Types of cryptographic information protection features. Cryptographic protection of information. Skzi: see, zastosuvannya

The task of selecting cryptographic data security software is required for those who are seriously concerned about the security of their confidential information. And there is absolutely nothing surprising about it - encryption today is one of the best ways to escape unauthorized access to important documents, databases, photographs and any other files.

The problem is that in order to make a competent choice it is necessary to understand all aspects of the operation of cryptographic products. Otherwise, you can easily be complacent and take issue with the PP, because you will either not allow all the necessary information to be stolen, or you won’t be able to ensure a proper level of security. Why do you need to waste your respect? First of all, the encryption algorithms available in the product. In other words, methods of authentication of Vlasnik information. Thirdly, protect information. Fourthly, additional functions and capabilities. Finally, the credibility and popularity of the developer, as well as the availability of certificates for the development of encryption methods. And this is not all that may be important when choosing a cryptographic system for protection.

It is clear that people, who are not aware of the lack of information, find it difficult to know the types of food.

Secret Disk 4 Lite

The distributor of the Secret Disk 4 Lite product is the Aladdin company - one of the world leaders operating in Galusia. information security. There is a large number of certificates. Although the product itself does not appear to be certified (Secret Disk 4 has a certified version), this fact suggests that the company is recognized by a serious specialist in cryptographic features.

Secret Disk 4 Lite can be used to encrypt other parts of the hard drive, any significant storage devices, as well as to prevent theft virtual disks. In this way, with the help of this tool you can solve most of the problems related to cryptography. Okremo varto means the possibility of encryption system section. In this case, the encroachment of the OS by an unauthorized hacker becomes intractable. Moreover, this protection is much more reliable than the ones provided by Windows protection.

The Secret Disk 4 Lite product does not have built-in encryption algorithms. This program is used by external crypto providers for its work. The standard module for integration in Windows is used for promotion. We have implemented DES and 3DES algorithms. However, today the stench is considered morally obsolete. Tom for the best one You can download a special Secret Disk Crypto Pack from the Aladdin website. This is a crypto provider that implements the most reliable cryptographic technologies today, including AES and Twofish with a key extension of up to 256 bits. Before speaking, depending on your needs, those subscribed to Secret Disk 4 Lite can use the certified postal algorithms of Signal-COM CSP and " CryptoPro CSP".

An important feature of Secret Disk 4 Lite is a customer authentication system. On the right is that it is based on the use of digital certificates. This product includes a hardware USB token eToken. It is a secure storage for private keys. In fact, we are talking about full-time two-factor authentication(Availability of the token plus knowledge of its PIN code). As a result, the encryption system was analyzed and was eliminated from such a “technical” problem as vikoristaniya primary password protection.

With the additional functions of Secret Disk 4 Lite, you can include the ability of richly-expanded robots (the owner of encrypted disks can give access to them to other people) and the background robot during the encryption process.

The interface of Secret Disk 4 Lite is simple and intelligent. According to the Russian language, it is the same as the reporting system, in which all the nuances of the product are described.

InfoWatch CryptoStorage

InfoWatch CryptoStorage is a product of the affiliated company InfoWatch, which has certificates for the development, distribution and maintenance of encryption systems. As it was supposed, they stink, but they can play the role of a kind of indicator of the seriousness of the place’s business and the quality of its products.

Malyunok 1. Context not menu

InfoWatch CryptoStorage implements only one encryption algorithm – AES with a key depth of 128 bits. Authentication of clients is implemented using a primary password protection. For the sake of fairness, it should be noted that the program has a minimum deposit requirement key words, which is older than six characters. Prote, password guard, insanely, greatly compromises its reliability of two-factor authentication with vicarious tokens. What makes InfoWatch CryptoStorage software special is its versatility. On the right, you can use it to encrypt other files and folders, partitions of your hard drive, any kind of storage devices, as well as virtual disks.

This product, like the first one, can be stolen system drives, so that you can be victorious to escape unauthorized acquisition computer. In fact, InfoWatch CryptoStorage allows you to manage the entire range of issues related to cryptocurrencies symmetric encryption.

An additional feature of this product is the organization of richly secured access to encrypted information. In addition, InfoWatch CryptoStorage has guaranteed data reduction without the possibility of updating it.

InfoWatch CryptoStorage is a Russian program. Its interface, based on the Russian language, is quite unconventional: it’s a big deal, just like every day (and only the small end of the configurator), and practically all the work is implemented using an additional context menu. Such a decision is simple, but it is impossible not to recognize its simplicity and handiness. Of course, the Russian documentation in the program is the same.

Rohos Disk is a product of the company Tesline-Service.S.R.L. You can enter a line of small utilities that implement various tools to protect confidential information. The development of this series has been ongoing since 2003.

Figure 2. Program interface

The Rohos Disk program is intended for cryptographic data protection. It allows you to create encrypted virtual disks on which you can save any files and folders, as well as install security software.

To protect data, this product uses the AES cryptographic algorithm with a 256-bit key, which ensures a high level of security.

Rohos Disk implements two methods of authenticating accounts. The first of them is the ultimate password protection with all its shortcomings. Another option is to use the original USB drive, on which the required key is written.

This option is also not very reliable. If you use this method, wasting a flash drive can lead to serious problems.

Rohos Disk comes with a wide range of additional capabilities. First of all, we need to know the protection of USB drives. The essence of this lies in the creation of a special encrypted section on a flash drive, into which confidential data can be transferred without fear.

Moreover, the product includes a utility that allows you to open and view USB drives on computers that do not have Rohos Disk installed.

Advance additional capacity- Steganography encouragement. The essence of this technology lies in the storage of encrypted information in the middle of multimedia files (AVI, MP3, MPG, WMV, WMA, OGG formats are supported).

This wiki allows us to capture the fact that a secret disk is located, for example, in the middle of the film. The remaining additional function is the reduction of information without the possibility of updating.

The Rohos Disk program uses the traditional Russian interface. In addition, it is accompanied by a developmental system, perhaps not as informative as the two leading products, but sufficient for mastering the principles of its development.

When talking about cryptographic utilities, one cannot help but think about costless security software. Even today, there are practical products in all the world that can be easily sold everywhere. The loss of information is not a violation of this rule.

However, until the development of reliable software security for information protection, there is a twofold goal. The truth is that a lot of utilities are written by programmers, either the same or in small groups. However, no one can vouch for the accuracy of their implementation and the presence of “holes”, both casual and submissive. All cryptographic solutions by powerful forces are even more complicated. When they are created, it is necessary to take into account various nuances. It is therefore recommended to stock the most widely known products, and obligatory with a clear code. It is only possible to remember that the “bookmarks” have been removed and protested by a large number of fakers, and therefore, more or less reliable. An example of such a product is the TrueCrypt program.

Figure 3. Program interface

TrueCrypt may be one of the most functional and cost-free cryptographic utilities. From now on, it was used only to prevent theft of virtual disks. Still, for the majority of prosperous people the price is the highest manual way zakhistu Various information. However, this year it acquired the function of encrypting the system partition. As we already know, there are no purposes for protecting a computer from unauthorized startup. True, it is not yet possible to encrypt all other sections, as well as other files and folders with TrueCrypt.

This product implements a number of encryption algorithms: AES, Serpent and Twofish. The ruler of information can choose which one of them you want to vikorist from Narazi. Authentication of clients with TrueCrypt can be done using additional default passwords. However, there is another option - with a number of key files that can be saved on a hard drive or some other storage device. Please note that this program supports tokens and smart cards, which allows you to organize reliable two-factor authentication.

Z additional functions The analyzed program can be called the feasibility of creating new volumes among the main ones. It is used to store confidential data under the hour of opening the disc under a stove. TrueCrypt also has a system implemented backup volume headers to update them in the event of a failure or roll back to old passwords.

The TrueCrypt interface is primary for utilities of this kind. It is rich in atoms, and it is possible to establish a Russian language. There are a lot of things to do with the documentation. There it is, and it’s even more reportable, the prote is written in English. Of course, not about yaku technical support I can’t go.

For greater precision, their specificity and functional capabilities are summarized in Table 2.

Table 2 - Functional capabilities cryptographic information protection programs

The features of cryptographic protection of information, or shortly cryptographic protection, are developed to ensure the complete protection of data transmitted by communication lines. For this purpose, it is necessary to ensure authorization and protection of the electronic signature, authentication of receipt of parties using the TLS and IPSec protocols, as well as protection of the channel itself, if necessary.

Russia has a lot of cryptographic features, but most of them are classified, so there is little information available behind the scenes.

Methods to contact SKZI

• Authorization of data and ensuring the preservation of their legal significance at the time of transfer and preservation. For this purpose, algorithms for creating electronic signatures and verifying them comply with the established regulations of RFC 4357 and obtain certificates based on the X.509 standard.
• Protection of data confidentiality and control of its integrity. Vikorist uses asymmetric encryption and imitosis to prevent data spoofing. Complied with GOST R 34.12-2015.
• Defender of system and application software. Prevention of unauthorized changes or improper operation.
• Management of the most important elements of the system in accordance with the adopted regulations.
• Authentication of parties that exchange data.
• Zakhist z'ednannya z vikoristannyam TLS protocol.
• IP connection protection for additional protocols IKE, ESP, AH.

The methods are described in the following documents: RFC 4357, RFC 4490, RFC 4491.

CIPS mechanisms for information security

1. Privacy protection is maintained either transmitted information Encryption algorithms are set.
2. Once the connection is established, identification will be secured by means of an electronic signature under the hour of authentication (following the X.509 recommendation).
3. Digital document management is also protected by means of electronic signatures, with the protection of imposition or repetition, in which there is control of the reliability of the keys, which are subject to verification for verification. electronic signatures.
4. The integrity of the information is ensured by means of a digital signature.
5. The use of the asymmetric encryption function allows data to be stolen. In addition, to verify the integrity of the data, you can use hashing functions or imitosis algorithms. However, these methods do not support the importance of authorship of the document.
6. Repetition protection is provided by the cryptographic functions of the electronic signature for encryption and imitosis. When it comes to the skin hemezheviy sessions A unique identifier is added, wait a long time to turn off this error, and verification is carried out by the receiving side.
7. Protection from binding, in order to penetrate the ligaments from the side, is ensured by the means of electronic signature.
8. Other protection - against bookmarks, viruses, modification of the operating system, etc. - is ensured using various cryptographic features, security protocols, anti-virus programs and login management.

As you can note, electronic signature algorithms are mainly a function of cryptographic protection of information. The stench will be seen lower.

Vimogi shodo vikoristannya SKZI

SKZI is aimed at securing (by verifying the electronic signature) confidential data from different people information systems x legal vikoristannaya and ensuring their confidentiality (verification of electronic signature, imitosis, encryption, hash verification) at corporate measures.

The personal security of the cryptographic security guard is used to protect the personal data of the client. Please make sure to especially see the information that is going on sovereign dungeon. Behind the law SKZI you can buti vikoristano to work with it.

Important: before installing the CPS, you must first check the CPS security package itself. Whole crock. As a rule, the integrity of the installation package is verified by verifying the control sums held by the manufacturer.

Once installed, the trace is determined by the level of the threat, which means you can identify the types of ACS required for installation: software, hardware, and hardware-software. It is also important to note that with the organization of various VCSs, it is necessary to ensure the placement of the system.

Klasi zakhistu

According to the order of the FSB of Russia dated July 10, 2014 number 378, which regulates the establishment of cryptographic protection of personal data information, six classes were designated: KS1, KS2, KS3, KB1, KB2, KA1. The protection class of this system or another system is determined by analyzing data on the gun model and by ratings possible ways evil system. Protection will be based on software and hardware cryptographic protection of information.

AC (current threats), as can be seen from the table, there are 3 types:

1. Threats of the first type are associated with undocumented capabilities of the system software that is being tested in the information system.
2. Threats of another type are associated with undocumented capabilities of the application software that is developed in the information system.
3. All others are called threats of the third type.

Undocumented capabilities - these are the functions and powers of the software that are not described in the official documentation or do not correspond to them. Their use may pose a risk of compromising confidentiality and the integrity of information.

For clarity, let's look at the attacker models, which require a different class of cryptographic protection features to cover the needs:

• KS1 is a violator in the middle of the system, without any indicators in the middle of the system.
• KS2 is an internal burglar, but does not allow access to the VCSI.
• KS3 is an internal breaker, which is the core of the SKZI.
• KV1 is an attacker that attracts third-party resources, for example, fahivts with SKZI.
• KV2 is a destroyer, behind whose activities there is an institute or a laboratory that is working on the development and development of SCPD in Galuzia.
• KA1 – special services of powers.

With this rank, KS1 can be called the basic class of zakhista. Apparently, the higher the class of defense, there are fewer fahivts to protect it. For example, in Russia, according to data for 2013, there were only 6 organizations that issued a certificate from the FSB and provided security to the KA1 class.

Vikorist algorithms

Let's look at the main algorithms that are used for cryptographic information protection:

• GOST R 34.10-2001 and updates to GOST R 34.10-2012 - algorithms for creating and verifying electronic signatures.
• GOST R 34.11-94 and the remaining GOST R 34.11-2012 - algorithms for creating hash functions.
• GOST 28147-89 and the new GOST R 34.12-2015 - implementation of algorithms for encryption and data security.
• Additional cryptographic algorithms are in accordance with RFC 4357.

Electronic signature

The established method of cryptographic protection of information cannot be discovered without the use of electronic signature algorithms, which are gaining more and more popularity.

An electronic signature is a special part of a document created by cryptographic processes. Our main concerns are the detection of unauthorized changes and attribution of authorship.

An electronic signature certificate is a single document that certifies the validity and authenticity of an electronic signature to your owner using a private key. The type of certificate is confirmed by the centers for verification.

The owner of the electronic signature certificate is the person in whose name the certificate is registered. It is connected with two keys: open and close. The private key allows you to create an electronic signature. The private key is used to verify the authenticity of the signature due to the cryptographic link from the private key.

See your email signature

behind Federal law No. 63 electronic signature is divided into 3 types:

• Primary electronic signature;
• unqualified electronic signature;
• qualifications electronic signature.

A simple EP is created for the storage of passwords, overlays on the appearance and review of data, and similar features that invariably confirm the authority.

Unqualified EP is created using additional cryptographic processes using a private key. In this case, you can confirm the person who signed the document, and establish the fact that unauthorized changes were made before these unauthorized changes.

Qualified and unqualified signatures are further differentiated by the fact that in the first instance, a certificate for a EP may be issued by a certified FSB-certified center.

Email signature area

The table below outlines the areas of EP stagnation.

The most active EP technologies involve the exchange of documents. In internal document management, the EP acts as a document certifier, as a special signature etc. In case of current documentation, the visibility of the EP is critical, as is the case with legal confirmations. It is also important to note that documents signed by the EP are preserved indefinitely and do not lose their legal significance through such officials as signatures that are sealed, zipped papers, etc.

Liability to control authorities is another area in which electronic document management is growing. Many companies and organizations have already appreciated the ease of use of this format.

Behind the law Russian Federation Every citizen has the right to become a member of the EP under the hour of vicarious government services (for example, signing an electronic application for government authorities).

Online trading is another important area in which electronic signatures are actively being promoted. This is confirmation of the fact that real people take part in trades and these propositions can be considered reliable. It is also important that any contract for the additional EP gains legal force.

Electronic signature algorithms

• Full Domain Hash (FDH) and Public Key Cryptography Standards (PKCS). There remains a whole group of standard algorithms for various situations.
• DSA and ECDSA are standards for electronic signatures in the USA.
• GOST R 34.10-2012 – EP design standard in the Russian Federation. Tsey standard replacing DERZHSTANDARD R 34.10-2001, which was officially adopted after 31 June 2017.
• The Eurasian Union has standards that are quite similar to the Russian ones.
• STB 34.101.45-2013 – Belarusian standard for digital electronic signature.
• DSTU 4145-2002 is a standard for creating electronic signatures in Ukraine and many others.

Varto also notes that the EP creation algorithms have different purposes:

• Group email signature.
• Disposable digital signature.
• Entrusted with EP.
• Qualified and unqualified signatures.

Viznachennya 1

Cryptographic information security is a security mechanism for encrypting data to ensure information security of the marriage.

Cryptographic methods for protecting information are actively being researched in everyday life for saving, processing and transmitting information across communications and on different media.

The essence and purpose of cryptographic protection of information

Today, the most reliable method of encrypting data during the transmission of information is a great solution to the cryptographic protection of information itself.

Cryptography is a science that describes and describes models of information security (hereinafter referred to as “IS”) of data. It allows you to solve a lot of problems that cover confidential information security measures: confidentiality, authentication, control and integrity of interaction between participants.

Vicennia 2

Encryption is the transformation of information data into a form that is unreadable for software systems and people without a key, encryption and decryption. Invariably, cryptographic methods for protecting information ensure information security, which is the main part of the IB concept.

Respect 1

The key method of cryptographic information security is to ensure confidentiality and security of information data computer network during the transfer process between the system's customers.

The protection of confidential information, which is based on cryptographic protection, encrypts the information using additional transformations, which are described by the key and the order that means blasphemy It's stagnant.

An important component of a cryptographic security is the key, which determines the choice of implementation and the order of its implementation.

Vicenzennya 3

The key is a chain of symbols, which is used to configure the algorithm that encrypts and decrypts information cryptographic systems. The skin transformation is indicated by a key that specifies a cryptographic algorithm that ensures the security of the information system and information in general.

The skinny algorithm for cryptoassist information works in in different modes, which may have both a number of advantages and a number of shortcomings that affect the reliability of information security of the state and the IB function.

Features and methods of cryptographic information protection

The main features of crypto-protection of information can include software, hardware and software-hardware devices that implement cryptographic algorithms for information using the following method:

• protection of information data during its processing, transmission and transmission;
• ensuring the integrity and reliability of information when stored, processed and transmitted (including through the use of digital signature algorithms);
• generation of information that is used for authentication and identification of subjects, users and devices;
• generation of information that is used to protect authentication elements during their storage, processing, processing and transmission.

None of the basic cryptographic methods are used to ensure reliable authentication of the parties to the information exchange. They transmit encryption and encoding of information.

There are two main methods of cryptographic information security:

• symmetric, in which the same key that is kept secret is used both for encryption and for decryption of data;
• asymmetrical.

Whose cream is coming soon effective methods symmetric encryption – fast and reliable. The Russian Federation has adopted the national standard “Information Processing Systems” for such methods. Cryptographic protection of information. Algorithm for cryptographic transformation" - GOST 28147-89.

In asymmetric methods of cryptographic information security, two keys are used:

1. Unclassified, which can be published simultaneously with other information about the profiteer, which is confidential. This key is vikorized for encryption.
2. The secret one, which is known only to be removed, is vikorized for decryption.

The most asymmetrical using the method cryptographic information security is the RSA method, which focuses on operations with large (100-digit) prime numbers, as well as their derivatives.

By using cryptographic methods, it is possible to reliably control the integrity of certain portions of information data from their sets, guarantee the impossibility of repeating certain actions, and also ensure the consistency of the ate danish.

The basis of cryptographic integrity control is formed by two concepts:

1. Electronic signature.
2. Hash function.

Vicenchennya 4

A hash function is a one-way function or transformation of data, such as easy decomposition, which is implemented by means of symmetric encryption through linking blocks. The result of encrypting the remaining block, which lies before all the previous ones, is the result of the hash function.

In commercial activity, cryptographic protection of information is gaining everything more meaning. In order to transform the information, different types of encryption facilities: documentation encryption methods (including for portable wiki), encryption methods telephone roses and radio communications, as well as methods for encrypting the transmission of data and telegraph communications.

In order to steal commercial secrets on the domestic and international markets, sets of professional encryption equipment are being purchased from technical devices cryptography of telephone and radio conversations, as well as business listings.

With this wide expansion, maskers and scramblers have also emerged to replace the radio signal with digital data transmission. Cryptographic features for the protection of faxes, telexes and teletypes are being expanded. For these purposes, we design encryptors that are installed in the form of set-top boxes for devices, in other devices, as well as in devices that are used in the design of fax modems, telephones and other devices link. Electronic digital signatures are widely protected in order to ensure the authenticity of electronic communications being transmitted.

Cryptographic security of information in the Russian Federation is primarily based on the addition of a separate check sum and verification combination in order to calculate the integrity of the data. The information security model is cryptographic, so as to be a key. For information security assessments that rely on cryptography, the importance of reading data from secret key It is the most important tool and is used in the government information security systems.

Corporate encryption methods, which are promoted by AST, can support GOST encryption algorithms and provide the necessary classes of cryptoassist in the required level of protection, the regulatory framework and the possibility of others, including external systems.

The features of cryptographic information protection (CIS) are an important warehouse with ensured information security and allow you to guarantee high rhubarb saving data, once again wasting encryption electronic documents to the hands of third parties, as well as in case of theft or loss of information from them. SKZI today may become involved in a skin company – often in line with the interaction with automated banking systems and government information systems; later – to save and exchange corporate data. Nowadays, the latest encryption technology allows you to protect your business from unsecured flows of critically valuable information with a guarantee of up to 99% of the security of a human official.

The functional need for stored VCS is also determined by the greater popularity of electronic document management, archiving and paperless interchange. The importance of the documents stored in such systems dictates the need for high-security information, which cannot be accessed without securing encryption and electronic signatures.

The implementation of SKZI in corporate practice involves the creation of a software and hardware complex, the architecture and storage of which is determined by the needs of a particular representative, due to legislation, the required methods and encryption algorithms. This may include software components for encryption (cryptoproviders), methods for organizing VPN, methods of authentication, methods for forming and verifying keys and digital digital signatures, which serve to organize legally significant document processing, hardware information storage tsії.

Corporate encryption methods, which are promoted by AST, can support GOST encryption algorithms and provide the necessary classes for the cryptologist, depending on the required level of protection, the regulatory framework and, possibly, with other , including external systems. This type of encryption will ensure the protection of many information components - files, directories with files and archives, physical and virtual storage media, entire servers and SRS.

The solution can ensure the entire complex of approaches to the reliable protection of information when storing, transmitting, vicorising, as well as managing the VCSs themselves, including:

• Securing confidential information
• Ensuring the integrity of information
• Guarantee of information reliability
• Complete protection of information, including:
  - Encryption and decryption
  - Creation and revision of the EDS
• Hnučkisti našestuvannya, keruvannya i vikoristannya SKZI
• SKZI protection, including monitoring and detection of cases of loss of efficiency, attempts of unauthorized access, cases of key compromise.

Implemented projects

Related services:

• Monitoring and management of IB incidents

  The most important factor in ensuring information security (IS) is the availability of complete and reliable information about the data,

  [...]
• Border security and perimeter protection

  The network infrastructure is technologically the basis of all corporate IT systems and is a transport artery for information,

  [...]
• Protection against direct attacks

  One of the most serious and most dangerous threats to business in terms of information security (IS) for direct purposes

  [...]
• Automated process control system manager

  Automated process control system (APCS) for production and basic solutions,

  [...]
• Spill analysis and control systems

  Just as there are no absolutely healthy people, there are no absolutely stolen information systems. IT infrastructure components

  [...]
• Protection against the flow of information (DLP system)

  Whether any organization has documents let's share access to prevent other confidential information from being lost in other people's

The term “cryptography” is similar to the ancient Greek words “wanting” and “writing”. The wording determines the main purpose of cryptography – it is the protection and preservation of the confidentiality of transmitted information. Information protection can be obtained in different ways. For example, there is a way of limiting physical access to data, connecting to a transmission channel, creating physical difficulties in connecting to a line connection, etc.

The purpose of cryptography

Instead of traditional methods of secret writing, cryptography provides greater accessibility to the transmission channel for malicious actors and ensures confidentiality and reliability of information using encryption algorithms, such as make information inaccessible to third parties. Suchasna system Cryptographic information protection (CIP) is a software and hardware computer complex that ensures the protection of information behind such basic parameters.

• Confidentiality- The impossibility of reading information by persons who do not have appropriate access rights. The main component of ensuring confidentiality in SKZI is the key, which is a unique alphanumeric combination for the client’s access to the last block of SKZI.
• Solidity- impossibility of unauthorized changes, such as editing and additional information. For this purpose, the output information is given the extra-ordinary nature of the verification combination, which is calculated by the cryptographic algorithm and lies in the key. In this way, without knowing the key, adding or changing information becomes impossible.
• Authentication- confirming the correctness of the information and the parties that are being sent and maintained. Information transmitted through communication channels must be uniquely authenticated by the place, the time of creation and transmission, the source and the owner. It should be remembered that the threat may come not only from the malicious person, but from the parties who take part in the exchange of information due to a lack of mutual trust. To avoid such situations, the VCR system uses a time stamp system to make it impossible to re-upload or reverse the information and change the order and forwarding.

• Authorship- confirmation and impossibility of taking actions based on the information. The most extensive way to confirm validity is the EDS system and two algorithms: prior to signature and verification. For intensive work with the ECC, it is recommended to use software centers for creating and managing signatures. Such centers can be implemented as completely independent from internal structures zasib SKZI. What does this mean for the organization? This means that all transactions are certified by independent certification organizations and that detailed attribution is practically impossible.

Encryption algorithms

Currently, open-source encryption algorithms with a variety of symmetric and asymmetric keys with sufficient strength to ensure the required cryptographic complexity are preferred. The most advanced algorithms:

• symmetrical keys – Russian R-28147.89, AES, DES, RC4;
• asymmetric keys – RSA;
• with vicoristan hash functions – R-34.11.94, MD4/5/6, SHA-1/2.

Many countries are developing their own national standards. In the USA, modifications are being made to the AES algorithm with a key of 128-256 bits, and in the Russian Federation, the electronic signature algorithm R-34.10.2001 and the block cryptographic algorithm R-28147.89 with 2 56-bit key. Action elements of national cryptographic systems restricted for export abroad, activity from the development of VCS requires licensing.

Crypto hardware systems

Hardware VCSs are physical devices used by security software to encrypt, record and transmit information. Encryption devices may be different from view personal devices, such as ruToken USB encryptors and IronKey flash drives, expansion boards for personal computers, specialized edge switches and routers, based on the possibility of theft of computer edges.

Hardware SKZs are quickly installed and operate with high speed. The shortcomings are high, equalized with software and hardware-software SKZI, flexibility and the possibility of modernization.

Also, it is possible to add SKZI blocks built into the hardware Various devices registration and transmission of data, where necessary, encryption and access to information. Before such devices there are automobile tachometers, which record the parameters of vehicles, types of medical equipment, etc. For full-fledged operation of such systems, it is necessary to activate the VCS module by postal specialists.

Crypto software systems

Software SKZI – this is special software complex for encrypting data on storage media (hard drives and flash drives, memory cards, CD/DVD) and when transmitted via the Internet ( electronic sheets, files in attachments, stolen chats, etc.). There are a lot of programs to choose from, including the cost-free ones, for example, DiskCryptor. Theft can also be introduced to software VCS virtual boundaries exchange of information that occurs “over the Internet” (VPN), an extension of the Internet to the HTTP protocol with the support of HTTPS encryption and SSL - a cryptographic information transfer protocol that is widely used in IP telephony systems Internet add-ons.

Software SKZI are mainly used on the Internet, on home computers and in other areas where the functionality and stability of the system is not very high. Because you have a problem with the Internet when you have to create a lot of different thefts at once.

Hardware-software cryptohist

I'll get into it beautiful yakost hardware software systems SKZI. This is the most reliable and functional method of preventing theft of systems and data transfer. All options for identifying users are supported, both hardware (USB storage or smart card) and “traditional” - login and password. Software and hardware VCSs support modern encryption algorithms, provide a wide range of functions for creating protected documents based on the EDS, all with the necessary government certificates. Installation of the SKZD is carried out by qualified personnel of the distributor.

Company "CRYPTO-PRO"

One of the leaders of the Russian cryptographic market. The company develops a full range of programs for protecting information from digital digital signatures based on international and Russian cryptographic algorithms.

The company's software is vikoristed in electronic document management commercial and sovereign organizations, for filing accounting and filing reports, for various municipal and budgetary programs, etc. The company has issued over 3 million licenses for CryptoPRO CSP programs and 700 licenses for certification centers. “Crypto-PRO” provides vendors with interfaces for inserting elements of cryptographic protection from its own and provides a full range of consulting services for the creation of VCS.

Crypto provider CryptoPro

During the development of the SKZ CryptoPro CSP, the vikorist was introduced into the operation Windows system cryptographic architecture Cryptographic Service Providers The architecture allows you to connect additional independent modules that implement the necessary encryption algorithms. With the help of additional modules that operate through the CryptoAPI functions, cryptographic protection can be operated by both programs and hardware.

Key noses

In yakosti special keys There may be differences like this:

• smart cards and readers;
• electronic locks and readers that work with Touch Memory devices;
• various USB keys and replaceable USB storage devices;
• system files Windows registry, Solaris, Linux.

Functions of a crypto provider

SKZI CryptoPro CSP is fully certified by FAPSI and can be approved for:

2. Complete confidentiality, authenticity and integrity of data with additional encryption and imitation security conforming to Russian encryption standards and the TLS protocol.

3. Checks and integrity control program code to prevent unauthorized changes and access.

4. Creation of regulations for the protection of the system.