Application of the dimensional ontology method in selecting means of technical protection of information from unauthorized access.

Application of the dimensional ontology method in selecting means of technical protection of information from unauthorized access.

NAGORNY Sergey Ivanovich
DONTSOV Vadim Vladimirovich, Candidate of Technical Sciences, Senior Researcher

Application of the dimensional ontology method in selecting means of
technical protection of information from unauthorized access

Source: journal «Special Technology» No. 1 2008

In 1931, mathematician Kurt Gödel published a short article that simply turned the world of so-called «mathematical logic» upside down. After long and complex mathematical-theoretical preambles, he established literally the following. Let's take any statement like: «Assumption #247 in this system of axioms is logically unprovable» and call it «statement «A». «If statement «A» can be proven, then statement «not-A» can also be proven. In other words, if it is possible to prove the validity of the statement «assumption #247 is unprovable», then it is possible to prove the validity of the statement «assumption #247 is provable». That is, returning to the formulation of Hilbert's second problem, if the axiom system is complete (that is, any statement in it can be proven), then it is inconsistent. So, the formulation of the first or weak Gödel incompleteness theorem is: «Every formal system of axioms contains unresolved assumptions.» Gödel then formulated and proved the second incompleteness theorem: «The logical completeness (or incompleteness) of any system of axioms cannot be proved within the framework of this system. To prove or disprove it, additional axioms (strengthening the system) are required.»

The purpose of this article is to study the compatibility of the properties of technical means of protecting information from unauthorized access (NSD) available on the market with the system of restrictions of the current legislation regulating legal relations in the area under consideration. The effectiveness of management in any administrative sphere largely depends on how correctly the methodological foundations of management are identified. At the present stage, the system of bodies in the field of technical regulation and standardization has undergone serious changes, but the goal of the reform — ensuring the safety and quality of products on the Russian market — has not been achieved.

The issue of the substantive content of technical regulations also turned out to be problematic. The scope of application and features of the object of regulation determine the specific content of the legal norm established by the regulation. On the one hand, the regulation must establish minimum safety requirements, take into account risks and minimize them, and based on this, fix the required level of relevant indicators, that is, introduce technical standards. On the other hand, the regulation is a normative legal act that must be understandable to a wide range of people. The technical norm fixed by the regulation must regulate generalized social relations, and not private issues, that is, it must not contain specific technical and technological indicators. Today, when the developers write the texts of technical regulations, their logical-structural and substantive «filling» independently, the requirements of legislative technology are far from always met [1].

Particular attention should be paid to the problem of the relationship between the requirements set out in technical regulations and federal legislation governing legal relations in general. As an example, let us consider the system of «technical protection of information» used to protect state secrets. On July 8, 2006, the State Duma adopted the Federal Law (FL) «On Information, Information Technologies and the Protection of Information».

This FL regulates relations arising from:

• exercising the right to search for, receive, transmit, produce and distribute information;
• using information technologies;
• ensuring the protection of information.

In accordance with Article 15 of the aforementioned Federal Law, the use of information and telecommunications networks on the territory of the Russian Federation is carried out in compliance with the requirements of the legislation of the Russian Federation in the field of communications and other regulatory legal acts of the Russian Federation. The specifics of connecting state information systems to information and telecommunications networks may be established by a regulatory legal act of the President of the Russian Federation or a regulatory legal act of the Government of the Russian Federation. Technical means intended for processing information contained in state information systems, including software and hardware and information protection tools, must comply with the requirements of the legislation of the Russian Federation on technical regulation.
State regulation of relations in the field of information protection is carried out by establishing requirements for the protection of information, as well as liability for violating the legislation of the Russian Federation on information, information technology and information protection.

Requirements for the protection of information contained in state information systems are established by the federal executive body in the field of security (FSB of Russia) and the federal executive body authorized in the field of countering technical intelligence and technical protection of information (FSTEC of Russia), within the limits of their authority. When creating and operating state information systems, the methods and means of protecting information used for the purpose of protecting it must comply with the specified requirements. In this case, the protection of information constituting a state secret is carried out in accordance with the legislation of the Russian Federation on state secrets.

In accordance with the Federal Law «On State Secrets», information security tools must have a certificate certifying their compliance with the requirements for protecting information of the corresponding secrecy level. The organization of certification of information security tools is assigned to the federal executive body authorized in the field of countering technical intelligence and technical protection of information, the federal executive body authorized in the field of ensuring security, and the federal executive body authorized in the field of defense, in accordance with the functions assigned to them by the legislation of the Russian Federation. Certification is carried out on the basis of the requirements of state standards of the Russian Federation and other regulatory documents approved by the Government of the Russian Federation.

Despite the obvious need to use only certified information security tools (ISS), we will try to study the problem of using cryptography in ISS. On April 3, 1995, the Decree of the President of the Russian Federation No. 334 was signed «On measures to comply with the law in the field of development, production, sale and operation of encryption tools, as well as the provision of services in the field of information encryption.» The aforementioned Decree of the President of the Russian Federation established the following standards and measures:

• prohibit the use by government organizations and enterprises in information and telecommunications systems of encryption tools, including cryptographic means of ensuring the authenticity of information (electronic signature), and secure technical means of storing, processing and transmitting information that do not have a certificate from the Federal Agency for Government Communications and Information under the President of the Russian Federation, as well as the placement of government orders at enterprises and organizations that use the said technical and encryption tools that do not have a certificate from the Federal Agency for Government Communications and Information under the President of the Russian Federation;
• prohibit the activities of legal entities and individuals related to the development, production, sale and operation of encryption tools, as well as secure technical means of storing, processing and transmitting information, and the provision of services in the field of information encryption without licenses issued by the Federal Agency for Government Communications and Information under the President of the Russian Federation in accordance with the Law of the Russian Federation «On Federal Bodies of Government Communications and Information».

Further, in order to implement the requirements of the Decree, it was ordered:

1. The State Customs Committee of the Russian Federation shall take measures to prevent the import of foreign-made encryption tools into the territory of the Russian Federation without a license from the Ministry of Foreign Economic Relations of the Russian Federation, issued in agreement with the Federal Agency for Government Communications and Information under the President of the Russian Federation;
2. The Federal Counterintelligence Service of the Russian Federation and the Ministry of Internal Affairs of the Russian Federation, together with the Federal Agency for Government Communications and Information under the President of the Russian Federation, the Ministry of the Russian Federation for Taxes and Duties and the Tax Police Department of the Russian Federation, shall identify legal entities and individuals who violate these requirements;
3. The Prosecutor General's Office of the Russian Federation shall strengthen prosecutorial supervision over compliance with the Law of the Russian Federation «On Federal Agencies of Government Communications and Information» in terms of the development, production, sale and operation of encryption tools, as well as the provision of services in the field of information encryption in the Russian Federation, subject to licensing and certification by the Federal Agency for Government Communications and Information under the President of the Russian Federation.

To end the discussions about the object of protection, let us define what is meant by the term «cryptographic means». Thus, the «Regulation on licensing activities for the distribution of encryption (cryptographic) means», approved by the Government of the Russian Federation by Resolution No. 691 of 23.09.02 «On approval of provisions on licensing certain types of activities related to encryption (cryptographic) means», classifies the following as encryption (cryptographic) means:

a) encryption tools — hardware, software and hardware-software tools, systems and complexes implementing algorithms for cryptographic transformation of information and intended to protect information during transmission via communication channels and (or) to protect information from unauthorized access during its processing and storage;

b) imitation protection tools — hardware, software and hardware-software tools, systems and complexes implementing algorithms for cryptographic transformation of information and intended to protect against the imposition of false information;

c) electronic digital signature tools — hardware, software, and hardware-software tools that ensure, on the basis of cryptographic transformations, the implementation of at least one of the following functions: creation of an electronic digital signature (EDS) using a private key, confirmation using a public key of the authenticity of the EDS, creation of private and public keys of the EDS;

d) coding tools — tools that implement algorithms for cryptographic transformation of information with the implementation of part of the transformation by manual operations or using automated tools based on such operations;

d) means of producing key documents (regardless of the type of key information carrier);

e) key documents (regardless of the type of key information carrier).

For clarity, let us dwell on a simple example that should illustrate the understanding of the emerging problem of constructing legitimate information protection. If we orthogonally project a three-dimensional glass standing on a table into a two-dimensional plane, we get a circle. The same glass, projected from the side, will look like a rectangle in a two-dimensional plane. But no one will claim that the glass consists of a circle and a rectangle. In the same way, we cannot claim that the use of any means of cryptographic protection can be applied on the territory of the Russian Federation. The image of dimensions and projections allows us to simultaneously speak, on the one hand, about the integrity and unity of constructing technical information protection, and on the other hand, about the differences in the relationship between the technical proposal and the actual legislation regulating this branch of law.

The above approach (dimensional ontology) was first used by V. Franki in psychology to describe the way of perceiving obvious contradictions. Using the proposed approach, we will describe the legislative framework (one of the projections) regulating the rights and obligations of executive authorities in the field of cryptography.

I. Let us consider the legislative framework in terms of the powers of the FSB of Russia. The Federal Law «On the Federal Security Service» defines the activities of the FSB of Russia in the following main areas:

• counterintelligence activities;
• fight against terrorism;
• fight against crime;
• intelligence activities;
• border activities;
• ensuring information security.

In this case, the Federal Security Service ensures information security when:

• the formation and implementation of state and scientific and technical policy in the field of ensuring information security, including the use of engineering and cryptographic means;
• ensuring cryptographic and engineering methods of security of information and telecommunication systems, as well as encrypted, classified and other types of special communications systems in the Russian Federation and its institutions located outside the Russian Federation.

That is, today the FSB of Russia, within the limits of its competence, carries out the following functions:

• creates a certification system and establishes rules for conducting certification of information protection tools according to security requirements for information constituting a state secret (hereinafter — SZI-GT);
• submits the SZI-GT certification system and its conformity marks for state registration to the State Standard of Russia (FATRM);
• organizes the functioning of the certification system;
• defines the nomenclature of the SZI-GT subject to mandatory certification in this system;
• implements the procedure for recognizing regulatory and methodological documents of third-party organizations;
• approves regulatory documents for compliance with which the SZI-GT certification is carried out in the certification system, and methodological documents for conducting certification tests;
• establishes the rules for recognizing foreign certificates, conformity marks and test results;
• maintains the state register of certified information security tools, certification bodies and testing centers (laboratories) accredited in the SZI-GT certification system, other certification participants, as well as issued and revoked certificates of conformity and licenses for the use of the conformity mark;
• maintains records of regulatory documents containing rules, requirements and methodological recommendations for certification.

In accordance with the above-mentioned Law, the FSB of Russia issued Order No. 564 of 13.11.99 «On approval of provisions on the certification system of information protection tools according to security requirements for information constituting a state secret, and on its conformity marks». The said Order of the FSB of Russia established the basic principles, organizational structure of the system of mandatory certification of information protection tools according to security requirements for information constituting a state secret, the procedure for certification of these tools, the procedure for registration of certified tools, as well as the procedure for inspection control of certified tools.

Thus, in accordance with paragraph 1.3 of the Order, the purposes of creating the certification system are:

• implementation of the requirements of Article 28 of the Law of the Russian Federation «On State Secrets»;
• ensuring national security in the field of informatization;
• formation and implementation of a unified scientific, technical and industrial policy in the field of informatization, taking into account the requirements of the system for protecting state secrets;
  assistance in the formation of the market of protected information technologies and means of their provision;
• regulation and control of the development, as well as subsequent production of SZI-GT;
• assistance to consumers in the competent choice of means of information protection;
• protection of the consumer from the dishonesty of the manufacturer (seller, contractor);
• confirmation of product quality indicators declared by manufacturers.

Additionally, Order No. 564 of 13.11.99 defined the types of information security tools subject to certification in the SZI-GT certification system:

• software tools for protecting information from unauthorized access and software backdoors;
• programs that ensure access control to information;
• programs for identifying and authenticating terminals and users based on various criteria (password, additional code word, biometric data, etc.), including programs for increasing the reliability of identification (authentication);
• programs for checking the functioning of the information security system and monitoring the integrity of the means of protection against unauthorized access;
• protection programs for various auxiliary purposes, including anti-virus programs;
• programs for protecting personal computer operating systems (modular software interpretation, etc.);
• programs for monitoring the integrity of general system and application software;
• programs that signal a violation of resource use;
• programs for destroying residual information in storage devices (RAM, video memory, etc.) after its use has ended;
• programs for monitoring and restoring the file structure of data;
• programs for simulating the operation of the system or blocking it when unauthorized access is detected;
• programs for determining unauthorized access and signaling (transmitting messages) about their detection.

II. Let us consider the legislative framework in terms of the powers of the FSTEC of Russia. In accordance with the Regulation «On the Federal Service for Technical and Export Control», approved by the Decree of the President of the Russian Federation of 16.08.04 No. 1085, the Federal Service for Technical and Export Control is a federal executive body implementing state policy, organizing interdepartmental coordination and interaction, special and control functions in the field of state security on issues of:

1. ensuring information security (non-cryptographic methods) in information and telecommunications infrastructure systems that have a significant impact on state security in the information sphere, including those operating as part of critically important facilities of the Russian Federation, in their information systems and telecommunications networks, destructive information impacts on which may lead to significant negative consequences (as amended by Decree of the President of the Russian Federation of 30.11.06 No. 1321);
2. counteracting foreign technical intelligence on the territory of the Russian Federation;
3. ensuring the protection (by non-cryptographic methods) of information containing data constituting a state secret, other information with limited access, preventing its leakage through technical channels, unauthorized access to it, special impacts on information (information carriers) for the purpose of obtaining it, destroying, distorting and blocking access to it on the territory of the Russian Federation (hereinafter referred to as technical protection of information).

Thus, taking into account the above and guided by the RF Government Resolution of 26.06.95 No. 608 «On the certification of information security tools» in terms of fulfilling the requirement for mandatory certification of technical, cryptographic, software and other tools designed to protect information constituting a state secret, as well as the tools in which they are implemented, it becomes obvious that the certification of technical products of information security tools in general should be carried out by the FSB or FSTEC of Russia in the following cases:

• use of cryptographic means of protection — FSB of Russia;
• protection by non-cryptographic means — FSTEC of Russia.

Despite all the obviousness, as noted in [2], the question of logical connections and relationships in the system of legal norms, the logical mechanism of their action should not be confused with the question of logical connections and relationships in the structure of an individual norm. The logical interdependence of legal norms at the most diverse levels of their substantive functioning, their diverse logical connections and relationships (both sectoral and intersectoral) are a universal logical parameter of the normative-legal system. Each legal norm is a certain link in the general normative chain of current legislation. In the process of functioning, it is logically connected with a whole arsenal of other legal norms and is fully realized only within the framework of an integral normative-legal formation (one or another institution, one or another branch, the entire legal system).From a motivational point of view, it is important whether the legislator answers the question: why, say, “permitted”, and not “required” or “prohibited”? Or, on the contrary: why “prohibited”, and not “permitted”? Why this way and not otherwise? It is not enough for the executor of a legal norm to know “what” and “how”. He must know “why” and “for what reason”, otherwise the regulatory functions of a legal norm, like any other social norm, will lose their meaning. Humanity cannot live without the questions “why?” and “for what reason?” and one or another answer to them, guided in its behavior by social norms formulated according to the principle: “it must be so!”, “so be it!” [3]. But what if in fact “it must not be so”, “it is harmful, unfair”? Is such a logical paradox possible, when the improper functions as the proper, obligatory? Can fictitious, false, fictitious standards and formulas exist and function in legislation?

Any normative legal judgment in its full logical volume expresses the idea: such and such an addressee is prescribed such and such behavior with such and such a mode of normativity, because there is such and such an objective need (objective necessity). This “because” determines the choice of the behavioral option by the subject of legal relations, allowing us to speak about the truthful nature of normative prescriptions. The most important principle determining the functioning of legal normativity at its logical-semantic level is deontic proportionality, objectively arising from the entire set of social connections, relations, and their normative needs. Since ancient times, “permitted,” “required,” and “prohibited” have served as universal deontic modes of legal normativity, as well as any other [4].

Let us analyze this situation in terms of the established practice of conducting certification activities for means of protecting information from unauthorized access. The Guidance Document (GD) «Automated Systems. Protection from Unauthorized Access to Information. Classification of Automated Systems and Requirements for Information Protection», approved by the Decision of the Chairman of the State Technical Commission under the President of the Russian Federation dated 30.03.92, established that, in general, a set of software and hardware tools and organizational (procedural) solutions for protecting information from unauthorized access is implemented within the framework of the information protection system from unauthorized access (IPS UAS), conventionally consisting of the following four subsystems:

• access control;
• registration and accounting;
• cryptographic;
• ensuring integrity.

Depending on the class of automated systems, the cryptographic subsystem must be implemented in the volume specified in Table 1, only for classes 2A, IB, 1A.

In general, the requirements for the cryptographic subsystem are formulated as follows:

• encryption of all confidential information recorded on shared (partial) data carriers used by different access subjects, as well as on removable data carriers (floppy disks, microcassettes, etc.) of long-term external memory for storage outside the work sessions of authorized access subjects, must be performed. In this case, areas of external memory that previously contained unencrypted information must be automatically released and cleared;
• access of subjects to encryption operations and cryptographic keys must be additionally controlled by the access control subsystem;
• certified cryptographic protection tools must be used. Their certification is carried out by special certification centers or specialized enterprises licensed to carry out certification of cryptographic protection tools.

Let's explain the situation with examples. As a first example, let's consider the information protection system from unauthorized access «Guardian NT». The «Guardian NT» system (version 2.5) is a specialized software and hardware complex designed to ensure information security in automated systems based on personal computers.

The SZI «Guardian NT» can be used in developing information protection systems for automated systems up to security classes 3A, 2A and 1B inclusive (Table 1) in accordance with the requirements of the guideline document of the State Technical Commission of Russia «Automated Systems. Protection from Unauthorized Access to Information. Classification of Automated Systems and Requirements for Information Protection». «Guardian NT» can be installed on single-processor and multi-processor computers built on the Intel i386 platform, in the environment of the operating systems of Microsoft Windows NT 4.0, Windows 2000, Windows XP and Windows 2003. «Guardian NT» does not contain a cryptographic subsystem.

In accordance with the RF Government Resolution of 26.06.95 No. 608 «On certification of information security tools», the FSTEC RF issued Certificate of Conformity No. 1260 to the Strazh NT information security tool (version 2.5). The certificate certifies that the «Strazh NT information security system (version 2.5)» is an information security tool and complies with the requirements of the guidelines «Computer hardware. Protection against unauthorized access to information. Indicators of protection against unauthorized access to information» (State Technical Commission of Russia, 1992) — for security class 3 and «Protection against unauthorized access to information. Part 1. | Information security software. Classification by the level of control of absence of undeclared capabilities» (State Technical Commission of Russia, 1999) — at the 2nd level of control». It is known that the 3rd class of protection in combination with the 2nd level of control corresponds to the classification of the guideline document «Automated systems. Protection from unauthorized access to information. Classification of automated systems and requirements for information protection» at level 1B inclusive [5]. The second example is Secret Net 5.0. This is a hardware and software complex that provides protection for servers, workstations and mobile PCs running Windows 2000, Windows XP and Windows 2003 operating systems.

Table 1