The term "cryptography" comes from the ancient Greek words "hidden" and "I write." The phrase expresses the main purpose of cryptography - it is the protection and preservation of the secrecy of the transmitted information. Information protection can occur in various ways. For example, by restricting physical access to data, hiding the transmission channel, creating physical difficulties in connecting to communication lines, etc.
Cryptography purpose
Unlike traditional methods of cryptography, cryptography assumes that the transmission channel is fully accessible for attackers and ensures the confidentiality and authenticity of information using encryption algorithms that make information inaccessible for outside reading. The modern system of cryptographic information protection (CPSI) is a software and hardware computer complex that provides information protection for the following basic parameters.
- Confidentiality - the impossibility of reading information by persons who do not have the appropriate access rights. The main component of ensuring confidentiality in cryptographic information protection is the key, which is a unique alphanumeric combination for user access to a specific cryptographic information protection block.
- Integrity - the impossibility of unauthorized changes, such as editing and deleting information. To do this, redundancy is added to the initial information in the form of a verification combination calculated by a cryptographic algorithm and depending on the key. Thus, without knowledge of the key, adding or changing information becomes impossible.
- Authentication - confirmation of the authenticity of information and the parties sending and receiving it. Information transmitted via communication channels must be uniquely authenticated by the content, creation and transmission time, source and recipient. It should be remembered that the source of threats can be not only the attacker, but also the parties involved in the exchange of information with insufficient mutual trust. To prevent such situations, the cryptographic information protection system uses a time stamp system to prevent the retransmission or return of information and to change its order.
- Authorship - confirmation and impossibility of abandoning the actions committed by the user of information. The most common authentication method is electronic digital signature (EDS). The EDS system consists of two algorithms: to create a signature and to verify it. When working intensively with ESCs, it is recommended that software certification centers be used to create and manage signatures. Such centers can be implemented as a cryptographic information protection facility completely independent of the internal structure. What does this mean for an organization? This means that all operations with electronic signatures are processed by independent certified organizations and forgery of authorship is almost impossible.
Encryption algorithms
Currently, among encryption tools, open encryption algorithms using symmetric and asymmetric keys with a length sufficient to provide the necessary cryptographic complexity prevail. The most common algorithms:
- symmetric keys - Russian -28147.89, AES, DES, RC4;
- asymmetric keys - RSA;
- using hash functions - -34.11.94, MD4 / 5/6, SHA-1/2.
Many countries have their own national standards for encryption algorithms. In the USA, a modified AES algorithm with a key length of 128-256 bits is used, and in the Russian Federation the electronic signature algorithm P-34.10.2001 and the block cryptographic algorithm P-28147.89 with a 256-bit key. Some elements of national cryptographic systems are prohibited for export outside the country, the development of cryptographic information protection requires licensing.
Cryptographic hardware protection systems
Hardware cryptographic information protection devices are physical devices that contain software for encrypting, recording, and transmitting information. Encryption devices can be made in the form of personal devices, such as ruToken USB encryptors and IronKey flash drives, expansion cards for personal computers, specialized network switches and routers, on the basis of which it is possible to build fully protected computer networks.
Hardware CIPFs are quickly installed and operate at high speed. Disadvantages - high, compared with software and hardware-software CIPF, the cost and limited ability to upgrade.
Also, cryptographic information protection units integrated into various data recording and transmission devices, where encryption and restriction of access to information are required, can be attributed to hardware. Such devices include automobile tachometers, fixing parameters of vehicles, some types of medical equipment, etc. For the full operation of such systems, a separate activation of the cryptographic information protection module by the supplierβs specialists is required.
Cryptographic Security Systems
Software cryptographic information protection tools is a special software package for encrypting data on storage media (hard and flash disks, memory cards, CD / DVDs) and when transmitting via the Internet (emails, files in attachments, secure chats, etc.). There are many programs, including free ones, for example, DiskCryptor. Cryptographic cryptographic information protection software can also include secure virtual networks of information exchange working over the Internet (VPN), the extension of the Internet protocol HTTP with support for HTTPS and SSL encryption, a cryptographic protocol for transmitting information that is widely used in IP-telephony systems and Internet applications.
Software cryptographic information protection tools are mainly used on the Internet, on home computers and in other areas where the requirements for the functionality and stability of the system are not very high. Or as is the case with the Internet, when you have to simultaneously create a wide variety of secure connections.
Software and hardware crypto protection
Combines the best qualities of hardware and software systems CIPF. This is the most reliable and functional way to create secure systems and data networks. All options for user identification are supported, both hardware (USB-drive or smart card), and "traditional" - login and password. Software and hardware cryptographic information protection tools support all modern encryption algorithms, have a large set of functions for creating a secure workflow based on electronic digital signature, all the required state certificates. Installation of cryptographic information protection is performed by qualified developer personnel.
Company "CRYPTO-PRO"
One of the leaders of the Russian cryptographic market. The company is developing a full range of information protection programs using digital signatures based on international and Russian cryptographic algorithms.
The company's programs are used in electronic document management of commercial and state organizations, for the submission of accounting and tax reporting, in various city and budget programs, etc. The company has issued more than 3 million licenses for the Crypto PRO CSP program and 700 licenses for certification centers. Crypto-PRO provides developers with interfaces for embedding cryptographic protection elements in their software products and provides a full range of consulting services for the creation of cryptographic information protection tools.
Crypto Provider CryptoPro
When developing the CryptoPro CSP cryptographic information protection system, the cryptographic architecture Cryptographic Service Providers built into the Windows operating system was used. The architecture allows you to connect additional independent modules that implement the required encryption algorithms. Using modules working through the CryptoAPI functions, both software and hardware cryptographic protection tools can implement cryptographic protection.
Key holders
As private keys various hardware can be used , such as:
- smart cards and readers;
- electronic locks and readers working with Touch Memory devices;
- various USB keys and removable USB drives;
- Windows registry files, Solaris, Linux.
Crypto Provider Features
SKZI CryptoPro CSP is fully certified by FAPSI and can be used for:
1. Ensuring the legal force and authorization of electronic documents through the creation and verification of digital signatures in accordance with Russian encryption standards.
2. Full confidentiality, authenticity and data integrity using encryption and simulation protection in accordance with Russian encryption standards and TLS protocol.
3. Checks and integrity control of the program code to prevent unauthorized changes and access.
4. Creating a system security regulation.