The article describes the current state of information security problems and the development of information security. It is shown that the main direction of modern cryptographic protection of information is protected. About analyzed main advantages, disadvantages and the prospects of the development cryptographic protect electronic information.
Keywords: cryptography, information security, algorithm.
Cryptography (or cryptology; from greek kryptós, «hidden, secret»; and graphein, «writing») is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). More generally, it is about constructing and analyzing protocols that block adversaries; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, and electrical engineering.
Cryptography prior to the modern age was effectively synonymous with encryption, the conversion of information from a readable state to apparent nonsense. The originator of an encrypted message shared the decoding technique needed to recover the original information only with intended recipients, thereby precluding unwanted persons to do the same. Since World War I and the advent of the computer, the methods used to carry out cryptology have become increasingly complex and its application more widespread.
Nowadays, billions of dollars are spent on computer security, and most of it is wasted on insecure products. After all, weak cryptography looks the same on the shelf as strong cryptography. Two e-mail encryption products may have almost the same user interface, yet one is secure while the other permits eavesdropping. A comparison chart may suggest that two programs have similar features, although one has gaping security holes that the other doesn't. An experienced cryptographer can tell the difference. Cryptography helps provide accountability, fairness, accuracy, and confidentiality. It can prevent fraud in electronic commerce and assure the validity of financial transactions. It can protect your anonymity or prove your identity. It can keep vandals from altering your electronic information and prevent industrial competitors from reading your confidential documents. And in the future, as commerce and communications continue to move to computer networks, cryptography will become more and more vital.
The people who break cryptographic systems don't follow rules; they cheat. They can attack a system using techniques the designers never thought of. Art thieves have burgled homes by cutting through the walls with a chain saw. Home security systems, no matter how expensive and sophisticated, won't stand a chance against this attack. Computer thieves come through the walls too. They steal technical data, bribe insiders, modify software, and collude. The odds favor the attacker: defenders have to protect against every possible vulnerability, but an attacker only has to find one security flaw to compromise the whole system.
Present-day computer security is a house of cards; it may stand for now, but it can't last. Many insecure products have not yet been broken because they are still in their infancy. But when these products are widely used, they will become tempting targets for criminals. The press will publicize the attacks, undermining public confidence in these systems. Ultimately, products will win or lose in the marketplace depending on the strength of their security.
What cryptography can and can't do? No one can guarantee 100 % security. But we can work toward 100 % risk acceptance. Fraud exists in current commerce systems: cash can be counterfeited, checks altered, credit card numbers stolen. Yet these systems are still successful because the benefits and conveniences outweigh the losses. Privacy systems -wall safes, door locks, curtains — are not perfect, but they're often good enough. A good cryptographic system strikes a balance between what is possible and what is acceptable.
Strong cryptography can withstand targeted attacks up to a point — the point at which it becomes easier to get the information some other way. A computer encryption program, no matter how good, will not prevent an attacker from going through someone's garbage. But it can prevent data-harvesting attacks absolutely; no attacker can go through enough trash to find every AZT user in the country.
Modern information security requires constant improvement of the system in accordance with an increase in the risk of information leakage. This process is continuous and is to implement modern methods and ways to improve the information security systems, continuous monitoring, identify its weaknesses and potential channels of information leakage. Continuous improvement of systems due to the emergence of new ways of accessing information from the outside. [1]
The role of information security in the organizational system of security measures determined by the timeliness and accuracy of management's managerial decisions, taking into account the available resources, techniques and methods of information security, also on the basis of existing regulatory guidance documents [2].
Modern information security is characterized by such methods:
- cryptographic protection of varying degrees of confidentiality in the transmission of information;
- management of information flows, both in the local network and the transmission channels of communication at various distances;
- the use of accounting mechanisms of access attempts from outside events in the information system and printed documents;
- ensuring the integrity of software and information;
- introduction of modern recovery tools for information security;
- the implementation of physical protection and accounting of equipment and magnetic media;
- the creation of special information security services.
Solution to the problems of protection of electronic information is based mainly on the use of cryptographic techniques. While modern methods of cryptographic transformations preserve the original performance of the automated system, which is important. This is the most effective way of ensuring data confidentiality, integrity and authenticity. The use of cryptographic techniques in conjunction with the technical and organizational measures provide protection against a broad spectrum of threats.
As a result, accessibility of information on the internet, revealed the weakness of the traditional mechanisms and the backlog of application of modern methods of protection. Cryptography extends the protection of information and ensures its security in the network. Strategically correct solution to the problem of information security is the use of the achievements of cryptography [2].
Design — the cornerstone of cryptography as a science, and it is very specific. In cryptography entwined several branches of mathematics: number theory, complexity theory, information theory, probability theory, abstract algebra, formal analysis. Few understand this science, and half-knowledge — is a dangerous thing: inexperienced cryptographers almost always develop flawed system. Good cryptographers know that nothing can replace the extensive expert work and many years of practical cryptanalysis. Quality Systems are published and mastered algorithms and protocols used in the design of unpublished or untested elements is at least risky. [1]
Development of a cryptographic system — it is also an art. The designer must strike a balance between security and accessibility, anonymity and accountability, privacy and fitness. Science alone cannot guarantee safety, only experience and intuition, they are born, cryptography can help in designing new safety systems and finding defects in the existing.
A great gulf separates the mathematical algorithm on the specific implementation in hardware or software. Design cryptosystems extremely fragile. The mere fact that the protocol is safe from the point of view of logic, does not mean that it will remain as such, when the designer will begin to develop the structure of messages and sending data. Arbitrarily accurate approximation is not enough, all of these systems to be implemented literally and completely, otherwise it will not work. Poorly designed interface can make the program encryption hard drive completely unreliable. Unrealistic expectations about the impossibility of forgery equipment can lead to complete failure of e-commerce systems. Since these defects are apparent in testing, they pass into finished products. Many defects in implementation are not described in the scientific literature, as they are technically uninteresting. Therefore, they migrate from product to product. Under the pressure of the budget deficit and the time programmers use bad random number generators do not check properly error conditions and keep sensitive information in public files. The only way to learn how to avoid these errors is to re-design and re-break and security [2].
No matter how much has been done, none of the sciences is not going to stay in its development. And in the field of cryptology constantly under investigation. Part of the operations related to cryptanalysis — verification issues resistance algorithms and search methods to crack the world's leading cryptographers involved. But do not stop, and efforts to create new methods to protect the information.
Despite the fact that the existing cryptographic algorithms are capable of providing a sufficiently high level of security to protect your data from any opponent for hundreds of years, the new codes continue to appear. So relatively recently there was a group of decent algorithms become finalists AES. Many security systems are broken by the people who use them. Most fraud against commerce systems is perpetrated by insiders. Honest users cause problems because they usually don't care about security. They want simplicity, convenience, and compatibility with existing (insecure) systems.
Often the hardest part of cryptography is getting people to use it. It's hard to build a system that provides strong authentication on top of systems that can be penetrated by knowing someone's mother's maiden name. Security is routinely bypassed by store clerks, senior executives, and anyone else who just needs to get the job done. Only when cryptography is designed with careful consideration of users' needs, and then smoothly integrated, can it protect their systems, resources, and data.
References:
1. Bruce Schneier — the article «Why cryptography is harder than it looks» (the magazine «Computer» № 34 September 10, 1998)
2. Sergey Barichev «The main issue cryptography» (magazine «CIO» № 5 May 17, 2005)