USING PROTECTED POCKET COMPUTERS TO SOLVE RADIO MONITORING PROBLEMS ON THE GROUND.

USING PROTECTED POCKET COMPUTERS TO SOLVE RADIO MONITORING PROBLEMS ON THE GROUND..

USING PROTECTED POCKET COMPUTERS TO SOLVE RADIO MONITORING PROBLEMS ON THE GROUND.

TERENIN Aleksey Alekseevich, Candidate of Technical Sciences

CRYPTOGRAPHIC ALGORITHMS USED TO ENSURING INFORMATION SECURITY DURING INTERACTION ON THE INTERNET

End. Beginning in No. 3, 2006

Asymmetric encryption algorithms

Public key cryptosystems are usually built on the basis of a complex mathematical problem of calculating a function inverse to a given one. Such functions are called one-way, i.e. their inversion is a practically unsolvable problem. The essence of the encryption method is that the calculation of the function of the encrypted message in the forward direction is carried out using the public key of the receiving subscriber, and during decryption (calculation of the inverse function) his secret key is used. As expected, there are few known mathematical problems that satisfy the listed requirements, and only some of them were used to build ciphers used in practice. Let us consider a number of the most well-known public key cryptosystems.

  • RSA [1]. The problem of factorization (calculation of prime factors) of a large integer is used. Built on the basis of multiplying two prime numbers of large digit capacity [2]. Widely used in cryptographic protocols for information closure and authentication.
  • El-Gamal [3, 4]. Based on the discrete logarithm problem in a finite field [2]. Used in the standards of electronic digital signature (EDS) DSS [5], GOST R34.10-94 [6], etc.
  • Elliptic curves (elliptic curve) [7]. Based on the discrete logarithm problem on elliptic curves in a finite field.

Inverse problems of factorization and discrete logarithm are solved by methods close to exhaustive search, and are difficult to calculate for large numbers.
Public key cryptosystems are used mainly in three directions:

  • information closure;
  • authentication using digital signature;
  • public key distribution protected from interception (Diffie-Hellman cryptosystem) [8].

The advantages and disadvantages of asymmetric cryptosystems are considered in more detail in [5, 6, 9, 16, 22, 30, 31].

Hash functions

Integrity and authenticity protection protocols for the formation of imitation inserts and digital signatures use cryptographic “compressing” hash functions, which make it possible to obtain a value with a fixed number of bits from a data block of arbitrary length [10, 11, 12, 13, 14, 15].
In order to reduce the size of the digital signature and reduce the time it takes to generate and verify it, it is applied to hash values, which are usually significantly shorter than the original messages. A number of requirements are imposed on cryptographic hash functions aimed at making it difficult to counterfeit an EDS by finding a modification of the data block in which the value of the hash function and, consequently, the EDS remain unchanged.
The most widely used hash functions are the following, built on a system of cyclically repeated permutations and substitutions (the length of the generated hash value in bits is indicated in brackets):

  • MD5 [16, 17, 18, 19] (128);
  • SHA-1 [20] (160);
  • GOST [21] (256).

Table 1. List and parameters of hash functions

Hash Function

Value Length, Bits

Block Size, Bits

Performance, Mbps

Note

MD2

128

 

No data

Developed by Ron Rivest in 1989.
Collisions found in simplified compression function [18]

MD4

128

448

23.9

Developed by Ron Rivest in 1990.
Collisions found [18]

MD5

128

512

16.7

Developed by Ron Rivest in 1991.
Collisions were found in the compression function [18]

RIPEMD-160

160

 

5.67

Developed in 1995 in the European RIPE project

SHA-1

160

512

6.88

Developed in 1995 in NIST

GOST

 

 

0.9

Russian GOST

Table 1 does not list rarely used and exotic hash functions, as well as hash functions built on symmetric block ciphers according to the Meyer – Matyas and Davies – Price schemes [9].
The mentioned hash functions are described in more detail in [11, 16 21].
Although public key cryptographic protection or asymmetric cryptosystems have been used especially widely since the late 1970s [22], they have a very serious drawback – extremely low performance. In this regard, in practice, a combined cryptographic protection scheme is usually used [23]. When establishing a connection and authenticating the parties, public key cryptography is used, then a session key is generated for symmetric encryption, which closes all traffic between subscribers. The session key is also distributed using the public key.


Fig. 1. Scheme of the algorithm of an asymmetric cryptosystem

Table 2. Asymmetric cryptosystems

Method name

Hacking method
(math. problem)

Cryptographic strength, MIPS

Note

RSA

Large Prime Factorization

2.7•1028 for a 1300-bit key

Developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Eidelman.
Included in many standards

LUC

Large Prime Factorization

 

 

El-Gamal
(El-Gamal)

finding the discrete logarithm in a finite field

with the same key length, cryptographic strength equal to RSA

Developed by El-Gamal. Used in the DSA digital signature algorithm DSS

Elliptic equations

solving elliptic equations

cryptographic strength and speed higher than RSA

Modern direction. Developed by many leading mathematicians

The RSA method is currently the de facto standard in information security systems and is recommended by the CCITT (Consultative Committee in International Telegraphy and Telephony) in the X.509 standard [24]. RSA is used in many international standards (S-HTTP, PEM, S-MIME, S/WAN, STT, SSL, PCT, SWIFT, ANSI X.9.31, etc.) [24, 25, 26, 27], in credit card service systems, in operating systems for protecting network protocols.
A huge amount of scientific research has been conducted for the RSA and ElGamal methods, a large number of methods of their cryptanalysis, protection against attacks have been studied, cryptographic resistance has been calculated in detail depending on the key length and other parameters. Both methods have the same cryptographic resistance (with the same key length) and approximately the same operating speed. Considering that the elliptic curve method is undergoing testing and has not been subjected to as many hacking attempts as the RSA and ElGamal methods, the use of the latter two in encryption systems seems preferable.
A detailed description of these algorithms is given in [1, 7, 11, 16, 29, 31].

Electronic digital signature
If information is exchanged between parties that do not trust each other or are interested in carrying out actions against each other (bank and client, store and buyer), it is necessary to use asymmetric encryption methods, as well as the EDS method.
It is necessary to ensure not only confidentiality, but also the integrity of the message (the impossibility of replacing the message or changing anything in it), as well as authorship. In addition, it is necessary to prevent the possibility of the author of the message denying the fact of sending a signed message.
An electronic signature of a document allows its authenticity to be established. In addition, cryptographic means provide protection against the following malicious actions:

  • denial (renegade) — subscriber A claims that he did not send a message to B, although in fact he did;
  • modification (reworking) — subscriber B changes the document and claims that he received this document (modified) from subscriber A;
  • substitution — subscriber B creates a document (new) and claims that he received it from subscriber A;
  • active interception – an intruder (connected to the network) intercepts documents (files) and modifies them;
  • «masquerade» – subscriber B sends a document on behalf of subscriber A;
  • repeat – subscriber B repeats a previously transmitted document that subscriber A sent to subscriber B.

All of the above types of malicious actions cause significant damage. In addition, the possibility of malicious actions undermines confidence in computer technology [28, 29]. The authentication problem can be solved based on a cryptographic approach by developing special algorithms and programs.
When choosing an authentication algorithm and technology, it is necessary to provide reliable protection against all of the above types of malicious actions (threats). However, within the framework of classical (single-key) cryptography, it is difficult to protect against all of the above types of threats, since there is a fundamental possibility of malicious actions by one of the parties that owns the secret key.
No one can prevent a subscriber, for example, from generating any document, encrypting it with an existing key common to the client and the bank, and then claiming that he received this document from a legitimate transmitter.
The use of schemes based on two-key cryptography is effective [29]. In this case, each transmitting subscriber has his own secret signature key, and all subscribers have non-secret public keys of transmitting subscribers.
These public keys can be treated as a set of verification relations that allow one to judge the authenticity of the transmitting subscriber's signature, but do not allow one to recover the secret signature key. The transmitting subscriber is solely responsible for his secret key. No one else can generate a correct signature. The transmitting subscriber's secret key can be considered a personal seal, and the owner must restrict access to it by unauthorized persons in every possible way. [28].
To put the idea of ​​open encryption into practice, it was necessary to find specific and constructive answers to the following questions:

  • How to “mix” the user’s individual key with the contents of the document so that they become inseparable?
  • How to verify that the contents of the document being signed and the user’s individual key are authentic without knowing either one in advance?
  • How to ensure that the author can repeatedly use the same individual key to digitally sign a large number of electronic documents?
  • how to guarantee the impossibility of restoring the user's individual key for any number of electronic documents signed with it?
  • how to guarantee the authenticity of the verification of the digital signature and the contents of the electronic document?
  • how to ensure the legal validity of an electronic document with digital signatures that exists without a paper duplicate or other substitute?

It took about 20 years to answer all these questions since the idea was first formulated in 1976 in an article by Whitfield Diffie and Martin Hellman. Now we can definitely say that all these questions have been solved: there is a full arsenal of technical means for authorizing electronic documents, called a digital signature. The modern principles of building a digital signature system are simple and elegant:

  • the methods for calculating and verifying the digital signatures of all users of the system are the same and are based on well-known mathematical problems;
  • methods for calculating digital signature verification keys and individual digital signature generation keys are also the same for everyone and are well known;
  • individual digital signature generation keys are selected by the users themselves at random from a large set of all possible keys;
  • for a specific digital signature algorithm, its strength can be assessed without involving any “closed” information, based only on known mathematical results and reasonable assumptions about the computing power of a potential hacker.

Cryptographic protection tools ensure the authenticity and reliability of information, in addition to solving the problem of maintaining its confidentiality. These functions are performed by digital signature technology [6].
The operation diagram of a digital signature is shown in Fig. 2.


Fig. 2. Algorithm of electronic digital signature

A file, not necessarily text, is received as input to the algorithm; the main requirement for the input parameters of the digital signature is a fixed length; for this, a hash function is used.
Theoretically, the use of various encryption tools promises bright prospects for all companies using the Internet in their activities, but here a new problem arises: finding a compromise with the state and its laws; this problem is covered in detail in [30].
In accordance with the Federal Law «On Electronic Digital Signature» No. 1-F3 of January 10, 2002, an electronic digital signature in an electronic document is recognized as equivalent to a handwritten signature in a document on paper. It also provides legal regulation for organizing electronic document management, distributing public and private keys, building certification centers, and determines the responsibilities of the parties.
The adoption of this law, although it contains some uncertainties, has made it possible to regulate the use of asymmetric encryption tools, in this case digital signatures, to protect data on the Internet.

Literature

  1. Johnson D.B., Matyas S.M. Asymmetric Encryption: Evolution and Enhancements. Cryptobytes, RSA Laboratories, 1996, vol. 2, No. 1, p. 1 – 6.
  2. Varfolomeev A.A., Pelenitsyn M.B. Cryptographic Methods and Their Application in Banking Technologies. Tutorial. Moscow: MIFI, 1995.
  3. Danisch H. The Exponential Security System TESS: An Identify-Based Cryptographic Protocol for Authenticated Key-Exchange. RFC 1824, European Institute for System Security, 1995.
  4. Nechvatal James. Public-Key Cryptography. NIST, Gaithersburg, 1990.
  5. Federal Information Processing Standards Publication 186. Digital Signature Standard (DSS). NIST, US Department of Commerce, Washington D.C., 1994.
  6. GOST R34.10-94. Cryptographic protection of information. Procedures for generating and verifying an electronic digital signature based on an asymmetric cryptographic algorithm.
  7. Menezes A. Elliptic Curve Cryptosystems. Cryptobytes, RSA Laboratories, 1995, vol. 1, 2, p. 1 – 4.
  8. PKCS #3: Diffie-Hellman Key-Agreement Standard. RSA Laboratories.
  9. Kaliski B. Timing Attack on Cryptosystems. Bulletin, RSA Laboratories, 1996, No. 2, p. 1 2.
  10. Anosov V.D., Leonov V.A., Logachev O.A., Lunin A.V. Research of methods for constructing data hashing algorithms. Security of Information Technologies, 1997, No. 3, pp. 5–9.
  11. Kaliski B., Robshaw M. Message Authentication with MD5. Cryptobytes, RSA Laboratories, 1995, vol. 1, No. 1, p. 5–8.
  12. Bellare M. The HMAC Construction. Cryptobytes, RSA Laboratories, 1996, vol. 2, No. 1, p. 12–15.
  13. Federal Information Processing Standards Publication 113. Computer Data Authentication. NIST, US Department of Commerce, Washington D.C., 1985.
  14. Federal Information Processing Standards Publication 190. Guideline for Advanced Authentication Technology Alternatives. NIST, US Department of Commerce, Washington D.C., 1994.
  15. Federal Information Processing Standards Publication 196. Entity Authentication Using Cryptography. NIST, US Department of Commerce, Washington D.C., 1997.
  16. Bruce Schneier. Applied Cryptography: Protocols, Algorithms and Source Code in C. John Willey & Sons, 1994.
  17. Rivest R.L. The MD5 Message-Digest Algorithm. RFC 1321, MIT Laboratory for Computer Science and RSA Data Security, Inc., 1992.
  18. Robshaw M.J. On Recent Results for MD2, MD4 and MD5. Bulletin, RSA Laboratories, 1996, 4, p. 1 – 6.
  19. Dobbertin H. The Status of MD5 After Recent Attack. Cryptobytes, RSA Laboratories, 1996, vol. 2, no. 2, p. 1 – 6.
  20. Federal Information Processing Standards Publication 180-1. Secure Hash Standard (SHS). NIST, US Department of Commerce, Washington D.C., 1995.
  21. GOST R34.11-94. Cryptographic protection of information. Hashing function.
  22. Diffie W. The first ten years of public key cryptography. TIER, May 1988, vol. 76, no. 5.
  23. PGP For Business Security For Windows 95/NT. User's Guide. Pretty Good Privacy Inc.
  24. Kent S. Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management. RFC 1422, 1993.
  25. Linn J. Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures. RFC 1421, 1993.
  26. Balenson D. Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes and Identifiers. RFC 1423, 1993.
  27. Kaliski B. Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services. RFC 1424, 1993.
  28. Jeff Prosys. Digital Signature: How It Works, PC Magazine, April 9, 1996, p. 237.
  29. Anita Karve. Public Key Infrastructure, LAN/Network Solution Magazine #8/97, December 1997, Vol. 3, No. 8.
  30. Zyryanov Mikhail. Data Encryption on the Internet: A Means of Defense or an Attack? Computerworld Russia, 1998, 13.
  31. What is GOST 28147-89.
  32. Maidansky I.S. Network resources and their vulnerabilities. Moscow: 1999
  33. GOST 28147-89. Information processing systems. Cryptographic protection. Cryptographic transformation algorithm.
  34. Tyli E. Personal computer security. /Translated from English. Minsk: «Popourri», 1997, p. 480.
  35. Steng D., Moon S. Secrets of network security. Kyiv: Dialectics, 1996, p. 544.
Мы используем cookie-файлы для наилучшего представления нашего сайта. Продолжая использовать этот сайт, вы соглашаетесь с использованием cookie-файлов.
Принять