Informational Safety In The Studying Systems

Master Yulia Zanyala

Autosynopsis

1. The prologue

1.1 Introduction (urgency and motivation)

The subject of my master’s work is protection of the information in training systems. Computer training systems now are rather actual products, because they give an opportunity to be trained:

• on distance;
• on the job;
• during convenient time, in convenient place, with rather small financial expenses;
• being independent.

Training systems can be:

• local;
• remote.

Both kinds of systems have the specificity by way of protection of the information.

As complex training systems include systems of testing of knowledge the basic problem here consists in protection of test tasks and answers to them against attempts of the non-authorized access.

If the question is remote system, so here protection is required for network connection between client and server components of system.

Encryption, or cryptography, can help with both cases. For the first case it is protected-key, for the second it is public-key.

The motivation in a choice of a subject has been caused by actuality of the information safety questions in the world. I am interested in mathematics, so from all ways of protection of the information I am most imposed by cryptography.

1.2 The purposes and tasks of job

The functional sites of training system should become result of job, one of them will contain a database with tests and answers to them, another will provide connection between a client and server part of system. Both parts should be protected in appropriate way. The modern, partly advanced algorithms are used for protection. The plan of protection of a database is submitted below in animated paint.

1.3 Prospective scientific novelty and practical value

Practical value of the given development consists in an opportunity of application of the improved algorithms for the decision of practical tasks. Such tasks arise in the diverse fields of activity. Besides training systems it is any systems of the financial account, especially bank, sphere of protection of copyrights to software products, and generally any systems at which there is an element of confidentiality.

Scientific novelty consists in improvement of already available development.

2. The basic part

2.1 The local review

Many masters of the last and current years were engaged in a problem of protection of the information in DonNTU. It is possible to see their jobs under links №8-12 in the catalogue of links. Next works are close to considered subject and especially interesting: "Protection of the information in development of training systems" (2006) by Elena Cherepkova and “Research of means of a safety of computer networks " (2002)by Andrey Volkogon.

Besides it Alexandr Y. Ivanov. is engaged in the given question on faculty FCIS.

The question about training systems is also developed in master's works( links №1-7).

In general the subject of my research is within the framework of one of the basic directions of researches of faculty CS: a computerization of technological processes and systems.

2.2 The national review

Now in Ukraine and the countries of CIS (in particular, in Russia) there is an active development, both on questions of training systems, and on questions of protection of the information (see links).

Development of area of protection of the information in the majority of the countries is adjusted by the legislation. Russia and Ukraine are not the exeption[5,6]. Frequently legislative restrictions interfere with development of this area by efforts of civil scientists, leaving the initiative to militaries. In the considered countries the problem of the state monopoly for cryptological researches is discussed not so briskly as abroad, however, such problem exists.

2.3 The global review

In a course of search of material on the given question among global sources the attention was turned to the following organizations:

• International Association for Cryptologic Research ( IACR)
  The international noncommercial organization directing the efforts to support of the further researches in the field of cryptology and adjacent areas. Carries out the following activity:

  1. Conferences (Crypto 2007, 19-23.08.2007, Санта-Барбара, Калифорния, США; Asiacrypt 2007, 2-6.12.2007, Кучиг, Малазия);
  2. Symposiums (Workshop on Cryptographic Hardware and Embedded Systems (CHES 2007), 10-13.09.2007, Vienna, Austria; International Workshop on Practice and Theory in Public Key Cryptography (PKC 2008), 9-12.03.2008, Barcelona, Spain; The fifth Theory of Cryptography Conference (TCC 2008), 19-21.03.2008, New York, the USA);
  3. Publications (Journal of Cryptology (Online access via Springer); IACR Newsletter; Conference Proceedings (Online access via Springer, Online access via IACR Archive); Cryptology ePrint Archive).


• IEEE Computer Society’s Technical Committee on Security and Privacy
  Committee on safety of society IEEE Activity: among other, together with IACR conference 2007 IEEE Symposium on Security and Privacy is spent. Date and a place of carrying out: 20-23.05.2007, Oakland, California, the USA.



• Technical University of Denmark Department of Mathematics
  ECRYPT( European Network of Excellence for Cryptology) is a 4-year European research initiative launched on 1 February 2004. The stated objective is to, "intensify the collaboration of European researchers in information security, and more in particular in cryptology and digital watermarking. ECRYPT list five core research areas, termed "virtual laboratories": symmetric key algorithms (STVL), public key algorithms (AZTEC), protocol (PROVILAB), secure and efficient implementations (VAMPIRE) and watermarking (WAVILA)



• UNIVERSITY OF LUXEMBOURG Laboratory of Algorithmics, Cryptology and Security
  In the context of this research unit, they plan to address the following topics: study of novel algebraic attacks on block ciphers and stream ciphers; continue some of our previous work on structural cryptanalysis of schemes; extensions of differential, linear, slide attacks. Development of new methods for the analysis of hash functions and message-authentication codes (MACs), as recent results show that this area has been significantly under-studied. In this context, they will continue to work extensively with industry and standardization bodies as partner in research and development projects, as we did in the past. For example, we worked on European pre-standardization project for encryption primitives (NESSIE) (the project has won a European commission excellence award), and in a road-map for cryptography projects STORK. They have also been actively involved and will continue to evaluate current and future industry standards for GSM, wireless and Internet communications.



• CITS Institutes for Cryptology and IT-Security Bochum
  Object of research is designing and the analysis of cryptographic algorithms that includes researches of mathematical base, development of standards, a problem of effective and safe prevention of attacks of the channel with use SmartCards.



• University of Cambridge Computer Laboratory Security Group
  Directions of researches: reliability of systems of safety, security protocols, cryptology (block codes: BEAR, LION, TEA, XTEA, stream codes (Chameleon), hash functions (Tiger).



• University of Wisconsin-Milwaukee, the Center for Cryptography, Computer and Network Security
  Has been based for a deepening of job on cryptography and the safety of the data started at university by the professor George Davida. A task of the center is researches in the field of cryptography, computer safety, network safety, and also adjacent practical and theoretical spheres of activity.



• Quantum Computation at Korea Advanced Institute of Science and Technology
  Quantum calculations, including cryptography.



• CRYPTEC Cryptography Researche And Evaluation Commettees
  The Japanese organization authorized by the Government to investigate and estimate cryptographic methods. Among their researches: a rating of safety and the analysis of a way of attack to hash function (SHA-1); research ratings of safety of hash function Whirpool and RIPEMD-160, strengthenings SHA-1; foreign research of politics of the nation in the field of cryptographic algorithms.

3. Final part

3.1 The description planned and received on a subject

Now the following jobs are carried out:

• the analysis of a status of a case in point in the world;
• accumulation of an initial material on a subject;
• a choice of a basis for the further development;
• the analysis of the chosen algorithm (GOST 28147-89 – the standard of encryption of the Russian Federation);
• search of ways of improvement is started.

3.2 Conclusions

At the given stage the basic achievements are: a choice of a direction of conducting development, a choice of the basic object of researches and improvements, and as some operating time concerning improvement of qualities of algorithm.

3.3 The literature

1. Саломаа А. Криптография с открытым ключом// М.:Мир, 1995. – 318с.
2. Андрей Винокуров Алгоритм шифрования ГОСТ 28147-89, его использование и реализация для компьютеров платформы Intel x86.// http://kiev-security.org.ua/b/102.shml
3. Лукацкий А.В. АНАЛИЗ ЗАЩИЩЕННОСТИ БАЗ ДАННЫХ // http://bezpeka.com/ru/search/result.php?id=7543
4. Ростовцев А. Г., Маховенко Е. Б. ДВА ПОДХОДА К АНАЛИЗУ БЛОЧНЫХ ШИФРОВ // Проблемы информационной безопасности. Компьютерные системы. СПб., 2002, № 1.
5. Лазарева Н. Российская криптография в путах законов // CRN.ИТ-бизнес №4 (177), 27 марта 2003 года http://www.crn.ru/numbers/reg-numbers/detail.php?ID=8454
6. Белов С., Мартыненко С. Есть ли жизнь на Марсе…(в смысле - в электронном документе Украины)? // http://gipi.internews.ua/ukr/activity/e-sign/ecp_banks1.rtf