Cryptography as a means of protecting (closing) information is becoming increasingly important in the world commercial activities.
Cryptography has enough long history. At first it was used mainly in the field of military and diplomatic communications. Now it is necessary in industrial and commercial activities. Considering that today hundreds of millions of messages are transmitted through encrypted communication channels in our country alone, telephone conversations, huge volumes of computer and telemetric data, and all this, as they say, is not for prying eyes and ears, it becomes clear: maintaining the secrecy of this correspondence is extremely necessary.
What is cryptography? It includes several sections modern mathematics, as well as special branches of physics, radio electronics, communications and some other related industries. Its task is to transform mathematical methods secret message transmitted over communication channels, telephone conversation or computer data in such a way that it becomes completely incomprehensible to unauthorized persons. That is, cryptography must ensure such protection of secret (or any other) information that even if it is intercepted by unauthorized persons and processed by any means using the fastest computers and latest achievements science and technology, it should not be deciphered for several decades. For such information transformation, various encryption tools are used, such as document encryption tools, including portable ones, speech encryption tools (telephone and radio conversations), telegraph message encryption tools and data transmission tools.
General encryption technology
The original information that is transmitted over communication channels can be speech, data, video signals, called unencrypted messages P (Fig. 16).
Rice. 16. Model of a cryptographic system
In an encryption device, message P is encrypted (converted into message C) and transmitted over an “unclosed” communication channel. At the receiving end, message C is decrypted to restore the original meaning of message P.
A parameter that can be used to retrieve specific information is called a key.
In modern cryptography, two types of cryptographic algorithms (keys) are considered. This classical cryptographic algorithms, based on the use of secret keys, and new cryptographic algorithms with public key, based on the use of two types of keys: secret (private) and public.
In public key cryptography, there are at least two keys, one of which cannot be deduced from the other. If the decryption key computational methods cannot be obtained from the encryption key, then the secrecy of information encrypted using an unclassified (public) key will be ensured. However, this key must be protected from substitution or modification. The decryption key must also be secret and protected from substitution or modification.
If, on the contrary, it is impossible to obtain the encryption key from the decryption key by computational methods, then the decryption key may not be secret.
Separating encryption and decryption functions by splitting into two parts additional information required to perform operations is the valuable idea behind public key cryptography.
Speech encryption technology
The most common way to encrypt an analog speech signal is to split it into parts.
In this case, the input speech signal enters bandpass filters to select bands of the encrypted spectrum. The output signal of each filter during the encryption process is subjected to either frequency reversal, spectrum inversion (inversion), or both simultaneously. The complete encryption output signal is then synthesized.
It works on this principle systemAVPS (AnalogVoicePrivedSystem) – a speech encoder (scrambler), which rearranges individual “cuts” of the input signal using a bandpass filter – analyzer. The system has 12 encryption keys, determined by possible permutations, which ensures the reliability of the method used.
The AVPS system is used in real time with any unified phones. The quality of speech encryption is high, and subscriber recognition is preserved.
Digital speech encryption systems are becoming very widespread. These systems provide highly secure encryption.
Data encryption systems mainly use two elementary systems:
1. Permutation (bits or subblocks within each block of input data are rearranged).
2. Replacement (bits or subblocks within each block of input data are replaced).
Developed large number encryption algorithms. Among the most effective is the DES (Data Encryption Standard) algorithm, a data encryption standard. The American National Bureau of Standards (NBS) has legitimized the DES algorithm as a standard for communications systems. The encryption mechanism in this algorithm is based on the use of a 56-bit key.
To protect industrial and commercial information, various technical devices and sets of professional equipment for encryption and cryptographic protection of telephone and radio communications are offered on the international and domestic market, business correspondence etc.
Scramblers and maskers, which replace the speech signal with digital data transmission, have become widespread. Security products for teletypes, telexes and faxes are produced. For these purposes, encryptors are used in the form individual devices, in the form of attachments to devices or built into the design of telephones, fax modems and other communication devices (radio stations, etc.).
The prevalence of encryption as a means of ensuring security by one means or another can be characterized by the following data (Fig. 17).
Rice. 17. Prevalence of encryption as a security tool
Hardware, software, firmware and cryptographic tools implement certain information security services with various information protection mechanisms that ensure confidentiality, integrity, completeness and availability.
Engineering and technical protection information uses physical, hardware, software and cryptographic means.
Conclusions
Comprehensive security of information resources is achieved by using legal acts at the state and departmental level, organizational measures and technical means of protecting information from various internal and external threats.
Legal measures to ensure the security and protection of information are the basis for the activities and behavior of employees at all levels and the degree of their responsibility for violating established standards.
Confidentiality of information is characterized by such seemingly opposite indicators as accessibility and secrecy. Methods to ensure that information is accessible to users are discussed in Section 9.4.1. In this section, we will consider ways to ensure information secrecy. This property of information is characterized by the degree of masking of information and reflects its ability to resist revealing the meaning of information arrays, determining the structure of the stored information array or the carrier (carrier signal) of the transmitted information array and establishing the fact of transmission of the information array via communication channels. The optimality criteria in this case, as a rule, are:
minimizing the likelihood of overcoming (“breaking”) the protection;
maximizing the expected safe time before the security subsystem is “hacked”;
minimizing the total losses from “hacking” the protection and the costs of developing and operating the corresponding elements of the information control and protection subsystem, etc.
Ensure confidentiality of information between subscribers in general case can be done in one of three ways:
create an absolutely reliable communication channel between subscribers, inaccessible to others;
use a public communication channel, but hide the very fact of transmitting information;
use a public communication channel, but transmit information through it in a transformed form, and it must be transformed in such a way that only the addressee can restore it.
The first option is practically impossible to implement due to high material costs to create such a channel between remote subscribers.
One of the ways to ensure the confidentiality of information transfer is steganography. Currently, it represents one of the promising areas for ensuring the confidentiality of stored or transmitted information in computer systems by masking classified information in open files, especially multimedia.
Engaged in the development of methods for converting (encrypting) information in order to protect it from illegal users cryptography.
Cryptography (sometimes the term cryptology is used) is a field of knowledge that studies secret writing (cryptography) and methods for its disclosure (cryptanalysis). Cryptography is considered a branch of mathematics.
Until recently, all research in this area was only closed, but in the last few years more and more publications have begun to appear in the open press. Part of the reason for the softening of secrecy is that it has become impossible to hide the accumulated amount of information. On the other hand, cryptography is increasingly being used in civilian industries, which requires disclosure.
9.6.1. Principles of cryptography. The goal of a cryptographic system is to encrypt meaningful plaintext (also called plaintext) into a seemingly meaningless ciphertext (ciphertext). The recipient to whom it is intended must be able to decipher (also called “decipher”) this ciphertext, thus recovering the corresponding plaintext. In this case, the adversary (also called a cryptanalyst) must be unable to reveal the original text. There is an important difference between deciphering (deciphering) and revealing a ciphertext.
Cryptographic methods and methods of converting information are called ciphers. Disclosure of a cryptosystem (cipher) is the result of the work of a cryptanalyst, leading to the possibility of effectively revealing any plaintext encrypted using a given cryptosystem. The degree to which a cryptosystem is incapable of detection is called its strength.
The issue of reliability of information security systems is very complex. The fact is that there are no reliable tests to ensure that information is protected reliably enough. Firstly, cryptography has the peculiarity that “breaking” a cipher often requires spending several orders of magnitude more money than creating it. Consequently, testing the cryptographic protection system is not always possible. Secondly, repeated unsuccessful attempts to overcome the defense do not mean that the next attempt will not be successful. It is possible that professionals struggled with the cipher for a long time, but unsuccessfully, and a certain newcomer took a non-standard approach - and the cipher came easily to him.
As a result of such poor provability of the reliability of information security tools, there are many products on the market whose reliability cannot be reliably judged. Naturally, their developers praise their work in every possible way, but cannot prove its quality, and often this is impossible in principle. As a rule, the unprovability of reliability is also accompanied by the fact that the encryption algorithm is kept secret.
At first glance, the secrecy of the algorithm serves as an additional guarantee of the reliability of the cipher. This is an argument aimed at amateurs. In fact, if the algorithm is known to the developers, it can no longer be considered secret, unless the user and the developer are not the same person. In addition, if, due to the incompetence or errors of the developer, the algorithm turns out to be unstable, its secrecy will not allow independent experts to verify it. The instability of the algorithm will be revealed only when it has already been hacked, or even not at all, because the enemy is in no hurry to brag about his successes.
Therefore, the cryptographer must be guided by the rule first formulated by the Dutchman O. Kerkhoffs: the strength of the cipher should be determined only by the secrecy of the key. In other words, O. Kerkhoffs's rule is that the entire encryption mechanism, except for the value of the secret key, is a priori considered known to the enemy.
Another thing is that a method of protecting information is possible (strictly speaking, not related to cryptography), when it is not the encryption algorithm that is hidden, but the very fact that the message contains encrypted (hidden in it) information. It would be more correct to call this technique information masking. It will be considered separately.
The history of cryptography goes back several thousand years. The need to hide what was written appeared in a person almost as soon as he learned to write. A well-known historical example of a cryptosystem is the so-called Caesar cipher, which simply replaces each letter of the plaintext with the third letter of the alphabet that follows it (with wrapping when necessary). For example, A was replaced by D,B on E,Z on C.
Despite significant advances in mathematics over the centuries since the time of Caesar, secret writing did not make significant steps forward until the middle of the 20th century. It had an amateurish, speculative, unscientific approach.
For example, in the 20th century, “book” ciphers were widely used by professionals, in which some mass printed publication was used as a key. Needless to say, how easily such ciphers were revealed! Of course, with theoretical point From a perspective, the “book” cipher looks quite reliable, since it is impossible to sort through its set manually. However, the slightest a priori information sharply narrows this choice.
By the way, about a priori information. During the Great Patriotic War, as is known, the Soviet Union paid considerable attention to organizing the partisan movement. Almost every detachment behind enemy lines had a radio station, as well as some form of communication with the “mainland.” The ciphers the partisans had were extremely unstable - German codebreakers deciphered them quite quickly. And this, as we know, resulted in combat defeats and losses. The partisans turned out to be cunning and inventive in this area too. The reception was extremely simple. IN source text messages were made large number grammatical errors, for example, they wrote: “three echelons passed with tanks.” If deciphered correctly, everything was clear to a Russian person. But the enemy’s cryptanalysts were powerless in the face of such a technique: going through possible options, they encountered the combination “tnk”, which is impossible for the Russian language, and rejected this option as obviously incorrect.
This seemingly home-grown technique is, in fact, very effective and is often used even now. Random sequences of symbols are inserted into the original text of the message in order to confuse cryptanalytic programs that work by brute force or to change the statistical patterns of the ciphergram, which can also provide useful information to the enemy. But in general, we can still say that pre-war cryptography was extremely weak and could not lay claim to the title of a serious science.
However, tough military necessity soon forced scientists to seriously study the problems of cryptography and cryptanalysis. One of the first significant achievements in this field was the German Enigma typewriter, which was actually a mechanical encoder and decoder with fairly high resistance.
At the same time, during the Second World War, the first professional decryption services appeared. The most famous of them is Bletchley Park, a unit of the British intelligence service MI5.
9.6.2. Types of ciphers All encryption methods can be divided into two groups: secret key ciphers and public key ciphers. The first are characterized by the presence of some information (secret key), the possession of which makes it possible to both encrypt and decrypt messages. Therefore, they are also called single-key. Public key ciphers require two keys to decrypt messages. These ciphers are also called two-key ciphers.
The encryption rule cannot be arbitrary. It must be such that from the ciphertext using the decryption rule it is possible to unambiguously reconstruct the open message. Encryption rules of the same type can be combined into classes. Within a class, rules differ from each other by the values of some parameter, which can be a number, a table, etc. In cryptography specific meaning This parameter is usually called key.
Essentially, the key selects a specific encryption rule from a given class of rules. This allows, firstly, when using special devices for encryption, to change the value of the device parameters so that the encrypted message cannot be decrypted even by people who have exactly the same device, but do not know the selected parameter value, and secondly, it allows you to change the encryption rule in a timely manner , since repeated use of the same encryption rule for plaintexts creates the prerequisites for obtaining plaintext messages from encrypted ones.
Using the concept of a key, the encryption process can be described as a relation:
Where A– open message; B– encrypted message; f– encryption rule; α – the selected key, known to the sender and recipient.
For every key α
cipher conversion 
must be invertible, that is, there must be an inverse transformation 
, which with the selected key α
uniquely identifies an open message A via encrypted message B:
(9.0)
Set of transformations 
and the set of keys to which they correspond is called code. Among all the ciphers, two can be distinguished: large class: substitution ciphers and permutation ciphers. Currently, electronic encryption devices are widely used to protect information in automated systems. An important characteristic of such devices is not only the strength of the implemented cipher, but also the high speed of the encryption and decryption process.
Sometimes two concepts are confused: encryption And coding. Unlike encryption, for which you need to know the cipher and secret key, with encoding there is nothing secret, there is only a certain replacement of letters or words with predetermined symbols. Encoding methods are not aimed at hiding the overt message, but at presenting it in more detail. convenient form for transmission by technical means communication, to reduce message length, protect against distortion, etc.
Secret key ciphers. This type of cipher implies the presence of some information (key), the possession of which allows you to both encrypt and decrypt the message.
On the one hand, such a scheme has the disadvantages that, in addition to an open channel for transmitting the ciphergram, it is also necessary to have a secret channel for transmitting the key; in addition, if information about the key is leaked, it is impossible to prove which of the two correspondents the leak occurred from.
On the other hand, among the ciphers of this particular group there is the only encryption scheme in the world that has absolute theoretical strength. All others can be deciphered at least in principle. Such a scheme is regular encryption (for example, an XOR operation) with a key whose length is equal to the length of the message. In this case, the key should only be used once. Any attempts to decipher such a message are useless, even if there is a priori information about the text of the message. By selecting a key, you can get any message as a result.
Public key ciphers. This type of cipher implies the presence of two keys - public and private; one is used for encryption, the other for decrypting messages. The public key is published - brought to the attention of everyone, while the secret key is kept by its owner and is the key to the secrecy of messages. The essence of the method is that what is encrypted using the secret key can only be decrypted using the public key and vice versa. These keys are generated in pairs and have a one-to-one correspondence with each other. Moreover, it is impossible to calculate another from one key.
A characteristic feature of ciphers of this type, which distinguishes them favorably from ciphers with a secret key, is that the secret key here is known only to one person, while in the first scheme it must be known to at least two. This gives the following advantages:
no secure channel is required to send the secret key;
all communication is carried out over an open channel;
Having a single copy of the key reduces the possibility of its loss and allows you to establish clear personal responsibility for maintaining the secret;
the presence of two keys allows the use of this encryption system in two modes - secret communication and digital signature.
The simplest example of the encryption algorithms under consideration is the RSA algorithm. All other algorithms of this class are not fundamentally different from it. It can be said that, by and large, RSA is the only public key algorithm.
9.6.3. Algorithm RSA. RSA (named after its authors, Rivest, Shamir, and Alderman) is a public key algorithm designed for both encryption and authentication (digital signature). This algorithm was developed in 1977 and is based on decomposing large integers into simple factors (factorization).
RSA is a very slow algorithm. By comparison, at the software level, DES is at least 100 times faster than RSA; on hardware – 1,000-10,000 times, depending on execution.
The RSA algorithm is as follows. Take two very large prime numbers p And q. Determined n as a result of multiplication p on q(n=p q). A large random integer is selected d, coprime with m, Where 
. This number is determined e, What 
. Let's call it a public key e And n, and the secret key is numbers d And n.
Now, to encrypt data using a known key ( e,n), you need to do the following:
split the ciphertext into blocks, each of which can be represented as a number M(i)=0,1,…,n-1;
encrypt text treated as a sequence of numbers M(i) according to the formula C(i)=(M(i)) mod n;
to decrypt this data using the secret key ( d,n), you need to perform the following calculations M(i)=(C(i))mod n.
The result will be a lot of numbers M(i), which represent the source text.
Example. Let's consider using the RSA method to encrypt the message: “Computer”. For simplicity, we will use very small numbers (in practice, much larger numbers are used - from 200 and above).
Let's choose p=3 and q=11. Let's define n=3×11=33.
Let's find ( p-1)×( q-1)=20. Therefore, as d choose any number that is coprime to 20, for example d=3.
Let's choose a number e. Such a number can be any number for which the relation ( e×3) mod 20=1, for example 7.
Let's imagine the encrypted message as a sequence of integers in the range 1...32. Let the letter “E” be represented by the number 30, the letter “B” by the number 3, and the letter “M” by the number 13. Then the original message can be represented as a sequence of numbers (30 03 13).
Let's encrypt the message using key (7.33).
C1=(307) mod 33=21870000000 mod 33=24,
С2=(37) mod 33=2187 mod 33=9,
C3=(137) mod 33=62748517 mod 33=7.
Thus, the encrypted message looks like (24 09 07).
Let's solve the inverse problem. Let's decrypt the message (24 09 07), obtained as a result of encryption using a known key, based on the secret key (3.33):
M1=(24 3) mod 33=13824 mod 33=30,
M2=(9 3) mod 33=739 mod 33=9,
M3=(7 3)mod33=343mod33=13 .
Thus, as a result of decrypting the message, the original message “computer” was received.
The cryptographic strength of the RSA algorithm is based on the assumption that it is extremely difficult to determine the secret key from a known one, since this requires solving the problem of the existence of integer divisors. This problem is NP-complete and, as a consequence of this fact, does not currently allow an effective (polynomial) solution. Moreover, the very question of the existence of efficient algorithms for solving NP-complete problems is still open. In this regard, for numbers consisting of 200 digits (and these are the numbers that are recommended to be used), traditional methods require performing a huge number of operations (about 1023).
The RSA algorithm (Fig. 9.2) is patented in the USA. Its use by others is not permitted (with a key length exceeding 56 bits). True, the fairness of such an establishment can be questioned: how can an ordinary exponentiation be patented? However, RSA is protected by copyright laws.
Rice. 9.2. Encryption scheme
A message encrypted using the public key of a subscriber can only be decrypted by him, since only he has the secret key. So, to send a private message, you must take the recipient's public key and encrypt the message with it. After this, even you yourself will not be able to decipher it.
9.6.4. Electronic signature. When we do the opposite, that is, we encrypt a message using a secret key, then anyone can decrypt it (by taking your public key). But the very fact that the message was encrypted with your secret key serves as confirmation that it came from you, the only holder of the secret key in the world. This mode of using the algorithm is called a digital signature.
From a technology point of view, an electronic digital signature is a software-cryptographic (that is, appropriately encrypted) tool that allows you to confirm that the signature on a particular electronic document was put by its author and not by any other person. An electronic digital signature is a set of characters generated according to the algorithm defined by GOST R 34.0-94 and GOST R 34.-94. At the same time, an electronic digital signature allows you to verify that the information signed using the electronic digital signature method was not changed during the transfer process and was signed by the sender exactly in the form in which you received it.
The process of electronically signing a document (Fig. 9.3) is quite simple: the array of information that needs to be signed is processed by special software using the so-called private key. Next, the encrypted array is sent by email and, upon receipt, is verified with the corresponding public key. The public key allows you to check the integrity of the array and verify the authenticity of the sender’s electronic digital signature. It is believed that this technology has 100% protection against hacking.
Rice. 9.3. Scheme of the electronic document signing process
Each subject who has the right to sign has a secret key (code) and can be stored on a floppy disk or smart card. The public key is used by recipients of the document to verify the authenticity of the electronic digital signature. Using an electronic digital signature, you can sign individual files or fragments of databases.
In the latter case, software that implements an electronic digital signature must be integrated into applied automated systems.
According to the new law, the procedure for certification of electronic digital signature tools and certification of the signature itself is clearly regulated.
This means that the appropriate government agency must confirm that a particular software for generating an electronic digital signature actually generates (or verifies) only an electronic digital signature and nothing else; that the corresponding programs do not contain viruses, do not download information from contractors, do not contain “bugs” and are guaranteed against hacking. Certification of the signature itself means that the relevant organization - the certification authority - confirms that this key belongs specifically to to this person.
You can sign documents without the specified certificate, but in the event of litigation, it will be difficult to prove anything. In this case, the certificate is irreplaceable, since the signature itself does not contain data about its owner.
For example, a citizen A and citizen IN entered into an agreement for the amount of 10,000 rubles and certified the agreement with their digital signature. Citizen A did not fulfill his obligation. Offended citizen IN, accustomed to acting within the legal framework, goes to court, where the authenticity of the signature is confirmed (the correspondence of the public key to the private one). However, the citizen A states that the private key is not his at all. When such a precedent arises, a graphological examination is carried out with a regular signature, but in the case of an electronic signature, a third party or a document is needed to confirm that the signature really belongs to this person. This is what a public key certificate is for.
Today, one of the most popular software tools that implement the basic functions of an electronic digital signature are the Verba and CryptoPRO CSP systems.
9.6.5. HASH function. As shown above, a public key cipher can be used in two modes: encryption and digital signature. In the second case, it makes no sense to encrypt the entire text (data) using a secret key. The text is left clear, and a certain “checksum” of this text is encrypted, resulting in a data block that is a digital signature that is added to the end of the text or attached to it in a separate file.
The mentioned “checksum” of the data, which is “signed” instead of the entire text, must be calculated from the entire text so that a change in any letter is reflected on it. Secondly, the specified function must be one-way, that is, computable only “in one direction.” This is necessary so that the enemy cannot purposefully change the text to fit the existing digital signature.
This function is called Hash function, which, like cryptographic algorithms, is subject to standardization and certification. In our country it is regulated by GOST R-3411. Hash function– a function that performs hashing of a data array by mapping values from a (very) large set of values into a (significantly) smaller set of values. In addition to digital signatures, hash functions are also used in other applications. For example, when exchanging messages between remote computers where user authentication is required, a method based on a hash function can be used.
Let Hash code created by the function N:
,
Where M is a message of arbitrary length and h is a fixed length hash code.
Let's look at the requirements that a hash function must meet in order to be used as a message authenticator. Let's look at a very simple example of a hash function. Then we will analyze several approaches to constructing a hash function.
Hash function N, which is used for message authentication, must have the following properties:
N(M) shall apply to a data block of any length;
N(M) create an output of a fixed length;
N(M) is relatively easy (in polynomial time) to calculate for any value M;
for anyone given value hash code h impossible to find M such that N(M) =h;
for any given X computationally impossible to find y≠x, What H(y) =H(x);
It is computationally impossible to find an arbitrary pair ( X,y) such that H(y) =H(x).
The first three properties require the hash function to produce a hash code for any message.
The fourth property defines the requirement that the hash function be one-sided: it is easy to create a hash code from a given message, but it is impossible to reconstruct the message from a given hash code. This property is important if hash authentication involves a secret value. The secret value itself may not be sent, however, if the hash function is not one-way, an adversary can easily reveal the secret value as follows.
The fifth property ensures that it is impossible to find another message whose hash value matches the hash value of this message. This prevents authenticator spoofing when using an encrypted hash code. IN in this case the adversary can read the message and hence create its hash code. But since the adversary does not have the secret key, he has no way to change the message without the recipient detecting it. If this property is not executed, the attacker has the opportunity to perform the following sequence of actions: intercept the message and its encrypted hash code, calculate the hash code of the message, create an alternative message with the same hash code, replace the original message with a fake one. Since the hashes of these messages are the same, the recipient will not detect the spoofing.
A hash function that satisfies the first five properties is called simple or weak hash function. If, in addition, the sixth property is satisfied, then such a function is called strong hash function. The sixth property protects against a class of attacks known as the birthday attack.
All hash functions are performed as follows. The input value (message, file, etc.) is considered as a sequence n-bit blocks. The input value is processed sequentially block by block, and a m- bit value of the hash code.
One of the simplest examples of a hash function is to bitwise XOR each block:
WITH i = b i 1 XOR b i2 XOR. . . XOR b ik ,
Where WITH i – i th bit of the hash code, i = 1, …, n;
k- number n-bit input blocks;
b ij –i th bit in j th block.
The result is a hash code of length n, known as longitudinal excess control. This is effective for occasional failures to verify data integrity.
9.6.6. DES AND GOST-28147. DES (Data Encryption Standard) is an algorithm with symmetric keys, i.e. one key is used for both encryption and decryption of messages. Developed by IBM and approved by the US government in 1977 as an official standard for protecting information that is not a state secret.
DES has 64-bit blocks, is based on 16-fold permutation of data, and uses a 56-bit key for encryption. There are several DES modes, such as Electronic Code Book (ECB) and Cipher Block Chaining (CBC). 56 bits are 8 seven-bit ASCII characters, i.e. The password cannot be more than 8 letters. If, in addition, you use only letters and numbers, then the number of possible options will be significantly less than the maximum possible 256.
One of the steps of the DES algorithm. The input data block is divided in half by the left ( L") and right ( R") parts. After this, the output array is formed so that its left side L"" represented by the right side R" input, and the right R"" formed as a sum L" And R" XOR operations. Next, the output array is encrypted by permutation with replacement. You can make sure that all operations performed can be reversed and decryption is carried out in a number of operations that linearly depends on the block size. The algorithm is shown schematically in Fig. 9.4.
Rice. 9.4. DES Algorithm Diagram
After several such transformations, we can consider that each bit of the output encryption block can depend on each bit of the message.
In Russia there is an analogue of the DES algorithm, which works on the same principle of a secret key. GOST 28147 was developed 12 years later than DES and has more high degree protection. Their comparative characteristics are presented in table. 9.3.
Table 9.3
9.6.7. Steganography. Steganography- this is a method of organizing communication that actually hides the very presence of communication. Unlike cryptography, where an adversary can accurately determine whether a transmitted message is encrypted text, steganography techniques allow secret messages to be embedded in harmless messages so that it is impossible to suspect the existence of an embedded secret message.
The word “steganography” translated from Greek literally means “secret writing” (steganos - secret, secret; graphy - record). This includes a huge variety of secret means of communication, such as invisible ink, microphotographs, conventional arrangement of signs, secret channels and means of communication on floating frequencies, etc.
Steganography occupies its niche in security: it does not replace, but complements cryptography. Hiding a message using steganography methods significantly reduces the likelihood of detecting the very fact of message transmission. And if this message is also encrypted, then it has one more, additional level of protection.
Currently, due to the rapid development of computer technology and new channels for transmitting information, new steganographic methods have appeared, which are based on the peculiarities of presenting information in computer files, computer networks, etc. This gives us the opportunity to talk about the formation of a new direction - computer steganography .
Despite the fact that steganography as a method of hiding secret data has been known for thousands of years, computer steganography is a young and developing field.
Steganographic system or stegosystem– a set of means and methods that are used to form a covert channel for transmitting information.
When constructing a stegosystem, the following provisions must be taken into account:
The adversary has a complete understanding of the steganographic system and the details of its implementation. The only information that remains unknown to a potential adversary is the key, with the help of which only its holder can establish the presence and content of a hidden message.
If an adversary somehow becomes aware of the existence of a hidden message, this should not allow him to extract similar messages in other data as long as the key is kept secret.
A potential adversary must be deprived of any technical or other advantages in recognizing or disclosing the content of secret messages.
A generalized model of the stegosystem is presented in Fig. 9.5.
Rice. 9.5. Generalized stegosystem model
As data Any information can be used: text, message, image, etc.
In the general case, it is advisable to use the word “message”, since a message can be either text or an image, or, for example, audio data. In what follows, we will use the term message to denote hidden information.
Container– any information intended to conceal secret messages.
Stegokey or simply a key - a secret key necessary to hide information. Depending on the number of security levels (for example, embedding a pre-encrypted message), a stegosystem may have one or more stegokeys.
By analogy with cryptography, based on the type of stegokey, stegosystems can be divided into two types:
with a secret key;
with a public key.
A secret key stegosystem uses a single key, which must be determined either before secret messages are exchanged or transmitted over a secure channel.
In a public key stegosystem, different keys are used for message embedding and retrieval, which differ in such a way that it is impossible to computationally infer one key from the other. Therefore, one key (public) can be transmitted freely over an unsecured communication channel. Besides, this scheme works well even with mutual distrust of the sender and recipient.
Currently it is possible to distinguish three Directions of application of steganography that are closely related to each other and have the same roots: data hiding(messages), digital watermarks And headers.
Hiding injected data, which in most cases are large, imposes serious requirements on the container: the size of the container must be several times larger than the size of the embedded data.
Digital watermarks are used to protect copyright or property rights in digital images, photographs or other digitized works of art. The main requirements for such embedded data are reliability and resistance to distortion. Digital watermarks are small in size, but given the above requirements, embedding them requires more complex methods than simply embedding messages or headers.
Headings used primarily for tagging images in large electronic repositories (libraries) of digital images, audio and video files. In this case, steganographic methods are used not only to introduce an identifying header, but also other individual characteristics of the file. The embedded headers are small in volume, and the requirements for them are minimal: the headers must introduce minor distortions and be resistant to basic geometric transformations.
Computer cryptography is based on several principles:
The message can be sent using noise coding. It will be difficult to detect against the background of hardware noise in the telephone line or network cables.
The message can be placed in empty spaces of files or disk without losing their functionality. Executable files have a multi-segment structure of executable code; a bunch of bytes can be inserted between the empty segments. This is how the WinCIH virus hides its body. A file always occupies an integer number of clusters on disk, so the physical and logical length of a file are rarely the same. You can also write something down during this period. You can format the intermediate track of the disc and place a message on it. Eat easier way, which consists in adding a certain number of spaces carrying information load to the end of a line in an HTML or text file.
Human senses are unable to distinguish small changes in color, image or sound. This is applied to data that carries redundant information. For example, 16-bit audio or 24-bit image. Changing the values of the bits responsible for the color of a pixel will not lead to a noticeable change in color. This also includes the method of hidden fonts. Subtle distortions are made in the outlines of letters that will carry a semantic load. To document Microsoft Word you can insert similar symbols containing a hidden message.
The most common and one of the best software products for steganography is S-Tools (freeware status). It allows you to hide any files in GIF, BMP and WAV formats. Performs controlled compression (archiving) of data. In addition, it performs encryption using MCD, DES, triple-DES, IDEA algorithms (optional). The graphic file remains without visible changes, only the shades change. The sound also remains without noticeable changes. Even if suspicions arise, it is impossible to determine whether S-Tools is being used without knowing the password.
9.6.8. Certification and standardization of cryptosystems. All states pay close attention cryptography issues. There are constant attempts to impose certain limits, bans and other restrictions on the production, use and export of cryptographic tools. For example, in Russia the import and export of information security means, in particular cryptographic means, is licensed in accordance with Decree of the President of the Russian Federation dated April 3, 1995 No. 334 and Decree of the Government of the Russian Federation dated April 15, 1994 No. 331.
As already mentioned, a cryptosystem cannot be considered reliable if the algorithm of its operation is not fully known. Only knowing the algorithm can you check whether the protection is stable. However, only a specialist can check this, and even then such a check is often so complex that it is not economically feasible. How can an ordinary user who does not know mathematics be convinced of the reliability of the cryptosystem that he is offered to use?
For a non-specialist, evidence of reliability can be the opinion of competent independent experts. This is where the certification system arose. All information security systems are subject to it so that enterprises and institutions can officially use them. It is not prohibited to use uncertified systems, but in this case you assume the entire risk that it will not be reliable enough or will have “backdoors”. But to sell information security products, certification is necessary. Such provisions apply in Russia and in most countries.
Our only body authorized to carry out certification is the Federal Agency for Government Communications and Information under the President of the Russian Federation (FAPSI). This body approaches certification issues very carefully. Very few developments from third-party companies were able to obtain a FAPSI certificate.
In addition, FAPSI licenses the activities of enterprises related to the development, production, sale and operation of encryption tools, as well as secure technical means of storing, processing and transmitting information, providing services in the field of information encryption (Decree of the President of the Russian Federation dated April 3, 1995 No. 334 “On measures to comply with the law in the development of production, sale and operation of encryption tools, as well as the provision of services in the field of information encryption" and the Law of the Russian Federation "On Federal Government Communications and Information Bodies").
For certification, a prerequisite is compliance with standards when developing information security systems. Standards serve a similar function. They allow, without conducting complex, expensive and not always possible research, to gain confidence that this algorithm provides protection of a sufficient degree of reliability.
9.6.9. Encrypted archives. Many application programs include an encryption feature. Here are examples of some software tools that have encryption capabilities.
Archive programs (for example, WinZip) have the option of encrypting the archived information. It can be used for information that is not too important. Firstly, the encryption methods used there are not very reliable (subject to official export restrictions), and secondly, they are not described in detail. All this does not allow us to seriously count on such protection. Archives with a password can only be used for “regular” users or non-critical information.
On some Internet sites you can find programs for opening encrypted archives. For example, a ZIP archive is opened at good computer in a few minutes, and no special qualifications are required from the user.
Note. Programs for guessing passwords: Ultra Zip Password Cracker 1.00 – A fast program for guessing passwords for encrypted archives. Russian/English interface. Win"95/98/NT. (Developer - "m53group") Advanced ZIP Password Recovery 2.2 - A powerful program for selecting passwords for ZIP archives. High speed works, graphical interface, additional functions. OS: Windows95/98/NT. Developer company – “Elcom Ltd.”, shareware.
Encryption in MS Word and MS Excel. Microsoft has included some semblance of cryptographic protection in its products. But this protection is very unstable. In addition, the encryption algorithm is not described, which is an indicator of unreliability. In addition, there is evidence that Microsoft leaves a “back door” in the crypto algorithms it uses. If you need to decrypt a file for which you have lost the password, you can contact the company. Upon official request, with reasonable grounds, they decrypt MS Word and MS Excel files. By the way, some other software manufacturers do the same.
Encrypted drives (directories). Encryption is a fairly reliable method of protecting information on a hard drive. However, if the amount of information to be closed is not limited to two or three files, then it is quite difficult to work with it: each time you will need to decrypt the files, and after editing, encrypt them back. In this case, safety copies of files that many editors create may remain on the disk. Therefore, it is convenient to use special programs (drivers) that automatically encrypt and decrypt all information when writing it to disk and reading it from disk.
In conclusion, we note that security policy is defined as a set of documented management decisions aimed at protecting information and associated resources. When developing and implementing it, it is advisable to be guided by the following basic principles:
Inability to bypass protective equipment. All information flows to and from the protected network must pass through security measures. There should be no secret modem inputs or test lines that bypass security.
Strengthening the weakest link. The reliability of any protection is determined by the weakest link, since it is this that attackers hack. Often the most weak link It turns out that it is not a computer or a program, but a person, and then the problem of ensuring information security becomes non-technical in nature.
Inability to enter an unsafe state. The principle of impossibility of transition to an unsafe state means that under any circumstances, including abnormal ones, the protective device either fully performs its functions or completely blocks access.
Minimizing Privilege. The principle of least privilege requires that users and administrators be given only those access rights that they need to perform their job responsibilities.
Separation of duties. The principle of separation of duties presupposes a distribution of roles and responsibilities in which one person cannot disrupt a process critical to the organization.
Level of defense. The principle of echeloned defense prescribes not to rely on one defensive line. Defense in depth can at least delay an attacker and make it much more difficult to carry out malicious actions unnoticed.
Variety of protective equipment. The principle of diversity of protective equipment recommends organizing different types of protective equipment. defensive lines, so that a potential attacker is required to master a variety of, if possible, incompatible skills.
Simplicity and controllability of the information system. The principle of simplicity and manageability states that only in a simple and manageable system can the consistency of the configuration of different components be checked and centralized administration be carried out.
Ensure everyone's support for safety measures. The principle of universal support for security measures is non-technical in nature. If users and/or system administrators believe information security something unnecessary or hostile, then it will certainly not be possible to create a security regime. It is necessary from the very beginning to provide for a set of measures aimed at ensuring the loyalty of staff and continuous theoretical and practical training.
Cryptographic information protection - protection of information using its cryptographic transformation.
Cryptographic methods are currently basic to ensure reliable authentication of the parties to information exchange, protection.
TO means of cryptographic information protection(CIPF) includes hardware, firmware and software that implement cryptographic algorithms for converting information for the purpose of:
Protection of information during its processing, storage and transmission;
Ensuring the reliability and integrity of information (including using digital signature algorithms) during its processing, storage and transmission;
Generating information used to identify and authenticate subjects, users and devices;
Generation of information used to protect the authenticating elements of a protected AS during their generation, storage, processing and transmission.
Cryptographic methods provide encryption and encoding of information. There are two main encryption methods: symmetric and asymmetric. In the first of them, the same key (kept secret) is used to both encrypt and decrypt data.
Very effective (fast and reliable) symmetric encryption methods have been developed. There is also a national standard for such methods - GOST 28147-89 “Information processing systems. Cryptographic protection. Cryptographic conversion algorithm."
Asymmetric methods use two keys. One of them, unclassified (it can be published along with other public information about the user), is used for encryption, the other (secret, known only to the recipient) is used for decryption. The most popular of the asymmetric ones is the RSA method, based on operations with large (100-digit) prime numbers and their works.
Cryptographic methods make it possible to reliably control the integrity of both individual pieces of data and their sets (such as a message flow); determine the authenticity of the data source; guarantee the inability to refuse actions taken(“non-repudiation”).
Cryptographic integrity control is based on two concepts:
Electronic signature (ES).
A hash function is a hard-to-reversible data transformation (one-way function), implemented, as a rule, by means of symmetric encryption with block linking. Encryption result last block(depending on all previous ones) and serves as the result of the hash function.
Cryptography as a means of protecting (closing) information is becoming increasingly important in commercial activities.
To transform information, various encryption tools are used: document encryption tools, including portable ones, speech encryption tools (telephone and radio conversations), telegraph message encryption tools and data transmission.
To protect trade secrets, various technical devices and sets of professional equipment for encryption and cryptographic protection of telephone and radio conversations, business correspondence, etc. are offered on the international and domestic markets.
Scramblers and maskers, which replace the speech signal with digital data transmission, have become widespread. Security products for teletypewriters, telexes and faxes are produced. For these purposes, encryptors are used, made in the form of separate devices, in the form of attachments to devices, or built into the design of telephones, fax modems and other communication devices (radio stations and others). To ensure the reliability of transmitted electronic messages, an electronic digital signature is widely used.
Based on analysis different approaches(N.N. Ivanova, E.V. Bondareva, S.A. Efimova, A.K. Markova, V.A. Naperov, L.A. Pershina, V.F. Spiridonov, etc.) we have developed a professional structure competence of specialists, including three components of professional competence, consisting of various blocks of competencies (see Fig. 1):
- based on types of professional activities (functional, legal, economic, technical, communicative competence);
- on the basis of socially significant personality qualities, properties and characteristics of the individual (cognitive, emotive, reflective competencies) and professionally in demand in work important qualities;
- based on the professional orientation of the individual (motivational competence).
Any activity begins with the “setting” stage, defining a goal and ways to achieve it, and ends with obtaining a personally and professionally significant result, which correlates with the goal, self-esteem, and approval by independent experts. If there is a correspondence, we can talk about formed competence; if there is a discrepancy and real result does not coincide or differs significantly from the specified one (the specialist’s model), indicating a lack of competence of the specialist. Each employee is competent to the extent that the work he performs meets the requirements for final result this professional activity.
L.D. Stolyarenko and V.E. Stolyarenko consider the formula successful learning, which takes into account the following parameters:
Uo = M + 4P + S,
where Uo is the success of training;
M - motivation;
P1 - receiving (or searching) information;
P2 - understanding of information;
P3 - memorization;
P4 - application of information;
C - systematic knowledge.
Motivational competence includes three characteristics:
- firstly, motives, goals, needs, value systems of actualization in professional competence stimulate the creative manifestation of the individual; the need of the individual specialist for knowledge, for mastery in effective ways formation of professional competence;
- secondly, the ability to extrovert and dominate. This ability allows you to increase your influence on other people, since extroverts are able to withstand greater social stress, and on the other hand, the socially oriented ability to dominate implies the ability to get your way through persuasion, coordination and explanation;
- thirdly, it implies the application of additional efforts to reduce the likelihood of failure, as well as the mobilization of energy, perseverance, activity and the ability to withstand loads, perseverance in performing difficult tasks, determination, i.e. characterizes the volitional side of a person’s command.
Motivational competence serves as a link in the process of specialist development. Motives, needs, goals, values determine a person’s level of interest in purchasing professional competencies, as well as achievement motivation, a resource for success, the desire for the quality of one’s work, the ability to self-motivate, self-confidence, optimism.
In the structure of motivation, 4 components can be distinguished: pleasure from the activity itself; the significance for the individual of the direct result of the activity; motivating power of reward for activity; coercive pressure on the individual (B.I. Dodonov).
Motives can be external and internal (Table 5). The readiness to master and realize oneself in activity depends on the prevailing motives.
Table 5
Motives of the learning process
| External motives | Internal motives |
| External to immediate goal teachings | Encourage a person to study |
| Punishment and reward; threat and demand; material gain: group pressure; expectation of future benefits | Interest in knowledge itself, curiosity, desire to increase cultural, professional level, the need for active and new information |
| Knowledge and skills serving as a means to achieve other goals (avoiding the unpleasant; achieving general or personal success, benefits, career; satisfying ambition) | The development of cognitive interest goes through three main stages: ¦ situational cognitive interest that arises in conditions of novelty; ¦ sustainable interest in a certain subject content of the activity; ¦ inclusion cognitive interests into the general orientation of the personality, into the system of his life goals and plans |
| Teaching may be indifferent | Teaching is significant |
| The teaching is forced | Learning has the character of cognitive independence |
When considering professional competence, it is necessary to take into account the connections that arise between different but interacting types of competencies, since they manifest themselves in a new way each time depending on internal factors (personal potential, experience, skills, qualities) and external conditions(status, prestige, level vocational training etc.), influencing the activities of a professional. Moreover internal factors or personal characteristics are the basis on which professional qualities are built, and professional activity and the process of its development actualize the need for the manifestation and development of personal, individual qualities.
More on topic IV. Structure of professional competence:
- 1.3. Formation of readiness of graduates of vocational education institutions for professionally competent activities
