Basic principles for creating a system for minimizing information risks at a large enterprise.

Апр 27, 2024
osnovnie principi sozdaniya sistemi minimizacii informaci e1715004880222

Basic principles of creating a system for minimizing information risks in a large enterprise

 

 

BASIC PRINCIPLES
CREATION OF A MINIMIZATION SYSTEM
INFORMATION RISKS
AT A LARGE ENTERPRISE

Introduction

In a market economy, commercial enterprises constantly operate under conditions of risk. This means that at any given time there are non-zero probabilities of the occurrence of events undesirable for commercial enterprises related to their direct activities. These events can be very diverse in content, for example, non-repayment of loans by borrowers, changes in interest rates, failure of automated systems, etc.

Therefore, minimizing unforeseen losses when undesirable events occur is an urgent problem for any commercial enterprise.

Analysis of well-known domestic and foreign literature shows that it is possible to reduce the risks of a commercial enterprise by ensuring its physical and information security.

At the same time, the physical security of a commercial enterprise is understood as a state in which the maximum level of protection of the enterprise’s facilities, resources and personnel from possible physical influences is ensured, and the information securityis a state that ensures the maximum level of protection of a commercial enterprise from leakage or destruction of vital information, the use of biased information in its daily activities, the dissemination of unprofitable or dangerous information in the external environment, as well as getting to the management of the enterprise false confidential information.

Thus, the information security of a commercial enterprise will be ensured if minimal information risks are ensured, namely: leakage and destruction of information necessary for the operation of the enterprise, the use of biased information in daily activities, the lack of information from the management of the enterprise necessary to make the right decision (including confidential), as well as the dissemination by someone in the external environment of information that is unfavorable or dangerous for the activities of the enterprise.

At the same time, one of the most important goals of the enterprise will be achieved — minimizing commercial risks associated with the operations carried out by this enterprise.

To solve this problem, from the point of view of a systematic approach, it is advisable to develop and implement aminimization system at a commercial enterprise information risks, which is an interconnected set of bodies, means, methods and measures that ensure minimization of the risks of leakage and destruction of information necessary for the functioning of the enterprise, the use of biased information in everyday activities, the lack of information (including confidential) from the management of the enterprise necessary for making the right decision, and also the dissemination by someone in the external environment of information that is unprofitable or dangerous for the activities of the enterprise.

Justification of the structure of the information risk minimization system

As noted earlier, the main information risks of any commercial enterprise, including a large commercial enterprise, are:

  • the risk of leakage and destruction of information necessary for the operation of the enterprise;
  • the risk of using biased information in the enterprise’s activities information;
  • the risk of the enterprise management not having the necessary (including confidential) information to make the right decision;
  • the risk of someone disseminating in the external environment information that is unfavorable or dangerous for the enterprise .

An analysis of the above risks shows that they are associated with confidential information (the risk of leakage and destruction of information, the risk of the enterprise management not having the necessary information) and, mainly, ordinary information (the risk of using biased information in the enterprise’s activities, the risk of someone distributing unprofitable or dangerous information). At the same time, the risk of leakage and destruction is associated with the enterprise’s own confidential information, and the risk of absence is associated with the necessary confidential information of other commercial structures and enterprises. Therefore, eliminating these risks in the activities of the enterprise requires solving certain specific tasks in relation to each of them, which do not overlap, because have different sources of this information.

Since the risk of using biased information in the daily activities of a commercial enterprise is associated mainly with the quality of the process of its collection and is manageable, the risk of someone distributing information that is unprofitable or dangerous for the enterprise can be caused by a fairly large complex of external and internal reasons, for example, the leakage of some confidential information. information from a commercial enterprise, the target setting and the tasks currently being solved by competing enterprises, etc. Obviously, most of the reasons can be eliminated by ensuring the protection of confidential information in a commercial enterprise, as well as by collecting and providing the management of a commercial enterprise with the necessary confidential information about plans competing enterprises, about the tasks they are solving at a given time, etc. Another part of the poorly taken into account reasons, for example, personal hostility towards the head of a commercial enterprise, deterioration of commercial relations between enterprises, can lead to the appearance in the media of unfavorable, and in some cases, dangerous information for the enterprise. Therefore, in order to eliminate or at least reduce the risk of dissemination of this information on the part of competing enterprises, it is necessary to proactively disseminate some true information, and in some cases, misinformation.

Thus, eliminating the above information risks of a commercial enterprise requires the solution of complexes of tasks that are different in purpose and content. Therefore, the information risk minimization system should include the following subsystems:

  • information security subsystem;
  • information delivery subsystem;
  • information research subsystem;
  • information collection subsystem;
  • control subsystem designed to manage subsystems within the system.

The main tasks solved by the control subsystem are:

  • analysis of the current state of subsystems based on information received from subsystems:
  • development, based on information available and received from the management of a commercial enterprise, of control actions aimed at solving the global and local problems facing the enterprise;
  • bringing the appropriate control actions to the subsystems;
  • monitoring changes in the current state subsystems when implementing control actions and, if necessary, issuing corrective control actions.

Figure 1 shows the connection between the information risks of a commercial enterprise and the subsystems that make up the information risk minimization system.

Fig. 1.

 

 Information security subsystem

The main tasks solved by the information security subsystem are:

  • identifying information to be protected;
  • identifying sources that have, possess or contain this information;
  • identifying ways of unauthorized access to this information;
  • development and implementation of organizational and technical measures to protect confidential information.

Information of a commercial enterprise can be of the following four levels of importance:

  1. vital, i.e. e. information, the leakage or destruction of which threatens the very existence of the enterprise;
  2. important, i.e. information, the leakage or destruction of which leads to large costs;
  3. useful, i.e. information, the leakage or destruction of which causes some damage, but the enterprise can function quite effectively even after that;
  4. insignificant, i.e. information, the leakage or destruction of which does not cause damage to the enterprise and does not affect the process of its functioning.

It is obvious that information of the first three levels of importance must be protected, and the degree of protection should, in general, be determined by the level of importance of the information. This is mainly due to the fact that the degree of protection is directly related to the cost of its implementation, therefore, in general, it is not economically feasible to protect information with expensive security measures if its leakage or destruction leads to insignificant damage.

Information of the first three levels, as a rule, refers to a trade secret and is determined by the head of the enterprise in accordance with the Decree of the Government of the Russian Federation of December 5, 1991 No. 35 “On the list of information that cannot constitute a trade secret.”

The procedure for identifying information constituting a trade secret and identifying sources that possess, possess or contain this information should be as follows.

The order for a commercial enterprise obliges heads of structural divisions to carry out work to identify specific information that constitutes a trade secret in their areas of work, persons authorized to have access to this information, as well as carriers of this information.

The result of this work should be a “List of information constituting a commercial secret of the enterprise” approved by the head of the enterprise, indicating such information for each of the structural divisions; persons who are carriers of this information; documents containing this information, as well as other (technical) media for this information, if any.

When identifying information that constitutes a trade secret, it is necessary to take into account that each structural unit of a commercial enterprise is characterized by a certain selection of partners, clients, etc. and is not interested in showing, for example, competing enterprises, its information portrait, since this display may lead to disruption of the stability of the division’s functioning and weakening of its competitiveness. Therefore, information of this nature should also be classified as a trade secret.

After identifying information that constitutes a trade secret and identifying sources that have, possess or contain this information, methods of unauthorized access to this information are identified by selecting methods from the set of main methods of unauthorized access to sources of confidential information shown in Fig. 2.

 osnovnie principi sozdaniya sistemi minimizacii informaci 2

Fig.2.

Appendix 1 presents the content of the main methods of unauthorized access to confidential information, taken into account when creating an information security subsystem, and provides data on the ratio of methods of unauthorized access, based on materials in the foreign press.

Knowledge of methods of unauthorized access to confidential information allows carry out the correct development and implementation of organizational and technical measures to protect this information.

From what has been discussed, it follows that the main channels for the leakage of confidential information are employees of a commercial organization, documents and technical means of processing and transmitting information.

As evidenced by foreign and domestic experience, despite the increasingly widespread introduction of new information into the practice of commercial enterprises technologies, the main source of leakage of confidential information is the employees of these enterprises.

Here it is appropriate to cite the statement of Italian psychologists that of all employees of any company: 25% are honest people, 25% are waiting for an opportunity to divulge secrets, and 50% will act depending on the circumstances. Obviously, in our country these figures are unlikely to differ for the better, because there are no political or economic reasons for this. Therefore, in relation to such a situation, it is necessary to understand that it is practically impossible to create conditions at a commercial enterprise that completely exclude unauthorized access to this source of confidential information; one can only significantly reduce its role among other sources of leakage of confidential information. To this end, the enterprise needs to solve the following tasks:

  • create a legal basis for ensuring the protection of information by implementing:
    • introducing additions to the enterprise Charter that give the enterprise management the right to:
      • create organizational structures for the protection of trade secrets;
      • issue regulatory and administrative documents governing the procedure for determining information constituting a trade secret and mechanisms for its protection;
      • include requirements for the protection of trade secrets in contracts for all types of business activities;
      • demand protection interests of the enterprise before government and judicial authorities;
      • dispose of information that is the property of the enterprise in order to obtain benefits and prevent economic damage to the enterprise;
    • additions to the “Collective Agreement”, if it is developed at the enterprise, with provisions establishing the responsibilities of the administration and employees of the enterprise related to the development and implementation of measures to determine and protect trade secrets, compliance with the requirements for the protection of trade secrets at the enterprise, and the involvement of violators of the requirements for the protection of trade secrets to administrative or criminal liability in accordance with current legislation, instructing persons hired on the rules for maintaining trade secrets with a written obligation to not disclose them, removing from work related to trade secrets persons who violate the established requirements for its protection;
    • adding the “Employment contract” with requirements for the protection of trade secrets, if the contract is concluded in writing; when concluding an agreement orally, informing the person with whom the employment contract is concluded of internal regulations, including requirements for the protection of trade secrets;
    • introducing to each employee of the enterprise the “List of information constituting a commercial secret of the enterprise” insofar as it concerns;
  • create favorable internal conditions in the enterprise for maintaining trade secrets by implementing:
    • identifying and dismissing people waiting for an opportunity to disclose trade secrets (according to Italian psychologists, the proportion of such people in almost any company is about 25% of the total number of employees of the company). For this purpose, data from the enterprise’s personnel body, the results of studying employees, open and secret control over their activities, etc. can be used;
    • identification and careful monitoring of the activities of employees who are dissatisfied with something or are constantly in need in the means of subsistence, working at any enterprise part-time or intending to go to work for another enterprise;
    • formation of a psychological climate at the enterprise and in its structural divisions, in which it would be convenient and profitable for the employees of the enterprise to comply with the requirements for the protection of trade secrets. For this purpose, for example, financial incentives can be used for employees who do not violate the requirements for the protection of trade secrets within a predetermined period;
    • organizing and implementing a system of continuous training of enterprise employees on the rules and procedures for working with confidential information and conducting negotiations. Employee training should involve not only the acquisition and systematic maintenance at a high level of skills in working with confidential information, but also their education in terms of deep conviction in the need to comply with the requirements for the protection of trade secrets;
    • conducting conversations with dismissals, the main purpose of which is to prevent the leakage of confidential information or its misuse. During the conversations, it should be especially emphasized that each resigning employee is obliged not to disclose trade secrets that have become known to him in the course of working at the enterprise, and this obligation must be supported by a signature on non-disclosure of confidential information known to the employee;
    • carrying out special checks office premises, the purpose of which is to identify electronic eavesdropping devices embedded in these premises. Special inspections should be carried out using special methods and include the following types of work:
      • special examination and inspection using technical means of the surface of walls, ceilings, floors, doors and window frames, as well as furniture, interior items, souvenirs, etc. To carry it out, the following equipment and technology is used: non-linear locator, portable X-ray complex, metal detector, void detector, electromagnetic field indicator, radio frequency meter, as well as auxiliary inspection equipment;
      • visual inspection and testing using technical means of existing electronic devices. The following are used: a portable X-ray complex, an electromagnetic field indicator, a radio frequency meter and a set of magnifiers;
      • visual inspection and testing using technical means of wire lines (electrical network, subscriber telephone network, clock system, fire and security alarm systems, etc.). To carry out this type of work, wire line monitoring equipment, an electromagnetic field indicator and a radio frequency meter are used;
      • radio control (radio monitoring) of premises. This type of work is carried out using hardware and software control systems or conventional scanner receivers. Spectrum analyzers are used to analyze the structure of signals. To prevent eavesdropping during a particularly important event (meetings, negotiations, meeting, etc.), it is advisable to carry out radio monitoring of the premises allocated for this purpose before and during this event, as well as setting up targeted and noise interference using special means during conducting an event;
    • collecting and correctly responding to information about attempts at various contacts with enterprise employees aimed at obtaining confidential information.

The next most important source of confidential information leakage is various kinds of documents. Here it is necessary to take into account that the fairly rapid development of information technology has led to the emergence of new types of document information media: computer printouts, magnetic storage media, etc. At the same time, the importance in commercial activities of traditional types of paper documents: contracts, letters, analytical reviews, etc. practically does not decrease.

The emergence of new carriers of document information has led not only to the emergence of new difficulties in solving the problem of ensuring the protection of confidential information from unauthorized access to its contents, but also to new opportunities to ensureguaranteedprotection of this information. We are talking here primarily about storing particularly important document information on magnetic media in a form converted using cryptographic transformations.

Therefore, to exclude unauthorized access to this source of confidential information, both traditional and non-traditional methods can be used, and namely:

  • security of premises and offices, as well as effective entry control over access to them;
  • careful selection of employees to work in the office management system;
  • implementation of a clear organization of the office work system, defining the functions of ensuring the security of confidential information when working with documents and technical media and methods of performing functions when documenting information, recording documents, organizing document flow, ensuring reliable storage of documents and their timely destruction, as well as checking the availability of documents and monitoring timeliness and the correctness of their execution;
  • development and implementation of documents regulating all user actions when working with various documents containing confidential information and technical media;
  • storage of confidential document information on magnetic media and in PC memory in a form converted using cryptographic transformations. For this purpose, the Russian data encryption standard GOST 28147 — 89, as well as other cryptographic transformations, can be used quite effectively.

Technical means of processing and transmitting informationare also the main source of leakage of confidential information. This is due to the fact that in the activities of commercial enterprises, along with traditionally used means of processing and transmitting information, for example, radio and wire telephone communications, telex and telefax communications, new computer information technologies are increasingly used, including automated workstations, local and global computer networks.

It should be noted that, regardless of the purpose of the means for processing and transmitting information and the tasks solved by this means, unauthorized access to information is possible as a result of an attacker performing the following actions:

  • eavesdropping on information transmitted over wired telephone lines using pre-installed telephone bookmarks;
  • remotely capturing confidential information from technical means of processing and transmitting information (usually from a PC) using pre-installed hardware bookmarks;
  • passive reception of signals transmitted in computer networks, stray electromagnetic radiation and interference generated by various means of processing and transmitting information;
  • copying (theft) of confidential information stored in the memory of a PC.

To ensure the protection of confidential information in these conditions, it is necessary to do the following:

  • introduce into practice special checks of PCs for the purpose identifying and eliminating hardware jams, as well as periodically conducting special checks of telephone sets, telephone sockets and telephone lines of a commercial enterprise in order to identify and eliminate telephone jams;
  • provide cryptographic protection of telephone channels through which confidential information can be transmitted or may be transmitted, for example, telephone channels between the head of a commercial enterprise and heads of structural divisions;
  • ensure cryptographic protection of computer network communication channels through which confidential information is exchanged information;
  • protect computer network objects from unauthorized access to stored confidential information;
  • neutralize stray electromagnetic radiation and interference using special technical solutions and technical means of active protection.

Appendix 2 discusses the basic principles of cryptographic conversion of analog and digital telephone messages, presents data from a comparative assessment of the American federal encryption standard DES and the Russian standard GOST 28147-89, as well as the main characteristics of the means of providing cryptographic protection of telephone messages available on the Russian market.

Appendix 3 discusses the basic principles of protecting computer networks from unauthorized access to stored and transmitted information, new algorithms for cryptographic transformation of messages transmitted over computer networks, and the generation of an electronic signature code for these messages.

Information output subsystem

Information output subsystemis intended for the targeted release of information to the external environment that creates favorable conditions for the effective functioning of a commercial enterprise.

This information includes two components: information released to the external environment in order to increase demand for the services or products offered, as well as information released to the external environment in order to create a certain level of awareness necessary for a commercial enterprise.

It is obvious that information released to the external environment in order to increase demand for the services and products offered should include advertising of products or services offered, public relations, etc., and its issuance should be handled by the advertising department or a unit that performs tasks similar to the advertising department.

Information released to the external environment in order to create a certain level of awareness necessary for a commercial enterprise must be formed as a result of an analysis of the environment and the adoption of certain decisions by the management of a commercial enterprise.

For this purpose, the following activities must be carried out:

  • identified information about a commercial enterprise, which, as a result of dissemination in the external environment, would contribute to the creation of favorable conditions for solving current and future problems facing the enterprise;
  • an analysis was carried out of the degree of correspondence of this information to the information about a commercial enterprise currently available in the external environment;
  • information necessary for issuance to the external environment was identified and the procedure for its issuance was determined.

Examples of such information are information that helps create the image of a strong security service of a commercial enterprise, for example, information about the use of the latest tools for cryptographic protection of data in PC memory, providing guaranteed durability, which can prevent attempts to copy and steal this data, and even misinformation.

Information collection subsystem

The task of the information collection subsystem is to provide the management of a commercial enterprise with objective information at the right time, allowing you to make the right decisions.

Analysis of the general tasks facing a commercial enterprise shows that the initial collection of information should be carried out in the following areas with the formation of appropriate databases:

  • current and potential competitors;
  • customer requests, distribution channels for products and services;
  • production and use of products and services;
  • laws, new legislation and regulations, affecting the interests of a commercial enterprise,
  • financial and material resources necessary for the normal operation of the enterprise;
  • general trends in the political, economic, social and demographic fields;
  • other factors influencing the activities of the enterprise.

The main sources of information necessary for the formation of databases are:

  • clients, clients’ partners, their leading specialists and other employees;
  • suppliers of various equipment to a commercial enterprise in accordance with their areas of activity, for example, suppliers of automation systems and equipment, security alarm systems and equipment, etc.;
  • partners;
  • advertising agents, representatives of public relations enterprises, mailing companies, etc.;
  • sales agents of various firms and enterprises;
  • consultants and experts engaged by a commercial enterprise for solving various problems;
  • local, national and international press;
  • special publications and various databases (data banks);
  • exhibitions and conferences;
  • regulatory documents.

It seems possible to combine these sources, taking into account their characteristics, into the following groups:

  • general publications, special publications and databases (banks) of data;
  • clients, clients’ partners (including leading specialists and other employees) , equipment suppliers, partners and sales agents;
  • advertising agents, representatives of public relations companies, mailing companies, consultants and experts, regulatory documents;
  • exhibitions and conferences.

As practice shows, these groups of sources make it possible to obtain the necessary information in the following ratio:

  • the first group — about 30-40% of the necessary information;
  • the second group — about 30-40% of the necessary information;
  • third group — about 10-15% of the necessary information;
  • fourth group — about 4-5% of the necessary information.

Thus, These sources of information allow you to obtain from 74 to 100% of the information necessary for making the right decisions.

Note that access to the first group of sources is the easiest and cheapest. Therefore, consideration of any new issue must begin with an analysis of periodicals covering the area of ​​interest, if there are no special publications devoted to this issue. Often this approach is the best when obtaining information of interest, names and addresses of organizations.

All employees of a commercial enterprise who, due to their official duties, may come into contact with representatives of third-party organizations should participate in obtaining information from the second group of sources. As a rule, the information received from these sources allows you to fill out databases in the following ratio: 60% of the information relates to the “competitors-market-resources” databases, 15% — “technologies”, 15% — “regulatory documents” (laws, legislative and regulations); 10% — “development trends”.

Information from the third group of sources allows, basically, to fill out databases of regulatory documents and development trends.

Information from the fourth group of sources is small compared to information received from other groups of sources, but it is the most accurate. Therefore, extracting the greatest information benefit from visiting exhibitions and participating in conferences involves carrying out certain preparatory work, for example, studying catalogs, issues related to the subject of the exhibition, etc.

An analysis of the problems solved by the information collection subsystem shows that the main part of these problems can be solved by the marketing department of a commercial enterprise with the involvement of relevant specialists from this enterprise, as well as outside experts.

Information research subsystem

Information research subsystem is designed to solve the following tasks:

  • determining the information necessary for the management of a commercial enterprise to make effective fundamental decisions to expand (conquer) markets for their goods and services in various conditions of the current situation;
  • collecting, analyzing and providing this information to the management of the enterprise.

The objects of interest of this system in the general case are:

  • various types of activities of enterprises and organizations:
    • production and production activities;
    • scientific activities;
    • trade and financial activities;
    • intermediary activities;
    • other activities;
  • products and services:
    • discoveries and inventions;
    • manufacturing technology;
    • industrial designs;
    • technical projects and reports;
    • know-how, etc.;
  • information:
    • about finances and prices;
    • about resources;
    • about suppliers and clients, etc.

Obtaining information about various types of activities of enterprises and organizations, their products and services offered, finances and prices, resources, suppliers and clients, etc. is carried out from the sources of this information.

Analysis of the available data allows us to establish with some degree of generalization that the main sources of such information are:

  • employees of enterprises and organizations;
  • documents, received and sent by an enterprise or organization, as well as stored at an enterprise or organization;
  • technical means of processing and transmitting information, as well as various communication lines;
  • products of enterprises and organizations;
  • industrial and production waste.

Obviously, that, based on the tasks being solved by a particular enterprise or organization, it is always possible to select the most significant ones from this set of sources.

The main ways to access these sources of information about various types of activities of enterprises and organizations, their products and services offered, finances and prices, resources, suppliers and clients, etc. are the following:

  • initiative cooperation;
  • inclination to cooperate;
  • finding out (interviewing);
  • eavesdropping;
  • secret familiarization with information and documents;
  • theft;
  • copying;
  • interception;
  • visual surveillance;
  • photography.

Appendix 4 shows the content of these methods and the procedure for implementing some of them.

Regardless of the specific features of the confidential information being obtained, access to it should be carried out by sequentially performing the following actions:

  • a clear understanding of the content, volume, features, etc. information that should be obtained as a result of ongoing activities;
  • identifying sources of information of interest and ranking them according to the degree of completeness of possession, possession or content of this information;
  • assessment of possible ways to access sources of information of interest and selection of the most effective of them under existing economic, technical, etc. conditions. restrictions;
  • implementation of selected methods of access to sources of information of interest with the possibility of their subsequent correction.

It should be noted that the high level of technology development in various fields of technology has led to the fact that the bulk of confidential information can now be obtained using modern electronic intelligence equipment, as well as special software.

This is due to the fact that that with the help of such means it is possible to access such sources of confidential information as employees of enterprises and organizations, documents stored in computer memory and displayed on monitor screens, technical means of processing and transmitting information.

The main most common technical means intended for unauthorized acquisition of confidential information, according to experts, are a variety of electronic eavesdropping devices or so-called bookmarks. Appendix 5 shows some characteristics and features of such electronic devices.

The procedure for using electronic eavesdropping devices in the premises of interest depends significantly on the possibilities of access to these premises and the range of these devices available. Therefore, the most typical cases of using electronic eavesdropping devices (bookmarks) that may occur in practice are discussed below.

1. Stage of construction and reconstruction of the facility.

The stage of construction or reconstruction of the facility is the most favorable for installing bookmarks, since there is practically free and uncontrolled access to the premises, its lighting, alarm systems, communications, etc. .

During this period, quite complex devices can be installed, including remote-controlled ones, using complex signals and cryptographic transformation of information for transmission. These are, as a rule, network bookmarks, radio bookmarks, powered from an alternating current network or from a telephone line, i.e. bookmarks with unlimited validity. They are installed in hard-to-reach places and are well camouflaged.

During the construction period, long-term radio stethoscopes can be built into the walls of the building. The accelerometer-type sensors used in the radio stethoscope perceive vibrations that occur during indoor conversations in the frequency range from 100 Hz to 10 kHz. The information transmission range is about 500 m, and the service life is 10 years.

2. The stage of daily activity of an enterprise when access to the premises is not controlled.

In this case, acoustic bookmarks can be installed in the interiors of premises, everyday items, radio equipment, power outlets and electrical appliances, technical communications equipment and their connecting lines, etc.

It is most advisable to install bookmarks when carrying out preventive work on power supply, communication and alarm systems, as well as cleaning premises. At the same time, installing a network plug instead of a regular outlet takes several minutes, and replacing a regular extension cord with a similar device takes a few seconds.

During this period, telephone bookmarks can also be installed in the telephone body, handset, telephone socket, as well as directly in the telephone line path. At the same time, replacing a conventional microphone capsule with a similar one, but with a telephone bookmark installed in it, takes no more than 10 seconds.

3. The stage of daily business operations when access to the premises is controlled, but visitors can be present for a short time.

This is typical for offices, reception areas or rest rooms of management personnel.

In this case, it is most advisable to install bookmarks directly in the interior of the room, for example, under an armchair or table, under a window sill, behind a curtain, or to use bookmarks camouflaged as a crumpled pack of cigarettes or a piece of cardboard that can be thrown into the trash can. In addition, bookmarks can be installed by replacing objects that are permanently located in a given room with similar ones, but equipped with bookmarks.

4. The stage of daily activity of the enterprise, when access to the premises is impossible, but access to neighboring premises is not excluded.

In this case, to access information, it is advisable to use radio stethoscopes, which allow obtaining the information of interest by collecting acoustic signals from room walls, external window glass, pipes of heating and water supply systems.

In addition, telephone bookmarks can be installed in the telephone line path to the distribution box, located, as a rule, on the same floor as the room where the controlled telephone set is installed, or in the telephone line path from the distribution box to the building distribution panel, usually located on the first floor or basement.

To access information processed in a PC, without direct connection to the PC, special systems can be used that allow the restoration of information displayed on the monitor screen as a result of analysis and appropriate processing of intercepted side electromagnetic radiation. Such systems include systems 4625-COM-INT, RK-6630, which have relatively small dimensions and weight (for example, the 4625-COM-INT system has dimensions of 25x53x35 cm and weight — 18 kg), but quite large capabilities.

 

Appendix 1

Content of the main methods of unauthorized access
to confidential information taken into account when creating an
information security subsystem

Initiative cooperationmanifests itself in certain actions of persons who are dissatisfied with something or are in dire need of a means of subsistence from among those, as a rule, working in a commercial enterprise, working somewhere part-time or intending to go to work for another enterprise. The fundamental possibility of the existence of such a method of unauthorized access to sources of confidential information is evidenced by the well-known statement of Italian psychologists that of all employees of any company, 25% are honest people, 25% of people are waiting for an opportunity to disclose secrets, and 50% of people will act depending on depending on the circumstances.

Inclination to cooperate— This is, as a rule, a violent action on the part of attackers. Inducement to cooperation (recruitment) can be carried out through bribery, intimidation and blackmail. Very close to inclination to cooperate is luring knowledgeable specialists of an enterprise to the side of a competing enterprise in order to acquire their knowledge.

Investigation (interviewing) is the desire to obtain certain information under the guise of naive questions . Experience shows that such information can most effectively and secretly be obtained through the immediate circle of the managers of a commercial enterprise (secretaries, assistants, drivers, close friends, etc.).

Eavesdropping— a method of unauthorized access to confidential information, based on the use of specially trained agents, informants and special eavesdropping techniques. Eavesdropping is one of the most common ways to obtain confidential information, because… when eavesdropping, human speech is directly perceived with its features, coloring, intonation, and a certain emotional load, which is often no less important than the content of the speech itself, and the eavesdropped conversations themselves are perceived in real time and, to a certain extent, can allow the attacker to make certain decisions in a timely manner .

The following eavesdropping methods can currently be used most effectively:

  • eavesdropping on conversations in a room or car using pre-installed acoustic bookmarks and portable sound recording devices;
  • eavesdropping on conversations indoors using laser eavesdropping systems;
  • eavesdropping on telephone conversations carried out over wired communication lines using pre-installed telephone bookmarks;
  • remotely capturing confidential information from technical means of processing and transmission information (usually from a PC) using pre-installed hardware bookmarks.

Secret familiarization with information and documents— this is a way of obtaining confidential information to which the subject is not authorized, but under certain conditions he can gain access to all or part of this information. The main reason for tacit familiarization with information and documents is, as a rule, a low level of discipline at the enterprise, leaving documents containing trade secrets on desktops and in unlocked drawers, leaving information in the PC's RAM after completion of work, uncontrolled storage of floppy disks with confidential information and so on. actions. Secret familiarization also includes the inspection of postal items of a commercial enterprise and personal correspondence.

Theft— This is a method of deliberate unlawful acquisition of other people's documents and information. As a rule, the theft of documents and information is conditioned by certain conditions that are convenient for this. The materials presented in one of the textbooks for students of the Faculty of Law of Moscow State University present the following data, which are of interest when assessing theft as a method of unauthorized access to confidential information: 10% of people never steal, because it is not compatible with their morals; 10% of people steal at every opportunity, under any circumstances; 80% of people are generally honest, except when there is a temptation to steal. At the same time, available materials indicate that theft can be carried out at almost any level in the hierarchy of officials of a commercial enterprise

Copying is a method of unauthorized access to confidential information by reproducing or repeating the original . Analysis of the practice of criminal actions indicates that documents, technical media, as well as personal computer data containing confidential information of interest to the attacker are copied.

Interceptionis a method of obtaining confidential information by passively receiving signals transmitted through communication channels of various physical natures, spurious electromagnetic radiation and interference generated by various means of processing and transmitting information.

Data on the ratio of methods of unauthorized access

№№  

Unauthorized access method   

Percentage
1   Initiative cooperation, inclination to cooperate, scouting   43
2   Eavesdropping on telephone conversations   5
3   Theft of documents   10
4   Theft of information stored on a PC   13
5   Information interception   24
6   Other methods   5

 

Appendix 2

Cryptographic protection of telephone messages

The most effective way to protect telephone messages from unauthorized access is their cryptographic transformation.

Indeed, in order to hide the semantic content of a transmitted telephone message from attackers, this message must be modified in a certain way. At the same time, change it so that restoration of the original message by an authorized subscriber would be very simple, and restoration of the message by an attacker would be impossible or would require significant time and material costs, which would make the recovery process itself ineffective.

It is precisely these properties that cryptographic transformations have, the task of which is to provide mathematical methods for such protection of transmitted confidential telephone messages, in which even if they are intercepted by attackers and processed by any means using the fastest supercomputers and the latest achievements of science and technology, the semantic content of the messages must be disclosed only for a given time, for example, for several decades.

General principles of cryptographic transformation of telephone messages

Consider the general principles of cryptographic conversion of telephone messages (see Fig. 1).

osnovnie principi sozdaniya sistemi minimizacii informaci 3

We will call the original telephone message, which is transmitted over a radio or wire channel, an open message and denote itX(t). This message enters the cryptographic conversion (encryption) device, where an encrypted messageY is generated (t)using the following dependence

Y(t) = Fk[ X(t)],

where Fk[.] is the cryptographic conversion;
k is the cryptographic conversion key,

Here, by cryptographic transformation key we mean a certain parameter k, which is used to select a specific cryptographic transformation Fk[.]. Obviously, the greater the power of the used set of cryptographic transformation keys K, the greater the number of cryptographic transformations that a telephone message X(t) can be subjected to, and, consequently, the greater the uncertainty for the attacker in determining the currently used cryptographic transformation Fk[.].

Generally speaking, when encrypting a message X(t) such cryptographic transformations should be used in which the degree of its protection would be determined only by the power of the set of keys of the cryptographic transformationK.

Encrypted message Y(t)transmitted over a wired communication channel. At the receiving side, this message is decrypted in order to recover the open message using the following dependency

X(t) = Zk[Y(t)] = Zk{Fk[X(t )]},

where — Zk[.] is the inverse of Fk[.] transformation.

Thus, the presence of identical keys k and cryptographic transformations Fk[.], Zk[.] allows subscribers to carry out encrypting and decrypting telephone messages.

Obviously, in order to determine methods for cryptographic transformation of telephone messages, it is necessary to have an understanding of the processes that underlie their formation.

A telephone message is transmitted using electrical signals, which are formed from acoustic signals by converting these acoustic signals into electrical signals by the telephone microphone, processing the electrical signals and amplifying them to the required level. On the receiving side in the telephone apparatus, the electrical signals are processed and converted into acoustic signals using the telephone .

Any acoustic signal A(t) is characterized by duration and amplitude-frequency spectrum S(f), i.e. The acoustic signal A(t) can be represented equivalently in both the time and frequency domains.

Note that the human ear can perceive an acoustic signal in the range of 15 Hz to 20 kHz, although there may be some individual differences. However, in order to maintain the recognition of the subscriber’s voice by timbre, purity and good intelligibility of sounds, it is absolutely not necessary to transmit an acoustic signal in this frequency range. As practice has shown, for this it is enough to use the frequency range from 300 Hz to 3400 Hz. This is exactly the frequency bandwidth that standard telephone channels all over the world have.

Based on the time and frequency representations of the acoustic signal A(t), and, consequently, an open telephone message X(t), in practice cryptographic transformations can be used that are applied to the message itself X(t) or to its amplitude-frequency spectrum S(f).

All cryptographic transformations, from the point of view of strength, can be divided into two groups.

The first group consists of computationally strong and provably strong cryptographic transformations, and the second group consists of unconditionally strong cryptographic transformations.

Computationally resistant and provably resistant include cryptographic transformations, the strength of which is determined by the computational complexity of solving some complex problem. The main difference between these cryptographic transformations is that in the first case there is reason to believe that the strength is equivalent to the difficulty of solving the difficult problem, while in the second case the strength is known to be at least greater. In this case, in the second case, proof must be provided that revealing the transmitted encrypted message Y(t) is equivalent to solving a complex problem.

An example of computationally strong cryptographic transformations are complex cryptographic transformations composed of a large number of elementary operations and simple cryptographic transformations in such a way that an attacker can decipher an intercepted messageY(t)there is nothing else left to do but to apply the method of total testing of possible cryptographic transformation keys, or, as they also call it, the brute force method. With the help of such cryptographic transformations, it seems possible to ensure guaranteed protection of the transmitted message X(t) from unauthorized access.

It seems possible to include among computationally stable cryptographic transformations such simple cryptographic transformations, when used by an attacker to gain unauthorized access to the message X(t) only need to use certain algorithms for processing the message Y(t) strong>. These cryptographic transformations can provide only temporary strength.

Unconditionally strong ones include cryptographic transformations, the strength of which does not depend on either the computing power or the time that an attacker may have. That is, such cryptographic transformations that have the property of not providing an attacker, when intercepting a message Y(t), with additional information regarding the transmitted telephone message X(t).

Note that unconditionally strong cryptographic transformations are very difficult to implement and therefore they are not used in real telephone communication systems.

Cryptographic transformation of analog telephone messages

The simplest and most common way of cryptographic conversion of analog telephone messages is to split the messages X(t) into parts and issue these parts in a certain order to the communication channel.

This method is as follows. The duration of the message X(t) (see Fig. 2) is divided into certain time intervals of equal duration T. Each such time interval is further divided into smaller time intervals of durationtau. In this case, for the value T/tau, as a rule, the condition n = T/tau = m…10m is satisfied, where m is some integer, m<10. Parts of the message X(t) at time intervals ( are recorded in a storage device, “mixed” with each other in accordance with the rule determined by the cryptographic transformation key k, and in the form of a signal Y(t)are issued into the communication channel. On the receiving side of the communication channel, where the mixing rule is known, because there is exactly the same cryptographic transformation key k, the open message X(t) is “assembled” from the message Y(t).

osnovnie principi sozdaniya sistemi minimizacii informaci 4

The advantages of this cryptographic transformation method include its comparative simplicity and the ability to transmit an encrypted telephone message over standard telephone channels. However, this method provides only temporary stability. This is due to the following. Since the open telephone message X(t) is continuous, then the attacker, after recording the message Y(t) and selecting intervals of duration tau(the latter is quite easy to do, since there is a synchronizing signal in the communication channel), it becomes possible in principle to decrypt the message Y(t) even without knowing the key used k. For this purpose, it seems possible to select intervals in such a way as to ensure the continuity of the received message at the junctions of these intervals. Obviously, with careful and painstaking work using special equipment, it is possible to quickly ensure such continuity, thereby highlighting the open message X(t).

Therefore, such a cryptographic transformation of open telephone messages It is advisable to apply only in cases where the information is not of particular value or when its value is lost after a relatively short period of time.

Higher protection against unauthorized access can be provided if the considered principle is applied to the frequency spectrum of the message X(t). For this purpose, the telephone channel bandwidthFis divided using a system of bandpass filters intonfrequency bands of widthdf, which are mixed in accordance with some rule, determined by the cryptographic transformation keyk. Frequency bands are mixed at a rateVcycles per second, i.e. one permutation of stripes lasts 1/Vs, after which it is replaced by the next one.

To increase protection against unauthorized access, after mixing the frequency bands, the frequency spectrum of the messageY(t)can be inverted.

Figure 3 illustrates the method considered. The upper part of Fig. 3 shows the frequency spectrum of the message X(t), and the lower part shows the spectrum of the message Y(t) during one of the mixing cycles at n = 5.

osnovnie principi sozdaniya sistemi minimizacii informaci 5

The considered method allows for higher protection of telephone messages from unauthorized access compared to the previous method, i.e. To. to restore an open message X(t)in this case, the attacker needs to have additional data on the relative frequencies of sounds and their combinations in spoken speech, the frequency spectra of voiced and voiceless sounds, as well as the formant structure of sounds. Table 1 shows data on the relative frequencies of appearance of some sounds and the boundaries of the formant regions of Russian speech sounds, which can be used by an attacker when restoring intercepted telephone messages.

Table 1. Data on relative frequencies the appearance of some sounds and the boundaries of formant areas

Sound   Relative frequency of occurrence    1st formant region, Hz   2nd formant region, Hz
Vowel
a   0.079   1100 — 1400  
and   0.089   2800 — 4200  
about   0.11   400 — 800  
y   0.026   200 — 600  
s   0.022   200 — 600   1500 — 2300
e   0.002   600 — 1000   1600 — 2500
Consonant
з   0.016   0 — 600   4200 — 8600
w   0.008   200 — 600   1350 — 6300
l   0.04   200 — 500   700 — 1100
m   0.031   0 — 400   1600 — 1850
n   0.069   0 — 400   1500 — 3400
р   0.05   200 — 1500  
c   0.054   4200 — 8600  
f   0.001   7000 — 12000  
х   0.012   400 — 1200  
w   0.008   1200 — 6300  

It is obvious that the highest protection of telephone messages from unauthorized access can be achieved by combining the considered methods. In this case, temporary rearrangements will destroy the semantic structure, and frequency shifts will mix up vowel sounds.

Devices that implement the considered methods are called scramblers. In this regard, the series of scramblers is of particular interest, for which the SCR-M1.2 scrambler was used as the base. These scramblers implement the considered methods of cryptographic transformation of analog telephone messages and are quite widely used in various government and commercial structures. Table 2 shows the main characteristics of some scramblers of this series.

Table 2. Main characteristics of scramblers created on the basis of the SCR-M1.2 scrambler

Scrambler   Operating mode Subscriber identification Entering a session key Power of multiple keys Dimensions, mm Weight, kg Power
SCR-M1.2   Duplex communication Provided for Open key distribution method   2E18 180x270x 40 1.5 220 V 50 Hz
SCR-M1.2mini   Duplex communication Provided for Open key distribution method   2E18 112x200x 30 0.8 From a 9-15 V AC adapter or battery pack
SCR-M1.2multi   Duplex communication Can be provided at the request of the customer   Open key distribution method   2E18 220 V 50 Hz

It should be noted that the methods considered, in principle, cannot provide guaranteed protection of analog telephone messages from unauthorized access, therefore it is advisable to use scramblers when the message is not of particular value.

To ensure guaranteed protection of transmitted telephone messages, means must be used that implement fundamentally different methods of cryptographic transformation of these messages. Such a tool is, for example, the IRIS telephone message protection tool, in which the conversion of an analog telephone message is carried out by superimposing on this message some implementation of noise generated by a special generator. Since the number of noise implementations used is 1E8, and the implementations themselves are selected randomly and used once, this eliminates the possibility for an attacker to determine the semantic content of the transmitted message over a fairly large period of time (about 1 year).

Cryptographic conversion of digital telephone messages

In practice, to convert a telephone message X(t)into digital form on the transmitting side and restoring the messageX(t)on the receiving side, speech codecs are used that implement one of two ways to encode telephone messages: form and parameters.

The basis of digital telephony is currently encoding the form of messages, encoding message parameters, or, as they call it, vocoder communication is used much less frequently. This is due to the fact that waveform coding allows you to preserve the individual characteristics of the human voice, satisfying the requirements not only for intelligibility, but also for the naturalness of speech.

When coding the waveform, pulse-code modulation (PCM), differential PCM, delta modulation.

We will briefly consider the principles of implementation of PCM, differential PCM and delta modulation.

PCM is based on sampling, quantization of samples and encoding of the quantization level number (see Fig. 4).

osnovnie principi sozdaniya sistemi minimizacii informaci 6

Telephone message X(t) with duration T , which has a frequency-limited fm spectrum, after filtering is converted into a sequence of narrow pulses X(l) = X(ldt), l =1,N, where N = T/dt,dt = 1/2fmamplitude modulated. Received instantaneous values ​​X(l), l=1, Nis quantized in magnitude using a uniform, non-uniform, or adaptively variable quantization scale. The quantized values ​​of samples Xkv(l), l=1,N, using an encoder, are converted into codewords characterized by the number of binary symbols that are issued into the communication channel.

On the receiving side using a decoder, code words are converted into sample valuesXkv(l), l=1,N, from which the message X(t) is reconstructed using a low-pass filter.

Differential PCM and delta modulation differ from PCM in that they use nonlinear tracking of the transmitted telephone message .

At the same time, differential PCM differs from simple PCM in that it is not the telephone message samples themselves that are subject to quantization X(l), l=1,N, but the difference between the corresponding sample X(l) and the result of the prediction Xpr(l), generated at the output of the predictor. In this case, code words containing codes of this difference and its sign (polarity) are issued into the communication channel. And finally, delta modulation differs from simple PCM in that only sign (polarity) codes are issued into the communication channel in the form of a sequence of pulses, the temporal position of which allows the transmitted telephone message to be restored on the receiving sideX(t), for example, using an integrator.

It should be noted that differential PCM is the most preferable when generating digital messages. This is mainly due to the fact that the use of differential PCM makes it possible to reduce the length of codewords, because Only information about the sign and magnitude of the increment is transmitted. In addition, the use of differential PCM eliminates the slope overload encountered with linear delta modulation.

Taking into account the patterns of functioning of the peripheral organs of speech formation and transformation led to the creation of synthetic or vocoder telephony systems. In such systems, data about the deformations of the speaker’s peripheral vocal apparatus is transmitted over a telephone channel. The receiving device in such systems is a model of the human vocal apparatus, the parameters of which change in accordance with the received data. At the same time, the number of parameters characterizing the vocal apparatus is relatively small (10…20) and the rate of their change is comparable to the speed of pronunciation of phonemes. In Russian speech, the number of phonemes is taken to be 42 and they represent the equivalent of various sounds that exclude each other.

The vocoder communication system functions as follows. In the transmitting part of the system, the telephone message X(t) is analyzed, coming from the microphone, in order to isolate the values ​​of the parameters that describe the excitation signal, as well as characterize the resonant structure of the vocal tract. Parameter values ​​are in digital code and are transmitted over a communication channel. At the receiving side, the message X(t) is synthesized using the accepted parameter values.

Thus, both when using waveform encoding using PCM, differential PCM and delta modulation, and when encoding parameters, sequences of symbols are output into the communication channel.

Consequently, well-known and quite widely used in practice cryptographic transformations and algorithms can be applied to these sequences.

Currently, the most well-known cryptographic algorithms that provide guaranteed protection of transmitted messages from unauthorized access are the American data encryption standard DES (Data Encryption Standard), which is adopted as a US federal standard, and the Russian standard GOST-28147 — 89.

Encryption using the DES cryptographic algorithm is carried out as follows.

The original message, which is a sequence of characters, is divided into blocks of 64 characters each. Next, the following sequence of operations is performed in relation to each block.

1. A block denoted by L0R0, where L0 is a block representing one of the parts of the L0R0 block, consisting of 32 characters; R0 — a block that is another part of the L0R0 block, also consisting of 32 characters, is rearranged in accordance with a predetermined rule.

2. For each nth iteration, n = 1.16, the following sequence of operations is performed:

a) blockRn- 1is divided into 8 blocks of 4 symbols each;

b) these blocks are converted into 8 blocks of 6 symbols by adding the next symbols of the blockRn-1 to the left and right of the symbols of each block . So, for example, if the block consisted of the characters X0X1X2X3, then as a result of adding the indicated symbols to the left and right, the block will have the following form X31X0X1X2X3X4;

c) the symbols of the resulting 8 blocks are added according to mod2 with 48- th symbols of the cryptographic transformation key corresponding to the nth iteration and determined by the list of keys;

d) then 8 blocks are fed to the inputs of the corresponding 8 substitution blocks S[  j  ], j= 0.7, which convert 8 blocks of 6 characters each into 8 blocks of 4 characters each in accordance with a predetermined rule;

e) the resulting 32 symbols are switched in accordance with a predetermined rule ;

f) then the block Sn-1 is formed by adding mod2 the symbols obtained during operation e) with the symbols of the block Ln-1;

g) the characters of the block Rn-1 are writtenin place of the block Ln, and the symbols of the block Sn-1 — in place of the block Rn.

3 . The block L16R16 obtained after 16 iterations is subjected to a permutation, the inverse permutation performed during operation 1.

The result of operation 3 is an encrypted block consisting of 64 characters.

Note that the length of the input key of the cryptographic transformation is kis 56 characters. Since only 48 of 56 symbols are used at each iteration, each symbol of the input key is used many times.

The main disadvantages of the DES cryptographic algorithm, according to experts, are:

  • small length of the cryptographic transformation key used ;
  • small number of iterations;
  • complexity of practical implementation of the permutations used.

The development of the DES standard is the Russian encryption standard GOST — 28147 — 89, which was formed taking into account world experience, shortcomings and unrealized capabilities of the DES cryptographic algorithm. This standard is recommended for use to protect any data represented as binary sequences.

It should be noted that the GOST — 28147 — 89 cryptographic algorithm, like the DES cryptographic algorithm, is used for cryptographic transformation of messages previously divided into blocks of 64 characters each. The algorithm is quite complex, so its concept will mainly be presented.

The GOST — 28147 — 89 algorithm provides for the following operating modes: replacement, gamma and gamma with feedback. All of these modes use a 256-character cryptographic transformation key k.

Replacement mode is an iterative process (number of iterations is 32) that uses addition operations over mod2and mod2^32, permutation, substitution, and roll-shift applied to blocks of 32 characters, and combining two blocks of 32 characters each into a block of 64 characters.

Gamma mode performs a cryptographic transformation of a message by adding mod2 message characters with sequence (gamut) characters generated in accordance with a certain rule in blocks of 64 characters.

The gamma mode with feedback differs from the gamma mode in that the symbols of the next gamma block are formed taking into account the symbols of the previous encrypted block.

The GOST — 28147 — 89 algorithm also provides for the operation of generating a simulated insertion, which is the same for all modes cryptographic conversion. An impersonation insert is a binary sequence ofpcharacters that is designed to protect a message from impersonation. In this case, the valuepis selected based on the condition of ensuring the required level of imitation protection.

The imitator insert is transmitted over the communication channel after the encrypted message. At the receiving side, a simulated insert is generated from the received message and compared with the received one. If the imitations do not match, the received message is considered false.

Thus, the main difference between the GOST — 28147 — 89 cryptographic algorithm and the DES cryptographic algorithm is the length of the cryptographic transformation key usedk, which ensures higher strength of the cryptographic algorithm GOST — 28147 — 89.

Indeed, if an attacker uses a total testing of cryptographic transformation keys to reveal a transmitted telephone message, and the key k from the set of cryptographic transformation keys, the power of which is equal to K, is assigned with equal probability, then the probability P(T)the attacker's determination of the key in time T can be estimated using the following dependency

P(T) = TW/K,

where W is the number of times an attacker tries cryptographic conversion keys per unit of time.

In Table 3. As an illustration, the probability values ​​P(T) are given for the DES and GOST — 28147 — 89 algorithms at W = 1E9 1/s.

Table 3 .Probability valuesP(T) at W = 1E9 1/s.

T   DES   Algorithm GOST — 28147 — 89
1 year    0.44   2.72E — 61
2 years &nbsp ; 0.88   5.44E — 61
10 years &nbsp ; 1.0   2.72E — 60

From the analysis of the data given in Table 3, it follows that by specifying the required probability valueP, it is always possible to determine such time intervalTand a cryptographic transformation algorithm that will ensure the fulfillment of the specified requirement.

Thus, the advantages of using the above-mentioned algorithms for cryptographic transformation of digital telephone messages compared to methods for cryptographic transformation of analog telephone messages are obvious and consist mainly in the possibility of ensuring high security of transmitted messages. However, these advantages are achieved through the use of complex and expensive equipment and the refusal, in most cases, from the standard telephone channel.

Indeed, if PCM is used to transmit a telephone message, then to restore it at the receiving side it is necessary to receive at least 6800 instantaneous values ​​per second. Further, if 8-bit analog-to-digital and digital-to-analog converters are used to convert instantaneous values ​​into code, then the symbol transmission rate in the communication channel will be 54.4 kbit/s. Consequently, to ensure the transmission of a telephone message in this case, it is necessary to significantly increase the bandwidth of the communication channel. In addition, it is also necessary to create an encryptor (decryptor) that would carry out cryptographic transformation of the message at a speed of 54.4 kbit/s.

It should be noted here that without increasing the bandwidth of the communication channel, it seems possible to transmit only sequences of symbols in vocoder communication systems. However, in this case, although the speech retains acceptable intelligibility, it is often difficult to identify the subscriber by the timbre of his voice, because the voice is synthesized by a speech synthesizer and has a “metallic” tint.

Unfortunately, in the domestic market there are extremely few vocoder communication systems guaranteed to be protected from unauthorized access to transmitted telephone messages. And all of them, as a rule, are characterized by low syllabic intelligibility and difficulty in identifying the subscriber by voice timbre. An example of such a system is the “Voice coder — 2400” system, in which, together with the GOST — 28147 — 89 cryptographic algorithm, a rather “old” algorithm for encoding telephone message parameters LPC — 10 is used.

Among the systems that stand out in a positive way, it seems possible to note the domestic system SKR — 511, which is at the final stage of development, which is designed to ensure the confidentiality of telephone conversations when working on intracity and intercity communication lines. The system is housed in the body of a Panasonic KX-T2355/2365 telephone and implements the most modern CELP algorithm for encoding telephone message parameters, which allows for high quality speech. To protect against unauthorized access to transmitted messages, the GOST — 28147 — 89 cryptographic algorithm is used.   The system is powered from a 220 V 50/60 Hz network or DC voltage 9 — 12 V. In this case, the electrical power consumption does not exceed 5 W.

 

Appendix 3

Protection of computer networks

Computer networks (CN) generally include various types of computers, data networks, communication subsystems, communication devices, and network interfaces (see Fig. 1). The large number of different components, resources and objects of the aircraft creates a very attractive environment for various types of intrusions and unauthorized actions.

osnovnie principi sozdaniya sistemi minimizacii informaci 7

Aircraft protection is carried out in the following main areas:

  • protection of aircraft facilities;
  • protection of data transmission networks;
  • protection of databases;
  • protection of the aircraft control subsystem.

When protecting aircraft objects, a distinction is made between the protection of the objects themselves and the protection of a group of objects.

Protection of an aircraft object includes:

  • object identification;
  • authentication;
  • granting of authority.

To identify an object, in practice, some information is used that allows one to uniquely identify this object. This can be a number, a sequence of characters, or an algorithm. Moreover, if an object has some identifier registered on the network, it is called a legal object, otherwise the object is classified as illegal.

The user's work in the aircraft begins with the system requesting his name and identification number. In accordance with the user's answers, the VS identifies him. Note that object identification is one of the functions of the security system, which is performed first when an object attempts to enter the network. If the procedure completes successfully, then the object is considered legal for this network.

Next, the authenticity of the object is confirmed by requesting a password, as a result of which it is established that the supposed legal object really is who it claims to be.

It should be noted that the use of passwords is one of the ways to confirm authenticity. In practice, hardware elements at the user’s disposal (keys, magnetic cards, microcircuits, etc.) can also be used to confirm authenticity; characteristic personal characteristics of the user (fingerprints, retinal pattern, body size, voice timbre); characteristic techniques and features of user behavior in real time (features of dynamics, style of working on the keyboard, reading speed, ability to use manipulators, etc.); habits (for example, the use of specific computer blanks).

After identifying the object and confirming its authenticity, the scope of its activity and the available resources of the aircraft are established. This procedure is called granting authority.

The formal description of mechanisms for granting permissions is based on the concept of distinguishing subjects that are active components of the network, for example, users, processes, and objects that are passive components of the network to which network subjects can be admitted. Examples of objects include a file, a printing device, a central processing unit, a memory segment, or a database.

Subjects have different access rights to objects, for example, a user has the right to read a file, but not write it, execute a program, but not change it. In such cases, the user is said to have been granted permission to read the file, but not to have permission to write to the file. The set of all powers granted to the subject is called the scope of protection of the object.

The listed procedures relate to a separate object and therefore they can be classified as means of protecting the object itself.

An example of a software and hardware complex for protecting information from unauthorized access is the Accord-AMDZ complex, which implements the functions of identification, user authentication, access control, integrity of the software environment in various operating systems (MS DOS, Windows 95, Windows NT, OS/2, Unix).

Protecting a group of objects typically includes:

  • mutual authentication;
  • digital signature;
  • notification of delivery.

Mutual confirmation of the authenticity of objects is performed at the very beginning of a communication session in the process of establishing a connection between objects and is intended to provide a high degree of confidence that the connection has been established with a peer object. Note that within the framework of the armed forces, it is natural when network users want to verify the authenticity of each other.

The simplest way to mutually verify the authenticity of objects is to exchange passwords after identifying the objects. At the same time, in practice, more complex methods can be used, associated, for example, with the use of cryptographic systems, etc.

Once the connection is established, procedures are performed to allow:

  • the recipient to gain confidence in the truth of the data source and the data itself;
  • the sender to gain confidence in the delivery of the data to the recipient and in the truth of the delivered data .

When solving the first problem, the means of protection is, as a rule, a digital signature (electronic signature code). A digital signature (electronic signature code) is a string of characters that depends on both the sender's identifier and the content of the message. In this case, the formation of a digital signature (electronic signature code) must be carried out by the sender of a specific message, and authentication must be carried out only by the recipient of this message. And no one, not even the sender of the message, can change the sent message so that the content of the signature (signature code) remains unchanged.

Note that if such a security measure is used, then only the recipient has confidence in the security of the message transmission. In order to provide the same degree of assurance to the sender, the sender must obtain a receipt, i.e. notification of delivery. To achieve this goal, a digital signature (electronic signature code) of the confirming response message is used, which, in turn, is proof of the forwarding of the original message.

Data networks are one of the most vulnerable components of an aircraft. They contain a fairly large number of potentially dangerous places through which attackers can enter the aircraft. In this case, attackers can use both passive and active methods.

With passive intrusion, the attacker only controls the passage of messages along communication lines, without intruding on the content of the transmitted information. At the same time, he, as a rule, analyzes the transmitted information, the flow of transmitted messages, recording their destinations or only the fact of the passage of the message, its length and frequency of exchange, if the contents of the message are unrecognizable.

To counter passive intrusions in practice used:

  • protecting message contents by applying various cryptographic transformations;
  • preventing the possibility of analyzing the time of sending messages and the frequency of communication sessions.

During an active intrusion, the main task of the attacker is to replace the information transmitted to the aircraft by modifying true messages, as well as imposing false messages. Therefore, to counter active intrusions, protection against unauthorized or accidental modifications is used to ensure that the message contents are transmitted correctly.

Generally speaking, in practice, the functions of protecting message contents (ensuring confidentiality) and protecting messages from unauthorized or accidental modifications can be used as together and separately.

Protecting a message from unauthorized or accidental modifications is used in cases where the authenticity of the data is of utmost importance. Such protection is used, for example, when carrying out financial transactions. In practice, the following methods of ensuring the authenticity of a message are widely used:

  • adding an electronic signature code or an encrypted checksum to the message;
  • introducing digital signatures.

However, quite often when transmitting messages it is also necessary to guarantee their confidentiality. For this purpose, it is necessary to use together both cryptographic transformation of messages to ensure their confidentiality and an electronic signature code (digital signature). This is due to the fact that the use of only cryptographic transformation of messages is not always effective in protecting against their modification.

Protecting computer databases means protecting the data itself and its controlled use on working computers of the network.

Database protection typically includes:

  • protection of data content, excluding unauthorized disclosure of confidential data and information from the database;
  • access control, ensuring access to data only by authorized objects in accordance with strictly defined rules and conditions;
  • flow control protected data when transferred from one database segment to another, in which the data is moved along with the protection mechanisms inherent in this data;
  • Consistency control when using the database, ensuring the protection and integrity of individual data elements;
  • Preventing the creation of unauthorized information by using means to warn that an object is receiving (generating) information that exceeds the level of access rights.

The protection of the aircraft control subsystem usually means the protection of processes circulating in the aircraft.

Protection of the aircraft control subsystem includes:

  • ensuring the protection of network resources from the impact of unauthorized processes and unauthorized requests from authorized processes;
  • ensuring the integrity of resources in case of violation of the schedule and synchronization of processes on the network;
  • ensuring the protection of network resources from unauthorized control and copying or use (software protection);
  • providing protection during the interaction of unfriendly software systems (processes);
  • implementation of software systems that do not have memory;
  • protection of distributed computing.

Object identification

Traditionally, each user of an aircraft receives an identification number (identifier) ​​and a password. When starting to work on the terminal, the user provides his identification number (identifier) ​​to the system, which then prompts the user for a password.

Note that if someone without authority to log in to the system somehow learns the password and ID number of a legitimate user, they will gain access to the system. User identification numbers are very often not secret and are known to employees of the organization. As for passwords, there is a certain risk that some user will find out the password of another user and take advantage of it.

One simple way to identify another user’s password is for an attacker to use a program that replaces the standard prompt screen. In this case, the user, when using such a program, will give out a password to the attacker's program without even knowing it.

To protect against password compromise, the so-called rotating password scheme can be used. In this case, each time the user logs in, the user must use a different password from the password list.

A more complex scheme with changing passwords is based on some one-way function y=F(x) , which has with the following properties:

  • the value of the quantity y is easily calculable from the value of the quantity x;
  • the value of the quantity x is difficult to calculate from the known value of the quantity y.

When using this scheme, the user has a certain sequence of passwords

Fk-1(x), Fk-2(x), . . . , F(x), x,

where Fj(x)=F[Fj-1(x)];
k, j— some integers.

When logging into the system for the first time, the user enters the password Fk-1(x), which is converted in the system to the value Fk(x ) = F[Fk-1(x)]. After a positive result of comparing the value Fk(x) with that stored in the system, the user is allowed into the system. The next time the user logs in, the user must already enter the password Fk-2(x), etc.

Note that the scheme with changing passwords has a number of disadvantages, which are as follows:

  • the user must remember a long list of passwords, or keep it with him all the time, risking losing it;
  • in the event of an emergency errors when passing a password during the login process, the user does not know whether he should use the same password or move on to the next one.

Regardless of which scheme is used in practice, passwords should always be stored in converted form in a file accessible only to the network administrator. For this purpose, both cryptographic transformations and one-way functions can be used. For example, Bell Laboratories used the DES cryptographic transformation algorithm to protect its UNIX systems. In this case, the password was used as a key for cryptographic conversion of some constant.

Note that passwords should never be displayed on the console or appear in printouts. If possible, printing devices should be turned off when entering the password.

Password transmission in data networks must be carried out in a form converted using some cryptographic transformation.

In order to ensure guaranteed protection of the aircraft, it is necessary to correctly select the password, the frequency of its replacement and the time interval of use.

In this regard, it should be noted that by leaving the choice of password to the users, you can often find yourself in a situation where passwords are easily guessed, regardless of the time they were used. Therefore, the choice of passwords must be made either by the person responsible for providing security or by the computing system itself. For example, some operating systems, such as VAX/VMS 4.0, have special password generators. Therefore, when the user requires a new password, the generator gives him a series of passwords of a certain length from which the user can choose the one he needs. The passwords offered to choose from should be easy to remember, but it should be difficult for an attacker to guess them.

Passwords must be changed at certain intervals to prevent an attacker from guessing them. Moreover, the longer the password, the more difficult it is to guess and the more effective the system protection.

In practice, other methods of confirming the authenticity of a network object are often used. For example, the so-called “handshake” method, methods that use the individual characteristics of users — a personal signature, voice, fingerprints, as well as a method of confirming authenticity using identification cards.

The implementation of the “handshake” method is based on a certain function y=q(x), known only to the user and the system. This function is used as follows. If it is necessary to log into the system, the user receives a certain number x from it. Next, the user calculates the value of the function y=q(x), which is output to the system. Having received the valueyfrom the user, the system independently calculates the value of the function y based on the number x and compares it with the one received from the user. In this case, the user is allowed into the system if the comparison result is positive.

Obviously, using this method does not require the transfer of any confidential information between the user and the computing system. This is an undoubted advantage of the “handshake” method. However, to ensure a high level of security, the function y=q(x)must be complex enough so that an attacker, knowing a pair of numbers (x,y), would not be able to guess this function.

Authentication using identification cards is used, as a rule, in business sphere. The most famous example of such cards is a credit card.

Currently, the most common are so-called magnetic cards, which contain a user identification number, a cryptographic conversion key and some control data used in conjunction with a password confirming the user's authenticity. The cryptographic conversion key is used, for example, by the system's cache controller to cryptographically convert transaction messages to be sent to the bank's computer.

The use of magnetic cards is based on characters embossed on the card and information recorded on the magnetic stripe tracks. The existing international standard ISO 7811 specifies in detail all aspects of the use of magnetic cards (embossed characters and contents of magnetic stripe tracks). The main disadvantages of such cards are the fairly frequent failure of the magnetic stripe, which leads to the need to identify it only by the symbols embossed on it, and an insufficiently high level of protection against counterfeiting.

Smart cards or, as they are called, smart cards have higher protection against counterfeiting and higher reliability. Therefore, at present, a number of countries, for example, France, have almost completely abandoned magnetic cards and switched to smart cards.

The smart card is a rectangle measuring 85 by 54 mm and 0.76 mm thick. These card sizes, like all other parameters, are determined by the international standard ISO 7816. For example, magnetic cards, which are widespread in our country, are exactly the same size as smart cards. However, unlike magnetic cards that store information on a magnetic strip, a smart card has a special chip built into it. Smart cards can be used both for storing and processing information. Moreover, thanks to special built-in tools, smart cards provide a qualitatively new level of protection of data recorded in memory compared to magnetic cards.

Smart cards contain a microprocessor with a small amount of memory. In this case, memory consists of three parts:

  • a permanent storage device with elements of intelligence;
  • random access memory;
  • programmable read-only memory.

In turn, programmable read-only memory consists of two parts: unprotected and protected. The first part contains data to identify the user, and the second contains the cryptographic conversion keys.

Currently, smart cards with their own keyboard are being developed, which implement the entire authentication procedure. This procedure includes the following operations: the user gives the card his password, the card authenticates and confirms to the system cache controller that the user is the true owner of the card. In this case, neither the password nor any other identification data is transmitted to the cache memory controller.

 

Appendix 4

Contents of the main methods of access to information taken into account when creating the information research subsystem

Initiative cooperationmanifests itself in certain actions of persons who are dissatisfied with something or are in dire need of a means of subsistence from among those, as a rule, working in a commercial enterprise, working somewhere part-time or intending to go to work for another enterprise. These individuals either already possess confidential information or have the ability to obtain it without overcoming the physical and technical obstacles that must be overcome by individuals who do not work at this enterprise.

Inducement to cooperate is, as a rule, a violent action on the part of attackers. Inducement to cooperation (recruitment) can be carried out through bribery, intimidation and blackmail.

Bribery if you have money, is the most direct and very effective way to achieve your goals. Bribery is a rather complex process that includes economic intelligence in its purest form.

When carrying out bribery, the following sequence of operations is performed:

  • finding out the capabilities of a particular official of the enterprise in assisting in solving the problem of obtaining some confidential information;
  • establishing the financial situation of this official and his marital status, and also identifying habits, inclinations, weaknesses inherent in both himself and his family members;
  • collection of the necessary incriminating material on the authorized representatives of this official, because they are mainly intermediaries;
  • contacting with an official through proxies with an offer of a certain amount of money for a service performed.

Investigation (interviewing)— this is the desire to obtain certain information under the guise of naive questions. Experience shows that such information can most effectively and secretly be obtained through the immediate circle of the managers of a commercial enterprise (secretaries, assistants, drivers, close friends, etc.).

It seems possible to find out information through false employment . In this case, an application is written, documents necessary for hiring are completed, and during conversations it is established what a particular department does, what professions are of interest to the enterprise, what an employee of the enterprise should know and be able to do.

In order to obtain certain confidential information, false enterprises may be created that widely offer work to specialists from competing enterprises.

To find out information in this case, the following sequence of operations is performed:

  • identifying the circle of persons who may be a source of information of interest;
  • finding out the names of newspapers that receive the identified faces;
  • placing relevant advertisements in these newspapers, for example, such and such specialists are needed, the salary is at least 2-3 times higher than that received by the identified persons;
  • questioning the specialists who came (among whom there are also persons of interest) and conducting conversations with the “management” of the enterprise, during which the persons of interest, wanting to show themselves from the best side, often reveal trade secrets;
  • informing after some time these persons that they are not suitable for the job at this enterprise.

Eavesdropping— a method of unauthorized access to confidential information, based on the use of specially trained agents, informants and special eavesdropping techniques. Eavesdropping is one of the most common ways to obtain confidential information, because… when eavesdropping, human speech is directly perceived with its features, coloring, intonation, and a certain emotional load, which is often no less important than the content of the speech itself, and the eavesdropped conversations themselves are perceived in real time and, to a certain extent, can allow the attacker to make certain decisions in a timely manner .

The following methods of eavesdropping can currently be used most effectively:

  • eavesdropping on conversations in a room or car using pre-installed acoustic bookmarks and portable sound recording devices;
  • eavesdropping on conversations indoors using laser eavesdropping systems;
  • eavesdropping on telephone conversations carried out over wired communication lines using pre-installed telephone bookmarks;
  • remote recording of confidential information from technical means of processing and transmitting information (usually from a PC) using pre-installed hardware bookmarks.

Secret familiarization with information and documents— this is a way of obtaining confidential information to which the subject is not authorized, but under certain conditions he can gain access to all or part of this information. The main reason for tacit familiarization with information and documents is, as a rule, a low level of discipline at the enterprise, leaving documents containing trade secrets on desktops and in unlocked drawers, leaving information in the PC's RAM after completion of work, uncontrolled storage of floppy disks with confidential information and so on. actions. Secret familiarization also includes the inspection of postal items of a commercial enterprise and personal correspondence.

Theft— This is a method of deliberate unlawful acquisition of other people's documents and information. As a rule, the theft of documents and information is conditioned by certain conditions that are convenient for this. The materials presented in one of the textbooks for students of the Faculty of Law of Moscow State University present the following data, which are of interest when assessing theft as a method of unauthorized access to confidential information: 10% of people never steal, because it is not compatible with their morals; 10% of people steal at every opportunity, under any circumstances; 80% of people are generally honest, except when there is a temptation to steal. At the same time, available materials indicate that theft can be carried out at almost any level in the hierarchy of officials of a commercial enterprise

Copying— this is a method of unauthorized access to confidential information by reproducing or repeating the original. Analysis of the practice of criminal actions indicates that documents, technical media, as well as personal computer data containing confidential information of interest to the attacker are copied.

Interceptionis a method of obtaining confidential information by passively receiving signals transmitted through communication channels of various physical natures, spurious electromagnetic radiation and interference generated by various means of processing and transmitting information.

Visual surveillance— This is a way of conducting intelligence about the state and activities of competitors. As a result of observation, it is possible to obtain valuable information about the object of confidential interests. So, for example, knowing certain signs characteristic of the activity of a particular object, it is possible to detect or establish the preparation of certain organizational or production and commercial activities.

Photography is a method of obtaining a visible image objects of confidential interests on photographic material. The peculiarity of the method is documentation, which allows, when deciphering photographs by elements and unmasking features, to obtain very valuable, detailed information about the object of observation.

 

Appendix 5

Some characteristics and features of electronic devices for eavesdropping on information

Depending on the type of information perceived, it is possible to divide bookmarks into acoustic, telephone and hardware.

Acoustic bookmarksare designed for eavesdropping on acoustic (speech) information.

Information eavesdropped by acoustic bookmarks can be recorded using portable sound recording devices or transmitted via radio channel, optical channel, AC power supply, connecting lines of auxiliary technical means (for example, telephone line), metal structures of buildings, pipes of heating and water supply systems. In this case, bookmarks can be made in the form of a separate module, usually in the shape of a parallelepiped, or camouflaged as everyday items: an ashtray, a light bulb, a lighter, a wristwatch, a fountain pen, a vase, etc.

If in an acoustic device that transmits information via a radio channel, the sensitive element is an electret microphone that perceives acoustic vibrations propagating along a direct acoustic (air) channel, then this device is called a radio channel, but if the sensitive element is a contact microphone that perceives acoustic vibrations propagating along a vibroacoustic channel, then this tab is called a radio stethoscope. In order to increase operating time, these acoustic bookmarks can be equipped with voice control systems for turning on the radio transmitter (VAS or VOX systems), as well as remote control systems. Scanner receivers and software and hardware control systems are used to receive information transmitted by radio bookmarks and radio stethoscopes.

In addition to acoustic bookmarks that transmit information over a radio channel, in practice bookmarks are widely used in which 220 V power supply lines are used to transmit information. Such acoustic bookmarks are called network ones. To receive information transmitted by network bookmarks, special receivers are used that are connected to the power network within the building (power substation). At the same time, dozens of such bookmarks can operate simultaneously in one electrical network without significantly affecting each other.

In practice, it is also possible to use acoustic bookmarks that transmit information along the lines of security and fire alarm systems, as well as telephone lines. The simplest device that transmits information over a telephone line is the so-called “telephone ear” device.

The considered features of acoustic bookmarks, as well as their fairly small size and weight (for example, the acoustic bookmark HKG-2000 from Helling has dimensions of 59 ( 39 ( 17 mm, weight 55 g and provides an information transmission range of 1000 m) allow them to be placed in interiors, building structures, everyday items, radio equipment, power sockets and electronic devices, extension cords, technical communications equipment and their connecting lines, as well as directly in power lines.

Phone bookmarksdesigned for eavesdropping on information transmitted over telephone communication lines. Overheard information can be recorded using portable audio recording devices, transmitted over a radio channel or telephone line.

Telephone bookmarks are made in the form of a separate module or are camouflaged to look like elements of a telephone set, for example, a capacitor, telephone or microphone capsules, telephone plug or socket.

Both contact and non-contact methods are used to capture information in such bookmarks. In the latter case, information is collected using a miniature induction sensor, which eliminates the possibility of establishing the fact of eavesdropping on information.

As a rule, the transfer of information using such a bookmark begins the moment the subscriber picks up the handset, and the transfer of information in most cases is carried out over a radio channel. Therefore, to receive information from such telephone bookmarks, the same means are used as for conventional radio bookmarks.

Hardware bookmarks are installed in technical means for processing and transmitting information (usually in a PC) and are designed to ensure remote retrieval of information at the right time, violation of its integrity and blocking.

Hardware bookmarks are assembled from standard modules used in computers, with minor modifications, and are installed in the computer in such a way that there is access to input or output information, for example, information displayed on the PC monitor screen.

Such features of hardware bookmarks allow them to be placed in the PC when assembling the PC to order of the enterprise of interest, as well as when troubleshooting or modifications carried out in period of service or warranty.

Мы используем cookie-файлы для наилучшего представления нашего сайта. Продолжая использовать этот сайт, вы соглашаетесь с использованием cookie-файлов.
Принять