- •Classification of threats
- •Types and classification of ciphers
- •4 Distributing of the keys
- •2 Generation of the keys
- •2 Digital signature on the basis of El-Gamal cipher
- •Approaches to systems creation of information protection
- •1 Determination
- •7 Realization of control of integrity and management of protection system
- •3 Secret communication systems
- •1 Feistel Network and spn networks
- •3 General characteristic of des
- •4 Requirements to cryptosystems
- •Diffi-Hellman algorithm
- •2 General description of гост 28147-89 algorithm
- •1 Management a key sequence
- •1 Passing of secret messages by asymmetric cryptosystems
- •3 Storage of the keys
- •4 Electronic-digital signature
- •3 Encipherement in the mode of simple replacements
4 Distributing of the keys
The very important condition of safety of information is a periodic update of key information in the system. Thus both the work keys and master-keys must over fix. In the especially responsible informative systems it is desirable to do the update of key information (session keys) daily. The question of update of key information is closely related to the third element of the keys control - distributing of the keys.
Distributing of the keys is the most responsible process in a management the keys. The followings requirements are produced to its:
- operationability and distributing exactness;
- secrecy of the distributed keys.
Distributing of the keys between the users of computer network will be realized two methods:
1) by the use of one or a few centers of distributing of the keys;
2) by a direct exchange by the session keys between the users of network.
The lack of the first approach consists of that fact: the center of distributing of the keys knows to whom and what keys are up-diffused, and it allows to read all of messages, transferrable on a network. Possible abuses substantially influence on protection. At the second approach a problem consists of that, reliably to certify authenticity of subjects of network.
Authenticity of session of connection must be provided in both cases. It can be carried out, utillizing the mechanism of query - answer or mechanism of mark of time.
Mechanism of query - answer consists in the following. User A plugs in sent message (query) for an user B an unforeseeable element (for example, random number). At an answer user B must execute some operation with this element (for example, to add unit, that it is impossible to carry out beforehand, as unknown, what random number will come in a query. After the receipt of result of actions of user (answer) user A can be sure that a session is authentic.
The mechanism of mark of time supposes fixing of time for every message. It allows every subject of network to define, as far as old coming message, and to reject its, if a doubt will appear in his authenticity. At the use of marks of time it is necessary to set the possible temporal interval of delay.
In both cases for protection of element of control utillize an ncipherement, to carry guarantee, that an answer is sent a not user violator and the rubber stamp of mark of time is not changed.
2 Generation of the keys
Safety of any cryptographic algorithm is determined the in-use cryptographic key. The reliable cryptographic keys must have sufficient length and casual values of bits. In a table 1 lengths of the keys of symmetric and asymmetric cryptosystems, providing identical firmness to the attack of full search (to the attack of "brute force") are led.
Major description of the key is his chance. A presence of regularity in the separate key and in a key array results in lowering of cryptographic firmness of cipher. The use as keys of intelligent words and expressions also results in reduction of order of key set. Search of such keys with the purpose of decryption of cryptosystem is named an attack on a dictionary.
Table 1 - Lengths of the keys of cryptosystem for providing of identical firmness
Length of the key of symmetric cryptosystem (bit) |
Length of the key of asymmetric cryptosystem (bit) |
56 |
384 |
64 |
512 |
80 |
768 |
112 |
1792 |
128 |
2304 |
For the receipt of the keys apparatus and programmatic facilities of generation of casual values of the keys are utillized. As a rule, apply the sensors of pseudorandom numbers (PRN). However a degree of chance of generation of numbers must be high. Ideal generators are devices on the basis of "natural" casual processes, for example, on basis white radionoise.
Обозначения на схеме:
In the automated systems with the middle requirements of protection the programmatic generators of the keys, which calculate PRN as a difficult function from current time and (or) number, entered an user, are used.
One of methods of generation of the session key for symmetric cryptosystem described in the standard of ANSI X9.17. He is realized on the basis of one of variants of chart of «triple DES» (it is although possible to apply other symmetric algorithms of encipherement).