The use of certified skzi - the point of view of the FSB. Certified means of cryptographic information protection (CI)
Ensuring secrecy (confidentiality) of information. 2.
Ensuring the integrity of information. 3.
Authentication of information (documents). To solve these problems, it is necessary to implement the following
processes: 1.
Implementation of the actual information security functions, including:
encryption/decryption; creation/verification of EDS; creating/testing mock inserts. 2.
Monitoring the state and managing the functioning of the means of KPI (in the system):
status control: detection and registration of cases of violation of the operability of means of KPI, attempts of unauthorized access, cases of compromise of keys;
operation management: taking measures in case of the listed deviations from the normal functioning of the KPI means. 3.
Carrying out maintenance of KZI facilities: implementation of key management;
execution of procedures related to the connection of new network subscribers and / or the exclusion of retired subscribers; elimination of identified shortcomings of the CIPF; commissioning of new versions of CIPF software;
modernization and replacement of technical means of CIPF with more advanced ones and / or replacement of means whose resource has been exhausted.
Key management is one of the most important functions of cryptographic information protection and consists in the implementation of the following main functions:
key generation: defines a mechanism for generating keys or key pairs with a guarantee of their cryptographic qualities;
key distribution: defines the mechanism by which keys are reliably and securely delivered to subscribers;
key retention: defines the mechanism by which keys are securely and securely stored for future use;
key recovery: defines the mechanism for recovering one of the keys (replacement with a new key);
key destruction: defines the mechanism by which obsolete keys are securely destroyed;
key archive: a mechanism by which keys can be securely stored for later notarized recovery in conflict situations.
In general, for the implementation of the listed functions of cryptographic information protection, it is necessary to create a system of cryptographic information protection that combines the actual means of CSI, maintenance personnel, premises, office equipment, various documentation (technical, regulatory), etc.
As already noted, in order to obtain guarantees of information protection, it is necessary to use certified means of KPI.
Currently, the most widespread is the issue of protecting confidential information. To solve this issue, under the auspices of FAPSI, a functionally complete set of cryptographic protection of confidential information has been developed, which allows solving the listed tasks of protecting information for a wide variety of applications and conditions of use.
This complex is based on the cryptographic cores "Verba" (system of asymmetric keys) and "Verba-O" (system of symmetric keys). These cryptocores provide data encryption procedures in accordance with the requirements of GOST 28147-89 "Information processing systems.
Cryptographic protection" and digital signature in accordance with the requirements of GOST R34.10-94 "Information technology. Cryptographic protection of information. Procedures for the development and verification of an electronic digital signature based on an asymmetric cryptographic algorithm.
The tools included in the CIPF complex allow you to protect electronic documents and information flows using certified encryption and electronic signature mechanisms in almost all modern information technologies, including the following: use of CIPF in offline mode;
secure information exchange in off-line mode; secure information exchange in on-line mode; protected heterogeneous, i.e. mixed information exchange.
To solve systemic issues of the use of cryptographic information protection tools, under the leadership of D. A. Starovoitov, the Vityaz complex cryptographic information protection technology was developed, which provides for cryptographic data protection in all parts of the system at once: not only in communication channels and system nodes, but also directly at user workplaces in the process of creating a document, when the document itself is protected. In addition, within the framework of the general Vityaz technology, a simplified, easily accessible technology for embedding licensed CIPFs into various application systems is provided for users, which makes the use of these CIPFs very wide.
Below is a description of the means and methods of protection for each of the listed modes.
Use of CIPF offline.
When working autonomously with CIPF, the following types of cryptographic information protection can be implemented: creation of a protected document; file protection;
creating a secure file system; creating a secure logical drive. At the request of the user, the following types of cryptographic protection of documents (files) can be implemented:
encryption of a document (file), which makes its content inaccessible both when storing a document (file) and when it is transmitted via communication channels or by courier;
development of an insert imitator, which provides control over the integrity of the document (file);
the formation of an EDS, which ensures control of the integrity of the document (file) and authentication of the person who signed the document (file).
As a result, the protected document (file) turns into an encrypted file containing, if necessary, an EDS. The digital signature, depending on the organization of the information processing process, can also be represented by a file separate from the signed document. Further, this file can be output to a floppy disk or other medium, for delivery by courier, or sent by any available e-mail, for example, via the Internet.
Accordingly, upon receipt of an encrypted file by e-mail or on a particular medium, the cryptographic protection actions performed are performed in the reverse order (decryption, verification of imitate insertion, verification of digital signature).
The following certified tools can be used to perform autonomous work with CIPF:
text editor "Lexicon-Verba", implemented on the basis of CIPF "Verba-O" and CIPF "Verba";
CIPF software complex "Autonomous Workplace" implemented on the basis of CIPF "Verba" and "Verba-O" for Windows 95/98/NT;
cryptographic disk driver PTS "DiskGuard".
Protected word processor "Lexicon-Verba".
The Lexicon-Verba system is a full-featured text editor with support for document encryption and electronic digital signature. To protect documents, it uses the Verba and Verba-O cryptographic systems. The uniqueness of this product lies in the fact that the functions of encryption and text signing are simply included in the functions of a modern text editor. Encryption and signing of the document in this case turns from special processes into simply standard actions when working with a document.
At the same time, the Lexicon-Verba system looks like a regular text editor. Text formatting options include full customization of document fonts and paragraphs; tables and lists; footers, footnotes, sidebars; the use of styles and many other features of a text editor that meets modern requirements. "Lexicon-Verba" allows you to create and edit documents in Lexicon, RTF, MS Word 6/95/97, MS Write formats.
Autonomous workplace.
The CIPF "Autonomous Workplace" is implemented on the basis of the CIPF "Verba" and "Verba-O" for Windows 95/98/NT and allows the user to perform the following functions in interactive mode:
encryption / decryption of files on keys; encryption / decryption of files with a password; affixing/removal/verification of electronic digital signatures (EDS) under files;
checking encrypted files;
EDS affixing + encryption (in one action) of files; decryption + removal of EDS (in one action) under files;
hash file calculation.
CIPF "Autonomous Workplace" is advisable to use for the daily work of employees who need to provide:
transfer of confidential information in electronic form by courier or courier;
sending confidential information over a public network, including the Internet;
protection against unauthorized access to confidential information on personal computers of employees.
Valery Konyavsky
Scientific supervisor of VNIIPVTI,
scientific consultant OKB SAPR
Any operation on a random number will give a random number. A random sequence added to the plaintext will give a random cryptotext. The better the gamma quality, the less chance of deciphering the cryptotext. If the gamma is truly random, then the cryptotext cannot be decrypted.
Vernam cipher
Means of cryptographic information protection (CIPF) can be divided into means of encryption and means of electronic signature (SES).
It was not very convenient and rather expensive to transmit the range in the form of huge rolls of punched tape. Therefore, sometimes there were problems with its reuse and, consequently, with leaks of important information.
In order not to transmit reels of punched tape through expensive channels, they came up with ways to generate a long gamut from a random but short key. At that time, it was easier to transmit a short random key than a long one.
Certified CIPF
With the advent of modern storage media, the situation has changed dramatically, and now there is no problem to produce and transmit gigabytes of gamma - if only the DFS was good. Software pseudo-random sequence generators (PSP) can be used here only out of desperation that there is no good physical generator.
Cryptographic standards define sequences of operations that make it possible to obtain securely encrypted plaintext based on a good key. At the same time, the keys must still be made on good sensors.
The regulator sets the rules, testing laboratories check whether the requirements for operations, keys and the absence of influence on these processes by other processes are met - this is how certified cryptographic information protection tools appear.
Encryption and electronic signature
Gamma must have the following properties:
- be truly random, that is, formed by physical, analog, and not digital processes;
- match the size of the specified plaintext or exceed it;
- applied to each message only once, and then discarded.
Such a cipher is called a Vernam cipher, and it is the only cipher that has absolute cryptographic strength. There is no need to prove its strength now, as K. Shannon did it back in 1945. The large length of the gamma, its formation on the basis of physical processes and guaranteed destruction - these are the conditions for the strength of the cipher.
Encryption is necessary to ensure that only those who can access the information have access. EP is used to fix the will of a person. And if the CIPF must correctly perform cryptographic transformations in a verified environment, then this is not enough for an electronic signature. All measures must be taken to ensure that free will of a person. FZ-63 is aimed at this, which is why one of its most important requirements is the requirement for the correct visualization of the document that the person signs. Thus, in contrast to the CIPF, for qualified SES, checks of visualization tools are added. Of course, all necessary checks of cryptographic algorithms are also performed.
Analyzing one or another ES scheme, the question is usually raised as follows: "Is it possible to quickly pick up two different (meaningful) messages that will have the same ES." The answer here is usually negative. If a good hash function is used, for which no efficient collision mechanism has been found, such an attack is almost always doomed to failure. Mikhail Gruntovich (see p. 48) put the question differently: "Is it possible, having two messages, to choose the signature keys so that the ES match?". And it turned out to be extremely easy to do!
Gruntovich attack
We will consider the specific conditions for the implementation of this attack (in a very simplified version) using the example of a signature according to the ElGamal scheme. The belief in the stability of this scheme is based on the (hypothetical) complexity of the discrete logarithm problem, but it is not the problem of discrete mathematics that is being attacked here.
CIPF must be hardware. They must contain a physical RNG of the required quality and ensure the non-extraction of not only the signature key, but also other cryptographic elements that affect the strength of the algorithms.
Let us introduce the following notation:
- H is a cryptographic hash function;
Zn is a set of numbers (0,1, …, n - 1), n is a natural number;
a (mod p) is the remainder of dividing an integer a by a natural number p.
For the ElGamal signature generation scheme:
- a prime number p of sufficient capacity is fixed and g is a primitive element mod p;
- the private key of the signature is any number x from Zp.
Calculation of the message signature m:
- the hash code h = H(m) is calculated;
- a random number k is chosen coprime with p - 1: 1< k < p - 1;
- r = g k (mod p) is computed;
- s = k -1 (h - xr) (mod p - 1) is calculated;
- the signature is the pair c = (r, s).
Now let's look at what an attacker needs to do to implement an attack. It should generate hash codes:
- h 1 \u003d H (m 1), h 2 \u003d H (m 2)
and matching signatures with the same random number k:
- s = k -1 (h 1 - x 1 r)(mod p - 1) and
s \u003d k -1 (h 2 - x 2 r) (mod p - 1).
And this means that:
h 1 - x 1 r (mod p - 1) = h 2 - x 2 r (mod p - 1).
Some features that you should pay attention to when using SKZI.
1. If the documentation for the CIPF indicates in which OS it can be used, then it is necessary to use it in this system. Otherwise, even if the CIPF works, you will still have to conduct research on the correctness of embedding the known CIPF into the new environment. This is not difficult (relatively) for hardware CIPF, but quite difficult for software.
2. If the hardware cryptographic information protection system does not have a verified DSC and there are no proven self-testing tools (otherwise it cannot be in cryptographic information protection tools made on universal smart card microcircuits), then pay attention to the documents on embedding and operation. Since entropy must be added from somewhere, and testing must be carried out, it may turn out that this CIPF can be used autonomously for a very short time, for example, two or three days. This is not always convenient.
3. If you are offered any token and they say that it is certified according to the KS2 class and above, do not believe it. Most likely, there is a requirement in the documentation to use this token in an environment protected by an electronic lock. Without this, the class will not be higher than CC1.
As you can see, when choosing keys x 1 and x 2 such that the above condition is satisfied, the signatures match, despite the fact that the signed messages are different! Note that to compute x 2 from a known x 1, the computations required are minimal compared to the subexponential discrete logarithm problem.
However, not everything is so scary. The fact is that the obtained results do not in any way discredit the cryptographic strength of EP. They show the potential for vulnerability misapplication EP mechanisms.
This example clearly demonstrates the vulnerabilities that arise when the CIPF is implemented incorrectly. The described attack is possible if the user knows his signature key and can find out a random number.
There is a radical way to deal with attacks of this kind - for this you just need to have a device in which:
- a signing key is generated;
- the signature verification key is calculated;
- the public key is exported, including for certification in a certification authority;
- the signature key is used to generate ES only inside the device, its export is impossible! More recently, such devices have been referred to as non-removable key devices;
- the random number never appears in the computer environment, it is generated and destroyed after being applied inside the device.
From here it is clear that the more reliable option is the EPS and CIPF, made in the form of equipment. In this case, the sufficient quality of the RNG and the reliability of the storage of the signature key can be ensured.
Encryption
Now let's return to encryption and talk about when and why it should be used by both individuals and legal entities.
First, let's single out the main types of encryption, and these are subscriber and channel. As follows from the names, in the case of subscriber encryption, the subscriber first encrypts the information (file, document), and then transfers it to the channel in a closed form. With channel encryption, the channel itself is protected by cryptographic methods, and the subscriber does not have to worry about encrypting information before it is transmitted over the channel. If the channel is a point-to-point link, then channel scramblers are used. If the channel is not wires, but an active structure like the Internet, then not everything needs to be encrypted, but only data. Addresses cannot be distorted, otherwise the packets simply will not get to the addressee. This is where virtual private networks (VPNs) come into play. The most well-known protocols are IPsec and SSL. Almost all VPNs on the market implement one of these protocols.
VPN
In order to consciously choose one or another tool, you need to understand how they differ and what difficulties you will encounter during the operation of these tools. Here are the minimum things to keep in mind:
- cryptographic protection of channels should be used if there is a threat that the data you transmit is so interesting to the intruder that he will join the channel and begin to "listen" to your entire exchange. Of course, you need to start protecting channels after the internal network is reliably protected, since an insider is usually cheaper than an attack on a channel; 1 both protocols - these protocols are designed for interaction not with clients, but with networks, so they are difficult to configure. Thus, network security controls are critical and should be selected first;
- in the TCP/IP protocol stack, IPsec operates at the IP layer, while SSL operates at the TCP layer. That is, if IPsec provides protection rather at the system level, then SSL - at the application level. Since IPsec functions much "lower", it thereby "encapsulates" a much larger number of protocols in the protection area than SSL, which, of course, is better;
- When operating a VPN, your primary concern is key management. Keys need to be issued in a timely manner, changed - in a word, they need to be managed. Each CIPF has its own key generation and management system. If you already have a key system in use, keep using it. Do not start a "zoo" - it is difficult to maintain even one system, and even several - an almost unbearable task;
- if your task is related to ensuring the activity of many informatization objects distributed in space, then use VPN. This applies only to those objects between which intensive information interaction is carried out by protected data, which may be of interest to the intruder so much that he is ready to "listen" to the channels. If everything is not so running, try limiting yourself to subscriber cryptographic information protection.
Subscriber CIPF
They are characterized not by algorithms (defined by standards), but by utilities that allow these CIPFs to be used, and by the conditions that must be met. It is desirable that the use of these tools was convenient.
And most importantly - remember the sufficiency of protective equipment. There is no need to use expensive CIPF where you can do without them.
And one more thing: there are CIPF and SEP that meet all the requirements that we discussed. Up to class KV2. I do not name them only so that the article does not become advertising.
Literature
- Konyavsky V.A. Computer crime. T. II. - M., 2008.
- Yashchenko V.V. Introduction to cryptography. New mathematical disciplines. - M., 2001.
Commenting...
Alexey, good afternoon!
In the response of the 8th Center, nothing is indicated about the need to use certified cryptographic information protection tools. But there are "Methodological recommendations ..." approved by the leadership of the 8th Center of the FSB of Russia dated March 31, 2015 No. 149/7/2/6-432, in which there is such a paragraph in the second part:
To ensure the security of personal data during their processing in ISPD, CIPF should be used that have passed the conformity assessment procedure in the prescribed manner. The list of CIPF certified by the FSB of Russia is published on the official website of the Center for Licensing, Certification and Protection of State Secrets of the FSB of Russia (www.clsz.fsb.ru). Additional information about specific information security tools is recommended to be obtained directly from the developers or manufacturers of these tools and, if necessary, from specialized organizations that have conducted case studies of these tools;
Why is this not a requirement to use certified CIPF?
There is an order of the FSB of Russia dated July 10, 2014 No. 378, in which subparagraph "d" of paragraph 5 states: "the use of information security tools that have passed the procedure for assessing compliance with the requirements of the legislation of the Russian Federation in the field of information security, in the case when the use of such tools is necessary to neutralize current threats."
A little confusing is this "when the use of such means is necessary to neutralize actual threats." But all this necessity should be described in the intruder model.
But in this case, again, in section 3 of the "Methodological recommendations ..." of 2015, it is indicated that "When using communication channels (lines) from which it is impossible to intercept the protected information transmitted over them and (or) in which it is impossible to carry out unauthorized actions to this information, in the general description of information systems, it is necessary to indicate:
- description of methods and means of protecting these channels from unauthorized access to them;
- conclusions based on the results of studies of the security of these communication channels (lines) from unauthorized access to the protected information transmitted through them by an organization entitled to conduct such studies, with reference to the document containing these conclusions.
I’m all this for what - yes, there is no need to use cryptographic information protection always and everywhere while ensuring the security of processing personal data. But for this it is necessary to form a model of the violator, where all this is described and proved. You wrote about two cases when you need to use them. But the fact that in order to ensure the security of processing PD over open communication channels, or if the processing of these PD goes beyond the boundaries of the controlled zone, you can use uncertified cryptographic information protection tools - it's not so simple. And it may happen that it is easier to use certified cryptographic information protection tools and comply with all requirements during their operation and storage than to use uncertified means and butt heads with the regulator, who, seeing such a situation, will try very hard to poke his nose.
unknown comments...The case when the use of such means is necessary to neutralize current threats: the requirement of the Order of the FSTEC of Russia No. 17 of February 11, 2013 (requirements for state and municipal ISPDs),
clause 11. To ensure the protection of information contained in the information system, information security tools are used that have passed conformity assessment in the form of mandatory certification for compliance with information security requirements in accordance with Article 5 of Federal Law No. 184-FZ of December 27, 2002 "On technical regulation".
Alexey Lukatsky comments...Proximo: FSB recommendations are illegitimate. Order 378 is legitimate, but must be considered in the context of all legislation, and it says that the specifics of conformity assessment are established by the Government or the President. Neither one nor the other such NPA did not release t
Alexey Lukatsky comments...Anton: in the state, the certification requirement is established by law, the 17th order simply repeats them. And we are talking about PDN
unknown comments...Alexey Lukatsky: No. FSB recommendations are illegitimate "How illegitimate? I'm talking about the document dated 05/19/2015 No. %40fsbResearchart.html), but not about the document dated February 21, 2008 No. 149/54-144.
Another specialist also previously made a request to the FSB on a similar topic, and he was told that the "Methodology ..." and "Recommendations ..." of the FSB of 2008 should not be used if you are talking about these documents. But again, these documents have not been officially canceled. And these documents are legitimate or not, I believe, will be decided by the inspectors from the FSB already in place during the inspection.
The law says that you need to protect PD. By-laws from the Government, the FSB, the FSTEC determine exactly how they need to be protected. The NPA from the FSB says: "Use certified. If you do not want certified, prove that you can use it. And please, attach a conclusion to this from a company that has a license to issue such conclusions." Something like this...
Alexey Lukatsky comments...1. Any recommendation is a recommendation, not a mandatory requirement.
2. The manual of 2015 has nothing to do with PD operators - it applies to states that write threat models for subordinate institutions (subject to clause 1).
3. The FSB does not have the right to conduct checks on commercial operators of PD, and for governments, the issue of using uncertified cryptographic information protection is not worth it - they are required to use certified solutions, regardless of the presence of PD - these are the requirements of FZ-149.
4. Bylaws say how to protect and that's okay. But they cannot determine the form of assessment of remedies - this can only be done by the NPA of the Government or the President. FSB is not authorized to do this
According to Regulation 1119:
4. The choice of information security tools for the personal data protection system is carried out by the operator in accordance with the regulatory legal acts adopted by the Federal Security Service of the Russian Federation and the Federal Service for Technical and Export Control pursuant to Part 4 of Article 19 of the Federal Law "On Personal Data".
13.y. The use of information security tools that have passed the procedure for assessing compliance with the requirements of the legislation of the Russian Federation in the field of information security, in the case when the use of such tools is necessary to neutralize current threats.
How to justify the non-relevance of the threat when transmitting PD through the channels of the telecom operator?
Those. if not SKZI, then apparently
- terminal access and thin clients, but at the same time data of the information security system of the terminal
access must be certified.
- protection of channels by the telecom operator, responsibility on the telecom operator (provider).
Irrelevance is determined by the operator and he does not need anyone for this
The use of cryptographic means of protection (CIPF) is a very ambiguous and slippery topic. However, the PD Operator has such a right, in the event of actual threats, to apply CIPF to ensure protection. But it is not always clear how to use this right. And now the FSB makes life easier, a document of methodological recommendations applicable both to state IS and to all other PD Operators has been released. Let's take a closer look at this document.
And so, it happened, the 8th Center of the FSB posted describing recommendations in the field of development of regulatory legal acts for the protection of PD. At the same time, the same document is recommended to be used by ISPD operators when developing particular threat models.
So what does the FSB think about how and where to apply CIPF?
It is important enough that this document is published only on the FSB website,has no registrationin the Ministry of Justice andbears no signatureAnd- that is, its legal significance and binding stays within the guidelines. It's important to remember this.
Let's look inside, the preamble of the document defines that recommendations "for federal executive authorities ... other state bodies ... that ... adopt regulatory legal acts that define threats to the security of personal data that are relevant when processing personal data in personal data information systems (hereinafter referred to as ISPD) operated in the implementation of relevant activities". Those. explicit reference is made to state information systems.
However, at the same time, these same norms “it is also advisable to be guided by the development private threat models operators of information systems of personal data who have made a decision on the use of funds cryptographic information protection(hereinafter referred to as CIPF) to ensure the security of personal data”. Those. the document in this case becomes universal for all users.
When is it necessary to use SKZI?
The use of CIPF to ensure the security of personal data is necessary in the following cases:
- if personal data is subject to cryptographic protection in accordance with the legislation of the Russian Federation;
- if there are threats in the information system that can only be neutralized with the help of CIPF.
- transfer of personal data over communication channels that are not protected from interception by the offender of the information transmitted through them or from unauthorized influences on this information (for example, when transferring personal data over public information and telecommunication networks);
- storage of personal data on information carriers, unauthorized access to which by the violator cannot be excluded using non-cryptographic methods and methods.
And that's where we come. If the second point is also quite logical, then the first one is not so obvious. The fact is that, according to the current version of the law "On Personal Data" name, surname and patronymic are already personal data. Accordingly, any correspondence or registration on the site (taking into account how much data is currently required during registration) formally falls under this definition.
But, as they say, there are no rules without exceptions. There are two tables at the end of the document. Here is just one line Apps #1.
Current threat:
1.1. carrying out an attack while within the controlled zone.
Reason for absence (the list is slightly shortened):
- employees who are users of ISPD, but who are not users of CIPF, are informed about the rules of work in ISPD and responsibility for non-compliance with the rules for ensuring information security;
- CIPF users are informed about the rules for working in ISPD, the rules for working with CIPF and responsibility for non-compliance with the rules for ensuring information security;
- the premises in which the cryptographic information protection system is located are equipped with entrance doors with locks, ensuring that the doors of the premises are permanently locked and opened only for authorized passage;
- approved the rules for access to the premises where the CIPF is located, during working and non-working hours, as well as in emergency situations;
- a list of persons entitled to access to the premises where the CIPF is located was approved;
- differentiation and control of user access to protected resources;
- registration and accounting of user actions with PD;
on workstations and servers on which CIPF is installed:
certified means of protecting information from unauthorized access are used;- certified anti-virus protection tools are used.
That is, if users are informed about the rules and responsibilities, and protective measures are applied, then it turns out that there is nothing to worry about.
- to ensure the security of personal data during their processing in ISPD, cryptographic information protection tools that have passed the conformity assessment procedure in the prescribed manner should be used.
True, it says a little lower that a list of certified cryptographic information protection tools can be found on the website of the TsLSZ FSB. The fact that conformity assessment is not certification has been said repeatedly.
- in the absence of CIPF conformity assessment procedures that have passed in accordance with the established procedure ... at the stage of a preliminary design or draft (sketch-technical) project, the information system developer with the participation of the operator (authorized person) and the proposed CIPF developer prepares a justification for the expediency of developing a new type of CIPF and determines the requirements for its functional properties.
It really pleases. The fact is that certification the process is very long - up to six months or more. Often, customers use the latest operating systems that are not supported by the certified version. According to this document, customers can use products that are in the process of certification.
The document states that:
When using communication channels (lines) from which it is impossible to intercept the protected information transmitted through them and (or) in which it is impossible to carry out unauthorized actions on this information, in the general description of information systems, it is necessary to indicate:
- description of methods and means of protecting these channels from unauthorized access to them;
- conclusions based on the results of studies of the security of these communication channels (lines) from unauthorized access to protected information transmitted through them by an organization entitled to conduct such studies, with reference to the document containing these conclusions.
The requirements for information security in the design of information systems indicate the features that characterize the means of information protection used. They are defined by various acts of regulators in the field of information security, in particular - the FSTEC and the FSB of Russia. What security classes there are, types and types of protection tools, as well as where to learn more about this, is reflected in the article.
Introduction
Today, the issues of ensuring information security are the subject of close attention, since technologies being introduced everywhere without information security are becoming a source of new serious problems.
The FSB of Russia reports on the seriousness of the situation: the amount of damage caused by cybercriminals over several years around the world ranged from $300 billion to $1 trillion. According to the information provided by the Prosecutor General of the Russian Federation, in the first half of 2017 alone, the number of crimes in the field of high technologies in Russia increased six times, the total amount of damage exceeded $ 18 million. An increase in targeted attacks in the industrial sector in 2017 was noted around the world . In particular, in Russia, the increase in the number of attacks compared to 2016 was 22%.
Information technologies began to be used as a weapon for military-political, terrorist purposes, to interfere in the internal affairs of sovereign states, as well as to commit other crimes. The Russian Federation stands for the creation of an international information security system.
On the territory of the Russian Federation, information owners and operators of information systems are required to block attempts of unauthorized access to information, as well as monitor the state of security of the IT infrastructure on an ongoing basis. At the same time, information protection is ensured through the adoption of various measures, including technical ones.
Information security tools, or information security tools, provide information protection in information systems, which in essence are a combination of information stored in databases, information technologies that ensure its processing, and technical means.
Modern information systems are characterized by the use of various hardware and software platforms, the territorial distribution of components, as well as interaction with open data transmission networks.
How to protect information in such conditions? Relevant requirements are made by authorized bodies, in particular, the FSTEC and the FSB of Russia. Within the framework of the article, we will try to reflect the main approaches to the classification of information security facilities, taking into account the requirements of these regulators. Other ways of describing the classification of information security facilities, reflected in the regulatory documents of Russian departments, as well as foreign organizations and agencies, are beyond the scope of this article and are not considered further.
The article may be useful to beginners in the field of information security as a source of structured information on the methods of classifying information security information based on the requirements of the FSTEC of Russia (to a greater extent) and, briefly, the FSB of Russia.
The structure that determines the procedure and coordinates the actions of providing non-cryptographic methods of information security is the FSTEC of Russia (formerly the State Technical Commission under the President of the Russian Federation, the State Technical Commission).
If the reader had to see the State Register of certified information security tools, which is formed by the FSTEC of Russia, then he certainly paid attention to the presence in the descriptive part of the purpose of the information security facility of such phrases as “class RD SVT”, “level of absence of NDV”, etc. (Figure 1) .
Figure 1. A fragment of the register of certified information security facilities
Classification of cryptographic means of information protection
The FSB of Russia defines the following classes of cryptographic information security tools: KS1, KS2, KS3, KB and KA.
The main features of the SZI class KS1 include their ability to withstand attacks carried out from outside the controlled zone. This implies that the creation of attack methods, their preparation and implementation is carried out without the participation of specialists in the development and analysis of cryptographic information security facilities. It is assumed that information about the system in which these information security tools are used can be obtained from open sources.
If a cryptographic IPS can withstand attacks blocked by means of class CS1, as well as carried out within a controlled zone, then such IPS corresponds to class CS2. At the same time, it is assumed, for example, that during the preparation of an attack, information about physical measures for protecting information systems, providing a controlled zone, etc., could become available.
If it is possible to resist attacks in the presence of physical access to computer equipment with installed cryptographic information security tools, they say that such tools correspond to the CS3 class.
If a cryptographic information security facility resists attacks, the creation of which involved specialists in the development and analysis of these tools, including research centers, it was possible to conduct laboratory studies of protection tools, then we are talking about compliance with the KV class.
If specialists in the field of using NDV of system software were involved in the development of attack methods, the corresponding design documentation was available and there was access to any hardware components of cryptographic information security facilities, then protection against such attacks can be provided by means of the KA class.
Classification of electronic signature protection means
Electronic signature means, depending on the ability to resist attacks, are usually compared with the following classes: KS1, KS2, KS3, KB1, KB2 and KA1. This classification is similar to the one discussed above in relation to cryptographic IPS.
conclusions
The article considered some methods of classifying information security in Russia, which are based on the regulatory framework of regulators in the field of information protection. The considered classification options are not exhaustive. Nevertheless, we hope that the presented summary information will allow a novice specialist in the field of information security to quickly navigate.
