Providing access to information systems of higher education in the case of loss of key information
Comparative analysis of the ways to reduce the contingency of loss of access. The secret key - the main part of the protection system in most cryptographic algorithms. Homomorphism property as one of the basic features of Shamir threshold scheme.
| Рубрика | Программирование, компьютеры и кибернетика |
| Вид | статья |
| Язык | английский |
| Дата добавления | 06.05.2018 |
| Размер файла | 57,9 K |
Отправить свою хорошую работу в базу знаний просто. Используйте форму, расположенную ниже
Студенты, аспиранты, молодые ученые, использующие базу знаний в своей учебе и работе, будут вам очень благодарны.
Размещено на http://www.allbest.ru
Размещено на http://www.allbest.ru
Modern higher education is characterized by a variety of information links both in the administration and in the areas of core business: the organization and conduct of the educational process, teaching and research activities, the financial administration, personnel management and accounting.
The information systems of higher education store large amounts of data, the protection of which involves the use of key information [4]. Key information ensures the confidentiality of data, but in the case of its loss the access to information systems may be lost.
To reduce the possibility of losing access to data in case of loss of key information in several ways:
· to use the backup key information and keep copies in different places;
· to entrust key information to several people;
· to use of cryptographic protocols secret sharing.
We compare these methods by criteria such as simplicity, reliability, non-repudiation and confidentiality (table 1).
Table 1 ? Comparative analysis of the ways to reduce the contingency of loss of access
The table 1 shows that the most effective way to reduce the likelihood of loss of availability in case of loss of key information is the use of cryptographic secret sharing protocols.
In most cryptographic algorithms the protection, eventually, is based on a secret key. The main problem is in the organization of the secret key storage, because if an attacker manages to get that secret key, the protected information can with high probability to be in his hands. One of the existing methods of storing the secret key is a way to divide it between the people group, each of which will hold a part of the secret key. When it is needed, the private key can be reconstructed on the basis of parts. Part of the secret key itself does not carry any sensitive information [1].
Initially, reports of secret sharing created with the aim of eliminating the need for backup keys. Without a backup key is easy to lose the last one. Too large number of such copies also creates big problems - a low level of secrecy. A potential solution to this problem is the division of secret algorithms - they can be used to raise reliability without increasing the risk of disclosure of key information.
Secret sharing protocol consists of two main phases:
1. Separation secret - phase distribution, the dealer who knows the secret of M, generates a fraction of с1, с2 ,…, сn with secret and will issue to each participant's share of a secure communication channel. Distributing is needed to be organized so that the expanded group of participants gathered together could definitely restore the object, and unresolved - they could not.
2. The recovery phase of the secret when the structure of an access group (non-empty set of all access groups) brings its share with the secrets and get the secret.
There are a number of threshold secret sharing schemes:
- The scheme of Shamir;
- the scheme of Blakely;
- the schemes based on the Chinese remainder theorem.
The secret sharing scheme is perfect, if you share any secrets protected by the coalition does not contain any information about the aggregate secret.
The perfect secret sharing schemes ? this is when all the parts of the secret and the secret of the same size can be any value equal probability of allowable values in this scheme.
Compare the data schema for the perfect and ideal (table 2).
Table 2 ? Comparative analysis of the secret sharing protocol schemes
The scheme of Shamir is the perfect and ideal one. The idea is based on this diagram is that, for the interpolation polynomial of degree (k-1) to the required point. If the minimal number of known points, interpolation is impossible.
The features of Shamir threshold scheme:
- extensibility of the private key (for the newly emerged members of the protocol) can be calculated and distributed without the use of already existing parts, simply by calculating the additional points for the polynomial;
- flexibility - the ability to assign different “weight” of different subsets of the authorization;
- homomorphism property - for the scheme Shamir holds homomorphism.
- effectiveness of a specific mechanism for arithmetic calculations - for example, multiplication by a constant: each participant protocol can multiply their private key part of the constant;
- independence - unlike many cryptographic schemes, safety separation schemes secret key is not directly dependent on the complexity of the key [2].
Figure 1 is a block diagram which implements the secret sharing the scheme of Shamir, wherein:
- p - is a large prime number (M is greater than any secret, which is supposed to share in the scheme);
- n - is the number of shares of the secret;
- k - is the minimum size allowed the group;
- r1,…, rn - are unclassified non-zero elements (r<p);
- s1,…,sk-1 - are arbitrary elements (s<p);
- i=1,2,…,n;
- S(x)= sk-1 xk-1 + sk-2 xk-2 + … + s1x + M mod p - generation of secret shares;
- c1 = S (r1 ) mod p - share the secret;
- the formula of the interpolation polynomial Lagrange, wherein:
.
Figure 1 - The block diagram of the algorithm of Shamir
Thus, the use of a cryptographic Protocol of secret sharing scheme of Shamir, allows to increase the reliability of protection of data stored in information systems of higher educational institutions and makes it impossible to compute the secret illegitimate group of participants.
The scheme will be further implemented in the form of a software product in the programming language C#.
References
secret cryptographic homomorphism
1. Baranovskij K. Sovremennye sredstva hranenija kriptograficheskih kljuchej.
2. Gashenko A.V. Razdelenie sekreta (Secret Sharing).
3. Shnajer B. Prikladnaja kriptografija. Protokoly, algoritmy, ishodnye teksty na jazyke Si Applied Cryptography. Protocols, Algorithms and Source Code in C. - M.: Triumf, 2002. S. 588 - 591. - 816 s.
4. Azhmuhamedov I.M. Dinamicheskaja nechetkaja kognitivnaja model' ocenki urovnja bezopasnosti informacionnyh aktivov VUZa // Vestnik AGTU. Serija: «Upravlenie, vychislitel'naja tehnika i informatika». 2012. №2. S.137-142.
Размещено на Allbest.ru
...Подобные документы
Information security problems of modern computer companies networks. The levels of network security of the company. Methods of protection organization's computer network from unauthorized access from the Internet. Information Security in the Internet.
реферат [20,9 K], добавлен 19.12.2013The material and technological basis of the information society are all sorts of systems based on computers and computer networks, information technology, telecommunication. The task of Ukraine in area of information and communication technologies.
реферат [29,5 K], добавлен 10.05.2011Practical acquaintance with the capabilities and configuration of firewalls, their basic principles and types. Block specific IP-address. Files and Folders Integrity Protection firewalls. Development of information security of corporate policy system.
лабораторная работа [3,2 M], добавлен 09.04.2016A database is a store where information is kept in an organized way. Data structures consist of pointers, strings, arrays, stacks, static and dynamic data structures. A list is a set of data items stored in some order. Methods of construction of a trees.
топик [19,0 K], добавлен 29.06.2009Consideration of a systematic approach to the identification of the organization's processes for improving management efficiency. Approaches to the identification of business processes. Architecture of an Integrated Information Systems methodology.
реферат [195,5 K], добавлен 12.02.2016Напівфункціональна мова програмування, складова частина Access - Visual Basic for Applications (VBA). Створення коду VBA за допомогою майстрів елементів управління. Модулі, створення процедур обробки подій. Редагування у вікні модуля, аргументи процедури.
реферат [144,8 K], добавлен 31.08.2009Microsoft Access как система управления базами данных (СУБД), ее предназначение. Организованная структура для хранения данных. Типы данных при работе с Microsoft Access 2003 и Microsoft Access 2007. Проектирование баз данных и построение ER-диаграммы.
контрольная работа [16,3 K], добавлен 10.10.2010Изучение основных элементов технологии баз данных Microsoft Access. Описание основных понятий и общих сведений базы данных и раскрытие конструктивных особенностей MS Access. Оценка возможностей и анализ основных преимуществ и недостатков баз MS Access.
курсовая работа [153,6 K], добавлен 22.09.2011Program game "Tic-tac-toe" with multiplayer system on visual basic. Text of source code for program functions. View of main interface. There are functions for entering a Players name and Game Name, keep local copy of player, graiting message in chat.
лабораторная работа [592,2 K], добавлен 05.07.2009Рассмотрение интерактивной реляционной системы управления базами данных Microsoft Access. Графические возможности программы; создание таблиц, запросов, формуляров, отчетов, макросов и модулей. Сравнительная характеристика баз данных Clipper и Access.
курсовая работа [1,1 M], добавлен 22.01.2013Характеристика Microsoft Access как реляционной системы управления базами данных производства корпорации Microsoft. Причины ее популярности и основные версии. Описание ее объектов и характерных особенностей. Основные достоинства и недостатки СУБД Access.
презентация [1,5 M], добавлен 17.02.2014Общие понятия реляционного похода к базам данных. Разработка программы для автоматизации функций руководителя салона сотовой связи. Детализация бизнес-процессов. Интерфейс для работы пользователя. Тестирование разработанной информационной системы.
курсовая работа [2,2 M], добавлен 26.06.2012Web Forum - class of applications for communication site visitors. Planning of such database that to contain all information about an user is the name, last name, address, number of reports and their content, information about an user and his friends.
отчет по практике [1,4 M], добавлен 19.03.2014Microsoft Access як функціонально повна реляційна СУБД, робота в Microsoft Access, створення таблиць БД "Договору НДР". Проектування форм, запитів у режимі конструктора, у режимі таблиці. Розрахунок відомості про виконання договорів за допомогою MS Excel.
контрольная работа [4,2 M], добавлен 22.02.2010Работа в Microsoft Access, выделение фамилий и количества преподавателей мужского и женского пола со стажем работы более 10 лет. Общий вид текста SQL-запроса. Работа с электронными таблицами в Microsoft Excel. Результаты расчета зарплаты в Access и Excel.
курсовая работа [2,3 M], добавлен 21.12.2013Определение понятия CASE-технологий. Использование комплексного инструментария ER/Studio для создания логической и физической модели данных, генерирования баз данных на платформе СУБД Access. Процедура добавления атрибутов и сущностей, создания связей.
контрольная работа [2,2 M], добавлен 21.12.2011Общая характеристика приложения Microsoft Office system 2007. Особенности форматов Microsoft Office Open XML. Технологии управления миграцией на новую версию. Возможности приложений Office Word, Excel, Access и Office PowerPoint 2007, их интеграция.
реферат [1,0 M], добавлен 13.09.2011Принципы работы с реляционными базами данных в среде Microsoft Access. Основные положения базы данных Access. Составление таблиц, запросов, отчетов, страниц и модулей. Основные структуры представления базы данных. Определение связей между таблицами.
контрольная работа [2,6 M], добавлен 03.04.2014Technical and economic characteristics of medical institutions. Development of an automation project. Justification of the methods of calculating cost-effectiveness. General information about health and organization safety. Providing electrical safety.
дипломная работа [3,7 M], добавлен 14.05.2014Виды и функции системы управления базами данных Microsoft Access. Иерархическая, сетевая, реляционная модель описания баз данных. Основные понятия таблицы базы данных. Особенности создания объектов базы данных, основные формы. Доступ к Internet в Access.
контрольная работа [19,8 K], добавлен 08.01.2011
