Cryptographic means of protecting information. Information security mechanisms

12.08.2019 Programs

Cryptographic information protection - information protection by means of its cryptographic transformation.

Cryptographic techniques are currently basic to ensure reliable authentication of the parties to information exchange, protection.

TO means of cryptographic information protection(CIPF) includes hardware, software and hardware and software that implement cryptographic algorithms for transforming information in order to:

Protection of information during its processing, storage and transmission;

Ensuring the reliability and integrity of information (including using digital signature algorithms) during its processing, storage and transmission;

Generation of information used to identify and authenticate subjects, users and devices;

Generation of information used to protect the authenticating elements of the protected AS during their generation, storage, processing and transmission.

Cryptographic techniques include encryption and encoding of information... There are two main encryption methods: symmetric and asymmetric. In the first, the same key (kept secret) is used for both encryption and decryption of data.

Very effective (fast and reliable) symmetric encryption methods have been developed. There is also a national standard for such methods - GOST 28147-89 “Information processing systems. Cryptographic protection. Algorithm for cryptographic transformation ".

Asymmetric methods use two keys. One of them, unclassified (it can be published together with other public information about the user), is used for encryption, the other (secret, known only to the recipient) - for decryption. The most popular of the asymmetric is the RSA method, based on operations on large (100-digit) primes and their products.

Cryptographic methods allow you to reliably control the integrity of both individual pieces of data and their sets (such as message flow); determine the authenticity of the data source; to guarantee the impossibility to refuse the committed actions ("non-repudiation").

Cryptographic integrity control is based on two concepts:

Electronic signature (ES).

A hash function is a hard-to-reverse data transformation (one-way function), usually implemented by means of symmetric block-binding encryption. The encryption result of the last block (depending on all previous ones) is the result of the hash function.

Cryptography as a means of protecting (closing) information is becoming increasingly important in commercial activities.

To transform information, various encryption tools are used: means of encrypting documents, including portable ones, means of encrypting speech (telephone and radio communications), means of encrypting telegraph messages and data transmission.

To protect commercial secrets on the international and domestic markets, various technical devices and sets of professional encryption and crypto protection equipment for telephone and radio communications, business correspondence, etc. are offered.

Scramblers and maskers have become widespread, replacing the speech signal with digital data transmission. Means of protection for teletypes, telexes and faxes are produced. For these purposes, encryptors are used, made in the form of separate devices, in the form of attachments to devices or built into the design of telephones, fax modems and other communication devices (radio stations and others). To ensure the accuracy of transmitted electronic messages, electronic digital signatures are widely used.

Confidentiality of information is characterized by such seemingly opposite indicators as availability and secrecy. Methods to make information available to users are discussed in section 9.4.1. In this section, we will consider ways to ensure the secrecy of information. This property of information is characterized by the degree of masking of information and reflects its ability to resist disclosing the meaning of information arrays, determining the structure of the stored information array or carrier (carrier signal) of the transmitted information array and establishing the fact of transmission of the information array through communication channels. In this case, the criteria for optimality are, as a rule,:

minimizing the likelihood of overcoming ("breaking") protection;

maximizing the expected safe time before "breaking" the protection subsystem;

minimization of total losses from protection "hacking" and costs of development and operation of the corresponding elements of the information control and protection subsystem, etc.

In general, the confidentiality of information between subscribers can be ensured in one of three ways:

create an absolutely reliable communication channel between subscribers inaccessible to others;

use a public communication channel, but hide the very fact of information transfer;

use a public communication channel, but transmit information through it in a transformed form, and it must be transformed so that only the addressee can restore it.

The first option is practically unrealizable due to the high material costs for creating such a channel between remote subscribers.

One of the ways to ensure the confidentiality of information transfer is steganography... At present, it represents one of the promising directions for ensuring the confidentiality of stored or transmitted information in computer systems by masking classified information in open files, primarily multimedia.

He is engaged in the development of methods for transforming (encrypting) information in order to protect it from illegal users. cryptography.

Cryptography (sometimes the term cryptology is used) is a field of knowledge that studies cryptography (cryptography) and methods of its disclosure (cryptanalysis). Cryptography is considered a branch of mathematics.

Until recently, all research in this area was only closed, but in the past few years, more and more publications in the open press have begun to appear. In part, the softening of secrecy is due to the fact that it has become impossible to hide the accumulated amount of information. On the other hand, cryptography is increasingly used in civilian industries, which requires disclosure.

9.6.1. Principles of cryptography. The purpose of a cryptographic system is to encrypt a meaningful source text (also called clear text), resulting in a completely meaningless cipher text (ciphertext, cryptogram) as a result. The intended recipient must be able to decrypt (they also say "decrypt") this ciphertext, thus recovering the corresponding plaintext. In this case, the adversary (also called a cryptanalyst) must be unable to reveal the original text. There is an important difference between decrypting (decrypting) and revealing ciphertext.

Cryptographic methods and ways of transforming information are called ciphers... The disclosure of a cryptosystem (cipher) is the result of the work of a cryptanalyst, leading to the possibility of effective disclosure of any plain text encrypted with the help of this cryptosystem. The degree of inability of a cryptosystem to disclose is called its strength.

The issue of the reliability of information security systems is very complex. The fact is that there are no reliable tests to make sure that information is protected reliably enough. Firstly, cryptography has the peculiarity that it often takes several orders of magnitude more money to "break" a cipher than to create it. Consequently, testing a cryptographic protection system is not always possible. Secondly, repeated unsuccessful attempts to overcome the defense does not mean at all that the next attempt will not be successful. The case is not excluded when professionals fought over the cipher for a long time but unsuccessfully, and a newcomer applied a non-standard approach - and the cipher was easy for him.

As a result of such poor provability of the reliability of information security tools, there are a lot of products on the market, the reliability of which cannot be reliably judged. Naturally, their developers praise their work in every way, but they cannot prove its quality, and often this is impossible in principle. As a rule, the unprovability of reliability is also accompanied by the fact that the encryption algorithm is kept secret.

At first glance, the secrecy of the algorithm serves as an additional guarantee of the reliability of the cipher. This is an argument aimed at amateurs. In fact, once an algorithm is known to the developers, it can no longer be considered secret, unless the user and the developer are the same person. In addition, if, due to the incompetence or mistakes of the developer, the algorithm turns out to be unstable, its secrecy will not allow independent experts to check it. The instability of the algorithm will be revealed only when it is already hacked, or even not found at all, because the enemy is in no hurry to brag about his successes.

Therefore, the cryptographer should be guided by the rule first formulated by the Dutchman O. Kerkhoffs: the strength of the cipher should be determined only by the secrecy of the key. In other words, the rule of O. Kerckhoffs is that the entire encryption mechanism, except for the value of the secret key, is a priori considered known to the enemy.

Another thing is that a method of protecting information is possible (strictly speaking, not related to cryptography), when it is not the encryption algorithm that is hidden, but the very fact that the message contains encrypted (hidden in it) information. It is more correct to call such a technique information masking. It will be discussed separately.

The history of cryptography goes back several thousand years. The need to hide what was written appeared in a person almost immediately, as soon as he learned to write. A well-known historical example of a cryptosystem is the so-called Caesar cipher, which is the simple replacement of each letter of the plaintext with the third letter of the alphabet following it (with cyclic hyphenation when necessary). For instance, A was replaced by D,B on the E,Z on the C.

Despite the significant advances in mathematics over the centuries that have passed since the time of Caesar, cryptography did not make significant steps forward until the middle of the 20th century. It had an amateurish, speculative, unscientific approach.

For example, in the XX century, professionals widely used "book" ciphers, in which any mass print edition was used as a key. Needless to say, how easily such ciphers were revealed! Of course, from a theoretical point of view, the "book" cipher looks quite reliable, since the set of it is impossible to sort out manually. However, the slightest a priori information sharply narrows this choice.

By the way, about a priori information. During the Great Patriotic War, as you know, the Soviet Union paid considerable attention to the organization of the partisan movement. Almost every detachment behind enemy lines had a radio station, as well as some kind of communication with the "mainland". The ciphers that the partisans had were extremely unstable - the German decoders deciphered them quickly enough. And this, as you know, resulted in combat defeats and losses. The guerrillas proved to be cunning and resourceful in this area too. The trick was extremely simple. In the original text of the message, a large number of grammatical errors were made, for example, they wrote: "Send three echelon with tons". With the correct decoding, everything was clear for a Russian person. But the cryptanalysts of the enemy turned out to be powerless in front of such a technique: looking over the possible options, they encountered the combination "tnk", which was impossible for the Russian language, and rejected this option as knowingly incorrect.

This seemingly homebrew trick is actually very effective and is often used even now. Random sequences of characters are substituted into the original text of the message in order to confuse brute-force cryptanalytic programs or to change the statistical patterns of the cipher code, which can also provide useful information to the enemy. But on the whole, we can still say that pre-war cryptography was extremely weak and could not claim to be a serious science.

However, the harsh military necessity soon forced scientists to come to grips with the problems of cryptography and cryptanalysis. One of the first significant advances in this area was the German Enigma typewriter, which was actually a mechanical encoder and decoder with a fairly high durability.

At the same time, during the Second World War, the first professional decryption services appeared. The most famous of these is Bletchley Park, a branch of the British intelligence service MI5.

9.6.2. Types of ciphers. All encryption methods can be divided into two groups: secret key ciphers and public key ciphers. The former are characterized by the presence of some information (secret key), the possession of which makes it possible to both encrypt and decrypt messages. Therefore, they are also referred to as single-key. Public key ciphers require two keys to decrypt messages. These ciphers are also called two-key ciphers.

The encryption rule cannot be arbitrary. It must be such that it is possible to unambiguously recover an open message from the ciphertext using the decryption rule. Encryption rules of the same type can be combined into classes. Inside the class, the rules differ among themselves by the values of some parameter, which can be a number, a table, etc. In cryptography, the specific value of such a parameter is usually called key.

Essentially, the key selects a specific encryption rule from a given class of rules. This allows, firstly, when using special devices for encryption, to change the value of the device parameters so that the encrypted message cannot be decrypted even by persons who have exactly the same device, but do not know the selected parameter value, and secondly, it allows you to change the encryption rule in a timely manner , since the repeated use of the same encryption rule for plain texts creates the prerequisites for receiving open messages by encrypted ones.

Using the concept of a key, the encryption process can be described as a ratio:

where A- open message; B- encrypted message; f- encryption rule; α - the selected key, known to the sender and the addressee.

For each key α cipher conversion must be reversible, that is, there must be a reverse transformation , which for the selected key α uniquely identifies an open message A by encrypted message B:

(9.0)

Set of transformations and the set of keys they match is called cipher... Among all ciphers, two large classes can be distinguished: replacement ciphers and permutation ciphers. Currently, electronic encryption devices are widely used to protect information in automated systems. An important characteristic of such devices is not only the strength of the implemented cipher, but also the high speed of the encryption and decryption process.

Sometimes two concepts are confused: encryption and coding... Unlike encryption, for which you need to know the cipher and the secret key, there is nothing secret during encryption, there is only a certain replacement of letters or words with predefined symbols. Encoding methods are aimed not at hiding an open message, but at presenting it in a more convenient form for transmission via technical means of communication, to reduce the message length, protect distortions, etc.

Secret key ciphers... This type of cipher implies the presence of some information (key), the possession of which allows both encryption and decryption of the message.

On the one hand, such a scheme has the disadvantages that, in addition to an open channel for transmitting a cipher code, it is necessary to also have a secret channel for transmitting a key; moreover, if information about a key is leaked, it is impossible to prove from which of the two correspondents the leak occurred.

On the other hand, among the ciphers of this particular group, there is the only encryption scheme in the world that possesses absolute theoretical strength. All others can be deciphered at least in principle. Such a scheme is the usual encryption (for example, the XOR operation) with a key the length of which is equal to the length of the message. In this case, the key should only be used once. Any attempts to decipher such a message are useless, even if there is a priori information about the message text. By selecting a key, you can get any message as a result.

Public key ciphers... This type of cipher implies the presence of two keys - public and private; one is used to encrypt, the other to decrypt messages. The public key is published - it is brought to the attention of everyone, while the secret key is kept by its owner and is a guarantee of the secrecy of messages. The essence of the method is that what is encrypted with a secret key can only be decrypted with a public one and vice versa. These keys are generated in pairs and have a one-to-one correspondence to each other. Moreover, it is impossible to calculate the other from one key.

A characteristic feature of ciphers of this type, which favorably distinguishes them from ciphers with a secret key, is that the secret key is known here only to one person, while in the first scheme it must be known to at least two people. This gives the following advantages:

no secure channel is required to send the secret key;

all communication is carried out via an open channel;

the presence of a single copy of the key reduces the possibility of its loss and makes it possible to establish clear personal responsibility for maintaining secrecy;

the presence of two keys allows this encryption system to be used in two modes - secret communication and digital signature.

The simplest example of the considered encryption algorithms is the RSA algorithm. All other algorithms of this class differ from it not fundamentally. We can say that, by and large, RSA is the only public key algorithm.

9.6.3. Algorithm RSA. RSA (named for its authors - Rivest, Shamir and Alderman) is a public key algorithm for both encryption and authentication (digital signature). This algorithm was developed in 1977 and is based on the decomposition of large integers into prime factors (factorization).

RSA is a very slow algorithm. In comparison, at the software level, DES is at least 100 times faster than RSA; on the hardware - by 1,000-10,000 times, depending on the implementation.

The RSA algorithm is as follows. Takes two very large primes p and q... Determined n as a result of multiplication p on the q(n=p q). A large random integer is selected d coprime with m, where
... Such a number is determined e, what
... Let's call the public key e and n, and the secret key is the numbers d and n.

Now, to encrypt data using a known key ( e,n), you need to do the following:

split the encrypted text into blocks, each of which can be represented as a number M(i)=0,1,…,n-1;

encrypt text treated as a sequence of numbers M(i) according to the formula C(i)=(M(i)) mod n;

to decrypt this data using the secret key ( d,n), it is necessary to perform the following calculations M(i)=(C(i)) mod n.

The result will be a set of numbers M(i), which represent the original text.

Example. Let's consider the application of the RSA method to encrypt the message: "computer". For simplicity, we will use very small numbers (in practice, much larger numbers are used - from 200 and above).

Let's choose p= 3 and q= 11. We define n= 3 × 11 = 33.

Find ( p-1) × ( q-1) = 20. Therefore, as d choose any number that is coprime with 20, for example d=3.

Let's choose a number e... As such a number, any number can be taken for which the relation ( e× 3) mod 20 = 1, for example, 7.

Let's represent the encrypted message as a sequence of integers in the range 1 ... 32. Let the letter "E" be represented by the number 30, the letter "B" by the number 3, and the letter "M" by the number 13. Then the original message can be represented as a sequence of numbers (30 03 13).

Let's encrypt the message using the key (7.33).

C1 = (307) mod 33 = 21870000000 mod 33 = 24,

C2 = (37) mod 33 = 2187 mod 33 = 9,

C3 = (137) mod 33 = 62748517 mod 33 = 7.

Thus, the encrypted message looks like (24 09 07).

Let's solve the inverse problem. Let's decrypt the message (24 09 07), received as a result of encryption using a known key, based on the secret key (3.33):

М1 = (24 3) mod 33 = 13824 mod 33 = 30,

M2 = (9 3) mod 33 = 739 mod 33 = 9,

М3 = (7 3) mod33 = 343 mod33 = 13 .

Thus, as a result of the decryption of the message, the original message "computer" was received.

The cryptographic strength of the RSA algorithm is based on the assumption that it is extremely difficult to determine the secret key from the known one, since for this it is necessary to solve the problem of the existence of integer divisors. This problem is NP-complete and, as a consequence of this fact, does not currently admit an effective (polynomial) solution. Moreover, the very question of the existence of efficient algorithms for solving NP-complete problems is still open. In this regard, for numbers consisting of 200 digits (and it is these numbers that are recommended to be used), traditional methods require a huge number of operations (about 1023).

The RSA algorithm (Figure 9.2) is patented in the USA. Its use by other persons is not allowed (if the key length is more than 56 bits). True, the validity of such an establishment can be called into question: how can ordinary exponentiation be patented? However, RSA is protected by copyright laws.

Rice. 9.2. Encryption scheme

A message encrypted with the public key of a subscriber can only be decrypted by himself, since only he has the secret key. Thus, to send a private message, you must take the recipient's public key and encrypt the message on it. After that, even you yourself will not be able to decipher it.

9.6.4. Electronic signature. When we act the other way around, that is, we encrypt a message using a secret key, then anyone can decrypt it (taking your public key). But the very fact that the message was encrypted with your private key confirms that it came from you - the only owner of the secret key in the world. This mode of use of the algorithm is called digital signature.

From the point of view of technology, an electronic digital signature is a software-cryptographic (that is, appropriately encrypted) means that allows you to confirm that the signature on a particular electronic document was put by its author, and not by any other person. An electronic digital signature is a set of characters generated according to an algorithm defined by GOST R 34.0-94 and GOST R 34.-94. At the same time, an electronic digital signature allows you to make sure that the information signed by the electronic digital signature method was not changed during the transfer and was signed by the sender exactly in the form in which you received it.

The process of electronically signing a document (Fig. 9.3) is quite simple: the array of information that needs to be signed is processed by special software using the so-called private key. Then the encrypted array is sent by e-mail and, upon receipt, is verified with the corresponding public key. The public key allows you to check the safety of the array and verify the authenticity of the sender's electronic digital signature. This technology is believed to be 100% tamper-proof.

Rice. 9.3. Diagram of the process of electronic signing of a document

The secret key (code) is held by each person who has the authority to sign, and can be stored on a floppy disk or smart card. The public key is used by recipients of the document to verify the authenticity of the electronic digital signature. Using an electronic digital signature, you can sign individual files or fragments of databases.

In the latter case, the software that implements the electronic digital signature must be embedded in the applied automated systems.

According to the new law, the procedure for certification of electronic digital signatures and certification of the signature itself is clearly regulated.

This means that the authorized government agency must confirm that this or that software for generating an electronic digital signature really produces (or verifies) only an electronic digital signature and nothing else; that the corresponding programs do not contain viruses, do not download information from contractors, do not contain bugs and guarantee against hacking. Certification of the signature itself means that the relevant organization - the certification authority - confirms that this key belongs to this particular person.

You can sign documents without the specified certificate, but in the event of a trial, it will be difficult to prove anything. In this case, the certificate is irreplaceable, since the signature itself does not contain data about its owner.

For example, a citizen A and citizen V concluded an agreement in the amount of 10,000 rubles and certified the agreement with their EDS. Citizen A did not fulfill his obligation. Offended citizen V, who is accustomed to acting within the framework of the legal field, goes to court, where the authenticity of the signature is confirmed (the correspondence of the public key to the private one). However, the citizen A states that the private key is not his at all. In the event of such a precedent with an ordinary signature, a graphological examination is carried out, in the case of an EDS, a third party or document is needed with which it is possible to confirm that the signature really belongs to this person. This is what a public key certificate is for.

Today, one of the most popular software tools that implement the main functions of an electronic digital signature are the Verba and CryptoPRO CSP systems.

9.6.5. Hash function. As shown above, a public key cipher can be used in two modes: encryption and digital signature. In the second case, it makes no sense to encrypt the entire text (data) using a secret key. The text is left open, and a certain "checksum" of this text is encrypted, as a result of which a data block is formed, which is a digital signature, which is added to the end of the text or attached to it in a separate file.

The aforementioned "checksum" of the data, which is "signed" instead of the entire text, must be calculated from the entire text so that a change in any letter is reflected on it. Secondly, the specified function must be one-way, that is, computable only "in one direction". This is necessary so that the enemy could not purposefully change the text, adjusting it to the existing digital signature.

This function is called Hash function, which, like cryptoalgorithms, is subject to standardization and certification. In our country, it is regulated by GOST R-3411. Hash function- a function that hashes an array of data by mapping values from a (very) large set of values to a (significantly) smaller set of values. In addition to digital signatures, hash functions are used in other applications. For example, when exchanging messages between remote computers, when user authentication is required, a method based on a hash function can be used.

Let Hash code created by function N:

where M is a message of arbitrary length and h is a fixed length hash code.

Consider the requirements that a hash function must meet in order for it to be used as a message authenticator. Let's take a look at a very simple hash function example. Then we will analyze several approaches to building a hash function.

Hash function N used to authenticate messages must have the following properties:

N(M) must be applied to a data block of any length;

N(M) create a fixed length output;

N(M) is relatively easy (in polynomial time) calculated for any value M;

for any given hash code value h impossible to find M such that N(M) =h;

for any given X computationally impossible to find y≠x, what H(y) =H(x);

it is computationally impossible to find an arbitrary pair ( X,y) such that H(y) =H(x).

The first three properties require the hash function to generate a hash code for any message.

The fourth property defines the requirement of one-way hash function: it is easy to create a hash code from a given message, but it is impossible to recover a message from a given hash code. This property is important if hash authentication includes a secret value. The secret value itself may not be sent, however, if the hash function is not one-way, the adversary can easily reveal the secret value as follows.

The fifth property ensures that no other message can be found whose hash value matches the hash value of this message. This prevents the authenticator from being tampered with when using an encrypted hash code. In this case, the adversary can read the message and, therefore, generate its hash code. But since the adversary does not own the secret key, he cannot change the message so that the recipient does not discover it. If this property is not met, the attacker can perform the following sequence of actions: intercept the message and its encrypted hash code, calculate the message hash code, create an alternative message with the same hash code, replace the original message with a fake one. Since the hash codes of these messages are the same, the recipient will not detect the spoofing.

A hash function that satisfies the first five properties is called simple or weak hash function. If, in addition, the sixth property is satisfied, then such a function is called strong hash function. The sixth property protects against a class of attacks known as the birthday attack.

All hash functions are performed as follows. An input value (message, file, etc.) is treated as a sequence n-bit blocks. The input value is processed sequentially block by block, and created m- the bit value of the hash code.

One of the simplest examples of a hash function is the bitwise XOR of each block:

WITH i = b i 1 XOR b i2 XOR. ... ... XOR b ik ,

where WITH i – i th bit of the hash code, i = 1, …, n;

k- number n- bit input blocks;

b ij –i th bit in j th block.

The result is a hash code of length n known as longitudinal overcontrol. This is effective for random failures to check the integrity of the data.

9.6.6. DES AND GOST-28147. DES (Data Encryption Standard) is a symmetric key algorithm, i.e. one key is used for both encryption and decryption of messages. Developed by IBM and approved by the US government in 1977 as the official standard for protecting non-government secrets.

DES has 64-bit blocks, is based on 16-fold data permutation, uses a 56-bit key for encryption. There are several DES modes, such as Electronic Code Book (ECB) and Cipher Block Chaining (CBC). 56 bits are 8 seven-bit ASCII characters, i.e. the password cannot be more than 8 letters. If, in addition, only letters and numbers are used, then the number of possible options will be significantly less than the maximum possible 256.

One of the steps of the DES algorithm... The input data block is halved by the left ( L ") and right ( R ") parts. After that, the output array is formed so that its left side L "" represented by the right side R " input, and right R "" formed as a sum L " and R " XOR operations. Further, the output array is encrypted by permutation and replacement. You can make sure that all performed operations can be reversed and decryption is carried out in a number of operations linearly dependent on the block size. The algorithm is shown schematically in Fig. 9.4.

Rice. 9.4. DES algorithm diagram

After several such transformations, we can assume that each bit of the output cipher block can depend on each bit of the message.

In Russia, there is an analogue of the DES algorithm, which works on the same principle of a secret key. GOST 28147 was developed 12 years later than DES and has a higher degree of protection. Their comparative characteristics are presented in table. 9.3.

Table 9.3

9.6.7. Steganography. Steganography- This is a method of organizing a connection, which actually hides the very existence of a connection. Unlike cryptography, where the enemy can accurately determine whether the transmitted message is cipher text, steganography methods allow embedding secret messages in harmless messages so that it would be impossible to suspect the existence of an embedded secret message.

The word "steganography" in translation from Greek literally means "secret writing" (steganos - secret, secret; graphy - record). It includes a huge variety of secret communications, such as invisible ink, photomicrographs, conventional arrangement of signs, secret channels and means of communication on floating frequencies, etc.

Steganography occupies its own niche in security: it does not replace, but complements cryptography. Hiding a message by steganography methods significantly reduces the likelihood of detecting the very fact of a message transmission. And if this message is also encrypted, then it has one more, additional, level of protection.

Currently, in connection with the rapid development of computer technology and new channels of information transmission, new steganographic methods have appeared, which are based on the peculiarities of the presentation of information in computer files, computer networks, etc. This gives us the opportunity to talk about the formation of a new direction - computer steganography ...

Despite the fact that steganography as a method of hiding secret data has been known for thousands of years, computer steganography is a young and developing direction.

Steganographic system or stegosystem- a set of tools and methods that are used to form a covert information transmission channel.

When building a stegosystem, the following provisions should be taken into account:

The enemy has a complete understanding of the steganographic system and the details of its implementation. The only information that remains unknown to a potential adversary is the key, with the help of which only its holder can establish the fact of the presence and content of the hidden message.

If the adversary somehow learns about the existence of a hidden message, this should not allow him to extract similar messages in other data as long as the key is kept secret.

A potential adversary should be deprived of any technical or other advantages in recognizing or disclosing the content of secret messages.

The generalized stegosystem model is shown in Fig. 9.5.

Rice. 9.5. Generalized stegosystem model

As data any information can be used: text, message, image, etc.

In the general case, it is advisable to use the word "message", since a message can be either text or an image, or, for example, audio data. In what follows, we will use the term message to denote hidden information.

Container- any information designed to hide secret messages.

Stegkey or just a key - a secret key needed to hide information. Depending on the number of levels of protection (for example, embedding a pre-encrypted message) in the stegosystem, there may be one or several stegokeys.

By analogy with cryptography, stegosystems can be divided into two types by the type of stegkey:

with a secret key;

with a public key.

In a stegosystem with a secret key, one key is used, which must be determined either before the beginning of the exchange of secret messages, or transmitted over a secure channel.

A public-key stegosystem uses different keys to embed and retrieve a message, which differ in such a way that it is impossible to compute one key from another. Therefore, one key (public) can be transferred freely over an unsecured communication channel. In addition, this scheme works well with mutual mistrust between the sender and the recipient.

Currently, it is possible to distinguish three the directions of steganography applications closely related to each other and having the same roots: hiding data(messages), digital watermarks and headlines.

Concealment of embedded data, which in most cases have a large volume, makes serious demands on the container: the size of the container must be several times larger than the size of the embedded data.

Digital watermarks are used to protect copyright or property rights in digital images, photographs, or other digitized works of art. The main requirements for such embedded data are reliability and robustness. Digital watermarks are small, however, given the above requirements, more sophisticated methods are used to embed them than to embed just messages or headers.

Headings are mainly used for marking images in large electronic repositories (libraries) of digital images, audio and video files. In this case, steganographic methods are used not only to embed the identifying header, but also other individual attributes of the file. Embedded titles are small in size, and the requirements for them are minimal: titles should introduce minor distortions and be resistant to basic geometric transformations.

Computer cryptography is based on several principles:

The message can be sent using noise coding. It will be difficult to detect in the presence of hardware noise on the telephone line or network cables.

The message can be placed in the voids of files or disk without losing their functionality. Executable files have a multi-segment structure of executable code; a bunch of bytes can be inserted between the voids of the segments. This is how the WinCIH virus hides its body. A file always occupies an integer number of clusters on disk, so the physical and logical file lengths rarely match. In this interval, you can also write something. You can format an intermediate track on a disc and put a message on it. There is an easier way, which is that at the end of a line of HTML or text file, you can add a certain number of spaces that carry informational load.

The human senses are unable to distinguish small changes in color, image or sound. This applies to data carrying redundant information. For example, 16-bit audio or 24-bit images. Changing the bit values for the color of a pixel will not change the color noticeably. This also includes the method of hidden typefaces. Subtle distortions are made in the outlines of the letters, which will carry a semantic load. In a Microsoft Word document, you can insert similar characters containing a hidden message.

The most widespread and one of the best steganography software products is S-Tools (freeware status). It allows you to hide any files in GIF, BMP and WAV files. Performs adjustable compression (archiving) data. In addition, it performs encryption using algorithms MCD, DES, triple-DES, IDEA (optional). The graphic file remains without visible changes, only the shades change. The sound also remains unchanged. Even if suspicions arise, it is impossible to establish the fact of using S-Tools without knowing the password.

9.6.8. Cryptosystems certification and standardization. All states pay close attention to cryptography issues. There are constant attempts to impose certain limits, bans and other restrictions on the production, use and export of cryptographic tools. For example, in Russia, the import and export of information security means, in particular, cryptographic means, is licensed in accordance with the Decree of the President of the Russian Federation dated April 3, 1995 No. 334 and the decree of the Government of the Russian Federation dated April 15, 1994 No. 331.

As already mentioned, a cryptosystem cannot be considered reliable if the algorithm of its operation is not fully known. Only knowing the algorithm can you check if the protection is stable. However, only a specialist can check this, and even then such a check is often so complicated that it is economically inexpedient. How can an ordinary user who does not know mathematics make sure of the reliability of the cryptosystem, which he is offered to use?

For a layman, the proof of reliability can be the opinion of competent independent experts. Hence the certification system arose. All information security systems are subject to it, so that enterprises and institutions can officially use them. It is not forbidden to use uncertified systems, but in this case you assume the entire risk that it will not be reliable enough or will have “back doors”. But in order to sell information security products, certification is necessary. Such provisions are valid in Russia and in most countries.

Our only body authorized to carry out certification is the Federal Agency for Government Communications and Information under the President of the Russian Federation (FAPSI). This body approaches certification issues very carefully. Very few developments of third-party firms were able to obtain the FAPSI certificate.

In addition, FAPSI licenses the activities of enterprises related to the development, production, sale and operation of encryption tools, as well as secure technical means of storing, processing and transmitting information, providing services in the field of information encryption (Decree of the President of the Russian Federation dated 03.04.95 No. measures to comply with the rule of law in the development of production, sale and operation of encryption tools, as well as the provision of services in the field of information encryption "; and the Law of the Russian Federation" On Federal Bodies of Government Communications and Information ").

For certification, a prerequisite is compliance with standards in the development of information security systems. Standards serve a similar function. They allow, without carrying out complex, expensive and even not always possible research, to get confidence that the given algorithm provides protection of a sufficient degree of reliability.

9.6.9. Encrypted archives. Many software applications include an encryption function. Let's give examples of some software tools with encryption capabilities.

Archiving programs (for example, WinZip) have the option to encrypt the archived information. It can be used for not very important information. Firstly, the encryption methods used there are not very reliable (subject to official export restrictions), and secondly, they are not described in detail. All this does not allow us to seriously count on such protection. Archives with a password can only be used for "regular" users or non-critical information.

On some sites on the Internet, you can find programs to open encrypted archives. For example, a ZIP archive can be opened on a good computer in a few minutes, and no special qualifications are required from the user.

Note. Programs for guessing passwords: Ultra Zip Password Cracker 1.00 - Fast program for guessing passwords for encrypted archives. Russian / English interface. Win "95/98 / NT. (Developer -" m53group "). Advanced ZIP Password Recovery 2.2 - Powerful program for guessing passwords to ZIP archives. High speed, graphical interface, additional functions. OS: Windows95 / 98 / NT. Development company - "Elcom Ltd.", shareware.

Encryption in MS Word and MS Excel... Microsoft has included some semblance of crypto protection in its products. But this defense is very fragile. In addition, the encryption algorithm is not described, which is an indicator of unreliability. In addition, there is evidence that Microsoft leaves a "back door" in the crypto algorithms used. If you need to decrypt a file, the password for which has been lost, you can contact the company. Upon an official request, with sufficient grounds, they decrypt MS Word and MS Excel files. By the way, some other software vendors do this as well.

Encrypted disks (directories)... Encryption is a fairly reliable method of protecting information on a hard drive. However, if the amount of information to be closed is not limited to two or three files, then it is quite difficult to work with it: each time the files will need to be decrypted, and after editing, they will be encrypted back. At the same time, backup copies of files that many editors create may remain on the disk. Therefore, it is convenient to use special programs (drivers) that automatically encrypt and decrypt all information when it is written to disk and read from disk.

In conclusion, we note that a security policy is defined as a set of documented management decisions aimed at protecting information and associated resources. When developing and implementing it, it is advisable to be guided by the following basic principles:

Inability to bypass protective equipment... All information flows to and from the protected network must pass through the means of protection. There should be no secret modem inputs or test lines that bypass protection.

Strengthening the weakest link... The reliability of any protection is determined by the weakest link, since attackers hack it. Often the weakest link is not a computer or a program, but a person, and then the problem of ensuring information security becomes non-technical in nature.

Inability to transition to an unsafe state... The principle of the impossibility of transition to an unsafe state means that under any circumstances, including abnormal, the protective device either fully fulfills its functions or completely blocks access.

Minimizing privileges... The principle of minimizing privileges dictates that you give users and administrators only those access rights that are necessary for them to perform their official duties.

Segregation of duties... The principle of separation of duties assumes such a distribution of roles and responsibilities in which one person cannot disrupt a process that is critical for the organization.

Defense echelon... The principle of separation of defense prescribes not to rely on one defense line. A layered defense can at least delay an attacker and make it much more difficult for malicious actions to be carried out unnoticed.

Variety of protective equipment... The principle of a variety of protective equipment recommends organizing defensive lines of different nature so that a potential attacker is required to master a variety of, if possible, incompatible skills.

Simplicity and manageability of the information system... The principle of simplicity and manageability states that only in a simple and manageable system can you check the consistency of the configuration of different components and carry out centralized administration.

Ensuring universal support for security measures... The principle of universal support for security measures is non-technical. If users and / or system administrators consider information security to be something superfluous or hostile, then a security mode cannot be created deliberately. A set of measures should be envisaged from the very beginning aimed at ensuring the loyalty of personnel, for continuous theoretical and practical training.

From an information security point of view, cryptographic keys are critical data. If earlier, in order to rob a company, malefactors had to enter its territory, open premises and safes, now it is enough to steal a token with a cryptographic key and make a transfer via the Client-Bank Internet system. The foundation of ensuring security using cryptographic information protection systems (CIPS) is maintaining the confidentiality of cryptographic keys.

How do you ensure the confidentiality of something that you don't know exists? To put a token with a key in the safe, you need to know about the existence of the token and the safe. As paradoxical as it sounds, very few companies have an idea of the exact number of key documents they use. This can happen for a number of reasons, for example, underestimation of information security threats, lack of well-established business processes, insufficient personnel qualifications in security issues, etc. This task is usually remembered after incidents such as this one.

This article will describe the first step towards improving information security using cryptographic means, or, more precisely, we will consider one of the approaches to auditing cryptographic information protection tools and crypto keys. The narration will be carried out on behalf of an information security specialist, while we will assume that the work is being carried out from scratch.

Terms and Definitions

At the beginning of the article, in order not to frighten the unprepared reader with complex definitions, we widely used the terms cryptographic key or cryptokey, now it is time to improve our conceptual apparatus and bring it into line with current legislation. This is a very important step as it will effectively structure the information obtained from the audit.

Cryptographic key (cryptokey)- a set of data that allows the selection of one specific cryptographic transformation from among all possible in a given cryptographic system (definition from the “pink instructions - Order of FAPSI No. 152 dated June 13, 2001, hereinafter referred to as FAPSI 152).
Key information- a specially organized set of crypto keys designed to implement cryptographic protection of information within a certain period [FAPSI 152].
You can understand the fundamental difference between a crypto key and key information using the following example. When organizing HTTPS, a public and private key pair is generated, and a certificate is obtained from the public key and additional information. So, in this scheme, the combination of a certificate and a private key form key information, and each of them individually is a crypto key. Here you can be guided by the following simple rule - end users, when working with cryptographic data protection tools, use key information, and crypto keys usually use cryptographic data protection tools inside themselves. At the same time, it is important to understand that key information can consist of one crypto key.
Key documents- electronic documents in any media, as well as documents in paper media containing key information of limited access for cryptographic transformation of information using algorithms for cryptographic transformation of information (cryptographic key) in encryption (cryptographic) means. (definition from the Government Decision No. 313 of April 16, 2012, hereinafter - PP-313)
In simple terms, a key document is key information recorded on a medium. When analyzing key information and key documents, it is necessary to highlight what is used (that is, used for cryptographic transformations - encryption, electronic signature, etc.) key information, and key documents containing it are transferred to employees.
Cryptographic information protection tools (CIPF)- means of encryption, means of imitation protection, means of electronic signature, means of coding, means of production of key documents, key documents, hardware encryption (cryptographic) means, software and hardware encryption (cryptographic) means. [PP-313]
When analyzing this definition, you can find in it the presence of the term key documents. The term is given in the Government Decree and we have no right to change it. At the same time, further description will be carried out on the basis that only means of carrying out cryptographic transformations will be related to CIPF). This approach will simplify the audit, but at the same time will not affect its quality, since we will still take into account the key documents, but in our section and using our own methods.

Audit methodology and expected results

The main features of the audit methodology proposed in this article are the postulates that:

not a single employee of the company can accurately answer the questions asked during the audit;
existing data sources (lists, registers, etc.) are inaccurate or poorly structured.

Therefore, the methodology proposed in the article is a kind of data minning, during which the same data will be extracted from different sources, and then compared, structured and refined.

Here are the main dependencies that will help us with this:

If there is a cryptographic information protection tool, then there is also key information.
If there is an electronic document flow (including with counterparties and regulators), then most likely it uses an electronic signature and, as a result, cryptographic information protection tools and key information.
Electronic document flow in this context should be understood broadly, that is, it will include both the direct exchange of legally significant electronic documents and the submission of reports, and work in payment or trading systems, and so on. The list and forms of electronic document management are determined by the company's business processes, as well as by current legislation.
If an employee is involved in electronic document management, then most likely he has key documents.
When organizing electronic document flow with counterparties, organizational and administrative documents (orders) on the appointment of responsible persons are usually issued.
If information is transmitted over the Internet (or other public networks), then most likely it is encrypted. This primarily applies to VPN and various remote access systems.
If protocols are found in network traffic that transmit traffic in an encrypted form, then cryptographic information protection tools and key information are used.
If settlements were made with counterparties involved in: the supply of information security products, telecommunication devices, the provision of services for the transfer of puffiness, services of certification centers, then with this interaction, cryptographic information protection tools or key documents could be purchased.
Key documents can be either on alienable media (floppy disks, flash drives, tokens, ...), or recorded inside computers and hardware cryptographic information security tools.
When using virtualization tools, key documents can be stored both inside virtual machines and mounted to virtual machines using a hypervisor.
Hardware cryptographic information protection tools can be installed in server rooms and be unavailable for analysis over the network.
Some electronic document management systems may be inactive or inactive, but at the same time contain active key information and cryptographic information protection tools.
Internal regulatory and organizational and administrative documentation may contain information about electronic document management systems, CIPF and key documents.

For the extraction of primary information, we will:

interview employees;
analyze the company's documentation, including internal regulatory and administrative documents, as well as outgoing payment orders;
carry out a visual analysis of server rooms and communication cabinets;
conduct technical analysis of the content of automated workstations (AWS), servers and virtualization tools.

We will formulate specific measures later, but for now we will consider the final data that we should receive as a result of the audit:

List of SKZI:

CIPF model... For example, CIPF Crypto CSP 3.9, or OpenSSL 1.0.1
CIPF instance identifier... For example, serial, license (or registration according to PKZ-2005) SKZI number
Information about the certificate of the FSB of Russia for the CIPF, including number and start and end dates of validity.
Information about the place of operation of the SKZI... For example, the name of the computer on which the software SKZI is installed, or the name of the technical means or premises where the hardware SKZI is installed.

This information will allow:

Manage vulnerabilities in cryptographic information protection systems, that is, quickly detect and fix them.
Track the validity period of certificates for cryptographic information protection tools, as well as check whether a certified cryptographic information protection tool is used in accordance with the rules established by the documentation or not.
Plan the cost of cryptographic information protection, knowing how much is already in operation and how much more consolidated funds are available.
Generate regulatory reporting.

List of key information:

For each element of the list, we record the following data:

Name or identifier of key information... For example, “Qualified ES key. Serial number of the certificate is 31: 2D: AF ", and the identifier should be selected in such a way that it would be possible to find the key by it. For example, certification authorities, when they send notifications, usually identify keys by certificate numbers.
Key System Control Center (CMC) issuer of this key information. This can be the organization that issued the key, for example, a certification authority.
Individual, in whose name key information has been issued. This information can be retrieved from the CN fields of X.509 certificates
Key information format... For example, CryptoPRO CIP, Verba-OW CIP, X.509, etc. (or in other words, for use with which CIP this key information is intended).
Assigning key information... For example, "Participation in auctions on the Sberbank AST site", "Qualified electronic signature for filing reports", etc. From a technical point of view, in this field, you can fix the limitations fixed by the extended key usage fields and other X.509 certificates.
The beginning and the end of the validity of key information.
Key information reissue procedure... That is, knowledge of what to do and how to reissue key information. At the very least, it is advisable to record the contacts of the officials of the CMC that issued the key information.
The list of information systems, services or business processes within which key information is used... For example, "System of remote banking services Internet Client-Bank".

This information will allow:

Track the expiration dates of key information.
Reissue key information quickly if necessary. This may be needed for both planned and unscheduled re-releases.
Block the use of key information, upon dismissal of an employee, to whom it was released.
Investigate information security incidents by answering the questions: "Who had the keys to make payments?" and etc.

List of key documents:

For each element of the list, we record the following data:

Key information contained in the key document.
Key information carrier, on which the key information is recorded.
Face responsible for the safety of the key document and the confidentiality of the key information contained in it.

This information will allow:

Reissue key information in cases of: dismissal of employees who have key documents, as well as in case of compromise of media.
Ensure the confidentiality of key information by taking an inventory of the carriers containing it.

Audit plan

Now is the time to consider the practical features of the audit. Let's do this using the example of a credit and financial organization, or in other words, using the example of a bank. This example was not chosen by chance. Banks use a fairly large number of diverse cryptographic protection systems that are involved in a huge number of business processes, and besides, almost all banks are licensed by the FSB of Russia in cryptography. Further in the article, an audit plan for cryptographic information protection tools and cryptokeys will be presented in relation to the Bank. At the same time, this plan can be taken as a basis when conducting an audit of almost any company. For ease of perception, the plan is divided into stages, which, in turn, are folded into spoliers.

Stage 1. Collecting data from the infrastructure departments of the company

№	Action
Source - all employees of the company
1	We send a corporate mailing to all employees of the company with a request to inform the information security service about all the cryptographic keys they use	We receive emails, on the basis of which we form a list of key information and a list of key documents
Source - Head of Information Technology Service
1	We request a list of key information and key documents	With some probability, the IT Service maintains such documents, we will use them to form and clarify lists of key information, key documents and cryptographic information protection tools
2	Requesting a list of cryptographic information resources
3	We request the register of software installed on servers and workstations	In this registry, we are looking for software cryptographic tools and their components. For example, CryptoPRO CSP, Verba-OW, Signal-COM CSP, Signature, PGP, ruToken, eToken, KritoARM, etc. On the basis of these data, we form a list of cryptographic information protection tools.
4	We ask for a list of employees (probably technical support) helping users to use cryptographic information protection tools and re-release of key information.	We ask these persons for the same information as system administrators
Source - Information Technology Service System Administrators
1	We request a list of domestic crypto gateways (VIPNET, Continent, S-terra, etc.)	In cases where the company does not implement regular IT and information security management business processes, such questions can help system administrators to remember the existence of a particular device or software. We use this information to obtain a list of cryptographic information protection tools.
2	We are asking for a list of domestic software cryptographic tools (cryptographic information protection tools MagPro CryptoPacket, VIPNET CSP, CryptonDisk, SecretDisk, ...)
3	We request a list of routers that implement VPN for: a) communications between the offices of the company; b) interaction with contractors and partners.
4	We request a list of information services published on the Internet (accessible from the Internet). They can include: a) corporate email; b) instant messaging systems; c) corporate websites; d) services for the exchange of information with partners and contractors (extranet); e) remote banking systems (if the company is a Bank); f) systems of remote access to the company's network. To check the completeness of the information provided, we check it against the list of Portforwarding rules for border firewalls.	Analyzing the information received, with a high probability, you can find the use of cryptographic information protection tools and crypto keys. We use the obtained data to form a list of cryptographic information protection tools and key information.
5	We request a list of information systems used for reporting (Taxcom, Kontur, etc.)	These systems use the keys of a qualified electronic signature and SKZI. Through this list, we form a list of cryptographic data protection tools, a list of key information, and also find out the employees who use these systems to form a list of key documents.
6	We request a list of internal electronic document management systems (Lotus, DIRECTUM, 1C: Document management, etc.), as well as a list of their users.	Within the framework of internal electronic document management systems, electronic signature keys may be encountered. Based on the information received, we form a list of key information and a list of key documents.
7	We are asking for a list of internal certification centers.	The funds used for the organization of certification centers are recorded in the list of cryptographic information protection tools. In the future, we will analyze the contents of the databases of certification centers to identify key information.
8	We request information about the use of technologies: IEEE 802.1x, WiFiWPA2 Enterprise and IP video surveillance systems	In the case of using these technologies, we can find key documents in the devices involved.
Source - Head of Human Resources
1	Please describe the process of hiring and firing employees. We focus on the question of who takes the key documents from leaving workers	We analyze documents (bypass sheets) for the presence of information systems in which the cryptographic information protection system can be used.

Stage 2. Collecting data from business units of the company (on the example of the Bank)

№	Action	Expected Output and Usage
Source - Head of Settlement Service (Correspondent Relations)
1	Please provide a scheme for organizing interaction with the Bank of Russia payment system. In particular, this will be relevant for Banks that have a developed branch network, in which branches can connect the Central Bank to the payment system directly	Based on the data received, we determine the location of the payment gateways (AWP KBR, UTA) and the list of involved users. We use the obtained information to form a list of cryptographic information protection tools, key information and key documents.
2	We ask for a list of Banks with which direct correspondent relations have been established, and also ask to tell who is involved in making transfers and what technical means are used.
3	We request a list of payment systems in which the Bank participates (SWIFT, VISA, MasterCard, NSPK, etc.), as well as the location of terminals for communication	The same as for the payment system of the Bank of Russia
Source - Head of Division responsible for the provision of remote banking services
1	We are asking for a list of remote banking systems.	In these systems, we analyze the use of cryptographic information protection tools and key information. Based on the data received, we form a list of cryptographic information protection tools and key information and key documents.
Source - Head of the department responsible for the functioning of payment card processing
1	Query the HSM registry	Based on the information received, we form a list of cryptographic information protection tools, key information and key documents.
2	Requesting the roster of security officers
4	Requesting information about LMK HSM components
5	We request information about the organization of systems such as 3D-Secure and the organization of personalization of payment cards
Source - Heads of departments performing functions of treasury and depository
1	List of banks with which correspondent relations have been established and which participate in interbank lending.	We use the information received to clarify previously received data from the settlement service, as well as record information about interaction with exchanges and depositories. Based on the information received, we form a list of cryptographic information protection tools and key information.
2	List of exchanges and specialized depositories with which the Bank works
Source - Heads of financial monitoring services and departments responsible for submitting reports to the Bank of Russia
1	We request information on how they send information and receive information from the Central Bank. List of involved persons and technical means.	Information interaction with the Bank of Russia is strictly regulated by relevant documents, for example, 2332-U, 321-I and many others, we check compliance with these documents and form lists of cryptographic information protection tools, key information and key documents.
Source - Chief Accountant and accountants who pay bills for internal bank needs
1	We ask for information on how the preparation and submission of reports to tax inspectorates and the Bank of Russia	We clarify the previously obtained information
2	We request a register of payment documents to pay for internal bank needs	In this registry, we will look for documents where: 1) Certification centers, specialized telecom operators, manufacturers of cryptographic information protection tools, suppliers of telecommunications equipment are indicated as recipients of payments. The names of these companies can be obtained from the Register of certified cryptographic information protection systems of the FSB of Russia, the list of accredited certification centers of the Ministry of Telecom and Mass Communications and other sources. 2) as a decryption of the payment, the words are present: "CIPF", "signature", "token", "key", "BKI", etc.
Source - Heads of Arrears and Risk Management
1	We request a list of credit bureaus and collection agencies with which the Bank works.	Together with the IT service, we analyze the data obtained in order to clarify the organization of electronic document flow, on the basis of which we clarify the lists of cryptographic information protection tools, key information and key documents.
Source - Heads of Document Management, Internal Control and Internal Audit Services
1	We request a register of internal organizational and administrative documents (orders).	In these documents, we are looking for documents related to cryptographic information protection. To do this, we analyze the presence of the keywords "security", "person in charge", "administrator", "electronic signature", "ES", "EDS", "EDO", "ASP", "SKZI" and their derivatives. Then we identify the list of Bank employees recorded in these documents. We conduct interviews with employees on the topic of their use of crypto-tools. We reflect the information received in the lists of cryptographic information protection tools, key information and key documents.
2	We request lists of contracts with counterparties	We are trying to identify agreements on electronic document management, as well as agreements with companies that supply information security tools or provide services in this area, as well as companies that provide services of certification centers and services for submitting reports via the Internet.
3	We analyze the technology of storing documents of the day in electronic form	When implementing the storage of documents of the day in electronic form, cryptographic information protection tools are required

Stage 3. Technical audit

№	Action	Expected Output and Usage
1	We carry out a technical inventory of the software installed on computers. For this we use: · Analytical capabilities of corporate anti-virus protection systems (for example, Kaspersky Anti-Virus can build such a registry). · WMI scripts for polling Windows computers; · Possibilities of package managers for polling * nix systems; · Specialized software for inventory.	Among the installed software, we are looking for software SKZI, drivers for hardware SKZI and key carriers. On the basis of the information received, we update the list of CIPFs.
2	We search for key documents on servers and workstations. For this · Logon-scripts poll AWP in the domain for the presence of certificates with private keys in user profiles and computer profiles. On all computers, file servers, hypervisors, we are looking for files with the extensions: crt, cer, key, pfx, p12, pem, pse, jks, etc. · On the hypervisors of virtualization systems, we are looking for mounted floppy drives and diskette images.	Very often, key documents are presented in the form of file key containers, as well as containers stored in the registries of computers running Windows. We record the found key documents in the list of key documents, and the key information contained in them in the list of key information.
3	We analyze the content of the databases of certification centers	Databases of certification authorities usually contain information about certificates issued by these authorities. We enter the information received into the list of key information and the list of key documents.
4	We conduct a visual inspection of server rooms and wiring closets, look for cryptographic information protection tools and hardware key carriers (tokens, disk drives)	In some cases, it is impossible to conduct an inventory of cryptographic information protection tools and key documents over the network. Systems may be on isolated network segments or have no network connections at all. To do this, we conduct a visual inspection, in the results of which the names and purpose of all equipment presented in the server rooms should be established. We enter the information received into the list of cryptographic information protection tools and key documents.
5	We analyze network traffic in order to identify information flows using encrypted exchange	Encrypted protocols - HTTPS, SSH, etc. will allow us to identify network nodes on which cryptographic transformations are performed, and as a result, containing cryptographic information protection tools and key documents.

Conclusion

In this article, we examined the theory and practice of auditing cryptographic information protection tools and crypto keys. As you have seen, this procedure is rather complicated and time-consuming, but if it is correctly approached, it is quite feasible. We hope this article will help you in real life. Thank you for your attention, we are waiting for your comments.

Tags:

skzy
cryptography
electronic signature
audit
management

Add tags

Terms and Definitions

Cryptographic key (cryptokey)- a set of data that allows the selection of one specific cryptographic transformation from among all possible in a given cryptographic system (definition from the “pink instructions - Order of FAPSI No. 152 dated June 13, 2001, hereinafter referred to as FAPSI 152).
Key information- a specially organized set of crypto keys designed to implement cryptographic protection of information within a certain period [FAPSI 152].
You can understand the fundamental difference between a crypto key and key information using the following example. When organizing HTTPS, a public and private key pair is generated, and a certificate is obtained from the public key and additional information. So, in this scheme, the combination of a certificate and a private key form key information, and each of them individually is a crypto key. Here you can be guided by the following simple rule - end users, when working with cryptographic data protection tools, use key information, and crypto keys usually use cryptographic data protection tools inside themselves. At the same time, it is important to understand that key information can consist of one crypto key.
Key documents- electronic documents in any media, as well as documents in paper media containing key information of limited access for cryptographic transformation of information using algorithms for cryptographic transformation of information (cryptographic key) in encryption (cryptographic) means. (definition from the Government Decision No. 313 of April 16, 2012, hereinafter - PP-313)
In simple terms, a key document is key information recorded on a medium. When analyzing key information and key documents, it is necessary to highlight what is used (that is, used for cryptographic transformations - encryption, electronic signature, etc.) key information, and key documents containing it are transferred to employees.
Cryptographic information protection tools (CIPF)- means of encryption, means of imitation protection, means of electronic signature, means of coding, means of production of key documents, key documents, hardware encryption (cryptographic) means, software and hardware encryption (cryptographic) means. [PP-313]
When analyzing this definition, you can find in it the presence of the term key documents. The term is given in the Government Decree and we have no right to change it. At the same time, further description will be carried out on the basis that only means of carrying out cryptographic transformations will be related to CIPF). This approach will simplify the audit, but at the same time will not affect its quality, since we will still take into account the key documents, but in our section and using our own methods.

Audit methodology and expected results

The main features of the audit methodology proposed in this article are the postulates that:

not a single employee of the company can accurately answer the questions asked during the audit;
existing data sources (lists, registers, etc.) are inaccurate or poorly structured.

Therefore, the methodology proposed in the article is a kind of data minning, during which the same data will be extracted from different sources, and then compared, structured and refined.

Here are the main dependencies that will help us with this:

If there is a cryptographic information protection tool, then there is also key information.
If there is an electronic document flow (including with counterparties and regulators), then most likely it uses an electronic signature and, as a result, cryptographic information protection tools and key information.
Electronic document flow in this context should be understood broadly, that is, it will include both the direct exchange of legally significant electronic documents and the submission of reports, and work in payment or trading systems, and so on. The list and forms of electronic document management are determined by the company's business processes, as well as by current legislation.
If an employee is involved in electronic document management, then most likely he has key documents.
When organizing electronic document flow with counterparties, organizational and administrative documents (orders) on the appointment of responsible persons are usually issued.
If information is transmitted over the Internet (or other public networks), then most likely it is encrypted. This primarily applies to VPN and various remote access systems.
If protocols are found in network traffic that transmit traffic in an encrypted form, then cryptographic information protection tools and key information are used.
If settlements were made with counterparties involved in: the supply of information security products, telecommunication devices, the provision of services for the transfer of puffiness, services of certification centers, then with this interaction, cryptographic information protection tools or key documents could be purchased.
Key documents can be either on alienable media (floppy disks, flash drives, tokens, ...), or recorded inside computers and hardware cryptographic information security tools.
When using virtualization tools, key documents can be stored both inside virtual machines and mounted to virtual machines using a hypervisor.
Hardware cryptographic information protection tools can be installed in server rooms and be unavailable for analysis over the network.
Some electronic document management systems may be inactive or inactive, but at the same time contain active key information and cryptographic information protection tools.
Internal regulatory and organizational and administrative documentation may contain information about electronic document management systems, CIPF and key documents.

For the extraction of primary information, we will:

interview employees;
analyze the company's documentation, including internal regulatory and administrative documents, as well as outgoing payment orders;
carry out a visual analysis of server rooms and communication cabinets;
conduct technical analysis of the content of automated workstations (AWS), servers and virtualization tools.

We will formulate specific measures later, but for now we will consider the final data that we should receive as a result of the audit:

List of SKZI:

CIPF model... For example, CIPF Crypto CSP 3.9, or OpenSSL 1.0.1
CIPF instance identifier... For example, serial, license (or registration according to PKZ-2005) SKZI number
Information about the certificate of the FSB of Russia for the CIPF, including number and start and end dates of validity.
Information about the place of operation of the SKZI... For example, the name of the computer on which the software SKZI is installed, or the name of the technical means or premises where the hardware SKZI is installed.

This information will allow:

Manage vulnerabilities in cryptographic information protection systems, that is, quickly detect and fix them.
Track the validity period of certificates for cryptographic information protection tools, as well as check whether a certified cryptographic information protection tool is used in accordance with the rules established by the documentation or not.
Plan the cost of cryptographic information protection, knowing how much is already in operation and how much more consolidated funds are available.
Generate regulatory reporting.

List of key information:

For each element of the list, we record the following data:

Name or identifier of key information... For example, “Qualified ES key. Serial number of the certificate is 31: 2D: AF ", and the identifier should be selected in such a way that it would be possible to find the key by it. For example, certification authorities, when they send notifications, usually identify keys by certificate numbers.
Key System Control Center (CMC) issuer of this key information. This can be the organization that issued the key, for example, a certification authority.
Individual, in whose name key information has been issued. This information can be retrieved from the CN fields of X.509 certificates
Key information format... For example, CryptoPRO CIP, Verba-OW CIP, X.509, etc. (or in other words, for use with which CIP this key information is intended).
Assigning key information... For example, "Participation in auctions on the Sberbank AST site", "Qualified electronic signature for filing reports", etc. From a technical point of view, in this field, you can fix the limitations fixed by the extended key usage fields and other X.509 certificates.
The beginning and the end of the validity of key information.
Key information reissue procedure... That is, knowledge of what to do and how to reissue key information. At the very least, it is advisable to record the contacts of the officials of the CMC that issued the key information.
The list of information systems, services or business processes within which key information is used... For example, "System of remote banking services Internet Client-Bank".

This information will allow:

Track the expiration dates of key information.
Reissue key information quickly if necessary. This may be needed for both planned and unscheduled re-releases.
Block the use of key information, upon dismissal of an employee, to whom it was released.
Investigate information security incidents by answering the questions: "Who had the keys to make payments?" and etc.

List of key documents:

For each element of the list, we record the following data:

Key information contained in the key document.
Key information carrier, on which the key information is recorded.
Face responsible for the safety of the key document and the confidentiality of the key information contained in it.

This information will allow:

Reissue key information in cases of: dismissal of employees who have key documents, as well as in case of compromise of media.
Ensure the confidentiality of key information by taking an inventory of the carriers containing it.

Audit plan

Stage 1. Collecting data from the infrastructure departments of the company

№	Action
Source - all employees of the company
1	We send a corporate mailing to all employees of the company with a request to inform the information security service about all the cryptographic keys they use	We receive emails, on the basis of which we form a list of key information and a list of key documents
Source - Head of Information Technology Service
1	We request a list of key information and key documents	With some probability, the IT Service maintains such documents, we will use them to form and clarify lists of key information, key documents and cryptographic information protection tools
2	Requesting a list of cryptographic information resources
3	We request the register of software installed on servers and workstations	In this registry, we are looking for software cryptographic tools and their components. For example, CryptoPRO CSP, Verba-OW, Signal-COM CSP, Signature, PGP, ruToken, eToken, KritoARM, etc. On the basis of these data, we form a list of cryptographic information protection tools.
4	We ask for a list of employees (probably technical support) helping users to use cryptographic information protection tools and re-release of key information.	We ask these persons for the same information as system administrators
Source - Information Technology Service System Administrators
1	We request a list of domestic crypto gateways (VIPNET, Continent, S-terra, etc.)	In cases where the company does not implement regular IT and information security management business processes, such questions can help system administrators to remember the existence of a particular device or software. We use this information to obtain a list of cryptographic information protection tools.
2	We are asking for a list of domestic software cryptographic tools (cryptographic information protection tools MagPro CryptoPacket, VIPNET CSP, CryptonDisk, SecretDisk, ...)
3	We request a list of routers that implement VPN for: a) communications between the offices of the company; b) interaction with contractors and partners.
4	We request a list of information services published on the Internet (accessible from the Internet). They can include: a) corporate email; b) instant messaging systems; c) corporate websites; d) services for the exchange of information with partners and contractors (extranet); e) remote banking systems (if the company is a Bank); f) systems of remote access to the company's network. To check the completeness of the information provided, we check it against the list of Portforwarding rules for border firewalls.	Analyzing the information received, with a high probability, you can find the use of cryptographic information protection tools and crypto keys. We use the obtained data to form a list of cryptographic information protection tools and key information.
5	We request a list of information systems used for reporting (Taxcom, Kontur, etc.)	These systems use the keys of a qualified electronic signature and SKZI. Through this list, we form a list of cryptographic data protection tools, a list of key information, and also find out the employees who use these systems to form a list of key documents.
6	We request a list of internal electronic document management systems (Lotus, DIRECTUM, 1C: Document management, etc.), as well as a list of their users.	Within the framework of internal electronic document management systems, electronic signature keys may be encountered. Based on the information received, we form a list of key information and a list of key documents.
7	We are asking for a list of internal certification centers.	The funds used for the organization of certification centers are recorded in the list of cryptographic information protection tools. In the future, we will analyze the contents of the databases of certification centers to identify key information.
8	We request information about the use of technologies: IEEE 802.1x, WiFiWPA2 Enterprise and IP video surveillance systems	In the case of using these technologies, we can find key documents in the devices involved.
Source - Head of Human Resources
1	Please describe the process of hiring and firing employees. We focus on the question of who takes the key documents from leaving workers	We analyze documents (bypass sheets) for the presence of information systems in which the cryptographic information protection system can be used.

Stage 2. Collecting data from business units of the company (on the example of the Bank)

№	Action	Expected Output and Usage
Source - Head of Settlement Service (Correspondent Relations)
1	Please provide a scheme for organizing interaction with the Bank of Russia payment system. In particular, this will be relevant for Banks that have a developed branch network, in which branches can connect the Central Bank to the payment system directly	Based on the data received, we determine the location of the payment gateways (AWP KBR, UTA) and the list of involved users. We use the obtained information to form a list of cryptographic information protection tools, key information and key documents.
2	We ask for a list of Banks with which direct correspondent relations have been established, and also ask to tell who is involved in making transfers and what technical means are used.
3	We request a list of payment systems in which the Bank participates (SWIFT, VISA, MasterCard, NSPK, etc.), as well as the location of terminals for communication	The same as for the payment system of the Bank of Russia
Source - Head of Division responsible for the provision of remote banking services
1	We are asking for a list of remote banking systems.	In these systems, we analyze the use of cryptographic information protection tools and key information. Based on the data received, we form a list of cryptographic information protection tools and key information and key documents.
Source - Head of the department responsible for the functioning of payment card processing
1	Query the HSM registry	Based on the information received, we form a list of cryptographic information protection tools, key information and key documents.
2	Requesting the roster of security officers
4	Requesting information about LMK HSM components
5	We request information about the organization of systems such as 3D-Secure and the organization of personalization of payment cards
Source - Heads of departments performing functions of treasury and depository
1	List of banks with which correspondent relations have been established and which participate in interbank lending.	We use the information received to clarify previously received data from the settlement service, as well as record information about interaction with exchanges and depositories. Based on the information received, we form a list of cryptographic information protection tools and key information.
2	List of exchanges and specialized depositories with which the Bank works
Source - Heads of financial monitoring services and departments responsible for submitting reports to the Bank of Russia
1	We request information on how they send information and receive information from the Central Bank. List of involved persons and technical means.	Information interaction with the Bank of Russia is strictly regulated by relevant documents, for example, 2332-U, 321-I and many others, we check compliance with these documents and form lists of cryptographic information protection tools, key information and key documents.
Source - Chief Accountant and accountants who pay bills for internal bank needs
1	We ask for information on how the preparation and submission of reports to tax inspectorates and the Bank of Russia	We clarify the previously obtained information
2	We request a register of payment documents to pay for internal bank needs	In this registry, we will look for documents where: 1) Certification centers, specialized telecom operators, manufacturers of cryptographic information protection tools, suppliers of telecommunications equipment are indicated as recipients of payments. The names of these companies can be obtained from the Register of certified cryptographic information protection systems of the FSB of Russia, the list of accredited certification centers of the Ministry of Telecom and Mass Communications and other sources. 2) as a decryption of the payment, the words are present: "CIPF", "signature", "token", "key", "BKI", etc.
Source - Heads of Arrears and Risk Management
1	We request a list of credit bureaus and collection agencies with which the Bank works.	Together with the IT service, we analyze the data obtained in order to clarify the organization of electronic document flow, on the basis of which we clarify the lists of cryptographic information protection tools, key information and key documents.
Source - Heads of Document Management, Internal Control and Internal Audit Services
1	We request a register of internal organizational and administrative documents (orders).	In these documents, we are looking for documents related to cryptographic information protection. To do this, we analyze the presence of the keywords "security", "person in charge", "administrator", "electronic signature", "ES", "EDS", "EDO", "ASP", "SKZI" and their derivatives. Then we identify the list of Bank employees recorded in these documents. We conduct interviews with employees on the topic of their use of crypto-tools. We reflect the information received in the lists of cryptographic information protection tools, key information and key documents.
2	We request lists of contracts with counterparties	We are trying to identify agreements on electronic document management, as well as agreements with companies that supply information security tools or provide services in this area, as well as companies that provide services of certification centers and services for submitting reports via the Internet.
3	We analyze the technology of storing documents of the day in electronic form	When implementing the storage of documents of the day in electronic form, cryptographic information protection tools are required

Stage 3. Technical audit

№	Action	Expected Output and Usage
1	We carry out a technical inventory of the software installed on computers. For this we use: · Analytical capabilities of corporate anti-virus protection systems (for example, Kaspersky Anti-Virus can build such a registry). · WMI scripts for polling Windows computers; · Possibilities of package managers for polling * nix systems; · Specialized software for inventory.	Among the installed software, we are looking for software SKZI, drivers for hardware SKZI and key carriers. On the basis of the information received, we update the list of CIPFs.
2	We search for key documents on servers and workstations. For this · Logon-scripts poll AWP in the domain for the presence of certificates with private keys in user profiles and computer profiles. On all computers, file servers, hypervisors, we are looking for files with the extensions: crt, cer, key, pfx, p12, pem, pse, jks, etc. · On the hypervisors of virtualization systems, we are looking for mounted floppy drives and diskette images.	Very often, key documents are presented in the form of file key containers, as well as containers stored in the registries of computers running Windows. We record the found key documents in the list of key documents, and the key information contained in them in the list of key information.
3	We analyze the content of the databases of certification centers	Databases of certification authorities usually contain information about certificates issued by these authorities. We enter the information received into the list of key information and the list of key documents.
4	We conduct a visual inspection of server rooms and wiring closets, look for cryptographic information protection tools and hardware key carriers (tokens, disk drives)	In some cases, it is impossible to conduct an inventory of cryptographic information protection tools and key documents over the network. Systems may be on isolated network segments or have no network connections at all. To do this, we conduct a visual inspection, in the results of which the names and purpose of all equipment presented in the server rooms should be established. We enter the information received into the list of cryptographic information protection tools and key documents.
5	We analyze network traffic in order to identify information flows using encrypted exchange	Encrypted protocols - HTTPS, SSH, etc. will allow us to identify network nodes on which cryptographic transformations are performed, and as a result, containing cryptographic information protection tools and key documents.

Conclusion

Tags: Add Tags

Cryptographic means of protecting information. Information security mechanisms

Terms and Definitions

Audit methodology and expected results

Audit plan

Conclusion

Terms and Definitions

Audit methodology and expected results

Audit plan

Conclusion

Top related articles