The term "cryptography" comes from the ancient Greek words for "hidden" and "writing". The phrase expresses the main purpose of cryptography - it is the protection and preservation of the secrecy of the transmitted information. Information protection can occur in various ways. For example, by restricting physical access to data, hiding the transmission channel, creating physical difficulties in connecting to communication lines, etc.

Purpose of cryptography

Unlike traditional cryptographic methods, cryptography assumes the full availability of the transmission channel for intruders and ensures the confidentiality and authenticity of information using encryption algorithms that make information inaccessible to outside reading. A modern cryptographic information protection system (CIPF) is a software and hardware computer complex that provides information protection according to the following main parameters.

• Confidentiality- the impossibility of reading the information by persons who do not have the appropriate access rights. The main component of ensuring confidentiality in CIPF is the key (key), which is a unique alphanumeric combination for user access to a specific CIPF block.
• Integrity- the impossibility of unauthorized changes, such as editing and deleting information. To do this, redundancy is added to the original information in the form of a check combination calculated by a cryptographic algorithm and depending on the key. Thus, without knowing the key, adding or changing information becomes impossible.
• Authentication- confirmation of the authenticity of the information and the parties sending and receiving it. Information transmitted through communication channels must be uniquely authenticated by content, time of creation and transmission, source and recipient. It should be remembered that the source of threats can be not only an attacker, but also the parties involved in the exchange of information with insufficient mutual trust. To prevent such situations, CIPF uses a system of timestamps to make it impossible to resend or return information and change its order.

• Authorship- confirmation and impossibility of refusal of actions performed by the user of information. The most common way to authenticate is the EDS system consists of two algorithms: to create a signature and to verify it. When working intensively with the ECC, it is recommended to use software certification authorities to create and manage signatures. Such centers can be implemented as a means of cryptographic information protection, completely independent of the internal structure. What does this mean for the organization? This means that all transactions with are processed by independent certified organizations and forgery of authorship is almost impossible.

Encryption algorithms

Currently, among the CIPF, open encryption algorithms using symmetric and asymmetric keys with a length sufficient to provide the desired cryptographic complexity prevail. The most common algorithms:

• symmetric keys - Russian Р-28147.89, AES, DES, RC4;
• asymmetric keys - RSA;
• using hash functions - Р-34.11.94, MD4/5/6, SHA-1/2.

Many countries have their own national standards. In the USA, a modified AES algorithm with a key of 128-256 bits is used, and in the Russian Federation, the electronic signature algorithm R-34.10.2001 and the block cryptographic algorithm R-28147.89 with a 256-bit key. Some elements of national cryptographic systems are prohibited for export outside the country, activities for the development of CIPF require licensing.

Hardware crypto protection systems

Hardware CIPF are physical devices containing software for encrypting, recording and transmitting information. Encryption devices can be made in the form of personal devices, such as ruToken USB encoders and IronKey flash drives, expansion cards for personal computers, specialized network switches and routers, on the basis of which it is possible to build completely secure computer networks.

Hardware CIPF are quickly installed and operate at high speed. Disadvantages - high, in comparison with software and hardware-software CIPF, cost and limited upgrade options.

It is also possible to refer to hardware blocks of CIPF built into various devices for recording and transmitting data, where encryption and restriction of access to information is required. Such devices include car tachometers that record the parameters of vehicles, some types of medical equipment, etc. For full-fledged operation of such systems, a separate activation of the CIPF module by the supplier's specialists is required.

Systems of software cryptoprotection

Software CIPF is a special software package for encrypting data on storage media (hard and flash drives, memory cards, CD / DVD) and when transmitted over the Internet (emails, files in attachments, secure chats, etc.). There are quite a lot of programs, including free ones, for example, DiskCryptor. Software CIPF also includes secure virtual information exchange networks operating "over the Internet" (VPN), an extension of the HTTP Internet protocol with support for HTTPS encryption and SSL - a cryptographic information transfer protocol widely used in IP telephony systems and Internet applications.

Software cryptographic information protection tools are mainly used on the Internet, on home computers and in other areas where the requirements for the functionality and stability of the system are not very high. Or as in the case of the Internet, when you have to create many different secure connections at the same time.

Software and hardware cryptoprotection

Combines the best qualities of hardware and software CIPF systems. This is the most reliable and functional way to create secure systems and data transmission networks. All user identification options are supported, both hardware (USB-drive or smart card) and "traditional" ones - login and password. Software and hardware cryptographic information protection tools support all modern encryption algorithms, have a large set of functions for creating a secure workflow based on digital signature, all the required state certificates. CIPF installation is carried out by qualified personnel of the developer.

Company "CRYPTO-PRO"

One of the leaders of the Russian cryptographic market. The company develops a full range of information protection programs using digital signatures based on international and Russian cryptographic algorithms.

The company's programs are used in the electronic document management of commercial and government organizations, for the submission of accounting and tax reporting, in various city and budget programs, etc. The company has issued more than 3 million licenses for the CryptoPRO CSP program and 700 licenses for certification centers. "Crypto-PRO" provides developers with interfaces for embedding cryptographic protection elements into their own and provides a full range of consulting services for the creation of CIPF.

Cryptoprovider CryptoPro

When developing the cryptographic information protection system CryptoPro CSP, the cryptographic architecture of Cryptographic Service Providers built into the Windows operating system was used. The architecture allows you to connect additional independent modules that implement the required encryption algorithms. With the help of modules working through the CryptoAPI functions, cryptographic protection can be carried out by both software and hardware CIPF.

Key carriers

Various private keys can be used, such as:

• smart cards and readers;
• electronic locks and readers working with Touch Memory devices;
• various USB keys and removable USB drives;
• Windows, Solaris, Linux system registry files.

Functions of a crypto provider

CIPF CryptoPro CSP is fully certified by FAPSI and can be used for:

2. Complete confidentiality, authenticity and integrity of data using encryption and imitation protection in accordance with Russian standards for encryption and the TLS protocol.

3. Checking and monitoring the integrity of the program code to prevent unauthorized changes and access.

4. Creation of a system protection regulation.

CIPF (means of cryptographic information protection) is a program or device that encrypts documents and generates an electronic signature (ES). All operations are performed using an electronic signature key, which cannot be manually selected, since it is a complex set of characters. This ensures reliable information protection.

How SKZI works

1. The sender creates a document
2. With the help of CIPF and the private key, the ES adds the signature file, encrypts the document and combines everything into a file that is sent to the recipient
3. The file is sent to the recipient
4. The recipient decrypts the document using the CIPF and the private key of his electronic signature
5. The recipient checks the integrity of the ES, making sure that no changes have been made to the document

Types of CIPF for electronic signature

There are two types of cryptographic information protection tools: installed separately and built into the media.

CIPF installed separately is a program that is installed on any computer device. Such CIPF are used everywhere, but they have one drawback: a rigid binding to one workplace. You will be able to work with any number of electronic signatures, but only on the computer or laptop on which the CIPF is installed. To work on different computers, you will have to buy an additional license for each.

When working with electronic signatures, the cryptographic provider CryptoPro CSP is most often used as the installed CIPF. The program works in Windows, Unix and other operating systems, supports domestic security standards GOST R 34.11-2012 and GOST R 34.10-2012.

Other CIPFs are less commonly used:

1. Signal-COM CSP
2. LISSI-CSP
3. VipNet CSP

All listed cryptographic information protection tools are certified by the FSB and FSTEC and comply with the security standards adopted in Russia. For full-fledged work, they also require the purchase of a license.

CIPF built into the carrier, are encryption means “embedded” in the device, which are programmed to work independently. They are comfortable in their self-sufficiency. Everything you need to sign a contract or report is already on the carrier itself. No need to buy licenses and install additional software. All you need is a computer or laptop with Internet access. Encryption and decryption of data is done inside the media. Carriers with built-in CIPF include Rutoken EDS, Rutoken EDS 2.0 and JaCarta SE.

Definition 1

Cryptographic information protection is a protection mechanism through data encryption to ensure the information security of society.

Cryptographic methods of information protection are actively used in modern life for storing, processing and transmitting information over communication networks and on various media.

Essence and goals of cryptographic information protection

Today, the most reliable way to encrypt when transmitting information data over long distances is precisely the cryptographic protection of information.

Cryptography is a science that studies and describes information security models (hereinafter referred to as IS) of data. It allows you to solve many of the problems that are inherent in the information security of the network: confidentiality, authentication, control and integrity of interacting participants.

Definition 2

Encryption is the transformation of information data into a form that will not be readable by software systems and a person without an encryption-decryption key. Thanks to cryptographic methods of information security, information security tools are provided, therefore they are the main part of the IS concept.

Remark 1

The key goal of cryptographic protection of information is to ensure the confidentiality and protection of information data of computer networks in the process of its transmission over the network between users of the system.

Protection of confidential information, which is based on cryptographic protection, encrypts information data through reversible transformations, each of which is described by a key and an order that determines the order in which they are applied.

An important component of cryptographic protection of information is the key responsible for the choice of transformation and the order of its implementation.

Definition 3

The key is a certain sequence of characters that sets up the encryption and decryption algorithm of the information cryptographic protection system. Each transformation is determined by a key that specifies a cryptographic algorithm that ensures the security of the information system and information in general.

Each algorithm for cryptographic protection of information operates in different modes, which have both a number of advantages and a number of disadvantages, which affect the reliability of the information security of the state and the means of information security.

Means and methods of cryptographic information protection

The main means of cryptographic protection of information include software, hardware and software and hardware that implement cryptographic algorithms of information in order to:

• protection of information data during their processing, use and transfer;
• ensuring the integrity and reliability of providing information during its storage, processing and transmission (including with the use of digital signature algorithms);
• generating information that is used to authenticate and identify subjects, users, and devices;
• generating information that is used to protect authenticating elements during their storage, generation, processing and transmission.

Currently, cryptographic methods of information protection to ensure reliable authentication of the parties to the information exchange are basic. They provide encryption and coding of information.

There are two main methods of cryptographic information protection:

• symmetrical, in which the same key, which is kept secret, is used for both encryption and decryption of data;
• asymmetric.

In addition, there are very effective methods of symmetric encryption - fast and reliable. For such methods in the Russian Federation, the state standard “Information processing systems. Cryptographic protection of information. Cryptographic transformation algorithm” - GOST 28147-89.

In asymmetric methods of cryptographic information protection, two keys are used:

1. Unclassified, which can be published along with other information about the user that is public. This key is used for encryption.
2. The secret, which is known only to the recipient, is used for decryption.

Of the asymmetric, the most well-known method of cryptographic information protection is the RSA method, which is based on operations with large (100-digit) prime numbers, as well as their products.

Thanks to the use of cryptographic methods, it is possible to reliably control the integrity of individual portions of information data and their sets, guarantee the impossibility of refusing the actions taken, and also determine the authenticity of data sources.

The basis of cryptographic integrity control is made up of two concepts:

1. Electronic signature.
2. hash function.

Definition 4

A hash function is a one-way function or hard-to-reverse data transformation implemented by means of symmetric encryption by linking blocks. The encryption result of the last block, which depends on all the previous ones, and serves as the result of the hash function.

In commercial activities, cryptographic protection of information is becoming increasingly important. In order to convert information, a variety of encryption tools are used: documentation encryption tools (including portable versions), telephone and radio conversations encryption tools, as well as data transmission and telegraph messages encryption tools.

In order to protect commercial secrets in the domestic and international markets, sets of professional encryption equipment and technical devices for cryptographic protection of telephone and radio communications, as well as business correspondence are used.

In addition, maskers and scramblers, which replace the speech signal with digital data transmission, have also become widespread. Cryptographic means of protecting faxes, telexes and teletypes are produced. For the same purposes, encoders are also used, which are made in the form of attachments to devices, in the form of separate devices, as well as in the form of devices that are built into the design of fax modems, telephones and other communication devices. An electronic digital signature is widely used to ensure the authenticity of transmitted electronic messages.

Cryptographic protection of information in the Russian Federation solves the issue of integrity by adding a certain checksum or check pattern in order to calculate the integrity of the data. The information security model is cryptographic, that is, it depends on the key. According to information security estimates, which are based on cryptography, the dependence of the probability of reading data on the secret key is the most reliable tool and is even used in state information security systems.

Cryptographic information protection - protection of information by means of its cryptographic transformation.

Cryptographic methods are currently basic to ensure reliable authentication of the parties to the information exchange, protection.

To means of cryptographic information protection(CIPF) include hardware, firmware and software that implement cryptographic algorithms for converting information in order to:

Protection of information during its processing, storage and transmission;

Ensuring the reliability and integrity of information (including using digital signature algorithms) during its processing, storage and transmission;

Development of information used to identify and authenticate subjects, users and devices;

Development of information used to protect the authenticating elements of a secure AS during their generation, storage, processing and transmission.

Cryptographic methods include encryption and coding of information. There are two main encryption methods: symmetric and asymmetric. In the first of these, the same key (which is kept secret) is used to both encrypt and decrypt the data.

Very efficient (fast and reliable) methods of symmetric encryption have been developed. There is also a national standard for such methods - GOST 28147-89 “Information processing systems. Cryptographic protection. Cryptographic Transformation Algorithm”.

Asymmetric methods use two keys. One of them, non-secret (it can be published together with other public information about the user), is used for encryption, the other (secret, known only to the recipient) is used for decryption. The most popular of the asymmetric ones is the RSA method, which is based on operations with large (100-digit) prime numbers and their products.

Cryptographic methods allow you to reliably control the integrity of both individual portions of data and their sets (such as a message stream); determine the authenticity of the data source; guarantee the impossibility of refusing the actions taken ("non-repudiation").

Cryptographic integrity control is based on two concepts:

Electronic signature (ES).

A hash function is a hard-to-reversible data transformation (one-way function), which is usually implemented by means of symmetric encryption with block linking. The result of encryption of the last block (depending on all previous ones) is the result of the hash function.

Cryptography as a means of protecting (closing) information is becoming increasingly important in commercial activities.

Various encryption tools are used to convert information: document encryption tools, including portable ones, speech encryption tools (telephone and radio conversations), telegraph messages and data transmission encryption tools.

To protect trade secrets on the international and domestic markets, various technical devices and sets of professional equipment for encryption and cryptoprotection of telephone and radio communications, business correspondence, etc. are offered.

Scramblers and maskers are widely used, replacing the speech signal with digital data transmission. Means of protection for teletypes, telexes and faxes are produced. For these purposes, encoders are used, performed in the form of separate devices, in the form of attachments to devices or built into the design of telephones, fax modems and other communication devices (radio stations and others). Electronic digital signature is widely used to ensure the reliability of transmitted electronic messages.

Information confidentiality is characterized by such seemingly opposite indicators as accessibility and secrecy. Techniques for making information available to users are discussed in Section 9.4.1. In this section, we will consider ways to ensure the secrecy of information. This property of information is characterized by the degree of information masking and reflects its ability to resist the disclosure of the meaning of information arrays, determining the structure of the stored information array or the carrier (carrier signal) of the transmitted information array and establishing the fact of transmission of the information array through communication channels. The criteria for optimality in this case, as a rule, are:

minimization of the probability of overcoming ("hacking") protection;

maximization of the expected safe time before the “breaking” of the protection subsystem;

minimization of total losses from "hacking" of protection and costs for the development and operation of the corresponding elements of the information control and protection subsystem, etc.

In general, confidentiality of information between subscribers can be ensured in one of three ways:

create an absolutely reliable communication channel between subscribers, inaccessible to others;

use a public communication channel, but hide the very fact of information transfer;

use a public communication channel, but transmit information through it in a transformed form, and it must be converted so that only the addressee can restore it.

The first option is practically unrealizable due to the high material costs of creating such a channel between remote subscribers.

One of the ways to ensure the confidentiality of the transfer of information is steganography. Currently, it represents one of the promising areas for ensuring the confidentiality of information stored or transmitted in computer systems by masking confidential information in open files, primarily multimedia ones.

The development of methods for converting (encrypting) information in order to protect it from illegal users is engaged in cryptography.

Cryptography (sometimes the term cryptology is used) is a field of knowledge that studies secret writing (cryptography) and methods for its disclosure (cryptanalysis). Cryptography is considered a branch of mathematics.

Until recently, all research in this area was only closed, but in the last few years, more and more publications in the open press began to appear. Part of the softening of secrecy is due to the fact that it has become impossible to hide the accumulated amount of information. On the other hand, cryptography is increasingly used in civilian industries, which requires disclosure of information.

9.6.1. Principles of cryptography. The goal of a cryptographic system is to encrypt a meaningful plaintext (also called plaintext), resulting in a ciphertext that looks completely meaningless (ciphertext, cryptogram). The intended recipient must be able to decrypt (also called "decrypt") this ciphertext, thus restoring its corresponding plaintext. In this case, the adversary (also called a cryptanalyst) must be unable to reveal the source text. There is an important difference between decrypting (decrypting) and decrypting a ciphertext.

Cryptographic methods and ways of converting information are called ciphers. The disclosure of a cryptosystem (cipher) is the result of the work of a cryptanalyst, leading to the possibility of effective disclosure of any plaintext encrypted with this cryptosystem. The degree of inability of a cryptosystem to break is called its strength.

The question of the reliability of information security systems is very complex. The fact is that there are no reliable tests to make sure that the information is protected sufficiently reliably. Firstly, cryptography has the peculiarity that it is often necessary to spend several orders of magnitude more money to “open” a cipher than to create it. Therefore, test testing of the cryptoprotection system is not always possible. Secondly, repeated unsuccessful attempts to overcome the protection does not mean at all that the next attempt will not be successful. The case is not excluded when professionals struggled for a long time, but unsuccessfully, over the cipher, and a certain beginner applied a non-standard approach - and the cipher was given to him easily.

As a result of such poor provability of the reliability of information security tools, there are a lot of products on the market, the reliability of which cannot be reliably judged. Naturally, their developers praise their work in every way, but they cannot prove its quality, and often this is impossible in principle. As a rule, the unprovability of reliability is also accompanied by the fact that the encryption algorithm is kept secret.

At first glance, the secrecy of the algorithm serves as an additional security of the cipher. This is an argument aimed at amateurs. In fact, if the algorithm is known to the developers, it can no longer be considered secret, unless the user and the developer are the same person. In addition, if an algorithm is found to be unstable due to the incompetence or mistakes of the developer, its secrecy will not allow it to be verified by independent experts. The instability of the algorithm will be revealed only when it has already been hacked, or even not detected at all, because the enemy is in no hurry to brag about his successes.

Therefore, a cryptographer should be guided by the rule first formulated by the Dutchman O. Kerkgoffs: the security of a cipher should be determined only by the secrecy of the key. In other words, the rule of O. Kerckhoffs is that the entire encryption mechanism, except for the value of the secret key, is a priori considered to be known to the adversary.

Another thing is that a method of protecting information is possible (strictly speaking, not related to cryptography), when not the encryption algorithm is hidden, but the very fact that the message contains encrypted (hidden in it) information. This technique is more correctly called information masking. It will be considered separately.

The history of cryptography goes back several thousand years. The need to hide what was written appeared in a person almost immediately, as soon as he learned to write. A well-known historical example of a cryptosystem is the so-called Caesar cipher, which is a simple replacement of each letter of the plaintext by the third letter of the alphabet following it (with wrapping when necessary). For example, A was replaced by D,B on the E,Z on the C.

Despite the significant advances in mathematics over the centuries that have passed since the time of Caesar, cryptography did not take significant steps forward until the middle of the 20th century. It had an amateurish, speculative, unscientific approach.

For example, in the 20th century, "book" ciphers were widely used by professionals, in which any mass printed publication was used as a key. Needless to say, how easily such ciphers were revealed! Of course, from a theoretical point of view, the “book” cipher looks quite reliable, since it is impossible to sort through its set manually. However, the slightest a priori information sharply narrows this choice.

By the way, about a priori information. During the Great Patriotic War, as is known, the Soviet Union paid considerable attention to the organization of the partisan movement. Almost every detachment behind enemy lines had a radio station, as well as one or another communication with the "mainland". The ciphers that the partisans had were extremely unstable - German decoders deciphered them quickly enough. And this, as you know, resulted in combat defeats and losses. The partisans turned out to be cunning and inventive in this area too. The reception was extremely simple. In the original text of the message, a large number of grammatical errors were made, for example, they wrote: “we passed three trains with tanks.” With the correct decoding for a Russian person, everything was clear. But the cryptanalysts of the enemy were powerless before such a technique: going through the possible options, they met the combination “tnk” that was impossible for the Russian language and discarded this option as obviously incorrect.

This seemingly homegrown technique is actually very effective and is often used even now. Random sequences of characters are substituted into the source text of the message in order to confuse brute-force cryptanalytic programs or change the statistical patterns of the ciphergram, which can also provide useful information to the adversary. But in general, one can still say that pre-war cryptography was extremely weak and could not claim the title of a serious science.

However, severe military necessity soon forced scientists to come to grips with the problems of cryptography and cryptanalysis. One of the first significant achievements in this area was the German Enigma typewriter, which was in fact a mechanical encoder and decoder with a fairly high resistance.

Then, during the Second World War, the first professional decryption services appeared. The most famous of these is Bletchley Park, a division of the British intelligence service MI5.

9.6.2. Types of ciphers. All encryption methods can be divided into two groups: secret key ciphers and public key ciphers. The former are characterized by the presence of some information (secret key), the possession of which makes it possible to both encrypt and decrypt messages. Therefore, they are also called single-key. Public key ciphers imply the presence of two keys - to decrypt messages. These ciphers are also called two-key ciphers.

The encryption rule cannot be arbitrary. It must be such that the ciphertext using the decryption rule can uniquely restore the open message. Encryption rules of the same type can be grouped into classes. Inside the class, the rules differ from each other by the values ​​of some parameter, which can be a number, a table, etc. In cryptography, the specific value of such a parameter is usually referred to as key.

Essentially, the key selects a particular encryption rule from a given class of rules. This allows, firstly, when using special devices for encryption, to change the value of the device parameters so that the encrypted message cannot be decrypted even by persons who have exactly the same device, but do not know the selected parameter value, and secondly, it allows you to change the encryption rule in a timely manner , since the repeated use of the same encryption rule for plain texts creates the prerequisites for receiving open messages using encrypted ones.

Using the concept of a key, the encryption process can be described as a relation:

where A– open message; B– encrypted message; f– encryption rule; α – the chosen key, known to the sender and the addressee.

For every key α cipher conversion must be reversible, that is, there must be an inverse transformation , which, with the chosen key α uniquely identifies an open message A by encrypted message B:

(9.0)

Set of transformations and the set of keys they correspond to is called cipher. Among all ciphers, two large classes can be distinguished: substitution ciphers and permutation ciphers. Currently, electronic encryption devices are widely used to protect information in automated systems. An important characteristic of such devices is not only the strength of the implemented cipher, but also the high speed of the encryption and decryption process.

Sometimes the two concepts are confused: encryption and coding. Unlike encryption, for which you need to know the cipher and secret key, there is nothing secret in encoding, there is only a certain replacement of letters or words with predetermined characters. Coding methods are not aimed at hiding the open message, but at presenting it in a more convenient form for transmission over technical means of communication, to reduce the length of the message, to protect distortions, etc.

Secret key ciphers. This type of cipher implies the presence of some information (the key), the possession of which allows both encrypting and decrypting the message.

On the one hand, such a scheme has the disadvantages that, in addition to the open channel for transmitting the ciphertext, it is also necessary to have a secret channel for transmitting the key; in addition, if information about the key is leaked, it is impossible to prove from which of the two correspondents the leak occurred.

On the other hand, among the ciphers of this particular group, there is the only encryption scheme in the world that has absolute theoretical stability. All others can be deciphered at least in principle. Such a scheme is a normal encryption (for example, XOR operation) with a key whose length is equal to the length of the message. The key must only be used once. Any attempt to decipher such a message is useless, even if there is a priori information about the text of the message. By selecting the key, you can get any message as a result.

Public key ciphers. This type of cipher implies the presence of two keys - public and private; one is used to encrypt and the other to decrypt messages. The public key is published - brought to the attention of everyone, while the secret key is kept by its owner and is the key to the secrecy of messages. The essence of the method is that what is encrypted with the secret key can only be decrypted with the public key and vice versa. These keys are generated in pairs and have a one-to-one correspondence to each other. Moreover, it is impossible to calculate another from one key.

A characteristic feature of ciphers of this type, which distinguishes them favorably from ciphers with a secret key, is that the secret key here is known only to one person, while in the first scheme it must be known to at least two. This provides the following benefits:

no secure channel is required to send the secret key;

all communication is carried out over an open channel;

the presence of a single copy of the key reduces the possibility of its loss and allows you to establish a clear personal responsibility for keeping the secret;

the presence of two keys allows you to use this encryption system in two modes - secret communication and digital signature.

The simplest example of the encryption algorithms under consideration is the RSA algorithm. All other algorithms of this class differ from it unprincipally. We can say that, by and large, RSA is the only public key algorithm.

9.6.3. Algorithm R.S.A. RSA (named after the authors Rivest, Shamir and Alderman) is a public key algorithm designed for both encryption and authentication (digital signature). This algorithm was developed in 1977 and is based on the decomposition of large integers into prime factors (factorization).

RSA is a very slow algorithm. By comparison, at the software level, DES is at least 100 times faster than RSA; on the hardware - 1,000-10,000 times, depending on the implementation.

The RSA algorithm is as follows. Take two very large prime numbers p and q. Determined n as a result of multiplication p on the q(n=p q). Pick a large random integer d, coprime with m, where
. This number is defined e, what
. Let's call it the public key. e and n, and the secret key is the numbers d and n.

Now, to encrypt data with a known key ( e,n), do the following:

break the ciphertext into blocks, each of which can be represented as a number M(i)=0,1,…,n-1;

encrypt text treated as a sequence of numbers M(i) according to the formula C(i)=(M(i)) mod n;

to decrypt this data using the secret key ( d,n), it is necessary to perform the following calculations M(i)=(C(i))mod n.

The result will be a set of numbers M(i) that represent the original text.

Example. Consider the use of the RSA method to encrypt the message: "computer". For simplicity, we will use very small numbers (in practice, much larger numbers are used - from 200 and above).

Let's choose p=3 and q=11. Let's define n=3×11=33.

Let's find ( p-1)×( q-1)=20. Therefore, as d choose any number that is relatively prime to 20, for example d=3.

Choose a number e. As such a number, any number can be taken for which the relation ( e×3) mod 20=1, e.g. 7.

Let's represent the encrypted message as a sequence of integers in the range 1…32. Let the letter "E" be represented by the number 30, the letter "B" by the number 3, and the letter "M" by the number 13. Then the original message can be represented as a sequence of numbers (30 03 13).

Let's encrypt the message using the key (7,33).

С1=(307) mod 33=21870000000 mod 33=24,

C2=(37) mod 33=2187 mod 33=9,

C3=(137) mod 33=62748517 mod 33=7.

Thus, the encrypted message looks like (24 09 07).

Let's solve the reverse problem. Let's decrypt the message (24 09 07), obtained as a result of encryption with a known key, based on the secret key (3.33):

М1=(24 3) mod 33=13824 mod 33=30,

М2=(9 3) mod 33=739 mod 33=9,

М3=(7 3)mod33=343mod33=13 .

Thus, as a result of decrypting the message, the original message "computer" was obtained.

The cryptographic strength of the RSA algorithm is based on the assumption that it is extremely difficult to determine the secret key from a known one, since for this it is necessary to solve the problem of the existence of integer divisors. This problem is NP-complete and, as a consequence of this fact, does not currently admit an efficient (polynomial) solution. Moreover, the very question of the existence of efficient algorithms for solving NP-complete problems is still open. In this regard, for numbers consisting of 200 digits (namely, such numbers are recommended to be used), traditional methods require a huge number of operations (about 1023).

The RSA algorithm (Fig. 9.2) is patented in the USA. Its use by other persons is not allowed (when the key length is over 56 bits). True, the validity of such an establishment can be called into question: how can ordinary exponentiation be patented? However, RSA is protected by copyright laws.

Rice. 9.2. Encryption scheme

A message encrypted using the public key of a subscriber can only be decrypted by him, since only he has the secret key. Thus, to send a private message, you must take the recipient's public key and encrypt the message with it. After that, even you yourself will not be able to decrypt it.

9.6.4. Electronic signature. When we do the opposite, that is, we encrypt the message using the secret key, then anyone can decrypt it (taking your public key). But the very fact that the message was encrypted with your secret key confirms that it came from you, the only owner of the secret key in the world. This mode of using the algorithm is called digital signature.

From the point of view of technology, an electronic digital signature is a software-cryptographic (that is, appropriately encrypted) tool that allows you to confirm that the signature on a particular electronic document was put by its author, and not by any other person. An electronic digital signature is a set of characters generated according to the algorithm defined by GOST R 34.0-94 and GOST R 34.-94. At the same time, an electronic digital signature allows you to make sure that the information signed by the electronic digital signature method was not changed during the transfer process and was signed by the sender exactly in the form in which you received it.

The process of electronically signing a document (Fig. 9.3) is quite simple: the array of information to be signed is processed by special software using the so-called private key. Next, the encrypted array is sent by e-mail and, upon receipt, is verified by the corresponding public key. The public key allows you to check the integrity of the array and verify the authenticity of the electronic digital signature of the sender. It is believed that this technology has 100% protection against hacking.

Rice. 9.3. Scheme of the process of electronic signing of a document

A secret key (code) is available to each entity that has the right to sign, and can be stored on a floppy disk or smart card. The public key is used by the recipients of the document to verify the authenticity of the electronic digital signature. Using an electronic digital signature, you can sign individual files or fragments of databases.

In the latter case, software that implements an electronic digital signature must be embedded in applied automated systems.

According to the new law, the procedure for certification of electronic digital signature means and certification of the signature itself is clearly regulated.

This means that the appropriately authorized state body must confirm that one or another software for generating an electronic digital signature really generates (or verifies) only an electronic digital signature and nothing else; that the corresponding programs do not contain viruses, do not download information from counterparties, do not contain "bugs" and guarantee against hacking. Certification of the signature itself means that the corresponding organization - the certification center - confirms that this key belongs to this particular person.

You can sign documents without the specified certificate, but in the event of a lawsuit, it will be difficult to prove anything. In this case, the certificate is indispensable, since the signature itself does not contain data about its owner.

For example, a citizen BUT and citizen AT concluded an agreement for the amount of 10,000 rubles and certified the agreement with their EDS. Citizen BUT did not fulfill his obligation. offended citizen AT, accustomed to acting within the legal framework, goes to court, where the authenticity of the signature is confirmed (the correspondence of the public key to the private one). However, citizen BUT declares that the private key is not his at all. If such a precedent occurs with a regular signature, a handwriting examination is carried out, but in the case of an EDS, a third party or a document is needed to confirm that the signature really belongs to this person. This is what a public key certificate is for.

Today, one of the most popular software tools that implement the main functions of an electronic digital signature are the Verba and CryptoPRO CSP systems.

9.6.5. HASH function. As shown above, a public key cipher can be used in two modes: encryption and digital signature. In the second case, it does not make sense to encrypt the entire text (data) using a secret key. The text is left open, and a certain “checksum” of this text is encrypted, as a result of which a data block is formed, which is a digital signature that is added to the end of the text or attached to it in a separate file.

The mentioned "checksum" of the data, which is "signed" instead of the entire text, must be calculated from the entire text so that a change in any letter is reflected on it. Secondly, the specified function must be one-sided, that is, computable only "in one direction." This is necessary so that the adversary cannot purposefully change the text, fitting it to the existing digital signature.

Such a function is called hash function, which, like cryptalgorithms, is subject to standardization and certification. In our country, it is regulated by GOST R-3411. hash function– a function that hashes an array of data by mapping values ​​from a (very) large set of values ​​to a (substantially) smaller set of values. In addition to the digital signature, hash functions are used in other applications. For example, when exchanging messages between remote computers, when user authentication is required, a method based on a hash function can be used.

Let Hash code created by function H:

,

where M is a message of arbitrary length and h is a fixed length hash code.

Consider the requirements that a hash function must meet in order for it to be used as a message authenticator. Consider a very simple hash function example. Then we will analyze several approaches to building a hash function.

hash function H, which is used to authenticate messages, must have the following properties:

H(M) must be applied to a data block of any length;

H(M) create a fixed length output;

H(M) is relatively easy (in polynomial time) to compute for any value M;

for any given hash code value h impossible to find M such that H(M) =h;

for any given X computationally impossible to find y≠x, what H(y) =H(x);

it is computationally impossible to find an arbitrary pair ( X,y) such that H(y) =H(x).

The first three properties require the hash function to generate a hash code for any message.

The fourth property defines the requirement of a one-way hash function: it is easy to create a hash code from a given message, but it is impossible to recover a message from a given hash code. This property is important if hash authentication includes a secret value. The secret value itself may not be sent, however, if the hash function is not one-way, the adversary can easily reveal the secret value as follows.

The fifth property ensures that it is not possible to find another message whose hash value matches the hash value of the given message. This prevents the authenticator from being spoofed when an encrypted hash is used. In this case, the adversary can read the message and therefore generate its hash code. But since the adversary does not own the secret key, he cannot change the message without the recipient discovering it. If this property is not met, the attacker has the opportunity to perform the following sequence of actions: intercept the message and its encrypted hash code, calculate the hash code of the message, create an alternative message with the same hash code, replace the original message with a fake one. Since the hash codes of these messages match, the recipient will not detect the spoof.

A hash function that satisfies the first five properties is called simple or weak hash function. If, in addition, the sixth property is satisfied, then such a function is called strong hash function. The sixth property protects against a class of attacks known as birthday attacks.

All hash functions are performed as follows. An input value (message, file, etc.) is treated as a sequence n-bit blocks. The input value is processed sequentially block by block, and a m- bit value of the hash code.

One of the simplest examples of a hash function is the bitwise XOR of each block:

FROM i = b i 1XOR b i2 XOR. . . XOR b ik ,

where FROM i – i-th bit of the hash code, i = 1, …, n;

k- number n-bit input blocks;

b ij –i th bit in j-th block.

The result is a hash code of length n, known as longitudinal overcontrol. This is effective on occasional failures to check data integrity.

9.6.6. DES and GOST-28147. DES (Data Encryption Standard) is a symmetric key algorithm, i.e. one key is used for both encryption and decryption of messages. Developed by IBM and approved by the US government in 1977 as an official standard for protecting information that is not a state secret.

DES has blocks of 64 bits, is based on a 16-fold permutation of data, uses a 56-bit key for encryption. There are several modes of DES, such as Electronic Code Book (ECB) and Cipher Block Chaining (CBC). 56 bits is 8 seven-bit ASCII characters, i.e. password cannot be more than 8 letters. If, in addition, only letters and numbers are used, then the number of possible options will be significantly less than the maximum possible 256.

One of the steps of the DES algorithm. The input data block is bisected by the left ( L") and right ( R") parts. After that, the output array is formed so that its left side L"" represented by the right side R" input, and right R"" formed as a sum L" and R" XOR operations. Next, the output array is encrypted by permutation with replacement. It can be verified that all operations performed can be reversed and decryption is carried out in a number of operations linearly dependent on the block size. Schematically, the algorithm is shown in fig. 9.4.

Rice. 9.4. Diagram of the DES algorithm

After several such transformations, it can be considered that each bit of the output cipher block can depend on each bit of the message.

In Russia, there is an analogue of the DES algorithm, which works on the same principle of a secret key. GOST 28147 was developed 12 years later than DES and has a higher degree of protection. Their comparative characteristics are presented in table. 9.3.

Table 9.3

9.6.7. Steganography. Steganography- this is a method of organizing communication, which actually hides the very existence of a connection. Unlike cryptography, where an adversary can accurately determine whether a transmitted message is ciphertext, steganography techniques allow secret messages to be embedded in innocuous messages so that the existence of an embedded secret message cannot be suspected.

The word "steganography" in Greek literally means "secret writing" (steganos - secret, secret; graphy - record). It includes a huge variety of secret means of communication, such as invisible ink, microphotographs, conditional arrangement of signs, secret channels and means of communication on floating frequencies, etc.

Steganography occupies its niche in security: it does not replace, but complements cryptography. Hiding a message by steganography methods significantly reduces the likelihood of detecting the very fact of a message being transmitted. And if this message is also encrypted, then it has one more, additional, level of protection.

At present, in connection with the rapid development of computer technology and new channels of information transmission, new steganographic methods have appeared, which are based on the features of presenting information in computer files, computer networks, etc. This gives us the opportunity to talk about the formation of a new direction - computer steganography .

Despite the fact that steganography as a way to hide secret data has been known for thousands of years, computer steganography is a young and developing field.

Steganographic system or stegosystem- a set of means and methods that are used to form a covert channel for transmitting information.

When building a stegosystem, the following provisions should be taken into account:

The adversary has a complete understanding of the steganographic system and the details of its implementation. The only information that remains unknown to a potential adversary is the key, with the help of which only its holder can establish the presence and content of the hidden message.

If the adversary somehow becomes aware of the existence of the hidden message, this should prevent him from extracting similar messages in other data as long as the key is kept secret.

A potential adversary must be deprived of any technical or other advantages in recognizing or revealing the content of secret messages.

The generalized model of the stegosystem is shown in fig. 9.5.

Rice. 9.5. Generalized Stegosystem Model

As data any information can be used: text, message, image, etc.

In the general case, it is advisable to use the word “message”, since a message can be either text or an image, or, for example, audio data. In what follows, we will use the term message to designate hidden information.

Container– any information intended to conceal secret messages.

Stegokey or just a key - a secret key needed to hide information. Depending on the number of protection levels (for example, embedding a pre-encrypted message), a stegosystem can have one or more stegokeys.

By analogy with cryptography, according to the type of stegokey, stegosystems can be divided into two types:

with a secret key;

with public key.

A stegosystem with a secret key uses one key, which must be determined either before the exchange of secret messages, or transmitted over a secure channel.

In a public-key stegosystem, different keys are used for embedding and retrieving a message, which differ in such a way that it is impossible to infer one key from the other using calculations. Therefore, one key (public) can be freely transmitted over an insecure communication channel. In addition, this scheme works well with mutual distrust of the sender and recipient.

At present, one can distinguish three closely related and having the same roots directions of application of steganography: hiding data(messages), digital watermarks and headlines.

Hiding embedded data, which in most cases are large, imposes serious requirements on the container: the size of the container must be several times larger than the size of the embedded data.

Digital watermarks are used to protect copyright or proprietary rights in digital images, photographs, or other digitized works of art. The main requirements for such embedded data are reliability and resistance to distortion. Digital watermarks are small in size, however, given the above requirements, more sophisticated methods are used to embed them than to embed simple messages or headers.

Titles are used mainly for marking images in large electronic storages (libraries) of digital images, audio and video files. In this case, steganographic methods are used not only to embed an identifying header, but also other individual features of the file. Embedded headers have a small volume, and the requirements for them are minimal: headers must introduce minor distortions and be resistant to basic geometric transformations.

Computer cryptography is based on several principles:

The message can be sent using noise coding. It will be difficult to determine against the background of hardware noise in the telephone line or network cables.

The message can be placed in the voids of files or disk without losing their functionality. Executable files have a multi-segment structure of executable code; you can insert a bunch of bytes between segment voids. This is how the WinCIH virus hides its body. A file always occupies an integer number of clusters on disk, so the physical and logical lengths of a file rarely match. You can also write something in this interval. You can format an intermediate track on a disc and place a message on it. There is an easier way, which consists in the fact that a certain number of spaces can be added to the end of an HTML line or a text file, carrying an informational load.

The human senses are unable to distinguish small changes in color, image or sound. This applies to data carrying redundant information. For example, 16-bit audio or 24-bit image. Changing the values ​​of the bits responsible for the color of a pixel will not lead to a noticeable change in color. This also includes the method of hidden typefaces. Subtle distortions are made in the outlines of the letters, which will carry a semantic load. You can insert similar characters into a Microsoft Word document that contain a hidden message.

The most common and one of the best software products for steganography is S-Tools (freeware status). It allows you to hide any files in GIF, BMP and WAV files. Performs controlled compression (archiving) of data. In addition, it performs encryption using MCD, DES, triple-DES, IDEA algorithms (optional). The graphic file remains without visible changes, only shades change. The sound also remains unchanged. Even if suspicions arise, it is impossible to establish the fact of using S-Tools without knowing the password.

9.6.8. Certification and standardization of cryptosystems. All states pay close attention to the issues of cryptography. There are constant attempts to impose some kind of framework, prohibitions and other restrictions on the production, use and export of cryptographic tools. For example, in Russia, the import and export of information security tools, in particular, cryptographic means, is licensed in accordance with the Decree of the President of the Russian Federation of April 3, 1995 No. 334 and the Decree of the Government of the Russian Federation of April 15, 1994 No. 331.

As already mentioned, a cryptosystem cannot be considered reliable if the algorithm of its operation is not fully known. Only knowing the algorithm, you can check whether the protection is stable. However, only a specialist can check this, and even then such a check is often so complicated that it is not economically feasible. How can an ordinary user who does not know mathematics be convinced of the reliability of the cryptosystem that he is offered to use?

For a non-specialist, the opinion of competent independent experts can serve as proof of reliability. This is where the certification system came from. All information security systems are subject to it so that enterprises and institutions can officially use them. The use of non-certified systems is not prohibited, but in this case you assume the entire risk that it will not be reliable enough or will have "backdoors". But in order to sell information security tools, certification is necessary. Such provisions are valid in Russia and in most countries.

Our only body authorized to carry out certification is the Federal Agency for Government Communications and Information under the President of the Russian Federation (FAPSI). This body approaches certification issues very carefully. Very few third-party developments were able to obtain the FAPSI certificate.

In addition, FAPSI licenses the activities of enterprises related to the development, production, sale and operation of encryption tools, as well as secure technical means of storing, processing and transmitting information, providing services in the field of information encryption (Decree of the President of the Russian Federation dated 03.04.95 No. 334 "On measures to comply with the law in the field of development, production, sale and operation of encryption tools, as well as the provision of services in the field of information encryption”; and the Law of the Russian Federation “On federal bodies of government communications and information”).

For certification, a prerequisite is compliance with standards in the development of information security systems. Standards perform a similar function. They allow, without conducting complex, expensive, and even not always possible studies, to get confidence that a given algorithm provides protection of a sufficient degree of reliability.

9.6.9. Encrypted archives. Many application programs include an encryption feature. Let us give examples of some software tools that have encryption capabilities.

Archiving programs (for example, WinZip) have the option of encrypting archived information. It can be used for not too important information. Firstly, the encryption methods used there are not very reliable (subject to official export restrictions), and secondly, they are not described in detail. All this does not allow you to seriously count on such protection. Password archives can only be used for "regular" users or non-critical information.

On some sites on the Internet you can find programs for opening encrypted archives. For example, a ZIP archive can be opened on a good computer in a few minutes, and no special skills are required from the user.

Note. Password crackers: Ultra Zip Password Cracker 1.00 - A fast password cracker for encrypted archives. Russian/English interface. Win "95/98 / NT. (Developer - "m53group"). Advanced ZIP Password Recovery 2.2 - A powerful program for guessing passwords for ZIP archives. High speed, graphical interface, additional functions. OS: Windows95 / 98 / NT. Firm-developer - "ElcomLtd.",shareware.

Encryption in MS Word and MS Excel. Microsoft has included some sort of crypto protection in its products. But this protection is very unstable. In addition, the encryption algorithm is not described, which is an indicator of unreliability. In addition, there is evidence that Microsoft leaves a “back door” in the crypto algorithms used. If you need to decrypt a file whose password is lost, you can contact the company. Upon an official request, with good reason, they decrypt MS Word and MS Excel files. So, by the way, do some other software vendors.

Encrypted disks (catalogs). Encryption is a fairly reliable method of protecting information on a hard drive. However, if the amount of information to be closed is not limited to two or three files, then it is quite difficult to work with it: each time you will need to decrypt the files, and after editing, encrypt them back. At the same time, safety copies of files that many editors create may remain on the disk. Therefore, it is convenient to use special programs (drivers) that automatically encrypt and decrypt all information when it is written to disk and read from disk.

In conclusion, we note that the security policy is defined as a set of documented management decisions aimed at protecting information and resources associated with it. When developing and implementing it, it is advisable to be guided by the following basic principles:

Inability to bypass protective equipment. All information flows into and out of the protected network must pass through the protections. There should be no secret modem inputs or test lines that bypass security.

Strengthening the weakest link. The reliability of any protection is determined by the weakest link, since attackers crack it. Often the weakest link is not a computer or program, but a person, and then the problem of ensuring information security becomes non-technical.

Inability to transition to an unsafe state. The principle of the impossibility of transition to an unsafe state means that under any circumstances, including abnormal ones, the protective tool either fully performs its functions or completely blocks access.

Privilege minimization. The principle of least privilege dictates that users and administrators should be granted only those access rights that they need to perform their duties.

Segregation of duties. The principle of segregation of duties implies such a distribution of roles and responsibilities, in which one person cannot disrupt a process that is critical to the organization.

Layered defense. The principle of defense layering prescribes not to rely on one defensive line. Defense in depth can at least delay an intruder and make it much more difficult to carry out malicious actions unnoticed.

Variety of protective equipment. The principle of a variety of protective means recommends organizing defensive lines of various nature, so that a potential attacker is required to master a variety of, if possible, incompatible skills.

Simplicity and manageability of the information system. The principle of simplicity and manageability says that only in a simple and manageable system can you check the consistency of the configuration of different components and implement centralized administration.

Ensuring Universal Support for Security Measures. The principle of universal support for security measures is non-technical. If users and / or system administrators consider information security to be something redundant or hostile, then it will certainly not be possible to create a security mode. From the very beginning, a set of measures should be envisaged aimed at ensuring the loyalty of personnel, at constant theoretical and practical training.