CJS is what? Means of cryptographic protection of information

The term "cryptography" comes from the ancient Greek words "hidden" and "I write". The phrase expresses the main purpose of cryptography is the protection and preservation of the secrets of the transmitted information. Information protection can occur in various ways. For example, by restricting physical access to data, hiding the transmission channel, creating physical difficulties in connecting to communication lines, and so on.

Purpose of cryptography

Unlike traditional methods of cryptography, cryptography assumes the full availability of a transmission channel for intruders and ensures the confidentiality and authenticity of information using encryption algorithms that make information inaccessible to third-party reading. The modern system of cryptographic information protection (CKSI) is a software and hardware computer complex that provides information protection for the following main parameters.

• Confidentiality - the inability to read information by persons who do not have the appropriate access rights. The main component of securing confidentiality in the CIP is a key, which is a unique alphanumeric combination for user access to a particular CICP unit.
• Integrity - the impossibility of unauthorized changes, such as editing and deleting information. To do this, redundancy is added to the original information in the form of a verification combination calculated by the cryptographic algorithm and depending on the key. Thus, without knowledge of the key, adding or changing information becomes impossible.
• Authentication - confirmation of the authenticity of information and parties, its sending and receiving. The information transmitted through the communication channels must be uniquely authenticated by content, creation and transmission time, to the source and the recipient. It should be remembered that the source of threats can be not only an attacker, but also parties involved in the exchange of information with insufficient mutual trust. To prevent such a situation, the CPSI uses a timestamp system to prevent repeated or repeated sending of information and changing the order of its follow-up.

• Authorship is acknowledgment and impossibility of refusal from the actions made by the user of the information. The most common way of authenticating is an electronic digital signature (EDS). The EDS system consists of two algorithms: to create a signature and to verify it. When working intensively with the ETC, it is recommended to use software certification centers to create and manage signatures. Such centers can be realized as a completely independent of the internal structure of the CIC. What does this mean for the organization? This means that all operations with electronic signatures are handled by independent certified organizations and forgery of authorship is practically impossible.

Encryption Algorithms

Currently, open encryption algorithms prevail among CJS using symmetric and asymmetric keys with a length sufficient to provide the required cryptographic complexity. The most common algorithms are:

• Symmetrical keys - Russian R-28147.89, AES, DES, RC4;
• Asymmetric keys - RSA;
• With the use of hashing functions - Р-34.11.94, MD4 / 5/6, SHA-1/2.

Many countries have their own national standards for encryption algorithms. In the US, a modified AES algorithm with a key length of 128-256 bits is used, and in the Russian Federation the algorithm of electronic signatures Р-34.10.2001 and block cryptographic algorithm Р-28147.89 with a 256-bit key. Some elements of national cryptographic systems are banned for export outside the country, activities to develop CIPs require licensing.

Hardware cryptographic protection systems

Hardware CICs are physical devices that contain software for encryption, recording and transmission of information. Encryption devices can be made in the form of personal devices, such as USB-encoders ruToken and flash drives IronKey, expansion cards for personal computers, specialized network switches and routers, on the basis of which it is possible to build completely protected computer networks.

Hardware CKSI are quickly installed and operate at high speed. Disadvantages - high, in comparison with software and hardware-software CZSI, the cost and limited upgrade opportunities.

Also to the hardware one can refer CCD blocks built into various data recording and transmission devices, where encryption and restriction of access to information is required. Such devices include automobile tachometers, fixing parameters of motor transport, some types of medical equipment, etc. For the full operation of such systems, a separate activation of the CJS module by the supplier's specialists is required.

Software cryptographic protection systems

Software CZIS is a special software package for encrypting data on storage media (hard drives and flash drives, memory cards, CD / DVDs) and when transmitting over the Internet (emails, files in attachments, protected chat rooms, etc.). There are a lot of programs, including free ones, for example, DiskCryptor. The software CICs can also include protected virtual networks of information exchange, working "over the Internet" (VPN), the expansion of the Internet protocol HTTP with support for HTTPS and SSL encryption is a cryptographic protocol for information transfer, widely used in IP telephony and Internet applications.

Software CIP are mainly used on the Internet, on home computers and in other areas where the requirements for functionality and stability of the system are not very high. Or, as with the Internet, when you have to create many different secure connections at the same time.

Software and hardware cryptographic protection

It combines the best qualities of hardware and software systems. This is the most reliable and functional way to create secure systems and data networks. All options for user identification are supported, such as hardware (USB-drive or smart card), and "traditional" - login and password. The hardware-software CZSI supports all modern encryption algorithms, has a large set of functions for creating a secure workflow based on digital signatures, all required state certificates. Installation of CPSI is performed by qualified personnel of the developer.

Company "KRIPTO-PRO"

One of the leaders of the Russian cryptographic market. The company develops a full range of programs to protect information using EDS based on international and Russian cryptographic algorithms.

The company's programs are used in electronic document circulation of commercial and state organizations, for the delivery of accounting and tax reporting, in various city and budget programs, etc. The company issued more than 3 million licenses for the CSP program CSP and 700 licenses for certification centers. "Crypto-PRO" provides developers with interfaces for embedding cryptographic protection elements in their software products and provides the full range of consulting services for the creation of CIC.

CryptoPro crypto provider

When developing the CryptoPro CSP CSR, the Cryptographic Service Providers cryptographic architecture built into the Windows operating system was used. The architecture allows you to connect additional independent modules that implement the required encryption algorithms. With the help of modules working through CryptoAPI functions, cryptographic protection can implement both software and hardware CIP.

Key carriers

As personal keys, various hardware can be used , such as:

• Smart cards and readers;
• Electronic locks and readers working with Touch Memory devices;
• Various USB-keys and removable USB-drives;
• Files of the system registry Windows, Solaris, Linux.

CryptoProvider functions

CryptoPRO CSP is fully certified by FAPSI and can be used for:

1. Providing legal force and authorization of electronic documents by creating and verifying digital signatures in accordance with Russian encryption standards.

2. Full confidentiality, authenticity and data integrity with encryption and imitation protection in accordance with Russian encryption standards and TLS protocol.

3. Checks and controls the integrity of the code to prevent unauthorized changes and access.

4. Creation of regulations for the protection of the system.