This all sounds pretty good, and is usually justified in practice when using encryption. Encryption is undoubtedly the most important security tool. Encryption mechanisms help protect confidentiality and the integrity of information. Encryption mechanisms help identify the source of information. However, encryption alone is not the solution to all problems. Encryption mechanisms can and should be part of full featured security software. Indeed, encryption mechanisms are widely used security mechanisms just because they help provide confidentiality, integrity and the possibility of identification.
However, encryption is only a delaying action. It is known that any encryption system can be hacked. The point is that it can take a lot of time and a lot of resources to gain access to encrypted information. Taking this fact into account, an attacker may try to find and use other weak spots in the entire system as a whole.
In this lecture, you will learn about the basic concepts associated with encryption and how to use encryption to keep information secure. We will not go into detail on the mathematical basis of encryption, so the reader will not need much knowledge in this area. However, we will look at a few examples to help you understand how different encryption algorithms used in good security program.
Basic encryption concepts
Encryption is hiding information from unauthorized persons while granting access to it to authorized users at the same time. Users are called authorized if they have the appropriate key to decrypt information. This is a very simple principle. The difficulty lies in how this entire process is implemented.
Another important concept to be aware of is that the goal of any encryption system is to make it as difficult as possible for unauthorized persons to gain access to information, even if they have the ciphertext and know the algorithm used to encrypt it. As long as the unauthorized user does not possess the key, the secrecy and integrity of information is not violated.
Encryption provides three states of information security.
- Confidentiality. Encryption is used to hiding information from unauthorized users during transmission or storage.
- Integrity. Encryption is used to prevent information being changed during transmission or storage.
- Identifiability. Encryption is used to authenticate the source of information and prevent the sender of information from denying the fact that the data was sent to them.
Encryption terms
Before starting a detailed story about encryption, here are the definitions of some of the terms that will be used in the discussion. First, we will deal with terms that denote the components involved in encryption and decryption. Figure 12.1 shows the general principle behind encryption.
There are also four terms to know:
- Cryptography. The science of hiding information using encryption.
- Cryptographer. A person involved in cryptography.
- Cryptanalysis. The art of analyzing cryptographic algorithms for vulnerabilities.
- Cryptanalyst. A person who uses cryptanalysis to identify and exploit vulnerabilities in cryptographic algorithms.
Encryption attacks
Encryption systems can be attacked in three ways:
- Through weaknesses in the algorithm.
- Through a brute-force attack on the key.
- Through vulnerabilities in the surrounding system.
When attacking an algorithm, a cryptanalyst looks for vulnerabilities in the transformation method plain text into a cipher to uncover the plaintext without using a key. Algorithms with such vulnerabilities are not powerful enough. The reason is that a known vulnerability could be exploited to quick recovery source text. In this case, an attacker would not have to use any additional resources.
Brute-force attacks are attempts to brute-force any possible key to convert the cipher to plain text. On average, an analyst using this method must verify the validity of 50 percent of all keys before being successful. Thus, the power of the algorithm is determined only by the number of keys that the analyst needs to try. Therefore, the longer the key, the more total number keys, and the more keys an attacker has to try before finding the correct key. In theory, brute force attacks should always succeed with the right amount of time and resources. Therefore, algorithms need to be judged by the amount of time that information remains secure in a brute-force attack.
There are two main types of encryption: private key and public key. Encryption with a private key requires that all parties who have the right to read the information have the same key. This allows us to reduce the general problem of information security to the problem of key protection. Public key encryption is the most widely used encryption method. It provides confidentiality information and the assurance that information remains unchanged during transmission.
What is the essence of secret key encryption?
Private key encryption is also called symmetric encryption because the same key is used to encrypt and decrypt data. Figure 12.2 shows the basic principle of secret key encryption. As you can see from the figure, the sender and recipient of the information must have the same key.
Figure: 12.2.
Private key encryption provides confidentiality information in an encrypted state. Only those persons who know the key can decrypt the message. Any change made to the message during transmission will be detected because the message cannot be decoded correctly after that. Private key encryption does not provide authentication because any user can create, encrypt, and send a valid message.
In general, private key encryption is quickly and easily implemented using hardware or software.
Substitution ciphers
Wildcard ciphers have been around for about 2,500 years. The earliest example is the Atbash cipher. It originated around 600 BC. and consisted of using the Hebrew alphabet in reverse order.
Julius Caesar used a substitution cipher, which was called the Caesar cipher. This cipher consisted of replacing each letter with another letter located in the alphabet three letters further from the encrypted one. Thus, the letter A was converted to D, B was converted to E, and Z was converted to C.
This example shows that the wildcard cipher processes one letter at a time plain text... The message can be read by both callers using the same substitution scheme. The key in a substitution cipher is either the number of shift letters or a completely reordered alphabet.
Substitution ciphers have one major drawback - the constant frequency of letters in the original alphabet. IN english languagefor example, the letter "E" is the most commonly used. If you replace it with another letter, then the new letter will most often be used (when considering a large number of messages). With this analysis, the wildcard cipher can be broken. Further development of the analysis of the frequency of occurrences of letters allows you to get the most common combinations of two and three letters. With this analysis, it is possible to break any wildcard if the attacker obtains enough ciphertext.
Disposable notepads
One-time pad (OTP) is the only theoretically unbreakable encryption system. A one-time pad is a randomized list of numbers used to encode a message (see Table 12.1). As the name of the system suggests, OTP can only be used once. If the numbers in the OTP are truly random, the OTP is longer than the message and is only used once, then the ciphertext does not provide any mechanism for recovering the original key (i.e. the OTP itself) and hence the messages.
Disposable pads are used in information environments with very high level security (but only for short messages). For example, in the Soviet Union, OTP was used to communicate intelligence with Moscow. The two main disadvantages of OTP are the generation of truly random notebooks and the problem of distributing notebooks. Obviously, if the notebook is revealed, then the information that it protects is also revealed. If the notebooks are not truly random, patterns can be identified that can be used to analyze the frequency of characters encountered.
| Message | S | E | N | D | H | E | L | P |
| Letters replaced with corresponding numbers | 19 | 5 | 14 | 4 | 8 | 5 | 12 | 16 |
| Disposable pad | 7 | 9 | 5 | 2 | 12 | 1 | 0 | 6 |
| Adding |
The question often arises: what type wi-Fi encryption choose for home router. It would seem a trifle, but with incorrect parameters, problems may arise to the network, and even with the transfer of information via an Ethernet cable.
Therefore, here we will look at what types of data encryption are supported by modern WiFi routers, and how the aes encryption type differs from the popular wpa and wpa2.
Wireless encryption type: how to choose a security method?
So, there are 3 types of encryption in total:
- 1. WEP encryption
A type wEP encryption appeared back in the distant 90s and was the first defense option Wi-Fi networks: it was positioned as an analogue of encryption in wired networks and used the RC4 cipher. There were three common encryption algorithms for transmitted data - Neesus, Apple and MD5 - but each of them did not provide the required level of security. In 2004, the IEEE declared the standard obsolete due to the fact that it finally ceased to provide a secure connection to the network. At the moment, this type of encryption for wifi is not recommended, because it is not cryptographically secure.
- 2. WPS is a non-use standard. To connect to the router, you just need to click on the corresponding button, which we discussed in detail in the article.
In theory, WPS allows you to connect to an access point using an eight-digit code, but in practice, often only four are enough.
This fact is calmly used by numerous hackers who quickly enough (in 3 - 15 hours) hack wifi networkstherefore it is not recommended to use this connection either.
- 3. A type wPA encryption/ WPA2
Things are much better with WPA encryption. Instead of the vulnerable RC4 cipher, it uses aES encryption, where the password length is an arbitrary value (8 - 63 bits). This type encryption provides a normal level of security security, and is quite suitable for simple wifi routers. Moreover, there are two types of it:
Type PSK (Pre-Shared Key) - connection to the access point is carried out using a pre-defined password.
- Enterprise — a password for each node is generated automatically with verification on RADIUS servers.
WPA2 is a continuation of WPA with security enhancements. IN this protocol RSN is used, which is based on AES encryption.
Like WPA encryption, WPA2 has two modes of operation: PSK and Enterprise.
Since 2006, the WPA2 encryption type is supported by all Wi-Fi equipment, the corresponding geo can be selected for any router.
Advantages of WPA2 encryption over WPA:
Encryption keys are generated while connecting to the router (instead of static ones);
- Using the Michael algorithm to control the integrity of transmitted messages
- Using an initialization vector of a substantially longer length.
In addition, the type of Wi-Fi encryption should be chosen depending on where your router is used:
WEP, TKIP and CKIP encryption shouldn't be used at all;
For a home access point, WPA / WPA2 PSK is fine;
For WPA / WPA2 Enterprise.
- Encryption happens on both sides. After all, if only one side is encrypted (for example, only the server), then traffic from the other side (from the client) will not be encrypted. He can be overheard or even changed.
- TLS_RSA_WITH_: In this case, the client creates a shared secret by itself generating 48 random bytes. Then he encrypts them using the public RSA key, which is in the server's certificate. The server receives encrypted data and decrypts it using a private RSA key. This scheme rarely used.
- TLS_DHE_RSA_ / TLS_ECDHE_RSA_ / TLS_ECDHE_ECDSA_: This uses the Diffie-Hellman (DHE) cryptographic scheme or its elliptic curve version (ECDHE). The essence of the scheme is as follows: the server and the client generate random large numbers (private keys), calculate other numbers (public keys) based on them, and send them to each other. Having your private key and the public key of the other party, they compute the shared secret. The third party listening on the channel sees only 2 public keys and cannot figure out the shared secret. After that, all data exchanged between the client and the server to obtain this key is signed with a server certificate (RSA or ECDSA signature). If the client trusts the server's certificate, it verifies this signature, and if it is correct, the data exchange begins. This is the most commonly used scheme.
- There are several other schemes, but they are used very rarely or not at all.
Formally, no one gives the key to anyone. In TLS, the client and server must generate a shared secret, a set of 48 bytes. Then the client and the server, based on the shared secret, calculate the keys: the client's encryption key and the server's encryption key. The procedure for calculating keys from a shared secret is standard, and is specified in the description of the TLS protocol. The server and the client know 2 encryption keys, encrypt with one, decrypt the second. And now the most interesting part is how the client and the server calculate the shared secret. It depends on the selected cipher suite:
About interception. As I described above, it is useless to intercept messages here, since in the first case only the server can decrypt it, and in the second a clever cryptographic scheme is used.
Both the server and the client know encryption algorithms. After all, if the client does not know which encryption algorithm, how will he encrypt the data to be sent? IN modern cryptography nobody uses proprietary algorithms. Open algorithms are constantly being studied by the best cryptographers in the world, vulnerabilities are looked for, and solutions are proposed to bypass them.
In TLS, we can conditionally say that the algorithms change, since different encryption keys are generated each time. And then, if you want to use a proprietary algorithm, for example to browse a web page, how can this algorithm be proprietary if your computer / device is encrypting / decrypting?
I have omitted / simplified some details to describe only the main ideas.
According to the apt definition of CNews analysts, the year 2005 in Russia was held under the motto “defending ourselves against internal threats”. The same tendencies were clearly observed in the past year. Given the recent incidents involving the theft of databases and their subsequent free sale, many companies began to think more seriously about the problem of the security of their information resources and differentiation of access to confidential data. As you know, a 100% guarantee of the safety of valuable information is almost impossible, but technologically it is possible and necessary to reduce such risks to a minimum. For these purposes, most tool developers information security offer end-to-end solutions that combine data encryption with control network access... Let's try to consider such systems in more detail.
There are quite a few developers of software and hardware encryption systems for servers storing and processing confidential information (Aladdin, SecurIT, Phystechsoft, etc.). It is sometimes difficult to understand the intricacies of each proposed solution and choose the most suitable one. Unfortunately, the authors of comparative articles devoted to encryption tools, without taking into account the specifics of this category of products, often compare in terms of usability, richness of settings, interface friendliness, etc. but hardly acceptable when choosing a solution to protect confidential information.
Probably, with this statement, we will not discover America, but characteristics such as performance, cost and many others are not critical when choosing an encryption system. The same performance is not important for all systems, and not always. Let's say if the organization has the bandwidth local network small, but only two employees will have access to encrypted information, users are unlikely to notice the encryption system at all, even the most "leisurely" one.
Many other features and parameters of such hardware and software systems are also selective: for some they are critical, but for others they are indifferent. Therefore, we will try to offer an alternative option for comparing protection against unauthorized access and leakage of confidential information - according to the most important and really key parameters.
Stirlitz, you have an encryption!
When choosing a system for data protection, first of all, you should pay attention to what encryption algorithms are used in them. In theory, with enough effort, an attacker could break into any cryptographic system. The only question is how much work he needs to do for this. In principle, virtually any task of breaking a cryptographic system is quantitatively comparable to a search performed by a complete enumeration of all possible options.
According to experts, a 128-bit security level is sufficient for any modern cryptographic system. This means that it takes at least 2,128 steps to successfully attack such a system. According to Moore's Law, adapted to cryptography, even 110 or 100 bits are sufficient, but there are no cryptographic algorithms designed for such keys.
The algorithm itself should be as widespread as possible. Unknown "self-written" algorithms have not been analyzed by experts in the field of cryptography and may contain dangerous vulnerabilities. Taking this into account, the algorithms GOST, AES, Twofish, Serpent with a key length of 128, 192 or 256 bits can be recognized as sufficiently reliable.
Asymmetric encryption algorithms deserve separate consideration. They use different keys for encryption and decryption (hence the name). These keys form a pair and are usually generated by the user. The so-called public key is used to encrypt information. This key is publicly known, and anyone can encrypt a message addressed to the user with it. The private key is used to decrypt the message and is known only to the user himself, who keeps it secret.
The generally accepted way to distribute and store user public keys is with X.509 digital certificates. In the simplest case, a digital certificate is a kind of electronic passport that contains information about the user (name, identifier, address email etc.), about the client's open key, about the Certification Center that issued the certificate, and serial number certificate, expiration date, etc.
A certification authority (CA) is a third trusted party that is endowed with a high level of user confidence and provides a set of measures for using certificates by relying parties. In fact, this is a component of the certificate management system designed to generate electronic certificates of subordinate centers and users certified digital signature UC. In the simplest case, so-called self-signed certificates are used, when the user himself acts as his own certification authority.
It is generally accepted that when using asymmetric encryption algorithms, a strength equivalent to a 128-bit symmetric algorithm is achieved using keys of at least 1024 bits. This is due to the peculiarities of the mathematical implementation of such algorithms.
In addition to the encryption algorithms themselves, it is worth paying attention to the way they are implemented. The appliance can have built-in encryption algorithms or use external plug-ins. The second option is preferable for three reasons. First, you can improve security to meet the growing needs of your company by using more robust algorithms. Again, if the requirements of the security policy change (for example, if a company needs to switch to certified crypto providers), it will be possible to quickly replace existing encryption algorithms without significant delays or disruptions in operation. It is clear that in the case of the built-in algorithm, this is much more complicated.
The second plus of external implementation is that such a cryptographic device does not fall under the relevant legal restrictions on its distribution, including export-import, and does not require the appropriate FSB licenses from the company's partners involved in its distribution and implementation.
Thirdly, do not forget that the implementation of the encryption algorithm is far from a trivial task. Correct implementation requires a lot of experience. Let's say the encryption key should never be in random access memory computer explicitly. In serious products, this key is split into several parts, and a random mask is applied to each of them. All operations with the encryption key are performed in parts, and the reverse mask is applied to the final result. Unfortunately, there is no certainty that the developer took into account all these subtleties when independently implementing the encryption algorithm.
Key to the apartment where the money is
Another factor affecting the degree of data security is the principle of organizing work with encryption keys. There are several options here, and before choosing a specific encryption system, it is strongly recommended to ask how it works: where encryption keys are stored, how they are protected, etc. Unfortunately, often employees of the developer company are not even able to explain basic principles the work of their product. This remark especially applies to sales managers: the simplest questions often confuse them. For a user who decides to protect his confidential information, it is desirable to understand all the intricacies.
For definiteness, we will call the key used for data encryption the master key. The following approaches are most often used to generate them.
The first approach - the master key is generated based on some input data and is used to encrypt the data. Subsequently, to gain access to encrypted information, the user again provides the system with the same input data to generate a master key. The master key itself is thus not stored anywhere. The input data can be a password, a file saved on an external medium, etc. The main disadvantage of this method is the impossibility of creating a backup copy of the master key. The loss of any component of the input data leads to the loss of access to information.
Second approach - the master key is generated using a generator random numbers... Then it is encrypted with some algorithm and after that it is saved along with the data or on an external medium. To gain access, the master key is decrypted first, and then the data itself. To encrypt the master key, it is advisable to use an algorithm of the same strength as for encrypting the data itself. Less robust algorithms reduce the security of the system, and using more robust algorithms is pointless, since this does not increase security. This approach allows you to create backup copies of the master key, which can later be used to restore access to data in the event of force majeure.
As you know, the reliability of a cryptographic system as a whole is determined by the reliability of its weakest link. An attacker can always attack the least strong algorithm of two: data encryption or master key encryption. Let's consider this problem in more detail, bearing in mind that the key on which the master key is encrypted is also obtained based on some input data.
Option one: password
The user enters a password, on the basis of which (using, for example, a hash function) an encryption key is generated (Fig. 1). In fact, the reliability of the system in this case is determined only by the complexity and length of the password. But strong passwords are inconvenient: remembering a meaningless set of 10-15 characters and entering it each to gain access to data is not so easy, and if there are several such passwords (for example, to access different applications), then it is completely unrealistic. Password protection is also susceptible to brute-force attacks, and the set keylogger will easily allow an attacker to gain access to the data.
Figure: 1. Encryption of the master key using a password.
Option two: external storage
The external medium contains some data used to generate the encryption key (Fig. 2). The simplest option - use a file (the so-called key file) located on a floppy disk (CD, USB flash drive, etc.) This method is more reliable than the password option. To generate a key, there is not a dozen password characters, but a significant amount of data, for example, 64 or even 128 bytes.
Figure: 2. Encryption of the master key using data from an external medium.
In principle, the key file can be placed on the hard disk of the computer, but it is much safer to store it separately from the data. It is not recommended to use files created by any well-known applications (* .doc, * xls, * .pdf, etc.) as key files. Their internal structure can give an attacker additional information. For example, all files created by winRAR archiver, start with the characters "Rar!" is four bytes.
Disadvantage this method - the ability for an attacker to easily copy the file and create a duplicate of the external media. Thus, the user, even on a short time having lost control over this medium, in fact, he can no longer be 100% sure of the confidentiality of his data. Electronic USB keys or smart cards are sometimes used as external media, but the data used to generate the encryption key is simply stored in the memory of these media and is just as easily accessible for reading.
Option three: secure external storage
This method is very similar to the previous one. Its important difference is that in order to gain access to data on an external medium, the user must enter a PIN code. Tokens (electronic USB keys or smart cards) are used as external media. The data used to generate the encryption key is located in the secure memory of the token and cannot be read by an attacker without knowing the corresponding PIN (Fig. 3).
Figure: 3. Encryption of the master key using secured external media.
The loss of a token does not mean the disclosure of the information itself. To protect against direct selection of a PIN code, a hardware time delay is set between two consecutive attempts or a hardware limit on the number of incorrect attempts to enter a PIN code (for example, 15), after which the token is simply blocked.
Since the token can be used in different applications, and the PIN code is the same, you can trick the user into entering his PIN code in a fake program, and then read the necessary data from the closed memory area of \u200b\u200bthe token. Some applications cache the PIN value within a single session, which also carries some risk.
Option four: mixed
A variant is possible when a password, a key file on an external medium and data in the protected memory of the token are simultaneously used to generate the encryption key (Fig. 4). This method is rather difficult in everyday use, as it requires additional actions from the user.
Figure: 4. Encryption of the master key using several components.
A multicomponent system is also much more susceptible to the risks of losing access: it is enough to lose one of the components, and access without using a pre-created backup becomes impossible.
Option five: with asymmetric encryption
One approach to organization deserves separate consideration. safe storage master key, devoid of the main disadvantages of the options described above. It is this method that seems optimal to us.
The fact is that modern tokens (Fig. 5) allow not only storing data in closed memory, but also perform a number of cryptographic transformations in hardware. For example, smart cards, as well as USB keys, which are fully functional smart cards, rather than their counterparts, implement asymmetric encryption algorithms. It is noteworthy that in this case, the public-private key pair is also generated by hardware. It is important that the private key on smart cards is stored as write-only, that is, it is used by the smart card operating system for cryptographic transformations, but cannot be read or copied by the user. In fact, the user himself does not know his private key - he only has it.
The data to be decrypted is transmitted operating system smart cards are decrypted in hardware using a private key and transmitted back in decrypted form (Fig. 6). All operations with the private key are possible only after the user enters the PIN code of the smart card. This approach is successfully used in many modern information systems for user authentication. We can also apply it for authentication when accessing encrypted information.
Figure: 6. Encryption of the master key using an asymmetric encryption algorithm.
The master key is encrypted with public key user. To access the data, the user presents their smart card (or USB key, which is a fully functional smart card) and enters its PIN. The master key is then hardware decrypted using the private key stored on the smart card, and the user gains access to the data. This approach combines safety and usability.
In the first four options, it is very important to choose a method for generating an encryption key based on a password and / or data from an external medium. The level of security (in a cryptographic sense) provided by this method must be no lower than the level of security of the rest of the system components. For example, the option when the master key is simply stored on an external medium in an inverted form is extremely vulnerable and unsafe.
Modern tokens support asymmetric algorithms with a key length of 1024 or 2048 bits, thereby ensuring that the reliability of the encryption algorithm of the master key and the encryption algorithm of the data itself are consistent. The hardware limitation on the number of incorrect attempts to enter a PIN-code eliminates the risk of its selection and allows you to use a PIN-code that is simple enough to remember. Using a single device with a simple PIN code increases convenience without compromising security.
Even the user himself cannot create a duplicate smart card, since it is impossible to copy the private key. It also allows you to safely use your smart card in conjunction with any other software.
Did you call technical support?
There is one more selection criterion, which is often overlooked, but at the same time belongs to the category of critical. It's about quality technical support.
There is no doubt that the protected information is of high value. Perhaps its loss will do less harm than public disclosure, but there will be a certain inconvenience in any case. When paying for a product, you also pay for the fact that it will function normally, and in case of a failure, you will be promptly helped to understand the problem and fix it.
The main difficulty lies in the fact that it is rather difficult to assess the quality of technical support in advance. After all, the technical support service begins to play a significant role at the later stages of implementation, at the stage of trial operation and after the completion of implementation, in the process of maintaining the system. The quality criteria for technical support include the response time to a request, the completeness of responses and the competence of specialists. Let's consider them in more detail.
Often, the equivalent of the quality of the technical support service is the speed of response to a request. Nevertheless, quick, but incorrect recommendations can do much more harm than their simple absence.
It seems reasonable to give preference to Russian developments, or at least foreign firms with a representative office in Russia. Speaking with a specialist in your native language, you will more likely understand each other. If the product is foreign, be prepared for possible time delays. This can happen because your questions will be translated into, say, English, and the developer's answers will be translated back into Russian. We will leave the quality of the translation on the conscience of the technical support specialists. It should be borne in mind that a foreign supplier may not have 24/7 support, and as a result, due to the time difference, you will have, for example, only one hour a day to ask a question.
Frequently asked questions (FAQ) lists can be a source additional information not only about the product itself, but also about the competence of specialists working in the company. For example, the absence of such a section suggests that this product is unpopular or that there are no specialists in the organization who are engaged in technical support and who are able to write a knowledge base based on user requests. It's funny, but on some sites in the answers to fAQ errors occur, including in the name of the product itself.
I go out alone on the road...
As you can see, you can go far enough in the selection process. Surely everyone will have their own, important comparison criteria for him. In the end, no one forbids comparing the duration of the warranty periods, the quality of packaging and compliance colors the brand of the manufacturing company to the corporate style of your organization. The main thing is to correctly place the weight coefficients.
In any case, first of all, you need to soberly assess the threats and criticality of the data, and it is advisable to choose security tools, guided by how successfully they cope with their main task - to ensure protection against unauthorized access. Otherwise, the money is better spent on a download manager from the Internet or "solitaire".
