NEW CABLE TRANSDUCER FOR SEISMOMAGNETOMETRIC DETECTION. Article updated 21.04 in 2023.

ALEXEY ALEXEYEVICH TERENIN, PH.D. (Eng.)

CRYPTOGRAPHIC ALGORITHMS USED TO ENSURING INFORMATION SECURITY DURING INTERNET INTERACTION

A brief overview of the most common encryption algorithms today, their description, as well as problems that arise during their implementation and significant aspects in practical use are presented.

Protection of information by cryptographic transformation methods consists of changing its constituent parts (words, letters, syllables, numbers) using special algorithms or hardware solutions and key codes, i.e., bringing it to an implicit form. To get acquainted with encrypted information, the reverse process is used: decoding (decryption). The use of cryptography is one of the common methods that significantly increases the security of data transmission in computer networks, data stored in remote memory devices, as well as when exchanging information between remote objects.

For transformation (encryption), some algorithm or device implementing a given algorithm, which may be known to a wide range of people, is usually used. The encryption process is controlled by a periodically changing key code, which ensures an original presentation of information each time when using the same algorithm or device. Knowing the key allows you to decrypt the text simply and reliably. However, without knowing the key, this procedure may be practically impossible even with a known encryption algorithm.

Even simple transformation of information is a very effective means of hiding its meaning from most unskilled intruders.

A Brief Historical Review of the Development of Encryption

The origins of cryptography go back to Egyptian hieroglyphs. Since ancient times, when Egypt and Persia flourished, messengers were used for the most important state and military missions, who carried the text of the message either on parchment or in their heads to convey it verbally, the latter method was more preferable. Even then, more or less successful methods of protecting transmitted information from the encroachments of interceptors appeared. Let us cite a well-known legend from the Ancient World. A certain king, having been captured, made a tattoo on the head of a slave — a message to the allies. When the hair grew back, the slave moved to the recipients of the message and the king was freed. The prototype of today's steganography.

The ancient Greeks used round sticks of the same diameter, on which strips of parchment were wound. The writing was done longitudinally along the length of the stick. It was possible to fold the text into a readable form only if you had a stick of the same diameter.

In Ancient Rome, the science of cryptography, translated from Latin as secret writing, was already clearly beginning to form. The Caesar cipher appears, when each letter is replaced by a letter three letters away in the alphabet.

In medieval intriguing Europe and Central Asia, there was a rapid development of cryptography and cryptanalysis — methods for breaking encrypted texts. The first systematic work on cryptography is considered to be the book of the architect Leon Battisti Alberti (1404 — 1472). One of the first cryptanalysts was François Viète (1540 — 1603), at the court of the King of France Henry IV. At the same time, advisers from the Adgenti family, who can also be called cryptanalysts, served at the court of the Pope. The entire period up to the middle of the 17th century is full of works on cryptography and cryptanalysis.

In the 19th and in the first half of the 20th century, many countries, including Russia, used encryption methods for secret diplomatic correspondence, the keys for which were composed of excerpts from certain texts of ordinary books (cipher books).

Since the beginning of the 20th century, — since the First World War — special encryption machines begin to be used.

The German Enigma machine, the code of which was broken by the British, is widely known. In order not to reveal the fact that the German cipher had been broken, the British government made great sacrifices among the civilian population by not warning the residents of two large cities about the impending bombings. But this later helped to gain a significant advantage in the northern naval battles with Germany, when the invincible German submarines and cruisers were destroyed.

After World War II, computers took up cryptography. For a long time, it was the domain of the most powerful supercomputers of their time.

Publications on this topic were strictly classified and the use of scientific research in this area was a national prerogative. Only the textbook work of Von Neumann in the 1940s was publicly available, describing, in addition to the principles of building computing systems, some other possible malicious methods of influence to disrupt the “legal” computing process, as well as the classic work of Shannon, which laid the foundations of computer cryptography.

Since the 1970s, open publications have appeared: Heffey-Dillman in 1976. In 1970, there was a classified invention of James Ellis (Great Britain) in the field of cryptography. The most famous algorithm of asymmetric cryptography is RSA, developed by Ronald Rivest, Eddie Shamir and Len Edleman in 1977. The RSA algorithm is of great importance because can be used for both public key encryption and digital signature creation.

This was a revolutionary period in the development of cryptographic science. New methods of secret distribution of key information in open computing systems appeared, and asymmetric cryptography was born.

But even after that, for a long time, the prerogative of using cryptography in data protection was with government services and large corporations. The computing equipment of that time, which had the power necessary for cryptographic transformations, was very expensive.

At that time, the main state standards of cryptographic algorithms appeared (USA and some European countries), the use of which was prescribed when working with information classified as a state secret.

The veil of secrecy surrounding these technologies even led to the US equating cryptographic algorithms with weapons, and a ban on the export of encryption hardware and software. Then, export restrictions were introduced on the length of the key used in encryption algorithms outside the US, which allowed American intelligence agencies to decrypt messages using existing computing power without knowing the shortened key. Export restrictions were lifted on March 1, 2001. Due to the events of September 11 of the same year, there has been a tightening of government control. The US government is considering options for re-introducing export controls on encryption tools.

Let's go back to the 70s. Since then, neither scientific research nor the development of computing tools have stopped. The computing power of supercomputers increases several times every few years. The personal computer appears. The power of a personal computer is approximately equal to the power of a supercomputer ten years ago. Now personal computers have become even more powerful.

Since the 1980s, ordinary users have had the opportunity to use cryptographic tools on their computers, which government agencies have been fiercely preventing, and it has become more difficult to monitor the activities of citizens of the country, including criminals.

The release of PGP (Pretty Good Privacy) by Phil Zimmermann (version 1.0 was released in 1991) and its provision for open and free use gave great opportunities to ordinary computer users. Phil Zimmermann was even declared an enemy of the state, he was sentenced to imprisonment.

Ever-increasing computing power forced the use of increasingly complex cryptographic algorithms or increasing the length of the keys used in encryption.

Standards for cryptographic algorithms became obsolete and unreliable. Information protected by a certain key could no longer be kept confidential for a long enough time — as long as required by government regulations. For example, keeping information completely secret in encrypted form for 5 years meant that an adversary with the most powerful computing resources, constantly trying out possible keys, would not have been able to find the right key to decrypt the stored information within that period with a fairly high probability.

Competitions began to be held to crack some information encrypted using the algorithm of one of the standards. The winner was awarded a solid cash prize, as well as worldwide fame in the information community. By combining ordinary computers in a computer network to work in parallel to solve a given problem, users gathered in groups and selected the key together.

A key length of 48 bits means that 248 attempts must be made. Increasing the key length, for example, by only 16 bits, means that 216 times more must be tried.

But even such a key size allowed the problem of cracking the cipher to be solved by the combined groups in days and even hours of parallel work. Later, it was necessary to switch to keys that were several times longer than those mentioned. But this was only a temporary measure, and new standards for cryptographic transformation algorithms (AES in the USA) were recently adopted.

Currently, the press has published many publications devoted to this problem. Numerous books are published, both translated and by Russian authors. Cryptography allows solving the problem of protecting information from disclosure and modification. The mathematical apparatus of modern cryptography surpasses in complexity that used to develop nuclear weapons and space systems.

Modern cryptography is divided into symmetric and asymmetric. Symmetric — into stream cipher, block and composite. Asymmetric cryptography is more resource-intensive, and in symmetric there is a problem of effective key distribution. Modern secure exchange systems are based on the use of mixed cryptography. At the beginning of the exchange session, the parties send each other secret session keys using asymmetric cryptography, which are then used for symmetric encryption of the transmitted data. The asymmetric cryptography system allows distributing keys in symmetric encryption systems.

Government and military telecommunications systems use exclusively symmetric encryption (usually with one-time keys). This is due to the fact that the stability of systems with public keys has not been proven strictly mathematically, but the opposite has not been proven either.

Encryption of information should not be taken as a panacea for all information threats. It should be perceived as one of the mandatory measures to protect information as part of a comprehensive information security system. The use of encryption should be combined with legislative, organizational and other protective measures.

Symmetric encryption algorithms

Encryption algorithms are designed to solve the problem of ensuring the confidentiality of information. Currently, cryptographic methods are intensively used to close information. Since ancient times, the most effective form of protection has been and remains encryption.

Encryption is defined as the mutual conversion of unprotected (open) information into encrypted (closed) form – ciphertext [1], in which it is not presented fully accessible to an attacker. Keys are used during encryption, the presence of which means the possibility of encryption and/or decryption of information. It is important to note that the encryption method itself does not need to be kept secret, since knowledge of it alone will not allow decryption of the ciphertext.

Modern cryptosystems can be clearly divided by the method of using keys into cryptosystems with a secret key (symmetric) and with an open key (asymmetric). If the same key is used for encryption and decryption, such a cryptosystem is called symmetric.

Symmetric cryptosystems include DES [2], AES, GOST 28147-89 [3], etc. A new direction in cryptography was the invention of asymmetric cryptosystems with an open key, such as RSA, DSA or El-Gamal [4, 5].

In asymmetric cryptosystems, different keys are used for encryption and decryption, which are practically inderivable from each other, one of which (the decryption key) is made secret, and the other (the encryption key) is made public. This makes it possible to transmit secret messages over an unprotected channel without first transmitting the secret key. It was public key cryptography that broke the vicious circle of symmetric ciphers, when in order to organize the exchange of secret information, it was first necessary to distribute secret keys.

Public key cryptosystems will be considered in detail later, but now let us return to symmetric cryptosystems (KS).

The most important component of KS are ciphers [1, 4] or procedures for the mutually inverse transformation of plaintext M into ciphertext M':

M’ = E(M),
M = D(M’),

where E is the encryption function and D is the decryption function.

The generally accepted approach in cryptography is to construct a cipher in which its secrecy is determined only by the secrecy of the KS key (Kerkoff's rule). Thus, the cipher must be resistant to cracking, even if a potential cryptanalyst knows the entire encryption algorithm, except for the value of the key used, and has the full text of the intercepted ciphertext.

Practice has shown that the more the algorithm is known, the more people have worked with it, the more tested, and therefore reliable it becomes. Thus, publicly known algorithms now withstand the struggle with time, but classified state ciphers reveal many errors and shortcomings, since it is impossible to take everything into account.

The generally accepted scheme for constructing symmetric cryptosystems is cyclic permutations and substitutions of bits in a block of fixed length, the algorithm of which is determined by the secret key.

Fig. 1. Scheme of construction of symmetric cryptosystems

An encryption algorithm is considered secure if, having private data and knowing the secret key, it is impossible to obtain information about the open data. It has been rigorously proven that it is impossible to construct an absolutely secure cipher, except for the case when the size of the secret key is equal to (or greater than) the size of the encrypted data [1]. This case is difficult to implement in practice, since the cryptographic protection tools actually used and available on the market use ciphers for which the task of restoring the open text from the closed text is difficult to calculate, that is, it requires such large resources that the attack becomes economically impractical.

Among the symmetric ciphers, the following are the most well-known and frequently used (the block size in bits is designated as b, the number of cycles is r, and the key length is l):

DES— US government standard [2] (b = 64, r = 16, l = 56). Currently, DES has been proven to be insufficiently resistant to brute force attacks [6, 7].
Triple DES and DESX (b = 64, r = 16, l = 168;112) — sequential application of the DES algorithm with different keys, which provides significant resistance to hacking [4, 8, 9].
IDEA — (b = 64, r = 8, l = 128) [4]. Active research into its resistance has revealed a number of weak keys, but the probability of their use is negligible.
RC5— a parameterized cipher with variable block size (b I [32, 64, 128]), number of cycles (r Ј 255) and number of key bits (l Ј 2040) [10]. Studies of its security [11] have shown that for b = 64 it is inaccessible to differential cryptanalysis for r і 12 and to linear cryptanalysis for r і 7.
GOST 28147-89— Russian data encryption standard [3] (b = 64, r = 32, l = 256). Many weak keys have been found for GOST, significantly reducing its effective security in simple encryption modes [12, 13]. Evaluation of GOST's cryptographic security is also complicated by the fact that the most important part of the algorithm — replacement nodes or S-boxes in DES cipher terminology — is not described in the standard and the laws of its generation remain unknown. At the same time, it has been proven that there is a high probability of obtaining weak replacement nodes, simplifying cryptanalysis of this cipher.
Blowfish— is a 64-bit block cipher developed by Schneier in 1993, implemented using key-dependent permutations and substitutions. All operations are based on XORs and additions on 32-bit words. The key has a variable length (maximum 448 bits) and is used to generate several subkey arrays. The cipher was created specifically for 32-bit machines and is significantly faster than DES [14].

Now the new encryption standard AES has been adopted in the USA. A competition was held among encryption algorithms, in which Rijndael won and became the basis for AES. Rijndael is an iterative block cipher with variable block length and different key lengths. A more detailed description of this algorithm and the results of the competition are given in [18].

A fairly large number of symmetric algorithms have been developed, published and studied in the world (Table 1), of which only DES and its modification Triple DES have been sufficiently tested by time. The table does not include little-known and poorly studied algorithms, such as Safer, etc.

Table 1. Overview of symmetric encryption methods

Currently, symmetric algorithms with a key length of more than 100 bits (Triple DES and IDEA, etc.) are not unbreakable. The domestic GOST algorithm, in comparison with them, is distinguished by increased complexity both in generating replacement nodes and in generating keys. Also, for the GOST algorithm, there is a high probability of generating an unstable key, which in some encryption modes reduces its effective key length from 2256 to 262 [12].

Triple DES is a more proven algorithm than IDEA and provides acceptable operating speed. The Triple DES algorithm is a three-fold application of the DES algorithm to the same data, but with different keys.

DES has penetrated into Russia and is widely used in practice as an integral part of various software and hardware, the most widely known of which are the S.W.I.F.T. system, secret VISA and EUROPAY modules, secret ATM and POS modules, and, finally, smart cards. Particularly intense discussions around data encryption algorithms are caused by smart cards. At the same time, there are serious grounds to believe that the reliability of domestic cryptosystems of conversion origin will exceed foreign analogues [16].

However, Russian legislation, as well as the legislation of many other countries, only permits the use of national encryption standards.

The GOST 28147-89 algorithm is built on the same principle as DES, it is a classic block cipher with a secret key, but differs from DES in a longer key length, a larger number of rounds and a simpler scheme for constructing the rounds themselves. Table 2 shows its main parameters, for convenience — in comparison with the parameters of DES [17].

Table 2. Comparison of the parameters of the DES and GOST ciphers

If secret information needs to be exchanged between people who trust each other, i.e. who are part of the same organization, symmetric cryptography can be used. Of course, both (or more) parties must already have encryption keys for interaction.

If we briefly describe the information exchange scenario, it is as follows:

• an existing file containing secret information is created or used;
• the file is encrypted using a key known to both parties, determined by the encryption algorithm;
• the encrypted file is transferred to the subscriber, the storage medium is not so important, it can be a floppy disk, e-mail, a message on the network or a modem connection, it is very convenient, to reduce the risk, to also store all files containing secret information in encrypted form. Then, if the computer, laptop of an employee on a business trip, or hard drive falls into the hands of an intruder, the files closed with a key will not be available for direct reading. Now in the world there are systems that automatically encrypt all information stored in a laptop, they also provide a forced entry mode, if an employee is forced to boot the laptop, then by entering a special password, instead of the usual one, you can destroy all the information, naturally, a recovery mode is provided after this action. The hard drive can be simply dismantled from the computer, it is not so difficult to take it out of the protected area (compared to an entire computer);
• on the receiving side, the legitimate recipient, having the key, opens the encrypted files for further use.

Many modern methods of protective transformations can be classified into four large groups: permutations, replacements (substitutions), additive and combined methods. Permutation and substitution methods are usually characterized by a short key length, and the reliability of their protection is determined by the complexity of the transformation algorithms. Additive methods are characterized by simple transformation algorithms, and their cryptographic resistance is based on increasing the key length.

Cipher cracking

There is a method for cracking a cipher based on trying all the key options. The criterion for the correctness of the option is the presence of the probable word in the text”.

The set of all possible keys is searched, the encrypted text is decrypted on each key. A probable word is searched for in the resulting “pseudo-open” text. If there is no such word, the current text is rejected, and the next key is selected. If such a word is found, the key variant is displayed on the screen. Then the keys are searched until the entire set of variants is exhausted. It is possible to find several keys for which the “pseudo-open” texts contain a probable word.

After the search is complete, it is necessary to decrypt the text on the keys found. The pseudo-open text is displayed on the screen for visual control. If the operator recognizes the text as open, then the work on opening is finished. Otherwise, this key variant is rejected and the transition to the next key is carried out.

To combat the method of complete search, it is possible to increase the length of the encryption key used. Moreover, increasing its length by only 8 bits increases the number of search variants by 28 times, respectively by 64 bits — by 264 times.

Among the problems inherent in the use of cryptographic encryption algorithms, it is necessary to highlight the problem of key distribution. Before the interacting parties can send each other encrypted messages, they must exchange encryption keys via some secret channel. In addition, the information exchange system must maintain a huge number of keys in an up-to-date state.

Cryptographic encryption algorithms do not allow to establish the integrity of the received message (i.e. to make sure that the message was not modified during transmission). Authorship can be confirmed only by possession of a certain key, so anyone who becomes the owner of someone else's key will be able to pass off their messages as messages sent by another user.

The problem of distributing secret keys over a public communication channel can be solved by the Diffie-Hellman algorithm. But this algorithm is an asymmetric cryptographic algorithm. They use two keys: public and private.

Asymmetric cryptographic algorithms were rapidly developed in the 1970s. Such algorithms can also solve the problems of authorship and authenticity verification, allowing encrypted information to be exchanged between parties that do not trust each other. In addition, the use of asymmetric algorithms reduces by an order of magnitude the number of keys that must be distributed between the interacting parties. Asymmetric encryption systems include a public database of public keys that can be distributed over open communication channels and their disclosure will in no way compromise the system, which is why they are called open.

End in No. 4, 2006.

1. Shannon C.E. Communication Theory of Secrecy Systems. Bell Systems Technical Journal 28, 1949, pp. 656 — 715.
2. Federal Information Processing Standards Publication 46-2. Data Encryption Standard (DES). NIST, US Department of Commerce, Washington D.C., 1993.
3. GOST 28147-89. Information processing systems. Cryptographic protection. Cryptographic transformation algorithm.
4. Bruce Schneier, Applied Cryptography: Protocols, Algorithms and Source Code in C. John Willey & Sons, 1994.
5. Nechvatal James. Public-Key Cryptography. NIST, Gaithersburg, 1990.
6. Weiner M. Efficient DES key search : Technical Report TR-244, School of Computer Science, Carleton University, 1994.
7. Odlyzko A.M. The Future of Integer Factorization. Cryptobytes, RSA Laboratories.- vol. 1, N 2, 1995, pp. 5 — 12.
8. Rogaway P. The security of DESX. Cryptobytes, RSA Laboratories, vol. 2, N 2, 1996, p. 8 — 11.
9. Kaliski B., Robshaw M. Multiple encryption: weighing security and performance. //Dr. Dobb's Journal, January 1996, p. 123 — 127.
10. Rivest R.L. The RC5 Encryption Algorithm. Cryptobytes, RSA Laboratories, vol. 1, N 1, 1995, p. 9 — 11.
11. Kaliski B., Yiqun Lisa Yin. On the Security of the RC5 Algorithm. Cryptobytes, RSA Laboratories, vol. 1, N 2, 1995, p. 12.
12. Oleynik V. Cycles in the algorithm of cryptographic data transformation GOST 28147-89. http://dekart.ru
13. Andrey Vinokurov. Encryption algorithm GOST 28147-89, its use and implementation for computers of the Intel x86 platform.
14. What is Blowfish? http://halyava.ru/aaalexey/CryptFAQ.html.
15. Linn J. Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures. RFC 1421, 1993.
16. Yevtushenko Vladimir. Triple DES. New standard? http://bgs.ru/russian/security05.html.
17. What is GOST28147-89? http://halyava.ru/aaalexey/GOST.html.
18. Andrew Jelly. /Cryptographic standard in the new millennium/, http://baltics.ru/~andrew/AES_Crypto.html.
19. Rijndael encryption algorithm. http://stophack.ru/spec/rijndael.shtml.