Subsequently, such encryption mechanisms appeared as the Tritemius square board, Thomas Jefferson disk cipher, etc. In the 20th century, the complexity of machines increased by an order of magnitude, they became rotor electromechanical. The most famous are Lorenz and Enigma, various modifications of which were used by Germany in the 1917 – 1945, the American Sigaba and the British Typex. Note that the breaking of the Enigma cipher, as well as the Japanese military codes, was an important contribution to the Allied victory in World War II.
This breakthrough in cryptographic science happened with the advent of computers capable of dividing information into bits. Such systems can be subjected to hacking, but in most cases time costs do not justify themselves. Computers allowed to encrypt any data that can be represented in a digital binary form, in contrast to the classical ciphers, intended only for written texts. This led to the unsuitability of linguistic methods of cryptanalysis, as computer ciphers are characterized by working with sequences of bits (possibly grouped into blocks) without traditional letters and numbers.
High-quality modern ciphers are usually too tough for cryptanalysts, since hacking requires more and more effort. In the middle of 70's, asymmetric cryptosystems appeared, which generally do not require the parties to transmit the secret key. In the book by Whitfield Diffie and Martin Hellman, “New Directions in Modern Cryptography,” published in 1976, the principles of such an exchange of encrypted information were first formulated. Asymmetric cryptography has opened several new application areas, such as electronic digital signature systems and electronic money.
The main tasks of practical cryptography are now the protection of e-mail, payments and private networks, the creation and use of key information carriers, electronic digital signature, identification and authentication. Such a multitude of tasks is solved by means of cryptographic information protection (CIPS) as a combination of hardware and (or) software components.
Modern means of protecting information used in power structures fall into the category of electronic hardware and software equipment. In most cases, it is based on direct and inverse cryptographic transformations of the information itself or access to it. The creation of such equipment is a multifaceted problem that requires solving technical, crypto-engineering and organizational and technical issues. They set the technical appearance of almost all hardware and software components of the information protection system. In addition, these solutions predetermine the efficiency of operation of all equipment in terms of direct encryption / decryption, ensuring the reliability of information, ensuring integrity and controlling access to only authorized officials.
Electronic equipment for information protection can be used individually or in the mode of group service of subscribers of a protected network. In any case, the equipment should have a unified security system, and all its components - cryptographic compatibility.
For obvious reasons, the market for encryption tools in the post-Soviet space is not very public and open. According to available data, it presents mainly products from Russia, technical innovations of the SINCGARS project (USA), as well as products from Rohde & Schwarz, Motorola, Sectera, Cripto AG. In terms of cryptographic protection of information transmitted through communication channels, four fundamentally different design solutions can be distinguished.
In the first case, the equipment is created in the form of an autonomous block of cryptographic protection, to which analog communication means and digital means are connected to store data that does not have its own protective components. When transmitting voice information in the block, pre-digitization and compression (voice conversion) are performed, then the information is packaged, encrypted, encoded from interference, and transmitted to a wired or radio channel. When receiving voice information operations are performed in reverse order. Sending, receiving or storing data only needs data “slicing” into blocks.
Each copy of the block of such equipment is subject to individual accounting as a technical means of providing secure communication or encryption. An example of this type of equipment is the Russian T-230-1A product, which is sold to countries that have analogue communications in their armed forces.
A similar principle is applied in the TSEK / KY-57 classifying equipment, which was developed as part of the SINCGARS project and is currently in service with the US Army. The equipment provides external (non-INCOM) encryption / decryption of voice information and data transmitted via onboard radio stations: RT-1439, AN / ARC-201 A (V), AN / ARC-210 (V), AN / ARC-222. All radio devices of the SINCGARS family maintain a single interface of cryptographic compatibility AN / PSC-2.
The second variant of the constructive solution is the construction of equipment in the form of a crypto module that is inserted into any external transceiver or cryptographic equipment. If we bring all the constructive and informational interfaces of the module to a single standard, then it will be possible to apply it in many means of wired and radio communications, as well as in pre-encryption techniques. We note here that the equipment into which the module is implanted must be able to control the crypto module and display the indication signals of its states. In the AN / PRC-119 / A portable radio station and in the AN / VRS-88 mobile radio stations (89, 90, 91, 92) / A of the SINCGARS project, this variant is called internal (INCOM). The AN / PSC-2 crypto modules are compatible with TSEK / KY-57 channel encryption equipment.
The German company Rohde & Schwarz in 2004 announced the release of its own embedded crypto module. This is a dual-use product, that is, it can be used in military communications technology such as a multi-band radio station MR-3000 and "in civilian life", for example, in a TopSec GSM mobile phone. This phone was created on the basis of the then widespread Siemens S35i model.
By using a combination of two encryption algorithms, the module was highly secure. An asymmetric encryption algorithm is used to secure a session key agreement between two subscribers. In other words, keys are generated on the phones of both subscribers in accordance with the asymmetric Diffie-Hellman algorithm, as a result a unique number is created for them, which is used as a key. In turn, the symmetric algorithm protects the digitized speech. Successful operation presupposes the use of equipment on the receiving side with a similar cryptomodule (TopSec GSM mobile phone or Rohde & Schwarz ELCRODAT 6.2 ISDN phone).
The third type - the classification schemes are assembled on a separate board and become an integral part of the filling means of communication or encryption (radio or telephone). Functionally, this option differs from the second slightly. If the board is unified, then it can simply be used in various digital media. And if it is not removed, then each copy of external equipment is subject to individual accounting as a means of secret communication or encryption. This type is also used in the communication technology of the SINCGARS project.
Finally, the fourth option - the circuit and software crypto components are completely mixed with other functional units of the device, so that they are not even allocated to separate boards and modules. This scheme gives the best characteristics of mass and dimensions (in favor of compactness) and, as a rule, is used in corporate systems with a conservative composition of communication facilities. In addition, each copy of the equipment used is subject to individual accounting. In information security equipment, the so-called block algorithms are used as encryption / decryption algorithms. These algorithms operate with code blocks (code combinations) of a certain length, into which the initial information is cut (dissected).
Among the known encryption / decryption algorithms for mass application are DES, IDEA, Rijndael, AES, GOST 28147-89. Their modifications are also used, as well as other algorithms, including those not published in the press and not standardized.
The strength of the algorithms is determined by the length of the encryption keys. In the DES algorithm, it is 64 bits, in IDEA - 128 bits. The Rijndeal algorithm uses variable key lengths in increments of 32 bits, in AES, in general, three key gradations with lengths of 128, 192 and 256 bits are used. The GOST 28147-89 algorithm is based on keys of the 256 bit length. In the same sequence, the robustness of the algorithms increases.
In order to sort through all the possible code combinations for key discovery, and with the help of the famous INTEL ASCI RED supercomputer, you will need: DES algorithm - 9,4 h., IDEA - 1,3 X1021 years, GOST 28147-89 - 1,7 X1058 years.
Thus, the analysis of the state of development and use of equipment for information protection shows that interest in this type of equipment in a number of countries around the world is traditionally preserved by the ministries and departments of the power block, as well as by the services of diplomatic and government communications. However, due to the avalanche-like spread of mobile radio communications among civilian structures and the public, the issue has ceased to be the exclusive monopoly of the armed forces, special services and agencies.
Practice has shown that in technical terms, in the structure and principles of building information security tools, including encryption / decryption tools, for military, special and civilian use, there are many common points, with individual technical solutions that complement each other organically.
The current stage of development of systems for cryptographic information protection is characterized by the massive use of various hardware platforms as a material basis for building electronic equipment of this category and advanced software that directly performs the functions of authenticating officials, checking the authority of their access to information, encrypting / decrypting voice information and data .