The main directions and purposes of using cryptographic methods
When building secure systems, the role of cryptographic methods for solving various information security tasks cannot be overestimated. Cryptographic methods are currently basic for ensuring reliable authentication of information exchange parties, information protection in the transport subsystem, confirmation of the integrity of information system objects, etc.
Cryptology deals with the problem of protecting information by converting it (Latin kryptos - secret, logos - science). Cryptology is divided into two areas - cryptography and cryptanalysis. The goals of these directions are directly opposite.
Cryptography is engaged in the search and research of mathematical methods of information transformation. Cryptography makes it possible to transform information in such a way that its reading (recovery) is possible only with knowledge of the key.
The field of interest of cryptanalysis is the study of the possibility of decrypting information without knowing the keys.
The main directions and purposes of using cryptographic methods:
transmission of confidential information through communication channels (for example, e-mail);
ensuring the reliability and integrity of information;
authentication of transmitted messages;
storing information (documents, databases) on encrypted media;
development of information used for identification and authentication of subjects, users and devices;
development of information used to protect the authenticating elements of a secure system.
Texts based on a certain alphabet will be considered as information to be encrypted and decrypted.
The alphabet is a finite set of characters used to encode information.
Text is an ordered set of alphabet elements.
Examples of alphabets used in modern information systems include the following:
alphabet Z33–32 letters of the Russian alphabet and a space;
alphabet Z256 - characters included in the standard ASCII and KOI-8 codes;
binary alphabet - Z2 = {0,1};
octal alphabet or hexadecimal alphabet.
Encryption is a transformative process: the source text, which is also called plaintext, is replaced by encrypted text.
Decryption is the reverse of encryption. Based on the key, the encrypted text is converted to the original one.
The key is the information necessary for the smooth encryption and decryption of texts. Usually the key is a sequential series of letters of the alphabet.
Cryptosystems are divided into symmetric and asymmetric (with a public key).
In symmetric cryptosystems, the same key is used for both encryption and decryption: the source encrypts the plaintext on the secret key K, and the receiver decrypts the ciphertext on the secret key K*.
Usually K = K*.
Asymmetric systems (public key systems) use two keys - public and private, which are mathematically related to each other. The information is encrypted using a public key that is available to everyone, and decrypted using a private key known only to the recipient of the message or vice versa.
Cryptographic strength is a characteristic of a cipher that determines its resistance to decryption without knowledge of the key (i.e. cryptanalysis).
Depending on the outcome of the cryptanalysis, all encryption algorithms can be divided into three groups.
The first group includes perfect ciphers, which obviously cannot be decrypted (if used correctly). An example of such a cipher is a random equally probable gamma cipher.
The second group includes ciphers that allow ambiguous decryption. For example, this situation occurs if a very short message is encrypted using a simple substitution cipher.
The bulk of the ciphers used belong to the third group and can, in principle, be unambiguously decrypted. The difficulty of decrypting a cipher from this group will be determined by the complexity of the decryption algorithm used. Therefore, to assess the durability of such a cipher, it is necessary to consider all known decryption algorithms and choose one with minimal labor intensity, i.e. the one that works in this case faster than all the others.
The complexity of this algorithm will characterize the durability of the cipher under study.
It is most convenient to measure the complexity of the decryption algorithm in elementary operations, but a more visual parameter is the time required to open the cipher (it is necessary to specify the technical means that are available to the cryptanalyst). It should not be forgotten that it is quite possible that there is an unknown algorithm at the moment, which can significantly reduce the calculated strength of the cipher. To the great regret of the developers of encryption systems, it is extremely rare to strictly prove using mathematical methods the impossibility of the existence of simple decryption algorithms. A very good result in cryptography is the proof that the complexity of solving the problem of decrypting the cipher under study is equivalent to the complexity of solving some well-known mathematical problem. This conclusion, although it does not give a 100% guarantee, but it allows us to hope that it will be very difficult to significantly lower the assessment of the strength of the cipher in this case.
The means of cryptographic protection of information (SCSI) include:
hardware;
hardware and software;
software tools.
It is assumed that the SCSI are used in some information system in conjunction with mechanisms for implementing and guaranteeing security policy.
It can be said that the SCSI protects objects at the semantic level. At the same time, the objects-parameters of cryptographic transformation are full—fledged objects of an information system and can be objects of some security policy (for example, encryption keys can and should be protected from NSD, public keys for verifying a digital signature - from changes, etc.).
The main reasons for the violation of information security during its processing by the SCSI are:
1. Information leakage through technical channels.
2. Malfunctions in the elements of the SCSI.
3. Working in conjunction with other programs: unintended and intentional influence (cryptoviruses).
4. Human impact.
In this regard, in addition to the built-in user control, it is necessary to monitor the correctness of the development and use of security measures using organizational measures.
The process of synthesis and analysis of the SCSI is characterized by high complexity and labor intensity, since it is necessary to comprehensively take into account the impact of the above threats on the reliability of the implementation of the SCSI. In this regard, in almost all countries with advanced cryptographic technologies, the development of SCSI belongs to the sphere of state regulation.
Government regulation includes, as a rule, licensing of activities related to the development and operation of cryptographic tools, certification of SCSI and standardization of algorithms for cryptographic transformations.
In Russia, the organizational, legal, scientific and technical problems of the synthesis and analysis of SCSI are currently within the competence of the FSB.
The legal side of the development and use of the SCSI is regulated mainly by Decree of the President of the Russian Federation dated 04/03/95 No. 334, taking into account previously adopted legislative and regulatory acts of the Russian Federation.
Additionally, the legislative base is taken into account by the laws "On Federal Government Communications and Information Agencies", "On State Secrets", "On Information, Information Technologies and Information Protection", "On certification of products and services".
Currently, encryption is the only reliable means of protecting the transmission of information.