Showing total 322 results

1. Ensuring technological independence by creating the necessary reserves of the electronic component base as one of the elements of its power of attorney

Author

Roman N. Zhurikov, Ilya S. Shchukin, and Yaroslav N. Yushkov

Subjects

technological independence, technological reserve, insurance reserve, ecb power of attorney., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The wars of the new information age impose higher requirements for the introduction of automatic control systems with artificial intelligence elements of modern weapons, and the current stage of the use of weapons and military equipment dictates the need to develop their tactical and technical characteristics. Therefore, taking into account the existing technological capabilities of domestic enterprises of the military-industrial complex, there is a need for use in samples, complexes, systems and products of weapons and military equipment (ME) components, raw materials and materials of foreign production (FP). At the same time taking into account the sanctions restrictions imposed by unfriendly countries, the issue of technological independence of the Russian Federation is acute when creating critical infrastructure products, the major of which are military and dual-use products. The paper describes the procedure fixed by the Government of the Russian Federation and implemented by the Ministry of Defense of the Russian Federation for creating volumes of technological and insurance stocks of FP products necessary for the development (modernization) and maintenance (repair) of technical readiness of ME products. The creation of technological and insurance stocks of FP products for ME products makes it possible to provide a power of attorney for the implementation of state programs in the field of arms development in terms of their provision with FP products. The procedure described in the paper for creating the necessary volume of technological and insurance stock of FP products will ensure a high probability of implementing programs for the development of weapons and military equipment, including in the absence of domestic analogues of FP products and performing development work on their creation.

Published

2023

2. Sustainability of technological processes in the aspect of security of critical information infrastructure

Author

Grigory P. Gavdan, Alexander N. Vavichkin, Vitaliy G. Ivanenko, Yulia D. Kuleshova, and Elina P. Rybalko

Subjects

management security, significant object, critical information infrastructure, threats to information security, stability of critical process., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The purpose of the paper is to study the sustainability of technological processes in the aspect of the security of critical information infrastructure (CII). Cybercrime today brings attackers an income (affecting critical information infrastructure objects) of about $1.5 trillion a year, which means that the security of critical information infrastructure is still requiring due attention. Currently, there is no generally accepted approach to conducting such an assessment and its definition remains an urgent problem. It is also important to understand that the stability of technological (including significant, critical) processes does not always ensure their safety (management safety), as well as ensuring safety does not ensure the execution of technological processes. The object of the study is the objects of the CII. The subject of the study is technological processes in the context of threats to information security. The technological process and its stability at CII facilities in the aspect of information security are studied. The analysis of regulatory legal acts (NPA) and scientific publications on the research topic is carried out. The analysis of the NPA of the CII showed that there are serious problems in this area. In order to formulate specific measures of sustainability of indicators, one can use the given sustainability matrix. The paper formulates the requirements for evaluation indicators. Based on the results of the study, it was found that the assessment of the stability of the functioning of objects can be implemented on real significant objects of the CII, while the stability coefficients of the elements can be detailed in more detail. Definitions and problems are considered, the main sources confirming the importance of the study are presented. The results of the study can be used when considering approaches to assessing the sustainability of technological processes in the context of CII safety.

Published

2023

3. Exploration of the use of temporary computer system resources by anti-virus tools

Author

Alexey V. Astrakhov, Alexander N. Stadnik, Kirill S. Skryl, Ivan I. Korovin, and Elvira R. Bashaeva

Subjects

malicious software, computer system, antivirus tools, information protection, unauthorized access., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper is devoted to the study of factors affecting the timeliness of response to the effects of malicious software. The analysis of anti-virus protection tools in computer systems is carried out. The analysis is based on expert assessments of protection measures against the effects of malicious software and expert assessment of the time parameters of anti-virus tools. The requirements for the time characteristics of anti-virus tools in the computer systems are defined and justified. The paper provides options for the formal presentation of characteristics for assessing the implementation of information processes in the computer systems and the timeliness of responding to the effects of the malicious software. The characteristics that clarify the model of information security threat in the computer systems are analyzed by taking into account the specifics of the use of the malicious software. The substantiation of mathematical abstraction for the formal representation of a sequence of random events associated with the implementation of the threat of the impact of the malicious software on the computer systems is given, analytical expressions are obtained to evaluate anti-virus protection measures and the actions of the violator to implement unauthorized access. Hypotheses are formulated and proved regarding the adequacy of the use of a temporary computer systems resource by antivirus tools.

Published

2023

4. Systematics of concepts in the field of information security

Author

Alexandr I. Tolstoy

Subjects

taxonomy, concept, term, definition, danger, object, information security, asset, risk, cybersecurity., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

Based on the existing requirements for the categories of concepts, terms and definitions related to these concepts, the paper proposes a classification of concepts related to information security (IS) of objects and at the same time currently possessing the maximum unambiguous correspondence with the terms denoting these concepts and definitions concepts (terms). When constructing classifications, an attempt was made to apply the basics of the theory of taxonomy (systematics), which led to the conclusion that the considered structures of concept systems as a whole will be hierarchical (the main principle of taxonomy) under certain conditions (for example, when using only concepts that belong to the categories of the subject (object), process, or property). The approach considered in the paper made it possible to formulate definitions of terms directly related to the proposed systems of concepts. This set can be considered as a terminological system related to the field of information security of the object. The proposed terms and their definitions do not contradict similar ones used in practice, they are systematic in relation to the terms themselves (definitions) and systematic in relation to the corresponding concepts, and also have a universal nature of application, which allows their use for almost any objects related to information (for example, information and automated systems, informatization systems, sociotechnical systems, cyber systems and information as an object). The results of the work are of practical importance for the educational field in the formation of a modern, methodically sound conceptual base among students.

Published

2023

5. Research of authentication methods in the industrial internet of things

Author

Ivan B. Getmanyuk, Ivan R. Fedorov, and Ravil S. Engalychev

Subjects

internet of things, industrial internet of things, security, authentication, blockchain., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

One of the most critical and key issues in the field of the Industrial Internet of Things security is the authentication. The main aim of this paper is to identify possible methods of solving authentication issues. The relevance of the research is confirmed by the “Information Security Doctrine of the Russian Federation” and emerging risks caused by information and technical impact on industrial facilities in the current geopolitical environment. Based on the presented literature review, the architecture of the industrial Internet of things, options for protecting authentication protocols from known attacks, as well as options for protection using blockchain technology are presented. When analyzing network models, it was revealed that information protection options do not depend on the model itself, but depend on the architectural level at which the protection of a particular model is built. The paper discusses the advantages and disadvantages of various protection options that should be considered during its implementation. The obtained results can be used to select a method for protecting the authentication protocol when building an information system in the field of the Internet of things.

Published

2023

6. Cybersecurity of the network perimeter of the critical information infrastructure object

Author

Viktor S. Gorbatov, Igor Y. Zhukov, Vladislav V. Kravchenko, and Dmitry I. Pravikov

Subjects

cybersecurity, computer attacks, critical information infrastructure, object, network perimeter, technological solutions., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The purpose of this paper is an analytical pre-project study of possible technological aspects of countering external computer attacks on critical network infrastructure. This will make it possible to specify the tasks for further resolving this problem in the aspect of developing the necessary software and hardware. The practical implementation of such tasks is an urgent and rather unconventional problem due to various factors of change in the classical concept of the network perimeter as a physical boundary of the information infrastructure, which becomes virtual and, therefore, requires the use of new approaches to the development of technical solutions. Based on statistical data on the number and quality of computer incidents, the study provides a justification for the relevance of the above problem, and gives an overview of widely used technical means for protecting the classic network perimeter, such as firewalls and systems for detecting attacks and intrusions. A comparative analysis of modern technological trends in their development, referred to in publications as «Threat Detection and Response», «Extended Detection and Response», is carried out. However, despite the powerful software and hardware functionality of these solutions, their common drawback is indicated as the lack of adequate counteraction to computer attacks with a remote mode of the user work. In this regard, the latest concept of virtual network perimeter protection, referred to by the authors as «Cybersecurity Mesh» («cybersecurity network»), is detailed. It is this methodology that seems to be the most promising for the development of appropriate technological solutions to ensure the cybersecurity of the perimeter of the critical information infrastructure. The paper might be useful to specialists working on the security of critical information infrastructure facilities, as well as to employees of educational classes in the implementation of appropriate training, retraining and advanced training programs for such specialists.

Published

2022

7. Analysis of changes in personal data legislation since September 1, 2022

Author

Alexei A. Sirotskiy

Subjects

personal data, organization-operator, security requirements, incidents, data protection, specialists’ preparation., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper analyzes regulatory and legal changes in the requirements for the organization of personal data by operators of personal data protection processes, which came into force on September 1, 2022. It is noted that a number of additional regulations are also going to come into force on March 1, 2023, although they are not considered in the paper. The new requirements contain a number of restrictions and tightening of existing protecting personal data processes, as well as a number of active innovations requiring the introduction of new processes aimed at improving the security of personal data and promptly identifying and investigating incidents. Each change and innovation are analyzed by a set of features, including the identification of the law rules, the study of new requirements and the formation of a conclusion about the essence of changes and the necessary set of actions aimed at ensuring the fulfillment of requirements. In total 14 fundamental and significant changes and additions to the requirements for the protection of personal data have been identified. The most time-consuming and costly for small businesses is the link to the state system for detecting, preventing and eliminating the consequences of computer attacks, which requires attracting additional funds and employees. Priority tasks to be solved by the personal data operators in order to ensure compliance with the new standards have been formulated. Those are the building up a team to investigate information security incidents, as well as creation of a system for managing information security incidents and the introduction of software products for solving this problem. Another important task is to train the specialists with the knowledge and competencies necessary to solve new problems and to develop the programs for the personal data management culture formation aimed at the general public.

Published

2022

8. Methods of image transformation for person authentication using face thermographic image

Author

Nikita I. Belov

Subjects

computer vision, authentication algorithm, face thermogram, holistic transformation methods, principal component analysis, linear descriptor analysis, independent component analysis, truncated singular value decomposition, discrete cosine transformation., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The purpose of the paper is to study the holistic image transformation methods for person's identity authentication from a thermographic image of faces. Within this study the datasets of images of faces in the far infrared range (LWIR) have been collected. The novelty of the study consists in the features of the dataset of images which collected in real conditions that affect the quality of authentication, such as facial expressions, wearing glasses or a medical mask, applying makeup / cosmetics, different illumination and temperature conditions of the environment, head turns. The methods under the study are based on the construction and selection of image features while reducing the dimension and converting the image into another form of representation. These methods are used to solve the problem of distinguishing features in images, in authentication person identity by 2D image of his face and allows solving other computer vision problems. This paper discusses classical methods of integral image transformation: principal component analysis, principal component analysis using a kernel, linear descriptor analysis, independent component analysis, truncated singular value decomposition, discrete cosine transformation. As a measure of the proximity of images, the Euclidean distance between the vectors of image features is used. Testing of the methods was performed on a set of thermograms consisting of 632 thousand images of the faces of 158 people. The F-measure was used as a metric to assess the quality of comparison of the selected methods. As a result of the experiment, the independent component analysis method showed the highest values of the F-measure metric – 0.72. The results of the study can find applications in access control and control systems to increase the fault tolerance of authentication of persons. The use of the considered methods is effective in the tasks of processing thermographic images for authenticating a person by secondary signs, by the pattern of his veins and vessels on the face, in cases of changes in facial expressions and appearance by means of applying makeup and wearable accessories.

Published

2022

9. Investigating the possibility of increasing the resilience to attack of the differential energy watermarking embedding method

Author

Alеksеy S. Gеraskin, Anastasia A. Shulikina, and Anna A. Lukyanova

Subjects

digital watermark, discrete cosine transform, dew method, watson model, pearson coefficient, ssim., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The aim of this paper is to investigate the possibility of increasing the robustness of digital watermark embedding by the differential energy watermarking (DEW) embedding method to static attacks: median filter, Gaussian filter, threshold rounding, noise reduction, compression; to geometric attacks: 90-degree rotation, slight clipping, scaling; attack on rewrite. The peculiarities of digital watermark embedding by DEW method and ways to improve the reliability of this method using Watson’s visual model are discussed. One of the main problems in digital watermark embedding by the DEW method is that it embeds information in high-frequency coefficients that are discarded by filters, and the DEW method does not take into account the effect that changes in discrete cosine transform (DCT) coefficients have on the original image. As a solution to these problems a modification of the method based on the Watson visual model has been proposed. The model estimates the maximum allowable value that can be changed without visual influence. Thus, by matching the discrete cosine transform coefficients in the DEW algorithm to the values of frequency sensitivity of Watson’s visual model, one refuses to embed the watermark in the area with complex textures in order to reduce the impact on the visual quality and filtering effects. In this paper the changes introduced into the image by digital watermark embedding were evaluated using structural similarity (SSIM), and the stability of the digital watermark was evaluated using Pearson coefficient. Based on the data presented in the paper, a comparison of DEW method and DEW method using Watson’s model was carried out. According to this study, the DEW method using Watson’s model is resistant to repeated recording attacks, partially resistant to geometric and statistical attacks, while the DEW method is not resistant to static and geometric attacks.

Published

2022

10. Hiding data in blocks of Oracle Database

Author

Mikhail A. Kupriyashin and Regina F. Baiazitova

Subjects

steganography, data hiding, databases, database management systems, oracle database., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

In this paper, we explore the possibility of storing a hidden message in the physical data structures of the Oracle Database Management System (DBMS). We consider data blocks, the fundamental Oracle Database storage units for table data and other objects. As a result of normal usage, free space in data blocks gets fragmented. We devised a technique to form the desired fragmentation pattern in a data block. Assuming fragments of free space correspond to “0” bits, and fragments of data corresponding to “1” bits, we may store a secret message inside a block. In order to form the container, we need the object privileges to SELECT, DELETE and INSERT data. The SELECT object privilege is required to retrieve the message at a later time. The paper covers the technique of message embedding in detail. In conclusion we discuss various use causes for the technique. It should be noted that the operations of deleting and then adding rows lead to eventual damage to the steganographic container. In this regard, we studied the OLAP and OLTP database models. We conclude that OLAP databases are better suited for embedding secret messages due to the small number of the operations mentioned before.

Published

2022

11. Privacy-preserving machine learning based on secure four-party computations

Author

Sergey V. Zapechnikov

Subjects

privacy-preserving machine learning, secure multi-party computations, secret sharing scheme., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper is devoted to the analysis of privacy-preserving machine learning systems based on the concept of secure four-party computations. The advantages of the four-party computations over the two- and three-party computations are analyzed. The definitions are given that express the resistance of secure multi-party computation protocols against an active intruder. The Tetrad system is considered as an example of a secure four-party computations system with advanced functionality that most fully implements the properties of security against intruder actions. The concept of computations implemented in Tetrad based on the idea of mixed use of arithmetic as well as Boolean and garbled circuits in the function computations is analyzed. The multi-level architecture of the system is considered. The protocols related to various levels of architecture are analyzed in detail. For this purpose, an analysis of various forms of secret sharing is carried out. After that the basic protocols with shared secrets are considered. The systematization of protocols is completed with the analysis of high-level protocols used for the confidential implementation of model learning and inference procedures. This set of protocols allows performing high-level operations that are standard for machine learning systems, but with shared secrets. The paper concludes considering the advantages, disadvantages, features and limitations of four-party secure computations protocols for privacy-preserving machine learning.

Published

2022

12. An approach to evaluating the effectiveness of the information security system for a distributed data transmission system

Author

Oleg G. Evdokimov, Grigory P. Gavdan, and Sergey A. Reznichenko

Subjects

information security, object of critical information infrastructure, data transmission, distributed system, information security system., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The purpose of the paper is to identify possible approaches to assessing the effectiveness of the information security system (EISS) for a distributed data transmission system (DDTS) related to a significant object of critical information infrastructure. When developing the EISS, it is necessary to identify possible external and internal sources of threats to information security already at the design stage of the DDTS architecture as well as to develop a model of the violator and a model of information security threats (IS). One of the main problems in the creation of EISS DDTS is the lack and/or insufficient training in the field of information security; a large financial burden on the creation and modernization of hardware and software, etc. The DDTS model (a block diagram of the DDTS and the layout of the components of the DDTS on special computing equipment) is proposed for the EISS DDTS under study. The paper proposes an approach to assessing the effectiveness of the EISS DDTS based on the use of the method of expert assessments for the selected model, which is necessary to achieve the required level of safety. The aspects of assessing the effectiveness of the EISS DDTS are considered using the example of the organization of technical measures to ensure the IB DDTS. This assessment of the effectiveness of the EISS DDTS allows you to identify weaknesses and help you quickly take measures to eliminate them, which in the event of computer attacks or incidents can significantly reduce the risks. The proposed approach can be integrated into existing practices for assessing the effectiveness of information security.

Published

2022

13. Investigation of threats to the functioning of cyber-physical systems due to the use of vulnerabilities of the wireless standard IEEE 802.11

Author

Anatoly P. Durakovskiy and Vitaly N. Tsymbal

Subjects

wireless communication, wi-fi, vulnerability of wireless technologies, threats to information security, cyber-physical system., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The purpose of the paper is to analyze and systematize the existing security threats to the functioning of cyber-physical systems through vulnerabilities of wireless networks operating on the basis of protocols defined by the IEEE 802.11 standard. The relevance of the study is explained by ever growing number of devices and various systems using wireless networks to ensure their functioning, including the designated standard. Using examples of existing varieties of this technology (there are more than 15 generations of the standard), the features of wireless local area connections according to this standard as well as the ways of organizing wireless communication lines (with one access point and (or) several, without an access point) are analyzed. Since the functioning of cyber-physical systems at the network level is based on this Wi-Fi technology, major attention is paid to the study of security threats of the IEEE 802.11 wireless standard,. Despite the benefits of using such means of communication, namely: high data transfer rates, high bandwidth, wide coverage area, reliability of the built network, ease of implementation and scalability, the implementation of security threats can lead to a violation of confidentiality and authenticity of the transmitted information, loss of control over the access point, the communication channel itself, the integrity of the transmitted data, etc. The existing security functions implemented in client devices operating on the basis of wireless connection of local area networks of the IEEE 802.11 standard are systematized in the paper as well.

Published

2022

14. An Analysis of Local Security Authority Subsystem Services for Windows and Linux

Author

Svetlana A. Golub and Igor Y. Korkin

Subjects

extraction credentials, passwords in memory, ascii and unicode passwords, operating system security, gnome-keyring-daemon, lsass, mimikatz., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper is devoted to the security analysis of authority subsystem services for Windows and Linux operating systems. The paper provides security analysis for both local and network-based authentication in Windows. The Mimikatz (France) will be presented to demonstrate attacks on the authentication subsystem. Mimikatz is a software tool that can extract users’ credentials and password information from the memory of the LSASS process. To prevent such attacks on process memory Windows OS includes several security mechanisms: Security Reference Monitor, Protected Process Light, and Virtualization-Based Security. However, attackers can bypass these mechanisms to get illegal access to the process memory and steal users’ credentials. A similar analysis of the local authority subsystem for Linux OSes shows that gnome-keyring-daemon stores the users’ passwords in plain text. As a result, attackers can easily extract this sensitive information using memory forensics techniques via user-mode applications. Several modern Linux Distributions based on Red Hat Enterprise Linux (RHEL) still have this security issue: CentOS, Ubuntu, GNU/ Linux Rolling. Experts have developed software tools to locate and remove passwords from the memory to tackle this security challenge: MimiPenguin (USA) and Mimipy (USA). Comparison analysis of these tools reveals their drawbacks: these security tools cannot locate passwords with Unicode characters, and these tools have low speed. The proposed security solution called MimiDove is designed to solve both these issues. MimiDove expands features of MimiPenguin and Mimipy by locating and deleting passwords with ASCII and Unicode characters. MimiDove is faster than MimiPenguin and Mimipy.

Published

2022

15. Method for analysis of the stability of nuclear power plant systems to the impact of computer attacks

Author

Vitaliy G. vanenko and Nina D. Ivanova

Subjects

nuclear power plants, instrumentation and control systems, failures, targeted computer attack, criticality matrix hierarchy, failure impact matrix., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper is devoted to developing a methodology for analysing the stability of Instrumentation and Control Systems (ICS) of Nuclear Power Plants (NPPs) to the impact of computer attacks aimed at producing an accident event (targeted computer attacks). The paper demonstrates the need to consider the impact of threats to information security when analysing the safety of the process control system of the NPP power unit. Various methods of safety analysis of ICS of NPPs are considered. Their fundamental shortcomings are highlighted: the lack of consideration of the factors of anthropogenic threats to information security, dependence of failures, the complexity of presentation of modelling results with a large number of subsystems. Based on the analysis of existing practices, the requirements for the developed methodology are formed. As a result, a methodology is developed for analysing the stability of ICS of NPPs to the impact of targeted computer attacks based on the use of risk assessment matrix models: failure impact matrices and criticality matrix hierarchies. The procedure for analysing and modelling computer attacks using influence matrices and a hierarchy of criticality matrices is described. The application of the method is demonstrated by the example of the ICS segment of NPP: a scenario of a targeted computer attack is modelled using the criticality matrix hierarchy. The expediency of using failure impact matrices and a criticality matrix hierarchy for modelling targeted computer attacks on the ICS of NPPs is substantiated. The scientific novelty of the study consists in the proposal of a methodology for analysing the stability of ICS of NPPs, which takes into account the dependence of failures and allows modelling scenarios of computer attacks. Since the risk assessment matrix models are an indistinct extension of the applied Failure Mode and Effects Critical Analysis, the developed methodology can be integrated into existing practices of safety analysis of the ICS of NPPs.

Published

2021

16. Privacy-preserving machine learning based on secure two-party computations

Author

Sergey V. Zapechnikov and Andrey Yu. Shcherbakov

Subjects

privacy-preserving machine learning, secure multi-party computations, garbled circuits, oblivious transfer, secret sharing scheme, homomorphic encryption., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper is devoted to the analysis of privacy-preserving machine learning systems based on secure two-party computations. The paper provides introductory information about privacy-preserving machine learning systems, analyses the goals and objectives of its application. A generalized model of privacy-preserving machine learning architecture is proposed, reflecting the main functional blocks of the systems. The formulation of the problem of secure multi-party computation is considered. The descriptions of cryptographic primitives and protocols used to implement two-party secure computation protocols, including homomorphic encryption, secret sharing schemes, oblivious transfer and garbled circuits, are given. The current privacy-preserving machine learning systems based on two-party secure computations are analyzed. The main attention is paid to algorithmic aspects of systems, methods and protocols of information security in them. Systems resistant to semi-honest and active adversaries are considered, both based on universal modules for secure two-party computations, and specialized ones designed to ensure the privacy of specific machine learning technologies, such as convolutional neural networks. Implemented prototypes of several such systems are considered in detail. Based on the results of the analysis, conclusions are formulated about the features of the future privacy-preserving machine learning systems.

Published

2021

17. Conceptual scheme (paradigm) of connected data technologies

Author

Andrey I. Terentyev

Subjects

connected data technologies, blockchain technology, connected set, structure of a connected set, dimension of the structure of a connected set, strength of connection of elements of a connected set., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper proposes to consider blockchain technology as one of the possible technologies aimed at ensuring the integrity, availability and reliability of various data sets. In order to streamline the directions of research of such technologies, the paper proposes an initial conceptual scheme (paradigm) of practical views and approaches in relation to the technology of mathematically, cryptographically and otherwise connected data, considered from the standpoint of mathematics as a set M, the elements of which can be sets, as well as constructive, hybrid and other objects, including, inter alia, information and service components. The concepts of a connected set, the dimensions of its structure and the strength of the established connection are introduced. It is argued that the potential for practical application of various systems of connected data, especially unconventionally organized structures of multidimensionally connected data, is much higher than it seems at present. As an example, a two-dimensional structure of the set M in the form of a cylindrical pipe (linear-ring structure) is proposed, as well as a three-dimensional structure in an orthogonal basis in the form of a cube (parallelepiped), which may have prospects for practical applications in various projects of digital economy where data is used simultaneously in several processes.

Published

2021

18. Improving the training of specialists to ensure the security of the information infrastructure of the internal affairs authorities

Author

Viktor S. Gorbatov and Aleksandr S. Erdniev

Subjects

higher education, competencies, critical information infrastructure, internal affairs agencies, educational program, federal state educational standard., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The departmental personnel training system of the Ministry of Internal Affairs of Russia has significant experience in training specialists in various educational programs in the field of information security. Over the past decade, due to various factors, significant changes have taken place in this area, particularly in its state regulation based directive provisions for the Russian Information Security Doctrine. And they have also given a new impetus to the actualization and adaptation of these changes in existing educational programs. Such work is being carried out «on a broad front» by Russian universities subordinate to the Ministry of Education and Science of the Russian Federation, within the framework of the Educational and Methodological Association of the same name. There is also an obvious need to solve this problem at the departmental level, in particular, within the framework of the personnel training system of the Ministry of Internal Affairs of Russia. This paper presents the results of the pre-design survey, which is a part of the relevant educational programs developed on the basis of federal educational standards. Based on this survey, it is planned to further develop and implement measures to improve the quality of training in the field of managing information infrastructure security for Russian internal affairs authorities. The object of the study is to improve the quality of this process in the field of managing the security of the information for the Department of Internal Affairs. In order to achieve qualification requirements for certain categories within the internal affairs bodies, the article examines the domestic experience of leading Russian and international universities in educational training of specialists in the field of information security. The basis for the formulation of proposals for the modernization of the variable part of educational programs for the training of specialists in the protection of the information infrastructure of internal affairs authorities is the experience of designing domestic professional standards for the protection of information and individual foreign initiatives.

Published

2024

19. Topical issues of the problem of assessment of threats of cyber attacks on information resources of significant facilities of critical information infrastructure

Author

Sergey V. Skryl', Victor V. Gaifulin, Dmitry V. Domrachev, Vladimir M. Sychev, and Yulia V. Gracheva

Subjects

computer attack, critical information infrastructure objects, cyber stability of critical information infrastructure objects, the effectiveness of mechanisms for detecting, preventing and eliminating the consequences of computer attacks on information..., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

This paper opens a series of studies devoted to the problems of assessing the characteristics of measures to ensure the cyber resilience of information resources of critical information infrastructure objects. The paper substantiates the relevance of issues of increasing the efficiency of mechanisms for detecting, preventing and eliminating the consequences of computer attacks on the information resources of critical information infrastructure objects as a prerequisite for ensuring the cyber stability of these objects. A detailed analysis of the methodological apparatus of probabilistic assessment of the relevance of threats to information security is provided, the provisions of which are reflected in the regulatory and methodological documents of the FSTEC of Russia. The circumstances that do not allow characterizing the existing level of development of mathematical methods in the field of information protection against unauthorized access as high are analyzed. The necessity of solving the problems of adequate assessment of the effectiveness of mechanisms for detecting, preventing and eliminating the consequences of computer attacks on the information resources of critical information infrastructure objects is substantiated as a prerequisite for substantiating the requirements for measures to ensure the cyber stability of these segments.

Published

2021

20. Using a virtual laboratory environment for penetration-testing skills training

Author

Nikita S. Zhdanov and Andrey V. Materukhin

Subjects

virtual laboratory environment, penetration-testing skills, information security, distance learning., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

This paper describes the virtual laboratory environment developed by the authors for training penetration-testing skills with justification of the design decisions, as well as the results of the study of the applicability of the developed virtual laboratory environment for teaching penetration-testing skills in the educational process of bachelor's degree in information security program. It has been shown that a virtual lab environment for training penetration-testing skills can be implemented using open source software. The implemented software environment makes rather moderate requirements to the hardware platform (specified in the paper) on which it should be executed. The study of applicability has shown that the developed virtual laboratory environment can be used in the educational process of bachelor's degree in information security program with the use of distance learning technologies and allows students to develop practical skills in using penetration testing methods on examples of objects of various levels of complexity.

Published

2020

21. Ensuring the security of state information systems in conditions of uncertainty

Author

Grigory P. Gavdan and Rustem V. Penerdji

Subjects

information security, state information system, state management bodies, information system, object of computer attacks, information security threat assessment, management., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper addresses issues related to information security of information systems (IS). The Relevance of the work is primarily due to the fact that the number of cyber-attacks on various sectors of the Russian economy is not decreasing, but keeps growing every year. There is an increasing interest in the information circulating in government authorities (at all levels) and SIS. Sometimes important strategic (state) tasks often have to be relegated to the "background" before the need to solve urgent (important short-term) tactical tasks. Today, SIS is an integral part of a rather complex management system, and (itself) management (in fact) becomes situational, which means that the role of public administration structures, and SIS, in these conditions has not lost its relevance. The subject of the research is to ensure the security of SIS in conditions of uncertainty. To achieve this goal, the paper uses the method of analysis of regulatory legal acts of the Russian Federation. SIS data are considered as objects of computer attacks under conditions of uncertainty. The structure of the SIS categorization methodology was developed. The paper discusses the main definitions, arguments, and sources that confirm the importance of assessing threats to the security of SIS information. As a result of the research the increasing importance of protection and the relevance of developing a methodology for assessing information security threats are confirmed. Conclusion: correctly set work (with initial data) for conducting research in conditions of a high degree of their uncertainty is a key point in solving any problems related to information security, including SIS. The results of the study can be used to develop a methodology for assessing threats to the security of state information systems.

Published

2020

22. Application of machine vision technology for focused laser effect accuracy improvement in microelectronic structures research and semiconductor microprocessing

Author

Roman K. Mozhaev, Alexander A. Pechenkin, Artem A. Tsirkov, Kirill G. Belozerov, Vladislav P. Lukashin, and Arseniy A. Baluev

Subjects

machine vision, laser scanning microscopy, topology correction, microelectronics, laser scribing, automation., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

Machine vision is a field of artificial intelligence that deals with processing images and videos using special algorithms. This allows devices to analyze visual information. Machine vision helps with tasks such as pattern recognition, image segmentation, object detection, and tracking. In microscopy, machine vision plays an important role, particularly in laser scanning microscopy (LSM). Laser scanning microscopy, laser scribing, and laser correction of the topology of semiconductor crystals are important technological processes in the production, control and adjustment of semiconductor crystals both on debug samples and as part of a test batch on a wafer. Laser exposure allows not only mechanically separate crystals, but also carry out more delicate and minimally invasive actions, in particular, adjustments to the values of thin-film resistors or burning of bridges necessary to adjust the circuit and disable unused blocks of the crystal. The paper lists the main parameters of the positioning system as part of the laser scanning setup, their impact on the quality of scanning and exposure to focused radiation at control points. The principles of machine vision algorithms when working with the image of the scanned object and the results of testing in the task of automated laser burning of bridges on a semiconductor wafer are described. Since the number of bridges can reach tens of thousands, and positioning systems have significant errors, machine vision allows you to correct the area and accuracy of laser exposure at any stage of scanning, which significantly improves the quality and efficiency of the process.

Published

2023

23. Technological platform for the implementation of the cybersecurity network concept ('Cybersecurity Mesh')

Author

Viktor S. Gorbatov, Igor Y. Zhukov, Vladislav V. Kravchenko, and Dmitry I. Pravikov

Subjects

cyberattack, cybersecurity, critical information infrastructure, cybersecurity network, network technologies, technology platform, point protection., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

An analytical review of methods and modern means of countering computer attacks on distributed information infrastructure shows that one of the promising solutions to this problem is the practical implementation of the concept of "Cybersecurity Mesh" (cybersecurity networks"). It involves the application of such an approach that will eliminate specific threats associated with the actual "blurring" of the physical boundaries of the corporate information system by switching to point protection of any remote object. To provide the necessary functionality for such a reliable and secure connection of critical information infrastructure (CII) objects, it is proposed to use a single cloud platform combining several well-known and already used solutions as the technological basis of a cybersecurity network. These include: 5G standard mobile communications, Secure Access Border Service (SASE) and Advanced Detection and Response Service (XDR). This paper analyzes the features of these main elements of such a platform in relation to the implementation of the concept of a distributed CII cybersecurity network in terms of the implementation of its functionality. Further, the issues of the necessary software restructuring of the corporate segment of the Internet in the conditions of the impossibility of full control of its physical infrastructure are considered. Such a task is solved by creating an appropriate cyber level on top of the traditional Internet infrastructure, technologically implemented on the basis of its three main components: cyber control, cyber node and trust node. Functional requirements for these components are described in detail, as well as technological modular solutions for the transition to point protection of each CII object. The obtained results of the conducted research can become a methodological basis for the transition to the design stage of a specific corporate cybersecurity network after the mandatory feasibility study based on risk analysis, since the practical implementation of the analyzed proposals is a complex and expensive process, especially if the necessary restructuring of existing network security systems.

Published

2023

24. Measurement of criteria parameters of analog-to-digital converters and monitoring of their changes during the radiation experiment

Author

Roman S. Torshin, Georgy S. Sorokoumov, Dmitry V. Bobrovsky, Alexander A. Demidov, and Anastasya V. Ulanova

Subjects

analog to digital converter, histogram test, dynamic parameters adc, static parameters adc, testing microchips, absorbed dose., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper presents a method for testing ADC, intended for measurement the basic parameters of converters by histogram test (or code density test). This method is ideally suited for modern wide bandwidth high precision ADCs and is universally accepted, especially with the proliferation of standard PC-based software and ADC manufacturer’s evaluation boards. The histogram and Fast Fourier transform (FFT) tests use essentially the same hardware, both are normally part of a comprehensive ADC test plan [1]. Modular Instrumentation System PXI of NI and Signal Generator SMA100B (ROHDE & SCHWARZ) were used as test equipment for the tests. The basic static and dynamic parameters of the ADC AD7888 were calculated using this method. The degradation of the main parameters of the ADC AD7888 under the influence of the absorbed dose at the «RIK-0401» x-ray unit is presented in the paper.

Published

2020

25. Information security of state information systems

Author

Rustem V. Penerdji and Grigory P. Gavdan

Subjects

state information system, public administration, information system, information property, critical information system., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The purpose of the paper is to consider issues related to the security of state information systems in the Russian Federation. The relevance of these issues is primarily due to the fact that the number of cyber-attacks (causing significant damage to the state) on various areas of its economy, including its state information systems, is increasing every year in Russia. For example, the national initiative for Cybersecurity Education (NICE) was launched in the United States several years ago. This event has not escaped the attention of Russian and other experts in the field of information security (is). The main areas of information property protection include: protection (state, official, commercial, banking, tax, insurance, personal data (PD), etc.) of secrets and intellectual property. State information systems include information technology tools and systems that rely on advanced scientific research, such as knowledge, advanced technologies (know-how), etc. Today, state information systems are an integral part of a fairly complex system of public administration. It is also important to recall the role of the Russian FSTEC regulator in ensuring information security. The subject of the research is SIS as the basis of management of state bodies. The paper focuses on current trends in the field of SIS information security, a brief overview of SIS legislation, and the critical information infrastructure (CII) of Russia's main geopolitical opponent. The main arguments for the importance of the chosen direction of work are discussed. Further research is expected to be conducted in the field of SIS security in an uncertain environment.

Published

2020

26. Approach to steganography storage in removable media file system

Author

Mihail V. Malahov and Pavel V. Slipenchuk

Subjects

information security, data security, steganography, cryptography, file systems, perfectly secure steganography systems., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

Problems of hidden storage and transmission of information are successfully solved by using steganography. The most common steganographic maskers for transmitting and storing information at a given time are media files, such as photos, videos, and audio files. The use of such maskers imposes a number of restrictions, one of which is a limit on the size of the embedded information. Thus, increasing the amount of hidden data changes the entropy properties of the masker and allows you to detect the fact of steganography. One of the alternative ways to ensure the possibility of steganographic concealment of large amounts of information is to use a fundamentally different method of concealment. In this regard, it becomes relevant to develop a method for steganographic storage of information in the file system, as a masker, in which you can secretly store quite large amounts of data. This paper presents an approach to steganographic storage of information in the file system of the extracted data carrier, which is usually an electronic data carrier with the FAT32 file system. During the analysis of existing steganography tools designed to hide information in file systems, their weaknesses and strengths were identified, on the basis of which the requirements for the developed tool were put forward. The paper presents a detailed description of the algorithms used in the new approach. Its main advantages and the situations in which its application is justified are described, as well as its perfection by the Cachin method is proved.

Published

2020

27. Models and algorithms of privacy-preserving machine learning

Author

Sergey V. Zapechnikov

Subjects

data mining, machine learning, deep learning, federated learning, transfer learning, privacy, secure multi-party computations, secret sharing scheme, homomorphic encryption., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper is devoted to the recent scientific problem of privacy-preserving machine learning. The problem actuality is determined by the growing need to use machine learning for personal data, as well as for data that make up commercial, medical, financial and other types of information protected by law. The aim of the study is to systematize the security models of machine learning, to identify algorithmic tools that can be used to ensure the privacy of the learning process and application of models, as well as to analyze the privacy-preserving machine learning systems. The paper presents the major concepts and definitions related to machine learning, provides a systematization of machine learning problems and methods of their solution, and pays attention to the modern and promising areas of development of machine learning. Among the tasks of machine learning are those for which it is important to ensure the privacy of data from training, test and work samples. Special cryptographic methods and protocols are correlated to the problems solved. A brief description of the known privacy-preserving machine learning systems is given. The machine learning methods supported by these systems, as well as the type of adversary that the system can resist, and the cryptographic primitives used for the implementation are described in the paper. Unsolved problems in the field of privacy-preserving machine learning and prospects for the development of this scientific field are considered.

Published

2020

28. Terms and definitions base development for counterfeit electronics test for critical information infrastructure objects

Author

Anatoly P. Durakovskiy, Leonid N. Kessarinskiy, and Alexey O. Shirin

Subjects

authentication, counterfeit, electronics components, microelectronics., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper suggests a number of proposals for formation of the regulatory field of protection systems against fraud and counterfeit products, as well as for a uniquely understood set of terms, abbreviations and definitions based on the most harmonized domestic and foreign standards in this area. The program of digitalization of the economies of developed countries highlights a relatively new direction of development of the so-called cyberphysical control systems for industrial technological processes, in particular. This motivates a formulation the new non-traditional tasks to ensure the security of critical information infrastructure. The obvious threat of stability losses of technological processes is the use of counterfeit components in view of an overall observed increase of volume of counterfeit products, including the electronic components. Therefore, there is a clear request to find a systematic solution to the problem of counterfeit detection not only from the standpoint of intellectual property protection, but also having in mind the important aspects of industrial safety during the certification of appropriate technical solutions. It is rather new type of activity for testing centers and laboratories under conditions of insufficiency of the corresponding regulatory base. The paper reviews the foreign normative documents defining the methods and means of detecting counterfeit in radio electronics, which can be used as a starting point for formation of the domestic regulatory framework.

Published

2020

29. Distributed ledger as a tool to ensure trust among business process participants

Author

Sergey V. Zapechnikov

Subjects

Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper is devoted to the problem of using distributed ledgers as a tool to ensure trust among business process participants. The purpose of the paper is to offer a systematic review of the applied aspects of modern distributed ledger technologies, based on the experience of studying the technical and algorithmic concepts of the most famous and popular blockchain platforms. We analyze the main ideas underlying distributed ledgers, discuss in general the architecture of distributed ledger platforms, and classify existing systems. The principles of operation and features of permissionless and permissioned blockchain platforms are considered. An overview of the scope and capabilities of distributed ledgers from the perspective of a potential consumer of this technology is given. The actual problems of distributed ledgers are analyzed. Predictions are made about promising and unpromising applications of distributed registry systems. It is concluded that distributed ledger technologies, as an attempt to create a universal tool to solve the problem of trust in the remote implementation of business relations, have great potential for growth. However, they are characterized by a number of unresolved problems related to improving throughput and ensuring the business partners’ privacy.

Published

2019

30. Cold multi-currency wallet on the platform MKT

Author

Roman A. Sharapov

Subjects

New Harward architecture, dynamically variable architecture, blockchain, offline transaction signature, HD wallet., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper is exploring the concept of implementing multi-currency secure cold wallet on the basis of the microcomputer with dynamically variable architecture MKT. This device is based on the new Harvard architecture, a modification of the classic Harvard architecture, using immutable memory (to ensure the integrity and immutability of the operating system) and session memory blocks (to ensure the correct operation of the software). The paper describes the work mechanism of blockchain and blockchain transactions, the basic principles of cryptocurrency storage. The implementation of the system algorithm for offline signing of transactions and protocols that provide a hierarchical key generation based on HD Wallet technology are reviewed. It is proposed to divide the functionality of the multi-currency wallet into two groups intended for execution either in the operating system that is read-only or available both for reading and writing. The scenario of execution of the working cycle of the designed system is described.

Published

2019

31. Development of algorithm for assessment risk of cyber attacks in electronic banking

Author

Alexander A. Berdyugin

Subjects

cyberspace, cybersecurity, cyberattacks, electronic banking, risk assessment, Basel Committee on Banking Supervision, Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The main task of bank risk management is to streamline banking business processes. This subject arises from the need to study assessment of risk of cyberattacks impact on e-banking systems. The purpose of this paper is to formalize the algorithm for assessing risk of cyberattacks impact in organizations of credit and financial sphere. The problems solved in this work are aimed at improving the development of risk assessment for addressing of existing and potential challenges and considering the new systems and innovations that have already arrived in our lives as well as those are coming. The definition of risk of cyberattacks impact on e-banking systems is formulated. Attention is given to employ mathematical models for evaluating the effectiveness of information security management system (ISMS). Some methods of risk assessment are discussed, also considering the ever-increasing computational capabilities and cyberattacks accessibility. The paper analyzes the calculation of capital requirements reserved to cover losses in the course of the Bank's operations, proposed by the agreement of the Basel Committee on banking supervision (Basel II). The options of quantitative risk assessment by different experts are considered. It describes in detail the quantitative assessment of the effectiveness of cyber weapons, which depends on the circumstances aggravating the responsibility of the attacker. The purpose of risk assessment is to provide objective information necessary to make a decision on risk treatment. Conclusions are drawn about the excesses of the safety function, which reduce the quality of safety. Examples of rudimentary components of ISMS are given. The differences between the non-embossed plastic card "The Golden crown" and the cards of other payment systems are emphasized. In conclusion, it is said about the construction of the management structure. The results of the work can be used for more detailed studies of the risk of cyberattacks impact inherent in electronic banking.

Published

2019

32. On the cryptographic properties of 'Limonnik-3' AKE scheme

Author

Sergey V. Grebnev

Subjects

authentication, Canetti-Krawczyk model, cryptographic protocol, Diffie-Hellman scheme, elliptic curves, key exchange, MTI/A0 protocol., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

We study the “Limonnik-3” authenticated key exchange protocol which is a part of Standardization recommendations R 1323565.1.004-2017 “Authenticated key agreement schemes based on public keys”, officially adopted in Russia in 2017, alongside with the “Echinacea” family of protocols. The protocol uses standardized cryptographic solutions, but does not require digital signature as a primitive, allows two parties to use distinct elliptic curves. The paper describes the protocol the “Limonnik-3”, studies its design rationale, basic requirements used at the stage of protocol design, its cryptographic properties and efficiency. Provided that proposed in the paper parameters and algorithms are used, security against known classes of attacks, including secret key recovery, reduced to the elliptic curve discrete logarithm problem, KCI- and UKS-attacks, is demonstrated. A formal security proof in a modified Canetti-Krawczyk model is deduced, provided that the gap decision Diffie-Hellman problem, connected to the discrete logarithm in the group of points of an elliptic curve, is computationally hard. Automated verification of the protocols shows its security and absence of possible vectors of attack. A brief overview of post-quantum prospectives of the protocol is given. Thus, the paper shows that “Limonnik-3” is a robust and secure cryptographic solution, which satisfies all of the requirements that apply to the modern key exchange protocols.

Published

2019

33. Implementation of A Static Images Protection Method in 'Quantum World'

Author

Dmitry A. A. Melnikov, Anton A. Abramov, and Peter A. Keyer

Subjects

quantum cryptanalysis, pixel, static image, hexagon, contour hexagon, regular pyramid, permutation., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

This study deals with the mechanism of protection of static (fixed) images, based on the permutation of image points (IP), inscribed in the edges of a regular hexagonal pyramid. In contrast to the classical methods of generating permutations, in which the elementary permutation operation is a permutation of two elements, in the proposed method the elementary operation is parametric, i.e. depends on the input parameters of the algorithm, and can affect the permutation of more than two IP. In the previous paper the rotation of hexagon was chosen as elementary permutation. In the present paper several possible modifications of the elementary permutation are considered, and on the basis of the analysis (criterion) of the number of realizable permutations of the initial sequence of IP (SIP) the most acceptable type of modification for the elementary permutation was chosen. The mechanism of protection of static (fixed) images using the permutation is proposed. The analysis of the persistence of this protection mechanism from attacks such as «brute force» is given, and an option that uses the redundancy of the graphical presentation is proposed. Applied analysis of given mechanism has demonstrated its ability to withstand modern cryptanalytic attacks in the application of quantum computing.

Published

2019

34. Development and use of national information resources as the basis for digital economy development

Author

Anatoly A. Malyuk and Grigory P. Gavdan

Subjects

digital transformation, digital economy, information resource, information space of the country., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper considers the national information resources as the most important basis for the development of the digital economy, the classification of sources and main suppliers of various groups of information resources in the course of digital transformation of society. The digital economy is a new economic category, the "Informatization stage", in which electronic data becomes a new key element of the economy that affects the added value. The World Bank has defined the digital economy as a system of economic and socio-cultural relations based on the maximum use of digital information resources, information and communication technologies. Information resources are an important part of national wealth, and the efficiency of its use largely determines the economic power of any country. This work is based on the data obtained by domestic science in the 80-ies of the last century and the new data from modern sources associated with the use of national information resources. The subject of the study is the development of the national information resource as the basis of the digital economy. Based on the results of the analysis of the current state, the major directions of further development of national information resources are formulated. The paper focuses on the use of the consolidated information resource of Russia, as well as the main directions of information space design. In conclusion, the scientific and methodological prospects of using the information component of the digital economy are formulated.

Published

2019

35. Analysis of current regulations in the field of cybersecurity of critical information infrastructure of the Russian Federation

Author

Andrey V. Bondarenko, Konstantin V. Mushovets, Sergey V. Porshnev, and Olga K. Rogova

Subjects

regulations, critical information infrastructure, cii facilities, cii entities, categorization of objects of cii., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper is devoted to a complex analysis of the current system of regulations in the field of security of critical information infrastructure (CII) facilities of the Russian Federation from the point of view of the logic of formation of the legal basis and the chronology of their creation, the results of which have provided a systematic regulatory framework for the security of CII facilities. The main directions of legislative activity in the field of security CII of the Russian Federation have been highlighted and a classification of the current legal acts in terms of it’s requirements has been proposed..The evolution of the content of the regulatory system to ensure the security of significant CII facilities has been described. The results of the analysis led to the conclusion that the state and regulators in the field of IS has developed a sufficient regulatory framework that defines the basic rules, procedures and requirements for the process of categorization, monitoring of its results, as well as providing information security of significant CII facilities. At the same time, on the basis of the experience of categorization of significant objects of the gas industry by the heat and power complex of the Russian Federation, a hypothesis has been made that the establishment of the information security system at specific significant CII sites (e.g., a variety of types of CII objects and areas of activity of CII entities) will require not only the application of existing legal instruments, but also the development of existing sectoral methodical documents in the field of categorization of objects of CII and in the field of construction of the information security system, taking into account their sectoral characteristics.

Published

2023

36. Study of the applicability of the hierarchy analysis method for choosing a SIEM system

Author

Natalia G. Miloslavskaya, Mark Karapetyans, and Vladimir А. Cheverkalov

Subjects

hierarchy analysis method (ham), critical information infrastructure (cii), siem system, network security centers (nsc), information security incident (is incident)., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper is dedicated to the problem of choosing a SIEM system for use in the Network Security Center (NSC) of the critical information infrastructure (CII) information and telecommunications system (ITCS) entities. The security information and event management system is a central element of any NSC architecture, directly affecting the effectiveness of detecting cybersecurity incidents in the CII ITCS. Consequently, the problem of a well-founded choice of a SIEM system for NSC operations is relevant. It is proposed to solve this problem using the Analytic Hierarchy Process (AHP) method, which has proven itself in solving multi-criteria selection tasks. Based on the systemic approach and mathematical apparatus of AHP, it allows for a quantitative assessment of selection criteria and considered alternatives and to choose the preferred option from a set of possibilities. The aim of the study is to demonstrate the applicability of the AHP method for a well-founded choice of a system. The following tasks were addressed within the framework of the study: to describe the stages of the considered method and to present an algorithm for selecting a SIEM system consisting of stages of constructing a hierarchy reflecting the goal of the choice, evaluation criteria of alternatives, determination of weights of selection criteria and alternative systems for each criterion by means of pairwise comparison matrices, identification of the preferred SIEM system based on the sorting of overall priorities for all. The obtained results have practical significance for various NSCs implementing the SIEM system, including the ITCS of a CII entity.

Published

2023

37. Approach to assessing the danger of destructive effects of malware on special-purpose automated systems

Author

Alexander V. Melnikov and Nikolai S. Kobyakov

Subjects

malware, classes of malware, behavioral patterns of malware, trojans, viruses and worms, malware utilities., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The purpose of this study is to develop models for determining the values and severity levels of malware. The relevance of the study is confirmed by the constant increase in the number of malicious programs and the damage caused by their implementation, including on automated special-purpose systems. This paper discusses three classes of malware: malicious utilities, Trojans, viruses, and worms. Weight coefficients for malware classes are calculated using the hierarchy analysis method. An algorithm for assessing the danger of destructive effects based on the behavioral patterns of malicious programs has been developed. Pairs and triples of behavioral patterns have been identified, the joint implementation of which increases the risk of destructive effects of malware. The model was verified to assess the danger of malware implemented in various operating systems. During the verification of the model, malware has determined the hazard values and hazard levels.

Published

2023

38. Search for malicious powershell scripts using syntax trees

Author

Viktor V. Erokhin

Subjects

malware, obfuscation, powershell script, programming, source code, modeling, operating system., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

Purpose of the paper: a search for a rather abstract representation of the PowerShell script functionality using abstract syntax trees such that an invisible obfuscated PowerShell script can be detected provided the associated PowerShell script is already known malware. Research method: PowerShell script obfuscation analysis is performed on three types of obfuscation: token, string, and abstract syntax tree. The obtained result: 1) we have found that simple PowerShell AST-based features, such as the number of AST functions and their distributed depth, as well as the AST similarity obfuscation distance parameter calculated from the types of functions and their location in the AST are sufficient to attribute obfuscated PowerShell scripts to their original script, not subject to obfuscation; 2) a method for creating an extended data set of obfuscated PowerShell is described and implemented including marking source files; 3) an extensive analysis of the data set and several functions are provided to represent the PowerShell structure.

Published

2023

39. LMQSAS - post-quantum aggregate signature scheme with lazy verification

Author

Artyom O. Makarov

Subjects

digital signature, post-quantum cryptography, aggregated signatures, sequential aggregated signatures, lazy verification, multivariate cryptography., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

Aggregated signatures are a type of digital signatures that allow individual signatures obtained by different signers for different messages to be combined into a single signature that provides authenticity, integrity, and non-repudiation for all signed messages. In this case, the length of the resulting aggregated signature is much less than the sum of the lengths of the individual signatures. Sequential aggregated signatures are a subtype of aggregated signatures and allow individual signatures to be combined only during the signing procedure. Signatures of this type can be used in a variety of applications, including secure routing protocols, secure logging, sensor networks, public key infrastructure, blockchain. In this paper we present a new post-quantum aggregated signature scheme with lazy verification that eliminates the need for checking the current sequential aggregated signature during the signature process, which expands its possible application as compared to existing sequential post-quantum signature schemes. The proposed signature scheme is based on post-quantum HFEv- one-way trapdoor permutation, which is known to be resistant to quantum attacks; and Unified Framework of Gentry, O'Neill and Reyzin for obtaining lazy verification using an ideal cipher that can be implemented using the Feistel network and a block cipher. For the presented scheme we provide formal proofs of its security using Bellare-Rogaway game model: the security of the scheme was reduced to the security of a HFEv- one-way trapdoor permutation. We also present a set of parameters for the proposed scheme to meet 80 and 120-bit security levels.

Published

2023

40. Cryptographic scheme for group passwords distribution in steganographic systems

Author

Ivan V. Nechta

Subjects

group passwords, steganography, cryptography., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

This paper proposes a new scheme of passwords distribution for user groups via a hidden communication channel. The previously known models explicitly demonstrated the presence of passwords and cannot be used in any hidden communication channel. The considered model assumes the presence of a coordinator who regulates the composition of the groups and is the source of the overwhelming proportion of messages. The composition of the groups is not known in advance and may change during transmission messages. It is assumed that the data transmitted in a container will consist of two parts: a service part, which contains information about groups and passwords, and a useful part, which contains the target message that encrypted with a group-password. The scheme is based on the Kronecker-Capelli theorem. To find a group password the subscriber-receiver, is included in the group, calculates the product of the roots of a joint system of linear algebraic equations. This system consists of n equations and contains n+1variables. For an outside subscriber, who is not included in the group, the system of equations has not a single solution. A subscriber in the group is able to calculate one variable by a predefined formula. Consequently, the system of equations for such subscriber has the unique solution. The paper describes the processes of changing a composition of groups: creating, adding a participant, removing. The removing users from a group is realized by reuniting members of the old group. The scheme provides the possibility of combining previously created subgroups into large group without significant overhead costs. The proposed scheme can be used in practice by some organization to manage its branches when communicating via hidden data transmission channels.

Published

2019

41. About the possibility of embedding the distributed ledger technologies into the systems of mixed workflow

Author

Pavel S Lozhnikov, Alexey E. Sulavko, and Samal S. Zhumazhanova

Subjects

electronic document management systems, hybrid document, distributed ledger technology, blockchain, biometrics, electronic signature., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper presents a study on the possibility of using distributed ledger technologies in managing various business processes based on electronic document management systems. In the finance and trade sphere, the type of distributed ledger technology, blockchain, is already presented as a real alternative to the existing infrastructure, however, the experience of developing and implementing such solutions in electronic document management systems is currently insufficient. The model of hybrid workflow proposed earlier by the authors of the article has a number of advantages over usual scheme of information exchange, and combines equal document protection in paper and digital form using cryptographic and biometric methods. The described distributed ledger-based hybrid workflow scheme also provides decentralized information storage, a fixed size of data blocks stored and transmitted by users, generation of cryptographic keys using biometric images of authorized users, and identification of subjects that performed various actions on document regardless of its type format. The authors also considered possible problems that might be encountered in the development and implementation of such an information interaction scheme.

Published

2019

42. The digital economy and actual problems of the improvement of the training system in the field of information security

Author

Evgeny B. Belov, Vladimir P. Los, and Anatoly A. Malyuk

Subjects

information security, staffing of the information security industry, information security awareness, professional and mass training in the field of information security, information security culture., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

Trends in the development of the global information society indicate an increasing need for professionals with well established information culture, including those with knowledge and skills to ensure information security. The development and improvement of the system of appropriate training is stated in the Doctrine of information security of the Russian Federation as one of the priority measures for the implementation of the state policy in the field of digital economy. Training in this case should include both professional and mass training. In turn, the professional training can be basic and additional. The main goal of mass education is to form a culture of information security in society, which insufficient level of was noted in the Doctrine of information security as one of the main information threats. Therefore, the paper deals with the whole spectrum of the current problems of both professional and mass training. The importance of implementing the paradigm of continuous education ("lifelong learning") is emphasized. Thus, the main purpose of this paper is to reveal the most important problems of ensuring the continuous process of formation of modern culture of information security using the capabilities of all components of the educational system.

Published

2018

43. Development and implementation of a method to detect an abnormal behavior of nodes in a group of robots

Author

Elena S. Basan, Alexander S. Basan, and Oleg B. Makarevich

Subjects

mobile robots, abnormal behavior, probabilistic methods, group control, attack, detection., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The present paper examines the issues of security in a group of mobile robots in the implementation of malicious attacks aimed at the availability of information. The main methods and approaches for detecting attacks and mobile robots anomalies were analyzed. The major advantages and disadvantages of existing approaches were identified. The aim is to develop an attack detection method that allows avoiding a creation of either a reference distribution, or a signature database, or rules for a group of mobile robots. The method should detect anomalies within the current conditions with a dynamically changing network structure. The paper presents a method for detecting abnormal behavior of a network node based on analysis of parameters: the residual energy and network load. The behavior of individual robots of the group is analyzed with respect to the deviation from the general behavior using probabilistic methods, which avoids creating a reference distribution for describing the behavior of the node, as well as the creating of a signature database for detecting anomalies. The developed method of detecting abnormal behavior based on the probabilistic evaluation of events. Three types of a network node state were defined, a graph of node transitions to each state was constructed, and parameters that affect these transitions were determined. The developed method demonstrates a high detection rate of denial of service attacks and distributed denial of service attacks when the number of malicious nodes is not greater than or slightly greater than the amount trusted nodes. It also provides detection of the Sybil attack. An experimental study was carried out. It includes the development of a model to simulate a group of mobile robots, in particular a robot network. Scenarios of attacks were developed, implemented for a group of mobile robots. It allows evaluating the effectiveness of this method of anomalous behavior detection. To determine the effectiveness of the developed method, the following indicators were used: time of detection of attackers and the number of nodes of the attacker that can be detected.

Published

2018

44. Building secure multidimensional data management system

Author

Andrey V. Gorlatyh and Sergey V. Zapechnikov

Subjects

data warehouses, search queries, cryptographic protocols, authentication, multidimensional data., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

Nowadays one should not underestimate importance of informational technologies across all fields of humans’ life. Computational technologies and tools became crucial parts of any human activity. However, since information is becoming a strategic resource, it is necessary to ensure its security by all means. A large number of contemporary studies have been carried on in the field of informational security. Recently, multidimensional information technologies have become popular for data analysis and processing. This has led to a contradiction between ever growing demand of multidimensional data processing systems and inability to properly secure such system due to insufficient research within this field. As a result, sensitive multidimensional data cannot be securely processed due to lack of proper secure systems able to ensure appropriate level of informational security. Authors decided to develop such system. The paper proposes architecture of multidimensional data management system capable of secure information management built up as a multidimensional hypercube. Proposed architecture consists of a description of main system components, a description of task performed by those components and principles of their communication. The paper describes a way to build a system which ensures safe read/write operations for confidential information organized as multidimensional hypercube. The proposed solution allows secure processing of sensitive multidimensional data and therefore extending the area where such systems can be used.

Published

2018

45. Fundamentals of scientific research for information security specialists: on the approach to the textbook

Author

Svetlana V. Konyavskaya

Subjects

fundamentals of scientific research, lectures, anthology, information security., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper is devoted to the forthcoming textbook on the course "Fundamentals of scientific research" at the Department of information security of the DREC MIPT. The textbook is a combination of lectures with the anthology and includes, in addition to the author's text, extensive fragments of scientific works from XX-XXI centuries. The backgrounds of this approach, the composition of the book and a summary of the sections are given as well. Emphasis here is made primarily on what texts and in what keys are offered in the textbook. In the author's opinion the main didactic task of the course is to demonstrate to students the huge heuristic potential of the broad research erudition. It is obvious that understanding of direct relation of a concrete result to the cultural background is highly important. Once the students understand that the result will not be obtained without this background, or will be obtained but with a delay and in rather difficult way, they likely gain an idea of importance of the broad erudition. To solve the didactic task one demonstrates the parallels between the Grenander’s theory of images, chemistry, phonology and control of the integrity of virtual infrastructure; linguistics and circuitry; physiology and research of new computer architecture. Both positive and negative examples are given. As it is well known, the bad examples imply stronger emotional impression, they are more likely to impress students and will be well remembered by them. This paper is an invitation to discuss the appropriateness of the approach to teach the information protection specialists the "Fundamentals of scientific research" course by emphasizing not only the specific features of this rather special subject area, but rather its general scientific backgrounds.

Published

2018

46. A secure mutual authentication procedure, generate the key fiscal basis, and fiscal data protection

Author

Igor Y. Zhukov and Oleg N. Murashov

Subjects

mutual authentication, cryptographic transformation, master key, fiscal sign, fiscal data protection., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The paper describes cryptographic transformation for mutual authentication and creation of the fiscal sign key. This transformation based on using block encryption cipher named «Kuznetchik», described in the national standard of the Russian Federation GOST R 34.12-2015 and realized in gamma generation mode as it is described in the another national standard of the Russian Federation GOST R 34.13-2015. The function of the integrity protection (authentication code) is defined by the recommendation for standardization R 50.1.113–2016. The solution proposed in this paper is aimed for an authentication and integrity control of fiscal data transmitted through communication channels between fiscal storage devices and fiscal data operators, as well as between the fiscal data operators and the authorized agency. Formats of transmitted fiscal data, methods of transmission and mechanisms to ensure the confidentiality of transmitted fiscal data determined by the authorized agency of the Federal Executive power. The article gives a short description of the protocol model, a formal analysis of passive attacks in the assumption that the cryptographic properties of the protocol depends on the feature of cryptographic transformations used, which are standardized solutions regulated by national standards, or national recommendations for standardization. Since the cryptographic transformations could not be compromised by the intruder we can conclude that the intruder also can not compromise the fiscal signs protection protocol.

Published

2018

47. New method of steganalysis for text data obtained by synonym run-length encoding

Author

Ivan V. Nechta

Subjects

steganalysis, synonym substitution method, tyrannosaurus lex., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

In this article, we present a new stegoanalysis method for detecting a text obtained by the synonym Run-Length Encoding. The analyzed RLE-method allows us to keep some statistical properties of the text after a secret message embedding. In particular, the probabilities distribution of the bits in the extracted message and the probabilities distribution of using text synonyms keep unchanged, that ensures a high secrecy degree of the considered embedding method. In this paper we show that the embedded message changes the probabilities distribution of bit-series lengths in the extracted message, and this fact is used for our stegoanalysis. It was shown that the embedded message breaks the statistical structure of the container, and this fact is used for the stegoanalysis. The constructed stegotest compares the probability distribution of runs (with length no more than 5 bits) in the message extracted from the container with reference distributions corresponding to an empty and embedded containers. Reference distributions were obtained by analysing of 1000 natural-text containers taken from the Gutenberg Project library. In this paper we consider two approaches for obtaining reference distributions. The first approach deals with analyzing the statistic of the message extracted from the container in the usual way (using the Tyrannosaurus Lex program). The second approach involves an additional decoding of the message in accordance with the analyzed run-length encoding algorithm. Experimental results allow us to assert that the first approach is more effective. The Kullback-Leibler measure is used as a divergence measure of two probability distributions. It was shown that the proposed method makes it possible to detect presence of the secret message in the container with a number of synonyms equal to 500, while false negative error is 1.5% and false positive error is 1.3%. In comparison with the known analogs, the proposed method demonstrates higher accuracy of analysis for a smaller size of input data.

Published

2018

48. To the issue about the purpose and objectives the USA National initiative for cybersecurity education

Author

Dmitriy A. Melnikov, Grigory P. Gavdan, and Ivan A. Korsakov

Subjects

cybersecurity, education, workforces, competences, speciality areas, knowledges, skills, abilities, work roles, tacks., Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

In the current year, Russia entered a three-year transitional period for the implementation of professional standards designed to replace the traditional regulations of the Unified Qualification Handbook (UQH) for the positions of executives, specialists and employees. Several professional standards have been approved for the field of staffing of information security. However, from the higher school point of view, the existing variety of approved professional standards can hardly be used as a normative basis for the improvement and development of the existing system of educational standards in the information security area, although such an obvious conceptual task was set in the framework of the transition from UQH to professional standards. This paper analyses foreign experience in solving this problem using rather impressive example of the United States. A systematic study of the labor (personnel) resources structure in the cybersecurity field was carried on within the framework of the national initiative for cybersecurity education, which is proposed as a fundamental reference resource. That resource can be used to guide the various category users, including educational organizations, to solve their tasks of providing labor resources in the field of cybersecurity. The cybersecurity workforce framework (CWF) components include such categories as specialty areas, work roles, knowledge, skills, abilities and tasks (performed for any kind of work). The paper analyzes the presented CWF, its content, as well as its important role in harmonizing the Russian educational standards in the field of cybersecurity.

Published

2018

49. Robustness Analysis of Dynamic Watermarks

Author

Ivan V. Nechta

Subjects

dynamic watermarking, steganography of executables, Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

In this paper we consider previously known scheme of dynamic watermarks embedding (Ra- dix-n) that is used for preventing illegal use of software. According to the scheme a watermark is dynamic linked data structure (graph), which is created in memory during program execution. Hidden data, such as information about author, can be represented in a different type of graph structure. This data can be extracted and demonstrated in judicial proceedings. This paper declared that the above mentioned scheme was previously one of the most reliable, has a number of features that allows an attacker to detect a stage of watermark construction in the program, and therefore it can be corrupted or deleted. The author of this article shows the weakness of Radix-N scheme, which consists in the fact that we can reveal dynamic data structures of a program by using information received from some API-functions hooker which catches function calls of dynamic memory allocation. One of these data structures is the watermark. Pointers on dynamically created objects (arrays, variables, class items, etc.) of a program can be detected by content analysis of computer's RAM. Different dynamic objects in memory interconnected by pointers form dynamic data structures of a program such as lists, stacks, trees and other graphs (including the watermark). Our experiment shows that in the vast majority of cases the amount of data structure in programs is small, which increases probability of a successful attack. Also we present an algorithm for finding connected components of a graph with linear time-consuming in cases where the number of nodes is about 106. On the basis of the experimental findings the new watermarking scheme has been presented, which is resistant to the proposed attack. It is offered to use different graph structure representation of a watermark, where edges are implemented using unique signatures. Our scheme uses content encrypting of graph nodes (except signature), so an attacker is not able to reveal links between nodes and find the watermark.

Published

2017

50. The Use of Speech Technology to Protect the Document Turnover

Author

Alexandr M. Alyushin and Sergey V. Dvoryankin

Subjects

spectrogram, audiomarker, recognition, documentation, graphic image, Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

The wide current paper documents implementation in practice workflows are shown. The basic aspects of document protection related to the protection of their content and legal components are underlined. For contextual component assigned semantic information aspect of the document is considered. For legal component attributed facts and conditions for the creation, approval, negotiation of the document to specific persons is viewed. The documents protection problem importance is shown in connection with possible terrorist threats. The importance of such factor as the time of fraud detection towards the efficiency of documents protection is shown. The fraud detection time requirements for documents of different nature – financial, legal, management is analyzed. The documents used for the operational management of dangerous objects is point out as the most sensitive to the falsification. It is shown that their deliberate falsification can lead to accidents and technogenic catastrophes and human casualties. A comparative analysis of currently used protecting documents methods are presented. Biometric and non-biometric methods of documents protection are point out.Theanalysis of their short comings are given. The conclusion about the prospects of document protection on the basis of the voice signature technology are done. The basic steps of voice information processing in the implementation of this technology are analyzed. The software that implements a documents counterfeiting new protection technology is proposed. The technology is based on the audiomarkers usage at the end of the document, which contains a general information about it. The technology is applicable to the wide range of documents such as financial and valuable papers, contracts, etc. One of the most important advantages of this technology is that any changes in the document can not be done without the author of the document because audiomarker keeps the biometric data of the person. The developed software is oriented on the mobile applications on the basis of android operating system. The software has a friendly interface, which allows one to create, correct and check audiomarkers. The performed software tests shows its high efficiency, including the possibility of audiomarkers recognition in various lighting conditions. The possibility of document protection level improvement by logging in voice signature the current level of mental and emotional stress of the document author, which can be used to detect its inadequate state is shown. This makes it possible to identify cases of document preparation under the application of physical or mental violence.

Published

2017