Cryptography in Digital Technology

Various encryption algorithms are constantly used in banking and corporate networks to protect against industrial espionage or hacking. All channels and servers in such systems are secure, that is, subjected to processing according to a particular encryption algorithm. Such systems require mandatory in-line encryption of communication channels at the network level and above, which protects the transmitted traffic from compromise when transmitted over potentially compromised provider channels, and a potentially compromised channel for a bank is any channel that is not provided by the bank itself as a provider.

Cryptography Objectives

Cryptography is considered as a means of protecting confidential data from:

• Unauthorized reading
• Intentional violation of integrity or non-interference
• Unwanted copy
• Falsifications

One of the fundamental requirements for cryptographic protection is the principle of its equal strength. That is, if the protection can be divided into links, then all these links must have the same resistance to hacking.

Principles of application

There are several fundamental principles for the use of cryptographic algorithms

• Cryptographic methods make it possible to ensure the protection of transmitted data even if this data is transmitted in an unreliable environment (such as the Internet).
• Encryption algorithms are used to protect files containing important information in order to minimize the likelihood of unauthorized persons accessing them.
• Cryptography is used not only to ensure secrecy, but also to preserve the integrity of data.
• Cryptography is a means of verifying the reliability of data and its sources (we are talking about digital signatures and certificates)
• The keys to the encryption algorithm are kept secret.
• Algorithms, file formats, and key sizes may be common knowledge.

Cryptographic algorithms based on the use of public key distribution have created a system for integrated information security in large computer networks and information databases. The reason for this was the peculiarity of public key cryptosystems (built on the basis of asymmetric encryption algorithms) to use a much smaller number of keys for the same number of users than the public key cryptosystem requires.

There are many ready-made encryption algorithms that have high cryptographic resistance, the ransomware can only create its own unique key to give the information the necessary cryptographic qualities. The key is used for both encryption and decryption.

Certificates

Верификация сертификата в operating system Microsoft Windows XP

Certificates are typically used to exchange encrypted data across large networks. A public key cryptosystem solves the problem of exchanging secret keys between participants in secure exchange, but does not solve the problem of trusting public keys. Since it is possible for an attacker to replace the public key and intercept the message encrypted by this key for the purpose of subsequent decryption with his own private key. For more information on this, see the article Cryptography. The idea of ​ ​ the certificate is understood as the presence of a third party, which is trusted by two other parties to information exchange. It is assumed that there are few such third parties, and their public keys are known to all other users in advance. Thus, the third party public key forgery is easily detected. If User A forms a certificate with its public key and this certificate is signed by third party C, then any network user trusting conditional party C will be able to verify the authenticity of the public key of User A. In the centralized infrastructure, the certification center acts as party C. In trust networks, C can be any user, and whether this user who authenticates the key of user A should be trusted is decided by the sender of the message.

Certificate structure

The list of mandatory and optional requirements for a certificate is determined by the standard for its format (for example, X.509). Typically, the certificate includes the following fields:

• name of the certificate owner (name of the user who owns the certificate)
• one or more public keys of the certificate holder
• name of the certification center
• certificate serial number assigned by the certification center
• certificate validity period (validity start date and validity end date)
• information about the cryptographic algorithms used
• electronic digital signature generated using the secret key of the certification center (the result of hashing all information stored in the certificate is signed).

Certificate verification

Trust in any user certificate is determined based on the certificate chain. Moreover, the initial element of the chain is a certificate of a certification authority stored in a secure personal directory of the user.

The certificate chain verification procedure checks the association between the name of the certificate owner and its public key. It implies that all valid chains begin with certificates issued by one trusted certification authority. A trusted center refers to a main CA whose public key is contained in a self-signed certificate. This limitation simplifies the verification procedure, although the presence of a self-signed certificate and its cryptographic verification do not provide security. To ensure trust in the public key of such a certificate, special methods of its distribution and storage must be applied, since all other certificates are checked on this public key.

A public key cryptographic system using certificates makes it possible to implement truly secure systems using modern technologies and data transmission networks. Standardization in this area allows different applications to communicate with each other using a single public key infrastructure.

Electronic digital signature (EDS)

An electronic digital signature is used in cases where it is necessary to confirm the ownership of the received data or to exclude the possibility of denial of authorship by the addressee. The EDS also checks the integrity of the data, but does not ensure their confidentiality. The electronic signature is added to the message and can be encrypted with it if it is necessary to keep the data secret.

Implementation of EDS

The electronic digital signature (EDS) is used by individuals and legal entities as an analogue of the personal signature to give the electronic document legal force equal to the legal force of the document on paper, signed by the personal signature of the authorized person and sealed. Sequence of actions to create an EDS:

• Creating Electronic Signature Keys
• Secret keys remain with users participating in the exchange; public keys are made available to both sides.
• The private key signs the outgoing message, the public key checks its authenticity.
• The result of the check is one of the answers: "correct "/" incorrect."

Thus, it is impossible to replace authorship and protect the message from making extraneous changes, even if these changes are insignificant.

Quantum cryptography

One reliable way to keep telephone conversations or information transmitted over electronic networks secret is to use quantum cryptography.

The greatest practical application of quantum cryptography is found today in the field of protecting information transmitted over fiber-optic communication lines.

This is due to the fact that optical fibers (FOCL) allow for the transmission of photons over long distances with minimal distortion. Laser diodes of transmitting modules are used as photon sources; next, there is a significant attenuation of the power of the light signal - to the level when the average number of photons per pulse becomes much less than one. Systems for transmitting information over the fiber optic fiber, in the receiving module of which avalanche photodiodes are used in the photon counting mode, are called quantum optical communication channels (COX).

Due to the low power of signals, the information transfer rates in quantum networks are not too high compared to the capabilities of modern fiber-optic networks - the former significantly lose to the latter in speed. Therefore, in most cases, quantum cryptographic systems are used to distribute keys, which are then used by encryption means of a high-speed data stream. It is important to note that quantum cryptographic equipment has not yet been mass-produced. However, as the cost of such equipment improves and decreases, KKS can be expected to appear in the telecommunications market as, for example, an additional service in the construction of corporate fiber optic networks. Read the article "Quantum cryptography (encryption)"

Quantum Communication Channel Secrecy Prerequisites

In the transition from signals where information is encoded by pulses containing thousands of photons to signals where the average number of photons per pulse is much less than one, the laws of quantum physics come into effect. It is on the use of these laws in combination with classical cryptography procedures that the nature of KKS secrecy is based.

Heisenberg's uncertainty principle applies here, according to which an attempt to make measurements in a quantum system distorts its state, and the information obtained as a result of such a measurement does not fully correspond to the state before the measurements begin. An attempt to intercept information from a quantum communication channel inevitably leads to interference detected by legal users. Quantum systems use this fact to enable two parties that have not previously met and previously exchanged any secret information to communicate with each other in an environment of complete secrecy without fear of being overheard. Thus, in the field of cryptography, completely new opportunities have opened up.

Chronology of events

2024: Russia approves first GOST for cryptographic data exchange protocol in industrial systems

The Federal Agency for Technical Regulation and Metrology (Rosstandart) by order of February 15, 2024 No. 235-st approved the specification of the secure exchange protocol for industrial systems GOST R 71252-2024 " Information Technology. Cryptographic information protection. Secure Exchange Protocol for Industrial Systems. " This was reported to TAdviser on February 22, 2024 by representatives of the InfoTeCS Group of Companies. The standard comes into force on April 1, 2024 instead of the recommendations for standardization R 1323565.1.029-2019. Read more here.

2023: St. Petersburg created a reliable encryption system on new principles

At the end of December 2023, Russian researchers from the St. Petersburg State Electrotechnical University "LETI" announced the development of a specialized random sequence generator for encryption. The domestic cryptographic system is based on the principles of radiophotonics and optics. Read more here.

2021: Quantum computer reveals vulnerabilities in AES encryption

On February 8, 2021, it became known that the detection of problems could potentially lead to dangerous consequences for companies such as Google, Microsoft and IBM.

Specialists - the Swiss IT Terra Quantum AG using quantum computer revealed vulnerabilities cryptographic algorithm in AES. Using a technique known as quantum annealing, the company proved that even the strongest versions of AES could be are deciphered quantum computers for several years.

Presumably, these problems jeopardize the confidentiality of data on the Web, bank transactions and email.

According to experts, the problems were found in the symmetric Advanced Encryption Standard (AES) block encryption algorithm. As noted by the director of Terra Quantum AG Markus Pflitsch, they managed to use a quantum computer not only to fix, but also to prove the insecurity of the encryption algorithm.

AES was adopted as an encryption standard by the US government. In June 2003, the US National Security Agency ruled that the AES cipher was reliable enough to be used to protect information constituting a state secret^[1].

2020: Scientists have learned how to encrypt data with crystals

On February 13, 2020, it became known that scientists from the University of Glasgow (UK) learned to use crystals as a random number generator for encryption.

The researchers were able to use crystallization to produce real random numbers, thus achieving a higher level of encryption. Previously, to protect against intruders who could somehow get a key for hacking, they used "natural" sources of random numbers - for example, motion or noise sensors.

Chemists have developed a robotic system that uses the crystallization process to create random chains of numbers and encrypt information. Under the right conditions, chemicals in a liquid solution can transition from a disordered state to an extremely organized one - a crystal. The process is filled with randomness - from the time it takes to form a crystal to the geometry of the structures.

According to chemistry professor Lee Cronin, they developed a simple robot that followed crystallization processes through a web camera and transformed different detected reactions into a sequence of ones and zeros. The researchers looked at three different chemical reactions and compared their coded strings with one created using Mersenne Twister's general-purpose pseudo-random number generator. The reverse decoding of such information took much longer than in the case of previously known methods, which proves the effectiveness of the selected method.

According to experts, this method offers a good alternative to existing generators of true random numbers. The shape of their robot can be reduced and embedded in a regular computer, "providing access to a powerful and convenient random number generator running on chemical processes." As Cronin noted, this method will be cheaper than quantum computing, which is considered the gold standard for generating random numbers^[2].

Literature

• A. Yu . Vinokurov. GOST is not simple.., but very simple, M., Monitor-1995.-N1.
• A. Yu . Vinokurov. Once again about GOST., M., Monitor-1995.-N5.
• A. Yu . Vinokurov. Encryption algorithm GOST 28147-89, its use and implementation for computers of the Intel x86. platform, Manuscript, 1997.
• A. Yu . Vinokurov. How is the block cipher arranged?, Manuscript, 1995.
• M.  E. Smeed, D. C. Branstead. Data Encryption Standard: Past and Future.

/ per. from English/M., Mir, TIIER.-1988.-t.76.-N5.

• Information processing systems. Cryptographic protection. Cryptographic transformation algorithm GOST 28147-89, M., Gosstandard, 1989.
• B.V  . Berezin, P.V  . Doroshkevich. Digital signature based on traditional cryptography//Information protection, issue 2., M.: MP "Irbis-II," 1992.
• W.Diffie,M.E.Hellman. New Directions in cryptography// IEEE Trans.

Inform. Theory, IT-22, vol 6 (Nov. 1976), pp. 644—654.

• W. Diffi. The first ten years of public key cryptography./per. from English/M., Mir, TIIER.-1988.-t.76.-N5.
• Vodolazky V., "DES Encryption Standard," Monitor 03-04 1992 S.
• Vorobyov, "Protection of information in personal ZVM," ed. Peace, 1993 
• Kovalevsky V., "Cryptographic Methods," Computer Press 05.93
• Maftik S., "Protection Mechanisms in Computer Networks," ed. Peace, 1993 

See also

Cryptography

Links

• Moscow Branch of Penza Electrotechnical Research Institute
• High Tech News
• St. Petersburg State Polytechnic University
• Crypto Pro Portal

Notes