Cryptographic methods of information protection. Cryptography. Classification of ciphers and their features

Cryptology (from the Greek cryptos - secret and logos - word) is a science that deals with encryption and decryption. Cryptology consists of two parts - cryptography and cryptanalysis. Cryptography is the science of constructing cryptographic systems used to protect information. Cryptanalysis is the science of methods for analyzing cryptographic systems, the purpose of the analysis is to develop methods for disclosing information protected by a cryptosystem. Throughout the history of mankind, the main factor in the development of cryptology has been the confrontation between methods of protecting information and methods of disclosing it.

Basic tasks of cryptography

Currently, cryptographic functions are used to solve the following information security problems:
1. Ensuring the confidentiality of information.
2. Ensuring information integrity.
3. Authentication of information.
4. Certification of authorship in relation to a message or document.
5. Ensuring that information is not traceable.

Basic concepts of cryptography.

Cryptography- an independent science with a special subject of research and specific research methods, and, undoubtedly, this science is of a mathematical nature. The variety of connections between cryptology and mathematics most clearly manifested itself in the twentieth century. The publication of K. Shannon’s fundamental work “The Theory of Communications in Secret Systems” had a great influence on this. However, even before this event, the history of cryptology was marked by remarkable scientific works and practical contributions to cryptanalytic developments by many mathematicians, such as L. B. Alberti (XV century), B. Vigenère, F. Vieta (XVI-XVII centuries), L. Euler (XVIII century), etc.

Modern cryptology

Modern cryptology is based on many mathematical disciplines: linear algebra, theory of groups, semigroups, theory of automata, mathematical analysis, theory discrete functions, number theory, combinatorial analysis, probability theory and mathematical statistics, coding theory, information theory, computational complexity theory... To complete the description of the scientific foundations of cryptology, physical and engineering sciences should be mentioned, such as communication theory, electromagnetic field theory, quantum physics, computer science, etc. Research methods in cryptography and cryptanalysis are largely similar, but the tasks of these sections of cryptology differ significantly.

Cryptographic system

A cryptographic system is used to solve various problems of information protection by relevant actors or parties, while a certain order of interaction between the parties is established, called a cryptographic protocol. The family of cryptographic functions, together with the cryptographic protocols used, form a cryptosystem (cryptographic system). The functions of the cryptosystem depend on the parameter k, called the cryptosystem key. The key of a cryptosystem belongs to a finite set of valid key values, which is called the key set of the cryptosystem. The chosen key k uniquely determines the cryptographic function of the cryptosystem.

Cryptosystem key

The practical use of a cryptosystem key involves the implementation of the so-called key life cycle, i.e. performing such actions with the key as generation, distribution (distribution) between users, storage, installation (for the purpose of implementation when this key cryptographic function for protecting information), changing and destroying keys. Protocols governing life cycle keys are called key protocols. The key set and key protocols form the key subsystem of the cryptographic system. Depending on the tasks of information protection, cryptographic systems that perform these tasks are distinguished. To ensure the confidentiality of information, an encryption system is used that implements the family E bijective functions of a set of messages, called a cipher: E=(), kK.

Authentication of parties

An identification system is used to authenticate the parties to the protocol, an imitation protection system is used to authenticate messages, and an electronic system is used to ensure non-repudiation of authorship. digital signature(EDS).
The message to which the cryptographic cipher function is applied is called plaintext, and the application of the cipher function to plaintext is called encryption or encrypting. The result of plaintext encryption is called a ciphertext or cryptogram.
Cipher E can be considered as a family of mappings , bijective in the first variable, where X* And Y*- respectively, a set of open and encrypted texts. The bijectivity of the cipher functions makes it possible to reconstruct the plaintext from the ciphertext. Applying a reverse mapping to a cryptogram using a known key is called decryption.
The disclosure by a cryptanalyst of information protected by a cipher is called decryption (the decryption key is unknown to the cryptanalyst, i.e. it is unknown which mapping from family E was used for encryption). A method developed by a cryptanalyst to reveal a cipher or information protected by a cipher is called a cryptanalytic attack.

Durability

The ability of a cryptosystem to withstand attacks by a cryptanalyst is called its cryptographic strength. As a rule, the cryptographic strength of a system is measured by the computational and time costs sufficient to break it, in some cases - by the amount of material costs.
Based on their strength, cryptographic systems are classified into systems of temporary strength and guaranteed strength. The latter provide information protection for a long time, despite the efforts of an intruder who has significant material, intellectual and computing resources. Therefore, a guaranteed strength cryptosystem must be able to implement a large number of various functions, otherwise classified information can be revealed using a total search of decryption functions. Moreover, the design of a system of guaranteed resistance must link any attempt to hack it with the inevitable solution of a time-consuming task, namely, a task that cannot be solved using the most advanced modern technologies within a practicable time period.

Classification of cryptosystems.

According to the principles of using keys, cryptosystems are divided into systems with a secret and public key.

Symmetric cryptosystems

Secret key systems(main article "Symmetric Cryptosystem") have been used for several thousand years to the present day and are based on the classical principle of ensuring confidentiality and information: namely, on the secrecy of the key used for everyone except those authorized to access the information. Such cryptosystems are also called symmetric due to the fact that the keys used in them to implement forward and reverse cryptographic functions have a certain symmetry (they often coincide). Information protection using symmetric cryptosystems is ensured by the secrecy of the key.

Currently, symmetric ciphers are:

Block ciphers. Process information in blocks of a certain length (usually 64, 128 bits), applying a key to the block in in the prescribed manner, usually through several cycles of shuffling and substitution, called rounds. The result of repeating rounds is an avalanche effect - an increasing loss of bit correspondence between blocks of open and encrypted data.

stream ciphers, in which encryption is carried out on each bit or byte of the original (plain) text using gamma. A stream cipher can be easily created based on a block cipher (for example, GOST 28147-89 in gamma mode), launched in a special mode.

Most symmetric ciphers use a complex combination large quantity substitutions and permutations. Many such ciphers are executed in several (sometimes up to 80) passes, using a “pass key” on each pass. The set of "pass keys" for all passes is called a "key schedule". As a rule, it is created from a key by performing certain operations on it, including permutations and substitutions.

A typical way to construct symmetric encryption algorithms is the Feistel network. The algorithm builds an encryption scheme based on the function F(D, K), Where D- a piece of data half the size of the encryption block, and K- “pass key” for a given passage. The function is not required to be invertible - its inverse function may be unknown. The advantages of the Feistel network are the almost complete coincidence of decryption with encryption (the only difference is the reverse order of the “pass keys” in the schedule), which greatly facilitates the hardware implementation. The permutation operation mixes the message bits according to a certain law. In hardware implementations, it is trivially implemented as wire reversal. It is the permutation operations that make it possible to achieve the “avalanche effect.”

The permutation operation is linear -

f(a) xor f(b) == f(a xor b)

Substitution operations are performed as replacing the value of some part of the message (often 4, 6 or 8 bits) with a standard, hard-wired number in the algorithm by accessing a constant array. The substitution operation introduces nonlinearity into the algorithm.

Often the strength of an algorithm, especially against differential cryptanalysis, depends on the choice of values in the lookup tables ( S-blocks). At a minimum, the presence of fixed elements is considered undesirable S(x) = x, as well as the absence of influence of some bit of the input byte on some bit of the result - that is, cases when the result bit is the same for all pairs of input words that differ only in this bit.

Public key cryptosystem

Public key systems(main article “Asymmetric cryptosystem”) were proposed by American cryptographers Diffie and Hellman in 1975; they are currently actively used to protect information. Another name for them is asymmetric systems, since in them the encryption and decryption keys are not related by an explicit relationship of symmetry or equality. The encryption key may be public, known to everyone, but the message can only be decrypted by a user who has a secret decryption key, which, to avoid confusion with the key of a symmetric system, is usually called a private key. Calculating the decryption key from the encryption key, i.e. cipher disclosure, linked to the solution mathematical problems, characterized by high complexity of the solution. Such problems include, for example, the problem of finding divisors of a large natural number and the problem of logarithm in finite fields of large order. The idea of public key cryptography is very closely related to the idea of one-way functions, that is, functions f(x), that given a known x it’s quite easy to find the value f(x), whereas the definition x from f(x) impossible within a reasonable time.

Let K- key space, a e And d- encryption and decryption keys, respectively. E- encryption function for a random key eϵK, such that:

E(m)=c

Here cϵC, Where C is the ciphertext space, and mϵM, Where M- message space. D - decryption function, which can be used to find the original message m, knowing the ciphertext c:

D(c)=m

(E: eϵK)- encryption set, and (D: dϵK)- corresponding set for decryption. Each pair (E, D) has the property: knowing E, it is impossible to solve the equation E(m)=c, that is, for a given arbitrary ciphertext cϵC, message cannot be found mϵM. This means that given e it is impossible to determine the corresponding decryption key d. E is a one-way function, and d- a loophole. Below is a diagram of the transfer of information from person A to person B. They can be like individuals, and organizations and so on. But for easier perception, it is customary to identify the program participants with people most often referred to as Alice and Bob. The participant who seeks to intercept and decrypt Alice and Bob's messages is most often called Eve.

Encryption - conversion method open information to closed and back. Used for storage important information in unreliable sources or transmitted through unsecured communication channels. According to GOST 28147-89, encryption is divided into the process of encrypting and decrypting.

Depending on the data conversion algorithm, encryption methods are divided into guaranteed or temporary cryptographic strength.

If the security of an algorithm is based on keeping the algorithm itself secret, it is a restricted algorithm. Limited algorithms are of historical interest only, but they do not meet today's robustness requirements. A large or changing group of users cannot use such algorithms, since whenever a user leaves the group, its members must switch to a different algorithm. The algorithm must be replaced and if someone from the outside accidentally learns the secret.

Also, limited algorithms do not allow for quality control or standardization. Each user group should have its own unique algorithm. Despite these major disadvantages, constrained algorithms are extremely popular for applications with low level security. Users either do not understand or do not care about the security issues associated with their systems.

Modern cryptography solves these problems using the key K (Figure 2.3). Such a key can be any value selected from a large set. The set of possible keys is called the key space.

Figure 2.3 - Operating principle of key encryption systems

Currently, the following encryption methods can be distinguished depending on the structure of the keys used.

1. Symmetric encryption - to strangers the encryption algorithm may be known, but some secret information is unknown - the key is the same for the sender and recipient of the message.

2. Asymmetric encryption - unauthorized persons may know the encryption algorithm, and possibly public key, but the private key is unknown, known only to the recipient.

For these methods, the following cryptographic primitives can be distinguished.

Keyless:

Hash functions are the transformation of an input data array of arbitrary length into an output bit string of a fixed length. Such transformations are also called convolution functions, and their results are called a hash, hash code, or message digest;

One-way permutations are primitive substitutions of other characters included in the alphabet or from a specially created other alphabet, based on a predetermined secret algorithm for replacing characters.

Symmetrical schemes:

Ciphers (block, stream) - an encryption method in which the same cryptographic key is used for encryption and decryption. The algorithm key must be kept secret by both parties. The encryption algorithm is selected by the parties before the exchange of messages;

Hash functions - similar to keyless ones, but based on a predetermined key;

Pseudo-random number generators are an algorithm that generates a sequence of numbers whose elements are almost independent of each other and obey a given distribution (usually uniform). The distribution is determined based on a predefined key;

Identification primitives are any identifier, such as text, image, radio signal, etc., that are translated according to a specific key and compared to a reference or identifier requirements to determine their validity.

Asymmetrical schemes:

Ciphers are an encryption system in which a public key is transmitted over a public (that is, unsecured, observable) channel and is used to encrypt a message. Used to decrypt a message secret key;

EDS - details electronic document, which allows you to establish the absence of distortion of information in an electronic document from the moment of formation of the digital signature and verify that the signature belongs to the owner of the certificate EDS key. The value of the details is obtained as a result of cryptographic transformation of information using the private digital signature key;

Identification primitives.

In accordance with the tasks performed to protect information, two main classes of cryptographic systems can be distinguished:

cryptosystems that ensure the secrecy of information;
cryptosystems that ensure the authenticity of information.

This division is due to the fact that the task of protecting the secrecy of information (keeping it secret) is fundamentally different from the task of protecting the authenticity of information, and therefore must be solved by other cryptographic methods.

The classification of cryptosystems in accordance with the tasks they perform to protect information is presented in Fig. 10.1.

Cryptosystems that ensure the secrecy of information are divided into encryption systems and cryptographic information coding systems.

Information encryption systems are historically the very first cryptographic systems. For example, in one of the first works on the art of war, written by Aeneas Tacticus, in the chapter “On Secret Messages,” the principles of the construction and use of information encryption tools were described in ancient Sparta (IV century BC). The Spartans used the so-called scytale, a mechanical encoder in the form of a cylinder, to transmit messages from theaters of war. When encrypting, the message was written down letter by letter on a narrow tape wound on a scythe along the generatrix of this cylinder. After this, the tape was unwound and arbitrary letters were written in between. The key unknown to the opposing side was the diameter of the wanderer. It is interesting to note that the first name of a cryptanalyst that has come down to us is also associated with the wanderer: Aristotle proposed winding an intercepted tape with an encrypted message on a cone, and the place where a meaningful phrase appeared determined the unknown diameter of the wanderer (the key of the encryption system).

In general, encryption of a message (information) is a reversible transformation of a message, independent of the message itself, in order to hide its content. An encrypted message is called a ciphergram. The conversion of a message into a ciphergram is described by the encryption function; the transformation of a ciphergram into a message is described by the decryption function.

Another method of ensuring the secrecy of information is cryptographic coding. Cryptographic encoding of information is, in general, the conversion of messages into codograms using a key, depending on the messages themselves, in order to hide their content. Cryptographic information coding systems are cryptographic systems in which the protection of information using a key is based on the use of its redundancy. The term "cryptographic coding" is used to emphasize the difference between this type of cryptographic transformation and other types of non-cryptographic information transformations, such as error-correcting coding and efficient coding(chapters 4 and 5).

Cryptosystems for information authentication are designed to control its authenticity, but in some cases they can effectively ensure control of message integrity under various destructive influences.

This class of cryptosystems can be divided, depending on the problem being solved, into systems for authenticating information (messages) and systems for authenticating information sources (correspondents, users, networks, systems, etc.). Information authentication methods vary depending on the conditions for ensuring the authenticity of the information.

Let's consider an example when it is necessary to verify the authenticity of information transmitted from the sender to its recipient, who unconditionally trust each other; users cannot deceive each other and only an external intruder can distort information. Message authentication cryptosystems for such conditions use the generation and verification of simulated message inserts. In accordance with GOST 28147-89, an imitative insert is a piece of information of a fixed length, obtained according to a certain rule from open data and a key, and added to the encrypted data to ensure imitative protection. Imitation protection of messages is their transformation to protect against the imposition by the violator of false and previously transmitted messages. The recipient of an encrypted message and its imitative insertion, having the same secret key, is able to re-form the imitative insertion from the decrypted message and, if it matches the received imitative insertion from the communication channel, make sure that there are no distortions.

In the case where it is necessary to verify the authenticity of information transmitted from a sender to its recipient who does not trust each other, authentication cryptosystems based on imitations are not effective.

The authenticity of information in conditions of mutual distrust of the parties can be ensured using the so-called digital signature of the message, generated by the sender and verified by the recipient of the message. The inability of the sender to perform any actions for the recipient and the recipient for the sender when using a digital signature of a message is due to the fact that they use various key information to generate and verify the digital signature. Most cryptographic systems and object authentication protocols are built on the basis of digital message signature cryptosystems.

Cryptosystems that ensure the availability of information are currently not an independent class and are built on the basis of principles borrowed from information authentication cryptosystems and information security cryptosystems.

So a brief review possible methods information protection indicates that many information protection problems are most effectively solved by cryptographic methods, and a number of problems can generally be solved only using cryptographic methods information protection.

Federal Agency for Education

State Educational Institution of Higher Professional Education "Samara State University"

Faculty of Mechanics and Mathematics

Department of Information Systems Security

Speciality " computer security»

Cryptographic methods of information protection

Completed by student

course 1 groups 19101.10

Grishina Anastasia Sergeeva

________

Scientific supervisor

senior lecturer

Panfilov A.G.

________

Samara 2013

Introduction

Cryptology as a science and its basic terms

Classification of cryptosystems

Requirements for cryptosystems

Kergosff's principle

Basic modern encryption methods

Key management

Conclusion

Introduction

From the very beginning of human history, the need to transmit and store information arose.

A well-known expression says: “Who owns the information, owns the world.” Issues of information security have always faced humanity.

Information is used by all people without exception. Each person decides for himself what information he needs to receive, what information should not be available to others, etc. It’s easy for a person to store information that is in his head, but what if the information is entered into the “brain of a machine” to which many people have access. In the process of the scientific and technological revolution, new ways of storing and transmitting information appeared and, of course, people began to need new means of protecting information.

The main protections used to create a security mechanism include the following.

Technical means are implemented in the form of electrical, electromechanical and electronic devices. The entire set of technical means is divided into hardware and physical. Hardware is usually understood as equipment or devices that are interfaced with such equipment according to standard interface. For example, a system for identifying and restricting access to information (through passwords, recording codes and other information on various cards). Physical means are implemented in the form of autonomous devices and systems. For example, locks on doors where equipment is located, bars on windows, uninterruptible power supplies, electromechanical security alarm equipment. Thus, there are external security systems (Raven, GUARDWIR, FPS, etc.), ultrasonic systems (Cyclops, etc.), beam interruption systems (Pulsar 30V, etc.), television systems (VM216, etc. ), radar systems (“VITIM”, etc.), equipment tamper detection system, etc.

Software tools represent software, specifically designed to perform information security functions. This group of tools includes: an encryption mechanism (cryptography is a special algorithm that is triggered by a unique number or bit sequence, usually called an encryption key; then encrypted text is transmitted over communication channels, and the recipient has his own key to decrypt the information), a digital signature mechanism, mechanisms access control, mechanisms for ensuring data integrity, scheduling mechanisms, routing control mechanisms, arbitration mechanisms, anti-virus programs, archiving programs (for example, zip, rar, arj, etc.), protection for input and output of information, etc.

Organizational means protection are organizational, technical and organizational-legal measures carried out in the process of creating and operating computer technology and telecommunications equipment to ensure information protection. Organizational measures cover all structural elements of equipment at all stages of their life cycle (construction of premises, design of a computer information system for banking, installation and commissioning of equipment, use, operation).

Moral and ethical means of protection are implemented in the form of all kinds of norms that have developed traditionally or are being developed as computer technology and communications spread in society. These norms are mostly not mandatory as legislative measures, but failure to comply with them usually leads to a loss of authority and prestige of a person. The most significant example of such standards is the Code of Professional Conduct for Members of the US Computer Users Association.

Legislative remedies are determined by the legislative acts of the country, which regulate the rules for the use, processing and transmission of restricted information and establish penalties for violating these rules.

Let us dwell in more detail on information security software, or more precisely on cryptographic methods of information security.

Cryptology as a science and its basic terms

The science that deals with secure communications (i.e., through encrypted messages) is called cryptology(kryptos - secret, logos - science). It, in turn, is divided into two directions cryptography And cryptanalysis.

Cryptography - creation science safe methods communications, about the creation of strong (break-resistant) ciphers. She is searching for mathematical methods for converting information.

Cryptanalysis - This section is devoted to the study of the possibility of reading messages without knowing the keys, i.e. it is directly related to breaking ciphers. People who do cryptanalysis and research on ciphers are called cryptanalysts.

Cipher- a set of reversible transformations of a set of plaintexts (i.e., the original message) into a set of encrypted texts, carried out for the purpose of protecting them. The specific type of transformation is determined using the encryption key.

Let's define a few more concepts that need to be learned in order to feel confident. Firstly, encryption- the process of applying a cipher to plaintext. Secondly, decryption- process reverse application cipher to ciphertext. And thirdly, decryption- an attempt to read encrypted text without knowing the key, i.e. breaking a ciphertext or cipher. The difference between decryption and decryption should be emphasized here. The first action is carried out legitimate user, who knows the key, and the second - a cryptanalyst or a powerful hacker.

Cryptographic system- a family of cipher transformations and a set of keys (i.e. algorithm + keys). The description of the algorithm itself is not a cryptosystem. Only when supplemented with key distribution and management schemes does it become a system. Examples of algorithms - descriptions of DES, GOST 28.147-89. Supplemented with key generation algorithms, they turn into cryptosystems. Typically, the description of the encryption algorithm already includes all the necessary parts.

Classification of cryptosystems

Modern cryptosystems are classified as follows:

Cryptosystems can ensure not only the secrecy of transmitted messages, but also their authenticity (authenticity), as well as confirmation of the user’s authenticity.

Symmetric cryptosystems (with a secret key - secret key systems) - These cryptosystems are built on the basis of keeping the encryption key secret. The encryption and decryption processes use the same key. The secrecy of the key is a postulate. The main problem when using symmetric cryptosystems for communication is the difficulty of transmitting the secret key to both parties. However, these systems have high performance. Disclosure of a key by an attacker threatens to reveal only the information that was encrypted on this key. American and Russian encryption standards DES and GOST 28.147-89, candidates for AES - all these algorithms are representatives of symmetric cryptosystems.

Asymmetric cryptosystems (open encryption systems - o.sh., with a public key, etc. - public key systems ) - the meaning of these cryptosystems is that different transformations are used for encryption and decryption. One of them - encryption - is absolutely open to everyone. The other thing - decryption - remains secret. Thus, anyone who wants to encrypt anything uses an open transform. But only those who own the secret transformation can decipher and read it. Currently, in many asymmetric cryptosystems, the type of transformation is determined by the key. That is, the user has two keys - private and public. The public key is published in a public place, and anyone who wants to send a message to this user encrypts the text with the public key. Only the named user with the secret key can decrypt it. Thus, the problem of transmitting the secret key disappears (as in symmetric systems). However, despite all their advantages, these cryptosystems are quite labor-intensive and slow. The strength of asymmetric cryptosystems is based mainly on the algorithmic difficulty of solving any problem in an acceptable time. If an attacker manages to construct such an algorithm, then the entire system and all messages encrypted using this system will be discredited. This is the main danger of asymmetric cryptosystems, as opposed to symmetric ones. Examples - o.sh. systems RSA, O.S. system Rabin, etc.

Requirements for cryptosystems

P The process of cryptographic data closure can be carried out both in software and in hardware. The hardware implementation is significantly more expensive, but it also has advantages: high performance, simplicity, security, etc. The software implementation is more practical and allows for a certain flexibility in use. The following generally accepted requirements are formulated for modern cryptographic information security systems:

the encrypted message must be readable only if the key is available;

the number of operations required to determine the used encryption key from a fragment of an encrypted message and the corresponding plaintext must be no less than the total number of possible keys;

the number of operations required to decrypt information by trying all possible keys must have a strict lower bound and go beyond the limits of possibilities modern computers(taking into account the possibility of using network computing);

knowledge of the encryption algorithm should not affect the reliability of the protection;

a slight change in the key should lead to a significant change in the appearance of the encrypted message, even when using the same key;

the structural elements of the encryption algorithm must be unchanged;

additional bits introduced into the message during the encryption process must be completely and securely hidden in the ciphertext;

the length of the ciphertext must be equal to the length of the original text;

there should be no simple and easily established dependencies between the keys used sequentially in the encryption process;

any key from the set of possible ones must provide reliable protection information;

the algorithm must allow both software and hardware implementation, while changing the key length should not lead to a qualitative deterioration of the encryption algorithm.

Kergosff's principle

Kerkhoffs principle - a rule for the development of cryptographic systems, according to which only a certain set of algorithm parameters, called a key, are kept secret, and the remaining details can be opened without reducing the strength of the algorithm below acceptable values. In other words, when assessing the strength of encryption, it is necessary to assume that the enemy knows everything about the encryption system used except the keys used.

This principle was first formulated in the 19th century by the Dutch cryptographer Auguste Kerkhoffs. Shannon formulated this principle (probably independently of Kerkhoffs) as follows: “the enemy can know the system.” Widely used in cryptography.

General information

Essence of the principle is that the fewer secrets a system contains, the higher its security. So, if the loss of any of the secrets leads to the destruction of the system, then a system with fewer secrets will be more reliable. The more secrets a system contains, the more unreliable and potentially vulnerable it is. The fewer secrets there are in the system, the higher its strength.

Kerkhoffs principle aims to make the security of algorithms and protocols independent of their secrecy; openness should not affect security.

Most widely used encryption systems, in accordance with the Kerkhoffs principle, use known, non-secret cryptographic algorithms. On the other hand, ciphers used in government and military communications are generally classified; thus creating an “additional line of defense.”

Kerkhoffs' six demands

The requirements for a cryptosystem were first set out in Kerkhoffs’s book “Military Cryptography” (published in 1883). The six basic requirements for a cryptosystem, all of which still determine the design of cryptographically strong systems, translated from French are as follows:

the cipher must be physically, if not mathematically, unbreakable

the system should not require secrecy in case it falls into the hands of the enemy

the key should be simple, stored in memory without writing it down on paper, and easily changed at the request of correspondents

the ciphertext should [without problems] be transmitted by telegraph

the encryption device should be easily portable; working with it should not require the help of several people

the encryption machine should be relatively easy to use and not require significant mental effort or compliance with a large number of rules

The second of these requirements became known as the “Kerkhoffs principle”.

Also important, the first strictly formulated conclusion of “Military Cryptography” is the assertion of cryptanalysis as the only true way to test ciphers.

Basic modern encryption methods

Among the various encryption methods, the following main methods can be distinguished:

Replacement or substitution algorithms - characters of the source text are replaced with characters of another (or the same) alphabet in accordance with a predetermined scheme, which will be the key of this cipher. Separately, this method is practically not used in modern cryptosystems due to its extremely low cryptographic strength.

Permutation algorithms - characters of the original text are swapped according to a certain principle, which is the secret key. The permutation algorithm itself has low cryptographic strength, but is included as an element in many modern cryptosystems.

Gamma algorithms - the characters of the source text are added to the characters of a certain random sequence. The most common example is the encryption of files “username.рwl”, in which the operating system Microsoft Windows 95 stores passwords to network resources of this user (passwords for logging into NT servers, passwords for DialUр Internet access, etc.). When a user enters their password when logging into Windows 95, a gamma (always the same) is generated from it using the RC4 encryption algorithm, which is used for encryption network passwords. The simplicity of password selection in this case is due to the fact that Windows always prefers the same color scheme.

Algorithms based on complex mathematical transformations of the source text according to a certain formula. Many of them use unsolved math problems. For example, the RSA encryption algorithm widely used on the Internet is based on the properties of prime numbers.

Combined methods. Sequential encryption of the source text using two or more methods.

Key management

In addition to choosing a cryptographic system suitable for a particular IS, an important issue is key management. No matter how complex and reliable the cryptosystem itself is, it is based on the use of keys. If to ensure confidential exchange of information between two users the process of exchanging keys is trivial, then in an information system where the number of users is tens and hundreds, key management is a serious problem.

Under key information is understood as the totality of all keys operating in the IS. If sufficiently reliable management of key information is not ensured, then having taken possession of it, the attacker gains unlimited access to all information.

Key management - information process, which includes three elements:

* key generation;

* accumulation of keys;

* key distribution.

Let's consider how they should be implemented in order to ensure the security of key information in the information system.

Key generation

At the very beginning of the conversation about cryptographic methods, it was said that you should not use non-random keys in order to make them easier to remember. Serious ICs use special hardware and software methods generating random keys. As a rule, PSCH sensors are used. However, the degree of randomness of their generation should be quite high. Ideal generators are devices based on “natural” random processes. For example, serial samples of key generation based on white radio noise. Another random mathematical object is the decimal places of irrational numbers, such as  or e, which are calculated using standard mathematical methods.

In ICs with average security requirements, software key generators that calculate the PRSP as a complex function of the current time and (or) number entered by the user are quite acceptable.

Key accumulation

Under accumulation of keys refers to the organization of their storage, accounting and disposal.

Since the key is the most attractive object for an attacker, opening the way to confidential information, special attention should be paid to the accumulation of keys.

Private keys should never be written explicitly on a medium that can be read or copied.

In a fairly complex information system, one user can work with a large amount of key information, and sometimes there is even a need to organize mini-databases of key information. Such databases are responsible for accepting, storing, recording and deleting used keys.

So, each information about the keys used must be stored in encrypted form. Keys that encrypt key information are called master keys. It is advisable that each user knows the master keys by heart and does not store them on any tangible media at all.

A very important condition for information security is the periodic updating of key information in the IS. In this case, both regular keys and master keys must be reassigned. In especially critical information systems, it is advisable to update key information daily.

The issue of updating key information is also related to the third element of key management - key distribution.

Key distribution

Key distribution is the most critical process in key management. There are two requirements for it:

Efficiency and accuracy of distribution

Secrecy of distributed keys.

Recently, there has been a noticeable shift towards the use of public key cryptosystems, in which the problem of key distribution is eliminated. Nevertheless, the distribution of key information in information systems requires new effective solutions.

Distribution of keys between users is implemented in two different approaches:

1. By creating one or several key distribution centers. The disadvantage of this approach is that the distribution center knows who is assigned what keys and this makes it possible to read all messages circulating in the IS. Possible abuses have a significant impact on protection.

2. Direct key exchange between users of the information system. The challenge then is to reliably authenticate the subjects.

In both cases, the authenticity of the communication session must be guaranteed. This can be achieved in two ways:

1. Request-response mechanism which is as follows. If user A wants to be sure that the messages he receives from B are not false, he includes an unpredictable element (request) in the message he sends to B. When responding, user B must perform some operation on this element (for example, add 1). This cannot be done in advance, since it is not known what random number will come in the request. After receiving a response with the results of the actions, User A can be sure that the session is genuine. The disadvantage of this method is the possibility of establishing an albeit complex pattern between the request and the response.

2. Time stamp mechanism. It involves recording the time for each message. In this case, each IS user can know how “old” the incoming message is.

In both cases, encryption should be used to ensure that the response was not sent by an attacker and that the timestamp has not been altered.

When using timestamps, there is a problem with the acceptable delay time interval for verifying the authenticity of a session. After all, a message with a “time stamp” cannot, in principle, be transmitted instantly. In addition, the computer clocks of the recipient and the sender cannot be absolutely synchronized. What delay in the “stamp” is considered suspicious?

Therefore, in real information systems, for example, in credit card payment systems, it is the second mechanism for establishing authenticity and protecting against counterfeiting that is used. The interval used is from one to several minutes. A large number of known methods of theft electronic money, is based on “wedging” into this gap with false requests to withdraw money.

Public key cryptosystems can be used to exchange keys using the same RSA algorithm.

Conclusion

With the penetration of computers into various spheres of life, a fundamentally new branch of the economy arose - the information industry. Since then, the volume of information circulating in society has been steadily increasing according to an exponential law - it approximately doubles every five years. In fact, on the threshold of the new millennium, humanity has created an information civilization in which the very well-being and even survival of humanity in its current quality depends on the successful operation of information processing tools.

the nature of information interactions has become extremely complicated, and along with the classic task of protecting transmitted text messages from unauthorized reading and distortion, new problems in the field of information security have arisen that were previously faced and solved within the framework of the “paper” technologies used - for example, signing an electronic document and delivering an electronic document " against receipt" - talk about such "new" problems of cryptography is still ahead;

The subjects of information processes are now not only people, but also the automatic systems created by them, operating according to the program embedded in them;

The computing “capabilities” of modern computers have raised to a completely new level both the ability to implement ciphers, previously unthinkable due to their high complexity, and the ability of analysts to break them.

The changes listed above led to the fact that very quickly after the spread of computers in the business sphere, practical cryptography made a huge leap in its development, and in several directions at once.

I believe that there is no doubt about the relevance of the problem raised. Cryptology is now faced with the urgent task of protecting information from harmful effects, and therefore to protect humanity.

Read also:

B. Interaction with benzodiazepine receptors, causing activation of the GABAergic system
Stage I – objective-centric system of 4-10 lenses for direct examination of the object and the formation of an intermediate image located in front of the eyepiece.
I. LEASING LOAN: CONCEPT, HISTORY OF DEVELOPMENT, FEATURES, CLASSIFICATION
I. Typical contracts, main responsibilities and their classification
II. Mastering the technique of microscopy with an immersion system.
II. Light space and lighting system in Ukraine.

There are several classification schemes for crypto-algorithms, each of which is based on a group of characteristic features. Thus, the same algorithm “passes” through several schemes at once, ending up in one of the subgroups in each of them. There are different opinions on the classification of cryptoalgorithms.

The basic classification scheme for all cryptographic algorithms is as follows:

1. Secret writing

2. Key cryptography

2.1. Symmetric cryptoalgorithms

2.1.1. Permutation ciphers

2.1.2. Substitution ciphers

2.1.2.1. Easy replacement

2.1.2.2. Difficult replacement

2.1.3. Complex (compound) ciphers

2.2. Asymmetric cryptoalgorithms

2.3. Combined (hybrid) cryptosystems

Secret writing - The sender and the recipient make transformations on the message that are known only to both of them. The encryption algorithm itself is unknown to third parties. Some experts believe that secret writing is not cryptography at all, and the author finds this completely fair.

Key cryptography - The algorithm for influencing the transmitted data is known to all third parties, but it depends on a certain parameter - the “key”, which only the sender and recipient have.

1. Symmetric cryptoalgorithms.
The same key is used to encrypt and decrypt a message.

2. Asymmetric cryptoalgorithms .
The algorithm is such that to encrypt a message, one (“public”) key is used, known to everyone, and to decrypt it, another (“private”) key is used, which exists only with the recipient.

IN symmetric cryptosystem the secret key must be transmitted to the sender and recipient via a secure key distribution channel, such as courier service. There are other ways to distribute secret keys, these will be discussed later. In an asymmetric cryptosystem, only the public key is transmitted over an insecure channel, and the secret key is stored at the place where it was generated.

All further material will be devoted to key cryptography, since most specialists use the term cryptography in relation to these cryptographic algorithms, which is quite justified. So, for example, any crypto-algorithm with a key can be turned into cryptography by simply “sewing” it into source code programs some fixed key. The reverse transformation is almost impossible.

Depending on the nature of the actions performed on the data, algorithms are divided into:

1. Permutational
Blocks of information (bytes, bits, larger units) do not change themselves, but their order changes, which makes the information inaccessible to an outside observer.

2. Wildcards (replacements)
The blocks of information themselves change according to the laws of the cryptoalgorithm. The vast majority modern algorithms belongs to this group.

Please note: any cryptographic transformations do not increase the amount of information, but only change its presentation. Therefore, if an encryption program significantly (by more than the length of the header) increases the size of the output file, then it is based on a non-optimal, and possibly even incorrect, cryptographic algorithm. Reducing the volume of an encoded file is only possible if there is a built-in archiving algorithm in the cryptosystem and provided that the information is compressible (for example, archives, music files MP3 format, video images JPEG format will not shrink by more than 2-4%.

Depending on the size of the information block, cryptographic algorithms are divided into:

1. Stream ciphers.
The encoding unit is one bit or one byte. The encoding result does not depend on the previous input stream. The scheme is used in systems for transmitting information flows, that is, in cases where the transmission of information begins and ends at arbitrary points in time and can be accidentally interrupted. The most common types of stream ciphers are scramblers.