Technologies of virtual secure networks VPN. How to protect transmitted information

Andrey Subbotin The material is reproduced with the permission of the editor.

Currently, there is a sharp increase in the volume of information (including confidential) transmitted through open communication channels. Via regular telephone channels, interaction is carried out between banks, brokerage houses and exchanges, remote branches of organizations, and securities trading is carried out. Therefore, the problem of protecting transmitted information is becoming increasingly urgent. Despite the fact that specific implementations of information security systems may differ significantly from each other due to differences in processes and data transfer algorithms, all of them must provide a solution to the triune task:

    confidentiality of information (its availability only to those for whom it is intended);

    integrity of information (its reliability and accuracy, as well as the protection of its intentional and unintentional distortions);

    availability of information (at any time when it is needed).

The main directions for solving these problems are non-cryptographic and cryptographic protection. Non-cryptographic protection includes organizational and technical measures to protect objects, reduce the level of dangerous radiation and create artificial interference. Due to the complexity and scope of this topic, non-cryptographic protection will not be considered within the framework of this article.

Cryptographic protection is in most cases more effective and cheaper. Confidentiality of information is ensured by encrypting transmitted documents or all work traffic.

The first option is easier to implement and can be used to work with almost any email transmission system. The most commonly used encryption algorithms are DES, RSA, GOST 28147-89, Vesta-2.

The second option can only be used in specially designed systems, and in this case a high-speed algorithm is required, since it is necessary to process information flows in real time. This option can be considered more secure than the first, since not only the transmitted data is encrypted, but also the accompanying information, which usually includes data types, sender and recipient addresses, travel routes and much more. This approach significantly complicates the task of introducing false information into the system, as well as duplicating previously intercepted genuine information.

The integrity of information transmitted over open communication channels is ensured by the use of a special electronic signature, which makes it possible to establish the authorship and authenticity of the information. Electronic signature is currently widely used to confirm the legal significance of electronic documents in such information exchange systems as Bank - Bank, Bank - Branch, Bank - Client, Exchange - Brokerage office, etc. The most common electronic signature algorithms include the following , like RSA, PGP, ElGamal.

The availability of information in most cases is ensured by organizational and technical measures and the installation of special fault-tolerant equipment. The choice of one or another cryptographic transformation algorithm is usually associated with great difficulties. Let us give some typical examples.

Let’s assume that the developer of the protection system claims that he has fully implemented the requirements of GOST 28147-89. This GOST has been published, but not in full. Some special cryptographic substitutions, on which its cryptographic strength significantly depends, have not been published. Thus, you can be sure of the correct implementation of GOST only if you have a FAPSI certificate, which most developers do not have.

The developer of the security system reports that he has implemented the RSA algorithm. However, he is silent about the fact that the implementation must be licensed by RSA Data Security Inc. (US Patent #4,405,829). Moreover, the export from the United States of RSA implementations with a key length of more than 40 bits is prohibited (the cryptographic strength of such a key is estimated by experts to be approximately several days of operation of a regular computer with a Pentium processor).

The developer of the security system reports that it implements the PGP algorithm, which is widely used in our country thanks to its source codes that were distributed free of charge through the US BBS until 1995. There are two problems here. The first is that the electronic signature is made on the basis of the RSA algorithm and, from the point of view of copyright protection, must also be licensed by RSA Data Security Inc. Secondly, distributed programs are insensitive to interference in their work, therefore, using a special cryptovirus, you can easily obtain a secret key for generating an electronic signature.

In conclusion, I would like to note with regret that in our country there is practically no regulatory and methodological framework with the help of which one could reasonably compare the proposed information security systems and select the most optimal solutions.

14.09.2006 Mark Joseph Edwards

Which method is optimal for your conditions? Transferring files over the Internet is a very common operation, and protecting the transferred files is of utmost importance to many businesses. There are a number of ways to transfer files and many methods to protect those files during the transfer process.

Which method is optimal for your conditions?

Transferring files over the Internet is a very common operation, and protecting the transferred files is of utmost importance to many businesses. There are a number of ways to transfer files and many methods to protect those files during the transfer process. The choice of transmission and encryption methods depends on the overall needs of the sender. In some cases, it is enough to simply ensure the security of files during the transfer process. In others, it is more important to encrypt files in such a way that they remain protected even after delivery to the recipient. Let's take a closer look at ways to transfer files securely.

On the way and upon arrival

If your intentions are limited to protecting files as they are transmitted over the Internet, you need secure transport technology. One option is to use a Web site that can accept files sent to it and allows you to download those files securely. To securely transport files to a Web site, you can create a Web page that is equipped with Secure Sockets Layer (SSL) and hosts an ActiveX control or Javascript script. For example, you can use the AspUpload control from Persitis Software; the developers claim that it is “the most advanced management of file transport to central nodes available on the market.” Another option is to use the Free ASP Upload script, which does not require a binary component. To provide additional security, you can even password protect both the Web page and the associated directory for posting materials received on the site. When it comes to downloading files from a Web site, you just need to make sure that the Web server in question provides an SSL connection, at least for the URL that is used to download the files.

An alternative option is to use an FTP server that provides data transfer using the FTP Secure protocol. Essentially, FTPS is an FTP protocol running over a secure SSL connection. The ability to use the FTPS protocol is provided in many popular FTP clients, but, unfortunately, it is not implemented in Microsoft's FTP Service. Therefore, you will have to use an FTP server application that provides this capability (for example, the popular WFTPD product). Don't confuse FTPS with the SSH File Transfer Protocol. SFTP is a file transfer protocol that runs on top of Secure Shell (SSH); In addition, it can be used to transfer files. However, keep in mind that SFTP is not compatible with traditional FTP, so in addition to a secure shell server (say, one provided by SSH Communications Security), you will need a special SFTP client (this could be the client included in the PuTTY Telnet/ Secure Shell or WinSCP with GUI).

In addition, secure file transfer can be organized using VPN virtual private networks. Windows Server platforms provide compatibility with VPN technology through RRAS. However, this does not guarantee compatibility with your partners' VPN solutions. If this compatibility is not available, you can use one of the widely used solutions, such as the open source Open-VPN tool. It is free and runs on a range of platforms, including Windows, Linux, BSD, and Macintosh OS X. For more information about OpenVPN integration, see Working with OpenVPN ( ).

By establishing a VPN connection, you can allocate directories and transfer files in both directions. Whenever you use a VPN, traffic is encrypted, so there is no need for additional file encryption - unless you want the files to remain secure on the system they are transferred to. This principle applies to all the transmission methods I have mentioned so far.

If you are comfortable with the transfer phase and your main concern is to prevent unauthorized users from accessing the contents of your files, it may be advisable to simply encrypt your files before transporting them. In this case, email is likely to be an effective file transfer channel. Email applications are installed on almost every desktop system, so if you send files via email, you don't need to use any additional technology beyond data encryption. The email file transfer method is effective because messages and attachments typically arrive directly in the recipient's mailbox, although the message may pass through multiple servers during the transfer process.

If you still require additional security for your data as it travels over email, consider using SMTP Secure (SMTPS) and POP3 Secure (POP3S). Essentially, SMTPS and POP3S are regular SMTP and POP3 protocols running over a secure SSL connection. Microsoft Exchange Server, like most email clients, including Microsoft Outlook, provides the ability to use the SMTPS and POP3S protocols. Keep in mind that even when the SMTPS protocol is used to exchange files between the mail client and the mail server, it is still possible that the mail server will deliver mail to the final recipient through a regular, unsecured SMTP connection.

Since email processing tools have become so widespread, the remainder of this article will primarily discuss the issues of secure file transfer over email channels. In doing so, we will assume that the sender needs to encrypt the data to protect it both during transmission and after delivery. So, let's look at the most popular email encryption technologies today.

File compression tools

There are many means of compressing files into a single archive file, and many of the proposed solutions involve the use of some form of encryption to protect the contents of the archive. Typically, a password is set during the compression process, and anyone who wants to open the archive can only do so using the given password.

One of the most popular methods for creating archives of compressed files is the zip compression method; Almost all archivers support it. And one of the most common zip compression tools today is the WinZip application. It can be used as a standalone program, built into Windows Explorer for easy access, or integrated with the Outlook client using the WinZip Companion for Outlook module. WinZip, like many other zip-equipped archivers, provides the ability to encrypt using the Zip 2.0 Encryption method. But it must be said that protecting files using this method is not reliable enough. A more acceptable encryption option is implemented in WinZip 9.0. As Figure 1 shows, WinZip now supports the Advanced Encryption Standard (AES) specification, which uses either 128-bit or 256-bit encryption keys. AES is a relatively new technology, but it is already considered an industry standard.

Screenshot 1: WinZip supports the AES specification

I cannot say exactly how many archivers provide the use of strong encryption algorithms using AES, and I will limit myself to mentioning one such application; This is a product bxAutoZip developed by BAxBEx Software. It is able to interact with BAxBEx's CryptoMite encryption program and can be embedded in Outlook. While WinZip only allows you to encrypt data using Zip 2.0 and AES, CryptoMite provides the ability to use a number of other encryption tools, including the popular Twofish and Blowfish algorithms, Cast 256, Gost, Mars and SCOP.

Almost all computer systems are already equipped with tools for unpacking zip files, but not all zip applications provide compatibility with various encryption algorithms. Therefore, before sending encrypted files, you need to make sure that the recipient's zip application “understands” the selected algorithm.

When encrypting files using zip applications, security passwords are used. To decrypt an archive file, the recipient must also use the appropriate password. Care must be taken when choosing a password delivery method. Probably the most secure methods of delivering a password are by telephone, fax or courier. You can choose any of them, but under no circumstances should you send the password via email in plain text; in this case, the danger that an unauthorized user will gain access to the encrypted file increases sharply.

Don't forget that archivers equipped with encryption tools provide file transfer not only through email channels. They can be effectively used to transport data using the other methods mentioned above.

Pretty Good Privacy

Another extremely popular encryption method can be implemented using Pretty Good Privacy. PGP made a splash when Phil Zimmerman first published it for free on the Internet in 1991. PGP became a commercial product in 1996, and then the rights to it were purchased by Network Associates (NAI) in 1997. In 2002, this technology was acquired from NAI by a young company called PGP Corporation.

PGP Corporation has since sold a commercial version of PGP that runs on Windows and Mac OS X. The current version of PGP 9.0, which provides individual file encryption and full disk encryption, can be built into AOL Instant Messenger (AIM). In addition, PGP 9.0 integrates with products such as Outlook, Microsoft Entourage, Lotus Notes, Qualcomm Eudora, Mozilla Thunderbird and Apple Mail.

PGP uses a public key encryption system that generates a pair of encryption keys - a public key and a private key. These two keys are mathematically related in such a way that data encrypted with the public key can only be decrypted with the private key. The PGP user generates a public key-private key pair and then publishes the public key to a public key directory or Web site. The secret key, of course, is not published anywhere and is kept secret; it is used only by its owner. When decrypting data using a private key, a password is required, but when encrypting data using a public key, this is not required because public keys can be used by anyone.

To make the PGP system easier to use, its developers have implemented a function to automatically poll public key directories. This function allows you to enter a user's email address into the search bar and find his public key. PGP provides the ability to automatically read public keys, which can be stored locally on your system in a special file-based “keyring” for ease of access. By querying a directory of public keys, PGP allows you to always keep the most recent versions of them in a “bundle.” If a user changes their public key, you can access the updated key any time you need it.

To provide stronger guarantees of the authenticity of public keys, digital signatures can be used using the keys of other users. Signing the key by another user serves as additional confirmation that the key actually belongs to the person claiming to be its owner. To validate a key using a digital signature, PGP performs a mathematical operation and adds its unique result to the key. The signature can then be verified by comparing it with the signing key that was used to create the signature. This process resembles the process of one person confirming the identity of another.

PGP is trusted by many because it has long established a reputation in the industry as a reliable technology for protecting information. However, if you decide to use PGP or another public key encryption method, remember that the recipients of your files must also have compatible encryption systems. One of the advantages of PGP when using email as a data transmission channel is that it supports its own encryption model, as well as X.509 and S/MIME technologies, which I will discuss later.

In addition, one more point should be noted. Regardless of whether you plan to use PGP, WinZip, or another encryption system, if you want to encrypt the contents of the message itself in addition to encrypting attached files, you will need to write the message to a separate file and encrypt it too. If desired, this message file can be placed in the archive along with other files or attached as an attachment file.

PKI

Public Key Infrastructure (PKI) is unique, but the principle of its operation is somewhat reminiscent of the principle of PGP. PKI involves the use of a pair of keys - public and secret. To encrypt data sent to the recipient, senders use the recipient's public key; Once the data is delivered to the recipient, he decrypts it using his private key.

Screen 2: Viewing Certificate Contents

One major difference is that in PKI, the public key is typically stored in a data format known as a certificate. Certificates can contain much more information than regular keys. For example, certificates usually contain an expiration date, so we know when the certificate and its associated key will no longer be valid. In addition, the certificate may include the key owner's name, address, telephone number, and other information. Figure 2 shows the contents of the certificate as it appears in Microsoft Internet Explorer (IE) or Outlook. To a certain extent, the contents of the certificate depend on what data the owner wishes to place in it.

Like PGP, PKI allows the formation of "chains of trust" in which certificates can be signed using the certificates of other users. Moreover, Certificate Authorities (CA) have appeared. These are trusted independent organizations that not only issue their own certificates, but also sign other certificates, thereby guaranteeing their authenticity. As with PGP and its associated key servers, certificates can be published to public or private certificate servers or LDAP servers, sent via email, and even hosted on a Web site or file server.

To provide automatic certificate authentication, developers of email clients and Web browsers usually equip their programs with tools for interacting with certificate authority servers. During this process, you will also be able to obtain information about the revocation of a certificate for one reason or another and, accordingly, make a conclusion that this certificate can no longer be trusted. Of course, you sometimes have to pay for the services of certification authorities to provide and certify certificates; prices may vary depending on the chosen certification authority. Some organizations provide customers with free personal certificates via email, while others charge a significant fee for this.

PKI is based on the X.509 specification (derived from the LDAP X specification). Therefore, certificates issued by one authority (including certificates you generate for yourself) can usually be used across a range of platforms. It is only necessary that these platforms are compatible with the X.509 standard. You can generate certificates yourself using any of the available tools, such as OpenSSL.

If your organization uses Microsoft Certificate Services, you can request a certificate through that service. In Windows Server 2003 and Windows 2000 Server environments, this process should proceed approximately the same. You should open the certificate server Web page (usually located at http://servername/CertSrv), then select Request a Certificate. On the next page you need to select the User certificate request element and follow the Webmaster's instructions until the process is completed. If the certificate service is configured in such a way that administrator approval is required to issue a certificate, the system will notify you about this with a special message, and you will have to wait for the administrator's decision. In other cases, you will eventually see a hyperlink that will allow you to install the certificate.

Some independent certificate authorities, such as Comodo Group's Thwate and InstantSSL, offer free personal email certificates to users; this is an easy way to get certificates. In addition, such certificates will already be signed by the authority that issued them, which will facilitate verification of their authenticity.

When it comes to using PKI to send encrypted data using an email program, the Secure MIME (S/MIME) specification comes into play. Outlook, Mozilla Thunderbird, and Apple Mail are just a few examples of email applications that can use this protocol. To send an encrypted email message (with or without attachments) to a recipient, you must have access to the recipient's public key.

To obtain another user's public key, you can view the key information on the LDAP server (unless the key is published using the LDAP protocol). Another option: you can ask this person to send you a message with a digital signature; As a rule, when delivering a signed message to the recipient, email clients equipped with S/MIME capabilities attach a copy of the public key. Or you can simply ask the person you are interested in to send you a message with a public key attached to it. You can later store this public key in the key management interface that comes with your email client. Outlook integrates with Windows' built-in Certificate Store. If you need to use the public key, it will always be at hand.

Sender-based encryption

Voltage Security has developed a new technology - identity-based encryption (IBE). In general, it is similar to PKI technology, but has an interesting feature. IBE uses a private key to decrypt messages, but does not use a regular public key during the encryption process. IBE provides for the use of the sender's email address as such a key. Thus, when sending an encrypted message to the recipient, the problem of obtaining his public key does not arise. All you need is the person's email address.

IBE technology involves storing the recipient's secret key on a key server. The recipient confirms his access rights to the key server and receives a secret key, with which he decrypts the contents of the message. IBE technology can be used by users of Outlook, Outlook Express, Lotus Notes, Pocket PC, and Research in Motion (RIM) BlackBerry. According to representatives of Voltage Security, IBE also runs on any browser-based email systems running almost any operating system. It is likely that such universal Voltage Security solutions are exactly what you need.

It is noteworthy that IBE technology is used in FrontBridge Technologies products as a means of facilitating the secure exchange of encrypted email messages. You probably already know that in July 2005, FrontBridge was acquired by Microsoft, which plans to integrate FrontBridge solutions with Exchange; It may not be long before a combination of these technologies is offered to consumers as a managed service. If your organization and your partners' email systems are based on Exchange, keep an eye on developments in this area.

All things considered

There are many ways to securely transfer files over the Internet, and undoubtedly the simplest and most effective of them is provided by email. Of course, those who have to exchange large numbers of files that make up large amounts of data may want to consider using other methods.

Careful consideration should be given to how many files you will transfer, how large they are, how often you will need to transfer the files, who should have access to them, and how they will be stored where they are received. Taking these factors into account, you can choose the best method for transferring files.

If you decide that email is your best option, keep in mind that many email servers and email clients can run scripts or perform certain rules-based actions when mail arrives. Using these functions, you can automate the movement of files both along the route on mail servers and when files arrive in your mailbox.

Mark Joseph Edwards is a senior editor at Windows IT Pro and author of the weekly Security UPDATE email newsletter ( http://www.windowsitpro.com/email). [email protected]



In the context of growing integration processes and the creation of a single information space in many organizations, LANIT proposes to carry out work to create a secure telecommunications infrastructure connecting remote offices of companies into a single whole, as well as ensuring a high level of security of information flows between them.

The technology used for virtual private networks makes it possible to unite geographically distributed networks using both secure dedicated channels and virtual channels passing through global public networks. A consistent and systematic approach to building secure networks involves not only protecting external communication channels, but also effectively protecting internal networks by isolating closed internal VPN loops. Thus, the use of VPN technology allows you to organize secure user access to the Internet, protect server platforms and solve the problem of network segmentation in accordance with the organizational structure.

Protection of information during transmission between virtual subnets is implemented using asymmetric key algorithms and electronic signatures that protect information from forgery. In fact, data to be transmitted intersegmentally is encoded at the output of one network and decoded at the input of another network, while the key management algorithm ensures its secure distribution between end devices. All data manipulations are transparent to applications running on the network.

Remote access to information resources. Protection of information transmitted over communication channels

When interconnecting between geographically remote company objects, the task arises of ensuring the security of information exchange between clients and servers of various network services. Similar problems occur in wireless local area networks (WLAN), as well as when remote subscribers access the resources of a corporate information system. The main threat here is considered to be unauthorized connection to communication channels and interception (listening) of information and modification (substitution) of data transmitted through channels (mail messages, files, etc.).

To protect data transmitted over these communication channels, it is necessary to use appropriate cryptographic protection tools. Cryptographic transformations can be carried out both at the application level (or at the levels between application protocols and the TCP/IP protocol) and at the network level (conversion of IP packets).

In the first option, encryption of information intended for transportation via a communication channel through an uncontrolled territory must be carried out at the sending node (workstation - client or server), and decryption - at the recipient node. This option involves making significant changes to the configuration of each interacting party (connecting cryptographic protection means to application programs or the communication part of the operating system), which, as a rule, requires large costs and installation of appropriate protection means on each node of the local network. Solutions for this option include the SSL, S-HTTP, S/MIME, PGP/MIME protocols, which provide encryption and digital signature of email messages and messages transmitted using the http protocol.

The second option involves installing special tools that carry out crypto-transformations at the points of connection of local networks and remote subscribers to communication channels (public networks) passing through uncontrolled territory. When solving this problem, it is necessary to ensure the required level of cryptographic data protection and the minimum possible additional delays during their transmission, since these tools tunnel the transmitted traffic (add a new IP header to the tunneled packet) and use encryption algorithms of different strengths. Due to the fact that the tools that provide crypto-transformations at the network level are fully compatible with any application subsystems running in the corporate information system (they are “transparent” to applications), they are most often used. Therefore, in the future we will dwell on these means of protecting information transmitted over communication channels (including over public networks, for example, the Internet). It is necessary to take into account that if cryptographic information protection means are planned for use in government agencies, then the issue of their choice should be decided in favor of products certified in Russia.

JSC "VOLGA UNIVERSITY NAMED AFTER V.N. TATISHCHEV"

FACULTY OF INFORMATION SCIENCE AND TELECOMMUNICATIONS

Department of Informatics and Control Systems

COURSE WORK

in the discipline: “Methods and means of protecting computer information”

subject: " Protection of communication channels»

IS-506 group student

Utyatnikov A.A.

Teacher:

M.V. Samokhvalova

Togliatti 2007

Introduction

Protection of information in communication channels and creation of secure telecommunication systems

Remote access to information resources. Protection of information transmitted over communication channels

1 Solutions based on certified crypto gateways

2 Solutions based on the IPSec protocol

Information security technologies in information and telecommunication systems (ITS)

Conclusion

Introduction

Protection (security) of information is an integral part of the general problem of information security, the role and significance of which in all spheres of life and activity of society and the state is steadily increasing at the present stage.

Production and management, defense and communications, transport and energy, banking, finance, science and education, and the media increasingly depend on the intensity of information exchange, completeness, timeliness, reliability and security of information.

In this regard, the problem of information security has become a subject of acute concern for heads of government bodies, enterprises, organizations and institutions, regardless of their organizational, legal forms and forms of ownership.

The rapid development of computer technology has opened up unprecedented opportunities for humanity to automate mental work and led to the creation of a large number of various kinds of automated information, telecommunications and control systems, and to the emergence of fundamentally new, so-called information technologies.

When developing approaches to solving the problem of computer and information security, one should always proceed from the fact that protecting information and a computer system is not an end in itself. The ultimate goal of creating a computer security system is to protect all categories of subjects directly or indirectly involved in information interaction processes from causing them significant material, moral or other damage as a result of accidental or intentional impacts on information and systems for its processing and transmission.

1. Protection of information in communication channels and creation of secure

telecommunication systems

In the context of growing integration processes and the creation of a single information space in many organizations, LANIT proposes to carry out work to create a secure telecommunications infrastructure connecting remote offices of companies into a single whole, as well as ensuring a high level of security of information flows between them.

The technology used for virtual private networks makes it possible to unite geographically distributed networks using both secure dedicated channels and virtual channels passing through global public networks. A consistent and systematic approach to building secure networks involves not only protecting external communication channels, but also effectively protecting internal networks by isolating closed internal VPN loops. Thus, the use of VPN technology allows you to organize secure user access to the Internet, protect server platforms and solve the problem of network segmentation in accordance with the organizational structure.

Protection of information during transmission between virtual subnets is implemented using asymmetric key algorithms and electronic signatures that protect information from forgery. In fact, data to be transmitted intersegmentally is encoded at the output of one network and decoded at the input of another network, while the key management algorithm ensures its secure distribution between end devices. All data manipulations are transparent to applications running on the network.

2. Remote access to information resources. Protection

information transmitted via communication channels

When interconnecting between geographically remote company objects, the task arises of ensuring the security of information exchange between clients and servers of various network services. Similar problems occur in wireless local area networks (WLAN), as well as when remote subscribers access the resources of a corporate information system. The main threat here is considered to be unauthorized connection to communication channels and interception (listening) of information and modification (substitution) of data transmitted through channels (mail messages, files, etc.).

To protect data transmitted over these communication channels, it is necessary to use appropriate cryptographic protection tools. Cryptographic transformations can be carried out both at the application level (or at the levels between application protocols and the TCP/IP protocol) and at the network level (conversion of IP packets).

In the first option, encryption of information intended for transportation via a communication channel through an uncontrolled territory must be carried out at the sending node (workstation - client or server), and decryption - at the recipient node. This option involves making significant changes to the configuration of each interacting party (connecting cryptographic protection means to application programs or the communication part of the operating system), which, as a rule, requires large costs and installation of appropriate protection means on each node of the local network. Solutions for this option include the SSL, S-HTTP, S/MIME, PGP/MIME protocols, which provide encryption and digital signature of email messages and messages transmitted using the http protocol.

The second option involves installing special tools that carry out crypto-transformations at the points of connection of local networks and remote subscribers to communication channels (public networks) passing through uncontrolled territory. When solving this problem, it is necessary to ensure the required level of cryptographic data protection and the minimum possible additional delays during their transmission, since these tools tunnel the transmitted traffic (add a new IP header to the tunneled packet) and use encryption algorithms of different strengths. Due to the fact that the tools that provide crypto-transformations at the network level are fully compatible with any application subsystems running in the corporate information system (they are “transparent” to applications), they are most often used. Therefore, in the future we will dwell on these means of protecting information transmitted over communication channels (including over public networks, for example, the Internet). It is necessary to take into account that if cryptographic information protection means are planned for use in government agencies, then the issue of their choice should be decided in favor of products certified in Russia.

.1 Solutions based on certified crypto gateways

To implement the second option and ensure the confidentiality and reliability of information transmitted between company facilities via communication channels, you can use certified crypto gateways (VPN gateways). For example, Continent-K, VIPNet TUNNEL, ZASTAVA-Office of the companies NIP Informzaschita, Infotex, Elvis+. These devices provide encryption of transmitted data (IP packets) in accordance with GOST 28147-89, and also hide the structure of the local network, protect against outside penetration, route traffic and have certificates from the State Technical Commission of the Russian Federation and the FSB (FAPSI).

Crypto gateways allow remote subscribers to securely access the resources of the corporate information system (Fig. 1). Access is made using special software that is installed on the user’s computer (VPN client) to ensure secure interaction between remote and mobile users with the crypto gateway. The crypto gateway software (access server) identifies and authenticates the user and communicates with the resources of the protected network.

Figure 1. - “Remote access via a secure channel with

using a crypto gateway"

Using crypto gateways, you can form virtual secure channels in public networks (for example, the Internet), guaranteeing confidentiality and reliability of information, and organize virtual private networks (Virtual Private Network - VPN), which are an association of local networks or individual computers connected to a public network. use into a single secure virtual network. To manage such a network, special software (control center) is usually used, which provides centralized management of local security policies for VPN clients and crypto gateways, sends key information and new configuration data to them, and maintains system logs. Crypto gateways can be supplied as software solutions or as hardware-software systems. Unfortunately, most of the certified crypto gateways do not support the IPSec protocol and, therefore, they are not functionally compatible with hardware and software products from other manufacturers.

.2 IPSec based solutions

The IP Security (IPSec) protocol is the basis for building network-level security systems; it is a set of open international standards and is supported by most manufacturers of network infrastructure protection solutions. The IPSec protocol allows you to organize secure and authentic data flows (IP packets) at the network level between various interacting principals, including computers, firewalls, routers, and provides:

· authentication, encryption and integrity of transmitted data (IP packets);

· protection against retransmission of packets (replay attack);

· creation, automatic updating and secure distribution of cryptographic keys;

· use of a wide range of encryption algorithms (DES, 3DES, AES) and data integrity monitoring mechanisms (MD5, SHA-1). There are software implementations of the IPSec protocol that use Russian encryption algorithms (GOST 28147-89), hashing (GOST R 34.11-94), electronic digital signature (GOST R 34.10-94);

· authentication of network interaction objects based on digital certificates.

The current set of IPSec standards includes the core specifications defined in RFCs (RFC 2401-2412, 2451). Request for Comments (RFC) is a series of documents from the Internet Engineering Task Force (IETF), begun in 1969, containing descriptions of the Internet protocol suite. The system architecture is defined in RFC 2401 "Security Architecture for Internet Protocol", and the specifications of the main protocols are in the following RFCs:

· RFC 2402 “IP Authentication Header” - specification of the AH protocol, which ensures the integrity and authentication of the source of transmitted IP packets;

· RFC 2406 “IP Encapsulating Security Payload” - ESP protocol specification that ensures confidentiality (encryption), integrity and source authentication of transmitted IP packets;

· RFC 2408 “Internet Security Association and Key Management Protocol” - specification of the ISAKMP protocol, which provides negotiation of parameters, creation, modification, destruction of secure virtual channels (Security Association - SA) and management of the necessary keys;

· RFC 2409 "The Internet Key Exchange" - a specification of the IKE protocol (includes ISAKMP), which provides parameter negotiation, creation, modification and destruction of SAs, negotiation, generation and distribution of the key material necessary to create the SA.

The AH and ESP protocols can be used both together and separately. The IPSec protocol uses symmetric encryption algorithms and corresponding keys to ensure secure network communication. The mechanisms for generating and distributing such keys are provided by the IKE protocol.

Secure Virtual Channel (SA) is an important concept in IPSec technology. SA is a directed logical connection between two systems supporting the IPSec protocol, which is uniquely identified by the following three parameters:

· secure connection index (Security Parameter Index, SPI - a 32-bit constant used to identify different SAs with the same recipient IP address and security protocol);

· IP address of the recipient of IP packets (IP Destination Address);

· security protocol (Security Protocol - one of the AH or ESP protocols).

As an example, Figure 2 shows a remote access solution over a secure channel from Cisco Systems based on the IPSec protocol. Special Cisco VPN Client software is installed on the remote user's computer. There are versions of this software for various operating systems - MS Windows, Linux, Solaris.

Figure 2. - “Remote access via a secure channel with

using a VPN concentrator"

The VPN Client interacts with the Cisco VPN Series 3000 Concentrator and creates a secure connection, called an IPSec tunnel, between the user's computer and the private network behind the VPN concentrator. A VPN concentrator is a device that terminates IPSec tunnels from remote users and manages the process of establishing secure connections with VPN clients installed on user computers. The disadvantages of this solution include the lack of support by Cisco Systems for Russian encryption, hashing and electronic digital signature algorithms.

3. Information security technologies in information technology

telecommunication systems (ITS)

telecommunications protection information channel communication

Effective support of public administration processes using tools and information resources (IIR) is possible only if the system has the property of “security”, which is ensured by the implementation of a comprehensive information security system, including basic security components - an access control system for ITS facilities, a video surveillance and information security system.

The cornerstone of an integrated security system is an information security system, the conceptual provisions of which arise from the design features of the system and its constituent subsystems and the concept of a “protected” system, which can be formulated as follows:

A secure ITS is an information and telecommunication system that ensures the stable execution of the target function within the framework of a given list of security threats and the model of the intruder’s actions.

The list of security threats and the pattern of actions of the violator are determined by a wide range of factors, including the operational process of the ITS, possible erroneous and unauthorized actions of service personnel and users, equipment failures and malfunctions, passive and active actions of violators.

When building an ITS, it is advisable for public authorities (GBOs) to consider three basic categories of threats to information security that can lead to disruption of the system’s main target function - effective support of public administration processes:

· failures and malfunctions in the system hardware, emergency situations, etc. (events without human participation);

· erroneous actions and unintentional unauthorized actions of service personnel and system subscribers;

Unauthorized actions of the violator may relate to passive actions (interception of information in a communication channel, interception of information in technical leakage channels) and active actions (interception of information from storage media with a clear violation of the rules of access to information resources, distortion of information in a communication channel, distortion, including destruction of information on storage media in clear violation of the rules of access to information resources, introduction of disinformation).

The violator may also take active actions aimed at analyzing and overcoming the information security system. It is advisable to classify this type of action as a separate group, since, having overcome the security system, the intruder can perform actions without clearly violating the rules of access to information resources.

In the above type of actions, it is advisable to highlight possible actions aimed at introducing hardware and software components into ITS equipment, which is primarily determined by the use of foreign equipment, components and software.

Based on the analysis of the ITS architecture and threats, a general architecture of the information security system can be formed, including the following main subsystems:

· information security system management subsystem;

· security subsystem in the information subsystem;

· security subsystem in the telecommunications subsystem;

· security subsystem for internetwork interaction;

· subsystem for identifying and countering the active actions of violators;

· a subsystem for identifying and countering possible hardware and software bookmarks.

It should be noted that the last three subsystems, in the general case, are components of the second and third subsystems, but taking into account the features formulated above, it is advisable to consider them as separate subsystems.

The basis of the information security system in the ITS and each of its subsystems is the Security Policy in the ITS and its subsystems, the key provisions of which are the requirements for the use of the following basic mechanisms and means of ensuring information security:

· identification and authentication of ITS subscribers, ITS equipment, processed information;

· control of information flows and information life cycle based on security labels;

· access control to ITS resources based on a combination of discretionary, mandatory and role-based policies and firewalling;

· cryptographic information protection;

· technical means of protection;

· organizational and regime measures.

The given list of protection mechanisms is determined by the goals of the information security system in the ITS, among which we will highlight the following five main ones:

· access control to ITS information resources;

· ensuring the confidentiality of protected information;

· monitoring the integrity of protected information;

· non-denial of access to information resources;

· readiness of information resources.

The implementation of the specified mechanisms and means of protection is based on the integration of hardware and software protection means into the hardware and software of the ITS and the processed information.

Note that the term “information” in ITS refers to the following types of information:

· user information (information necessary for management and decision-making);

· service information (information that provides control of ITS equipment);

· special information (information that ensures the management and operation of protective equipment);

· technological information (information that ensures the implementation of all information processing technologies in ITS).

In this case, all listed types of information are subject to protection.

It is important to note that without the use of automated information security system management tools, it is impossible to ensure stable operation of the security system in a geographically distributed information processing system that interacts with both protected and non-protected systems in the ITS circuit and processes information of varying levels of confidentiality.

The main objectives of the information security management subsystem are:

· generation, distribution and accounting of special information used in security subsystems (key information, password information, security labels, access rights to information resources, etc.);

· configuration and management of information security tools;

· coordination of security policies in interacting systems, including special information;

· security system monitoring;

· updating the Security Policy in ITS taking into account different periods of operation, introducing new information processing technologies into ITS.

The implementation of the information security management subsystem requires the creation of a single control center that interacts with local security control centers for the telecommunications and information subsystems of the ITS, information security control centers in interacting networks and information security agents at system facilities.

The architecture of the information security management system should be virtually identical to the architecture of the ITS itself, and from the point of view of its implementation, the following principles should be followed:

· the information security control center and local control centers must be implemented on dedicated hardware and software using domestic means;

· security management agents must be integrated into the hardware and software of the system’s workplaces with the possibility of independent control from them by the center and local centers.

The information security subsystem in the ITS information subsystem is one of the most complex subsystems both in terms of protection mechanisms and their implementation.

The complexity of this subsystem is determined by the fact that it is in this subsystem that the bulk of information processing is performed, while the main resources for accessing information of system subscribers are concentrated in it - subscribers directly have authorized access to both information and the functions of its processing. That is why the basis of this subsystem is a system for controlling access to information and its processing functions.

The basic mechanism for implementing authorized access to information and its processing functions is the mechanism for protecting information resources from unauthorized actions, the main components of which are:

· organizational and technical means of controlling access to system objects, information and functions for its processing;

· registration and accounting system for the operation of the system and system subscribers;

· integrity assurance subsystem;

· cryptographic subsystem.

The basis for the implementation of the noted protection is the architectural construction of the information component of the ITS - the creation of logically and informationally separated objects of the information component of the ITS (data banks, information and reference complexes, situation centers). This will make it possible to implement cryptographically independent isolated objects operating using client-server technology and not providing direct access to information storage and processing functions - all processing is carried out at the authorized request of users based on the powers granted to them.

For the authorized provision of information resources to subscribers, the following methods and mechanisms are used:

· information security labels;

· identification and authentication of subscribers and system equipment;

· cryptographic protection of information during storage;

· cryptographic control of information integrity during storage.

When implementing a security subsystem in the telecommunications component of an ITS, it is necessary to take into account the availability of communication channels in both controlled and uncontrolled territories.

A justified way to protect information in communication channels is cryptographic protection of information in communication channels in an uncontrolled territory in combination with organizational and technical means of protecting information in communication channels in a controlled territory, with the prospect of transition to cryptographic information protection in all ITS communication channels, including using VPN technology methods. A resource for protecting information in the telecommunications subsystem (taking into account the presence of violators with legal access to telecommunications resources) is the delimitation of access to telecommunications resources with registration of information flows and subscriber operating regulations.

A typical solution for protecting information in communication channels is the use of subscriber and line protection loops in combination with algorithmic and technical means of protection, providing (both directly and indirectly) the following protection mechanisms:

· protection against information leakage into communication channels and technical channels;

· control of the safety of information during transmission via communication channels;

· protection from possible attacks by an intruder via communication channels;

· identification and authentication of subscribers;

· access control to system resources.

The security subsystem for internetwork exchange in ITS is based on the following security mechanisms:

· access control to internetworking resources (firewalling);

· identification and authentication of subscribers (including cryptographic authentication methods);

· identification and authentication of information;

· cryptographic protection of information in communication channels in uncontrolled territory, and in the future - in all communication channels;

· cryptographic isolation of interacting systems.

Of great importance in the subsystem under consideration is the implementation of virtual private network (VPN) technology, the properties of which largely solve the issues of both protecting information in communication channels and countering attacks by intruders from communication channels.

· one of the functions of ITS is making decisions on the management of both individual departments and enterprises, and the state as a whole, based on analytical processing of information;

· the existence of violators among subscribers interacting with ITS systems cannot be ruled out.

The subsystem for identifying and countering the active actions of an intruder is implemented on two main components: hardware and software for identifying and countering possible attacks by intruders via communication channels and the architecture of a secure network.

The first component - the component for identifying possible attacks, is intended for protection in those ITS subsystems in which the intruder's actions in terms of attacks on information resources and ITS equipment are fundamentally possible, the second component is intended to eliminate such actions or significantly complicate them.

The main means of the second component are hardware and software that ensure the implementation of protection methods in accordance with virtual private network (VPN) technology, both during the interaction of various ITS objects in accordance with their structure, and within individual objects and subnets based on firewalls or firewalls with built-in cryptographic protection.

We emphasize that the most effective counteraction to possible attacks is provided by cryptographic means of a linear protection loop and an internetwork cryptographic gateway for external intruders and means of controlling access to information resources for legal users belonging to the category of intruder.

The subsystem for identifying and countering possible hardware and software defects is implemented by a set of organizational and technical measures during the manufacture and operation of ITS equipment, including the following main activities:

· special inspection of foreign-made equipment and components;

· software standardization;

· checking the properties of the element base that affect the effectiveness of the protection system;

· checking software integrity using cryptographic algorithms.

Along with other tasks, the issue of countering possible hardware and software bookmarks is also provided by other means of protection:

· linear cryptographic protection circuit, providing protection against the activation of possible software bookmarks via communication channels;

· archiving of information;

· redundancy (hardware duplication).

By means of ITS at various system objects, OGV users can be provided with various services for information transfer and information services, including:

· secure document flow subsystem;

· certification centers;

· secure subsystem for transmitting telephone information, data and organizing video conferences;

· a secure subsystem of official information, including the creation and maintenance of official websites of leaders at the federal and regional levels.

Note that the secure document flow subsystem is tightly connected with certification centers that ensure the implementation of the digital signature mechanism.

Let us consider in more detail the integration of information security tools into the electronic document management system, into the telephone information transmission subsystem, the official information subsystem and the official website of managers at various levels.

The basic mechanism for protecting information in an electronic document management system is a digital electronic signature, which ensures identification and authentication of documents and subscribers, as well as control of their integrity.

Since the features of the ITS document flow system are determined by the presence of information exchange between various objects and departments (including possible information exchange between secure and unprotected systems), as well as the use of various document processing technologies in different departments, the implementation of secure document flow, taking into account the stated factors, requires the following activities:

· unification of document formats in various departments;

· harmonization of security policies in various departments.

Of course, the noted requirements can be partially solved by using gateways between interacting systems.

Certification centers are essentially a distributed database that ensures the implementation of a digital signature in a document flow system. Unauthorized access to the information resources of this database completely destroys the security properties of electronic document management. This leads to the main features of the information security system at certification centers:

· management of access to database resources of certification centers (protection from unauthorized access to resources);

· ensuring stable operation of certification centers in conditions of possible failures and failures, emergency situations (protection against destruction of database information).

The implementation of these mechanisms can be carried out in two stages: at the first stage, protection mechanisms are implemented using organizational and technical protection measures and security measures, including the use of a domestic certified operating system, and at the second stage, cryptographic protection methods are integrated into hardware and software during storage and information processing at certification centers.

Features of protecting various types of traffic transmitted to the ITS (telephone traffic, data and video conferencing traffic) can be divided into two classes:

· features of the protection of subscriber equipment, which are determined by the need to protect information of various types, including simultaneously (video information and speech, and, possibly, data), as well as the need to protect information of various types from leakage into technical channels.

· features of the protection of equipment of a certain type of information transmission system, which are determined by the need to protect against unauthorized access to telephone services, data transmission, conference calls and its resources.

For these classes, the basic protection mechanisms are:

· technical means of protecting information from leakage into technical channels, implemented by standard means;

· access control to resources that support the organization of various types of communications, which is based on the identification and authentication of possible connections of various users and equipment to communications equipment.

A feature of the secure subsystem of official information is the presence of information flows in two directions - from ITS to external systems, including individual citizens of the country, as well as from external systems to ITS (information exchange with unprotected objects).

Based on information received from external systems, decisions are developed in the interests of both individual organizations, departments and regions, and the state as a whole, and the execution of the decisions made also at all levels of government depends on the information received by external systems.

Therefore, in the first case, the main requirements for the functioning of the system from the point of view of its security are the integrity of the information provided, the efficiency of providing information, including its updating, the reliability of the source of information, and control of the delivery of information to the recipient.

In the second case - the reliability of the information provided, the reliability of the source of information, the efficiency of delivering information, as well as control of delivering information to the recipient. Basically, the listed requirements are provided by standard security mechanisms (cryptographic methods for monitoring the integrity of information, identification and authentication of subscribers and information).

A distinctive feature characteristic of this subsystem is the need to control the reliability of information coming from external systems and which is the source material for making decisions, including in the interests of the state. This problem is solved using analytical methods for monitoring the reliability of information, ensuring the stability of the solutions developed in the face of the receipt of unreliable information, and organizational and technical measures that ensure confirmation of incoming information.

The main goals of the information security system on the website of federal and regional leaders are to prevent information from entering the website that is not intended for this purpose, as well as to ensure the integrity of the information presented on the website.

The basic security mechanism implemented on the site must ensure control of access to the site by the internal system that provides information to the site, as well as control of access by external systems to the site’s resources.

The implementation of protection is based on the creation of a “demilitarized” zone based on firewalls (gateways), providing:

Filtering information in the direction from the internal system to the site with control of access to the site from the internal system (identification and authentication of the source of information) and filtering information using security labels;

Monitoring the integrity of information resources on the site and ensuring stable operation of the site in the face of possible information distortions;

control of access from external systems to site resources;

filtering requests coming to the site from external systems.

One of the most important issues when solving problems of ensuring information security is improving the regulatory framework regarding information security.

The need to improve the regulatory framework is determined by two main factors - the presence of information exchange between various departments, the presence of a large number of types and types of information circulating in the ITS.

In terms of ensuring information security in ITS, the regulatory framework must be improved in the following areas:

· creation of uniform requirements for ensuring information security and, on their basis, a unified security concept, ensuring the possibility of harmonizing security policies in various departments and ITS as a whole, including different periods of operation;

· creation of a unified standard for documentary information, ensuring the implementation of unified security labels and reducing the cost of transmitting documents during interdepartmental interaction;

· creation of provisions for interdepartmental interaction that ensure constant monitoring of information security during interdepartmental interaction.

Conclusion

In this course work the following principles were considered:

· ITS architecture and basic information processing technologies in ITS should be created taking into account the evolutionary transition to domestically developed means;

· automated workstations of ITS information security systems must be created on a domestically produced hardware and software platform (domestic assembled computer, domestic operating system, domestic software);

· ITS architecture and basic information processing technologies in ITS should be created taking into account the possibility of using existing hardware and software security tools at the first stage with their subsequent replacement with promising information security tools.

Fulfillment of these requirements will ensure continuity and specified efficiency of information protection during the transition period from the use of information processing technologies in ITS in combination with information security technologies to the use of secure information processing technologies in ITS.

Bibliography

1. Konstantin Kuzovkin. Remote access to information resources. Authentication. // Director of information service - 2003 - No. 9.

2. Konstantin Kuzovkin. Secure platform for Web applications. // Open systems - 2001 - No. 4.

Alexey Lukatsky. Unknown VPN. // Computer-Press - 2001 - No. 10.

Internet resources: http://www.niia.ru/document/Buk_1, www.i-teco.ru/article37.html.

Kerberos protocol

Authentication protocols:

3. Public Key Authentication

Description of DSA

p = prime number of length L bits, where L is a multiple of 64, ranging from 512 to 1024.

q= 160-bit prime - multiplier p-1

g = , where h is any number less than p-1 for which more than 1

x = number less than q

A one-way hash function is used: H(m).

The first three parameters, p, q, g, are open and can be shared among network users. The private key is x and the public key is y. To sign a message, m:

1. A generates a random number k, less than q

2. A generates

His signature is the parameters r and s, he sends them to B

3. B verifies the signature by calculating

If v=r, then the signature is correct.

Summary

The IPSec standards system incorporates progressive techniques and achievements in the field of network security. The IPSec system firmly occupies a leading position in the set of standards for creating VPNs. This is facilitated by its open construction, capable of incorporating all new advances in the field of cryptography. IPsec allows you to protect your network from most network attacks by “dropping” foreign packets before they reach the IP level on the receiving computer. Only packets from registered communication partners can enter the protected computer or network.

IPsec provides:

  • authentication - proof of sending packets by your interaction partner, that is, the owner of the shared secret;
  • integrity - the impossibility of changing the data in the package;
  • confidentiality - impossibility of disclosing transmitted data;
  • strong key management - the IKE protocol calculates a shared secret known only to the recipient and sender of the packet;
  • tunneling - complete masking of the enterprise local network topology

Working within the framework of IPSec standards ensures complete protection of the information flow of data from sender to recipient, closing traffic to observers at intermediate network nodes. VPN solutions based on the IPSec protocol stack ensure the construction of virtual secure networks, their secure operation and integration with open communication systems.

Application level protection

SSL protocol

The SSL (Secure Socket Layer) protocol, developed by Netscape Communications with the participation of RSA Data Security, is designed to implement secure information exchange in client/server applications. In practice, SSL is only widely implemented in conjunction with the HHTP application layer protocol.

Security features provided by the SSL protocol:

  • data encryption to prevent disclosure of sensitive data during transmission;
  • signing data to prevent disclosure of sensitive data during transmission;
  • client and server authentication.

The SSL protocol uses cryptographic information security methods to ensure the security of information exchange. This protocol performs mutual authentication and ensures the confidentiality and authenticity of the transmitted data. The core of the SSL protocol is a technology for the integrated use of symmetric and asymmetric cryptosystems. Mutual authentication of the parties is carried out by exchanging digital certificates of the client and server public keys, certified by a digital signature of special certification centers. Confidentiality is ensured by encrypting the transmitted data using symmetric session keys, which the parties exchange when establishing a connection. The authenticity and integrity of information is ensured through the formation and verification of a digital signature. The RSA algorithm and the Diffie-Hellman algorithm are used as asymmetric encryption algorithms.

Figure 9 Crypto-protected tunnels formed based on the SSL protocol

According to the SSL protocol, crypto-secure tunnels are created between virtual network endpoints. The client and server operate on computers at the end points of the tunnel (Fig. 9)

The SSL conversation protocol has two main stages in forming and maintaining a secure connection:

  • establishing an SSL session;
  • secure interaction.

The first stage is worked out before the actual protection of information exchange and is performed using the initial greeting protocol (Handshake Protocol), which is part of the SSL protocol. When a reconnection is established, it is possible to generate new session keys based on the old shared secret.

In the process of establishing an SSL session, the following tasks are solved:

  • authentication of parties;
  • coordination of cryptographic algorithms and compression algorithms that will be used in secure information exchange;
  • generation of a shared secret master key;
  • generation of shared secret session keys for cryptoprotection of information exchange based on the generated master key.

Figure 10 Process of client authentication by server

The SSL protocol provides two types of authentication:

  • server authentication by client;
  • client authentication by server.

SSL-enabled client/server software can use standard public key cryptography techniques to verify that the server/client certificate and public key are valid and were issued by a trusted certificate authority. An example of the client authentication process by the server is presented in Figure 10.

Protocol application diagram

Before transmitting a message over a data link, the message goes through the following processing steps:

1.The message is fragmented into blocks suitable for processing;

2.Data is compressed (optional);

3. A MAC key is generated;

4.Data is encrypted using a key;

1.Using the key, the data is decrypted;

2. The MAC key is checked;

3.Data decompression occurs (if compression was used);

4.The message is assembled from blocks and the recipient reads the message.

Authentic key distribution

A, Client C.A. Verification Center B, Server
Generating a digital signature key pair: . Transfer to CA - symmetric encryption scheme; - open encryption scheme; - CPU circuit; - any functions (preferably ONF) Generating a key pair for an open encryption scheme: . Transfer to CA
K- random session key.

If , That K accepted as an authentic shared secret key

Working stage

A B

Symmetric encryption scheme

. . . etc. . . .

Attacks on the SSL protocol

Like other protocols, SSL is susceptible to attacks related to an untrusted software environment, the introduction of bookmark programs, etc.:

  • Response attack. It consists of the attacker recording a successful communication session between the client and the server. Later, it establishes a connection to the server using the client's recorded messages. But by using a unique connection identifier, "nonce", SSL defeats this attack. The codes of these identifiers are 128 bits long, so an attacker needs to write down 2^64 identifiers in order to have a 50% chance of guessing. The number of records required and the low probability of guessing make this attack pointless.
  • Handshake protocol attack. An attacker could try to influence the handshake process so that the parties choose different encryption algorithms. Because many implementations support exported encryption, and some even support 0-encryption or MAC algorithms, these attacks are of great interest. To carry out such an attack, an attacker needs to spoof one or more handshake messages. If this happens, the client and server will calculate different hash values ​​for the handshake message. As a result, the parties will not accept “finished” messages from each other. Without knowing the secret, the attacker will not be able to correct the "finished" message, so the attack may be detected.
  • Unraveling ciphers. SSL depends on several cryptographic technologies. RSA public key encryption is used to forward session keys and client/server authentication. Various cryptographic algorithms are used as the session cipher. If these algorithms are successfully attacked, SSL can no longer be considered secure. Attacks against certain communication sessions can be carried out by recording the session and then attempting to guess the session key or RSA key. If successful, the opportunity to read the transmitted information opens.
  • The attacker is in the middle. A Man-in-the-Middle attack involves three parties: a client, a server, and an attacker. An attacker, located between them, can intercept the exchange of messages between the client and server. The attack is only effective if the Diffie-Halman algorithm is used for key exchange, since the integrity of the received information and its source cannot be verified. In the case of SSL, such an attack is impossible due to the server's use of certificates certified by a certificate authority.

TLS protocol

Purpose of creation and advantages

The purpose of creating TLS is to increase the security of SSL and more accurately and completely define the protocol:

  • More reliable MAC algorithm
  • More detailed warnings
  • Clearer definitions of gray area specifications

TLS provides the following security enhancements:

  • Hashing Keys for Message Authentication - TLS uses hashing in the Message Authentication Code (HMAC) to prevent the record from being modified when transmitted over an unsecured network, such as the Internet. SSL version 3.0 also supports message authentication using keys, but HMAC is considered more secure than the MAC feature used in SSL version 3.0.
  • Improved Pseudorandom Function (PRF) The PRF is used to generate key data. In TLS, the PRF is defined using HMAC. PRF uses two hashing algorithms to ensure its security. If one of the algorithms is hacked, the data will be protected by the second algorithm.
  • Improved "Ready" message verification - TLS version 1.0 and SSL version 3.0 send a "Ready" message to both end systems, indicating that the delivered message has not been modified. However, in TLS this check is based on PRF and HMAC values, which provides a higher level of security than SSL version 3.0.
  • Consistent certificate processing - Unlike SSL version 3.0, TLS attempts to specify a certificate type that can be used by different TLS implementations.
  • Specific warning messages - TLS provides more accurate and complete warnings about problems detected by one of the end systems. TLS also contains information about when which warning messages should be sent.

SSH protocol

The SSH (Secure Shell) protocol is a set of public key authentication protocols that allows a client-side user to log in securely to a remote server.

The main idea of ​​the protocol is that the user on the client side must download a public key from a remote server and establish a secure channel with it using a cryptographic mandate. The user's cryptographic credentials are his password: this can be encrypted using the resulting public key and transmitted to the server.

All messages are encrypted using IDEA.

SSH protocol architecture

SSH is performed between two untrusted computers running on an unsecured network (client - server).

The SSH protocol suite consists of three components:

  • The SSH Transport Layer Protocol provides server authentication. A public key is used for this. The initial information for this protocol, both on the server side and on the client side, is a pair of public keys - “host computer keys”. The result of the protocol is a mutually authenticated secure channel that guarantees the secrecy and integrity of the data.
  • SSH User Authentication Protocol. Performed over a one-way authentication channel established by the SSH transport layer protocol. To perform authentication from client to server, various one-way authentication protocols are supported. These protocols can use either a public key or a password. For example, they can be created based on a simple password authentication protocol. The result of the protocol is a mutually authenticated secure channel between the server and the user. The following methods are used:

publickey- the client is sent an electronic signature, the server verifies the trust in the client’s public key using the copy of the key available on the server, then verifies the authenticity of the client using Sc.

password- the client confirms his authenticity with a password.

hostbased- similar to publickey, but uses a key pair for the client host; Having confirmed the authenticity of the host, the server trusts the username.

  • The SSH Connection Protocol runs over a mutually authenticated secure channel established by previous protocols. The protocol ensures the operation of a secure channel while dividing it into several secure logical channels.

Key distribution protocol

The protocol includes 3 stages. The first phase is the "Hello" phase, where the first identifier is the string, I, sent to start the protocol, followed by a list of supported algorithms, X.

In stage 2, the parties agree on a secret key, s. For this, the Diffie-Hellman algorithm is used. The server confirms its identity by sending clients its public key, verified by a digital signature, , and digest signature, h. The identifier sid is set to h.

In stage 3, the secret key, session ID and digest are used to create 6 "application keys" calculated using .

Summary

The advantages of the protocol include:

  • the ability to act on an end-to-end basis with implementing TCP/IP stacks and existing application programming interfaces;
  • increased efficiency compared to slow channels;
  • absence of any problems with fragmentation, determining the maximum volume of blocks transmitted along a given route;
  • combination of compression and encryption.