Azhmukhamedov I. M., Knyazeva O. M.
Annotation:
Assessments of the level of security of information asset (confidentiality, integrity, availability,) methodology is offered by applying the knowledge base consisting of fuzzy production rules.
Keywords:
Information assets, security service, vulnerability, degree of injury, linguistic variable, fuzzy numberPoltavtseva M. A.
Annotation:
The article deals with presenting the administrative information, having the form of a hierarchy of related events in a relational server and manipulation of this data. It includes the models of data mapping, operations on them, and compares the possible solutions in terms of performance and safety.
Keywords:
Relational databases, data models, hierarchies, data integrityKhomonenko A. D., Voytsekhovsky S. V., Logashеv S. V., Dashonok V. L.
Annotation:
An approach to solving the problem of eliminating semantic contradictions in mission-critical information systems based on the formation of fuzzy rule base and then applying the algorithm of Mamdani fuzzy inference. Approach is seen by the example of the electronic library elibrary.ru. Substantiates the composition of the compared fields and type of membership functions for the input linguistic variables. Are examples of resolving contradictions to make a decision about the fitness of a particular publication or references to it in a certain category (new or existing publication).
Keywords:
Information system, the resolution of contradictions, fuzzy inferenceEfanov D. V., Roschin P. G.
Annotation:
This article discusses the problems that arise at interaction of graphical applications with D-Bus session services in SELinux aware operating system with multilevel security policy. We propose a method of interaction of graphical applications with D-Bus session services, which uses the polyinstantiation approach. The proposed method allows to achieve high isolation of applications that run with different security levels, while retaining the ability to interact with D-Bus services.
Keywords:
Mandatory access control, trusted operating systemYakovlev V. A., Skachkova V. V.
Annotation:
An approach for assessing of the suitability of graphic material for use in the graphical password protection (GP) is proposal. It is based on an assessment of the number and lengths of the contours of image objects. We have introduced: coefficient of image fitness and a four-level scale of image fitness. We offer a methodology for automated evaluation of the image coefficient suitability for graphical password protection, that includes a specially designed of "Contour Analysis" program. The experimental results of evaluation of the suitability for the seven types of images and recommendations on the choice of images for graphical password protection are given.
Keywords:
Authentication, password, graphical passwordElin V. M.
Annotation:
The peculiarities of civil regulation and construction of the system of civil protection of computer information in the Russian Federation. The concept of computer information is subject to a comprehensive analysis by application of the legislation on electronic documents and computer programs (databases).
Keywords:
International exchange of information, data protection, civil law regulation, information and communication networks, computer software, european patent conventionSikarev I. A., Shakhnov S. F., Kiselevich G. V.
Annotation:
The article analyzes the influence of the electrical properties of soils most common on the inland waterways (IWW) of Russia on the behavior of the field attenuation function of medium-wave range from a vertical point dipole in the zone of action of the control and correction stations (CCS) of the river local differential subsystem (RLDSS) of GLONASS/GPS. The conditions are given, with which the replacement of real soils by the ideal underlying surface is valid.
Keywords:
Attenuation function, complex dielectric permittivity, specific conductivity, numerical distance, underlying surface, piecewise-uniform routeSikarev I. A., Shakhnov S. F., Kiselevich G. V.
Annotation:
The article examines the methodology of the calculation of the noise protection of the radio channels of the control and correction stations (CCS) of the river local differential subsystem (RLDSS) of GLONASS/GPS on the inland waterways (IWW) of Russia, based on a study of the coefficient of a mutual difference between the signal and mutual disturbance with the use of the frequency modulated binary Baudot code.
Keywords:
Potential disturbance stability, mutual disturbances, coefficient of mutual difference, field of defeat, coefficient of electromagnetic protection, probability of the error of piece-by-piece method, power engineering of interferenceBaranov A
Annotation:
The article examines directions of research considering the paradigm of perspective development and mass usage of computer technology. Attention is drawn to trends that exist because of wide usage of information systems having over 10 million users. The effect of transition from quantity to quality takes place virtually for all kinds of information security systems and often leads to rejection of traditional a priori principles of confidentiality, integrity and availability. This is true both for all the principles simultaneously and for each of them in particular or in combinations. Partial completion of a priori information security measure complex combined with a posteriori methods of data protection with respect to risk assessment forms an urgent necessity for mass application of information technology.
Keywords:
INFORMATION SECURITY, DATA PROTECTION, DEVELOPMENT PERSPECTIVES, DEVELOPMENT TRENDS, DEVELOPMENT TENDENCIES, TRADITIONAL PRINCIPLES OF INFORMATION SECURITY, CONFIDENTIALITY, INTEGRITY, AVAILABILITY, A PRIORI INFORMATION PROTECTION, A POSTERIORI INFORMATION PROTECTION, INFORMATION SECURITY SYSTEM.Zaytsev A.S. Malyuk A.A.
Annotation:
The paper considers modern researches in the field of insider threat countermeasures; the result of analysis is strengths and weaknesses of existing approaches and recommendations for their improvement.
Insider threat, system dynamics, Bayesian networks
Keywords:
Insider threat, system dynamics, Bayesian networksMalthcev G.N., Pankpatov A.V.
Annotation:
This article provides a probabilistic description of accessing secure technical systems using reverse engineering. The time variation of opportunities to address the protection and conservation in the protected status of the analyzed system is described by a probabilistic model of conflict interaction. Presented by probabilistic and temporal characteristics of opportunities for access to protected resources for different model parameters and to formulate practical recommendations for determining the conditions for reverse engineering.
Keywords:
INFORMATION SECURITY, REVERSE ENGINEERING, CONFLICT INTERACTION.Petr Baranov
Annotation:
The article considers cyclic redundant code CRC-value for a fixed-length packet of data. Due to various reasons the data transferred via digital connection channels could be modified. The author proposes to simulate these modifications in form of random additive noises. In the article it is shown that random noise processes cause changes in CRC-value described as special vector sums of noise values. Particularly, with white noise, CRC-value's change is a sum of random independent differently-distributed vectors over binary field GF(2). The writing formulates the research task of multi-dimension, differently-distributed random values over finite fields of special form with various dependencies of their components. It appears to be that not only limit theorems with large amount of components simulated by big length of data packet are interesting, but exact distributions with small packet lengths are also of certain interest.
Keywords:
ELECTRONIC SIGNATURE, CRC, MESSAGE DISTORTION, PROBABILITY MODEL, TELECOMMUNICATION SYSTEM, DISTORTION-FREE TRANSMISSION, ERROR-FREE TRANSFERKonoplev A., Kalinin M.
Annotation:
The paper reviews the problem of unauthorized access to the data in distributed computing networks. It discusses available implementations of access control mechanisms in Grid systems, considers their disadvantages. There is proposed an access control method that allow to perform security verification of such systems. Also specified security properties which form an initial state of the system.
Keywords:
DISTRIBUTED COMPUTING NETWORKS, GRID SYSTEM, UNAUTHORIZED ACCESS, ACCESS CONTROL, SECURITY POLICYKotenko I.V., Chechulin A.A., Komashinsky D.V.
Annotation:
The paper is devoted to the problem of protection against unwanted and harmful content in the Internet using data mining techniques. The object of the investigation presented in this paper is the process of classification (categorization) of web pages.
Keywords:
INAPPROPRIATE INFORMATION, DATA MINING TECHNIQUES, WEB-SITES CLASSIFICATION.Lavrova D.S., Pechenkin A.I.
Annotation:
This article describes the main features of the Internet of Things, and a research of security threats. The authors conducted a study of data from the devices of the Internet of Things, the data are classified by type. The authors also propose an approach to the detection of security incidents in the Internet of Things, based on data analysis from devices of the Internet of Things.
Keywords:
Internet of Things, security incident, correlation analysis, control flowZhukovI.Yu.,
MikhaylovD.M.,
FesenkoS.D.,
NasenkovI.G.
Annotation:
This paper presents an overview of the major attacks that can be committed by an intruder to exploit the vulnerabilities of mobile devices, which are the result of the implementation of the program bugs. With the help of these bugs, the fraudster can force the phone to send messages to paid telephone numbers, record telephone conversations, access personal data as well as the operating system. The authors also give the main recommendations, compliance with which will protect the mobile device from illegal actions of third parties. This overview can be used to improve existing protection of mobile devices.
Keywords:
SOFTWARE BUGS, MALICIOUS LOGIC, THEFT OF PERSONAL DATA.Moskvin D.A., Ivanov D.V.
Annotation:
The article considers rapidly developing technology of self-organizing wireless networks. Investigated and analyzed "Wormhole" and "Blackhole" attacks. Also described and estimated prevention methods.
Keywords:
SELF-ORGANIZATION, NETWORK, SECURITY, ATTACK.Kalinin M.O., Shenets N.N., Rybin D.I.
Annotation:
The paper reviews the model of network security system which is built on the computing cluster of virtual machines. The experimental results are presented for estimation of optimal parameters of virtualized framework and balancing algorithms.
Keywords:
SIMULATION MODEL, VIRTUAL MACHINE, NETWORK TRAFFIC.Golchevskiy Yu.V., Severin P.A., Nikulov K.V.
Annotation:
The problem of analysis and security of software development is investigated using code dynamics metrics, based on the proposed construction of a code card.
Keywords:
CODE CARD, CODE DYNAMICS METRICS, ANALYSIS OF SOFTWARE DEVELOPMENT, INFORMATION SAFETY.ChilikovA.A., KhoruzhenkoG.I.
Annotation:
В работе исследуются механизмы защиты данных в оперативной памяти, применяемые в прикладном программном обеспечении. Авторами представлены алгоритмы восстановления зашифрованной ключевой информации (ключей шифрования и паролей) из образа памяти для ряда распространенных программных средств.
Keywords:
DIGITAL FORENSICS, LIVE-MEMORY ANALYSISGorbachev I.E., Anikanov G.A.
Annotation:
Discusses the approach to reduce the risk of destructive impact on critical infrastructure. Approach is to create the malefactor false image of the object of attack as a result of their conduct remote identification. Reveals the stages of the technology masking information resources to the prediction of the behavior of the malefactor.
Keywords:
CRITICAL INFRASTRUCTURE, CYBER ATTACKS, MASKING INFORMATION RESOURCES, RESEARCH MALEFACTOR.KostarevS.V., LipatnikovV.A., SaharovD.V.
Annotation:
Becoming a scientific field related to research and assess the performance of the automated system in the management of the enterprise integrated structure is constrained by the lack of a unified conceptual apparatus in the field of quality management. Model process of evaluation allows to take into account the probability and timing. Decomposed automated management system on line and centers that adequately describes a model of a queuing system with waiting and unreliable devices.
Keywords:
automated management system. queuing systemLokhvitskiiV.A. MatveevS.V., KhomonenkoA.D., LogashevS.V.
Annotation:
A model is proposed, which allows to evaluate the efficiency of information systems (IS) critical destination, including the costs of identification and elimination of contradictions in the data. Describes the approach to the calculation of open queuing networks, the nodes that use multi-channel system with a "warm-up" service time requests and Erlang distribution approximating 2nd order. Describes how the initial data, which allows to take into account the costs of identification and elimination of contradictions in the calculation of residence time distribution requests in a network model for IS.
Keywords:
INFORMATION SYSTEM, IDENTIFICATION AND RESOLUTION OF CONTRADICTIONS, FUZZY INFERENCE, ELIBRARY.RU, QUEUING NETWORK, "WARM-UP" CHANNELS.Pavlenko E.Y., Moskvin D.A.
St. Petersburg State Polytechnical University
Annotation:
Considered structure of UAVs and described in details the communication subsystem. The analysis of existing attacks directed at capturing the control UAVs and according the analysis proposed methods to protect against such attacks.
Keywords:
UNMANNED AERIAL VEHICLE, GPS, SUBSTITUTION OF SIGNAL, INTERCEPTION CONTROL.Biryukov D.N., Lomako A.G., Eremeev M.A., Magnikov P.V.
Saint-Petersburg, Mozhaisky Military Aerospace Academy
Annotation:
The main aspects of the technology, allowing to formalize the specification document with the requirements for data security on the basis of ontological models to produce a semantic ontology replenishment role-relationships of concepts to generate specifications of potential projects sought information security and to carry out verification of potentially dangerous defects in the specifications.
Keywords:
ONTOLOGY, VERIFICATION, RISK PREVENTION, GYROMAT.Zegzhda P.D., Zegzhda D.P., Stepanova T.V.
Annotation:
Modern IT trends involve not only and not so much the increase of technical characteristics (performance, network bandwidth, volumes of stored and processed data), but also the ability to create novel information processing circuits, implementing global projects such as e-government, mass public e-services and complex industrial control systems. The development of such projects requires new algorithmic support, new theoretical models and high intellectual level of decision-making systems. In this paper authors propose, as an initial step towards new unified methodological cybersecurity basis, the functional-semantic cybersecurity model, allowing to formalize the requirements of confidentiality, integrity and availability (in terms of cybersecurity), as well as to conclude an ontological knowledge of the system security state.
Keywords:
CYBERSECURITY, FUNCTIONAL MODELING, SEMANTIC ANALYSIS, ONTOLOGY.Ageev S.A.
Annotation:
The paper presents basic approaches to developing intellectual methods and information security risk estimation and management algorithms for protected multiservice networks of a special purpose. The mathematical model of information security risk assessment for protected multiservice networks of a special purpose on the basis of fuzzy inferences is developed and investigated.
Keywords:
PROTECTED MULTISERVICE NETWORK, TELEMATIC COMMUNICATIONS SERVICES, INFORMATION SECURITY RISK MANAGEMENT, INTELLIGENT MANAGEMENT, FUZZY INFERENCE, LINGUISTIC VARIABLE.Konoplev A.
Annotation:
The paper reviews the problem of information security in distributed information and telecommunication systems. It describes threat model and security mechanisms that are used to protect such systems against unauthorized access. Security threats related to potential backdoors in hardware are highlighted. Architecture of universal security platform in distributed information and telecommunication systems is proposed.
Keywords:
DISTRIBUTED INFORMATION SYSTEMS, THREAT MODEL, INFORMATION SECURITY, UNAUTHORIZED ACCESS, FLOW CONTROL, ACCESS CONTROL GATEWAY.Kotenko I.V., Shorov A.V.
Annotation:
The approach for modeling of the protection mechanisms against infrastructure attacks based on biological metaphor is developed. Attacks and protection mechanisms are specified as structural models using a set-theoretic approach. An environment for simulation of protection mechanisms based on the biological metaphor is considered, the experiments demonstrating the effectiveness of the protection mechanisms are described. The article shows an assessment of key performance indicators of the developed modeling environment.
Keywords:
BIOINSPIRED APPROACHES, NETWORK MODELING AND SIMULATION, SECURITY EVALUATION AND MEASUREMENT, DDOS, NETWORK ATTACKS AND DEFENSE.Savchenko I.I., Gatsenko O.Y.
Annotation:
Every day the online community become more and more interested in the topic of information security and anonymity online, especially after the revelations of Edward Snowden, when it became known about the mass surveillance by certain structures, such as, for example, the US National Security Agency, of Internet users, companies, political organizations, etc. Therefore, a variety of anonymous networks, VPN-services and different proxy servers has been actively developed. The purpose of this article – to consider the popular methods of ensuring anonymity online, compare them, identify their strengths and weaknesses.
Keywords:
ONLINE ANONYMITY, PROXY, VPN, SSH, NETWORK PROTOCOLS, TOR, I2P.Aleksandrova E.B., Kuznetsova E.A.
Annotation:
An approach to the solution of signature revocation problem in lattice-based group signatures is suggested. The security of VLR- revocation schemes is based on additional delegated powers of the issuing manager, who checks if user’s certificate is included into the revocation list.
Keywords:
group signature, Lattice, VLR-revocation.Belim S.V.Belim S. Yu, Polyakov S.Yu.
Annotation:
In the article the modification of the Blom’s scheme encryption key distribution is investigated. This modification implements security policy, which based on access matrix. The general view of the polynomial to generate key material is developed.
The stability of the proposed scheme to compromise the key materials is studied.
Keywords:
KEY DISTRIBUTION, BLOM'S SCHEME, DISCRETIONARY SECURITY POLICY.Shenets N.N.
Annotation:
The cryptographic standards of the Republic of Belarus are considered and analyzed. It’s shown that these standards cover almost all the needs for security in information systems. Importance of these documents is pointed out within the scope of the interstate cooperation of the Republic of Belarus and Russian Federation.
Keywords:
CRYPTOGRAPHIC ALGORITHM, STANDARD, INFORMATION SYSTEM.Boruchinkin А.Yu., ZhukovI.Yu., NasenkovI.G., KhakimovR.R.
Annotation:
The article deals with the development of the prototype system providing secure voice communication with device authentication through digital signatures. Its main elements are the headset hands-free, which microcontroller supports hardware-line symmetric block encryption algorithm, switching server application on a mobile device and signing center.
Keywords:
INFORMATION SECURITY, HANDS-FREE DEVICE, SIGNALING PROTOCOL, STREAM ENCRYPTION ALGORITHMS.Dvoryankin S.V., Mikhaylov D.M., Panfilov L.A.,
Bonch-Bruevich A.M., Kozlachkov S.B.,
Nasenkov I.G.
Annotation:
This article focuses on the development of tools for noise reduction of audio signals. The article presents a series of algorithms for noise reduction of speech signals. The description of spectrograms as the most successful audio visualization of signals is provided. The algorithms of single-channel and multi-channel noise reduction are considered. Examples of the various corrections are given and the parameters set for the maximum effectiveness are described.
Keywords:
SPECTROGRAM, SIGNAL NOISE CANCELLATION, INTERFERENCE, CONTOUR ANALYSIS.Pilkevich S.V.,
Eremeev M.A.,
Magnikov P.V.
Saint-Petersburg, Mozhaisky Military Space Academy
Annotation:
Abstract. An approach to storage and processing of declarative and procedural knowledge of behavior of single and group of social actors. Combining the results obtained in social psychology, knowledge engineering, and higher algebra allowed to develop the basic elements of the model behavior of user groups modern mass media, especially taking into account both the simulated social communities and their surrounding socio-cultural environment.
Keywords:
SOCIALLY IMPORTANT INTERNET RESOURCE, TYPES OF BEHAVIOR, MODEL OF REPRESENTATION AND PROCESSING OF KNOWLEDGE, FORMAL CONCEPT ANALYSIS, FAKTORRESHETKA, CONTEXT, SOCIAL PSYCHOLOGY.Anikin I.V.
Annotation:
We suggested vulnerability assessment method in computer networks based on fuzzy logic. This method is based on CVSS v.2.0 metrics, fuzzy rules, new fuzzy inference scheme. This method is able to produce vulnerability fuzzy scores under the uncertainty and different vulnerability metrics weights.
Keywords:
VULNERABILITY ASSESSMENT, FUZZY LOGIC.Annotation:
The paper reviews the problem of software security analysis. It shows topicality of dynamic program analysis methods in conditions of source code absence. Modern techniques of the problem solution are described. There is a class of dynamic program analysis methods based on virtualization technology highlighted. The methodology of emulators applying is proposed to perform dynamic program analysis.
Keywords:
UNDECLARED CAPABILITIES, DYNAMIC PROGRAM ANALYSIS, VIRTUALIZATION, EMULATORS.Severin P.A., Golchevskiy Yu.V.
Annotation:
Analysis of the software code safety using the predictive model of vulnerabilities detection, proposed on the basis of the code dynamics metrics is observed.
Keywords:
VULNERABILITIES DETECTION, SOFTWARE CODE, METRICS FOR SOFTWARE CODE ANALYSIS, INFORMATION SECURITY.Maksimov E.A, Kornev V.A., Vitenburg E.A.
Annotation:
Implementation of the various threats may be partially or completely paralyze the work of the organization. Correctly, set up the forecast will allow security experts to choose the right tool for the elimination of threats to information security and reduce the probability of insider attacks. For this article solved the problem of forecasting the probability of success of the intrusion on the subject of insider information. The research tasks: predicting the number of insider intrusion attempts and calculating the probability of each insider invasion using Markov chains.
Keywords:
TAGS OF THE ARTICLE: FORECASTING, INTRUSION DETECTION SYSTEM, AN INTERNAL ATTACKER INSIDER INTRUSION, DATA PROTECTION, INFORMATION SECURITY, MODELING, MARKOV CHAINS.PavlenkoE.U., MoskvinD.A., ReshetovD.V.
Annotation:
In this paper we consider the TOR anonymous network and known attacks to it. We present an attack to TOR network using data flow analysis.
Keywords:
ANONYMITY, TOR, DEANONIMIZATION, DISCLOSURE OF ANONYMITY, TRAFFIC ANALYSIS, TRAFFIC PATTERNS.Bezzateev S.V., Zharinov R.F., Petrov V.I., Zybin V.A.
Annotation:
The system of user authentication and control of its presence in the workplace to prevent unauthorized access to information on the workstation is considered. RFID technology and cryptographic protocol OPACITY are proposed.
Keywords:
ACCESS CONTROL, RADIO FREQUENCY IDENTIFICATION, OPACITYBranitskiy A.A., Kotenko I.V.
Annotation:
The methods of detection and classification of anomalous instances of network connections using the technique of artificial neural networks and evolutional model of the immune system are considered.
Keywords:
INTRUSION DETECTION, NEURAL NETWORKS, IMMUNE DETECTORS, PRINCIPAL COMPONENT ANALYSISGoncharov N.O., Gorchakov D.S.
Annotation:
The problem of mobile viruses have become a real problem for large banks and payment systems. The easiest way to disclose the technical component of the financial botnets for mobile devices is by efforts of the communication provider. In order to automate the process of investigation of these kinds of incidents the hardware-software system was developed. It allows to monitor the activity of malware, fixes attempts to send data to fraudsters, identifies control centers of infected devices as well as account numbers and e-wallets wherethrough stolen funds are withdrawn.
Keywords:
BOTNETS, MOBILE BOTNETS, BOTNETS HAZARD, MALWARE, MOBILE MALWARE, INFORMATION SECURITY, INVESTIGATION OF INCIDENTSDesnitskyV.A., KotenkoI.V.
Annotation:
An approach for forming expert knowledge to develop secure systems with embedded devices is outlined. Security component combination, detection of anomalous data in the system and structural incompatibilities of security components is based on knowledge on the target system, requirements and security components.
Keywords:
EMBEDDED SECURITY, SECURITY COMPONENTS, EXPERT KNOWLEDGE, ANOMALIES AND INCOMPATIBILITIESKotenko I.V., Novikova E.S., Chechulin A.A.
Annotation:
An analysis of techniques for security information visualization is considered. A model for visualization security metrics is proposed. This model helps to perform the comparative analysis of these metrics. The implementation of this model is outlined.
Keywords:
VISUALIZATION, SECURITY METRICS, TREEMAPS, NETWORK SECURITY EVALUATIONKuralenko A.I.
Annotation:
The technique of information security audit of information systems that allow quantitative evaluation of the effectiveness of information security systems, taking into account the impact of information security threats and destructive action on the implementation of such threats. An example of the application of techniques in auditing information security information system of the certification center. A brief comparison of the results with those obtained using the assessment tool of security "GRIF 2006" software package from Digital Security.
Keywords:
Information security audit, information security threats, information security management systemPorkhun A.O., Gamayunov D.Yu.
Annotation:
The article unveils the problem of detection of a special class of web-applications vulnerabilities, which are caused by errors in the implementation or usage of such filters when an intruder may generate specially crafted input data (e.g., images, video) which will be converted by the chain of filters into another data type, for example, in executable code, which may lead to remote code execution.
Keywords:
WEB APPLICATION VULNERABILITIES, VULNERABILITY DETECTION, REMOTE CODE EXECUTION.Razdobarov A. V., Petukhov A. A., Gamayunov D.Yu.
Annotation:
This paper provides and overview of typical problems, which arise in the black-box vulnerability scanning of dynamic web-applications, and provides analysis of theoretical and technical difficulties on the path to complete problem solution. As the result we provide the list of requirements, which must be met by vulnerability scanners for effective analysis of dynamic web interfaces.
Keywords:
web applications vulnerabilities, vulnerability detection, static analysis, dynamic analysisBezzateev S.V., Zharinov R.F., Petrov V.I., Zybin V.A.
Annotation:
The system of user authentication and control of its presence in the workplace to prevent unauthorized access to information on the workstation is considered. RFID technology and cryptographic protocol OPACITY are proposed.
Keywords:
ACCESS CONTROL, RADIO FREQUENCY IDENTIFICATION, OPACITYOleynikP.P.
Annotation:
The article provides an overview of current approaches to setting security and differentiation of user access rights in various architectural applications. The paper presents the author's approach to the delimitation of the rights to the classes, attributes, and objects that meet certain criteria. This is done with the help of the class hierarchy, the composition and structure of which is described in detail in the work. At the end of the work described in the application, which is already implemented and in which the authors used the security model.
Keywords:
SECURITY OF INFORMATION SYSTEMS, OBJECT-ORIENTED APPLICATIONS, OBJECT SYSTEM METAMODEL, MODEL OF PERMISSIONS.KorzhikV.I., YakovlevV.A., TikhonovS.V.
Annotation:
Cryptosystem recently proposed by two scientists from Stanford University is considered. In the current paper we investigate both theoretical and practical possibilities to design such cryptosystem.
Keywords:
CRYPTOSYSTEMS, WIRELESS CHANNEL WITH FADING, MIMO TECHNOLOGY, HARD PROBLEMS ON LATTICES, WIRE-TAP CHANNEL CONCEPT.Agafin S.S.
Annotation:
Random number generators (RNG) are a cornerstone of any means of providing information cryptographic protection. This paper proposes an improved method for generating random numbers from the CPU frequency instability and, as a result, a continuous change of memory access time.
Keywords:
RANDOM NUMBERS, RANDOM NUMBER GENERATORS, X86 ARCHITECTURE, MEMORY ACCESS TIME.Babash A.V.
Annotation:
We givean upper bound forthe degree ofdistinctivenessof a connectedpermutationautomatonwith a givendiameter.
Keywords:
STATE MACHINE, THE DEGREE OF DISTINCTIVENESS, THE DIAMETER OF THE MACHINE.Guselev A.M., Kosolapov D.O.
Annotation:
This article presents a set of characteristics for comparison of identity-based encryption schemes, based on bilinear mappings in finite groups. One provides a comparative survey of most popular schemes, among them schemes included into international standard ISO/IEC 18033-5.
Keywords:
DENTITY-BASED ENCRYPTION SCHEME, PRIVATE KEY GENERATOR, BILINEAR MAP, BILINEAR DIFFIE-HELLMAN PROBLEM.Egorova V.V., Chechulina D.K., Krendelev S.F.
Annotation:
In this paper we discuss the practical usage of proprietary developed fully homomorphic encryption. We show the application of this encryption for construction the public-key cryptosystems. These cryptosystems are based on the Hill cipher and the RSA algorithm. Their implementations demonstrate the correctness of arithmetical calculations over the encrypted data and prove that the multiplication of ciphertext does not lead to increasing the dimension of the multiplication result.
Keywords:
HOMOMORPHIC ENCRYPTION, PUBLIC-KEY CRYPTOSYSTEM, HILL CIPHER, RSA ALGORITHM.Krendelev S. F.
Annotation:
The variant of fully homomorphic encryption for modular computation without increasing the size of data after multiplication is suggested.
Keywords:
HOMOMORPHIC ENCRYPTION, MODULAR ARITHMETIC, MULTIPLICATION TABLE.Lubushkina I.E., Panasenko S.P.
Annotation:
In this paper we focus on statistic analysis of the Stribog compression function output sequences. The aim of the analysis is to search groups of input values that bring to non-random behavior of compression function output. As an exhaustive search over all possible input values is computationally infeasible, we perform local search over predefined subsets of input values with strong input bits correlation. Based on the performed experiments we can make the conclusion about an application correctness and adequacy of confusion and diffusion transformations used in Stribog compression function.
Keywords:
HASH FUNCTION, STRIBOG, GOST R 34.11-2012, COMPRESSION FUNCTION, STATISTICAL TEST, LOCAL SEARCH.Matveeva V.S.
Annotation:
Specialists in digital forensics have conducted researches in the field of file format identification by its statistical properties for data carving purposes. As a result a challenge in differentiating compressed file formats from encrypted files was revealed because of their statistical properties similarity. In the article author suggests a new approach for data analyses, which testing has shown good results in detection of encrypted files.
Keywords:
COMPRESSION, ENCRYPTED FILES, WAVELET TRANSFORM, NORMAL DISTRIBUTION.Mironkin V.O
Annotation:
A comparative analysis of the probability characteristics of the test algorithm and the development of key reference model. A statistical method for determining nonequiprobability generated key sequence. Exact formula for the probability of collision through a fixed number of steps in a random mapping is obtained.
Keywords:
RANDOM MAPPING, CARDINALITY OF AN IMAGE OF RANDOM MAPPING, CYCLE NODES, SEGMENT NONPERIODICITY, COLLISION.SmyshlyaevS.V., ShishkinV.A., MarshalkoG.B., RudskoyV.I., LavrikovI.V.
Annotation:
Overview of published results on hash functions GOST R 34.11-2012 (also known as «Streebog») cryptanalysis and implementations is given.
Keywords:
147-153Fomichev V.M.
Annotation:
The review of main results connected with research of primitivity and exponent estimation of matrix and graphs is given. New research directions are presented.
Keywords:
MIXING GRAPH, PRIMITIVE GRAPH, EXPONENT OF GRAPH.ShishkinV.A., MarshalkoG.B., Lavrikov I.V.
Annotation:
A short survey of papers about tree hash modes of operations is given.
Keywords:
HASH-FUNCTION, MODES OF OPERATIONS, TREE HASHING.Grigoriev V R.
Annotation:
In the article an attempt is made of research of mechanism of subversive western political technologies, which are aimed at the creation of managed conflicts in the information era. In the basis of the proposed approach relevant to acceptances of information era there are 2 methodological bases which accumulate achievements of the last years in research of complex organizational systems- the theory of nonlinear dynamical systems (controlled chaos) and the theory of «reflexive games» in relation to the subject area of information warfare.
Keywords:
NETCENTRIC WAR, THE STRATEGY OF INDIRECT ACTIONS, MANAGED CONFLICTS, SYNERGETIC APPROACH, REFLEXIVE GAMES, DYNAMIC CHAOS, «SOFT» AND «HARD» WARFARE MODELS.Sukhoparov Mikhail Yevgenievich
Annotation:
The aim of the work is to evaluate the informativeness of linguistic features of text messages, allowing you to capture the author's profile for face detection, when posting under multiple accounts. Are the features of text messages, we propose a model of the message. An experiment showing the possibilities of using the analyzer adapted to compute syntactic patterns and structures. The structure of the user profile for the identification and authentication portal on the Internet. Estimated informative features using an approach based on the Shannon entropy.
Keywords:
EVALUATION OF INFORMATION CONTENT, LINGUISTIC PROFILE, SHANNON ENTROPY.AvetisyanA.I., BatuzovK.A., EfimovV.Y., PadaryanV.A., TikhonovA.Y.
Annotation:
The article describes the problem of adaptation desktop and server software analysis techniques to software of mobile platforms. A combined binary code analysis method is suggested. Taking into account whole system software allows detecting leaks of sensitive data. The method requires execution trace, but trace gathering for a firmware is the problem. Difficulties of tracing mobile platform software with the emulator are described and possible approaches to solve such difficulties are shown.
Keywords:
BINARY CODE, DYNAMIC ANALYSIS, SOFTWARE EMULATOR, MOBILE PLATFORMS.Vasiliev I.A., Fursova N.I., Dovgaluk P.M.,
Klimushenkova M.A., Makarov V.A.
Annotation:
This article discusses the mechanism of the instrumentation system that running in the QEMU. The paper formulates requirements for instrumentation mechanism and describes the implementation. Some of important features are: the implementation mechanism instrumentation based on TCG, a description of the process instrumentation in separate modules, the interaction between plugins for analysis of high-level data.
Keywords:
DYNAMIC BINARY INSTRUMENTATION, VIRTUAL MACHINE, EMULATOR.