Digital telephone terminal with connection closure without using encryption algorithms..
Belous Ivan Petrovich
DIGITAL TELEPHONE TERMINAL WITH CLOSURE OF COMMUNICATION WITHOUT USING ENCRYPTION ALGORITHMS
At present, one of the main prerequisites for the development of society is the ownership and proper management of information resources, which are objects of relations between individuals, legal entities and the state. At the same time, within the limits of its competence, the owner is granted the right to independently establish the protection regime for information resources and access to them.
Unfortunately, due to insufficient information, most information owners do not understand how to ensure its security. This is due to the fact that activities in this area are limited to a relatively narrow circle of specialists and firms offering their services and technical means in this market sector. Meanwhile, the problem of ensuring information security exists and with the development of information technology is becoming more and more urgent. After all, any information that is not of a mass nature and intended for a limited circle of people, falling into the hands of an intruder, can be used to their detriment. In this case, the intruder can use literally everything: from information of a purely everyday nature to information containing official and commercial secrets.
As practical experience shows, it is currently quite difficult to explain to a person who has virtually no material evidence of the financial costs he incurs to ensure information security that in the future these costs will pay off many times over. Most continue to live, hoping for the best, and turn to specialists only after significant financial losses.
At this point, they are faced with a number of complex problems that require resolution. First of all, this is the problem of choosing the right enterprise that is capable of optimally, with the necessary level of sufficiency and confidentiality, solving problems related to ensuring information security. The second problem is the correct choice of the necessary technical means.
In this regard, it should be noted that currently the domestic market offers a fairly large number of devices capable of solving the tasks set to one degree or another. The degree of their effectiveness, as well as price characteristics, fluctuate in a very wide range. Therefore, before starting to form a fleet of necessary technical means, it is advisable to assess the possible actions of an intruder. Such an assessment will help to optimally (rationally) build an information security system and avoid unnecessary material costs.
It should be noted that the problem of information security is complex and the unsystematic acquisition of individual technical means leads to ineffective expenditure of financial resources with minimal results. Therefore, technical means should not be acquired without serious consultation with specialists. Moreover, the practice of an unsystematic approach to ensuring information security usually leads to discrediting the very possibility of solving this problem.
The intensive development of means and systems for transmitting speech information makes the problem of ensuring its security increasingly urgent.
In solving this problem, one of the most important areas is encryption of speech information. Currently, to protect speech information transmitted over standard telephone channels, either analog scrambling or speech conversion into a low-speed digital data stream with subsequent encryption is used. Each of these methods has its advantages and disadvantages. Thus, analog scramblers are distinguished by the high quality of speech restored on the receiving side, immunity to the phase characteristics of the communication channel, however, they do not provide high cryptographic resistance and create time delays in the speech signal, which complicate the dialogue of subscribers.
The emergence of the second method is due to the creation of high-performance signal processors that allow the implementation of fairly complex algorithms for speech signal compression, virtually eliminating the loss of speech quality during its synthesis on the receiving side.
Since encryption of a digital stream in principle allows for high cryptographic stability of the transmitted information, the conversion of speech into a digital stream with subsequent encryption and transmission over a communication channel using modems is currently the main method of its guaranteed protection.
However, it should be noted here that the correct choice and correct implementation of the encryption algorithm are only a few tasks from a set of tasks that must be solved when creating equipment that allows for a certain level of information protection. The fact is that the equipment itself can have various technical channels for information leakage: electromagnetic, acoustoelectric, network, etc. Therefore, the creation of equipment of guaranteed resistance, designed to protect information constituting a state secret, is the prerogative of the scientific and technical and research departments of FAPSI, the FSB, the Ministry of Defense, etc. Only they fully understand the requirements for this equipment, as well as the methods and technical means for checking it. In addition, such equipment has very high price characteristics and its operation requires the constant implementation of a whole range of organizational measures. In addition, any organization wishing to use such equipment is required to obtain a FAPSI license for the right to operate cryptographic equipment.
In this regard, a number of fundamental questions arise. Do commercial organizations really need such a high level of information protection? Perhaps it would be sufficient to stop at 5-10 years of information security guarantee in the communication channel? Is it possible to give such guarantees without using traditional encryption methods in their classical sense?
It seems that for most commercial organizations, equipment that ensures guaranteed stability of transmitted information, i.e., eliminates the possibility of its disclosure by an intruder for 30-50 years using any available technical means, is not needed.
Practical experience shows that to ensure the stability of information for 5-10 years, it is possible to use certain technical solutions that differ from traditional encryption. These include, for example, the use of an original, not disclosed in the technical documentation, modified low-speed (4800 bit/s) algorithm for converting a speech signal into a digital data stream, based on the well-known CELP (Code Excited Linear Prediction) technology. This is an original protocol for transmitting and receiving speech information over a communication channel, encoding a digital stream using algorithms randomly selected from a set of sufficiently large power, etc.
In this case, it seems that the microprocessor telephone terminal should contain the following software and hardware:
1.A speech-transforming device designed to represent a speech signal as a low-speed digital stream during its transmission and to synthesize speech upon reception. To ensure high-quality speech restoration, an upgraded CELP algorithm is used. This algorithm is based on a coding model using the “analysis-by-synthesis” procedure, linear prediction, and vector quantization. A linear prediction filter, for example, of the 10th order, is used to model the short-term spectrum of the speech signal (formant structure). Adaptive and stochastic codebooks are used to generate the excitation signal. The computational complexity of the algorithm is determined by the procedures for finding optimal excitation vectors using two codebooks. Thus, CELP analysis consists of three main procedures:
- short-term linear prediction;
- long-term adaptive codebook search;
- stochastic codebook search.
CELP synthesis consists of the same procedures performed in reverse order.
The encoder operates with speech signal frames 30 ms long (240 samples), sampled at a frequency of 8 kHz. In turn, each of these frames is divided into four subframes of 60 samples. For each frame, the speech signal is analyzed and the transmitted parameters of the CELP model are identified: 10 linear spectral pairs (carry information about the coefficients of the linear prediction filter), indices and gain coefficients in the adaptive and fixed codebooks. Then these parameters are encoded into a bit stream and transmitted to the channel.
In the decoder, this bit package is used to restore the parameters of the excitation signal and the coefficients of the synthesis filter. Then, the speech is restored by passing the excitation signal through the synthesis filter. Then, to improve the quality of perception of the synthetic signal, the output signal from the filter-synthesizer is passed through a postfilter.
The following characteristics must be ensured: intelligibility of the restored speech — at least 99% with full recognition of the voice of the talking subscribers; dynamic range — at least 60 dB.
2. Synchronous modem with an original protocol for transmitting and receiving speech information over a communication channel.
3. A station fax modem designed to convert a fax machine's linear signal into a digital stream for the purpose of its subsequent protection during transmission and reverse conversion during reception. In this case, the V21, V27, V27ter, V29 CCITT protocols must be implemented.
4. A linear facsimile modem designed to transmit and receive protected facsimile information over a communication channel. In this case, the T30 CCITT recommendations, V21, V27, V27ter, V29 protocols must be implemented.
5. An encoding unit designed to convert digital information flows into a form inaccessible to an intruder. In this unit, the information is reorganized according to a randomly selected algorithm during the programming session of each individual group of devices.
The indication and testing control system must ensure:
- programming terminals of various configurations;
- protection of terminal software;
- programming of user functions;
- control of operating modes using fax protocols and DTMF signals;
- self-testing of all technical means of the terminal in the absence of a connection and indication of results;
- indication of the operating mode.
In this case, the security of information in the communication channel is ensured by the use of multi-stage coding, the implementation of which is carried out using original algorithms, including:
- parametric coding of speech information to convert an analog speech signal into a digital data stream;
- compressive coding of the digital data stream to minimize the amount of transmitted information based on the principles of linear prediction;
- linear coding to reorganize the digital data stream using a randomly selected algorithm;
- introducing pseudo-randomness into the transmitted signal to improve tuning and adaptation in the operating mode;
- noise-immune coding using a signal-code design.
Note that the composition of the linear signal must be such that to obtain the initial information, the attacker would have to perform such a number of mathematical operations that would be commensurate with the attack on the cryptosystem using the total key testing method. And if such a number of operations exceeds 1017, then the linear signal can be considered reliably protected. This can be ensured by using a unique linear coding algorithm in a single programming session for each group of devices, which is randomly selected from a very large set of algorithms.
Obviously, it is possible to ensure high information security in this case by implementing a set of measures, which include:
- functioning in a completely isolated software environment;
- continuous testing and monitoring of the system's operation;
- authentication of devices in the system and verification of the integrity of security tools;
- protection of software from intentional and unintentional interference.
Authentication of devices in the system is carried out on the basis of digital signature technology, and software protection must be implemented in such a way that it is possible to only update the stored and used information without the possibility of reading it by any persons, including developers.
The considered general principles of constructing a microprocessor telephone terminal, which allow for high cryptographic resistance of a speech signal without using traditional encryption, formed the basis for constructing the SP19/DT terminal, which, as it seems, will take one of the worthy places in the market of information security equipment in telecommunication systems.