ĐẠI HỌC BÁCH KHOA HÀ NỘITRƯỜNG ĐIỆN - ĐIỆN TỬ BÁO CÁO GIỮA KỲ Đề tài: THIẾT KẾ VÀ PHÁT TRIỂN HỆ THỐNG BẢO MẬT VÀ MÃ HÓA ĐỂ ĐẢM BẢO AN NINH THÔNG TIN VÀ TRUYỀN THÔNG Sinh viên thực hiện:
Trang 1ĐẠI HỌC BÁCH KHOA HÀ NỘI
TRƯỜNG ĐIỆN - ĐIỆN TỬ
BÁO CÁO GIỮA KỲ
Đề tài:
THIẾT KẾ VÀ PHÁT TRIỂN HỆ THỐNG BẢO MẬT VÀ MÃ HÓA ĐỂ ĐẢM BẢO
AN NINH THÔNG TIN VÀ TRUYỀN THÔNG
Sinh viên thực hiện: VŨ TUẤN ANH
Trang 2LỜI NÓI ĐẦU
Trong kỷ nguyên số hóa hiện đại, khi mà thông tin và truyền thông trở thành huyếtmạch của mọi hoạt động kinh tế, chính trị và xã hội, việc đảm bảo an ninh thông tin đãtrở thành mối quan tâm hàng đầu Các hệ thống bảo mật và mã hóa không chỉ đóng vaitrò như những tường thành vững chắc ngăn chặn các cuộc tấn công từ bên ngoài mà còn
là công cụ bảo vệ quyền riêng tư và dữ liệu quan trọng Thiết kế và phát triển các hệthống bảo mật và mã hóa hiệu quả đòi hỏi sự kết hợp tinh tế giữa công nghệ tiên tiến vànhững phương pháp khoa học hiện đại
Trong bối cảnh ngày càng nhiều mối đe dọa từ các hacker và tội phạm mạng, việcnâng cao khả năng bảo vệ thông tin cá nhân và doanh nghiệp không chỉ là một lựa chọn
mà là một yêu cầu tất yếu Các công nghệ mã hóa hiện đại như AES, RSA, và các thuậttoán hash không chỉ giúp bảo vệ dữ liệu khi lưu trữ mà còn trong quá trình truyền tải quamạng Đồng thời, việc áp dụng các tiêu chuẩn an ninh như ISO/IEC 27001 và các giaothức bảo mật như SSL/TLS là vô cùng cần thiết để đảm bảo tính toàn vẹn và bảo mậtcủa thông tin
Hơn thế nữa, với sự phát triển của các công nghệ như blockchain và trí tuệ nhântạo, các hệ thống bảo mật và mã hóa ngày càng trở nên phức tạp và hiệu quả hơn, mở ranhiều cơ hội mới nhưng cũng đồng thời đòi hỏi những hiểu biết sâu rộng và liên tục cậpnhật Chính trong bối cảnh này, việc hiểu rõ và triển khai đúng đắn các biện pháp bảomật và mã hóa không chỉ góp phần bảo vệ thông tin mà còn thúc đẩy sự phát triển bềnvững và ổn định của xã hội
Mục đích của bài báo cáo này là nhằm cung cấp một cái nhìn toàn diện về việcthiết kế và phát triển các hệ thống bảo mật và mã hóa, qua đó nhấn mạnh tầm quan trọngcủa an ninh thông tin và truyền thông trong bối cảnh các mối đe dọa mạng ngày cànggia tăng Báo cáo không chỉ giúp nâng cao nhận thức về các biện pháp bảo mật mà còn
đề xuất những giải pháp hiệu quả để bảo vệ dữ liệu và đảm bảo an toàn thông tin.Xin cảm ơn chị Bùi Vân Anh và Thầy Nguyễn Tiến Hoà đã giúp tôi hoàn thành bàibáo cáo này một cách trọn vẹn nhất Xin cảm ơn
Trang 3LỜI CAM ĐOAN
Tôi tên là Vũ Tuấn Anh, mã số sinh viên 20223864, sinh viên lớp ĐT11, khóa 67.Người hướng dẫn là TS NGUYỄN TIẾN HÒA Tôi xin cam đoan toàn bộ nội dung đượctrình bày trong báo cáo giữa kỳ THIẾT KẾ VÀ PHÁT TRIỂN HỆ THỐNG BẢO MẬT
VÀ MÃ HÓA ĐỂ ĐẢM BẢO AN NINH THÔNG TIN VÀ TRUYỀN THÔNG: Mọithông tin trích dẫn đều tuân thủ các quy định về sở hữu trí tuệ; các tài liệu tham khảođược liệt kê rõ ràng Tôi xin chịu hoàn toàn trách nhiệm với những nội dung được viếttrong đồ án này
Hà Nội, November 10, 2024
Người cam đoan
VŨ TUẤN ANH
Trang 4sures 32.1.4 The Connection between Data Encryption and Database 52.2 Network Communication Security 62.2.1 Encryption Granularity of Data Encryption Technology in Net-
work Communication Security 62.2.2 Key Research 7
3.1 Experimental Background 93.2 Experimental Process 93.3 Experimenter Information and Related Data 123.4 Contrast Analysis and Analysis of the Security Performance of Data En-cryption Algorithms for Computer Network Communication Security 16
Trang 5TÀI LIỆU THAM KHẢO 20
Trang 6GLOSSARY
Trang 7LIST OF FIGURES
Figures 3.1 Figure 3.1 14
Figures 3.2 Figure 3.2 14
Figures 3.3 Figure 3.3 15
Figures 3.4 Figure 3.4 16
Figures 3.5 Figure 3.5 17
Trang 8LIST OF TABLES
Table 3.1 Linear table corresponding experimental data 11Table 3.2 List of conflicts 12
Trang 10of computer applications, the society is now threatened by data security risks A largeamount of personal information, enterprise information, and business data are leaked,which brings great inconvenience to people’s work and life and causes serious conse-quences In life, mobile phone applications illegally collect too much identity informa-tion; face recognition collects too large an area, resulting in a large amount of personalinformation leakage [1].
Enterprises themselves need to protect their confidential information Individualusers also exchange data through the Internet On the one hand, they obtain usefulinformation from the network; on the other hand, they also leave their basic personalinformation such as name, id number, address, and telephone number on the Internet.The database administrator has extensive access to all resources of the database andmanages user accounts and permission settings In fact, in real life, personal informationhas long been leaked, and new industries have been created Specialized in the protection
of information companies and engaged in data encryption and protection management,their emergence has promoted the advancement of encryption algorithm technology [1]
In this paper, the security of network communication is taken as the research ject, and the security of database is discussed in detail This paper makes an in-depthanalysis of database encryption technology and encryption algorithm A three-level keymanagement scheme is designed: the primary key is the hash value of the user pass-word, the secondary key is the user key or the public user key, and the tertiary key is theworking key The third-level secret key is encrypted through three layers, and only theadministrator has the authority to change it, which can greatly improve the security ofthe secret key Now, the two-dimensional array index can effectively improve the queryefficiency of the numerical data in the database In particular, for the query with fewerhit records, it has a good effect, but for the query with more hit records, it is still notideal; this scheme has some room for improvement [1]
Trang 11ob-SECTION 2 METHODOLOGY
2.1 Data Encryption Technology
2.1.1 Overview of the Database
Database security refers to protecting the database from data leakage, change, ordamage caused by illegal use A database management system can be classified accord-ing to the database model it supports, such as relational and XML model; the type ofcomputer it supports, such as server clusters and mobile phones; the query languageused, such as SQL and XQuery; the focus of performance impulse, such as the largestscale and the highest running speed; or other classification methods The three basicfactors of database security are confidentiality, availability, and data integrity [4] Con-fidentiality means that only authorized users are allowed to access the data and anyunauthorized users are prohibited from accessing it The availability of the databasemeans that authorized users can perform normal operations, the system runs stably, andcan meet the needs of users for normal work The confidentiality and availability ofdatabase are a pair of contradictions The database encrypts the data, which means thatusers cannot access the data at any time To ensure a high level of security protection, theimmediacy of information acquisition is inevitably threatened, which requires a balancebetween confidentiality and availability
2.1.2 Database Security Threats
According to the mode and nature of security attack, the factors threatening databasesecurity are classified into the following categories
(1) Unauthorized Access to the Database The password of the authorized user’saccount is leaked, and the unauthorized intruder obtains confidential information throughthe intercepted authorized account and tampers with the data The authorized user ob-tains the downloaded data through normal access but obtains other unauthorized in-formation, confidential information, and basic information of the database through thereasoning of accessing the data The database in the network environment is vulnerable
to the threat of Trojan virus, copying or tampering with the database, but the generaldatabase is protected by the firewall and the intrusion detection system, which can pre-vent the invasion of general viruses Trojan invasion way is through the disk mediuminfection database host computer and its internal network, security vulnerability, andinjection attack in database system The design of the code module in the system devel-opment process is improper, which is used by the attacker or the developer who is fa-miliar with the system, so that the attacker can bypass the access control of the databaseand invade the database (2) Human Factors In the field of network security, there is
Trang 12a principle that some security threats come from outside the network, and this is alsotrue in database systems, where threats from outside the system are much less than thosefrom inside the system In the current database architecture, the database administratornot only undertakes the work of maintaining the normal operation of the system but alsomanages user rights and user accounts Database administrators can assign, use, andview all information about the database, including sensitive information, data tables,protected data, and more There exists the possibility that the administrator divulges theinformation for personal reasons or economic interests, or the administrator illegally au-thorizes other users, causing unauthorized visitors to view the protected data, which willbring serious consequences to the enterprise This is a common problem in real databasesystem management, which is difficult to solve in a short time.
2.1.3 Commonly Used Data Algorithm Encryption Formula and Measures
The original idea of DES can refer to the German Enigma machine in World War II,and its basic idea is roughly the same The traditional cipher encryption is derived fromthe ancient cyclic shift idea, and the Enigma machine is diffused and obscured on thisbasis Data encryption methods vary Ciphertext encrypted with certain data encryptionmethods can remain uncracked for centuries, while data encrypted with certain dataencryption methods can be cracked in minutes or even seconds In the digital age, peoplerely on data encryption technology The use of online banking, website registration, e-mail, etc will involve data encryption, although you do not directly perform encryption
of W is the key length.
RSA encryption and decryption algorithms are the same If p is plaintext and c isciphertext, then
Trang 13Starting from the high position of the binary representation of the exponential E,
when pi =1, find the product modulus first, multiply C times the result of the previousstep, and then find the square modulus; When pi =0, square the result of the previousiteration directly Calculation ofCPmodN using 2k base algorithm can be simplified intothe following form:
CP mod N = C((((5·25)+3)·27)+3)·22 mod N (2.10)
Trang 14The so-called database security measures refer to the collection of various database curity policies These security policies include user identity and identification, accesscontrol, view, audit, and key store It is these policies that make up the security model
se-of the database, and the security measures in the computer are set in layers Below, wedescribe the classification (1) User Identification User identification is the outermostprotection measures in the security model This method requires the system to provide
a certain way for users to identify their identity After entering the system, the user mustuse various permissions according to the requirements, and also cooperate with the auditfunction to perform operations The function of user identity is to identify the uniqueidentity of the user in the database Identification refers to the system to check whetherthe user’s identity is legitimate This method of user identification is relatively easy, but
it is not secure, and the password is easy to be disclosed Therefore, with the opment of database applications, password authentication, digital authentication, smartcard authentication, and personal identity authentication are also introduced, which im-proves the security of the system within a limited scope (2) Access Control Role-basedaccess control is the association of users with permissions through roles Simply put,
devel-a user hdevel-as severdevel-al roles, devel-and edevel-ach role hdevel-as severdevel-al permissions In this wdevel-ay, devel-an devel-rization model of “user-role-authority” is constructed In this model, there is generally
autho-a mautho-any-to-mautho-any relautho-ationship between users autho-and roles, autho-and between roles autho-and sions (functions) Role-based access control is also one of access control technologies
permis-It connects the subject with the permission through the setting of roles Each role can
be granted permission Authorization is accomplished when the administrator grants theuser a specific role Each user can be assigned multiple roles After the user logs in suc-cessfully, the system will assign the user a unique session within the system The sessionrecords the user’s operation information and corresponds to the roles one by one Thisauthorization process is greatly simplified, with high manageability and operability
2.1.4 The Connection between Data Encryption and Database
With the popularization of database system application, the security of databasehas attracted more and more attention and become an important research direction inthe development of information technology Database security has become a problemthat must be solved at present, and database encryption technology is an effective andfeasible method
A good database encryption system should improve work efficiency as much aspossible on the basis of protecting data security and achieve a balance between workefficiency and security Generally speaking, the following requirements should be met:(1) Encryption and decryption speed shall be fast enough to reduce the responsetime of data operation
Trang 15(2)The encryption is strong enough to ensure that most of the data will not be ciphered for a long time However, encryption algorithm is not necessarily theoreticallyuncrackable, but in practical application, it should be able to ensure that the cost ofdecrypting ciphertext is greater than the significance of obtaining the data.
de-(3)The encryption and decryption operation are transparent to the legitimate users
of the database, which will not affect the reasonable operation of users In other words,
if a user in the plaintext database system can update, add, delete data, then the user canencrypt and decrypt the database at any time
(4)The storage capacity of the encrypted database shall not be increased to a largeextent
(5)The key management scheme is flexible, efficient, and convenient to store anduse As we all know, encryption algorithms themselves are not secret, so ensuring thesecurity of encrypted data usually depends on the security of the key
2.2 Network Communication Security
2.2.1 Encryption Granularity of Data Encryption Technology in Network
Commu-nication Security
According to the structure level of the database to be encrypted, the optional cryption granularity is divided into database encryption In-library encryption includesdata tables, records, fields, and data items Each encryption granularity has its ownstrengths and weaknesses, which are discussed below
en-(1) Database Level Database-level encryption is the use of each database as input
to the encryption system For the database level, the database management system andthe operating system use the physical block number of the database in the file system ex-change, so the encryption of the database, the encryption of the operating system files,and the encryption of the read database blocks are all indexed according to the databasesystem information table and user data table Database encryption is easy to implement,and key management is also very simple; a database only needs a key The most com-monly used database is the query operation The database needs to be decrypted for eachfrequent query, including the system information table and many irrelevant retrieval datatables The query efficiency is very low, which may easily lead to a waste of systemresources
(2) Table Table-level encryption is actually similar to database-level encryption.Data tables are encrypted as files The reading of table information usually adopts thereading of the physical address of the stored data table, which does not support this func-tion Table encryption has its own advantages over database encryption: it has increasedflexibility, you can choose to have the encryption requirements of the data table encryp-