K.E. Rumyantsev, V.V. Kotenko
TRANSFORMATION OF TERRORISM THREATS IN INFORMATION SECURITY BREAKDOWN CIRCUMSTANCES
Today information safety as the component of safety of ability to live of mankind as a whole is in a condition of deep crisis, which consequences are unpredictable and may appear critical.
Against a background of scientific and engineering achievements in the field of information safety maintenance, which are advertising everywhere nowadays, at first sight such statement may seem at least strange. аIt can be explained if to take into account, that the conception of crisis defines inconvenient, heavy position or sharp abrupt crisis in something, for example in illness. Figuratively speaking, there is quite lawful question: how it is possible to speak about crisis if illness is not determined, in other words symptoms are not found and diagnosisаа is not determined.
Symptoms
With the usage of close analysis of a history development systems information safety it is possible to reveal, at least, two destructive phenomena, which are progressing recently.аааааааааааааааааааааааааааааааааааааааааааааааааааааа
аFirst, it is necessary to note, that the equipment and systems
of information safety were initially unable to provide guaranteed protection
of the information. However, if in the beginning of development and using
of the given systems the cases of successful cryptanalysis were individual
and were considered as an exception to the rules, but now, in view of
their mass character, they are taken as a rule. So, the known case of
successful cryptanalysis by
Secondly, information safety systems appearanceаа has caused appearance of cryptanalysis specialists. At the initial stage processes of preparation, training and operations of these persons were under public services control and were strictly regulated by them. However as time goes by on account of several reasons the given processes have begun to get out of hand. It was a result of appearance of original unguided community, called hackers. Originally this community included only dilettantes. Unfortunately this representation about this community is the same nowadays.
.а Amazingly, there is the fact that is still stays without attention, that today this community already represents developing outside of the state structure with strongly centripetal tendencies and with the ideology and sources of financing.Certainly all this is still in embryo. But what prevents to suppose that the mankind can face the powerful and organized structure that can be more dangerous than modern terrorism, as it would be the incarnation of terrorism already at intellectual and spiritual levels? There may be any forces that are already now expect and plan it? We can get enough evidences we want, but it already a theme of another research. So, it is the second symptom of disease crisis.
Having designated the symptoms it is possible to try to put the disease diagnosis.
The diagnosis.
аIn order to present the content of disease and to open its reasons, we will address to a characteristic example.
IPsec/IPv6 protocol for safety is the most perspective for usage with a view of guaranteeing of information confidentiality in networks ╥╤╨/I╨ nowadays, which is elaborated by IETF (Internet Engineering Task Force). It is planned, that this protocolа (dr. 1) will completely replace acting IPsec/IPv4 by 2008.а IPsec/IPv6 algorithms realize mechanisms of the safety, which are allowing to carry out the authenticationа / crypto operation of packages on the net level (on the 7 level model of OSI).
 |
ааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааа Hash F-hashing function, which is reflecting
ааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааа a multitude of possible keys of data
ааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааа elements to the multitude of hash schedule
ааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааа indexes.XOR-exclusionary function;
Dr.1
Distinctive feature of IPv6 is that it adds authentication title to the title of data burst, which allow determining source/ integrity of a packageаа on the reception end in real time. In thisаа purposes asymmetrical algorithms of signature ═╠└╤ (Hash Authentication Cod) are used. Algorithm ═╠└╤ is constructed on a combination of any iterative hash-function (MD5 or SHA-1) and confidential key.
Not putting the task- the analysis of algorithms of the given report, we shall note only the general tendency: perfection of modern systems of information safety is accompanied by increasing of their complexity. All seemed obviously - more perfect system should be more complex. All would be so if not to pay attention that from the very beginning of systems and algorithms developmentаа of the given class, the general approach of the creating remained and still constant. So-called, recurrent sequences use is in a basis of this approach, which are forming the irredundant and primitiveаа polynoms. Such sequences have the maximal period but it duration are casual. From this, they have got the name of pseudo-casual sequences (PCP). This approach was used at creation of the first devices of additive enciphering (Dr.2).
 |
ааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааа G(K)аааааааааааааааааааааааааааааааааааааа cryptogram(E)
ааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааа Key sequence
Dr.2
ааааааа The key in this case was used for initial recurrent registers of shift ((╨╨╤) filling, determining in that way a kind of a key sequence (scale).
Comparing dr. 2 and dr. 1 and marking substantial growth of complexity of information safety algorithms during their development, it is possible to suppose, that in conditions of the constant approach the reasons of marked above disease is necessary to search at sources of creation of the given algorithms.
Today it is possible to guess how the first algorithms of this class were created, as all occurred in a mode of strict secrecy. However with absolute confidence it is possible to contend that scientists and creators participating in this process, were familiar with works of outstanding mathematician Kirhgoph, who determined the conditions of theoretical undecoding of cryptographic system Еа From this is followed, that for achievement absolute undecoding systems keys should be formed under absolutely casual law, and their number should aspire to infinity. At the same time, the analysis of dr 2 shows, that created algorithms initially did not correspond to conditions of the theoretical undecoding .We can only suppose, why this approach was chosen.а The whole complex of the reasons basing on simplicity of technical realization and a hope to approach as much as possible to performing of theoretical undecoding. This hope determined all subsequent development of the given algorithms both on way hardware, and on a way of their program realization. The ╨╨╤ number increased, which are participating in formation of a key sequence, hash-transformations were entered, and accompanying algorithms of authentication and signature were created. All this naturally needed mathematical support. In result the powerful mathematical device, explaining competency of undertaken practical steps was created. Unfortunately the hope was not justified. Nowadays we see that the crisis of disease has come. The diagnosis is default of theoretical conditions of undecoding.
Figuratively created situation can be compared with situation when doctors during treatment of illness which diagnosis they perfectly know also and which required the operative surgical intervention, is limited in application of medical preparations and tonic procedures. Such approach at progressing illness demands application of more and more strong preparations. How such treatment will have an effect on an organism of the patient may predict the person without medical education. During the metastasing, disease will gradually break natural functions of an organism that will result finally in tragical end. Similar situation observes today with information safety, doesnТt it? From these positions it becomes clear, why application of more and more complex and effective algorithms of information safety which should raise crypto firmness of systems, very often reduces negative results.. There is infringement of natural function of information safety and there is necessity in cardinal changes consisting in replacement of the standard approach on more effective, isnТt there? In this plan figurative representation of the created situation shows one more rather serious problem.
The situation when the doctor refuses surgical intervention can be explained by two reasons. The first is, that he is sincere sure that this intervention will injure to the patient. But it is impossible to exclude the situation (doctors let will not take offence, but now it is real) connected with financial questions, frequently it is favorably to the unfair doctor the long treatment of the patient which pays treatment and more and more expensive preparations.а Here influencesа the laws of businessа often distorting medical ethics . The sight from these positions on a condition of information safety reveals enough guarding picture.
It is necessary to note, that all historical development
of cryptography (in the beginning as art and then as science) occurred
in strict conformity with philosophy lawа - the law of unity and conflicting
of opposites, when the efforts directed in opposite directions (crypto
defence and cryptoanalyse), promoted
development of a science about protection of the information as a whole.
This law continued to operate and at the first stage of amplification
of an applied orientation of the given science (middle of the fiftieth
years of the twentieth century) when systems of information safety began
to be created. Determining stimulating factors those times while for development
of crypto defence, and for development ofа cryptoanalyseа
were ideological, patriotic, national and state interests. However with
time, financional factors begin to grow as stimulating
factor. They become determining on a stage of an actual output of developments
of information safety from the control of the states. It results of action
of new did not investigated, philosophical laws in which basis the philosophy
of business. It is not favorably for developers of algorithms of information
safety to develop absolute undecoding algorithms.
In this case they will not be financional be
demanded. It is optimum for them to develop algorithms with limited effectiveness
representing interest for buyers only on a certain interval of time. Then
there is an opportunity to develop new, more complex algorithm and to
sell it a bit later to the same buyer. And so on. In addition developers
exclusively interested in existence of a certain contradictory force (for
example, as hackers) which threat will hold the buyer in a constant pressure?
This pressure will prepare psychologically for perception of higher prices.
From this higher gain arrived. On the other hand, such position is favorable
for so-called community of hackers. Appearance of limited effective algorithms
of information safety creates work stimulus for them and provides the
market of services. At the same time the community of Hackers interested
in advertising ofа efficiency of existing algorithms, and community of
developers is interested in advertising efficiency of hackers. It is available
a generality of economic and financial interests. As this phenomenon practical
was not studied, it is possible to do only assumptions of the further
development of consequences of such crisis of information safety. The
most adverse forecast which can be assumed is an appearance ofа certain
self-sufficient, closed, suprastate centralized structure, with the ideology, philosophy,
culture, financial streams, a precise division of labour and, maybe, authorities, which basic purpose will be
intellectual and spiritual enslavement of mankind. The given forecast
horrifies, but as they say, it is always necessary to prepares for the
worse. Especially preconditions of this worse can be noticed already today.
First of all, it is monopolization of developments in the field of information
safety at a level of already transnational monopolies. Centripetal processes
in community of hackers are added to this and, in addition to everything,
tendency of approchement of the given structures obviously looked through..
The characteristic signs of it areаа the frequent cases of hacker attractionа
for work in transnational corporations. If to take into account that these
preconditions should be provided with huge financial resources so the
most adverse forecast gets already real outlines. As consequence of it,
in a little bit other light is perceived a lot of events of last time.
So, for example, there is clear an objective character of rigid, so named
antihacker law, accepted rather recently in
. In this case the state as the functional self-sufficient and self-organizing, system objectively includes protective mechanisms of counteraction to the threat, capable to call into question the fact of its existence. Quite clearly, that rigidity of these protective mechanisms should be directly proportional to a degree of danger of threats. We shall recollect, that international propaganda campaign was developed against the marked law. It is rather doubtful, that it was spontaneous.а Definitely there were certain powerful organizing forces behind it. Who are these forces? May be now when we speak about an opportunity of occurrence of a certain monster Ц structure, is it already exists?
This fact allows looking from the other side at a line of the facts and events of the last time.
Lets compare the time of the interconnected events
- the beginning of active antihacker campaign
in
Generally speaking, there is a rule in science from which follows, that it is impossible to prove an absolute fidelity of any hypothesis, the hypothesis can be denied only. From here follows, that until a hypothesis do not deny it may be considered true. Proceeding from this, authors will welcome, if their work will serve as the beginning of productive discussion as a result of which the hypothesis put forward by them will be denied. However today it is necessary to be considered with it.
So, the diagnosis and the reasons of disease of information safety are established. Unfortunately, the diagnosis which we have got ,do not encouraging enough. There is a question:а is the effective treatment still possible. It is still possible, if the effective course will be chosen.
The Course of treatment.
Using a medical terminology it is possible to note, that treatment of any disease should include treatment of its reasons and treatment of possible consequences.
In our case the treatment of reasons assumes the search of essentially new approaches to the solution of problems of the information safety maintenance , which are providingаа performance of the conditions of theа theoretical undecoding. It is possible to assume, with confidence that there are many skeptics who will try to prove, that it is impossible. In this plan, first we shall recollect the recommendation of well-known ancient roman philosopher: do not spend the forces for achievement of possible, try to achieve impossible. Second,а the achievement of this impossible is quite really as authors were convinced.
Proceeding from the diagnosis of disease, it is possible to count, that a ultimate goal of reasons treatment is maintenance of performance of conditions theoretical undecoding. The general analysis is necessary for the contents of the given conditions. We shall take the common of the simplest methods of the analysis.
In a general view, protection of the information
can be presented as process of transformation of messages M to cryptograms
┼ by the confidential rule named a key K. At the
same time returningаа ┼ to M transmition may be carried
out only in case if theа key K is known. At the same time , the lawful
sender and the addressee of the information should know a key K and aspire
to keep it in confidentiality. Then to the extraneous observer should
try to allocate the information on a key, contained in intercepted cryptogram
┼. From this,
as criterion of efficiency of information safety maintenance can be used
time tk, necessary for definition of a key may be used at interception
of cryptograms. Ifаа 
аit
will testify that system has absolute undecoding.
In the beginning of the analysis the t = 0, vagueness of a key is characterized by the entropy:
ааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааа
(1)
In this formulaа 
аааЦ
is the number of various keys; 
аа- is the probability ofа i
аааkey application.
Considering, that the cryptogram contains the information
on a key, we shall designate the speed of transfer of the information
on a key throughа 
аааin cryptograms.
Intercepting the cryptograms, the detached onlooker
will try to collect the key information for eventually uncertainty reducingааа
:
ааааааааааа
аааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааааа
а(2)
If itТs possible to him, among the key information, acting in unit of time, a part is equal
at the moment of time t is already known. So real speed of key entropy is determined by expression:
ааааааааааааааааааааааааааа
(3)
Here the mark ,, - СТа testifies the entropy decreasing. It have got after integrating :
аааааааааааааааааааааааааааааааааааааааааааааа
(4)
On the basis (4) diagram the key entropy change may be submitted as Dr. 3.
From the given diagram follows, that there is some final
key entropyа valueа 
аachievementа
of which can open the key . Timeа 
,
necessary for this purpose, is determined from (4) as:
ааааааааааааааааааааааааааааааааааааааааааааааааа
ааааааааааааааааааааааааааааааааааааааааааааааааааааааааааа
(5)
From this follows, that theаа ааincreasing
may be achieved by increasing of initial key entropy. There is a question;
is there a limit of initial key entropy increasing? The theory of the
information gives quite concrete answer yes, it is exists for discrete
ensemble of keys.
 |
Dr. 3.
Entropy reaches the maximal value
аin
a case when keys are independent and equalprobableа 
аand
then:
On the basis of it, it is possible to draw a conclusion, that absolute (theoretical) undecoding
( )аа
it is reached if the fooling conditions are performing:
1) Keys should be formed under absolutely casual law.
2) The number of keys аshould
be infinite.
Let's note, that the same conclusion can be a result of anyаа well-known method of the efficiency maintenance information safety analysis.
Let's reply: can we practically provide performing of the specified conditions; with the usage of the accepted now approach? Undoubtedly the answer will be negative.
First of all the given approach initially assumes
discrete amount of keys, that is, practically excludes performance of
conditionа 
.
Besides, performance during practical realization
of a condition of absolutely casual character keys makes impossible the
formation of identical key sequences on transfer and reception.а If to
take into account practically insoluble problems of synchronization, the
skepticism concerning practical achievement of theoretical conditions
undecoding, prevailing in present time in scientific
and engineering circles. Apparently, this skepticism in many respects,
explains erection in dogma the opinion that it is impossible to provide
practically theoretical conditions performing. The scientific and engineering
idea should amaze, how tired out in frameworks of this dogma, with any
hopelessness aspires as much as possible will come nearer to impossible)
by definition of the dogma. The way limited by these frameworks Ц increasing
of protection algorithms complexity. Only in such way it is possible to
provide further increasing of ,
the maximum concealment of pseudo-casual characteristic of the key sequence.
As it is not paradoxical, there is another problem that is increasingа
- a problem of protection of protection algorithms. Quite clearly, the
more difficultly the algorithm, it is more difficult to provide variants
of the non-authorized access to it and to prevent them. Does it mean that
there may come a limit of complexity at which protection of algorithm
against the non-authorized access already will be impossible, that inevitably
willа be the result the of its practical value? This question is not groundless
on a background of constantly growing number breaking protection information
systems in which already have certain tendency. Strangely enough, this
question was not investigated, but did not rise at all in this or that
statement.
It would seems that carried out reasonings will bring us to a unfavorable conclusion about that information safety disease treatment which are finding in a condition of crisis, is impossible. Moreover, one specify necessarily possible aggravation of this crisis, with all obvious consequences.
Is everything so hopeless? Yes, if it is situated in a plane of the traditional approach, being limited to frameworks of its dogmas. Is there possible exit out of these frameworks? Preliminary results of the researches spent by authors in this field, now already allow giving the positive answer to this question.
If again to come back toааа (5)ааааа it is not
difficult to notice that for providing equality 
аwe
have to provideа 
;
this supervision brings to a question: whatever should be a key for infinite
entropy? Having addressed to the theory of the information, we find that
answer: the key should be analog. It is possible to make a conclusion,
that for performing of the theoretical conditionsа undecoding,
it is necessary to carry out transition from discrete selective space
of ensemble of keys to analog space. It is obvious, that such transition
withinthe framework of the approach standard now to maintenance of information
safety isа impossible. It speaks that transition to analog selective space
denies expediency of use of discrete algorithms of formation of keys including
the pseudo-casual sequences of the maximal period based on formation.
Except for it, such transition derivates rather serious problem of the
coordination analog ensembles of keys with digital strategy of development
of systems of processing and transfer of the information. Most likely,
these reasons in many respects have determined that fact, that till now
the opportunity of use of analog ensembles of keys not only was
not investigated, but even does not consider, as object of researches.
However, strangely enough, the exit can be found in this direction.
Appeared, that initially having aimed researches of an opportunity of application of analog ensembles of keys for protection of the information in digital systems, it is possible to receive encouraging results. Application of the method of the theory of virtual selective spaces of analogа ensembles open this opportunity. Whereas the given method was open rather recently and now is only in a stage of development and approbation to speak about final success still prematurely. However alreadyа results of this application inspire optimism. The essence of the open approach consists in formation at lawful senders and addressees of so-called virtual analog selective spaces of a key who for extraneous observers get the form real. Such image, designates on extremely measure one way of an exit from the crisis, determining really possible treatment course of the reasons of information safety disease. There is no doubt that there are also others, for the present not unknown and, perhaps, more effective ways of treatment. To speak about itа allows the belief in inexhaustible opportunities of human reason.
Quite clearly, that disease treatment should be accompanied with treatmentа ofа already existing consequences. The decision of the given problem considerably is complicated that today the fact of consequence existance is not investigated, but also in a sufficient measure does not realizes fact of existence of these consequences. ThatТs why giving of anyа general premature recommendations is represent here rather risky employment. The decision of this problem is probably only under condition of use of powerful potential of scientific and engineering idea. The first step to this may become a wide and fruitful discussion on questions and the problems lifted in the present work.
Conclusions
The hypothesis put forward in work about crisis of information safety has real ground. The forecast of consequences of this crisis shows an opportunity of originа birth in bowels of a human civilization the monster - structure aimed at intellectual and spiritual enthrallment of mankind. The first step of its movement to this purpose may appear the so-called intellectual and spiritual terrorism closed with usual terrorism in all its displays.
The analysis of the put forward hypothesis allows coming to the following basic conclusions:
1. аааааа аCrisis of information safety is the real fact of global scale in present times.
2. аааааа аConsequences of this crisis may be tragically for humanity.
3. аааааа It Is necessaryа to change cardinnaly the existing approach to determination of problems of information safety maintenance.
4. аааааа аSuccessful search of new approaches is possible already now, this is served with results of some researches of known authors.
5. аааааа аWide and uncompromising
discussion is necessary in questions of the
аcrisis phenomenon in the field of maintenance information safety.
The conclusion
May seem, that some positions and conclusions in the reasonings carried out above to a certain extent, and the situation around of information safety is unduly dramatized. It is necessary to admit, that authors meaningly send on this step in hope to involve attention of scientific and engineering idea in really designated threats of development of information safety. As it was shown, the hypothesis about its crisis has the ground under itself. Taking into account possible tragically consequences ,the result of which may be this crisis, the given hypothesis should be comprehensively analyzed and investigated. And it is possible only in conditions of wide discussion. To start this discussion is the basic purpose of the present work. Undoubtedly, wide and uncompromising discussion of problem questions that will appear during such discussion will allow scientific and engineer ideasа to leave the frameworks of existing dogmas that will open new horizons of development of information safety.а
1. Camp P., Arms A. Exploring Biology. Second Edition. CBS College Publishing. 1988.