В работе содержатся некоторые рекомендации по повышению стойкости симметричного шифра к методу полного опробования ключей, при условии, что размер ключа не превышает 56 бит. Это условие соответствует требованию регулятора для безлицензионного использования средств криптографической защиты информации. Рекомендации, предлагаемые в работе, учитывают различные определения понятия «ключ», в том числе из известного российского словаря криптографических терминов. Данные рекомендации существенно повышают сложность восстановления злоумышленником открытого текста указанным методом.
Ключевые слова: криптография, регулирование, AON преобразование, асимметрия, стандарты, ГОСТ 28147-89, ГОСТ Р 34.13 -2015.
To implement the proposed Information Security Maintenance Concept, the IS experts’ knowledge autoformalization algorithm was created as the problems of IS assessment and protection level prediction are based mainly on the experts’ informal professional knowledge.
We initiate the study of processing photo pictures and video frames as well as synthetic scenes in three-dimensional (3D) space, which would allow to get images more similar to what human’s vision sees, compared to images created by existing technologies. It is known that human’s vision is nonlinear and creates sensually perceived image of 3D space not equal to well-known linear perspective. Because of that we offer inspired by the biology of human’s vision, a three-stage scheme for processing images and video.
Three-photon spontaneous parametric downconversion (TPSPDC) is a challenging problem in nonlinear quantum optics. A highly doped germania-silica optical fiber is a good candidate for the appropriate nonlinear medium, because of the big interaction length and tight field confinement. A principal condition for TPSPDC is the exact phase-matching between the pump and signal fiber modes.
We investigate the third order spontaneous parametric down-conversion process in a nonlinear media with inversion centers. Specifically, we analyze in details the three-photon differential count rate in unit frequency and angular regions, total count rate and measurement time for rutile and calcite crystals which have comparatively large cubic susceptibilities. Special attention is given to consideration of limited frequency and angular detection ranges in order to calculate experimentally available detection rate values.
This article gives us results of the work on ensuring protection of critical information, transmitted in automatic train signaling system (ALS), based on DMR-RUS radio channel, against computer attacks, targeted to modification and substitution of data. The purpose of this work is development of integrity monitoring and reliability verification system (IMRVS) for information, transmitted in ALS. There are different ways of building IMRVS. This article shows one of these methods, which, in authors’ opinion, is optimal for using in ALS.
Almost all modern computer networks are based on TCP/IP protocol suite. However, structure features of IP allow constructing covert channels with high capacity using modification of inter-packets delays, packets’ header fields and packets lengths. A technique to eliminate such channels is traffic normalization which means sending packets with equal lengths and fixed header fields with equal inter-packets delays that leads to significant decreasing of efficient communication channels capacity and missing of functional capabilities of network protocols. Another way to counteract covert channel is to detect an active channel. Nevertheless, an attacker can reduce the covert channel capacity purposely to make it undetectable. We investigate on/off covert channel and give recommendations to choose the parameters of ε-similarity detection method with specified threshold values of covert channels capacity.
Keywords: network covert channels, ε-similarity, packet length, transfer rate, dummy packet, capacity
At a time when the media constantly reports about new sophisticated attacks, organizations of any business and size need to be prepared for such attacks against their IT infrastructures. To reflect the attacks organizations should have a properly designed information security (IS) management system with adequate documentation support. Among the most important documents, there are IS policies for different application areas, including an IS incident management policy. In order to create a truly effective IS policy it is necessary to adequately describe the organization’s business environment from the IS viewpoint. The paper presents four most demand for these purposes classifications (taxonomy) of IS threats, vulnerabilities, attacks and IS incidents as the negative elements that should be avoided.
While the media constantly describes new attacks, the organizations seriously concerned about their business protection need to be prepared for such sophisticated attacks against their IT infrastructures. Hence a properly designed and formalized information security (IS) management system with Security Operations Center (SOC) as its centric part is required as never before. Among the most important documents for SOC there are two policies: IS policy and IS incident management policy. In order to create a truly effective policy it is vital to adequately describe SOC’s operational environment from the IS viewpoint. The paper presents the most demand for these purposes classifications (taxonomy) of IS threats, vulnerabilities, attacks and IS incidents as the negative elements that should be avoided.
We describe a new method for reconstructing the quantum state of the electromagnetic field from the results of mutually complementary optical quadrature measurements. This method is based on the root approach and displaces squeezed Fock states are used as the basis. Theoretical analysis and numerical experiments demonstrate the considerable advantage of the developed tools over those described in the literature.
In state of the art information systems some special digital signature schemes are utilized since traditional cryptographic primitives do not allow to solve a number of topical security tasks. The following signature schemes are widespread nowadays: threshold signatures, blind signatures, group signatures, ring signatures, etc. Fail-stop signature schemes are also quite investigated but are not used in practice yet. Special digital signature schemes are mostly based on well-known cryptographic algorithms, e.g. RSA, DSA, ElGamal. However, there are no similar modifications of Russian Digital Signature Standard GOST R 34.10-2012 used in many commercial applications. In order to fill a gap we propose and validate secure threshold, blind and fail-stop signature schemes based on GOST R 34.10-2012 algorithm. The obtained cryptographic primitives can be used in e-commerce to improve the security of information systems by using strong basic algorithm.
Devices to provide one-way data transfer are known as one-way gateways and used in various security applications. The main problem to be solved by one-way gateways is to make secure communication between network segments with different security levels to maintain multilevel security policy. Although one-way gateways are utilized in lot of information systems, there is no solution, including “air gap”, to assure one-way transfer in fact and they are not resistant against data leakage via covert channels. We analyzed state of the art technologies and products supporting one-way data transfer, worked out the requirements for one-way gateway with assured data transmitting. We designed the algorithm and protocol of assured data transfer and proposed the detailed device scheme. Then we build the program modelling the interaction between communication parties and the one-way gateway. This program was tested and some recommendations of its implementation were given.
Nowadays information technologies are widespread and used in every computer-based system, hence information security tasks are quite important and their successful solution is required in business process. Cryptographic means are used in different applications, especially in cases when data confidentiality should be provided; although they can be utilized to maintain data availability and integrity, user’s anonymity, author’s non-repudiation and so on. Many information security tools use random numbers, but unfortunately, quality of output random numbers and speed of their generation do not satisfy modern requirements. The rate of production-run random number generators is limited by the physical processes used. One of the reasons of low random numbers generating rate is application of binary events. Many generators use analog events, e.g. noise in electronic devices, converted to binary numbers utilizing the threshold value or quantum discrete events, e.g. photon passing through the polarizer. The main idea of this work is that one can increase random number generator’s rate using the non-binary sequences, e.g. non-binary quantum processes.
Keywords: random numbers, high-rate, non-binary process, photon, information security.
We theoretically investigate a phase-matching (PM) between the HE11 and HE13 modes at wavelengths 1596 and 532 nm, respectively, of a real germania-silica fiber waveguide, whose preform was made by MCVD technology. For several measured refractive index profiles of the fiber preform, the corresponding waveguide diameters, providing homogeneous PM, both with modal dispersion and power characteristics, are calculated. The PM parameters obtained for the real fiber are compared to that calculated for a standard step-index fiber model.
The necessity of using Distance Learning (DL) for teaching cryptology is analyzed. The modern features of applying different DL approaches to solve this task are extracted. The NRNU MEPhI’s experience in creating mass-oriented DL project called Cryptowiki.net is described; its structure and assignments implemented by the students of cryptologic courses are shown. The related works are presented. Cryptowiki.net’s difference from the analogs is stressed out. The main findings of the research are formulated in conclusion.
In this paper, we investigate a class of ciphers which can be described as a generalized Feistel scheme. Using the graph theory and the number theory, we provide upper and lower bounds for the maximum number of rounds when impossible differential technique is applicable for any cipher from the family. These estimations do not depend on the type of Feistel scheme and the number of non-linear functions.
Investigation results of the dependence of the specific light yield on the energy of X-rays and γ-quanta in a range of 1.5–662 keV for NaI(Tl), CsI(Na), CsI(Tl), Bi4Ge3O12, CdWO4, ZnWO4, Y3Al5O12: Ce, CdI2, CaF2(Eu), LSO, YAlO3: Ce, and PS-111 scintillation crystals are presented. The obtained dependences are nonlinear with pronounced minima in a range of K- and L-absorption edges of scintillator-forming elements.
The paper presents an analytical model to study the performance and availability of queueing systems with finite queue and a lot of service phases. The first phase has the exponential distribution of service time, while the second one has the hyper-Erlangian distribution. The analytical results obtained are verified using discrete-event simulation. A few numerical examples for varying the service rates and arrival rates are given. The results presented in the paper can be used for analysis of the Next Generation Firewalls (NGFWs).
We propose and realize a method of high intensity generation of broadband biphotons and achieve its value up to 150 THz. The source is based on a thin BBO crystal with a thickness of 100 microns, in which spontaneous parametric down-conversion takes place. To compensate for the intensity decrease of the down-conversion caused by the small thickness of the crystal, it is placed inside the cavity of an Ar+ laser. In general, this experiment relates to the widely discussed problem of two-photon shaping in the frequency and/or angular domain.
The need to protect big data, particularly those relating to information security (IS) maintenance (ISM) of an enterprise’s IT infrastructure, is shown. A worldwide experience of addressing big data ISM issues is briefly summarized and a big data protection problem statement is formulated. An infrastructure for big data ISM is proposed. New applications areas for big data IT after addressing ISM issues are listed in conclusion.
This paper discusses the peculiarities and problems of teaching the historical aspects of Information Security Science (ISS) to the students of the “Information Security” specialization. Preferential attention is given to the ISS area with the longest history, namely cryptography. We trace exactly what ideas of fundamental importance for modern cryptography were formed in each of the historical periods, how these ideas can help students in mastering the training courses’ material, and how to communicate these ideas to students in the best way. The conclusions are based on the results of studies conducted over a few years at the “Cybernetics and Information Security” Faculty of the NRNU MEPhI, where our ideas are implemented in the educational process. We teach the history of cryptography in a few educational courses for Specialists in IS and Masters in Business Continuity and IS Maintenance in the form of introductory and individual lectures and seminars. Specific recommendations on the use of the historical facts considered during the classes are given.
Modern FPGAs play a very important role in designing of new soft CPUs and integrated systems-on-chips. Compared to an ASIC, FPGAs provide the highest degree of flexibility being almost fully application neutral. The price of such flexibility is higher usage of basic logic gates and decrease in circuit operating frequency caused by the use of switched interconnect fabric as opposed to fixed metal interconnect defined by masks at manufacturing for ASIC. However due to more regular and less complex FPGA structure they lead in terms of new IC manufacturing technologies adoption.
The concept of cybertrust as a crucial aspect of cyber security for public electronic interactions and, in particular, distance learning systems (DLSs), is introduced. This concept is the opposite of such well-known terms as cyberattacks and/or cyberespionage and it supports cyber security issues by providing legal significance of a public electronic document interchange. The possibility of cybertrust assurance in an e-Learning environment (ELE) is shown using two proposed methods of network time synchronization.
The purpose of this research is to find analytical functions for obtaining useful information of traffic flows properties such as capacity, average speed, queue and state (free or congested) for inhomogeneity «off-ramp» in the context of discrete dynamics. This work based on real empirical data collected by traffic detectors for long study period.
The paper considers efficient computational load distribution for the exact parallel algorithm for the knapsack problem based on packing tree search. We propose an algorithm that provides for static and dynamic computational load balancing for the problem in question.
The experience of preparing for the «Business Continuity and Information Security Maintenance» (BC&ISM) Masters’ program implementation and realization at the «Information Security of Banking Systems» Department of the National Research Nuclear University MEPhI (NRNU MEPhI, Moscow, Russia) is presented. Justification of the educational direction choice for BC&ISM professionals is given. The model of IS Master being trained on this program is described. The curriculum is presented.
We demonastrate experimental technique for generating spatially single-mode broadband biphoton field. The method is based on dispersive optical element which precisely tailors the structure of type-I SPDC frequency angular spectrum in order to shift different spectral components to a single angular mode. Spatial mode filtering is realized by coupling biphotons into a single-mode optical fiber.
The need to protect big data, particularly those relating to information security maintenance (ISM) of an enterprise’s IT infrastructure (ITI), and their processing is shown. Related worldwide experience of addressing big data ISM issues is summarized. An attempt to formulate a big data ISM problem statement is undertaken. An infrastructure for big data ISM is proposed. The importance of big data visualization is discussed.
We experimentally demonstrate quantum enhanced resolution in confocal fluorescence microscopy exploiting the nonclassical photon statistics of single nitrogen-vacancy color centers in diamond. By developing a general model of superresolution based on the direct sampling of the kth-order autocorrelation function of the photoluminescence signal, we show the possibility to resolve, in principle, arbitrarily close emitting centers.
The paper presents an analytical model to study the performance and availability of queueing systems with finite queue and two service phases. The first phase has the exponential distribution of service time, while the second one has the hyperexponential distribution. The analytical results obtained are verified using discrete-event simulation. A few numerical examples for varying the service rates and arrival rates are given. The results presented in the paper can be used for analysis of the intrusion detection and prevention systems (IDPS).
The paper presents two analytical models to study the performance and availability of queueing systems with the hypo exponential service time and finite queue. The analytical results obtained are verified using discrete-event simulation. A few numerical examples for varying number of service stages, service rates and arrival rates are given. The results presented in the paper can be used for analysis of MapReduce and multi-stage Big Data processing.
Big data analytics are very fruitful for solving problems in cybersecurity. We have analyzed modern trends in intelligent security systems research and practice and worked out a syllabus for a new university course in the area of data mining and machine learning with applications to cybersecurity. The course is for undergraduate and graduate students studying the cybersecurity. The main objective of the course is to provide students with fundamental concepts in data mining (in particular, mining frequent patterns, associations and correlations, classification, cluster analysis, outlier detection), machine learning (including neural networks, support vector machines etc.) and related issues, e.g. the basics of multidimensional statistics. Contrary to the traditional data mining and machine learning courses we illustrate course topics by cases from the area of cybersecurity including botnet detection, intrusion detection, deep packet inspection, fraud monitoring, malware detection, phishing detection, active authentication. We note that our course has great potential for development.
The purpose of this work is to show that the course, Mathematical Logic and Theory of Algorithms, lectured by the authors in National Research Nuclear University MEPhI (Moscow Engineering Physics Institute) is the mathematical background of the cryptology study. Bachelors and specialists information security teaching has to focus attention on the mathematical training, therefore a set of mathematical disciplines should stand before applied cryptography in the curriculum. Due to the rapid development of computer power and information communication, cryptographic techniques have change. Hence, the course of Mathematical Logic and Theory of Algorithms is not fixed and vice versa it is dynamically updated, since changes in cryptographic methods bring out a revision of the mathematical background.
Knapsack packing vector testing procedures for the parallel exhaustive search algorithm have been analyzed. Graphs of computational complexity to test a single knapsack vector have been obtained via experiment for different values of knapsack element sizes. Diagrams of load balancing have been obtained and analyzed for the case when lexicographic sequence is split into equal-length segments.
Keywords: knapsack problem, exhaustive search, parallel computing
One of the key steps at the decision of scientific problems in the field of information security is to create actual model of security threats and model of intruders. This paper describes a new method for the visual representation of the model of security threats and model of intruders, which simplifies the work of researchers at this stage, without reducing the quality of the results.
The main advantages of the proposed method are described. The scheme of software system that allows to implement the developed technique for constructing and displaying the threat model in information security in cloud-based information system is described too.
Keywords: Visual representation, Petri net, information system, cloud computing technology, threat model.
Searching for pseudorandom data is an important stage during forensic analysis. Existing approaches are based on verifying statistical properties of file contents by means of test suites for estimation of pseudorandom sequences. Some approaches are not adapted for work with file system and are time/resource consuming. The others have significant type I or II errors. That is why authors have conducted a research in this field and suggest an approach to estimate statistical properties of file contents by means of their visual representation. The approach was used for development of program for searching pseudorandom data. Its testing shows that type I error is reduced to zero and type II error for popular file formats is less than 1%.
Keywords: Pseudorandom data, encrypted data, density of distribution, compressed file formats, wavelet analysis.
The existing methods of data transmission via covert channels in IP networks and methods to counter them are analyzed and systematized. The focus is placed on direct and indirect covert channels resistant to many methods of detection and elimination. It has been concluded that the studies aimed at limiting the covert channel capacity without a significant reduction of the communication channel capacity are promising.
Keywords: Covert channels, storage channels, timing channels, packet data networks, capac.
During forensic expertise the searching for random data is an important step. Existing approaches are based on verification of statistical properties of file data by means of test suites that estimate properties of random sequences. Some tests are not adapted to file system and are resource and time consuming, others have significant type I and II error. That is why authors have conducted a research in this field and suggest a new approach to assess statistical properties of data contents by visualisation of it. This approach was used to develop a program which testing shows that type I error in searching for random data is reduced to zero and type II errors for widely spread file formats is less than 1%.
Keywords: Digital forensics; Conceal data; Random data; Statistical tests; Encrypted data; Assessment of uniformity; Localization of heterogeneity; Wavelet transform; Compressed file formats.
In this paper, we describe binary and multi-symbol packet length covert channels. Then we design a technique to estimate and limit their capacity. The method to choose parameters of counteraction tools is given, it takes into account an allowable value of covert channel capacity and error level. The novelty of the investigation undertaken is that the covert channel capacity is limited preliminary, whereas state of the art methods focus on detecting active IP covert channels.
The Future Internet and the Internet of Things (IoT) and clouds as its integral parts need a specialized theory for their information protection from different threats and intruders. The history and main results of research aimed at creating a scientific and methodological foundation of the Information Security Theory in Russia are examined. The discussion considers the formulation of the informal systems theory and approaches for creating the simulation models of information security (IS) maintenance (ISM) processes in conditions of incomplete and insufficiently reliable input data. The structure of a unified IS concept is proposed. Theoretical problems of designing an integrated information protection system’s functioning, including IS assessment methodology, methodology of defining requirements to ISM and methodology of creating information protection systems (IPSs) are described. Finally, the results of the IS theory development are summarized and areas of further research are outlined.
Paper deals with the problem of insider threat visualization. An insider threat classification is adduced, method of visualization of insider threats using system dynamics modeling is considered and forecasting behavioral models for threats of theft of intellectual property for business advantages alone and with accomplices are developed.
Key words: system dynamics, behavioral models, scientific visualization, imitation modeling, insider threat, intellectual property.
This paper describes a packet length network covert channel and violators possibilities to build such a channel. Then the technique to estimate and limit the capacity of such channel is presented. The calculation is based on the information theory statements and helps to diminish the negative effects of covert channels in information systems, e.g. data leakage.
Nowadays applications for big data are widely spread since IP networks connect milliards of different devices. On the other hand, there are numerous accidents of information leakage using IP covert channels worldwide. Covert channels based on packet size modification are resistant to traffic encryption, but there are some data transfer schemes that are difficult to detect. Investigation of the technique to limit the capacity of covert channels becomes topical as covert channels construction can violate big data security. The purpose of this work is to examine the capacity of a binary packet size covert channel when a traffic padding is generated.
This paper observes different methods for network covert channels constructing and describes the scheme of the packet length covert channel. The countermeasure based on random traffic padding generating is proposed. The capacity of the investigated covert channel is estimated and the relation between parameter of covert channel and counteraction tool is examined. Practical recommendation for using the obtained results are given.
В работе исследуются расстояния Хемминга от подстановок степени n = wr до объединения всех групп Sw ≀ Sr с фиксированными параметрами w, r и объединения всех таких групп с произвольными нетривиальными параметрами w, r. Приведены расстояния от известных s-боксов до некоторых сплетений групп.
Ключевые слова: система импримитивности, линейные структуры, метрические пространства, расстояния от подстановки до импримитивной группы, сплетение.