The corporate encryption tools implemented by AST can support GOST encryption algorithms and provide the necessary cryptographic protection classes depending on the required degree of protection, the regulatory framework and compatibility requirements with other, including external systems.

Funds cryptographic protection information (CIPF) are an important component in providing information security and allow you to guarantee a high level of data security, even if encrypted electronic documents into the hands of third parties, as well as in case of theft or loss of storage media with them. CIPF today is used in almost every company - more often at the level of interaction with automated banking systems and government information systems; less often - for storing corporate data and exchanging them. Meanwhile, it is the latest use of encryption that allows you to protect your business from dangerous leaks of critical information with a guarantee of up to 99%, even taking into account the human factor.

Functionally, the need for the use of CIPF is also determined by the ever-growing popularity of electronic document management, archiving and paperless interaction. The importance of documents processed in such systems dictates the obligation to ensure high security of information, which cannot be done without the use of encryption and electronic signature.

The introduction of CIPF into corporate practice provides for the creation of a software and hardware complex, the architecture and composition of which is determined based on the needs of a particular customer, legal requirements, tasks and necessary methods, and encryption algorithms. This may include software components encryption (cryptoproviders), means of organizing VPN, means of identification, means of generating and verifying keys and digital signatures that serve to organize legally significant workflow, hardware storage media.

The corporate encryption tools implemented by AST can support GOST encryption algorithms and provide the necessary cryptographic protection classes depending on the required degree of protection, the regulatory framework and compatibility requirements with other, including external systems. At the same time, encryption tools provide protection for the entire set of information components - files, directories with files and archives, physical and virtual storage media, entire servers and storage systems.

The solution will be able to provide a full range of measures for the reliable protection of information during its storage, transmission, use, as well as for managing the CIPF itself, including:

  • Ensuring the confidentiality of information
  • Ensuring the integrity of information
  • Information authenticity guarantee
  • Targeted information protection, including:
    - Encryption and decryption
    — Creation and verification of EDS
  • Flexibility of configuration, management and use of CIPF
  • Protection of CIPF, including monitoring and detection of cases of malfunction, attempts of unauthorized access, cases of compromise of keys.

Completed projects

Related Services:

  • Event monitoring and information security incident management

    The most important factor in ensuring information security (IS) is the availability of complete and reliable information about events,

    [...]
  • Ensuring network security and perimeter protection

    Network infrastructure technologically underlies all corporate IT systems and is a transport artery for information,

    [...]
  • Protection against targeted attacks

    One of the most serious and dangerous threats to business in terms of information security (IS) are targeted

    [...]
  • APCS protection

    Automated process control system (APCS) in production is a fundamental solution,

    [...]
  • Vulnerability analysis and management systems

    Just as there are no absolutely healthy people, there are no absolutely protected people. information systems. IT infrastructure components

    [...]
  • Information leakage protection (DLP system)

    Any organization has documents with limited access containing certain confidential information. Their entry into others

Means of cryptographic information protection (CIPF)

"... Means of cryptographic information protection (CIPF) - certified in the manner prescribed by law Russian Federation, hardware and (or) software that provides encryption, integrity control and the use of EDS in the exchange of electronic documents;..."

Source:

"Methodological recommendations for the provision of organizations engaged in the production and (or) turnover (with the exception of imports and retail sales) of ethyl alcohol, alcoholic and alcohol-containing products on the territory of the Russian Federation, software tools of a unified state automated information system for recording the volume of production and turnover of ethyl alcohol, alcoholic and alcohol-containing products and their installation in technical means for recording and transmitting information on the volume of production and turnover of ethyl alcohol, alcoholic and alcohol-containing products into a unified state automated information system for recording the volume of production and turnover ethyl alcohol, alcoholic and alcohol-containing products" (approved by Rosalkogolregulirovanie)

"... Means of cryptographic information protection (CIPF) - a set of software and technical means that implement cryptographic transformations with initial information and the function of generating and verifying an electronic digital signature..."

Source:

of the Board of the Pension Fund of the Russian Federation of January 26, 2001 N 15 "On the introduction in the system pension fund Russian Federation for cryptographic protection of information and electronic digital signature" (together with the "Regulations for the registration and connection of legal and individuals to the electronic document management system of the Pension Fund of the Russian Federation")


Official terminology. Akademik.ru. 2012 .

See what "Means of cryptographic information protection (CIPF)" is in other dictionaries:

    CIPF- means of cryptographic protection of information CIPF means of controlling the security of information Source: http://pcweek.ru/?ID=476136 ... Dictionary of abbreviations and abbreviations

    Guidance document. Protection against unauthorized access to information. Terms and Definitions- Terminology Guidance document. Protection against unauthorized access to information. Terms and definitions: 29. Security administrator An access subject responsible for protecting an automated system from unauthorized access to ... ... Dictionary-reference book of terms of normative and technical documentation

    EToken- smart card and USB key eToken PRO, eToken NG FLASH, eToken NG OTP, eToken PRO (Java) and eToken PASS eToken (from English electronic and English token sign, token) a trademark for a line of personal products ... ... Wikipedia

    OPTIMA-WorkFlow- This article or section contains a list of sources or external links, but the sources of individual statements remain unclear due to the lack of footnotes. You can improve the article by adding more precise references to the sources ... Wikipedia - Hardware encryption is an encryption process performed using specialized computing devices. Contents 1 Introduction 2 Advantages and disadvantages of hardware encryption ... Wikipedia

When studying cryptocurrencies, one day you will inevitably stumble upon the term “cryptography”. In the field of interest to us, cryptography has many functions. Among them - data protection, use in compiling passwords, optimization of the banking system, etc. In this article, we will introduce you to the basics of cryptography and discuss its implications for cryptocurrencies.

History of cryptography

Cryptography is a method of securely hiding information. In order to disclose information, the reader needs to know how the information has been altered or encrypted. If the message was well encrypted, only the sender and recipient will be able to read it.

Cryptography is by no means new; it has been around for thousands of years. Historically, cryptography has been used to send important messages to hide them from prying eyes. The first cryptographic messages were found among the ancient Egyptians, however, the confirmed use of ciphers in strategic goals belongs to the era of ancient Rome.

According to historians, Julius Caesar used cryptography and even created the so-called Caesar cipher to send secret messages to high-ranking generals. This protection method confidential information from unwanted eyes has been used up until recent history.

During World War II, the Germans used the Enigma encryption machine to transmit important information. Alan Turing, the mathematical man and genius after whom the Turing test was later named, found a way to crack it. The Enigma hack is now considered one of the major turning points in World War II.

Fundamentals of cryptography

The above Caesar cipher is one of the simplest ways to encrypt messages, useful for understanding cryptography. It is also called a shift cipher because it replaces the original letters of the message with other letters that are in a specific position relative to the primary letter in the alphabet.

For example, if we encrypt a message with the cipher +3 on English language, then A becomes D and K becomes N. If we use the -2 rule, then D becomes B and Z becomes X.

read everything on invest in blockchain

This is the simplest example of using cryptography, but any other method is built on similar logic. There is a message that is secret to all but the parties concerned, and a process to make that message unreadable to all but the sender and recipient. This process is called encryption and consists of two elements:

A cipher is a set of rules that you use to encode information. For example, shifting by X letters in the alphabet in the Caesar cipher example. The cipher need not be secret, because the message can only be read if the key is present.

The key is a value that describes exactly how to use the set of encryption rules. For a Caesar cipher, this will be the number of letters to shift alphabetically, such as +3 or -2. The key is the tool for decrypting the message.

Thus, many people can have access to the same cipher, but without the key, they still cannot break it.

The process of transmitting a secret message is as follows:

  • party A wants to send a message to party B, but it is important for her that no one else reads it;
  • party A uses the key to convert the text into an encrypted message;
  • party B receives the ciphertext;
  • party B uses the same key to decrypt the ciphertext and is now able to read the message.

The evolution of cryptography

Messages are encrypted to protect their content. This implies that there will always be parties interested in obtaining this information. As people somehow succeed in deciphering various codes, cryptography is forced to adapt. Modern cryptography has gone far from the usual displacement of letters in the alphabet, offering the most difficult puzzles that are becoming more and more difficult to solve every year. Instead of a banal displacement, letters can now be replaced with numbers, other letters and various symbols, passing through hundreds and thousands of intermediate steps.

The digital age has led to an exponential increase in the complexity of encryption. This is because computers have brought with them a dramatic increase in processing power. The human brain is still the most complex information system, but when it comes to performing calculations, computers are much faster and can process much more information.

Cryptography digital age related to electrical engineering, computer science and mathematics. Currently, messages are typically encrypted and decrypted using complex algorithms created using combinations of these technologies. However, no matter how strong the encryption is, there will always be people working to break it.

Code Breaking

You may notice that even without the key, the Caesar cipher is not that hard to break. Each letter can only take 25 different values, and for most values ​​the message is meaningless. With some trial and error, you should be able to decipher the message effortlessly.

Breaking encryption using all possible variations is called brute force (brute force, English - brute force). Such a hack involves selecting all possible elements until a solution is found. With the increase computing power brute force is becoming a more and more realistic threat, the only way to protect against it is to increase the complexity of encryption. The more possible keys, the more difficult it is to get access to your data by "brute force".

Modern ciphers allow for trillions of possible keys, making brute force less dangerous. Nevertheless, it is argued that supercomputers, and in particular quantum computers will soon be able to break most ciphers through brute force due to their unrivaled computing power.

As already mentioned, deciphering messages becomes more and more difficult over time. But nothing is impossible. Any cipher is inherently associated with a set of rules, and the rules, in turn, can be parsed. The rules are analyzed by a more subtle method of deciphering messages - frequency analysis.

With the enormous complexity of ciphers these days, effective frequency analysis can only be done using computers, but it is still possible. This method analyzes repeated events and tries to find a key using this information.

Let's look at the Caesar cipher example again to understand. We know that the letter E is used much more often than other letters in the Latin alphabet. When we apply this knowledge to an encrypted message, we start looking for the letter that is repeated the most. We find that the letter H is used more often than others, and we test our assumption by applying a shift of -3 to the message. The longer the message, the easier it is to apply frequency analysis to it.

uh

Cryptography and cryptocurrencies

Most cryptocurrencies serve a completely different purpose than sending secret messages, but despite this, cryptography plays a key role here. It turned out that the traditional principles of cryptography and the tools used for it have more functions than we used to think.

The most important new features of cryptography are hashing and digital signatures.

Hashing

Hashing is a cryptographic method of converting large amounts of data into short values ​​that are difficult to fake. It is a key component of blockchain technology regarding the security and integrity of the data flowing through the system.

This method is mainly used for four processes:

  • verification and confirmation of balances in user wallets;
  • wallet address encoding;
  • encoding transactions between wallets;
  • block mining (for cryptocurrencies that offer this possibility) by creating mathematical puzzles that must be solved in order to mine a block.

Digital Signatures

A digital signature, in a sense, is an analogue of your real signature and serves to confirm your identity on the network. When it comes to cryptocurrencies, digital signatures represent mathematical functions that are associated with a particular wallet.

Thus, digital signatures are a kind of way to digitally identify a wallet. By making digital signature to the transaction, the owner of the wallet proves to all network participants that the transaction came from him, and not from anyone else.

Digital signatures use cryptography to identify a wallet and are secretly linked to the wallet's public and private keys. Your public key is like your bank account, while your private key is your PIN. It doesn't matter who knows your bank account number, because the only thing they can do with it is deposit money into your account. However, if they know your pin code, you may be in real trouble.

In a blockchain, private keys are used to encrypt a transaction and the public key is used to decrypt it. This becomes possible because the sending party is responsible for the transaction. The sender encrypts the transaction with their private key, but it can be decrypted with the recipient's public key because the only purpose of this process is to verify the sender. If the public key fails to decrypt the transaction, the transaction fails.

In such a system, the public key is distributed freely and secretly correlated with the private key. There is no problem if the public key is known, but the private key must always be kept secret. Despite the ratio of the two keys, deriving a private key requires incredible computing power, making hacking financially and technically impossible.

The need to protect the key is the main disadvantage of this system. If someone knows your private key, they can access your wallet and make any transactions with it, which already happened with Bloomberg when one of the employees' keys was shown on TV.

Conclusion

Cryptography in the blockchain has many different levels. This article covers only the basics and general principles use of cryptography, but this issue is much deeper than it might seem at first glance.

It is important to understand the relationship between cryptography and blockchain technology. Cryptography allows you to create a system in which the parties do not need to trust each other, as they can rely on the cryptographic methods used.

Since its inception in 2009, the cryptographic protection of the Bitcoin blockchain has withstood all attempts to fake data, and there have been countless of them. New cryptocurrencies implement even more secure cryptography methods, some of which are even protected from brute force of quantum processors, that is, they prevent future threats.

Without cryptography, there could be no bitcoin and cryptocurrencies in general. Surprisingly, this scientific method, invented thousands of years ago, keeps our digital assets safe and sound today.

The requirements for information security in the design of information systems indicate the features that characterize the means of information protection used. They are defined by various acts of regulators in the field of information security, in particular - the FSTEC and the FSB of Russia. What security classes there are, types and types of protection tools, as well as where to learn more about this, is reflected in the article.

Introduction

Today, the issues of ensuring information security are the subject of close attention, since technologies being introduced everywhere without information security are becoming a source of new serious problems.

The FSB of Russia reports on the seriousness of the situation: the amount of damage caused by cybercriminals over several years around the world ranged from $300 billion to $1 trillion. According to the information provided by the Prosecutor General of the Russian Federation, in the first half of 2017 alone, the number of crimes in the field of high technologies in Russia increased six times, the total amount of damage exceeded $ 18 million. An increase in targeted attacks in the industrial sector in 2017 was noted around the world . In particular, in Russia, the increase in the number of attacks compared to 2016 was 22%.

Information technologies began to be used as a weapon for military-political, terrorist purposes, to interfere in the internal affairs of sovereign states, as well as to commit other crimes. The Russian Federation stands for the creation of an international information security system.

On the territory of the Russian Federation, information owners and operators of information systems are required to block attempts of unauthorized access to information, as well as monitor the state of security of the IT infrastructure on an ongoing basis. At the same time, information protection is ensured through the adoption of various measures, including technical ones.

Information security tools, or information security tools, provide information protection in information systems, which are essentially a collection of information stored in databases, information technologies, providing its processing, and technical means.

Modern information systems are characterized by the use of various hardware and software platforms, the territorial distribution of components, as well as interaction with open data transmission networks.

How to protect information in such conditions? Relevant requirements are made by authorized bodies, in particular, the FSTEC and the FSB of Russia. Within the framework of the article, we will try to reflect the main approaches to the classification of information security facilities, taking into account the requirements of these regulators. Other ways of describing the classification of information security facilities, reflected in the regulatory documents of Russian departments, as well as foreign organizations and agencies, are beyond the scope of this article and are not considered further.

The article may be useful to beginners in the field of information security as a source of structured information about the methods of classifying information security information based on the requirements of the FSTEC of Russia (to a greater extent) and, briefly, the FSB of Russia.

The structure that determines the procedure and coordinates the actions of providing non-cryptographic methods of information security is the FSTEC of Russia (formerly the State Technical Commission under the President of the Russian Federation, the State Technical Commission).

If the reader had to see the State Register of certified information security tools, which is formed by the FSTEC of Russia, then he certainly paid attention to the presence in the descriptive part of the purpose of the information security facility of such phrases as “class RD SVT”, “level of absence of NDV”, etc. (Figure 1) .

Figure 1. A fragment of the register of certified information security facilities

Classification of cryptographic means of information protection

The FSB of Russia defines the following classes of cryptographic information security tools: KS1, KS2, KS3, KB and KA.

The main features of the SZI class KS1 include their ability to withstand attacks carried out from outside the controlled zone. This implies that the creation of attack methods, their preparation and implementation is carried out without the participation of specialists in the development and analysis of cryptographic information security facilities. It is assumed that information about the system in which these information security tools are used can be obtained from open sources.

If a cryptographic IPS can withstand attacks blocked by means of class CS1, as well as carried out within a controlled zone, then such IPS corresponds to class CS2. At the same time, it is assumed, for example, that during the preparation of an attack, information about physical measures for protecting information systems, providing a controlled zone, etc., could become available.

If it is possible to resist attacks in the presence of physical access to computer facilities with installed cryptographic information security facilities, they say that such facilities correspond to the CS3 class.

If a cryptographic information security facility resists attacks, the creation of which involved specialists in the development and analysis of these tools, including research centers, it was possible to conduct laboratory studies of protection tools, then we are talking about compliance with the KV class.

If specialists in the field of using NDV of the system software, the corresponding design documentation was available and there was access to any hardware components of cryptographic information security facilities, then protection against such attacks can be provided by means of the KA class.

Classification of electronic signature protection means

Electronic signature means, depending on the ability to resist attacks, are usually compared with the following classes: KS1, KS2, KS3, KB1, KB2 and KA1. This classification is similar to the one discussed above in relation to cryptographic IPS.

conclusions

The article considered some methods of classifying information security in Russia, which are based on the regulatory framework of regulators in the field of information protection. The considered classification options are not exhaustive. Nevertheless, we hope that the presented summary information will allow a novice specialist in the field of information security to quickly navigate.

Many people know cryptography as the heart and foundation of all cryptocurrencies, but not everyone thinks about the fact that we use it on a daily basis. The cryptography method is used in most modern applications and hides personal data from prying eyes.

What is cryptography?

Cryptography is the science that studies how to hide data and keep it private. This is one of the oldest sciences and its history spans four millennia. The term “cryptography” itself was formed from two ancient Greek words “crypto” - hidden, “grapho” - I write. For beginners, the principle of cryptography can be explained using the example of a Caesar cipher, where each character of the alphabet was replaced by one that is 3 positions before the desired one.

The first examples of cryptography records were monoalphabetic and began to appear as early as the third millennium BC. They were records, the text of which was changed by substituting other characters. Starting from the 9th century, polyalphabetic ciphers began to be used, and from the middle of the 20th century, electromechanical ciphers began to be used, but polygraphic ciphers were still used.

Until 1975, cryptography was an encryption method with a secret key that provided access to decrypt data. Later, the period of its modern development began and cryptography methods were developed with public key, which can be transmitted by open channels communications and be used for data validation.

Modern applied cryptography is a science formed at the intersection of mathematics and computer science. A related science of cryptography is cryptanalysis. Cryptography and cryptanalysis are closely interconnected, only in the latter case, methods of decrypting hidden information are studied.

With the modification to the public key, cryptography became more widespread and began to be used by individuals and commercial organizations, and in 2009 the first cryptocurrency was released on its basis. Until that time, it was considered the prerogative of state governments.

Types of cryptography

Cryptographic systems are based on different kinds cryptography. In total, I distinguish four main cryptographic primitives:

  • Symmetric encryption. This method prevents interception of data by third parties and is based on the fact that the sender and recipient of data have the same keys to solve the cipher.
  • asymmetric encryption. This method involves a public key and a private key. Keys are interconnected - information encrypted with a public key can only be revealed by its associated private key. It is impossible to use keys from different pairs for unraveling, since they are interconnected by a mathematical relationship.
  • Hashing. The method is based on the transformation background information into bytes of the specified pattern. The transformation of information is called a hash function, and the result is a hash code. All hash codes have a unique sequence of characters.
  • Electronic signature. This is the transformation of information using a private key, which allows you to confirm the authenticity of the document and the absence of data distortion.

Opportunities and applications

Cryptography was originally used by the government to securely store or transmit documents. Modern asymmetric encryption algorithms have become more widely used in the field of IT security, and symmetric methods are now used mainly to prevent unauthorized access to information during storage.

In particular, cryptographic methods are used for:

  • secure storage of information by commercial and private persons;
  • implementation of digital electronic signature systems;
  • confirmation of the authenticity of certificates;
  • secure online data transmission via open communication channels.

Cryptography and blockchain

In the blockchain, cryptography is used to protect and ensure the confidentiality of identities and personal data, maintain high transaction security, and reliably protect the entire system and storage.

Hash functions

Hash functions in the blockchain are interconnected, with their help, information is protected and transactions are irreversible. Each new block transactions is associated with the hash of the previous block, which in turn is formed on the basis of the hash of the last block formed before it. Thus, each new transaction block contains all the information about the previous blocks and cannot be faked or changed.

In order for a new block to be added to the blockchain, the network must come to a common consensus and pick up the hash of the new block. To do this, with the help of computer technology, miners offer many “nonce” options for the value of the function. The first miner who managed to randomly generate a hash suitable for combination with the previous data signs the block with it, which is included in the chain, and the new block will already contain information with it.

Thanks to the use of hashing technology in the blockchain, all transactions that have been performed in the system can be expressed in one hash of the new block. The hashing method makes it almost impossible to hack the system, and with the addition of each new block, the resistance of the blockchain to attacks only increases.

Digital Signatures

The blockchain uses an asymmetric cryptography method based on public and . The public key serves as the address for storing coins, while the secret key serves as a password for accessing it. The private key is based on the public key, but it cannot be calculated mathematically.

Among the many public key cryptography schemes, the elliptic curve scheme and the factorization scheme are the most common. In bitcoin, the first scheme is involved - elliptic curves. The private key in it has a size of 32 bytes, the public key is 33 bytes, and the signature is about 70 bytes.

Public key cryptography

Modern public key cryptography is used in the blockchain system to transfer coins.

For dummies, the principle of public-key cryptography can be explained using the example of a transaction. Let's say the sender wants to send 1 bitcoin. To do this, he needs to send a transaction, which will indicate where to get the coin from and where it will be sent (the recipient's public key). When the transaction is formed, the sender must sign it with his private key. Next, the communication nodes check the compliance secret key the sender with his public key, with which the coin is currently associated. If the conditions are met, that is, the public and private keys of the sender are interconnected, then the sent coin will begin to be associated with the already public key of the recipient.

Conclusion

Cryptography is an important component modern world and is necessary primarily for the storage of personal data and important information. Since its inception, it has gone through many modifications and is now a security system that can hardly be hacked. It is difficult to overestimate its possibilities for mankind. Modern methods of cryptography are used in almost all industries in which there is a need for secure transmission or storage of data.