rYng giao thSc mIt m 5/Ac s. dDng hXu nh/ khng th= bB ph v[.
2.2.3 Lm giV
Lm gi7 sM li-u hay cn gOi l 5e dOa tnh ton vLn lin quan 5Fn vi-c thay 51i
sM li-u so v9i dng ban 5Xu v9i 58 xJu. Qu trnh ny lin quan 5Fn c7 ch>n truy4n
sM li-u l<n cc sM li-u 5/Ac l/u trn cc Server hay Client. SM li-u bB lm gi7 (thay 51i)
sau 5 5/Ac truy4n 5i nh/ b7n gMc. p dDng mIt m ha, nhIn thKc v trao quy4n l
cc cch hTu hi-u 5= chMng li sK lm gi7 sM li-u.
2.2.4 8n cmp
Pn cRp thiFt bB l vJn 54 th/Hng x7y ra 5Mi v9i thng tin di 56ng. Ta khng chV
mJt thiFt bB m cn mJt c7 cc thng tin b mIt l/u trong 5. ,i4u ny 5>c bi-t nghim
trOng 5Mi v9i cc Client thng minh, v chng th/Hng chSa sM li-u khng 51i v b
mIt. V thF, ta cXn tun th? theo cc quy tRc sau 5= 57m b7o an ninh 5Mi v9i cc thiFt
bB di 56ng:
+ Kha thiFt bB bYng Username v Password 5= chMng truy nhIp d( dng;
+ Yu cXu nhIn thKc khi truy nhIp 5Fn cc Sng dDng l/u trong thiFt bB;
+ Tuy-t 5Mi khng l/u mIt kh]u trn thiFt bB;
+ MIt m tJt c7 cc ph/:ng ti-n l/u sM li-u cM 5Bnh;
+ p dDng cc chnh sch an ninh 5Mi v9i nhTng ng/Hi s. dDng di d6ng.
NhIn thKc, mIt m v cc chnh sch an ninh l cc bi-n php 5= ng#n ch>n
vi-c truy nhIp tri php sM li-u tN cc thiFt bB di 56ng bB mJt ho>c bB lJy cRp.





)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
25
2.3 Cc cng nghg an ninh
2.3.1 Cng nghg met m
MDc 5ch chnh c?a mIt m l 57m b7o thng tin giTa hai 5Mi t/Ang trn knh
thng tin khng an ninh, 5= 5Mi t/Ang thS ba khng th= hi=u 5/Ac thng tin 5/Ac
truy4n l g. Thot nhn c vZ mIt m l khi ni-m 5:n gi7n, nh/ng thKc chJt n rJt
phSc tp, nhJt l v9i cc mng di 56ng b#ng r6ng nh/ 3G UMTS.
2.3.1.1 Cc gi>i php v giao thJc
Cng ngh- mIt m hot 56ng trn nhi4u mSc, mSc thJp nhJt l cc gi7i thuIt
mIt m. Cc gi7i thuIt mIt m trnh by cc b/9c cXn thiFt 5= thKc hi-n m6t tnh ton,
th/Hng l chuy=n 51i sM li-u tN m6t khun dng ny vo khun dng khc.
Giao thSc li 5/Ac xy dKng trn gi7i thuIt ny, giao thSc m t7 ton b6 qu
trnh thKc hi-n cc hot 56ng c?a cng ngh- mIt m.
M6t gi7i thuIt mIt m tuy-t h7o khng nhJt thiFt 5/Ac coi l giao thSc mnh.
Giao thSc chBu trch nhi-m cho c7 mIt m sM li-u l<n truy4n sM li-u v trao 51i kha.
,Vnh c?a giao thSc l Sng dDng, m6t giao thSc mnh ch/a th= 57m b7o an ninh
vTng chRc. V b7n thn Sng dDng c th= d<n 5Fn vJn 54 khc, v thF 5= to ra m6t gi7i
php an ninh cXn m6t giao thSc mnh cang nh/ thKc hi-n Sng dDng b4n chRc.
2.3.1.2 M7t m ha sF li&u
N4n t7ng c?a mOi h- thMng mIt m l mIt m ha. Qu trnh ny 5/Ac thKc
hi-n nh/ sau: tIp sM li-u thng th/Hng (v#n b7n th) 5/Ac biFn 51i v4 dng khng th=
5Oc 5/Ac (v#n b7n 5 mIt m). MIt m cho php ta 57m b7o tnh ring t/ c?a sM li-u
nhy c7m, ngay c7 khi nhTng kZ khng 5/Ac php truy nhIp thnh cng vo mng.
Cch duy nhJt c th= 5Oc 5/Ac sM li-u l gi7i mIt m.
Cc gi7i thuIt hi-n 5i s. dDng cc kha 5= 5i4u khi=n mIt m v gi7i mIt m
sM li-u. M6t khi b7n tin 5 5/Ac mIt m, ng/Hi s. dDng ti 5Xu thu c th= dng m
t/:ng Sng 5= gi7i mIt m, cc gi7i thuIt s. dDng kha mIt m g8m hai loi: 5Mi xSng
v bJt 5Mi xSng.
2.3.2 Cc giVi thuet Uji xnng
Cc gi7i thuIt 5Mi xSng s. dDng kha duy nhJt cho c7 mIt m ha l<n gi7i mIt
m ha tJt c7 cc b7n tin. Pha pht s. dDng kha 5= mIt m ha b7n tin, sau 5 g.i n
5Fn pha thu xc 5Bnh. Sau khi nhIn 5/Ac b7n tin pha thu s. dDng chnh kha ny 5=
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
26
gi7i mIt m. Gi7i thuIt ny chV lm vi-c tMt khi c cch an ton 5= trao 51i kha giTa
bn pht v bn thu. RJt tiFc l phXn l9n vJn 54 x7y ra khi trao 51i kha giTa hai bn.
Trao 51i kha l m6t vJn 54 m b7n thn mIt m ha 5Mi xSng khng th= tK gi7i quyFt
5/Ac, nFu khng c ph/:ng php trao 51i kha an ton.
MIt m ha 5Mi xSng cn 5/Ac gOi l mIt m ha bYng kha b mIt, dng ph1
biFn nhJt c?a ph/:ng php ny l tiu chu]n mIt m ha sM li-u (DES) 5/Ac pht tri=n
tN nhTng n#m 1970. TN 5 5Fn nay, nhi4u dng mIt m ha 5Mi xSng an ninh 5 5/Ac
pht tri=n, 5Sng 5Xu trong sM chng l tiu chu]n mIt m ha tin tiFn (AES) dKa trn
gi7i thuIt Rijindael, DES 3 lXn, gi7i thuIt mIt m ha sM li-u quMc tF (IDEA),
Blowfish v hO cc gi7i thuIt c?a Rivert (RC2, RC4, RC5, RC6).
,= gi7i thch mIt m ha 5Mi xSng ta xt qu trnh mIt m c: s^ sau:

Hnh 2.1 Minh hPa c7 chE c7 sQ cHa m;t m bRng kha duy nh?t.
Lu8ng sM li-u (v#n b7n th) s. dDng kha ring duy nhJt (m6t lu8ng sM li-u
khc) thKc hi-n php tnh c6ng 5= to ra lu8ng sM li-u thS ba (v#n b7n 5 5/Ac mIt
m). Sau 5 v#n b7n ny 5/Ac g.i qua knh thng tin 5= 5Fn bn thu. Sau khi thu 5/Ac
b7n tin, pha thu s. dDng kha chia sZ (giMng kha bn pht) 5= gi7i mIt m (biFn 51i
ng/Ac) v 5/Ac v#n b7n gMc.
Ph/:ng php trn c m6t sM nh/Ac 5i=m: tr/9c hFt khng thKc tF khi kha ph7i
c 56 di bYng 56 di sM li-u, m>c d kha cng di cng cho tnh an ninh cao v cng
kh m^ kha. Thng th/Hng cc kha ngRn 5/Ac s. dDng (64 ho>c 128bit) v chng
5/Ac l>p li nhi4u lXn cho sM li-u. Cc php ton phSc tp h:n c th= 5/Ac s. dDng v
php c6ng khng 5? 5= 57m b7o. Tiu chu]n mIt m ha sM li-u (DES) th/Hng 5/Ac
s. dDng, m>c d khng ph7i l 57m b7o nhJt. Nh/Ac 5i=m thS hai l pha pht v pha
thu 54u s. dDng m6t kha chung (kha chia sZ). VIy lm thF no 5= g.i kha ny m6t
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
27
cch an ton tN pha pht 5Fn pha thu. Ph7i ch#ng 5i4u ny c nghfa rYng cJu to ra
m6t kha ring duy nhJt v chuy=n 5Fn 5Mi tc cXn thng tin? PhXn mIt m ha kha
cng khai sd tr7 lHi cho cXu h\i ny.
2.3.3 Cc giVi thuet bft Uji xnng
Cc gi7i thuIt bJt 5Mi xSng gi7i quyFt vJn 54 chnh x7y ra 5Mi v9i cc h- thMng
kha 5Mi xSng. N#m 1975, Whitfield Diffie v Martin Hellman 5 pht tri=n m6t gi7i
php, trong 5 hai kha lin quan v9i nhau 5/Ac s. dDng, m6t 5/Ac s. dDng 5= mIt
m ha (kha cng khai) v m6t 5/Ac s. dDng 5= gi7i mIt m ha (kha ring). Kha
thS nhJt 5/Ac phn phMi r6ng ri trn cc 5/Hng truy4n khng an ninh cho mDc 5ch
s. dDng cng khai. Kha thS hai khng bao giH 5/Ac truy4n trn mng v n chV 5/Ac
s. dDng b^i pha 5Mi tc cXn gi7i mIt m sM li-u. Hai kha ny lin h- v9i nhau m6t
cch phSc tp bYng cch s. dDng rJt nhi4u sM nguyn tM v cc hm m6t chi4u. K_
thuIt ny d<n 5Fn khng th= tnh ton 5/Ac kha ring dKa trn kha cng khai. Kha
cng di th cng kh ph v[ h- thMng. Cc h- thMng kha 64bit nh/ DES, c th= bB tJn
cng r( rng bYng cch tm tNng t1 hAp kha 5:n cho 5Fn khi tm 5/Ac kha 5ng.
Cc h- thMng kha 128bit ph1 biFn h:n (v dD ECC 5 5/Ac chSng nhIn l khng th=
bB tJn cng bYng cch thSc nh/ trn).
Kha ring v kha cng khai 5/Ac to lIp b^i cng m6t gi7i thuIt (gi7i thuIt
thng dDng l RSA_ gi7i thuIt mIt m c?a 3 58ng tc gi7 Ron Rivest, Adi Shamir v
Leonard Adelman). Ng/Hi s. dDng giT kha ring c?a mnh v 5/a ra kha cng khai
cho mOi ng/Hi, kha ring khng 5/Ac chia sZ cho m6t ng/Hi no khc ho>c truy4n
trn mng. C th= s. dDng kha cng khai 5= mIt m ha sM li-u, nh/ng nFu khng
biFt kha ring th khng th= gi7i mIt m sM li-u 5/Ac. S^ df nh/ vIy l cc php ton
5/Ac s. dDng trong ki=u mIt m ny khng 5Mi xSng. NFu User A muMn g.i sM li-u
5/Ac b7o v- 5Fn User B, User A s. dDng kha cng khai c?a User B 5= mIt m ha sM
li-u v yn tm rYng chV c User B m9i c th= gi7i mIt m v 5Oc 5/Ac sM li-u ny.
Cc k_ thuIt mIt m kha ring v kha cng khai l cc cng cD chnh 5= gi7i
quyFt cc vJn 54 an ninh. Tuy nhin, chng khng ph7i l cc gi7i php 5Xy 5?, cXn
nhIn thKc 5= chSng minh rYng nhIn dng l c?a cc ng/Hi s. dDng chn thIt. PhXn
d/9i sd xt cch c th= s. dDng mIt m 5= gi7i quyFt m6t sM vJn 54 an ninh c: s^.
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
28
Cang c th= mIt m b7n tin bYng kha ring v gi7i mIt m bYng kha cng
khai, nh/ng 5= cho mDc 5ch khc. Cch ny c th= 5/Ac s. dDng cho cc sM li-u
khng nhIy c7m 5= chSng minh rYng pha mIt m 5 thIt sK truy nhIp vo kha ring.
Gi7i thuIt kha bJt 5Mi xSng n1i tiFng 5Xu tin 5/Ac 5/a ra b^i Ron Rivest,
Adishamir v Leonard Adelman vo n#m 1977 v9i tn gOi l RSA. Cc gi7i thuIt ph1
biFn khc bao g8m ECC v DH. RSA bB thJt thF trong mi tr/Hng di 56ng do ECC rZ
ti4n h:n xt v4 cng suJt x. l v kch th/9c kha.
Tuy nhin, 5y ch/a ph7i l cc gi7i php hon h7o, chOn m6t kha ring khng
ph7i l vi-c d(, nFu chOn khng c]n thIn sd d( dng bB ph v[. Ngoi ra, cc b6 mIt
m ha bJt 5Mi xSng cung cJp cc gi7i php cho vJn 54 phn phMi kha bYng cch s.
dDng kha cng khai v kha ring. Do phSc tp h:n nn tnh ton chIm h:n cc b6
mIt m 5Mi xSng. ,Mi v9i cc tIp sM li-u l9n, 5 sd l vJn 54 khng nh\. Trong cc
tr/Hng hAp ny vi-c kFt hAp giTa cc h- thMng 5Mi xSng v bJt 5Mi xSng l m6t gi7i
php l t/^ng. SK kFt hAp ny cho ta /u 5i=m v4 hi-u n#ng cao h:n cc gi7i thuIt 5Mi
xSng bYng cch g.i 5i kha b mIt trn cc knh an ninh, dKa trn c: s^ s. dDng cc
h- thMng kha cng khai. Sau khi c7 hai pha 5 c kha b mIt chung, qu trnh tiFp
theo sd s. dDng cc gi7i thuIt kha 5Mi xSng 5= mIt m v gi7i mIt m. ,y l nguyn
l c: s^ c?a cng ngh- mIt m kha cng khai 5/Ac s. dDng trong nhi4u giao di-n
hi-n nay.
2.3.4 Nhen thhc
DKa vo 5u m m6t ng/Hi s. dDng c th= tin chRc rYng hO 5ang thng tin v9i
bn c?a mnh chS khng bB mRc lNa b^i ng/Hi khc? NhIn thKc c th= gi7i quyFt bYng
s. dDng mIt m ha kha cng khai.
M6t v dD 5:n gi7n: User A muMn biFt User B (ng/Hi 5ang thng tin v9i mnh)
c 5ng ph7i l bn c?a mnh hay khng? BYng cch: tr/9c hFt, User A s. dDng kha
cng khai c?a User B 5= mIt m ha tn v sM ng<u nhin A, sau 5 g.i t9i User B.
Sau khi nhIn 5/Ac b7n tin, User B s. dDng kha ring c?a mnh (kha ring B) 5= gi7i
mIt m 58ng thHi tiFn hnh mIt m ha sM ng<u nhin c?a mnh (B) v sM ng<u nhin
c?a A c6ng v9i kha chia sZ phin bYng cch s. dDng kha cng khai B. Sau 5 g.i tr7
li User A, ng/Hi ny nhIn 5/Ac b7n tin v c th= biFt rYng b7n tin ny c thIt sK 5/Ac
User B pht hay khng, bYng cch ki=m tra sM ng<u nhin A. TiFp theo, User A li s.
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
29
dDng kha ring chia sZ phin 5= mIt m ha sM ng<u nhin B. Sau 5 g.i t9i User B
phn tch b7n tin nhIn 5/Ac, User B c th= tin chRc rYng User A 5 nhIn 5/Ac b7n tin
5ng, bYng cch ki=m tra sM ng<u nhin B. Nh/ vIy, nhTng ng/Hi khc khng th= 5Oc
5/Ac cc b7n tin ny v hO khng th= to ra 5/Ac cc sM ng<u nhin 5ng.
2.3.5 Cc chp k Uign td v tm tmt bVn tin
ChT k 5i-n t. 5/Ac s. dDng 5= ki=m tra xem b7n tin nhIn 5/Ac c ph7i l tN
pha pht hAp l- hay khng? N dKa trn nguyn tRc chV ng/Hi to ra chT k m9i c
kha ring v c th= ki=m tra kha ny bYng kha cng khai. ChT k 5i-n t. 5/Ac to
ra bYng cch tnh ton tm tRt b7n tin gMc thnh b7n tin tm tRt (MD). Sau 5, MD
5/Ac kFt hAp v9i thng tin c?a ng/Hi k, nhn thHi gian v thng tin cXn thiFt khc.
MD l m6t hm nhIn sM li-u 5Xu vo c kch c[ bJt k% v to ra ^ 5Xu ra m6t kch c[
cM 5Bnh (v thF 5/Ac gOi l tm tRt, digest). TIp thng tin ny, sau 5 5/Ac mIt m ha
bYng kha ring c?a pha pht v s. dDng cc gi7i thuIt bJt 5Mi xSng. KhMi thng tin
nhIn 5/Ac sau mIt m ha 5/Ac gOi l kha 5i-n t..
Do MD l m6t hm nn n cang th= hi-n phXn no trng thi hi-n thHi c?a b7n
tin gMc. NFu b7n tin gMc thay 51i th MD cang thay 51i. BYng cch kFt hAp MD vo
chT k 5i-n t., pha thu c th= d( dng pht hi-n b7n tin gMc c bB thay 51i k= tN khi
chT k 5i-n t. 5/Ac to hay khng.
Sau 5y, ta xt qu trnh s. dDng cc digest (tm tRt) b7n tin 5= to cc chT k
5i-n t..

Hnh 2.2 Qu trnh sJ dCng tm tWt bSn tin 19 cung c?p cc ch* k 1i(n tJ.
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
30
User A to ra m6t digest tN b7n tin gMc, digest thKc ra l m6t xu c 56 di cM
5Bnh 5/Ac to ra tN m6t 5on c 56 di bJt k% c?a b7n tin gMc. RJt kh 5= hai b7n tin
c cng m6t digest, nhJt l khi digest c 56 di ngRn nhJt l 128bit. Cc gi7i thuIt
th/Hng 5/Ac s. dDng 5= to ra m6t digest l MD5, thuIt ton rMi an ninh (SHA). Qu
trnh to ra m6t digest v mIt m n bYng kha ring A nhanh h:n rJt nhi4u so v9i mIt
m ton b6 b7n tin. Sau 5, User A g.i 5i b7n tin gMc v digest 5/Ac mIt m 5Fn User
B, sau khi nhIn 5/Ac b7n tin User B c th= s. dDng kha cng khai c?a User A 5= gi7i
mIt m digest, 58ng thHi User B cang to ra m6t digest tN v#n b7n gMc v so snh hai
xu bit ny v9i nhau. NFu hai digest giMng nhau th User B c th= tin t/^ng rYng b7n
tin v#n b7n gMc khng bB ph rMi trn 5/Hng truy4n.
VJn 54 chnh c?a qu trnh xt ^ trn l ta ph7i gi7 thiFt rYng User B c kha
cng khai hAp l- v9i User A. Nh/ng bYng cch no m User B biFt 5/Ac 5 nhIn 5/Ac
kha cng khai hAp l-? lm cch no m ng/Hi s. dDng biFt rYng email cng v9i kha
cng khai thKc sK l c?a nh qu7n l ngn hng? ,= gi7i quyFt cc vJn 54 trn t/^ng
s. dDng cc chSng chV sM 5 ra 5Hi. C: quan cJp chSng chV l m6t t1 chSc pht hnh
cc giJy ?y nhi-m 5i-n t. v cung cJp cc chSng chV sM. M6t chSng chV sM th/Hng
g8m: tn ng/Hi s. dDng, thHi hn v kha cng khai c?a ng/Hi s. dDng. ChSng chV
5/Ac c: quan cJp chSng chV k bYng sM, 5= ng/Hi s. dDng c th= ki=m tra chSng chV l
5ng.
2.3.6 Cc chnng chq sj
ChSng chV sM 57m b7o kha cng khai thu6c v4 5Mi t/Ang m n 5i di-n. CXn
57m b7o rYng chSng nhIn sM 5i di-n cho thKc th= yu cXu (c nhn ho>c t1 chSc), m6t
5Mi t/Ang thS ba l th]m quy4n chSng nhIn (CA). Cc th]m quy4n chSng nhIn n1i
tiFng l Verisign, Entrust v Certicom. Ng/Hi s. dDng c th= mua chSng nhIn sM tN
CA v s. dDng chng 5= nhIn thKc v phn phMi kha ring c?a hO. Khi pha thu 5
nhIn 5/Ac kha ring c?a hO th c th= yn tm rYng pha thu chnh l n:i hO yu cXu.
Sau 5, pha pht c th= g.i cc b7n tin 5/Ac mIt m bYng kha cng khai 5Fn pha
thu. Pha thu c th= gi7i mIt m chng bYng kha ring c?a mnh. Thng th/Hng
chSng nhIn sM bao g8m:
+ Tn ng/Hi s. dDng, thng tin nhIn dng duy nhJt ng/Hi ny;
+ Kha cng khai c?a ng/Hi s^ hTu;
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
31
+ ThHi gian chSng nhIn c hi-u lKc;
+ ChT k sM tN CA 5= d( dng pht hi-n nFu truy4n d<n bB lm gi7.
Ng/Hi s. dDng s^ hTu chSng nhIn sM cang c th= tK k chSng nhIn sM 5= tr^
thnh CA. Khi 5 CA ny l 5ng tin cIy nFu 5/Ac k nhIn b^i m6t kha 5ng tin cIy
khc.
Khun dng hng 5Xu cho cc chSng nhIn sM l X.509 (tiu chu]n 5= nhIn
thKc). Cc chSng nhIn ny th/Hng xuJt hi-n trong cc Sng dDng Internet. Trong giao
di-n v tuyFn, m6t dng khc c?a giao di-n v tuyFn 5/Ac s. dDng l chSng nhIn an
ninh l9p truy4n t7i (WLTS).
2.3.7 H. tsng kha cng khai PKI
PKI l m6t thuIt ngT dng 5= m t7 m6t t1 chSc hon thi-n c?a cc h- thMng,
quy tRc 5= xc 5Bnh m6t h- thMng an ninh. Nhm 5>c trch k_ thuIt Internet (IEFT)
X.509 5Bnh nghfa PKI nh/ sau: PKI l m6t tIp bao g8m phXn cSng, phXn m4m, con
ng/Hi v cc th? tDc cXn thiFt 5= to lIp, qu7n l, l/u trT v h?y cc chSng nhIn sM
dKa trn mIt m kha cng khai.
PKI g8m:
+ Th]m quy4n chSng nhIn (CA): c nhi-m vD pht hnh v h?y cc chSng chV sM;
+ Th]m quy4n 5#ng k: c nhi-m vD rng bu6c kha cng khai v9i cc nhIn dng
c?a cc s^ hTu kha;
+ Cc s^ hTu kha: l nhTng ng/Hi s. dDng 5/Ac cJp chSng nhIn sM v s. dDng
cc chSng chV sM ny 5= k cc ti li-u sM;
+ Kho l/u cc chSng nhIn sM v danh sch h?y chSng nhIn;
+ Chnh sch an ninh: quy 5Bnh h/9ng d<n mSc cao nhJt c?a t1 chSc v4 an ninh.
PKI l m6t khi ni-m an ninh quan trOng, cc kha cng khai 5/Ac s. dDng 5=
ki=m tra cc chT k sM (chSng chV sM) trong kFt nMi mng sM li-u. B7n thn n khng
mang bJt cS thng tin g v4 thKc th= cung cJp cc chT k. Cng ngh- nMi mng sM li-u
thNa nhIn vJn 54 ny v tiFp nhIn cc chSng nhIn an ninh, 5= rng bu6c kha cng
khai v nhIn dng thKc th= pht hnh kha. ThKc th= pht hnh kha li 5/Ac ki=m tra
bYng cch s. dDng m6t kha cng khai 5/Ac tin t/^ng 5 biFt, bYng cch s. dDng m6t
chSng nhIn 5/Ac pht 5i tN CA ^ phn cJp cao h:n. Cc chSng nhIn 5/Ac pht hnh
v thi hnh b^i m6t th]m quy4n chSng nhIn (CA). CA ny 5/Ac php cung cJp cc
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
32
dBch vD cho cc thKc th= 5/Ac nhIn dng hAp l-, khi chng yu cXu. ,= thKc hi-n 5/Ac
cc chSc n#ng 5 cc CA ph7i 5/Ac tin t/^ng b^i cc thKc th= (cc thnh vin c?a
PKI) dKa trn cc dBch vD m n cung cJp.
TJt c7 cc chSng nhIn 5/Ac k b^i m6t kha ring c?a CA, ng/Hi s. dDng
chSng nhIn c th= xem, ki=m tra thng tin c?a chSng nhIn 5 c hAp l- hay khng?
BYng cch gi7i mIt m chT k bYng m6t kha ki=m tra cng khai, c th= ki=m tra, xem
n c ph hAp v9i MD c?a n6i dung nhIn 5/Ac trong chSng nhIn hay khng? ChT k
th/Hng l m6t MD 5/Ac mIt m ha.
Cc thnh vin PKI c th= th\a thIn thHi gian hi-u lKc tiu chu]n cho m6t
chSng nhIn. V thF, c th= xc 5Bnh khi no m6t chSng nhIn bB hFt hn. M>t khc th]m
quy4n chSng nhIn (CA) c th= cng bM m6t danh sch h?y chSng nhIn (CRL) 5= cc
thnh vin PKI biFt chSng nhIn khng cn hAp l- v9i CA nTa.
Cc quan h- tin t/^ng giTa CA v cc thnh vin PKI khc ph7i 5/Ac thiFt lIp
tr/9c khi di(n ra giao dBch PKI. Cc quan h- ny th/Hng nYm ngoi phm vi PKI v v
thF cang nYm ngoi phm vi cng ngh- nMi mng. Cc quan h- tin t/^ng PKI c th=
5/Ac thiFt lIp trn c: s^ 5Ba l, chnh trB, x h6i, dn t6c v c th= m^ r6ng cho cc
n4n cng nghi-p, cc n/9c, cc nhm dn c/ hay cc thKc th= khc 5/Ac rng bu6c
b^i cc mMi quan tm chung. V4 m>t l thuyFt th cc m hnh tin t/^ng PKI c th=
dKa trn m6t CA duy nhJt, 5/Ac s. dDng 5= to lIp PKI trn ton cXu giMng nh/
Internet hay m6t phn cJp phn bM cc CA.
Qu trnh trao 51i b mIt (kha chia sZ phin hay thng tin 5= to ra kha ny)
giTa hai pha A v B 5/Ac minh hOa ^ hnh 2.3.
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
33


Hnh 2.3 Nh;n thVc bRng ch* k 1i(n tJ
Ng/Hi k A nhIn 5/Ac kha cng khai tN chSng nhIn B. V chSng nhIn B
5/Ac k b^i kha ring c?a th]m quy4n chSng nhIn bn B, nn n c th= 5/Ac ki=m
tra ti th]m quy4n chSng nhIn bn B bYng kha cng khai m B nhIn 5/Ac tN th]m
quy4n chSng nhIn c?a mnh. ,8ng thHi chSng nhIn CA c?a B li 5/Ac ki=m tra bYng
kha cng khai nhIn 5/Ac tN CA gMc v kha ny 5/Ac 57m b7o l hAp l-. V n 5
5/Ac chuy=n thnh m c?a PKI Client trong modem phXn m4m c?a A. Sau khi 5 c
5/Ac kha cng khai c?a B, A mIt m ha b mIt bYng cch s. dDng kha ny. V sau
5 b7n tin 5/Ac mIt m ny 5/Ac g.i 5Fn B cng v9i chSng nhIn CA c?a A v tm tRt
b7n tin MD c?a b mIt 5/Ac mIt m ha, 5/Ac tnh ton theo kha ring c?a A. Khi
nhIn 5/Ac b7n tin ny, B ki=m tra nh/ sau: tr/9c hFt B gi7i mIt m ha b7n tin bYng
kha ring c?a mnh, tnh ton MD tN kFt qu7 nhIn 5/Ac, s. dDng kha cng khai c?a
A 5= gi7i mIt m MD nhIn 5/Ac tN A, r8i sau 5 so snh MD v9i MD. NFu bYng th
nhIn thKc thnh cng v b mIt nhIn 5/Ac sau khi gi7i mIt m l b mIt cXn truy4n.
ChSng nhIn c th= 5/Ac g.i 5i ^ cc khun dng khc nhau, tiu chu]n an ninh
5/Ac tiFp nhIn r6ng ri l X.509 do ITU 5Bnh nghfa. Cc thKc th= cng c6ng v ring
dKa trn cc dBch vD tin t/^ng do m6t CA chung cung cJp v tiFp nhIn do CA cung
cJp. Do vIy, cc thnh vin c?a PKI chV cXn thiFt lIp quan h- tin t/^ng an ninh v9i
m6t thnh vin c?a PKI v9i CA chS khng ph7i v9i cc thnh vin khc. V thF c th=
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
34
5Bnh nghfa PKI ngRn gOn nh/ sau: PKI nh/ m6t thKc th= 7o kFt hAp nhi4u thKc th=
vIt l b^i m6t tIp cc chnh sch v cc quy tRc rng bu6c cc kha chung v9i cc
nhIn dng c?a cc thKc th= pht hnh kha, thng qua vi-c s. dDng m6t th]m quy4n
chSng nhIn CA.
PKI g8m ba chSc n#ng chnh:
+ ChTng nh;n: ChSng nhIn hay rng bu6c m6t kha v9i m6t nhIn dng bYng m6t
chT k 5/Ac thKc hi-n b^i m6t th]m quy4n chSng nhIn CA. Qu trnh chSng nhIn bao
g8m vi-c to ra m6t c>p kha g8m kha cng khai v kha ring, do ng/Hi s. dDng
to ra v tnh ton cho CA trong m6t phXn c?a yu cXu hay do CA thay m>t ng/Hi s.
dDng to ra.
+ Cng nh;n h:p l(: Cng nhIn c hAp l- hay chuyn mn h:n l ki=m tra nhIn
thKc chSng nhIn 5/Ac thKc hi-n b^i m6t thKc th= PKI bJt k%. Qu trnh cng nhIn hAp
l- bao g8m vi-c ki=m tra chT k do CA pht hnh, 5Mi chiFu v9i danh sch h?y chSng
nhIn (CRL) v kha cng khai c?a CA.
+ HHy: h?y m6t chSng nhIn hi-n c, tr/9c khi n hFt hn cang 5/Ac thKc hi-n
b^i CA. Sau khi chSng nhIn bB h?y, CA cIp nhIt thng tin m9i cho CRL. Trong m6t
kBch b7n 5i=n hnh, khi ng/Hi s. dDng cXn nhIn hay cng nhIn m6t chSng nhIn 5/Ac
trnh by hAp l-, n sd g.i yu cXu ny 5Fn CA. Sau khi chSng nhIn 5/Ac yu cXu
5/Ac pht 5i hay tnh hAp l- c?a n 5/Ac ki=m tra, thng tin t/:ng Sng 5/Ac CA g.i
vo m6t kho chSng nhIn, trong 5 c c7 CRL.
2.3.8 Nhen thhc btng bVn tin nhen thhc
NhIn thKc bYng b7n tin nhIn thKc l m6t ph/:ng php 57m b7o ton vLn sM li-u
v nhIn thKc ngu8n gMc sM li-u. M6t s: 58 ph1 biFn c?a ph/:ng php ny l s. dDng
m nhIn thKc b7n tin MAC.
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
35




Hnh 2.4 Ph+7ng php nh;n thVc sJ dCng MAC.
Gi7i thuIt MAC s. dDng kha b mIt chia sZ (giTa A v B) l 5Xu vo 5= to ra
m6t m nhIn thKc b7n tin MAC. MAC 5/Ac gRn vo b7n tin gMc, sau 5 5/Ac pht 5Fn
n:i nhIn, pha thu sd s. dDng cng gi7i thuIt MAC t/:ng Sng nh/ pha pht 5= tnh
ton MAC dKa trn b7n tin gMc thu 5/Ac. NFu b7n tin gMc bB thay 51i trong qu trnh
truy4n d<n th MAC 5/Ac to ra ^ pha thu sd khc v9i MAC thu 5/Ac tN pha pht g.i
5Fn. ,i4u ny chSng t\ sM li-u khng cn nguyn vLn nTa.
M6t ph/:ng php ph1 biFn nhJt 5= to ra MAC l s. dDng MD5. MD5 nhIn
b7n tin c 56 di bJt k% v to ra ^ 5Xu ra 128 bit MD. Pha pht sd g.i b7n tin gMc
cng v9i MD 5Fn pha thu, pha thu tnh MD tN b7n tin gMc nhIn 5/Ac v so snh v9i
MD thu 5/Ac 5= nhIn 5Bnh b7n tin cn nguyn vLn hay khng?
Gi7i thuIt SHA-1 cang c th= 5/Ac s. dDng 5= tnh ton MD giMng nh/ MD5.
Tuy nhin MD ^ 5Xu ra c?a n chV l 120bit.
BYng cch s. dDng hm lm rMi (hm Hash) m6t my tnh c th= nhIn thKc m6t
ng/Hi s. dDng m khng cXn l/u trT mIt kh]u trong v#n b7n th. Sau khi to ra m6t
ti kho7n (account) ng/Hi s. dDng g mIt kh]u, my tnh s. dDng hm Hash m6t chi4u
v9i 5Xu vo l mIt kh]u, 5= to ra gi trB lm rMi (gi trB Hash) v l/u giT gi trB ny.
LXn sau khi ng/Hi s. dDng 5#ng nhIp vo my tnh, my tnh sd s. dDng hm Hash
v9i 5Xu vo l mIt kh]u m ng/Hi s. dDng g vo 5= tnh ra gi trB Hash v so snh gi
trB ny v9i gi trB 5/Ac l/u. NFu kFt qu7 giMng nhau th ng/Hi s. dDng 5 5/Ac quy4n
5#ng nhIp. Do mIt kh]u khng 5/Ac l/u trong v#n b7n th nn rJt kh bB l6.
C7 MD5 v SHA-1 54u l cc hm Hash khng kha, nghfa l khng c kha b
mIt giTa cc bn tham gia thng tin. Cc gi7i thuIt ny khng s. dDng kha b mIt
lm 5Xu vo hm Hash. Gi7i thuIt m nhIn thKc b7n tin rMi HMAC s. dDng hm Hash
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
36
v9i m6t kha chia sZ b mIt 5= nhIn thKc b7n tin. MDc 5ch chnh c?a HMAC bao
g8m:
S. dDng cc hm Hash hi-n c m khng cXn thay 51i chng, v dD c th= s.
dDng cc ch/:ng trnh phXn m4m c?a cc hm Hash 5ang 5/Ac s. dDng r6ng ri v
mi(n ph;
Duy tr hot 56ng nguyn gMc c?a hm Hash m khng lm gi7m 5ng k= chJt
l/Ang;
S. dDng v x. l kha m6t cch 5:n gi7n;
, phn tch k_ sSc mnh mIt m c?a c: chF nhIn thKc dKa trn hm Hash
5/Ac s. dDng;
D( dng thay thF hm Hash 5ang s. dDng bYng hm Hash nhanh h:n ho>c an
ninh h:n khi cXn.

2.4 An ninh giao thnc v tuy>n
2.4.1 An ninh lup truyTn tVi v tuy>n (WTLS)
WTLS l l9p an ninh 5/Ac 5Bnh nghfa cho tiu chu]n WAP. N hot 56ng trn
l9p truy4n t7i, v thF ph hAp cho cc giao thSc c: s^ v tuyFn khc nhau. GiMng nh/
TLS, nh/ng 5 5/Ac tMi /u ha cho ph hAp v9i cc mng c b#ng thng hTu hn v
tr( cao. N cang b1 sung thm cc tnh n#ng m9i nh/ hE trA gi tin (datagram), tMi /u
ha bRt tay v lm t/:i kha. N cang hE trA s. dDng cc chSng nhIn WTLS 5= nhIn
thKc pha Server, trong khi SSL/TLS s. dDng chSng nhIn X.509. Tm li WTLS cang
c cc mDc 5ch an ninh nh/ SSL v TLS ^ chE n cang 57m b7o tnh ring t/, ton
vLn sM li-u v nhIn thKc.
Giao thSc an ninh l9p truy4n t7i v tuyFn (WTLS) 5/Ac pht tri=n 5= ph hAp
v9i cc 5>c 5i=m c?a mng v tuyFn nh/: b#ng thng hLp v tr( l9n. ,y l c7i tiFn
c?a giao thSc an ninh l9p truy4n t7i (TLS). TLS khng th= s. dDng trKc tiFp v n
khng hi-u qu7 khi s. dDng ^ mi tr/Hng v tuyFn. WTLS t#ng thm hi-u qu7 c?a
giao thSc v b1 sung thm nhi4u kh7 n#ng cho ng/Hi s. dDng v tuyFn. D/9i 5y l
m6t sM tnh n#ng chnh 5/Ac b1 sung cho WTLS so v9i TLS:
+ H> tr: cc giSi thu;t m;t m khc: SSL v TLS ch? yFu s. dDng mIt m ha
RSA. WTLS hE trA RSA, DH v ECC.
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
37
+ Anh ngh`a chTng nh;n kha cng khai nn: cc chSng nhIn WTLS l cc
phin b7n hi-u qu7 h:n c?a chSng nhIn X.509.
+ H> tr: gi tin UDP: tnh n#ng ny 7nh h/^ng 5Fn rJt nhi4u lfnh vKc c?a giao
thSc ny (tN cch mIt m sM li-u 5Fn hE trA thm cho x. l b7n tin) 5= 57m b7o rYng
cc b7n tin ny khng b mIt hay 5/Ac truy4n khng theo thS tK.
+ Ty chPn lm t+7i kha: ty chOn ny 5/Ac 5Bnh k% 5m phn li dKa trn sM
l/Ang b7n tin 5/Ac pht.
+ T;p cc cSnh bo mQ r4ng: tnh n#ng ny t#ng thm sK r rng c?a x. l lEi.
+ Cc bWt tay tGi +u: tnh n#ng ny gi7m sM lXn truy4n vng cXn thiFt trong cc
mng c thHi gian tr( cao.
Ngoi cc thay 51i trn, WTLS cang 5/a ra ba mSc nhIn thKc giTa Client v
c1ng nh/ sau:
+ WTLS loLi I: t/:ng tc dJu tn giTa Client v c1ng WAP khng c nhIn thKc;
+ WTLS loLi II: Server tK nhIn thKc v9i Client s. dDng cc chSng nhIn WTLS;
+ WTLS loLi III: Client v c1ng WAP nhIn thKc l<n nhau. ,y l dng nhIn thKc
bYng cc thZ thng minh. SIM ch`ng hn c th= l/u cc chi tiFt nhIn thKc trn thiFt bB
5= nhIn thKc hai chi4u.
2.4.2 Lb hRng WAP
Tuy WTLS c7i thi-n TLS trong mi tr/Hng v tuyFn, nh/ng n li gy ra m6t
vJn 54 chnh: by giH cXn c7 hai giao thSc TLS v WTLS trong kiFn trc WAP. V thF
ti n:i di(n ra chuy=n 51i hai giao thSc xuJt hi-n 5i=m mJt an ninh. Chuy=n 51i 5/Ac
thKc hi-n ti c1ng WAP, v thF tN Client 5Fn c1ng WAP WTLS 5/Ac s. dDng, cn tN
c1ng WAP 5Fn Server c?a hng th TLS 5/Ac s. dDng. Ti c1ng WAP n6i dung
WTLS 5/Ac gi7i m v sau 5 5/Ac m ha to nn lE h1ng WAP. CXn l/u rYng thHi
gian 5= l6 thng tin l tMi thi=u v c1ng WAP khng nYm trong mi4n cng khai.
Nh/ng 5Mi v9i nhi4u hng, nguy hi=m ny v<n qu l9n v 5y chnh l 5i=m yFu trong
mng gy c7n tr^ an ninh 5Xu cuMi-5Xu cuMi.
C hai cch trnh 5/Ac lE h1ng WAP:
+ ChJp nhIn c1ng l 5i=m xung yFu v tm mOi cch 5= b7o v- n bYng cch s.
dDng t/Hng l.a, thiFt bB gim st v chnh sch an ninh nghim ng>t;
+ Chuy=n c1ng WAP vo t/Hng l.a c?a hng v tK mnh qu7n l n.
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
38
Vi-c chOn lKa m6t trong hai cch ni trn phD thu6c vo c nhn tNng x
nghi-p. CXn cn nhRc giTa cc ti nguyn b1 sung 5= duy tr c1ng v 5e dOa an ninh
ti4m ]n 5Mi v9i sM li-u hng. RJt may l 5 c gi7i php trong WAP 2.x.
2.4.3 WAP 2.x
WAP 2.x c rJt nhi4u tnh n#ng m9i, nh/ng quan trOng nhJt l vi-c chuy=n dBch
5Fn cc giao thSc Internet tiu chu]n. Vi-c chuy=n 5Fn s. dDng HTTP, TCP/IP cho
php s. dDng giao thSc TLS 5= truy4n sM li-u v thF khng cXn WTLS. Khi 5 c th=
s. dDng m6t giao thSc duy nhJt tN thiFt bB Client 5Fn Server cng ty, WAP c th= 57m
b7o an ninh 5Xu cuMi-5Xu cuMi v thKc sK l loi b\ 5/Ac lE h1ng WAP. C th= ni 5y
l 5i=m thay 51i chnh trong WAP v cXn m6t thHi gian nhJt 5Bnh 5= cc nh khai thc
thng tin di 56ng chuy=n 5Fn cc c1ng WAP 2.x.

2.5 M hnh an ninh tRng qut c[a m5t hg thjng thng tin di U5ng
gng dDng ng/Hi
s. dDng
Mnc nh phac va
Mnc truyTn tVi
Mnc nng dang
gng dDng nh
cung cJp dBch vD
ThiFt bB 5Xu cuMi
ADS
Mng phDc vD
(SN)
Mi tr/Hng nh
(HE)
KFt cuMi di 56ng
Mng truy nhIp
UDS NAS
NAS
NDS
NAS
NAS
NAS
USIM

Hnh 2.5 KiEn trc an ninh tYng qut cHa m4t h( thGng thng tin di 14ng.
TN hnh vd ta thJy, kiFn trc an ninh c?a m6t h- thMng thng tin di 56ng 5/Ac
chia thnh ba mSc: mSc truy4n t7i, mSc nh phDc vD v mSc Sng dDng.
MDc tiu c?a vi-c thiFt kF nh/ vIy l 5= to ra m6t ch/:ng trnh khung cho
php lin tDc pht tri=n. GiMng nh/ vi-c thiFt kF Internet, kiFn trc an ninh 5/Ac m-
dun ha. Cc m-dun ny 5/Ac gOi l cc mi4n. M-dun ha 5/Ac thKc hi-n bYng cch
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
39
to lIp cc l9p, sau 5 lin kFt tIp cc phXn t. v9i cc mDc tiu thKc hi-n v thiFt kF
h- thMng v9i cc l9p ny.
KiFn trc g8m n#m m-dun sau:
An ninh truy nhIp mng (NAS): tIp cc tnh n#ng 5= 57m b7o cc ng/Hi s.
dDng truy nhIp an ninh 5Fn cc dBch vD do cc h- thMng thng tin di 56ng cung cJp,
5>c bi-t l chMng li cc tJn cng trn cc 5/Hng truy nhIp v tuyFn.
An ninh mi4n mng (NDS): tIp cc tnh n#ng an ninh 5= 57m b7o an ninh cho
cc nt mng trong mi4n nh cung cJp dBch vD trao 51i bo hi-u v 57m b7o chMng li
cc tJn cng trn mng hTu tuyFn.
An ninh mi4n ng/Hi s. dDng (UDS): tIp cc tnh n#ng an ninh 5= 57m b7o truy
nhIp an ninh 5Fn MS.
An ninh mi4n Sng dDng (ADS): tIp cc tnh n#ng an ninh 5= 57m b7o cc Sng
dDng trong mi4n ng/Hi s. dDng v mi4n nh cung cJp dBch vD trao 51i an ninh cc b7n
tin.
Kh7 n#ng nhn 5/Ac v lIp cJu hnh an ninh: tIp cc tnh n#ng cho php ng/Hi
s. dDng tK thng bo v4 vi-c m6t tnh n#ng an ninh c lm vi-c hay khng v vi-c s.
dDng ho>c cung cJp cc dBch vD c phD thu6c vo tnh n#ng an ninh hay khng.

2.6 An ninh trong GSM
2.6.1 M hnh an ninh cho giao dign v tuy>n

Hnh 2.6 M hnh an ninh cho giao di(n v tuyEn Q GSM.
MDc 5ch c?a m hnh ny l 57m b7o tnh ring t/ cho thng tin c?a ng/Hi s.
dDng trn 5/Hng truy4n v tuyFn.
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
40
Mi tr/Hng an ninh trn giao di-n v tuyFn GSM 5/Ac 57m b7o b^i hai qu
trnh: nhIn thKc v mIt m.
2.6.1.1 Nh7n th$c thu bao GSM
b GSM chV c mng nhIn thKc MS. AuC 5/Ac s. dDng 5= nhIn thKc SIM card
c?a thu bao, AuC to ra b6 ba thng sM {RAND||SRES||Kc} (hnh 2.6). Trong 5,
RAND (128bit); Kc (128bit); SRES (32bit). TiFp theo, RAND 5/Ac g.i xuMng SIM,
SRES 5/Ac g.i xuMng VLR 5ang qu7n l thu bao thng qua HLR. Cc thng sM ny
5/Ac l/u ti VLR v 5/Ac s. dDng cho tNng cu6c gOi. Sau khi nhIn 5/Ac h l-nh
mng ng<u nhin (RAND), SIM s. dDng n cng v9i kha nhIn thKc thu bao Ki
5/Ac l/u ti 5y lm 5Xu vo cho gi7i thuIt A3 5= to ra gi trB tr7 lHi 5/Ac k (SRES).
Sau 5 SIM g.i gi trB ny tr^ li mng (VLR) 5= mng ki=m tra bYng cch so snh n
v9i SRES t/:ng Sng 5/Ac to ra ^ AuC, nFu chng trng nhau th nhIn thKc thnh
cng v MS 5 hAp l-.
2.6.1.2 M7t m ha K GSM
MDc 5ch c?a mIt m ha l 57m b7o tnh ring t/ cho thng tin ng/Hi s. dDng
trn 5/Hng truy4n v tuyFn. Sau khi nhIn thKc ng/Hi s. dDng thnh cng, ti SIM gi7i
thuIt A8 s. dDng kha nhIn thKc Ki cng v9i h l-nh ng<u nhin (RAND) 5= to ra
kha mIt m Kc (64bit). TiFp theo gi7i thuIt A5 5/Ac s. dDng v9i 5Xu vo l v#n b7n
th, sM khung Count (24bit) v kha mIt m Kc, 5= cho ra v7n b7n 5 5/Ac mIt m, v
g.i chng ln giao di-n v tuyFn 5= truy4n 5i. Ti pha mng phDc vD kha Kc t/:ng
Sng 5/Ac to ra ^ AuC bYng gi7i thuIt A8 v 5/Ac g.i 5Fn BTS thng qua VLR, ti
5y bYng cch s. dDng gi7i thuIt A5 v9i 5Xu vo l Kc, sM khung count (24bit) 5=
chMng pht li v v#n b7n 5 5/Ac m ha nhIn 5/Ac tN MS g.i 5Fn. Cho ra v#n b7n
th ^ 5Xu ra. C th= ni hai qu trnh ny l qu trnh mIt m v gi7i mIt m ha sM
li-u. Lu8ng mIt m ti 5Xu ny ph7i 5/Ac 58ng b6 v9i lu8ng gi7i mIt m ^ 5Xu kia 5=
lu8ng bit mIt m ha v lu8ng bit gi7i mIt m trng kh9p v9i nhau.
2.6.2 Cc h.n ch> trong an ninh GSM
An ninh GSM dKa trn nhIn thKc v b7o mIt 5 th= hi-n /u 5i=m v/At tr6i so
v9i h- thMng thng tin di 56ng t/:ng tK (1G). Tuy nhin, n cang t8n ti khng t cc
hn chF:
)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
41
+ C7 hai gi7i thuIt A3 v A8 54u 5/Ac s. dDng 5= nhIn thKc ng/Hi s. dDng v
to ra cc kha phin 54u 5/Ac thKc hi-n b^i cc nh cung cJp dBch vD bYng gi7i thuIt
COMP128. COMP128 5 5/Ac tnh ton 57o ti Berkeley vo n#m 1998 v cc phn
tch v4 mIt m hOc c?a cc nh nghin cSu Berkeley chV ra rYng, gi7i thuIt ny c th=
bB ph v[ sau
19
2 lXn h\i tN m6t BTS gi7 mo 5Fn SIM card trong vng 8 giH. Phn
tch k_ h:n v4 Sng dDng COMP128 c?a GSM cang pht hi-n rYng b7n thn gi7i thuIt
ny cang bB thKc hi-n yFu. Gi7i thuIt 5i h\i kha 64bit, nh/ng 10bit trong sM 5 lun
5/Ac 5>t bYng 0, v thF gi7m 5ng k= tnh an ninh c?a Sng dDng A8. NFu kha Kc bB
t1n hi, kZ xm phm c th= 5ng gi7 VLR hAp php m khng cXn 5Bnh k% nhIn thKc.
Ngoi ra vi-c l/u giT b6 tam {RAND, SRES v Kc} trong VLR 5= 5Ai s. dDng sd
t#ng thm kh7 n#ng bB l6 nhJt l 5Mi v9i xm phm tN bn trong.
+ D/9i sK 5i4u khi=n c?a giao thSc nhIn thKc GSM, BTS nhIn thKc MS yu cXu
phin thng tin. Tuy nhin khng c nhIn thKc ng/Ac li tN MS 5Fn mng, nn MS
khng 5/Ac 57m b7o rYng n khng bB thng tin v9i m6t BTS gi7 mo. ,i4u ny li
tr^ nn t8i t- h:n khi chnh h l-nh ng<u nhin (RAND) 5/Ac dng 5= nhIn thKc li l
ht giMng 5= to ra m phin khi s. dDng lm 5Xu vo cho gi7i thuIt A8. Ngoi ra giao
thSc b7n tin h l-nh-tr7 lHi li khng chSa nhn thHi gian. V thF nFu m6t BTS gi7 mo
thnh cng n c th= tm 5/Ac m6t kha phin 5= gi7i m mOi b7n tin s. dDng cng
kha trong thHi gian kh di.
+ NhIn thKc GSM ni ring v an ninh GSM ni chung b7o v- 5/Hng truy4n v
tuyFn giTa MS v BTS phDc vD n. C: chF an ninh ny khng b7o v- truy4n d<n thng
tin giTa AuC v mng phDc vD. Vi-c thiFu an ninh trong mng hTu tuyFn l kh7 n#ng
chnh 5= l6 ^ GSM, nhJt l hi-n trng truy4n d<n giTa cc BTS v mng hTu tuyFn
th/Hng l cc 5/Hng viba sM d<n 5Fn thng tin d( bB ch>n.
+ Trong sM hai ph/:ng n c?a gi7i thuIt mIt m ha sM li-u (A5/1 v A5/2), gi7i
thuIt yFu h:n l A5/2 v c th= 5/Ac xuJt kh]u trn ton thF gi9i khng hn chF. Theo
Bruce Schneier, A5/2 5/Ac pht tri=n v9i sK hE trA c?a NSA v c th= bB ph v[ trong
thHi gian thKc v9i h- sM ph v[ l kho7ng
16
2 . A5/1 mnh h:n v c kh7 n#ng chBu
5Kng tJn cng v9i h- sM ph v[ l
40
2 . Nghfa l nFu kZ tJn cng s. dDng phXn cSng
5>c bi-t c th= gy t1n hi gXn nh/ ^ thHi gian thKc.

)D n tFt nghi&p B2i hGc Ch"ng 2: An ninh trong thng tin di BIng
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
42
2.7 K>t luen
N6i dung c?a ch/:ng ny 54 cIp 5Fn n#m yFu tM cXn thiFt 5= thiFt lIp m6t mi
tr/Hng an ninh. , l: nhIn thKc, ton vLn sM li-u, b7o mIt, trao quy4n v cJm tN chMi.
Qua 5 ta thJy khi thKc hi-n m6t mi tr/Hng an ninh, cXn nh9 rYng h- thMng chV an
ninh ^ mSc t/:ng Sng v9i 5i=m yFu nhJt c?a n. V thF ta cXn ph7i b7o v- mOi lE h1ng
trong gi7i php c?a mnh 5= 57m b7o rYng nhTng kZ khng 5/Ac php khng th= truy
nhIp vo h- thMng. ,= thKc hi-n 5i4u ny, ta c th= ph7i p dDng cc cng ngh- an
ninh khc nhau nh/: mIt m ha kha cng khai, cc chSng chV sM, cc chT k sM,
PKI Chng ta cang 5 tm hi=u cD th= cc vJn 54 an ninh c?a thng tin di 56ng, 5>c
bi-t ^ cuMi ch/:ng c 54 cIp 5Fn vJn 54 an ninh trong giao di-n v tuyFn c?a h- thMng
thng tin di 56ng thF h- 2 (GSM). Qua 5 chng ta cang biFt 5/Ac nhTng hn chF
khng nh\ c?a an ninh GSM. ,y l ti4n 54 5= chng ta 5i tm hi=u cc c: chF an ninh
^ h- thMng 3G UMTS. Qua 5 biFt 5/Ac cc /u 5i=m c?a an ninh 3G UMTS so v9i an
ninh GSM.






)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
43
CH%MNG III: GIHI PHP AN NINH TRONG 3G UMTS

3.1 M hnh ki>n trc an ninh 3G UMTS
KiFn trc an ninh trong 3G UMTS 5/Ac xy dKng dKa trn ba nguyn l sau:
3.1.1 Nhen thhc
NhIn thKc 5= xc nhIn nhIn dng c?a m6t thKc th=. M6t nt muMn nhIn thKc
5Fn m6t ng/Hi no 5 ph7i trnh di-n sM nhIn dng c?a mnh. Qu trnh ny c th=
5/Ac thKc hi-n bYng cch chV ra sK hi=u biFt v4 m6t b mIt m chV hai nt lin quan
m9i biFt ho>c m6t nt thS ba 5/Ac c7 hai nt tin t/^ng, 5= xc nhIn cc sM nhIn dng
c?a chng.
Vi-c s. dDng nhIn thKc 5>c bi-t quan trOng khi chuy=n tN 5i-n thoi thuXn ty
(trong 5 b7n thn tiFng thoi c?a ng/Hi 5m thoi 5 l m6t dng nhIn thKc no 5)
sang truy4n thng sM li-u khi khng c sK tham gia c?a tiFng thoi.
NhIn thKc trong 3G UMTS 5/Ac chia lm hai phXn: mng nhIn thKc ng/Hi v
ng/Hi s. dDng nhIn thKc mng. C7 hai th? tDc ny 54u x7y ra trong cng m6t trao 51i
b7n tin giTa mng v ng/Hi s. dDng, th? tDc ny gOi l nhIn thKc m6t lXn g.i 5=
gi7m cc b7n tin cXn truy4n. Sau cc th? tDc ny, ng/Hi s. dDng sd tin t/^ng rYng
mng m n nMi 5Fn 5/Ac tin t/^ng, 5= phDc vD thay cho mng nh c?a n. ,8ng thHi,
mng cang tin t/^ng nhIn dng c?a ng/Hi s. dDng l hAp l-. Mng li rJt cXn biFt sM
nhIn dng thKc sK c?a ng/Hi s. dDng 5= tin t/^ng rYng ng/Hi s. dDng ny sd tr7 ti4n
cho cc dBch vD m n cung cJp. M>t khc ng/Hi s. dDng cang muMn nhIn thKc 5= tin
t/^ng rYng cc dBch vD m n tr7 ti4n sd 5/Ac cung cJp.
3.1.2 BVo met
B7o mIt 5= 57m b7o an ninh thng tin 5Mi v9i nhTng kZ khng 5/Ac php. Khi
sM l/Ang thu bao khng ngNng t#ng cho c7 cc cu6c gOi c nhn l<n kinh doanh (v dD
cc dBch vD trKc tuyFn nh/ trao 51i ngn hng) th nhu cXu b7o mIt thng tin ngy
cng tr^ nn bSc thiFt.
B7o mIt trong 3G UMTS 5t 5/Ac bYng cch mIt m ha cc cu6c truy4n
thng giTa thu bao v mng, bYng cch s. dDng nhIn thKc tm thHi TMSI thay cho s.
dDng nhIn dng ton cXu IMSI. MIt m ha 5/Ac thKc hi-n giTa USIM v RNC, b7o
mIt ng/Hi s. dDng 5/Ac thKc hi-n giTa USIM v VLR/SGSN.
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
44
Cc thu6c tnh cXn b7o mIt:
+ NhIn dng thu bao;
+ VB tr hi-n thHi c?a thu bao;
+ SM li-u ng/Hi s. dDng;
+ SM li-u bo hi-u.
NFu mng phDc vD khng hE trA b7o mIt sM li-u ng/Hi s. dDng th thu bao cXn
5/Ac thng bo v4 kh7 n#ng ny bB tN chMi.
3.1.3 Ton vin
,i khi ta cXn ki=m tra b7n tin gMc, m>c d b7n tin ny c th= 5/Ac nhIn tN m6t
pha 5 5/Ac nhIn thKc, xong n v<n c th= bB gi7 mo. ,= khRc phDc vJn 54 ny cXn
c b7o v- ton vLn, khng chV b7o mIt b7n tin m cXn ph7i 57m b7o rYng 5y l b7n tin
chnh thMng.
Ph/:ng php 5= b7o v- ton vLn trong 3G UMTS l to ra cc con dJu b1 sung
cho cc b7n tin. Cc con dJu ny c th= 5/Ac to ra ti cc nt biFt 5/Ac cc kha,
5/Ac rt ra tN m6t kha ch? biFt tr/9c (K). Cc kha ny 5/Ac l/u trong USIM v
AuC. B7o v- ton vLn 5>c bi-t cXn thiFt, v mng phDc vD th/Hng 5/Ac khai thc b^i
m6t nh khai thc khc v9i nh khai thc c?a thu bao.
Thu6c tnh cXn 5/Ac b7o v- ton vLn l cc b7n tin bo hi-u.
CXn l/u rYng ti l9p vIt l, cc bit 5/Ac ki=m tra tnh ton vLn bYng cch
ki=m tra t1ng CRC (ki=m tra vng d/). Xong cc bi-n php ny chV 5/Ac thKc hi-n 5=
5t 5/Ac cc cu6c truy4n thng sM li-u khng mRc lEi trn giao di-n v tuyFn, chS
khng giMng nh/ ton vLn mSc truy4n t7i.
Cc th? tDc an ninh trn giao di-n v tuyFn c?a 3G UMTS 5/Ac thKc hi-n dKa
trn n#m thng sM (b6 n#m Quinlet) l: h l-nh mng (RAND); tr7 lHi k% vOng c?a
ng/Hi s. dDng (XRES); kha mIt m (CK); kha ton vLn (IK) v thZ nhIn thKc mng
(AUTN). Trong 5 AUTN=(SQNAK, AMF, MAC-A). Ton b6 qu trnh to ra cc
thng sM ny ti USIM v VLR/SGSN 5/Ac gOi l qu trnh nhIn thKc v th\a thuIn
kha (AKA). Trong qu trnh ny AuC ph7i to ra cc vec-t: nhIn thKc (AV).


)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
45
3.2 Cc hm met m
3.2.1 Yu csu Uji vui cc giVi thuet v cc hm met m
Cc gi7i thuIt v cc hm mIt m ph7i 5p Sng cc yu cXu ch>t chd. Cc hm
ny ph7i 5/Ac thiFt kF 5= c th= tiFp tDc 5/Ac s. dDng t nhJt 20 n#m. Cc UE chSa
cc hm ny khng bB gi9i hn v4 xuJt kh]u v s. dDng. Cc thiFt bB mng nh/ RNC
v AuC c th= ph7i chBu cc hn chF. Vi-c xuJt kh]u cc nt ny ph7i tun th? th\a
thuIn Wassenaar. Nh/ vIy nh khai thc c th= thiFt lIp thiFt bB v gi7i thuIt theo luIt
v giJy php 5Ba ph/:ng v ng/Hi s. dDng c th= chuy=n mng bYng thiFt bB c?a mnh
mEi khi chuy=n 5Fn m6t mng hay m6t n/9c khc. Khi khng biFt cc kha 5Xu vo,
ta khng th= phn bi-t cc hm ny v9i cc hm ng<u nhin 56c lIp c?a cc 5Xu vo
c?a chng. Thay 51i m6t thng sM 5Xu vo mEi lXn khng th= pht hi-n bJt k% thng
tin no v4 kha ch? (K) hay tr/Hng cXu hnh c?a nh khai thc.
3.2.2 Cc hm met m
Cc tnh n#ng an ninh c?a 3G UMTS 5/Ac thKc hi-n b^i tIp cc hm v cc
gi7i thuIt mIt m. TJt c7 c m/Hi hm mIt m 5= thKc hi-n tnh n#ng ny : f0, f1, f2,
f3, f4, f5, f1*, f5*, f8 v f9. Trong 5, f0 5= to ra h l-nh ng<u nhin (RAND), b]y
hm tiFp theo l cc hm to kha. Chng 54u l 5>c th nh khai thc, v cc kha
5/Ac s. dDng 5= nhIn thKc chV 5/Ac to ra ^ USIM v AuC. ,y l hai mi4n m cng
m6t nh khai thc ph7i chBu trch nhi-m.
Cc hm 5= to ra cc thng sM AKA l: f1, f2, f3, f4, f5, f1* v f5*. Vi-c lKa
chOn cc hm ny v4 nguyn tRc l ty thu6c vo nh khai thc. Do vi-c thiFt kF gi7i
thuIt mIt m mnh cho cc hm ny rJt kh, nn 3GPP 5 cung cJp m6t tIp m<u cc
gi7i thuIt AKA v9i tn gOi l MILENAGE. Vi-c cJu trc cc gi7i thuIt ny dKa trn
m6t gi7i thuIt mIt m mnh 128bit 5/Ac gOi l hm li cng v9i tr/Hng cJu trc b1
sung do nh khai thc lKa chOn. Tiu chu]n mIt m ha tin tiFn (AES) 5/Ac khuyFn
nghB s. dDng cho hm li c?a cc hm f1, f2, f3, f4 v f5.
Hm f1* v f5* 5/Ac s. dDng 5= to kha phDc vD qu trnh 58ng b6 li
Cc hm f8 v f9 s. dDng hm li l b6 mIt m khMi KASUMI.
Cc hm f8 v f9 5/Ac s. dDng trong USIM v RNC, v hai mi4n ny c th=
thu6c hai nh khai thc khc nhau, nn chng khng th= 5>c th nh khai thc. Cc
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
46
hm ny s. dDng kha ch? (K). L do l 5= trnh phn b1 kha ny trn mng v 5=
giT n an ton trong USIM v AuC.
Hm (su vo (su ra Chnc n0ng
f0 RAND To h l-nh ng<u nhin cho
mng
f1 K, SQN, AMF, RAND MAC-A/XMAC-A NhIn thKc mng
f2 K, RAND XRES v RES NhIn thKc ng/Hi s. dDng
f3 K, RAND CK To kha mIt m
f4 K, RAND IK To kha ton vLn
f5 K, RAND AK To kha dJu tn
f1* K, RAND, AMF MAC-S NhIn thKc b7n tin 58ng b6 li
f5* K, RAND AK To kha dJu tn cho b7n tin
58ng b6 li
f8 CK, COUNT-C,
BEARER,
DICRECTION,
LENGTH
KS To lu8ng kha 5= mIt m
ha v gi7i mIt m ha sM li-u
f9 B7n tin bo hi-u
pht/thu,
DICRECTION,IK,
COUNT-I, FRESH
MAC-I v XMAC-I To m nhIn thKc ton vLn
b7n tin.
BSng 3.1 Cc hm m;t m.
3.2.2.1 Hm f8
SM li-u ng/Hi s. dDng v m6t sM phXn t. thng tin bo hi-u 5/Ac coi l nhIy
c7m v ph7i 5/Ac b7o mIt. ,= b7o mIt nhIn dng, sM nhIn dng thu bao di 56ng tm
thHi gi (P-TMSI) ph7i 5/Ac truy4n trong chF 56 b7o mIt ti thHi 5i=m cJp pht v ti
cc thHi 5i=m khc, khi cc th? tDc bo hi-u cho php n. Hm mIt m 57m b7o chF
56 truy4n d<n c b7o v- trn cc knh truy nhIp v tuyFn giTa UE v RNC. Chng ta
dng hm mIt m f8 5= tiFn hnh mIt m ha v gi7i mIt m ha sM li-u (hnh 3.1).
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
47


Hnh 3.1 Qu trnh m;t m ha v giSi m;t m ha bRng hm f8.
Cc thng sM 5Xu vo c?a hm f8 bao g8m:
SM trnh tK mIt m ha (COUNT-C) (32bit), sM ny t#ng mEi khi g.i 5i ho>c
thu v4 m6t b7n tin 5/Ac b7o mIt. C hai b6 5Fm cho 5/Hng ln v 5/Hng xuMng.
Kha mIt m (CK) (128bit) 5/Ac to ra ^ AuC v 5/Ac g.i 5Fn VLR/SGSN
trong cc vec-t: nhIn thKc (AV). Sau khi qu trnh nhIn thKc thnh cng, kha ny
5/Ac g.i 5Fn RNC. USIM to ra cc kha ny trong thHi gian nhIn thKc, khi thKc hi-n
chuy=n giao kha mIt m (CK) 5/Ac truy4n tN RNC hi-n thHi 5Fn RNC m9i 5= 57m
b7o tiFp tDc truy4n thng. CK khng thay 51i khi chuy=n giao. Sd c hai kha CK, m6t

CK
CS
5/Ac thiFt lIp giTa mi4n dBch vD chuy=n mch knh v9i ng/Hi s. dDng v CK
PS
5/Ac thiFt lIp giTa mi4n dBch vD chuy=n mch gi v9i ng/Hi s. dDng.
NhIn dng knh mang (BEARER) (5bit) 5/Ac s. dDng 5= phn bi-t cc knh
mang v tuyFn logic khc nhau lin kFt v9i cng m6t ng/Hi s. dDng trn cng m6t
knh vIt l. ,i4u ny 5/Ac thKc hi-n 5= trnh x7y ra cng m6t thng sM 5Xu vo d<n
5Fn cng m6t lu8ng kha cho cc knh mang v tuyFn khc nhau.
NhIn dng h/9ng (DIRECTION) (1bit) 5/Ac s. dDng 5= phn bi-t cc b7n tin
pht v9i cc b7n tin thu nhYm trnh s. dDng cng m6t thng sM 5Xu vo cho hm.
NhIn dng h/9ng c kch c[ 1bit, v9i 0 cho cc b7n tin ^ 5/Hng ln (xuJt pht tN
USIM) v 1 cho cc b7n tin ^ 5/Hng xuMng (xuJt pht tN RNC). Thng sM ny cng
v9i COUNT-C 57m b7o rYng cc thng sM 5Xu vo thay 51i trong m6t kFt nMi.
Thng sM chi4u di (LENGTH) (16bit) 5/Ac s. dDng 5= 5>t 56 di cho lu8ng
kha (KS). B7n thn thng sM ny khng lm thay 51i cc bit trong KS, nh/ng n 7nh
h/^ng t9i sM bit trong lu8ng ny.
Thng sM ^ 5Xu ra c?a hm l lu8ng kha KS, lu8ng kha ny 5/Ac thKc hi-n
XOR v9i v#n b7n th r8i pht ln giao di-n v tuyFn. Lu8ng kha KS c?a b6 mIt m
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
48
ha l duy nhJt 5Mi v9i tNng khMi. V9i cc thng sM 5Xu vo khc nhau ta sd thu 5/Ac
^ 5Xu ra cc KS khc nhau. V thF c7 pha pht l<n pha thu ph7i 58ng b6 bYng cng
m6t b6 5Fm ti mOi thHi 5i=m 5= to ra cng m6t COUNT-C, bYng khng khng th=
gi7i mIt m ha 5/Ac. ,8ng thHi, c7 USIM v RNC ph7i s. dDng 58ng thHi cng m6t
gi7i thuIt mIt m. USIM thng bo cho RNC v4 cc gi7i thuIt mIt m m n hE trA,
RNC sau 5 chOn gi7i thuIt mIt m sd s. dDng theo /u tin c?a nh khai thc v quy
5Bnh 5Ba ph/:ng. Qu trnh ny 5/Ac gOi l nhIn dng gi7i thuIt mIt m (UEA).
Khi cXn b7o v- ton vLn, b7o mIt chV l ty chOn, tuy nhin ng/Hi s. dDng ph7i
5/Ac thng bo v4 vi-c c cho php mIt m ha hay khng.
3.2.2.2 Hm f9
HXu hFt cc thng tin bo hi-u 5i4u khi=n 5/Ac g.i giTa UE v mng 54u 5/Ac
coi l nhIy c7m v cXn 5/Ac b7o v- ton vLn. Hm ton vLn (f9) 5/Ac s. dDng 5= b7o
v- ton vLn cc b7n tin 5. Tri li sM li-u c?a ng/Hi s. dDng khng 5/Ac b7o v- ton
vLn v n chV 5/Ac b1 sung ^ cc giao thSc bIc cao h:n nFu cXn. B7o v- ton vLn l
bRt bu6c trong 3G UMTS cho cc b7n tin bo hi-u, hm f9 5/Ac s. dDng giMng nh/
AUTN v AUTS. N b1 sung cc dJu Jn vo cc b7n tin 5= 57m b7o rYng cc b7n
tin ny 5/Ac to ra ti nhIn dng hAp l-. N cang 57m b7o rYng b7n tin khng ph7i l
gi7 mo. Qu trnh ki=m tra ton vLn b7n tin bYng hm ton vLn f9 5/Ac m t7 trong
hnh 3.2

Hnh 3.2 Nh;n dLng ton v[n bSn tin v6i sJ dCng hm ton v[n f9.
Cc thng sM 5Xu vo c?a hm f9 bao g8m:
SM trnh tK ton vLn (COUNT-I) (32bit), sM ny t#ng mEi khi g.i 5i ho>c thu v4
m6t b7n tin 5/Ac b7o v- ton vLn. C hai b6 5Fm cho 5/Hng ln v 5/Hng xuMng.
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
49
Kha ton vLn (IK) (128bit) 5/Ac to ra ^ c7 AuC l<n USIM. VLR/SGSN nhIn
IK trong AV tN AuC g.i 5Fn, sau qu trnh nhIn thKc thnh cng n 5/Ac g.i 5Fn
RNC. Khi x7y ra chuy=n giao, kha ton vLn IK 5/Ac chuy=n tN RNC hi-n thHi 5Fn
RNC m9i, kha ny khng 51i khi chuy=n giao.
SM nhIn dng h/9ng (DIRECTION) (1bit) 5/Ac s. dDng 5= phn bi-t b7n tin
pht v b7n tin thu. ,i4u ny cXn thiFt 5= trnh vi-c hm s. dDng cng m6t thng sM
cho cc b7n tin pht 5i v thu v4. SM nhIn dng h/9ng l 1bit, v9i 0 cho b7n tin ^
5/Hng ln (xuJt pht tN USIM) v 1 cho b7n tin ^ 5/Hng xuMng (xuJt pht tN RNC).
Thng sM lm t/:i (FRESH) 5/Ac s. dDng 5= chMng cc tJn cng pht li. M6t
gi trB FRESH 5/Ac Jn 5Bnh cho tNng ng/Hi s. dDng, RNC to ra thng sM ny khi
thiFt lIp kFt nMi. Sau 5, n g.i thng sM ny 5Fn ng/Hi s. dDng bYng l-nh chF 56 an
ninh. ThHi hn hi-u lKc c?a thng sM ny l m6t kFt nMi v gi trB FRESH m9i sd
5/Ac to ra ti kFt nMi sau. Ngoi ra, khi chuy=n giao, FRESH sd 5/Ac 5>t li vo gi
trB m9i.
M6t thng sM quan trOng nhJt cho hm l b7n tin bo hi-u. NhH hm ny m
b7n tin bo hi-u 5/Ac b7o v- ton vLn. NFu trong qu trnh truy4n thng m b7n tin
ny bB thay 51i th sd khng c cc gi trB ^ 5Xu ra (MAC-I v XMAC-I) trng nhau, v
thF n:i nhIn sd tN chMi b7n tin ny.
Thng sM ^ 5Xu ra c?a hm f9 l m nhIn thKc b7n tin ton vLn sM li-u (MAC-I)
v XMAC-I (gi trB k% vOng) 5/Ac s. dDng sau khi kFt thc cc th? tDc AKA, MAC-I
5/Ac to ra ^ pha pht (USIM ho>c RNC) v 5/Ac so snh v9i XMAC-I ti pha thu
(RNC ho>c USIM). Pha pht to ra MAC-I v9i b7n tin 5Xu vo v pha thu s. dDng
chnh b7n tin 5i km cho hm c?a chnh n 5= to ra XMAC-I. NFu chng trng nhau
chSng t\ rYng b7n tin khng bB thay 51i v gMc c?a n 5/Ac nhIn thKc. NFu khng
trng nhau th b7n tin sd bB tN chMi.
Cang t/:ng tK nh/ ^ hm f8 c7 pha pht l<n pha thu ph7i 58ng b6 bYng cng
m6t b6 5Fm ti mOi thHi 5i=m 5= to ra cng m6t COUNT-I. ,8ng thHi, do gi7i thuIt
ton vLn UMTS x7y ra ^ c7 USIM v RNC, nn chng c th= ^ cc mi4n c?a cc nh
khai thc khc nhau. V thF, cc nt c th= hE trA cc gi7i thuIt khc nhau. ,= nhIn
dng cc gi7i thuIt khc nhau 5/Ac s. dDng, mEi gi7i thuIt ton vLn UMTS (UIA) c
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
50
m6t nhIn dng ring 4bit. USIM sd cung cJp cho RNC thng tin v4 cc UIA m n hE
trA v sau 5 RNC quyFt 5Bnh sd s. dDng UIA no.
3.2.3 Sd dang cc hm met m UX t.o AV trong AuC
Vec-t: nhIn thKc (AV) bao g8m cc thng sM: h l-nh ng<u nhin (RAND); tr7
lHi k% vOng tN ng/Hi s. dDng (XRES); kha mIt m (CK); kha ton vLn (IK); v thZ
nhIn thKc mng (AUTN). Hnh 3.3 m t7 qu trnh s. dDng cc hm mIt m 5= to ra
cc AV trong AuC.
XOR f1 f2 f3 f4 f5
RAND
AMF
SQN
To SQN
To RAND (f0)
SQN
AK IK CK XRES MAC-A
AUTN=SQN AK||AMF||MAC-A
AV=RAND||XRES||CK||IK||AUTN
SQN AK
K

Hnh 3.3 Qu trnh tLo cc AV trong AuC.
Nh/ trn ta 5 biFt chSc n#ng c?a cc hm mIt m. Hm f0 to ra h l-nh ng<u
nhin (RAND). Hm f1 v9i cc thng sM 5Xu vo l: RAND; tr/Hng qu7n l nhIn thKc
(AMF); sM trnh tK SQN v kha ch? (K) 5/Ac l/u sin trong AuC sd cho ra ^ 5Xu ra
m nhIn thKc b7n tin dnh cho nhIn thKc (MAC-A), cc hm tiFp theo tN f2 5Fn f5 v9i
cng cc thng sM 5Xu vo l RAND v K sd cho ra ^ 5Xu ra cc thng sM lXn l/At nh/
sau: XRES; CK; IK; AK. AK 5/Ac to ra sau 5 5/Ac XOR v9i SQN 5= to ra
SQNAK. ,Fn 5y ta 5 5/Ac 5Xy 5? cc thng sM c?a AV.
3.2.4 Sd dang cc hm met m UX t.o cc thng sj an ninh trong USIM
,= to ra cc kha 5Xu ra trong USIM, n chV c m6t trong sM bMn thMng sM m
AuC c, 5 l kha ch? (K). Cc thng sM cn li ph7i nhIn tN AuC. Hnh 3.4 m t7
qu trnh to cc thng sM an ninh trong USIM.
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
51


Hnh 3.4 Qu trnh tLo cc thng sG an ninh trong USIM.
Khi USIM nhIn 5/Ac c>p (RAND||AUTN), n bRt 5Xu to ra kha dJu tn
(AK) bYng hm f5 dKa trn sM ng<u nhin RAND thu 5/Ac. BYng cch XOR AK v9i
SQNAK c 5/Ac tN thZ nhIn thKc AUTN ta thu 5/Ac SQN
HE
c?a AuC. Sau 5, hm
f1 5/Ac s. dDng v9i cc 5Xu vo l K, RAND, AMF, SQN cho ra ^ 5Xu ra m nhIn
thKc b7n tin k% vOng (XMAC-A). N tiFn hnh so snh sM ny v9i MAC-A c trong
AUTN. NFu hai sM ny trng nhau, USIM nhIn thKc rYng b7n tin (c>p RAND||AUTN)
nhIn 5/Ac tN chnh HE 5ang qu7n l n. Qu trnh 5/Ac tiFp tDc bYng cc hm to
kha khc. NFu hai sM ny khng trng nhau th b7n tin tN chMi nhIn thKc c?a ng/Hi
s. dDng km theo nguyn nhn 5/Ac g.i tr^ li VLR/SGSN. NFu nhIn thKc thnh
cng, USIM tiFn hnh ki=m tra SQN
HE
c nYm trong d7i c?a SQN
MS
. NFu sM trnh tK
ny nYm trong d7i quy 5Bnh, USIM sd tiFn hnh to ra cc thng sM tiFp theo bYng cch
s. dDng cc hm f2 (to ra RES), f3 (to ra CK), f4 (to ra IK), f5 (to ra AK).
3.2.5 Sd dang cc hm UX Uvng b5 l.i t.i USIM
Khi USIM nhIn thJy chuEi trnh tK SQN
HE
nhIn 5/Ac nYm ngoi d7i c?a
SQN
MS
, cc chSc n#ng to kha bnh th/Hng bB h?y v USIM bRt 5Xu to ra thZ 58ng
b6 li AUTS. Qu trnh 5/Ac miu t7 cD th= trong hnh 3.5.
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
52



Hnh 3.5 TLo AUTS trong USIM.
BYng hm f1* v9i cc thng sM 5Xu vo l h l-nh ng<u nhin (RAND), kha
ch? (K) v tr/Hng qu7n l nhIn thKc (AMF, 5>t bYng 0). Ta 5/Ac ^ 5Xu ra c?a hm m
nhIn thKc b7n tin 58ng b6 li (MAC-S). TiFp theo hm f5* 5/Ac s. dDng v9i hai
thng sM 5Xu vo l K v RAND ta 5/Ac thng sM 5Xu ra l AK. AK 5/Ac XOR v9i
SQN
MS
5= to thnh SQN
MS
AK. Sau 5, SQN
MS
AK v MAC-S 5/Ac ghp vo
thZ 58ng b6 li AUTS. CuMi cng b7n tin sK cM 58ng b6 cng v9i thng sM AUTS
5/Ac g.i t9i VLR/SGSN. Cc hm f1* v f5* chV 5/Ac s. dDng cho th? tDc 58ng b6
li. Cc hm ny 5/Ac xy dKng sao cho cc gi trB c?a chng khng lm l6 cc hm
khc.
3.2.6 Sd dang cc hm UX Uvng b5 l.i t.i AuC
AuC nhIn thKc c>p RAND||AUTS tN VLR/SGSN v thKc hi-n th. tDc 58ng b6
li. Qu trnh 5/Ac miu t7 trong hnh 3.6.
Hm f1* s. dDng cc thng sM 5Xu vo l K, AMF v RAND 5= to ra m nhIn
thKc 58ng b6 li k% vOng (XMAC-S). Sau 5, XMAC-S 5/Ac so snh v9i MAC-S, nFu
trng nhau th th? tDc 5/Ac tiFp tDc di(n ra.
Hm f5* s. dDng cc thng sM 5Xu vo l K v RAND 5= to ra kha dJu tn
(AK) v gi trB ny 5/Ac XOR v9i SQN
MS
AK ta thu 5/Ac SQN
MS
c?a USIM.
AuC tiFn hnh so snh hai sM trnh tK (SQN
MS
v9i SQN
HE
). NFu n nhIn thJy
AV 5/Ac to ra tiFp theo sd 5/Ac USIM tiFp nhIn, n sd g.i cc AV ny tr^ li
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
53
VLR/SGSN. NFu khng c AV no nYm trong d7i 5/Ac USIM tiFp nhIn, AuC ph7i
5>t SQN
HE
=SQN
MS
. VLR/SGSN sd to ra XMAC-S v so snh n v9i MAC-S nhIn
5/Ac tN AUTS (thZ nhIn thKc 58ng b6 li). Qu trnh ny 5/Ac thKc hi-n 5= nhIn thKc
thu bao, nFu thnh cng sM trnh tK c?a AuC (SQN
HE
) sd 5/Ac 5>t li bYng gi trB
SQN
MS
. Sau 5, AuC to ra m6t tIp cc AV m9i. Nh/ 5 ni ^ trn, vi-c to ra nhi4u
AV trong thHi gian thKc c th= lm AuC qu t7i. V thF c th= AuC chV g.i 5Fn
VLR/SGSN m6t AV trong lXn g.i 5Xu tin.
f1* f5*
SQNMS

AMF
K
RAND
AK
SQNMS

AK
XMAC-S

Hnh 3.6 ThH tCc 1Zng b4 lLi trong AuC.
3.2.7 Thn th t.o kha
ThS tK to kha c th= khng 5/Ac thKc hi-n nh/ 5 m t7 ^ trn. ThS tK 5/Ac
m t7 ^ trn l logic, nh/ng thKc hi-n c th= khc, nFu vi-c thKc hi-n ny hi-u qu7
h:n. ,i4u quan trOng l cc kha ph7i sin sng theo thS tK trnh by ^ trn.

3.3 Cc thng sj nhen thhc
Cc thng sM 5/Ac s. dDng trong th? tDc AKA bao g8m:
3.3.1 Cc thng sj c[a vec-tZ nhen thhc (AV)
Cc AV 5/Ac to ra ^ AuC v 5/Ac tIp trung g.i 5Fn mng phDc vD (SN), n:i
chng sd 5/Ac s. dDng cho nhIn thKc. Khi nhIn thKc 5/Ac thKc hi-n, cc kha mIt m
v nhIn thKc c?a AV 5/Ac l/u ti RNC. Cc thng sM c?a AV bao g8m: RAND;
XRES; AUTN; CK; IK.

)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
54
3.3.2 Thw nhen thhc m.ng (AUTN)
ThZ nhIn thKc mng 5/Ac to ra ti AuC v 5/Ac g.i cng v9i RAND tN
VLR/SGSN 5Fn USIM. AUTN bao g8m: SQN
HE
AK||AMF||MAC-A.
3.3.3 TrV lci c[a ng]ci sd dang v gi tr_ k2 vlng (RES&XRES)
RES 5/Ac mng s. dDng 5= nhIn thKc thu bao. Tr/9c hFt XRES 5/Ac to ra ^
AuC v 5/Ac g.i 5Fn VLR/SGSN trong AV. Sau 5, USIM to ra RES (bYng hm f2)
v g.i n 5Fn VLR/SGSN, ti 5y chng 5/Ac so snh v9i nhau. NFu chng trng
nhau th ng/Hi s. dDng 5/Ac nhIn thKc.
3.3.4 M nhen thhc bVn tin dnh cho nhen thhc v gi tr_ k2 vlng (MAC-
A&XMAC-A)
Hai thng sM ny 5/Ac s. dDng trong AKA 5= USIM nhIn thKc mng. USIM
nhIn 5/Ac MAC-A trong AV v so snh v9i XMAC-A do n to ra bYng hm f1. NFu
hai m ny trng nhau th mng 5/Ac USIM nhIn thKc.
3.3.5 Thw Uvng b5 l.i (AUTS)
AUTS 5/Ac to ra ^ USIM (bYng hm f1*&f5*) khi SQN
HE
khng nYm trong
d7i c?a SQN
MS
. Sau 5 n g.i AUTS (c km theo SQN
MS
) 5Fn AuC 5= tiFn hnh th?
tDc 58ng b6 li.
3.3.6 M nhen thhc bVn tin dnh cho Uvng b5 l.i v gi tr_ k2 vlng
(MAC-S&XMAC-S)
Hai thng sM ny 5/Ac s. dDng 5= nhIn thKc USIM tr/9c khi 5>t li sM trnh tK
c?a AuC. Khi USIM nhIn ra sK cM 58ng b6, n to ra MAC-S v g.i n trong AUTS
5Fn AuC. AuC tK to ra gi trB k% vOng XMAC-S v so snh hai thng sM ny v9i
nhau. Hai thng sM ny 5/Ac to ra bYng hm f1*. NFu chng trng nhau, b7n tin sK cM
58ng b6 5/Ac nhIn thKc v SQN
HE
5/Ac 5>t vo vB tr c?a SQN
MS
.







)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
55
3.3.7 Kch cx c[a cc thng sj nhen thhc
D/9i 5y l b7ng thMng k cc thng sM nhIn thKc v9i cc kch c[ km theo.
Thng sj (_nh nghya Sj bit
K Kha ch? (Master Key) 128
RAND H l-nh ng<u nhin 128
SQN SM trnh tK 48
AK Kha n>c danh 48
AMF Tr/Hng qu7n l nhIn thKc 16
MAC M nhIn thKc b7n tin 64
CK Kha mIt m 128
IK Kha ton vLn 128
RES Tr7 lHi c?a ng/Hi s. dDng 32-128
X-RES Tr7 lHi k% vOng c?a ng/Hi s. dDng 32-128
AUTN ThZ nhIn thKc mng 128
AUTS ThZ 58ng b6 li 96-128
MAC-I M nhIn thKc b7n tin cho ton vLn sM li-u 32
BSng 3.2 Kch c] cc thng sG nh;n thVc.

3.4 M hnh an ninh cho giao dign v tuy>n 3G UMTS
NhIn thKc ^ 3G UMTS 5/Ac thKc hi-n ^ c7 hai chi4u: mng nhIn thKc ng/Hi
s. dDng v ng/Ac li. ,= lm 5/Ac 5i4u 5, mng ph7i g.i 5Fn UE m6t b7n tin yu
cXu nhIn thKc c chSa m nhIn thKc MAC-A. Sau 5, USIM sd tnh ton con dJu
ki=m tra nhIn thKc XMAC-A v so snh hai m ny nFu trng nhau th qu trnh nhIn
thKc thnh cng.
MIt m b7n tin 5/Ac thKc hi-n ^ c7 hai chi4u bYng lu8ng kha (KS). Ti RNC
KS 5/Ac to ra tN kha mIt m (CK) trong AV do AuC g.i xuMng. Cn trong USIM,
KS 5/Ac to ra tN CK m CK li 5/Ac tnh ton tN RAND v AUTN (do mng g.i
5Fn).
B7o v- ton vLn cang 5/Ac thKc hi-n ^ c7 hai chi4u bYng nhIn thKc b7n tin ton
vLn, 5/Ac truy4n giTa RNC v UE. ,= 5/Ac nhIn thKc b7n tin pht (tN UE ho>c RNC)
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
56
ph7i 5/Ac 5ng dJu bYng m nhIn thKc b7n tin dnh cho ton vLn (MAC-I). Pha thu
(RNC ho>c UE) tnh ton ra XMAC-I 5= ki=m tra.
Cc thnh phXn quan trOng nhJt lin quan 5Fn an ninh l kha ch? biFt tr/9c
(K) v m6t sM thng sM khc 5/Ac l/u trong USIM v AuC, chng khng bao giH 5/Ac
truy4n ra ngoi kh\i hai vB tr ny. Cang cXn 57m b7o rYng cc thng sM ni trn 58ng
b6 v9i nhau ^ c7 hai pha.
M hnh an ninh t1ng qut cho giao di-n v tuyFn ^ 3G UMTS 5/Ac minh hOa
^ hnh 3.7.


Hnh 3.7 M hnh an ninh cho giao di(n v tuyEn Q 3G UMTS.
3.4.1 M.ng nhen thhc ng]ci sd dang
,= 57m b7o nhIn thKc mng UMTS ta cXn xt 5Fn ba thKc th=: VLR/SGSN;
USIM; HE. VLR/SGSN ki=m tra nhIn dng thu bao giMng nh/ ^ GSM, cn USIM
57m b7o rYng VLR/SGSN 5/Ac HE qu7n l n cho php thKc hi-n 5i4u ny.
NhIn thKc 5/Ac thKc hi-n ngay sau khi mng phDc vD (SN) nhIn dng thu
bao. Qu trnh ny 5/Ac thKc hi-n khi VLR (trong mi4n CS) ho>c SGSN (trong mi4n
PS) g.i yu cXu nhIn thKc 5Fn AuC. TiFp 5Fn VLR/SGSN g.i b7n tin yu cXu nhIn
thKc ng/Hi s. dDng 5Fn UE. Trong b7n tin ny c chSa RAND v AUTN.
Kha ch? (K) trong USIM sd 5/Ac s. dDng kFt hAp v9i hai thng sM
(RAND&AUTN) 5= tnh ton ra thng sM tr7 lHi c?a ng/Hi s. dDng (RES) bYng cch
s. dDng hm mIt m f2. RES c 56 di (32-128bit), sau khi 5/Ac to ra ^ USIM n
5/Ac g.i ng/Ac tr^ li VLR/SGSN. Ti 5y n 5/Ac so snh v9i gi trB k% vOng XRES
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
57
do AuC to ra v g.i 5Fn. NFu hai thng sM ny trng nhau, th nhIn thKc thnh cng.
Qu trnh 5/Ac m t7 ^ hnh 3.8.

Hnh 3.8 Nh;n thVc ng+Mi sJ dCng tLi VLR/SGSN.
3.4.2 USIM nhen thhc m.ng
Nh/ trn 5 nu, 5= 5/Ac nhIn thKc b^i USIM, mng ph7i g.i 5Fn USIM m
nhIn thKc b7n tin dnh cho nhIn thKc (MAC-A). M ny c trong thZ nhIn thKc mng
AUTN cng v9i RAND m mng g.i 5Fn. Sau 5 USIM sd s. dDng hm f1 v9i 5Xu
vo l kha ch? K cng v9i AUTN v RAND 5= tnh ra XMAC-A (gi trB k% vOng).
TiFp 5Fn n tiFn hnh so snh XMAC-A v MAC-A, nFu chng giMng nhau th nhIn
thKc thnh cng. Qu trnh 5/Ac minh hOa ^ hnh 3.9.

Hnh 3.9 Nh;n thVc mLng tLi USIM.
3.4.3 Met m ha UTRAN
Sau khi nhIn thKc c7 ng/Hi s. dDng l<n mng (nhIn thKc qua li) thnh cng,
qu trnh thng tin an ninh bRt 5Xu. ,= c th= thKc hi-n mIt m, c7 hai pha ph7i th\a
thuIn v9i nhau v4 gi7i thuIt mIt m sd 5/Ac s. dDng. Qu trnh mIt m 5/Ac thKc
hi-n ti UE v RNC. ,= thKc hi-n mIt m c7 USIM l<n RNC ph7i to ra cc lu8ng
kha (KS). Qu trnh ny 5/Ac minh hOa trong hnh 3.10.

)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
58


Hnh 3.10 B4 m;t m luZngkha trong UMTS.
Theo 5 ta thJy cc thng sM 5Xu vo c?a hm f8 l: kha mIt m (CK); sM trnh
tK mIt m ha (COUNT-C); nhIn dng knh mang v tuyFn (BEARER); ph/:ng
truy4n (DIRECTION) v 56 di thKc tF c?a lu8ng kha (LENGTH). RNC nhIn 5/Ac
CK trong vec-t: nhIn thKc (AV) 5/Ac g.i t9i tN AuC. Cn ti USIM, CK 5/Ac tnh
ton bYng hm f3 v9i 5Xu vo l K v RAND nhIn 5/Ac tN mng. Sau khi c 5/Ac CK
^ c7 hai pha, RNC chuy=n vo chF 56 mIt m bYng cch g.i 5i l-nh an ninh RRC (kFt
nMi ti nguyn v tuyFn) 5Fn UE.
Trong qu trnh mIt m UMTS, sM li-u v#n b7n gMc 5/Ac c6ng tNng bit v9i sM
li-u m>t n gi7 ng<u nhin c?a KS (hnh 3.10). hu 5i=m l9n nhJt c?a ph/:ng php ny
l c th= to ra sM li-u m>t n tr/9c khi nhIn 5/Ac v#n b7n th. V thF qu trnh mIt
m ha 5/Ac tiFn hnh nhanh h:n. Qu trnh gi7i mIt m 5/Ac tiFn hnh theo cch
t/:ng tK nh/ mIt m ha, xong theo chi4u ng/Ac li.
3.4.4 BVo vg ton vin bo higu RRC
MDc 5ch c?a b7o v- ton vLn l 5= nhIn thKc cc b7n tin 5i4u khi=n. Qu trnh
ny 5/Ac thKc hi-n trn l9p kFt nMi ti nguyn v tuyFn (RRC) giTa UE v RNC. ,=
nhIn thKc ton vLn b7n tin, pha pht (USIM ho>c RNC) ph7i to ra m nhIn thKc b7n
tin dnh cho ton vLn (MAC-I), gRn vo b7n tin 5 5/Ac mIt m v g.i t9i pha thu
(RNC ho>c USIM). Ti pha thu m XMAC-I 5/Ac tnh ton v so snh v9i MAC-I
nhIn 5/Ac. NFu hai m ny trng nhau th b7n tin 5/Ac coi l ton vLn. Qu trnh to
ra MAC-I v XMAC-I 5/Ac thKc hi-n bYng hm f9 v 5/Ac minh hOa ^ hnh 3.11.
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
59

Hnh 3.11 Nh;n thVc ton v[n bSn tin.
Theo 5 ta thJy cc thng sM 5Xu vo c?a hm f9 bao g8m: b7n tin bo hi-u
thu/pht; ph/:ng truy4n (DIRECTION); kha ton vLn (IK); sM trnh tK mIt m
(COUNT-I) v lm t/:i (FRESH). Trong 5, thng sM COUNT-I giMng nh/ b6 5Fm
5/Ac s. dDng 5= mIt m ha, thng sM FRESH 5/Ac s. dDng 5= chMng li kZ xJu chOn
gi trB kh^i 5Xu cho COUNT-I. RNC nhIn 5/Ac IK v CK trong l-nh chF 56 an ninh.
Cn trong USIM, IK 5/Ac tnh bYng hm f4 v9i thng sM 5Xu vo l K v RAND do
mng g.i 5Fn.

3.5 Nhen thhc v thza thuen kha AKA
Th? tDc nhIn thKc v th\a thIn kha AKA 5/Ac thKc hi-n khi:
-ng k ng+Mi sJ dCng trong mLng phCc vC: khi m6t thu bao lXn 5Xu tin nMi
5Fn mng phDc vD (m9i bIt my hay di chuy=n sang n/9c khc) n ph7i tiFn hnh
5#ng k v9i mng phDc vD.
Sau m>i yu c0u dAch vC: l kh7 n#ng 5= thu bao Sng dDng cc giao thSc cao
h:n v thF ph7i thKc hi-n AKA.
Yu c0u c;p nh;t vA tr: khi 5Xu cuMi thay 51i vng 5Bnh vB n cXn cIp nhIt vB tr
c?a mnh vo HLR v VLR.
Yu c0u 1-ng nh;p v hHy 1-ng nh;p: 5y l cc th? tDc kFt nMi v h?y kFt nMi
thu bao 5Fn mng phDc vD.
Yu c0u thiEt l;p lLi kEt nGi: yu cXu ny 5/Ac thKc hi-n khi sM l/Ang cc nhIn
thKc 5Ba ph/:ng 5/Ac thKc hi-n cKc 5i.

)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
60

3.5.1 TRng quan vT AKA
NhIn thKc v th\a thuIn kha (AKA) l m6t trong cc tnh n#ng quan trOng c?a
h- thMng 3G UMTS. TJt c7 cc dBch vD khc 54u phD thu6c vo AKA, v khng th= s.
dDng bJt cS dBch vD no cao h:n m khng ph7i nhIn thKc ng/Hi s. dDng.
,= thKc hi-n cc qu trnh ny trong 3G UMTS, AuC ph7i to ra cc vec-t:
nhIn thKc (AV) dKa trn bMn thng sM: sM ng<u nhin (RAND); kha ch? (K); sM trnh
tK (SQN) v tr/Hng qu7n l nhIn thKc (AMF). AV nhIn 5/Ac sd bao g8m: m nhIn
thKc b7n tin 5= nhIn thKc mng (MAC-A); chT k k% vOng tN ng/Hi s. dDng 5= nhIn
thKc ng/Hi ny (X-RES), kha mIt m (CK); kha ton vLn (IK); kha dJu tn (AK)
v m6t sM thng sM khc 5/Ac s. dDng 5= chMng pht li. Mng cang sd pht cc thng
sM RAND v AUTN=(SQNAK, AMF, MAC-A) 5Fn USIM 5= n to ra m nhIn
thKc b7n tin k% vOng 5= nhIn thKc mng (X-MACA), chT k 5= nhIn thKc n v9i
mng (RES), CK, IK, AK v SQN.
3.5.2 Cc th[ tac AKA
Hnh 3.12 5 miu t7 cD th= cc qu trnh nhIn thKc th\a thuIn kha AKA.

Hnh 3.12 TYng quan qu trnh nh;n thVc v thUa thu;n kha AKA.
Cc th? tDc AKA x7y ra ti USIM, SGSN/VLR v HLR/AuC. V mng phDc vD
5/Ac chia thnh cc mi4n CS v PS. Cc th? tDc 5/Ac nhIn thKc giMng nhau v 56c lIp
trong c7 hai mi4n.
TiFp theo chng ta sd 5i tm hi=u qu trnh nhIn thKc AKA 5/Ac minh hOa ^
hnh 3.12.
NhIn thKc v th\a thuIn kha AKA 5/Ac qu7n l b^i VLR/SGSN m thu bao
nMi t9i. Tr/9c hFt VLR/SGSN phD trch my di 56ng g.i b7n tin yu cXu sM li-u nhIn
thKc IMSI 5Fn HLR (1). Sau khi nhIn 5/Ac b7n tin ny HLR sd 5Bnh vB t9i AuC (n:i
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
61
chSa sM li-u thu bao) v yu cXu cc AV tN trung tm ny. NFu AuC 5 l/u cc AV
cho thu bao n sd tr7 lHi bYng cch g.i m6t hay nhi4u AV tr^ li VLR/SGSN (2).
Thng th/Hng nhi4u AV 5/Ac g.i 5i m6t lXn (c t9i 5AV), nhH vIy gi7m b9t 5/Ac sM
lXn yu cXu AuC v gi7m thi=u l/u l/Ang mng. Tuy nhin, nFu t7i AuC cao n c th=
chV g.i 5i m6t AV. NFu ch/a c sin AV trong c: s^ dT li-u c?a mnh AuC sd tiFn
hnh to ra cc AV m9i.
Sau khi 5 nhIn 5/Ac cc AV tN HLR g.i 5Fn, VLR/SGSN sd l/u chng trong
c: s^ dT li-u c?a mnh v chOn m6t trong sM chng km theo hai thng sM RAND v
AUTN 5= g.i t9i USIM trong b7n tin gOi l yu cXu nhIn thKc RAND(i)||AUTN(i)
(3) thng qua UTRAN.
Sau khi nhIn 5/Ac b7n tin ny, USIM tiFn hnh ki=m tra thZ nhIn thKc mng
AUTN 5= nhIn thKc mng. BYng cch m^ thZ AUTN ra v tiFn hnh so snh MAC-A
v9i XMAC-A do n to ra. NFu hai thng sM ny khng trng nhau th nhIn thKc mng
bB tN chMi. ,i4u ny c nghfa l kha ch? (K) ^ c7 hai mi4n khng giMng nhau. V thF
b7n tin ny khng bRt ngu8n tN mi tr/Hng nh (HE) c?a thu bao. Khi 5, n h?y th?
tDc nhIn thKc mng v g.i 5i b7n tin tN chMi nhIn thKc c?a ng/Hi s. dDng, km theo
l do v4 pha VLR/SGSN. NhIn 5/Ac b7n tin ny VLR/SGSN g.i bo co nhIn
thKc thJt bi km l do t9i HLR. V c th= kh^i 5Xu li cc th? tDc AKA. Qu trnh
ny 5/Ac gOi l USIM tN chMi tr7 lHi. NFu MAC-A v XMAC-A trng nhau th qu
trnh nhIn thKc mng thnh cng.
TiFp theo USIM tiFn hnh to ra cc tr7 lHi tN ng/Hi s. dDng 5= nhIn thKc
mng (RES) v g.i n ng/Ac tr^ li VLR/SGSN (4). Ti 5y RES sd 5/Ac so snh v9i
X-RES (c trong AV do HLR g.i 5Fn). NFu chng giMng nhau th thu bao 5/Ac nhIn
thKc. Nh/ vIy hai n.a nhIn thKc 5 hon tJt. Khi 5 VLR/SGSN nhIn cc kha mIt
m v ton vLn (CK, IK) tN AV v g.i chng 5Fn HE 5ang qu7n l thu bao. Cc kha
ny 5/Ac s. dDng 5= mIt m ha truy4n thng v ki=m tra sK ton vLn c?a b7n tin.
T/:ng tK nh/ thF, USIM cang 58ng thHi to ra cc kha ny.




)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
62
3.6 Th[ tac Uvng b5 l.i AKA
Th? tDc 58ng b6 li x7y ra khi cc chuEi trnh tK trong USIM (SQN
MS
) v trong
AuC (SQN
HE
) khng trng nhau trong m6t d7i quy 5Bnh. SK khc nhau ny 5/Ac pht
hi-n trong USIM khi n tiFn hnh so snh hai sM trnh tK ny v9i nhau. Th? tDc 5/Ac
di(n ra nh/ sau (hnh 3.13):

Hnh 3.13 ThH tCc 1Zng b4 lLi cHa AKA.
VLR/SGSN g.i 5i yu cXu nhIn thKc ng/Hi s. dDng RAND(i)||AUTN(i) 5Fn
USIM (1). Sau khi nhIn 5/Ac b7n tin ny USIM tiFn hnh ki=m tra tnh xc thKc c?a
b7n tin. NFu 5y l b7n tin 5/Ac to ra ti HE qu7n l n th hai sM trnh tK SQN
HE
v
SQN
MS
ph7i nYm trong m6t gi7i, nFu SQN
HE
nYm ngoi d7i c?a SQN
MS
th th? tDc
58ng b6 li 5/Ac tiFn hnh. Khi 5 USIM sd to ra m6t thZ 58ng b6 li (AUTS) v g.i
n 5Fn VLR/SGSN (2). Sau khi nhIn 5/Ac sK cM 58ng b6 VLR/SGSN tm m6t h l-nh
ng<u nhin thch hAp tN b6 nh9 c?a mnh v b1 sung n vo b7n tin yu cXu sM li-u
nhIn thKc v g.i b7n tin ny (yu cXu sM li-u nhIn thKc RAND(i)||AUTS) 5Fn
HLR/AuC 5ang qu7n l thu bao (3). Khi AuC nhIn 5/Ac AUTS tN b7n tin trn, n
tiFn hnh so snh hai sM trnh tK. NFu thJy rYng AV to ra tiFp theo c th= tiFp nhIn
5/Ac, n sd g.i AV ny 5Fn VLR/SGSN (4). NFu khng c AV no trong sM cc AV
5/Ac l/u nYm trong d7i 5/Ac USIM tiFp nhIn, AuC sd tiFn hnh ki=m tra sK ton vLn
c?a b7n tin. Qu trnh ny 5= 57m b7o rYng chnh USIM muMn th? tDc 58ng b6 li, nFu
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
63
nhIn thKc ny thnh cng, chuEi SQN
HE
5/Ac 5>t vo SQN
MS
. Sau 5, AuC sd xa cc
AV ca 58ng thHi to ra cc AV m9i. V vi-c to ra nhi4u AV trong thHi gian thKc c
th= chiFm t7i l9n 5Mi v9i AuC, nn c th= chV m6t AV 5/Ac g.i 5i trong lXn tr7 lHi 5Xu
tin. Khi 5, AV m9i 5/Ac g.i 5Fn tN AuC sd 5/Ac gRn thm thng sM Qi.
Khi VLR/SGSN nhIn 5/Ac cc AV m9i 5/Ac g.i 5Fn tN AuC, n sd xa tJt c7
cc AV ca 5= 57m b7o rYng cc AV ny khng d<n 5Fn sK cM 58ng b6 li khc. Sau
5, VLR/SGSN li thKc hi-n li tN 5Xu th? tDc AKA bYng cch g.i yu cXu nhIn thKc
ng/Hi s. dDng RAND(i)||AUTN(i) 5Fn USIM (1)..
TiFp theo ta 5i tm hi=u v4 s. dDng li cc AV do USIM tN chMi do ki=m tra sM
trnh tK. Vi-c s. dDng li cc AV ny c7n tr^ mng thKc hi-n AKA v9i s. dDng l>p li
m6t AV.
Tuy nhin, vi-c s. dDng li Av li cXn thiFt, v dD khi VLR/SGSN g.i b7n tin
yu cXu nhIn thKc ng/Hi s. dDng 5Fn USIM, nh/ng li khng nhIn 5/Ac tr7 lHi c?a
USIM do mng bB sK cM. Khi v/At qu thHi gian tm dNng 5= chH tr7 lHi, VLR/SGSN
sd tm cch g.i li USIM c>p (RAND(i)||AUTN(i)) m6t lXn nTa. NFu thKc chJt USIM
5 nhIn 5/Ac AV ny lXn 5Xu, n coi rYng sM trnh tK nhIn 5/Ac nYm ngoi d7i. Trong
tr/Hng hAp ny 5= kh^i 5Xu th? tDc 58ng b6 li, USIM kh^i 5Xu bYng cch so snh h
l-nh ng<u nhin vNa nhIn 5/Ac (RAND) v9i RAND nhIn 5/Ac tr/9c 5. NFu chng
trng nhau, n chV cXn g.i 5i tr7 lHi c?a ng/Hi s. dDng (RES) 5/Ac l/u li lXn cuMi
cng. V thF cXn l/u tJt c7 cc thng sM 5/Ac 5>t ra ti USIM.
Trong 3G UMTS ngay c7 khi thKc hi-n cu6c gOi kh]n cang cXn thKc hi-n th?
tDc nhIn thKc. Nh/ng nFu nhIn thKc bB sK cM (do khng c USIM ho>c do khng c
th\a thuIn chuy=n mng) kFt nMi v<n sd 5/Ac thiFt lIp. Cu6c gOi sd chV bB h?y nFu b7o
mIt v ton vLn thJt bi.

3.7 An ninh trong 3G UMTS R5
3.7.1 An ninh miTn m.ng NDS
3.7.1.1 MAPsec
MDc 5ch c?a MAPsec l b7o v- b mIt cang nh/ ton vLn cc tc nghi-p MAP.
B7o v- MAPsec 5/Ac thKc hi-n trong ba chF 56. ChF 56 thS nhJt an ninh khng 5/Ac
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
64
57m b7o, chF 56 thS hai chV b7o v- ton vLn, chF 56 thS ba c7 b mIt l<n ton vLn 54u
5/Ac 57m b7o.
,= 57m b7o b mIt, tiu 54 c?a cc tc nghi-p MAP 5/Ac mIt m ha. M6t tiu
54 an ninh 5/Ac b1 sung 5= chV d<n cch gi7i mIt m. ,= 57m b7o ton vLn, m6t MAC
nTa 5/Ac tnh ton dKa trn t7i tin c?a cc tc nghi-p MAC gMc v tiu 54 an ninh.
M6t thng sM thay 51i theo thHi gian cang 5/Ac s. dDng 5= trnh tJn cng bYng cch
pht li.
3.7.1.2 IPsec
Cc phXn chnh c?a IPsec l tiu 54 nhIn thKc (AH), t7i tin an ninh 5ng bao
(ESP) v trao 51i kha Internet (IKE).
IPsec 5/Ac s. dDng 5= b7o v- cc gi IP. Qu trnh ny 5/Ac thKc hi-n b^i
ESP, n 57m b7o c7 b mIt l<n ton vLn, cn AH chV 57m b7o tnh ton vLn. C7 AH v
ESP 54u cXn cc kha 5= thKc hi-n nhIn thKc v mIt m ha cc gi. V thF tr/9c khi
s. dDng ESP v AH cXn 5m phn cc kha ny. Qu trnh ny 5/Ac thKc hi-n m6t
cch an ninh thng qua IKE 5/Ac xy dKng trn t/^ng mIt m ha kha cng c6ng
nhYm trao 51i thng tin an ninh trn 5/Hng truy4n khng an ninh.
T8n ti hai chF 56 ESP: chF 56 truy4n t7i v chF 56 truy4n tunnel. Trong chF 56
truy4n t7i ton b6 gi IP (trN tiu 54) 54u 5/Ac mIt m ha. Sau 5 m6t tiu 54 ESP
m9i 5/Ac b1 sung giTa tiu 54 IP v phXn vNa 5/Ac mIt m ha. Sau cng m nhIn
thKc b7n tin (MAC) 5/Ac tnh ton cho ton b6, trN tiu 54 IP v MAC 5/Ac 5>t vo
cuMi gi. Ti pha thu, tnh ton ton vLn 5/Ac 57m b7o bYng cch loi b\ tiu 54 IP
kh\i 5Xu gi v MAC kh\i cuMi gi. Sau 5 thKc hi-n hm MAC v so snh 5Xu ra c?a
n v9i MAC trong gi. NFu ton vLn thnh cng, tiu 54 ESP 5/Ac loi b\ v phXn
cn li 5/Ac gi7i m.
Trong chF 56 truy4n tunnel, m6t tiu 54 m9i 5/Ac b1 sung ti 5Xu gi. Sau 5
qu trnh ny 5/Ac tiFn hnh nh/ ^ chF 56 truy4n t7i cho gi m9i nhIn 5/Ac. ,i4u ny
c nghfa l tiu 54 IP c?a gi gMc 5/Ac b7o v-.
Truy4n thng ESP 5/Ac thKc hi-n giTa hai 5Xu cuMi s. dDng chF 56 truy4n t7i.
,= thKc hi-n qu trnh ny hai pha truy4n thng ph7i biFt 5/Ac 5Ba chV IP c?a nhau v
thKc hi-n chSc n#ng IPsec.

)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
65
3.7.2 An ninh IMS
3.7.2.1 Giao thJc khKi t2o phin SIP
SIP lm vi-c nh/ sau: m6t ng/Hi s. dDng ho>c m6t tc nhn ng/Hi s. dDng
(UA) g.i m6t b7n tin lHi mHi INVITE 5Fn m6t ng/Hi s. dDng khc 5= bRt 5Xu phin
hOp n:i m dT li-u 5a ph/:ng ti-n 5/Ac trao 51i. SIP ?y thc gip ng/Hi s. dDng thKc
hi-n nhi-m vD ny. UA ny cang g.i b7n tin 5#ng k REGISTER t9i cc Server SIP,
ci m 5/Ac gOi l cc h6 tBch vin. Vi-c 5#ng k c?a UA ny gip cho cc UA khc
c th= tm 5/Ac n. UA 5/Ac mHi sd g.i tr^ li UA mHi m6t b7n tin OK nFu quyFt
5inh chJp nhIn phin hOp. Trong t7i c?a cc b7n tin SIP, cc phin truy4n thng s.
dDng giao thSc miu t7 phin (SDP). Cc 5>c tnh ny bao g8m tn v thHi gian c?a
phin, ki=u v dng c?a chuEi truy4n thng, cc 5Ba chV v c1ng c?a n:i nhIn. Ng/Hi
s. dDng c th= kFt thc cc phin ny bYng vi-c g.i b7n tin BYE.
SIP dKa trn cch thSc h\i v tr7 lHi, t/:ng tK nh/ HTTP. MEi b7n tin SIP l
m6t yu cXu 5/Ac g.i tN m6t Client t9i m6t Server ho>c m6t tr7 lHi 5/Ac g.i ng/Ac tr^
li. Ch rYng UA bao g8m c7 hai Server (UAS) v Client (UAC).
C 6 ki=u yu cXu c: b7n, 5/Ac gOi l cc ph/:ng thSc trong SIP:
REGISTER s. dDng cho vi-c 5#ng k thng tin cho m6t ng/Hi s. dDng; INVITE;
ACK v CANCEL 5= thiFt lIp cc phin; BYE 5= kFt thc cc phin;
OPTION 5= tm ra cc kh7 n#ng c?a Server. Ngoi ra cn c INFO 5= truy4n cc
thng tin bo hi-u phin trung bnh v MESSAGE cho cc b7n tin gJp.
Cc tr7 lHi bao g8m m6t m tnh trng to thnh tN ba sM nguyn. SM 5Xu tin
cho biFt ki=u c?a tr7 lHi trong cc dng d/9i 5y:
+ 1xx l tr7 lHi c nhn, 5/Ac thiFt lIp trong qu trnh x. l kFt qu7;
+ 2xx bi=u thB yu cXu 5/Ac chJp nhIn;
+ 3xx bi=u thB gin tiFp;
+ 4xx bi=u thB lEi Client, bYng cch no 5 m6t yu cXu tr^ nn xJu ho>c g.i
nhXm Server;
+ 5xx bi=u thB lEi Server (v dD yu cXu hAp l- nh/ng Server khng thKc hi-n n);
+ 6xx l lEi cDc b6, yu cXu khng th= 5/Ac thKc hi-n b^i tJt c7 cc Server.
M6t giao dBch bao g8m yu cXu 5/Ac g.i 5i bYng m6t Client v tJt c7 tr7 lHi
cho cc yu cXu 5 5/Ac g.i li b^i m6t Server. L9p giao dBch SIP chBu trch nhi-m
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
66
truy4n li cc yu cXu v tr7 lHi, lm kh9p cc tr7 lHi cho 5ng v9i cc yu cXu v
khng tnh thHi gian.
Yu cXu INVITE thiFt lIp m6t h6p thoi: m6t mMi quan h- SIP ngang hng, t8n
ti m6t thHi gian v bao g8m vi giao dBch. H6p thoi cang lm cho vi-c sRp xFp d(
dng h:n v vi-c 5Bnh tuyFn cc b7n tin SIP giTa cc UA chnh xc h:n.
Ngoi ra, cc b7n tin SIP cn bao g8m cc tr/Hng tiu 54 v n6i dung b7n tin.
D/9i 5y l v dD v4 cc ki=u ti4u 54:
+ Via: bao g8m 5Ba chV 5= 5/Ac tr7 lHi;
+ To: ghi r m6t cch logic theo yu cXu c?a ng/Hi nhIn;
+ From: chV thB kh^i 5Xu c?a m6t yu cXu;
+ Call-ID: nhIn dng duy nht m6t phin c?a m6t ng/Hi dng cD th=;
+ Contact: h/9ng t9i m6t nhIn dng ti nguyn 58ng dng (URI) v nghfa c?a
chng phD thu6c vo ki=u yu cXu;
+ Content-Type: bi=u thB ki=u thng tin 5/Ac truy4n trong n6i dung b7n tin;
+ Authentication-Info: 5/Ac s. dDng 5= nhIn thKc qua li b^i c: chF tm tRt
HTTP;
+ Authorization: bao g8m cc giJy chSng nhIn c?a UA cXn cho vi-c nhIn thKc;
+ Priority: bi=u thB sK kh]n cJp c?a yu cXu;
+ Record-Router: 5/Ac thm vo b^i sK ?y thc cho cc yu cXu trong t/:ng lai
5= 5Bnh tuyFn thng qua cng m6t sK ?y thc;
+ Subject: bi=u thB 5>c tnh/b7n chJt c?a cu6c gOi.
3.7.2.2 Ki:n trc an ninh IMS
Trong mi4n PS, dBch vD chV 5/Ac cung cJp khi 5 thiFt lIp m6t lin kFt an ninh
giTa thiFt bB di 56ng v mng. IMS v4 b7n chJt l m6t h- thMng xFp ch8ng lin mi4n.
V thF cXn c m6t lin kFt an ninh ring giTa Client 5a ph/:ng ti-n v IMS, tr/9c khi
cho php truy nhIp cc dBch vD 5a ph/:ng ti-n. KiFn trc an ninh IMS 5/Ac cho ^
hnh 3.14.
Cc kha nhIn thKc IMS v cc hm ti pha ng/Hi s. dDng 5/Ac l/u ti UICC.
Cc kha v cc hm ny c th= 56c lIp logic v9i cc kha v cc hm s. dDng 5=
nhIn thKc cho mi4n. Tuy nhin, 5i4u ny khng c7n tr^ vi-c s. dDng cc kha nhIn
thKc v cc hm chung cho vi-c nhIn thKc c7 mi4n IMS l<n mi4n PS.
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
67


Hnh 3.14 KiEn trc an ninh IMS.
T8n ti n#m lin kFt an ninh v cc nhu cXu khc nhau 5= b7o v- an ninh cho
IMS, cc lin kFt ny 5/Ac 5nh sM 1, 2...5 trn hnh 3.14 nh/ sau:
1. ,7m b7o nhIn thKc t/:ng hE. HSS giao ph thKc hi-n nhIn thKc thu bao
cho IMS CSCF. Tuy nhin n chBu trch nhi-m to ra cc kha v cc h l-nh. Kha
di hn trong m dun nhIn dng dBch vD 5a ph/:ng ti-n Internet (ISIM) v HSS lin
kFt v9i nhIn dng ring 5a ph/:ng ti-n Internet (IMPI). Thu bao sd c m6t nhIn dng
ring ng/Hi s. dDng trong mng (IMPI) v t nhJt m6t dng cng c6ng ng/Hi s. dDng
bn ngoi (IMPI: nhIn dng cng c6ng 5a ph/:ng ti-n Internet).
2. ,7m b7o 5/Hng truy4n an ninh v lin kFt an ninh giTa UE v P-CSCF 5=
b7o v- 5i=m giao di-n Gm. NhIn thKc ngu8n gMc sM li-u 5/Ac 57m b7o (chSng thKc
rYng ngu8n gMc sM li-u nhIn 5/Ac l 5ng nh/ yu cXu).
3. ,7m b7o an ninh giTa mi4n mng bn ngoi cho giao di-n Cx.
4. ,7m b7o an ninh giTa cc mng khc nhau 5Mi v9i cc nt c kh7 n#ng SIP.
5. ,7m b7o an ninh trong mng giTa cc nt c kh7 n#ng SIP.





)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
68
3.7.2.3 M hnh an ninh IMS cLa UMTS R5
3G UMTS R5 chV thay 51i mng li chuy=n mch gi, cn phXn chuy=n mch
knh c?a mng li c th= l MSC/GMSC c?a cc kiFn trc tr/9c. R5 5/a ra hai phXn
t. chnh v mng li (m t7 cho tr/Hng hAp kFt nMi cu6c gOi giTa cc IMS).

Hnh 3.15 KiEn trc an ninh IMS cHa UMTS R5.
1. Mi4n mng li m9i: 5/Ac gOi l h- thMng con mng li 5a ph/:ng ti-n IP
(IMS).
2. Nng cJp cc SGSN 5= hE trA thoi thHi gian thKc v cc dBch vD nhy c7m
khc hay IMS.
Vng 5a ph/:ng ti-n Internet 5/Ac xy dKng trn c: s^ giao thSc kh^i to
phin (SIP) dKa trn cng ngh- VoIP. Trong mi4n PS, dBch vD khng 5/Ac cung cJp
chNng no ch/a 5/Ac lin kFt an ninh giTa cc thiFt bB di 56ng v mng. IMS ch8ng
lJn ln mi4n PS v t l- thu6c vo mi4n ny. ,i4u khi=n trong R5 5/Ac thKc hi-n b^i
mng nh. SK 5i4u khi=n phSc tp ny d<n 5Fn sK xuJt hi-n 3 chSc n#ng 5i4u khi=n
tnh trng cu6c gOi (CSCF): I-CSCF (CSCF h\i); S-CSCF (CSCF phDc vD) v P-CSCF
(CSCF ?y khc). ,= s. dDng dBch vD c?a IMS, tr/9c hFt ng/Hi s. dDng ph7i 5#ng k
v9i mng. Trong mOi tr/Hng hAp d ^ mng nh hay mng khch th? tDc ny 5/Ac
thKc hi-n qua P-CSCF. P-CSCF vNa 57m b7o hE trA phin 5a ph/:ng ti-n c: s^, vNa
5ng vai tr nh/ m6t t/Hng l.a cho mi4n IMS. Qu trnh ng/Hi s. dDng tm thJy P-
CSCF nh/ sau: tr/9c hFt user tch cKc m6t phin PDP context 5= bo hi-u v 5#ng k,
nhIn 5/Ac m6t 5Ba chV IP 56ng ho>c tfnh, sau 5 user ny sd g.i m6t tra h\i h- thMng
tn mi4n (DNS) v4 P-CSCF. Khi 5 DNS ti GGSN g.i tr7 lHi 5Ba chV c?a P-CSCF.
TJt c7 bo hi-u UE-mng 54u 5/Ac g.i 5Fn P-CSCF v 5Xu cuMi di 56ng khng th=
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
69
biFt 5/Ac 5Ba chV c?a cc CSCF khc. M6t b7n tin 5#ng k 5/Ac g.i 5Fn P-CSCF, b7n
tin ny 5/Ac P-CSCF chuy=n 5Fn I-CSCF trong mng nh (P-CSCF nhIn dng mng
nh theo IMSI ho>c SIP URL c?a ng/Hi s. dDng). I-CSCF 5ng vai tr nh/ m6t c1ng
5Mi v9i mng khc, c nhi-m vD ki=m sot truy nhIp IMS qua cc mng khc v h\i
HSS. S-CSCF c nhi4u chSc n#ng h:n P-CSCF v I-CSCF. N truy nhIp 5Fn cc ti
nguyn cXn thiFt 5= x. l dBch vD 5/Ac yu cXu. HSS l m6t HLR 5/Ac b1 sung cc
kh7 n#ng m9i ph hAp cho mi4n IM.
3.7.2.4 Qu trnh B3ng k v nh7n th$c trong IMS
Trong mDc ny chng ta sd tm hi=u t1ng quan v4 cc thnh phXn c?a kiFn trc
an ninh IMS 5/Ac s. dDng trong giao thSc kh^i to phin (SIP) (hnh 3.16).
C hai th? tDc quan trOng trong c7 b7n thn giao thSc kh^i to phin (SIP) l<n
an ninh IMS, 5 l: REGISTER 5= 5#ng k v INVITE 5= thiFt lIp cc phin.
Chng ta sd ni 5Fn gi7i php an ninh cho IMS xung quanh hai chSc n#ng c: b7n ny.
S. dDng IMS dKa trn c: s^ c?a sK tn thnh. Ng/Hi s. dDng th\a thuIn v9i
ng/Hi qu7n l IMS v c m6t nhIn dng ring IMS (IMPI) ci ny 5/Ac l/u ^ c7 ISIM
l<n HSS. N cang l m6t mIt m, kho ch? (K 128bit) 5/Ac l/u trong b6 nMi c?a
IMPI. IMPI khng 5/Ac chV 5Bnh 5= 54 5Ba chV ng/Hi s. dDng; thay vo 5 t8n ti t
nhJt m6t nhIn dng cng c6ng IMS (5/Ac ci vo IMPI). C th= c sK khc nhau v4
cc 5>c 5i=m dBch vD bn trong m6t ti=u mDc 5:n gi7n, cc IMPU khc nhau sd 5/Ac
nMi t9i cng m6t IMPI. V4 m>t k_ thuIt th IMPI c hnh th= c?a nhIn dng truy nhIp
mng (NAI), trong khi IMPU c hnh th= c?a m6t SIP URI ho>c URL(5Bnh vB ti
nguyn 58ng dng).
Tr/9c khi m6t thu bao c th= bRt 5Xu s. dDng dBch vD 5/Ac cung cJp b^i IMS,
thu bao 5 ph7i thKc hi-n 5#ng k, cng vi-c ny c th= 5/Ac thKc hi-n bYng vi-c g.i
5i m6t b7n tin yu cXu REGISTER t9i m6t CSCF ue thc (P-CSCF). B7n tin ny bao
g8m c7 5Ba chV ring IMPI 5= 5/Ac nhIn thKc v t nhJt m6t IMPU 5= 5/Ac 5#ng k.
Cc vJn 54 c?a qu trnh tm kiFm 5Ba chV c?a m6t P-CSCF thch hAp 5/Ac thKc hi-n
b^i bo hi-u trong mi4n PS c?a 3G UMTS R5.

)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
70

Hnh 3.16 -ng k v nh;n thVc trong IMS.
P-CSCF chuy=n tiFp yu cXu 5#ng k (REGISTER) 5Fn CSCF h\i (I-CSCF),
chng lXn l/At giao tiFp v9i HSS 5= xc 5Bnh vB tr c?a m6t CSCF phDc vD (S-CSCF)
thch hAp cho ng/Hi s. dDng. TJt c7 cc qu trnh thng tin ny cang nh/ tJt c7 qu
trnh thng tin sau ny giTa cc thnh phXn mng (NE), 54u 5/Ac b7o v- b^i ph/:ng
thSc an ninh mi4n mng (NDS) s. dDng cc lin kFt an ninh (SA), SA khng ring bi-t
5Mi v9i tNng thu bao.
Sau khi S-CSCF 5/Ac xc 5Bnh, b7n tin 5#ng k REGISTER 5/Ac chuy=n
tiFp 5Fn n. Sau 5, S-CSCF yu cXu HSS g.i 5Fn cho n cc AV. CXn l/u th? tDc
nhIn thKc v th\a thuIn kha IMS 5/Ac thKc hi-n nh/ nhau ^ c7 mi4n PS l<n CS v
c cng m6t mDc 5ch. H:n nTa n cang c th= s. dDng li cc m-dun anh ninh giMng
nhau bn pha ng/Hi s. dDng (v dD s. dDng li USIM) nh/ l ISIM. Trong tr/Hng hAp
ny cc thng sM 5>c tr/ng cho IMS c th= 5/Ac l/u trong 5Xu cuMi di 56ng v chng
cang lin quan 5Fn bn mng, 5ng ch nhJt l HSS c kh7 n#ng s. dDng cng m6t
AuC 5= s. dDng cho c7 mi4n CS v PS.
)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
71
HSS g.i cc AV 5Fn cho S-CSCF, 58ng thHi n tiFn hnh l/u 5Ba chV c?a S-
CSCF 5/Ac chOn. TiFp theo, S-CSCF chOn AV 5Xu tin v g.i ba ho>c bMn thng sM
(ngoi trN XRES v c th= c c7 CK) t9i P-CSCF thng qua I-CSCF. Sau khi nhIn
5/Ac cc thng sM ny, P-CSCF lJy ra kha ton vLn (IK) v chuy=n tiFp RAND v
AUTN 5Fn UE. B7n tin SIP 5/Ac s. dDng 5= truy4n tJt c7 cc thng tin ny l 401
Authorized. V thF, tN kha cnh SIP thuXn ty vi-c th. 5#ng k 5Xu tin 5 thJt bi.
Tuy nhin, ISIM trong UE by giH c kh7 n#ng ki=m tra tnh hAp l- c?a AUTN,
58ng thHi nFu kFt qu7 c?a vi-c ki=m tra 5/Ac xc thKc th RES v IK cang 5/Ac tnh
ton. M6t thng sM nhIn 5/Ac tN RES k= c7 trong yu cXu REGISTER sd 5/Ac b7o v-
ton vLn b^i kha ton vLn (IK). B7o v- ton vLn 5/Ac thKc hi-n bYng ph/:ng ti-n
c?a giao thSc 5ng bao t7i trOng an ninh (ESP) trong IPsec. Kha ton vLn IK l m6t
phXn quan trOng nhJt c?a ESP.
TiFp theo, m6t b7n tin REGISTER m9i 5/Ac g.i 5Fn P-CSCF, sau 5 n
5/Ac chuy=n tiFp 5Fn I-CSCF. TiFp 5Fn chng 5/Ac ki=m tra tnh hAp l- c?a 5Ba chV S-
CSCF b^i HSS. Ch rYng I-CSCF 57m b7o v 5i4u ki-n cho cc thu bao.
REGISTER sau 5 5/Ac chuy=n tiFp 5Fn S-CSCF, ti 5y RES (nhIn 5/Ac tN UE)
5/Ac so snh v9i XRES. NFu chng giMng nhau, th b7n tin OK sd 5/Ac g.i ng/Ac
tr^ li UE.
Th? tDc AKA by giH 5 5/Ac hon tJt v kFt qu7 cuMi cng nh/ sau:
+ UE v P-CSCF dng chung IPsec ESP SA, ci m c th= 5/Ac s. dDng 5= b7o
v- tJt c7 cc cu6c truy4n thng giTa chng.
+ S-CSCF v HSS c c7 hai sK thay 51i tnh trng c?a thu bao tN khng 5#ng
k 5Fn 5#ng k.
S-CSCF lun lun thKc hi-n th? tDc AKA ti thHi 5i=m kh^i 5Xu 5#ng k. ,=
5#ng k li, nhIn thKc c th= 5/Ac b\ qua, phD thu6c vo vi-c chOn lKa c?a S-CSCF.
S-CSCF cang c th= bRt bu6c UE 5#ng k li ti bJt cS thHi 5i=m no. V thF, S-CSCF
c th= nhIn thKc UE bJt cS khi no n muMn.




)D n tFt nghi&p B2i hGc Ch"ng 3: Gi>i php an ninh trong 3G UMTS
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
72
3.8 K>t luen
,y l ch/:ng chnh c?a quy=n 58 n, n6i dung c?a ch/:ng 54 cIp 5Fn cc
gi7i php an ninh trong h- thMng 3G UMTS. An ninh trong 3G 5/Ac 57m b7o b^i ba
nguyn l: nhIn thKc; b7o mIt v ton vLn. NhIn thKc 5= 57m b7o chV c ng/Hi s.
dDng hAp php m9i 5/Ac quy4n truy nhIp thnh cng vo h- thMng, nhIn thKc ^ 3G
UMTS 5/Ac thKc hi-n ^ c7 hai chi4u: mng nhIn thKc ng/Hi s. dDng v ng/Hi s.
dDng nhIn thKc mng. Ki=u nhIn thKc ny cn 5/Ac gOi l nhIn thKc qua li. B7o mIt
v ton vLn 57m b7o tnh ring t/ v an ton thng tin c?a ng/Hi s. dDng. ,= lm
5/Ac 5i4u 5 an ninh 3G UMTS 5 thKc hi-n th? tDc nhIn thKc v th\a thuIn kha
AKA. Khi ng/Hi s. dDng m9i truy nhIp lXn 5Xu vo h- thMng, yu cXu kFt nMi, h?y kFt
nMi, yu cXu s. dDng cc Sng dDng dBch vD cao h:n...... 54u ph7i thKc hi-n th? tDc ny.
Th? tDc ny thKc hi-n 5/Ac bYng cch s. dDng cc hm mIt m (l cc hm m6t
chi4u), cng v9i kha ch? (K) 5/Ac l/u trong USIM v AuC, 5= to ra cc vec-t: nhIn
thKc v cc thng sM nhIn thKc....... b cJu trc 3G UMTS R5 an ninh 5/Ac 57m b7o
bYng cc c: chF an ninh mi4n mng (IPsec v MAPsec), an ninh IMS, v 3G UMTS
R5 l cJu trc mng ton IP. TJt c7 cc 5>c 5i=m trn 54u to nn m6t h- thMng 3G
UMTS 57m b7o an ninh h:n h`n h- thMng 2G GSM.



K:t lu7n
Ph2m V3n Qu5nh, H07VTTD_______________________________________________
ix
KET LUBN
Trong vi2n thng ni chung v trong thng tin di 14ng ni ring, 1Sm bSo an
ninh thng tin lun l yu c0u c?p thiEt. H( thGng thng tin di 14ng thE h( thT ba ra
1Mi 1 mang 1En cho khch hng nh*ng dAch vC di 14ng v6i nhi"u +u 1i9m v+:t tr4i,
dAch vC lLi phong ph v 1a dLng. Thng tin di 14ng 1ang ngy cng 1+:c Tng dCng
su r4ng vo mPi ngnh ngh" kinh tE cKng nh+ 1Mi sGng sinh hoLt cHa ng+Mi dn. V6i
chiEc 1i(n thoLi di 14ng c h> tr: dAch vC 3G khch hng c th9 thVc hi(n mPi cng
vi(c, t< vi(c nhWn tin gPi 1i(n v6i bLn b, giao l+u hPc hUi 19 trao dZi kiEn thTc, 1En
vi(c thVc hi(n cc giao dAch ngn hng trVc tuyEn. NEu khng 1Sm bSo an ninh th
thi(t hLi v" kinh tE sa v cng to l6n, l:i ch cHa khch hng khng 1+:c 1Sm bSo, uy
tn nh mLng bA giSm st, chnh v thE 1Sm bSo an ninh trong h( thGng 3G UMTS l
m4t vi(c lm hEt sTc quan trPng. Qua 1Z n ny em 1 1i tm hi9u 1+:c m4t sG v?n 1"
sau:
TiEn trnh pht tri9n cHa h( thGng thng tin di 14ng, cc 1Xc 1i9m c7 bSn, dAch
vC v cc c?u trc cHa h( thGng thng tin di 14ng thE h( thT ba.
Cc 1e dPa an ninh trong thng tin di 14ng, cc cng ngh( an ninh, an ninh
giao thTc v tuyEn, an ninh trong h( thGng thng tin di 14ng thE h( thT hai.
M hnh kiEn trc an ninh trong h( thGng thng tin di 14ng thE h( thT ba, m
hnh an ninh cho giao di(n v tuyEn 3G UMTS, cc hm m;t m, cc thng sG nh;n
thVc, thH tCc AKA, an ninh trong 3G UMTS R5.
Do 1y l m4t 1" ti t+7ng 1Gi m6i, khS n-ng, kiEn thTc cHa bSn thn cn hLn
chE nn quy9n 1Z n ny chWc chWn khng th9 trnh khUi nh*ng thiEu st. Em r?t
mong nh;n 1+:c sV chN bSo t;n tnh h7n n*a cHa cc th0y, c gio v sV gp nhi(t
tnh, thbng thWn cHa bLn b 19 1" ti ny 1+:c hon thi(n h7n n*a.

BWc Ninh, Ngy 20 thng 01 n-m 2010
Sinh vin (k)



PhLm V-n Qu^nh
Ti li&u tham kh>o

Ph2m V3n Qu5nh, H07VTTD x
TI LI#U THAM KHHO
1. TS. Nguy(n Phm Anh Dang, An Ninh Trong Thng Tin Di 4ng, NXB B/u
,i-n, 2006.
2. TS. Nguy(n Phm Anh Dang, Gio Trnh Thng Tin Di 4ng ThE H( Ba,
NXB B/u ,i-n, 2004.
3. TS. Nguy(n Phm Anh Dang, Gio Trnh Thng Tin Di 4ng, NXB B/u
,i-n, 2002.
4. Valtteri Niemi and Kaisa Nyberg, UMTS Security, John Wiley & Sons Ltd,
2003.
5. http://vntelecom.org.
6. http://tapchibcvt.gov.vn.