What is key compromise? Actions to take if keys are compromised. Types of digital signature in Europe and Russia

An electronic digital signature (EDS) is a special cryptographic combination that allows you to verify the authenticity of a document and/or the authorship of the person signing it, as well as check the date latest changes. But the key is compromised electronic signature– this is a lack of trust in the digital signature, implying the fact of involvement of third parties in the data. Let's consider this point in more detail.

Concept

As such, the definition of compromise of an electronic signature key in the current Russian legislation absent. However, it is generally understood as a loss of trust that the keys used ensure the security of information (see, for example, Section 2 of the Regulations for registration and connection of legal and individuals to the system electronic document management PFR, approved. Resolution of the Board of the Pension Fund of January 26, 2001 No. 15).

Oddly enough, about compromising the electronic signature key Federal law“On electronic signatures” of 2011 No. 63-FZ says nothing.

At the same time, not only its owner, but also the certification center is responsible for compromising an electronic signature key under 63-FZ. Based on clause 4, part 2, art. 13 he is obliged to ensure the confidentiality of the generated ES keys.

When the EDS key is compromised

Situations in which one can doubt the validity of an electronic signature are the following:

Key compromise is a concept that includes the fact that unauthorized persons have access to secret keys, as well as the possibility of such access or the suspicion of it. A compromised secret key is the main danger for any information security system, therefore special measures are taken to protect secret keys: they are never written to hard drive computer, they are kept on separate media, they are encrypted, they are password protected, etc. However, cases of compromise are possible.

In case of compromise, the private key and the public key paired with it are included in special lists containing compromised keys. Such lists may also be called differently in different cryptographic products - stop lists, certificate revocation lists, etc. Compromised keys are no longer valid. A signature generated on a compromised key is automatically considered incorrect; information from a document encrypted with a compromised key cannot be considered secret.

The owner of the compromised keys creates new keys for himself.

Cryptography deals with the development of methods for converting (encrypting) information in order to protect it from illegal users. Such methods and methods of converting information are called ciphers.

Encryption (encryption) Ї the process of applying a cipher to protected information, i.e. transformation of protected information (plain text) into an encrypted message (ciphertext, cryptogram) using certain rules contained in the cipher. Decryption is the reverse process of encryption, i.e. converting an encrypted message into protected information using certain rules contained in the cipher (based on the key, the ciphertext is converted to the original).

In cryptography, a key is a replaceable cipher element that is used to encrypt a specific message. For example, the key could be the amount of shift of the ciphertext letters relative to the plaintext letters.

Opening (cracking) a cipher is the process of obtaining protected information from an encrypted message without knowing the cipher used.

The ability of a cipher to withstand all kinds of attacks on it is called the strength of the cipher.

An attack on a cipher is an attempt to break that cipher.

Cryptanalysis is the science (and the practice of its application) about the methods and methods of breaking ciphers.

A substitution cipher converts the substitution of letters or other "parts" of the plaintext into similar "parts" of the ciphertext.

An alphabet is a finite set of signs used to encode information.

Text is an ordered set of alphabetic elements.

The key is the information necessary for the smooth encryption and decryption of texts.

A cryptographic system is a family of T plaintext transformations. Members of this family are indexed, or designated by the symbol k; parameter k is the key. The key space K is a set possible values key Usually the key is a sequential series of letters of the alphabet.

Cryptosystems are divided into symmetric and public key.

In symmetric cryptosystems, the same key is used for both encryption and decryption.

Mono- and multi-alphabetic substitutions Ї are a type of transformation that consists in replacing characters in the source text with others (of the same alphabet) according to a more or less complex rule. To ensure high cryptographic strength, the use of big keys. A multi-alphabetic substitution is defined by the key p=(p1, p2, ...), containing at least two different substitutions.

Gumming consists of imposing a pseudo-random sequence generated on the basis of a key on the source text.

Overlay Ї is usually a letter-by-letter addition or subtraction by one modulus or another.

Cipher machine (encryption device) Ї machine that implements any encryption algorithm

Cryptography is the methodological basis modern systems ensuring information security in computer systems and networks. Historically, cryptography (translated from Greek, this term means “secret writing”) originated as a method of secretly transmitting messages. Cryptography is a set of data transformation techniques designed to protect the data by making it useless to unauthorized users. Such transformations provide a solution to the three main problems of data protection: ensuring confidentiality, integrity and authenticity of transmitted or stored data.

To ensure data security, there are three main features that need to be supported:

* protecting the confidentiality of data transmitted or stored in memory;

* confirmation of data integrity and authenticity;

* authentication of subscribers when logging into the system and when establishing a connection;

For implementation specified functions cryptographic encryption technologies are used, digital signature and authentication.

Confidentiality is ensured using algorithms and methods of symmetric and asymmetric encryption, as well as through mutual authentication of subscribers based on reusable and one-time passwords, digital certificates, smart cards, etc.

The integrity and authenticity of the transmitted data is usually achieved using various options electronic signature technologies based on one-way functions and asymmetric encryption methods.

Authentication allows connections to be made only between legitimate users and prevents unwanted individuals from accessing network facilities. Subscribers who have proven their legality (authenticity) are provided with permitted types of network services.

Ensuring the confidentiality, integrity and authenticity of transmitted and stored data is carried out primarily by the correct use of cryptographic methods and means of information security. The basis of the majority cryptographic means information protection is data encryption.

A cipher is understood as a set of procedures and rules of cryptographic transformations used to encrypt and decrypt information using an encryption key. Encryption of information refers to the process of converting open information (original text) into encrypted text (ciphertext). The process of recovering the original text from a cryptogram using an encryption key is called decryption.

A generalized diagram of the encryption cryptosystem is shown in Fig. 5.1. The original text of the transmitted message (or stored information) M is encrypted using the cryptographic transformation Ek, resulting in ciphertext C:

where is a parameter of the function E, called the encryption key.

The cipher text C, also called a cryptogram, contains the original information M in full, but the sequence of characters in it appears random and does not allow the original information to be restored without knowing the encryption key kx.

The encryption key is the element with which you can vary the result of the cryptographic transformation. This item may belong specific user or a group of users and be unique to them. Information encrypted using a particular key can only be decrypted by its owner (or owners).

The reverse transformation of information looks like this:

Function D is the inverse of function E and decrypts the cipher text. She also has additional parameter in the form of a key k2. The decryption key k2 must uniquely correspond to the key k1; in this case, the resulting message M" as a result of decryption will be equivalent to M. In the absence of the correct key k2, it is impossible to obtain the original message M" = Mc using function D.

The encryption transformation can be symmetric or asymmetric with respect to the decryption transformation. Accordingly, two classes of cryptosystems are distinguished:

* symmetric cryptosystems (with a single key);

* asymmetric cryptosystems (with two keys).

Very often, quite important confidential information is transmitted through the well-known Internet network. Loss, falsification of such information or unauthorized access to it can lead to the most serious consequences; The popular advertising slogan “The Internet is available to everyone” says a lot, and, unfortunately, not only good things. It is clear that the availability of this resource to everyone entails a certain danger for everyone. Indeed, openness and transparency of the network structure is one of necessary conditions its growth and spread. However, the global network currently unites people with very different interests and inclinations. Network users are not only people with crystal clear intentions, but also those who use information for selfish purposes, i.e. persons who want and, most importantly, can do this, using quite a lot of existing points on the network where information can be intercepted or falsified.

We live in an era of dominance information technology, when the possession of information is the determining force. And this information needs serious protection today.

Cryptology (kryptos - secret, logos - message) deals with the problem of protecting information by transforming it. It has two directions: cryptography and cryptanalysis. The goals of these directions are directly opposite.

Cryptography is about discovery, research and development mathematical methods transformation of information, the basis of which is encryption.

The area of ​​interest of cryptanalysis is the study of the possibility of decrypting information.

For people who are not closely involved in problems information security, cryptography seems to be a complex and confusing matter involving ciphers, codes and secret messages. Indeed, her practical implementation requires quite serious knowledge. Using a more general definition, cryptography is the science of ensuring data security. At the core cryptographic protection information lies in its encryption, in other words, the transformation of data into such a form that it becomes unreadable for those for whom it was not intended. To ensure unreadability for some and accessibility of information for others, it is necessary to follow 4 basic security rules:

confidentiality;

authentication;

integrity;

control of interaction participants.

With confidentiality and authentication, everything is clear: without knowing the key, it is very difficult to read the message. That is, by managing the distribution of keys, you also control access to information.

To control integrity, the construction of a so-called message digest or electronic signature is used. When constructing this signature, we use special function, similar to the well-known CRC (Control Cyclic Code) function. The results of this function are encrypted. The recipient can only perform this function for the received message and compare the result with the decrypted one. Modern cryptography studies and develops 4 main areas:

symmetric cryptosystems (with a secret key); asymmetric cryptosystems (with public key);

electronic signature systems;

key management systems.

Extension practical application cryptography in networks, as well as the emergence of modern cryptographic methods, led to the need to introduce concepts, definitions and our own mathematical apparatus in this area.

The term "cryptography" has gone far from its original meaning - "secret writing, secret writing." Today, this discipline combines methods for protecting information interactions of a completely different nature, based on data transformation using secret algorithms, including algorithms that use secret parameters.

The main areas of use of cryptographic methods are the transfer confidential information via communication channels (for example, e-mail), establishing the authenticity of transmitted messages, storing information (documents, databases) on media in encrypted form.

Modern cryptographic systems provide high strength of encrypted data by maintaining the secrecy mode of the cryptographic key. However, in practice, any cipher used in one or another cryptosystem can be solved with a certain amount of complexity. In this regard, there is a need to assess the cryptographic strength of the ciphers used in cryptotransformation algorithms.

"...Compromise of a key is a loss of trust that the keys used ensure the security of information..."

Source:

Resolution of the Board of the Pension Fund of the Russian Federation dated January 26, 2001 N 15 “On the introduction of Pension Fund Russian Federation cryptographic protection of information and electronic digital signature" (together with the "Regulations for registration and connection of legal entities and individuals to the electronic document management system of the Pension Fund of the Russian Federation")

"...Key compromise is a loss of trust that the private keys used are inaccessible to unauthorized persons. Events associated with key compromise include, but are not limited to, the following:

Loss key media;

Loss of key media with subsequent discovery;

Dismissal of employees who had access to key information;

There are suspicions of information leakage or distortion in the confidential communication system;

Violation of the integrity of seals on safes with key media, if the procedure for sealing safes is used;

Loss of keys to safes while key media are in them;

Loss of keys to safes while key media are in them and subsequent discovery;

Access of unauthorized persons to key information..."

Source:

Order of the Federal Tax Service of the Russian Federation dated December 18, 2009 N MM-7-6/691@ "On approval of the Procedure for registering participants in electronic document management for submitting tax returns (calculations) and other documents to electronic form and informing taxpayers via telecommunication channels"

• - a method of quickly suppressing enemy subversive activities...

  Counterintelligence Dictionary

• Political science. Dictionary.

• - one of several parameters, in the format of a cryptographic key, and combined with one or more similar parameters by modulo-two addition to form a cryptographic key...

  Financial Dictionary

• - undermining reputation, defamation...

  Economic dictionary

• - damage to reputation, dissemination of defamatory information...

  Encyclopedic Dictionary of Economics and Law

• - disclosure of information that causes distrust in someone, discredits him, undermines his authority in the team, society...

  Great Soviet Encyclopedia

• - disclosure of information discrediting someone, undermining trust in someone in the team, society...

  Large encyclopedic dictionary

• - R., D., Pr....

  Spelling dictionary of the Russian language

• - COMPROMISE, -I destroy, -I destroy; -anny; nesov., someone something. To cast in an unseemly light, to defame. Compromising data, information...

  Dictionary Ozhegova

• - COMPROMETATION, compromise, many others. no, female . Action under Ch. compromise...

  Ushakov's Explanatory Dictionary

• - compromise g. Publication of information discrediting someone, undermining trust in someone in a team or in society...

  Explanatory Dictionary by Efremova

• - compromising "...

  Russian spelling dictionary

• - COMPROMETATION and, g. compromettre. Action by value Ch. compromise. BAS-1. In the current compromise, even the last persecution is impossible, and the persecution of public opinion is unthinkable. 1867. Ogarev - Herzen...

  Historical Dictionary of Gallicisms of the Russian Language

• - Priamur., Pribayk., Sib. Seethe, bubble. FSS, 93; SNFP, 79; SRGPriam., 116...
• - from whom. Crow. About a stupid, crazy person. SRNG 13, 322...

  Large dictionary of Russian sayings

• - Zharg. they say Joking-iron. About a smart person with a slow reaction. Maksimov, 439...

  Large dictionary of Russian sayings

"Key Compromise" in books

Compromise of Molotov

Three keys