What is cryptography and how is it used in cryptocurrency. Cryptographic protection of information Cryptography refers to the means of protecting information systems

Konstantin Cherezov, SafeLine Leading Specialist, Informzashchita Group of Companies

WHEN we were asked to draw up criteria for comparing the entire Russian market for cryptographic information protection (CIPF), I was seized with a slight bewilderment. It is not difficult to conduct a technical review of the Russian CIPF market, but to determine common comparison criteria for all participants and at the same time obtain an objective result is an impossible mission.

Start over

The theater begins with a hanger, and a technical review begins with technical definitions. CIPF in our country is so classified (in open access are poorly represented), therefore their most recent definition was found in the Guiding Document of the State Technical Commission of 1992: "CIPF is a computer technology tool that performs cryptographic transformation of information to ensure its security."

The interpretation of the term "computer technology tool" (CVT) was found in another document of the State Technical Commission: "CVT is understood as a set of software and technical elements of data processing systems that can function independently or as part of other systems."

Thus, CIPF is a set of software and technical elements of data processing systems that can function independently or as part of other systems and carry out cryptographic transformation of information to ensure its security.

The definition is comprehensive. In fact, CIPF is any hardware, hardware-software or software solution, in one way or another performing cryptographic protection of information. And if we also recall the Decree of the Government of the Russian Federation No. 691, then, for example, for CIPF it clearly limits the length of the cryptographic key - at least 40 bits.

From the foregoing, we can conclude that it is possible to review the Russian cryptographic information protection market, but it is impossible to bring them together, find common criteria for everyone and everyone, compare them and get an objective result at the same time.

Average and general

Nevertheless, all Russian CIPF have common points of contact, on the basis of which it is possible to compile a certain list of criteria for bringing all cryptographic tools together. Such a criterion for Russia is the certification of CIPF by the FSB (FAPSI), since Russian legislation does not imply the concept of "cryptographic protection" without an appropriate certificate.

On the other hand, the "common points of contact" of any CIPF are specifications the tool itself, such as algorithms used, key length, etc. However, comparing the cryptographic information protection system according to these criteria, the overall picture is fundamentally wrong. After all, what is good and right for a software-implemented crypto provider is completely ambiguously true for a hardware cryptographic gateway.

There is one more important point (forgive me "colleagues in the shop"). The fact is that there are two rather diverse views on the CIPF as a whole. I'm talking about "technical" and "consumer".

The "technical" view of the CIPF covers a huge range of parameters and technical features of the product (from the length of the encryption key to the list of implemented protocols).

The "consumer" view is fundamentally different from the "technical" one in that the functional features of a particular product are not considered as dominant. A number of completely different factors come to the fore - pricing, ease of use, scalability of the solution, availability of adequate technical support from the manufacturer, etc.

However, for the CIPF market, there is still one important parameter that allows you to combine all the products and at the same time get a sufficiently adequate result. I'm talking about the division of all cryptographic information protection tools into areas of application and for solving certain problems: trusted storage; protection of communication channels; implementation of secure document management (EDS), etc.

Thematic comparative reviews in the field of application of various Russian cryptographic information protection tools, for example, Russian VPNs, that is, the protection of communication channels, have already been carried out in this publication. Perhaps in the future there will be reviews on other areas of application of cryptographic information protection tools.

But in this case, an attempt was made only to combine all the cryptographic information protection solutions presented on the Russian market into a single table based on common "common points". Naturally, this table does not provide an objective comparison. functionality certain products, but is a review material.

Generalizing criteria - for everyone

For a generalized table of the Russian CIPF market, the following criteria can ultimately be drawn up:

• Company manufacturer. According to publicly available data (Internet), in Russia at the moment there are about 20 companies developing cryptographic information protection tools.
• Type of implementation (hardware, software, hardware-software). Mandatory separation, which nevertheless has very fuzzy boundaries, since there are, for example, cryptographic information protection tools obtained by installing some software component - controls and the crypto library itself, and as a result they are positioned as a hardware and software tool, although in fact they are only ON.
• Availability of valid certificates of conformity of the FSB of Russia and protection classes. A prerequisite for the Russian CIPF market, moreover, 90% of solutions will have the same protection classes.
• Implemented cryptographic algorithms (specify GOSTs). Also a prerequisite is the presence of GOST 28147-89.
• Supported operating systems. A rather controversial indicator, important for a software-implemented crypto library and completely insignificant for a purely hardware solution.
• Provided API. An essential functional indicator, equally important for both "technical" and "consumer" views.
• The presence of an implementation of the SSL / TLS protocol. Definitely a "technical" indicator that can be expanded in terms of the implementation of other protocols.
• Supported key media types. "Technical" criterion, which gives a very ambiguous indicator for various types implementation of CIPF - hardware or software.
• Integration with Microsoft products and solutions, as well as with products and solutions from other manufacturers. Both criteria are more related to software CIPF of the "cryptobi-library" type, while the use of these criteria, for example, for a hardware complex for building a VPN, seems very doubtful.
• Availability of the product distribution kit in free access on the manufacturer's website, dealer distribution network and support service (time criterion). All these three criteria are unequivocally "consumer", and they come to the fore only when the specific functionality of the CIPF, the scope and range of tasks to be solved are already predetermined.

conclusions

As a conclusion, I focus the reader's attention on the two most important points of this review.

Firstly, the choice of CIPF should initially be based on the scope of application, which significantly narrows the range of possible solutions.

Secondly, "technical" and "consumer" views on CIPF should not conflict, the presence of unique CIPF functionality should not prevail over common sense when choosing a manufacturer with a wide product distribution network, affordable pricing policy and adequate technical support service. solutions.

1.1. This Policy on the use of cryptographic information protection tools ( Further - Politics ) determines the procedure for organizing and ensuring the functioning of encryption ( cryptographic) means designed to protect information that does not contain information constituting a state secret ( Further - CIPF, crypto-means ) if they are used to ensure the security of confidential information and personal data during their processing in information systems Oh.

1.2. This Policy has been developed in pursuance of:

• federal law "About personal data" , regulatory acts of the Government of the Russian Federation in the field of ensuring the security of personal data;
• Federal Law No. 63-FZ "About electronic signature" ;
• Order of the FSB of the Russian Federation No. 378 "On approval of the Composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems using cryptographic information protection tools necessary to fulfill the requirements established by the Government of the Russian Federation for the protection of personal data for each of the security levels";
• FAPSI Order No. 152 " On approval of the Instruction on organizing and ensuring the security of storage, processing and transmission through communication channels using cryptographic protection of information with limited access that does not contain information constituting a state secret»;
• Order of the Federal Security Service of the Russian Federation N 66 " On approval of the Regulation on the development, production, sale and operation of encryption (cryptographic) means of information protection (Regulation PKZ-2005) »;

1.3. This Policy applies to crypto tools designed to ensure the security of confidential information and personal data during their processing in information systems;

1.4. Cryptographic means of information protection ( Further - CIPF ) that implement the functions of encryption and electronic signature are used to protect electronic documents transmitted over public communication channels, for example, the public Internet, or via dial-up communication channels.

1.5. To ensure security, it is necessary to use CIPF, which:

• allow embedding in technological processes processing electronic messages, provide interaction with application software at the level of processing requests for cryptographic transformations and issuing results;
• are supplied by the developers with a complete set of operational documentation, including a description of the key system, rules for working with it, as well as a rationale for the necessary organizational and staffing;
• support the continuity of the processes of logging the operation of the CIPF and ensuring integrity software for the CIPF functioning environment, which is a set of hardware and software tools, together with which the regular functioning of the CIPF takes place and which can affect the fulfillment of the requirements for the CIPF;
• certified by an authorized state body or have permission from the FSB of Russia.

1.6. CIPF used to protect personal data must have a class of at least KS2.

1.7. CIPF are implemented on the basis of algorithms that comply with the national standards of the Russian Federation, the terms of the contract with the counterparty.

1.8. CIPF, licenses, related key documents, instructions for CIPF are acquired by the organization independently or can be obtained from a third-party organization initiating a secure document flow.

1.9. CIPF, including installation media, key documents, descriptions and instructions for CIPF, constitute a trade secret in accordance with the Regulations on confidential information.

1. The procedure for using CIPF

2.1. Installation and configuration of cryptographic information protection tools is carried out in accordance with the operational documentation, instructions of the Federal Security Service of Russia, other organizations involved in secure electronic document management. Upon completion of installation and configuration, the readiness of the CIPF for use is checked, conclusions are drawn up on the possibility of their operation and the CIPF is put into operation.

Placement and installation of CIPF, as well as other equipment operating with crypto-means, in sensitive premises should minimize the possibility of uncontrolled access of unauthorized persons to these means. The maintenance of such equipment and the change of crypto keys are carried out in the absence of persons not allowed to work with CIPF data. It is necessary to provide for organizational and technical measures that exclude the possibility of using CIPF by unauthorized persons. The physical location of the CIPF should ensure the security of the CIPF, preventing unauthorized access to the CIPF. Access of persons to the premises where protective equipment is located is limited in accordance with the need for service and is determined by a list approved by the director.

The embedding of crypto-means of class KS1 and KS2 is carried out without control by the FSB of Russia ( if this control is not provided for by the terms of reference for the development (modernization) of the information system).

The embedding of cryptographic tools of the KS3, KB1, KB2 and KA1 classes is carried out only under the control of the FSB of Russia.

The embedding of cryptographic tools of the KS1, KS2 or KS3 class can be carried out either by the user of the cryptographic tool himself, if he has the appropriate license from the FSB of Russia, or by an organization that has the appropriate license from the FSB of Russia.

The embedding of a cryptographic tool of the KV1, KV2 or KA1 class is carried out by an organization that has the appropriate license from the FSB of Russia.

Decommissioning of the CIPF is carried out subject to procedures that ensure the guaranteed deletion of information, the unauthorized use of which can damage the business activities of the organization, and information used by information security tools, from permanent memory and from external media ( with the exception of archives of electronic documents and protocols of electronic interaction, the maintenance and preservation of which for a certain period of time are provided for by the relevant regulatory and (or) contractual documents) and is drawn up by the Act. CIPF destroy ( dispose of) by decision of the owner of the cryptographic instrument, and with notification of the organization responsible in accordance with the organization of the copy accounting of cryptographic instruments.

scheduled for destruction recycling) CIPF are subject to withdrawal from the hardware with which they functioned. At the same time, cryptographic tools are considered withdrawn from the hardware if the procedure for removing the software of cryptographic tools provided for by the operational and technical documentation for the CIPF is completed and they are completely disconnected from the hardware.

Units and parts of general-purpose hardware suitable for further use that are not specifically designed for hardware implementation of cryptographic algorithms or other cryptographic information protection functions, as well as equipment that works together with cryptographic tools ( monitors, printers, scanners, keyboards, etc.), it is allowed to use after the destruction of the CIPF without restrictions. At the same time, information that may remain in the memory devices of the equipment ( e.g. printers, scanners), must be securely removed ( erased).

2.2. The operation of CIPF is carried out by persons appointed by order of the director of the organization and trained to work with them. If there are two or more users of CIPF, the duties between them are distributed taking into account personal responsibility for the safety of crypto-means, key, operational and technical documentation, as well as for the assigned areas of work.

Users of cryptocurrencies are required to:

• not to disclose information to which they are admitted, including information about CIPF and other protection measures;
• not to disclose information about key documents;
• prevent copies from being made of key documents;
• prevent key documents from being displayed ( monitor) personal computer or printer;
• not allow recording of extraneous information on the key carrier;
• prevent key documents from being installed on other personal computers;
• comply with the requirements for ensuring the security of information, the requirements for ensuring the security of CIPF and key documents to them;
• report on attempts by unauthorized persons that have become known to them to obtain information about the cryptographic information protection tools used or key documents to them;
• immediately notify about the facts of loss or shortage of CIPF, key documents to them, keys to premises, vaults, personal seals and other facts that may lead to the disclosure of protected information;
• hand over the CIPF, operational and technical documentation for them, key documents upon dismissal or removal from the performance of duties related to the use of cryptographic tools.

The security of information processing using CIPF is ensured by:

• observance by users of confidentiality when handling information that they are entrusted with or become aware of at work, including information about the functioning and security procedures of the applied cryptographic information protection tools and key documents for them;
• exact fulfillment by CIPF users of requirements for information security;
• reliable storage of operational and technical documentation for CIPF, key documents, media of limited distribution;
• timely detection of attempts by unauthorized persons to obtain information about protected information, about the used CIPF or key documents to them;
• taking immediate measures to prevent the disclosure of protected information, as well as its possible leakage in the event of loss or shortage of CIPF, key documents for them, certificates, passes, keys to premises, vaults, safes ( metal cabinets), personal seals, etc.

If it is necessary to transmit limited access service messages related to the organization and operation of the CIPF via technical means of communication, these messages must be transmitted only using cryptographic means. The transfer of crypto keys via technical means of communication is not allowed, with the exception of specially organized systems with decentralized supply of crypto keys.

CIPF are subject to accounting using indices or conditional names and registration numbers. The list of indexes, conventional names and registration numbers of cryptocurrencies is determined by the Federal Security Service of the Russian Federation.

Used or stored CIPF, operational and technical documentation for them, key documents are subject to copy accounting. The form of the CIPF Logbook is given in Appendix No. 1, the Key Carriers Logbook in Appendix No. 2 to this Policy. At the same time, software CIPF should be taken into account together with the hardware with which their regular operation is carried out. If hardware or hardware-software cryptographic information protection means are connected to the system bus or to one of the internal hardware interfaces, then such cryptographic tools are also taken into account together with the corresponding hardware.

The unit of copy accounting of key documents is considered to be a reusable key carrier, a key notepad. If the same key medium is repeatedly used to record crypto keys, then it should be registered separately each time.

All received copies of crypto-means, operational and technical documentation for them, key documents must be issued against receipt in the appropriate copy register to users of crypto-means who are personally responsible for their safety.

The transfer of CIPF, operational and technical documentation to them, key documents is allowed only between users of cryptographic tools and (or) the responsible user of cryptographic tools against receipt in the relevant logs of instance accounting. Such transfer between users of cryptographic tools must be authorized.

Storage of CIPF installation media, operational and technical documentation, key documents is carried out in cabinets ( boxes, storage) individual use in conditions that exclude uncontrolled access to them, as well as their unintentional destruction.

The hardware with which the regular functioning of the CIPF is carried out, as well as the hardware and hardware-software CIPF must be equipped with means to control their opening ( sealed, sealed). Sealing place ( sealing) crypto-means, hardware should be such that it can be visually controlled. If there is a technical possibility for the absence of users of cryptographic tools, these tools must be disconnected from the communication line and put away in sealed storages.

Making changes to the CIPF software and technical documentation for the CIPF is carried out on the basis of received from the CIPF manufacturer and documented updates with the fixation of checksums.

The operation of the CIPF involves maintaining at least two backup copies of the software and one backup key carriers. Recovery of CIPF performance in emergency situations is carried out in accordance with the operational documentation.

2.3. The production of key documents from the original key information is carried out by responsible users of the CIPF, using regular cryptographic tools, if such an opportunity is provided for by the operational and technical documentation in the presence of a license from the Federal Security Service of Russia for the production of key documents for cryptographic tools.

Key documents can be delivered by courier ( including departmental) communication or with specially designated responsible users of cryptographic tools and employees, subject to measures that exclude uncontrolled access to key documents during delivery.

To send key documents, they must be placed in strong packaging, which excludes the possibility of their physical damage and external influence. On the packages indicate the responsible user for whom these packages are intended. Such packages are marked "Personally". The packages are sealed in such a way that it is impossible to extract the contents from them without violating the packages and seal impressions.

Prior to the initial deportation ( or return) the addressee is informed by a separate letter of the description of the packages sent to him and the seals with which they can be sealed.

To send key documents, a cover letter is prepared, in which it is necessary to indicate: what is sent and in what quantity, account numbers of documents, and, if necessary, the purpose and procedure for using the sent item. A cover letter is enclosed in one of the packages.

The packages received are opened only by the responsible user of the cryptographic tools for which they are intended. If the contents of the received package do not correspond to those specified in the cover letter or the package itself and the seal - their description ( impression), and also if the packaging is damaged, resulting in free access to its contents, the recipient draws up an act that is sent to the sender. Key documents received with such shipments are not allowed to be used until instructions are received from the sender.

If defective key documents or crypto keys are found, one copy of the defective product should be returned to the manufacturer to determine the causes of the incident and eliminate them in the future, and the remaining copies should be stored until additional instructions from the manufacturer are received.

Receipt of key documents must be confirmed to the sender in accordance with the procedure indicated in the cover letter. The sender is obliged to control the delivery of his items to the addressees. If the appropriate confirmation has not been received from the addressee in a timely manner, the sender must send him a request and take measures to clarify the location of the items.

An order for the production of the next key documents, their production and distribution to the places of use for the timely replacement of existing key documents is made in advance. An indication of the entry into force of the next key documents is given by the responsible user of cryptographic tools only after receiving confirmation from them that the next key documents have been received.

Unused or out of action key documents are to be returned to the responsible user of cryptographic tools or, at his direction, must be destroyed on the spot.

Destruction of crypto keys ( initial key information) can be done by physically destroying the key medium on which they are located, or by erasing ( destruction) cryptokeys ( initial key information) without damaging the key carrier ( to enable it to be reused).

Crypto keys ( original key information) are erased according to the technology adopted for the corresponding key reusable media ( floppy disks, compact disks (CD-ROM), Data Key, Smart Card, Touch Memory, etc.). Direct actions to erase crypto keys ( initial key information), as well as possible restrictions on the further use of the relevant key reusable media are regulated by the operational and technical documentation for the relevant cryptographic information protection tools, as well as instructions from the organization that recorded the crypto keys ( initial key information).

Key carriers are destroyed by inflicting irreparable physical damage on them, excluding the possibility of their use, as well as restoring key information. Direct actions to destroy a specific type of key carrier are regulated by the operational and technical documentation for the relevant cryptographic information protection tools, as well as instructions from the organization that recorded the crypto keys ( initial key information).

Paper and other combustible key carriers are destroyed by burning or using any paper cutting machines.

Key documents are destroyed within the time limits specified in the operational and technical documentation for the relevant CIPF. The fact of destruction is documented in the relevant copy-by-instance registers.

Destruction according to the act is carried out by a commission consisting of at least two people. The act specifies what is destroyed and in what quantity. At the end of the act, a final entry is made (in numbers and in words) on the number of items and copies of the key documents being destroyed, installing the CIPF media, operational and technical documentation. Corrections in the text of the act must be specified and certified by the signatures of all members of the commission who took part in the destruction. About the destruction carried out, marks are made in the corresponding journals of copy accounting.

Cryptokeys that are suspected of being compromised, as well as other cryptokeys operating in conjunction with them, must be immediately deactivated, unless otherwise specified in the operational and technical documentation of the CIPF. In emergency cases, when there are no cryptokeys to replace the compromised ones, it is allowed, by decision of the responsible user of cryptographic tools, agreed with the operator, to use compromised cryptokeys. In this case, the period of use of compromised crypto keys should be as short as possible, and the protected information should be as less valuable as possible.

On violations that may lead to the compromise of crypto keys, their components or transmitted ( stored) with their use of the data, users of cryptographic tools are required to report to the responsible user of cryptographic tools.

Inspection of key reusable media by unauthorized persons should not be considered as a suspicion of compromising cryptokeys, if this excludes the possibility of copying them ( reading, reproduction).

In cases of shortage, non-presentation of key documents, as well as the uncertainty of their location, the responsible user takes urgent measures to search for them and localize the consequences of compromising key documents.

1. Key system management procedure

Registration of persons with key management rights is carried out in accordance with the operational documentation for the CIPF.

Key management is an information process that includes three elements:

- key generation;

— accumulation of keys;

- distribution of keys.

In the information systems of the organization, special hardware and software methods for generating random keys are used. As a rule, pseudo random number generators are used ( Further - PSCH ), with a sufficiently high degree of randomness of their generation. Quite acceptable are software key generators that calculate the PRNG as a complex function of the current time and ( or) number entered by the user.

Under the accumulation of keys is understood the organization of their storage, accounting and deletion.

Secret keys should not be written explicitly on a medium that can be read or copied.

All information about the keys used must be stored in encrypted form. Keys that encrypt key information are called master keys. Each user must know the master keys by heart, it is forbidden to store them on any material media.

For the condition of information security, it is necessary to periodically update key information in information systems. This reassigns both regular keys and master keys.

When distributing keys, the following requirements must be met:

- efficiency and accuracy of distribution;

— secrecy of distributed keys.

An alternative is for two users to obtain a shared key from a central authority, a key distribution center (KDC), through which they can securely interact. To organize data exchange between the CRC and the user, the latter is allocated a special key during registration, which encrypts messages transmitted between them. Each user is allocated a separate key.

KEY MANAGEMENT BASED ON PUBLIC KEY SYSTEMS

Before using a public key cryptosystem to exchange ordinary secret keys, users must exchange their public keys.

Public key management can be done through an online or offline directory service, and users can also exchange keys directly.

1. Monitoring and control of the use of CIPF

To increase the level of security during the operation of CIPF, the system should implement monitoring procedures that record all significant events that took place in the process of exchanging electronic messages and all information security incidents. The description and list of these procedures should be established in the operational documentation for the CIPF.

Control of the use of CIPF provides:

• control over the compliance of the settings and configuration of information security tools, as well as hardware and software tools that can affect the fulfillment of the requirements for information security tools, regulatory and technical documentation;
• monitoring compliance with the rules for storing restricted access information used in the operation of information security tools ( in particular, key, password and authentication information);
• control of the possibility of access by unauthorized persons to information security tools, as well as to hardware and software tools that can affect the fulfillment of the requirements for information security tools;
• monitoring compliance with the rules for responding to information information incidents ( about the facts of loss, compromise of key, password and authentication information, as well as any other information of limited access);
• control of compliance of technical and software means of CIPF and documentation for these means with reference samples ( supplier guarantees or control mechanisms that allow such compliance to be established independently);
• control of the integrity of the hardware and software of the CIPF and documentation for these tools during the storage and commissioning of these tools ( using both the control mechanisms described in the documentation for the CIPF, and using organizational).

Download ZIP file (43052)

Documents came in handy - put "like" or:

Listen ... can you, for our common benefit, every letter that arrives at your post office, incoming and outgoing, you know, sort of print it out a little and read: does it contain any report or just correspondence .. .

N.V. Gogol "Inspector"

Ideally, only two people should be able to read a confidential letter: the sender and the one to whom it is addressed. The formulation of such a seemingly very simple thing was the starting point of cryptoprotection systems. The development of mathematics gave impetus to the development of such systems.

Already in the XVII-XVIII centuries, ciphers in Russia were quite sophisticated and resistant to breaking. Many Russian mathematicians worked on the creation or improvement of encryption systems and at the same time tried to pick up the keys to the ciphers of other systems. Currently, several Russian encryption systems can be noted, such as Lexicon Verba, Secret Net, DALLAS LOCK, Secret Disk, the Accord product family, etc. We will talk about them. You will also get acquainted with the main software and hardware and software cryptoprotection complexes, learn about their capabilities, strengths and weaknesses. We hope that this article will help you make a choice of a cryptographic protection system.

Are you worried that important information from your computer might fall into the wrong hands? This information can be used by competitors, regulatory authorities, and simply ill-wishers. Obviously, such actions can bring you significant damage. What to do? In order to protect your information from strangers, you must install one of the data encryption programs. Our review is devoted to the analysis of encryption systems for desktop systems. It should be noted that the use of foreign encryption systems in Russia is severely limited for a number of reasons, so government organizations and large domestic companies are forced to use Russian developments. However, medium and small companies, as well as individuals, sometimes prefer foreign systems.

For the uninitiated, encryption of information looks like something of a black magic. Indeed, encrypting messages to hide their content from outsiders is a complex mathematical problem. In addition, the cipher must be chosen in such a way that it would be practically impossible to open it without a key, and quickly and easily with a key. Many companies and organizations find it very difficult to make the best choice when installing encryption software. The matter is further complicated by the fact that absolutely secure computers and absolutely reliable encryption systems do not exist. However, there are still enough ways by which you can repel almost all attempts to reveal encrypted information.

Encryption programs differ from each other in the encryption algorithm. Once the file is encrypted, you can write it to a floppy disk, send it by e-mail, or put it on a server in your local network. The recipient of your encryption must have the same encryption program in order to read the contents of the file.

If you want to send an encrypted message to multiple users at the same time, then your information for each recipient can be encrypted with their own key or with a shared key for all users (including the author of the message).

The cryptosystem uses a secret code to turn your information into a meaningless, pseudo-random set of characters. With a good encryption algorithm, it is almost impossible to decrypt a message without knowing secret code used for encryption. Such algorithms are called symmetric key algorithms because the same key is used to encrypt and decrypt information.

To protect your data, the encryption program creates a secret key based on your password. You just need to set a long password that no one can guess. However, if you want someone else to read the file, you'll need to tell that person the secret key (or the password it's based on). You can be sure that even a simple encryption algorithm will protect your data from an ordinary user, say, from a work colleague. However, professionals have a number of ways to decrypt a message without knowing the secret code.

Without special knowledge, you will not be able to independently check how reliable your encryption algorithm is. But you can rely on the opinion of professionals. Some encryption algorithms, such as Triple DES (Data Encryption Standard) have been subjected to years of testing. According to the results of the test, this algorithm has proven itself well, and cryptographers believe that it can be trusted. Most of the new algorithms are also carefully studied, and the results are published in the specialized literature.

If the algorithm of the program has not been openly reviewed and discussed by professionals, if it does not have certificates and other official papers, this is a reason to doubt its reliability and refuse to use such a program.

Another type of encryption systems are public key systems. For such a system to work, there is no need to tell the addressee the secret key (or the password on the basis of which it was created). These encryption systems generate two digital keys for each user: one is used to encrypt data, the other - to decrypt them. The first key (called the public key) can be made public, while the second key is kept secret. After that, anyone can encrypt the information using the public key, and only those who have the corresponding secret key can decrypt it.

Some encryption programs contain another important means of protection - a digital signature. A digital signature certifies that the file has not been modified since it was signed and gives the recipient information about who exactly signed the file. The algorithm for creating a digital signature is based on the calculation of a checksum - the so-called hash sum, or message digest. The applied algorithms guarantee that it is impossible to match two different file, whose hash sums would match.

When the recipient receives a digitally signed file, their encryption program recalculates the hash sum for that file. The recipient then uses the public key published by the sender to recover the digital signature. If the result matches the value calculated for the file, then the recipient can be sure that the text of the message has not been changed (if this happened, the hash sum would be different), and the signature belongs to a person who has access to the sender's secret key.

Protecting sensitive or confidential information requires more than just good program encryption. You need to take a number of measures to ensure information security. If your password is weak (experts recommend setting it to eight or more characters) or if an unencrypted copy of confidential information is stored on your computer, then in this case even best system encryption will be powerless.

The Lexicon-Verba system is a means of organizing secure electronic document management both within the corporate network and between different organizations. Lexicon-Verba uses two modifications of the cryptography system: the Verba-W system is intended for state bodies (protection of confidential information, in particular chipboard; signature keys are open, encryption keys are closed), the Verba-OW system is for commercial organizations (protection of trade secrets; signature and encryption keys are open).

There are quite a few global encryption standards, but only a small part of them are certified by the Federal Agency for Government Communications and Information (FAPSI), which makes it impossible to use non-certified solutions in Russia. The Verba-W system has a FAPSI certificate No. SF / 114-0176. Verba-OW system - FAPSI certificate No. SF / 114-0174.

"Lexicon-Verba" provides encryption and digital signature in accordance with the requirements of GOST 28147-89 "Information processing systems. Cryptographic protection” and GOST R34.10-94 “Information technology. Cryptographic protection of information. Procedures for the development and verification of an electronic digital signature based on an asymmetric cryptographic algorithm.

The program is certified by the State Technical Commission under the President of the Russian Federation. In July, it is expected to receive a certificate from the Russian Ministry of Defense.

The cryptographic protection of the system is based on the method of encryption with a public key. Each key that identifies a user consists of two parts: a public key and a private key. The public key is freely distributed and is used to encrypt information this user. To decrypt a document, the person who encrypted it must have your public key and identify you as having access to the document when encrypting it.

To decrypt a document, you need to use the private key. The private key consists of two parts, one of which is stored on a smart card or touch-memory, and the other is stored on your computer's hard drive. Thus, neither the loss of a smart card nor unauthorized access to a computer makes it possible, individually, to decrypt documents.

Initial key set including full information about the public and private keys of the user, is created at a specially equipped secure workplace. A floppy disk with key information is used only at the stage of preparing the user's workplace.

The Lexicon-Verba system can be used within the framework of two main systems for organizing secure document management:

• as a standalone solution. If the organization has a local network, the system can be installed not on all computers, but only on those that require working with confidential documents. This means that inside the corporate network there is a subnet for the exchange of classified information. At the same time, participants in the closed part of the system can exchange open documents with other employees;
• as part of the workflow. Lexicon-Verba has standard interfaces for connecting external functions for opening, saving, closing and sending documents, which makes it easy to integrate this system into both existing and newly developed document management systems.

It should be noted that the properties of the Lexicon-Verba system make it not only a means of providing information protection against external intrusions, but also a means of increasing intra-corporate confidentiality and sharing access.

One of the important additional resources for increasing the level of information security control is the ability to maintain an "event log" for any document. The document history fixing feature can only be enabled or disabled when the system is installed; when it is enabled, this log will be kept regardless of the user's desire.

The main advantage and distinctive feature of the system is a simple and intuitive implementation of information security functions while maintaining the user's work environment, traditional for word processors.

The cryptography unit performs encryption, as well as the installation and removal of an electronic digital signature (EDS) of documents.

Auxiliary functions of the block - downloading a secret key, exporting and importing public keys, setting up and maintaining a directory of system subscriber keys.

Thus, each of those who have access to the document can put only his signature, but remove any of the previously set ones.

This reflects the accepted order of office work, when, as it passes the approval, the document may be subject to revisions at different stages, but after that the document must be endorsed again.

If you try to make changes to the document by means other than "Lexicon-Verba", the EDS is damaged, as a result, the inscription "Damaged" will appear in the "Signature Status" field.

As the number of system users increases, entering each public key on each computer becomes difficult. Therefore, to organize the work of the office, centralized administration of the public key directory is organized. This is done in the following way:

1) "Lexicon-Verba" is installed on the administrator's computer in local mode. This creates a directory of public keys, in which the administrator adds each key used in the office;

2) on all other computers the system is installed in network mode. This mode uses the public key directory located on the administrator's computer;

3) each New user, added by the administrator to the directory, becomes "visible" to all users connected to the directory. From that moment on, they get the opportunity to transfer encrypted documents to him.

Directory administration becomes centralized, but this does not affect the level of system security, since providing access to public keys is a kind of "acquaintance" of users, but it does not give access to any documents. For a user to be able to decrypt a document, their public key must not only be in the directory, but must also be explicitly listed as having access to the document.

The means of cryptographic information protection (CIPF) include hardware, software and hardware and software, which implement cryptographic algorithms for converting information in order to:

Protection of information during its processing, storage and transmission through the transport environment of the AU;

Ensuring the reliability and integrity of information (including the use of digital signature algorithms) during its processing, storage and transmission over the AS transport medium;

Development of information used to identify and authenticate subjects, users and devices;

Development of information used to protect the authenticating elements of a secure AS during their generation, storage, processing and transmission.

It is assumed that cryptographic information protection tools are used in some AS (in a number of sources - an information and telecommunication system or a communication network), together with mechanisms for implementing and guaranteeing a security policy.

Cryptographic transformation has a number of significant features:

The CIPF implements some information conversion algorithm (encryption, electronic digital signature, integrity control)

The input and output arguments of the cryptographic transformation are present in the AS in some material form (AS objects)

CIPF uses some confidential information (keys) to work

The cryptographic transformation algorithm is implemented as some material object interacting with the environment (including the subjects and objects of the protected AS).

Thus, the role of the CIPF in a secure AS is the transformation of objects. In each particular case, the specified transformation has features. Thus, the encryption procedure uses the object - plain text and the object - key as input parameters, the result of the transformation is the object - cipher text; on the contrary, the decryption procedure uses the ciphertext and the key as input; the digital signature procedure uses the object - message and the object - the secret key of the signature as input parameters, the result of the digital signature is the object - the signature, as a rule, integrated into the object - the message. We can say that the CIPF protects objects at the semantic level. At the same time, objects - cryptographic transformation parameters are full-fledged AS objects and can be objects of some security policy (for example, encryption keys can and should be protected from unauthorized access, public keys for verifying a digital signature from changes). So, cryptographic information protection devices as part of secure ASs have a specific implementation - it can be a separate specialized device built into a computer, or a specialized program. The following points are essential:

CIPF exchanges information with the external environment, namely: keys are entered into it, plain text during encryption

CIPF in the case of hardware implementation uses an element base of limited reliability (i.e., in the parts that make up the CIPF, malfunctions or failures are possible)

CIPF in the case of software implementation is executed on a processor of limited reliability and in a software environment containing third-party programs that can affect various stages of its operation

CIPF is stored on a tangible medium (in the case of software implementation) and can be intentionally or accidentally distorted during storage

CIPF interacts with the external environment indirectly (powered by the mains, emits electromagnetic fields)

CIPF is manufactured and/or used by a person who can make mistakes (intentional or accidental) during development and operation

The existing means of data protection in telecommunication networks can be divided into two groups according to the principle of building a key system and an authentication system. The first group includes tools that use symmetric cryptographic algorithms to build a key system and an authentication system, and the second group includes asymmetric ones.

Let us carry out a comparative analysis of these systems. An information message ready for transmission, initially open and unprotected, is encrypted and thereby converted into a ciphergram, i.e. into closed text or a graphic image of a document. In this form, the message is transmitted over a communication channel, even if it is not secure. The authorized user, after receiving the message, decrypts it (i.e., reveals it) by inverse transformation of the cryptogram, as a result of which the original, open form of the message is obtained, accessible to the perception of authorized users. The transformation method in a cryptographic system corresponds to the use of a special algorithm. The action of such an algorithm is triggered by a unique number (sequence of bits), usually called the encryption key.

For most systems, the key generator circuit can be a set of instructions and commands, either a piece of hardware or computer program, or all of these together, but in any case, the encryption (decryption) process is implemented only by this special key. For the exchange of encrypted data to be successful, both the sender and the recipient need to know the correct key setting and keep it secret. The strength of any closed communication system is determined by the degree of secrecy of the key used in it. However, this key must be known to other network users so that they can exchange encrypted messages freely. In this sense, cryptographic systems also help to solve the problem of authentication (authentication) of the received information. If a cracker intercepts a message, he will deal only with the cipher text, and the true recipient, accepting messages closed with a key known to him and the sender, will be reliably protected from possible misinformation. In addition, there is the possibility of encrypting information and more in a simple way- using a pseudo-random number generator. The use of a pseudo-random number generator consists in generating a cipher gamma using a pseudo-random number generator with a certain key and applying the resulting gamma to the open data in a reversible way. This method of cryptographic protection is implemented quite easily and provides a fairly high encryption speed, but is not sufficiently resistant to decryption.

Classical cryptography is characterized by the use of one secret unit - the key, which allows the sender to encrypt the message, and the recipient to decrypt it. In the case of encrypting data stored on magnetic or other storage media, the key allows you to encrypt information when writing to the media and decrypt when reading from it.

"Organizational and legal methods of information security"

The main regulatory guidance documents relating to state secrets, regulatory and reference documents

To date, a stable legislative framework in the field of information protection has been created in our country. The fundamental law can be called the Federal Law of the Russian Federation "On Information, Information Technologies and Information Protection". “State regulation of relations in the field of information protection is carried out by establishing requirements for information protection, as well as liability for violation of the legislation of the Russian Federation on information, information technologies and information protection.” The Law also establishes the obligations of information owners and information system operators.

As for the “codified” regulation of information security, the norms of the Code of Administrative Offenses of the Russian Federation and the Criminal Code of the Russian Federation also contain the necessary articles. In Art. 13.12 of the Code of Administrative Offenses of the Russian Federation refers to a violation of the rules for protecting information. Also Art. 13.13, which provides for punishment for illegal activities in the field of information protection. And Art. 13.14. which provides for punishment for disclosure of information with restricted access. Article 183. The Criminal Code of the Russian Federation provides for punishment for illegal receipt and disclosure of information constituting a commercial, tax or banking secret.

The Federal Law "On Information, Informatization and Information Protection" determines that the state information resources of the Russian Federation are open and publicly available. The exception is documented information classified by law as restricted access.

The concept of state secrets is defined in the Law "On State Secrets" as "information protected by the state in the field of its military, foreign policy, economic, intelligence, counterintelligence and operational-search activities, the dissemination of which may harm the security of the Russian Federation." Thus, based on the balance of interests of the state, society and citizens, the scope of the Law is limited to certain types of activities: military, foreign policy, economic, intelligence, counterintelligence and operational-search.

The law determined that the main criterion is that the classified information belongs to the state.

The law also secured the creation of a number of bodies in the field of state secret protection, in particular, an interdepartmental commission for the protection of state secrets, introduced the institution of officials empowered to classify information as state secrets, while at the same time imposing personal responsibility on them for activities to protect state secrets in their area of ​​responsibility.

The overall organization and coordination of work in the country on the protection of information processed by technical means is carried out by a collegial body - the Federal Service for Technical and Export Control (FSTEC) of Russia under the President of the Russian Federation, which exercises control over the provision in state administration bodies and at enterprises conducting work on defense and other secret topics.

Purpose and tasks in the field of information security at the state level

The state policy of ensuring the information security of the Russian Federation determines the main areas of activity of the federal state authorities and state authorities of the constituent entities of the Russian Federation in this area, the procedure for fixing their duties to protect the interests of the Russian Federation in the information sphere within the framework of their activities and is based on maintaining a balance of interests of the individual , society and the state in the information sphere. The state policy of ensuring the information security of the Russian Federation is based on the following basic principles: observance of the Constitution of the Russian Federation, the legislation of the Russian Federation, generally recognized principles and norms of international law in the implementation of activities to ensure the information security of the Russian Federation; openness in the implementation of the functions of federal state authorities, state authorities of the constituent entities of the Russian Federation and public associations, providing for informing the public about their activities, taking into account the restrictions established by the legislation of the Russian Federation; legal equality of all participants in the process of information interaction, regardless of their political, social and economic status, based on the constitutional right of citizens to freely search, receive, transmit, produce and disseminate information in any legal way; priority development of domestic modern information and telecommunication technologies, production of hardware and software capable of ensuring the improvement of national telecommunications networks, their connection to global information networks in order to comply with the vital interests of the Russian Federation.

The state in the process of implementing its functions to ensure the information security of the Russian Federation: conducts an objective and comprehensive analysis and forecasting of threats to the information security of the Russian Federation, develops measures to ensure it; organizes the work of the legislative (representative) and executive bodies of state power of the Russian Federation to implement a set of measures aimed at preventing, repelling and neutralizing threats to the information security of the Russian Federation; supports the activities of public associations aimed at objectively informing the population about socially significant phenomena of public life, protecting society from distorted and unreliable information; exercises control over the development, creation, development, use, export and import of information security tools through their certification and licensing of activities in the field of information security; pursues the necessary protectionist policy towards manufacturers of informatization and information protection tools on the territory of the Russian Federation and takes measures to protect the domestic market from the penetration of low-quality informatization tools and information products into it; contributes to providing individuals and legal entities with access to world information resources, global information networks; formulates and implements the state information policy of Russia; organizes the development of a federal program for ensuring information security of the Russian Federation, which unites the efforts of state and non-state organizations in this area; contributes to the internationalization of global information networks and systems, as well as Russia's entry into the world information community on the terms of equal partnership.

Improving the legal mechanisms for regulating public relations arising in the information sphere is a priority direction of the state policy in the field of ensuring the information security of the Russian Federation.

This involves: assessing the effectiveness of the application of existing legislative and other regulatory legal acts in the information sphere and developing a program for their improvement; creation of organizational and legal mechanisms for ensuring information security; determining the legal status of all subjects of relations in the information sphere, including users of information and telecommunication systems, and establishing their responsibility for compliance with the legislation of the Russian Federation in this area; creation of a system for collecting and analyzing data on the sources of threats to the information security of the Russian Federation, as well as on the consequences of their implementation; development of regulatory legal acts that determine the organization of the investigation and the procedure for litigation on the facts of illegal actions in the information sphere, as well as the procedure for eliminating the consequences of these illegal actions; development of offenses taking into account the specifics of criminal, civil, administrative, disciplinary responsibility and the inclusion of relevant legal norms in the criminal, civil, administrative and labor codes, in the legislation of the Russian Federation on public service; improvement of the personnel training system used in the field of information security of the Russian Federation.

The legal support of the information security of the Russian Federation should be based, first of all, on the observance of the principles of legality, the balance of interests of citizens, society and the state in the information sphere. Compliance with the principle of legality requires federal government bodies and government bodies of the constituent entities of the Russian Federation, when resolving conflicts that arise in the information sphere, to be strictly guided by legislative and other regulatory legal acts regulating relations in this area. Compliance with the principle of balancing the interests of citizens, society and the state in the information sphere implies legislative consolidation of the priority of these interests in various areas of the life of society, as well as the use of forms of public control over the activities of federal state authorities and state authorities of the constituent entities of the Russian Federation. The implementation of guarantees of constitutional rights and freedoms of a person and a citizen related to activities in the information sphere is the most important task of the state in the field of information security. The development of mechanisms for the legal support of information security of the Russian Federation includes measures to informatize the legal sphere as a whole. In order to identify and coordinate the interests of federal state authorities, state authorities of the constituent entities of the Russian Federation and other subjects of relations in the information sphere, to develop the necessary decisions, the state supports the formation of public councils, committees and commissions with a wide representation of public associations and promotes the organization of their effective work.

Features of certification and standardization of cryptographic services

In almost all countries that have developed cryptographic technologies, the development of cryptographic information protection tools belongs to the sphere of state regulation. State regulation includes, as a rule, licensing of activities related to the development and operation of cryptographic tools, certification of cryptographic information protection tools and standardization of cryptographic transformation algorithms.

The following types of activities are subject to licensing: development, production, certification tests, sale, operation of encryption tools designed for cryptographic protection of information containing information constituting a state or other secret protected by law, during its processing, storage and transmission through communication channels, as well as provision of services in the field of encryption of this information; development, production, certification tests, operation of telecommunications systems and complexes of the highest state authorities of the Russian Federation; development, production, certification tests, implementation, operation of closed systems and telecommunications complexes of the authorities of the constituent entities of the Russian Federation, central federal executive authorities, organizations, enterprises, banks and other institutions located on the territory of the Russian Federation, regardless of their departmental affiliation and forms property (hereinafter referred to as closed systems and telecommunications complexes) intended for the transmission of information constituting a state or other secret protected by law; carrying out certification tests, implementation and operation of encryption means, closed systems and telecommunications complexes designed to process information that does not contain information constituting a state or other secret protected by law, during its processing, storage and transmission through communication channels, as well as the provision of services in the field of encryption of this information

Encryption tools include: hardware, software and hardware-software tools that implement cryptographic algorithms for converting information, ensuring the security of information during its processing, storage and transmission over communication channels, including encryption technology; hardware, software and hardware-software means of protection against unauthorized access to information during its processing and storage that implement cryptographic algorithms for converting information; hardware, software and hardware-software means of protection against the imposition of false information, which implement cryptographic algorithms for converting information, including means of imitation protection and "digital signature"; hardware, hardware-software and software for the production of key documents for encryption tools, regardless of the type of key information carrier.

Closed telecommunication systems and complexes include telecommunication systems and complexes in which information is protected using encryption tools, secure equipment and organizational measures.

Additionally, the following types of activities are subject to licensing: operation of encryption tools and/or digital signature tools, as well as encryption tools for protecting electronic payments using plastic credit cards and smart cards; provision of services for the protection (encryption) of information; installation, installation, adjustment of encryption tools and / or digital signature tools, encryption tools for protecting electronic payments using plastic credit cards and smart cards; development of encryption tools and/or digital signature tools, encryption tools for protecting electronic payments using plastic credit cards and smart cards

The procedure for certification of CIPF is established by the "Certification System for Cryptographic Information Protection ROSS.R11.0001.030001 of the State Standard of Russia.

Standardization of cryptographic transformation algorithms includes comprehensive research and publication in the form of standards of elements of cryptographic procedures in order to use proven cryptographically secure transformations by CIPF developers, to ensure the possibility of joint operation of various CIPF, as well as the possibility of testing and verifying compliance of the CIPF implementation with the algorithm specified by the standard. The following standards have been adopted in Russia - cryptographic conversion algorithm 28147-89, algorithms for hashing, setting and verifying a digital signature R34.10.94 and R34.11.94. From foreign standards, the DES, RC2, RC4 encryption algorithms, the MD2, MD4 and MD5 hashing algorithms, the DSS and RSA digital signature verification algorithms are widely known and used.

Legislative framework for information security

The basic concepts, requirements, methods and tools for designing and evaluating an information security system for information systems (IS) are reflected in the following fundamental documents:

"Orange Book" by the National Computer Protection Center

"Harmonized criteria of European countries (ITSEC)";

The concept of protection against unauthorized access of the State Commission under the President of the Russian Federation.

Information security concept

The security concept of a system being developed is "a set of laws, rules and norms of behavior that determine how an organization processes, protects and distributes information. In particular, the rules determine in which cases the user has the right to operate with certain sets of data. The more reliable the system, the stricter and the concept of security should be more diverse. Depending on the formulated concept, you can choose specific mechanisms that ensure the security of the system. The concept of security is an active component of protection, including an analysis of possible threats and the choice of countermeasures."

The security concept of the developed system according to the "Orange Book" should include the following elements:

Arbitrary access control;

Object reuse security;

Security labels;

Forced access control.

Consider the content of the listed elements.

Arbitrary access control is a method of restricting access to objects based on the identity of the subject or the group to which the subject belongs. The arbitrariness of control lies in the fact that some person (usually the owner of the object) can, at his own discretion, give or take away from other subjects access rights to the object.

The main advantage of arbitrary access control is flexibility, the main disadvantages are the dispersal of control and the complexity of centralized control, as well as the isolation of access rights from data, which allows copying secret information into public files.

Object reuse security is an important addition to access controls in practice, protecting against accidental or deliberate extraction of secret information from "garbage". Reuse safety must be guaranteed for areas random access memory(in particular, for buffers with screen images, decrypted passwords, etc.), for disk blocks and magnetic media in general.

Security labels are associated with subjects and objects to enforce access control. The label of the subject describes its trustworthiness, the label of the object - the degree of closeness of the information contained in it. According to the Orange Book, security labels consist of two parts - a security level and a list of categories. The main problem that needs to be addressed in connection with labels is ensuring their integrity. First, there must be no unlabeled subjects and objects, otherwise there will be easily exploitable holes in labeled security. Secondly, for any operations with the data, the labels must remain correct. One of the means of ensuring the integrity of security labels is the division of devices into multi-level and single-level devices. Multilevel devices can store information of different levels of secrecy (more precisely, lying in a certain range of levels). A single-level device can be considered as a degenerate case of a multi-level device, when the allowable range consists of a single level. Knowing the level of the device, the system can decide whether it is permissible to write information to it with a certain label.

Enforced access control is based on the matching of subject and object security labels. This method of access control is called forced, because it does not depend on the will of the subjects (even system administrators). Enforced access control is implemented in many variants operating systems and DBMS, characterized by increased security measures.

Cryptographic tools - these are special mathematical and algorithmic means of protecting information transmitted over communication systems and networks, stored and processed on a computer using various encryption methods.
Technical information security through its transformation, excluding its reading by outsiders, has worried a person since ancient times. Cryptography must provide such a level of secrecy that it is possible to reliably protect critical information from decryption by large organizations - such as the mafia, transnational corporations and large states. Cryptography in the past was used only for military purposes. However, now, with the rise of the information society, it is becoming a tool for privacy, trust, authorization, electronic payments, corporate security, and countless other important things. Why has the problem of using cryptographic methods become particularly relevant at the moment?
On the one hand, the use of computer networks, in particular the global Internet, through which large amounts of information of a state, military, commercial and private nature are transmitted, which does not allow access to it by unauthorized persons.
On the other hand, the emergence of new powerful computers, network and neural computing technologies made it possible to discredit cryptographic systems, which until recently were considered practically undiscovered.
The problem of protecting information by transforming it is dealt with by cryptology (kryptos - secret, logos - science). Cryptology is divided into two areas - cryptography and cryptanalysis. The goals of these directions are directly opposite.
Cryptography is engaged in the search and study of mathematical methods for transforming information.
The sphere of interest of cryptanalysis is the study of the possibility of decrypting information without knowing the keys.
Modern cryptography includes 4 major sections.

· Symmetric cryptosystems.

Public key cryptosystems.

· Electronic signature systems.

· Key management.

The main directions of using cryptographic methods are the transfer of confidential information over communication channels (for example, Email), authentication of transmitted messages, storage of information (documents, databases) on media in encrypted form.

Terminology.
Cryptography makes it possible to transform information in such a way that its reading (restoration) is possible only if the key is known.
As information to be encrypted and decrypted, texts built on a certain alphabet will be considered. These terms mean the following.
Alphabet- a finite set of signs used to encode information.
Text- an ordered set of elements of the alphabet.
Encryption- transformative process: the original text, which is also called plaintext, is replaced by ciphertext.
Decryption- reverse encryption process. Based on the key, the ciphertext is converted to the original.
Key- information necessary for the smooth encryption and decryption of texts.
A cryptographic system is a family of T [T1, T2, ..., Tk] plaintext transformations. Members of this family are indexed, or denoted by the symbol "k"; the k parameter is the key. The key space K is the set of possible key values. Usually the key is a consecutive series of letters of the alphabet.
Cryptosystems are divided into symmetric and public key.
In symmetric cryptosystems, the same key is used for both encryption and decryption.
Public key systems use two keys, public and private, that are mathematically related to each other. Information is encrypted using a public key, which is available to everyone, and decrypted using a private key, known only to the recipient of the message.
The terms key distribution and key management refer to the processes of an information processing system whose content is the compilation and distribution of keys to users.
An electronic (digital) signature is a cryptographic transformation attached to the text, which allows, when another user receives the text, to verify the authorship and authenticity of the message.
Crypto resistance is called a characteristic of a cipher that determines its resistance to decryption without knowing the key (i.e., cryptanalysis).
The effectiveness of encryption to protect information depends on maintaining the secret of the key and the cryptographic strength of the cipher.
The simplest criterion for such efficiency is the probability of revealing the key or the cardinality of the set of keys (M). In essence, this is the same as cryptographic strength. For its numerical evaluation, one can also use the complexity of deciphering the cipher by enumeration of all keys.
However, this criterion does not take into account other important requirements for cryptosystems:

Impossibility of disclosure or meaningful modification of information based on the analysis of its structure;

the perfection of the security protocols used;

the minimum amount of key information used;

minimal complexity of implementation (in the number of machine operations), its cost;

high efficiency.

Often more effective in selecting and evaluating a cryptographic system is the use of expert judgment and simulation.
In any case, the selected set of cryptographic methods should combine both convenience, flexibility and efficiency of use, as well as reliable protection against intruders of information circulating in the IS.

Such a division of information security tools ( technical protection of information), rather conditionally, since in practice they very often interact and are implemented in a complex in the form of software and hardware modules with a wide use of information closure algorithms.

Conclusion

In this term paper, I examined the local area network of the Administration, and concluded that in order to fully protect information, it is necessary to apply all means of protection in order to minimize the loss of this or that information.

As a result of the work done: computerization of workplaces with their integration into a local area network, with the presence of a server and access to the Internet. The performance of this work will ensure the most rapid and productive work of the working personnel.

The tasks that were set when receiving the task, in my opinion, have been achieved. The scheme of the local area network of the Administration is given in Appendix B.

Bibliography.

1. GOST R 54101-2010 “Means of automation and control systems. Means and security systems. Maintenance and current repair»

2. Organizational protection of information: tutorial for universities Averchenkov V.I., Rytov M.Yu. 2011

3. Khalyapin D.B., Yarochkin V.I. Fundamentals of information security.-M.: IPKIR, 1994

4. Khoroshko V.A., Chekatkov A.A. Methods and means of information protection (edited by Kovtanyuk) K .: Junior Publishing House, 2003-504s.

5. Hardware and computer networks Ilyukhin B.V. 2005

6. Yarochkin V.I. Information Security: A Textbook for University Students.-M.: Academic Project!?! Fund "Mir", 2003.-640s.

7. http://habrahabr.ru

8. http://www.intel.com/ru/update/contents/st08031.htm

9. http://securitypolicy.ru

10. http://network.xsp.ru/5_6.php

Note A.

Note B.