Information security Information security (sometimes InfoSec) is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc...)
Basic terms IT Security (sometimes computer security) is information security when applied to technology (most often some form of computer system). IT security specialists are responsible for keeping all of the technology within the company secure from malicious cyber attacks that often attempt to breach into critical private information or gain control of the internal systems.
Basic terms Information Assurance = The act of ensuring that data is not lost when critical issues arise. These issues include but are not limited to; natural disasters, computer/server malfunction, physical theft, or any other instance where data has the potential of being lost. One of the most common methods of providing information assurance is to have an off-site backup of the data
Basic terms The CIA triad (confidentiality, integrity and availability) is one of the core principles of information security. Confidentiality refers to preventing the disclosure of information to unauthorized individuals or systems. Integrity means that data cannot be modified undetectably. The information must be available when it is needed (the computing systems used to store the information, the security controls are used to protect it, and the communication channels are used to access it, and it all must be functioning correctly).
Coding and encryption Are the terms “coding” and “encryption” synonyms?
Coding and encryption Coding changes the form, but leaves the same content. For reading we must know the algorithm and coding table Encryption may leave the old form, but changes, masks the contents. In order to read it is not enough to know only the algorithm, we must know the key Transformation of information
Coding Code is a rule of conformity of the characters of a set X to characters of another set Y. Coding (encoding) is the process of converting characters (words) of the alphabet X to the characters (words) of the alphabet Y.
Coding If for each character X it corresponds a separate character Y, then it is called coding. If for each character Y it is uniquely found on some rule his prototype X, then it is called decoding.
Coding Example If each color is coded: by 2 bits, then we can code not more then 2 2 = 4 colors, by 3 bits, then we can code not more then 2 3 = 8 colors, by 8 bits (= 1 byte), then we can code not more then 256 color.
Encryption Open text is a message, the text of which is necessary to make incomprehensible for outsiders. Cipher is a set of invertible transformations of the set of the possible open data into the set of possible ciphertext carried out according to certain rules with the use of keys.
Encryption Encryption is the process of applying the cipher to the protected information, i.e. the transformation of the protected information in an encrypted message with the help of certain rules contained in the cipher.
Encryption Original message: “A” Encrypted message: “B” Rule for encryption: “f” Encrypting scheme: f(A)=B The encryption rule “f” cannot be arbitrary. It should be such that having the encrypted text “B” we could uniquely recover the open message using the rule “g”.
Encryption Decryption is the process of reversing the encryption, i.e. the conversion of encrypted messages in the original information with the help of certain rules contained in the cipher. Rule for decryption: “g” Decrypting scheme: g(B)=A
Encryption Key is a specific secret status of a particular parameter (parameters), providing a choice of one transformation among all possible transformations for the encryption. Key is an interchangeable element of the cipher.
Encryption If “k” is a key, then f(k(A)) = B For each key “k”, the transformation f(k) should be reversible, that is, g(k(B)) = A
The difference between coding and encryption There is not a secret key while coding, as the coding aims to only a more concise and compact presentation of the message.
Cryptology is a field of secret communications Cryptography The science about the creation of ciphers Cryptology «cryptos» - secret «logos» - word Cryptanalysis The science about the opening of ciphers
Classification of crypto algorithms The basic scheme of classification: Cryptogram and Cryptography with a key By the nature of the key: Symmetric and Asymmetric By the nature of the impacts on the data: Permutation and Substitution Depending on the size of the block of information: Stream and Block
Symmetric cryptography If in a process of exchanging information we use the same key for the encryption and the decryption of information, then this cryptographic process is called symmetric.
Disadvantages of symmetric encryption The necessity in a secure communication channel for transferring the key. Example: Let us consider the payment of the client's goods or services by a credit card. The trading company must create one key for each customer and somehow give them the keys. It is very inconvenient.
Asymmetric cryptography It is used two keys: public and private. In fact it is like two halves of one whole key associated with each other
Asymmetric cryptography The keys are working so that a message encrypted by the one half of the key, can be decrypted only by the other half of the key (not by that one, which it was encoded). Creating a pair of keys, the company widely distributes the public key and securely stores the secret key.
Asymmetric cryptography Public key and private key constitute a certain sequence. The public key can be published on the server, from where everyone can get it. If the client wants to make an order in a company, he must take the public key and use it to encrypt the message about his order and his credit card. After encrypting this message can be read only by the owner of the private key. None of the actors in the chain, in which the information is transferring, can do that. Even the sender can't read his own message. Only the recipient can read the message, because only he has the secret key, supplementing the used public key.
Asymmetric cryptography Example: If a company have to send to the client a receipt that the order is accepted for execution, then it encrypts this receipt by the private key. The client is able to read the receipt, using the public key of that company. The client can be sure that the receipt was sent by that company, because nobody else has an access to the private key.
The principle of the adequacy of the protection There is no need to hide the public key for encryption algorithms. Usually it is accessible, often it is widely published. The knowledge of the algorithm does not yet mean the possibility to reconstruct the key in a reasonable time.
The principle of the adequacy of the protection The protection of information is considered sufficient if the cost of its overcoming exceeds the expected value of the information itself. The protection is not absolute and the methods of its overcoming are known, but it is still sufficient to make this event inappropriate. When the other means to get the encrypted information in a reasonable time appear, then the principle of the algorithm is changing, and the problem is repeated at a higher level.
Cryptanalysis The search of the secret key is produced not only by the method of simple exhaustive search. There are special methods for this purpose, they are based on the study of the peculiarities of interaction between the public key and the specific data structures. The area of science, dedicated to these researches, is called cryptanalysis.
Cryptanalysis The average time required for the reconstruction of the private key on the published public key, is called crypto resistance of the encryption algorithm.
Cryptanalysis In Russia for using in state and commercial organizations only those encryption software products are permitted, which have passed the state certification, in particular, in the Federal Agency for government communications and information of the President of Russian Federation.
Electronic signature The client gives instructions to the bank about the transfer of his money on the accounts of other persons and organizations. However, how can the bank know that the instruction was received by that client, not by some attacker? This problem is solved with the help of the electronic signature.
Electronic signature While creating an electronic signature two keys are created: public and private. The public key is transmitted to the bank. Now you have to send an order to the Bank for the operation with a current account, it is encrypted with the public key of the Bank, and the signature is encrypted with the secret key. The Bank does vice versa. If the signature can be read then it is 100% proof of the authorship of the sender.
The principle of Kirchhoff All modern cryptosystems are built on the principle Kirchhoff: the secrecy of encrypted messages is determined by the secrecy of the key. Even if the encryption algorithm is known to a cryptanalyst, nevertheless he won’t be able to decrypt the message without the relevant key.
The principle of Kirchhoff All classical ciphers correspond to this principle and designed in such a way that there is no way to break them only by the exhaustive search of the whole key space, that is, by the trying all possible key values. It is clear that the resistance of such codes is determined by the amount of the used key.