Military Communications and Information Technology: A Trusted ...
Military Communications and Information Technology: A Trusted ... Military Communications and Information Technology: A Trusted ...
468 Military Communications and Information Technology... the information relations will be less in number than it results from the simple calculation being 867*866/2 = 375 411. Unfortunately, the amount of cryptographic data needed to ensure the system security will be equal to the number of information relations (assuming the symmetric encryption methods). The calculation of information relations is presented in Table 1. The number of information relations is not as dramatically high as for the “peer-to-peer” system, nevertheless their number amounts to nearly 20 thousand. Table I. Estimation of information relations in a system No. Relations Calculations Subtotal 1 Central (57*56)/2 +(57*15)/2 + (15*14)/2 2128 2 Including voivodeship level 2128*16 17024 3 Voivodeship relations (11+15)*16 208 4 Between voivodeships (16*15)/2 120 5 Voivodeship-poviat relations 16*24/2 193 Total 19673 III. Generation of cryptographic data for large IT systems The cryptographic information generation subsystem for special networks consists of one or several combined computer station. These center perform various functions within a system: • Center for Special Network Planning and Cryptographic Data Distribution. Proper functioning of a secret data information system requires designing of a network made up of encryption devices and software as well as providing cryptographic data to every device and user (keys, passwords). This operation is carried out regularly at certain time intervals (every few/ several months). When planning, the need to immediately generate data in particular emergency situations should be taken into account. Once generated, the cryptographic data should be combined into sets and distributed to loading stands or directly to the devices. The data ought to be delivered in a safe manner, so as to preclude its disclosure and unauthorized modification. • Cryptographic Data Generation Center (CDGC). The station serves the cryptographic data generation for every cryptographic device operating within a communication network. The data is secured within the distribution period.
Chapter 4: Information Assurance & Cyber Defence 469 Figure 2. Cryptographic Data Generation Model The Cryptographic Information Generation Center is most often built based on a personal computer with attached external devices such as the hardware random sequence generator, order station and data preparation for distribution in the system (Fig. 2). Cryptographic Data Generation Center should generate data necessary for the operation of various cryptographic algorithms such as coding, message signing and different passwords for cryptographic devices and systems. IV. Types of cryptographic data generation testbeds Cryptographic data sequential generation station In presently applied implementations, cryptographic data is generated sequentially, which results in a relatively long period of its generation for the entire network (Fig. 3). In a sequential model, it is necessary to perform random sequence generation processes. It is also needed to test it in terms of statistics, cryptographic key generation for information relations, relation keys protection and secure storage of the keys on data carriers. Many of these operations may be executed parallel. Figure 3. Components of a Data Sequential Generation Testbed Cryptographic data parallel generation station
- Page 417 and 418: Chapter 4: Information Assurance &
- Page 419 and 420: Chapter 4: Information Assurance &
- Page 421 and 422: Chapter 4: Information Assurance &
- Page 423 and 424: Chapter 4: Information Assurance &
- Page 425 and 426: Chapter 4: Information Assurance &
- Page 427 and 428: Chapter 4: Information Assurance &
- Page 429: Chapter 4: Information Assurance &
- Page 432 and 433: 432 Military Communications and Inf
- Page 434 and 435: 434 Military Communications and Inf
- Page 436 and 437: 436 Military Communications and Inf
- Page 439 and 440: On Multi-Level Secure Structured Co
- Page 441 and 442: Chapter 4: Information Assurance &
- Page 443 and 444: Chapter 4: Information Assurance &
- Page 445 and 446: Chapter 4: Information Assurance &
- Page 447 and 448: Chapter 4: Information Assurance &
- Page 449 and 450: Chapter 4: Information Assurance &
- Page 451 and 452: Chapter 4: Information Assurance &
- Page 453 and 454: Chapter 4: Information Assurance &
- Page 455 and 456: Generation of Nonlinear Feedback Sh
- Page 457 and 458: Chapter 4: Information Assurance &
- Page 459 and 460: Chapter 4: Information Assurance &
- Page 461 and 462: Chapter 4: Information Assurance &
- Page 463: Chapter 4: Information Assurance &
- Page 466 and 467: 466 Military Communications and Inf
- Page 470 and 471: 470 Military Communications and Inf
- Page 472 and 473: 472 Military Communications and Inf
- Page 474 and 475: 474 Military Communications and Inf
- Page 476 and 477: 476 Military Communications and Inf
- Page 478 and 479: 478 Military Communications and Inf
- Page 480 and 481: 480 Military Communications and Inf
- Page 482 and 483: 482 Military Communications and Inf
- Page 485 and 486: Modern Usage of “Old” One-Time
- Page 487 and 488: Chapter 4: Information Assurance &
- Page 489 and 490: Chapter 4: Information Assurance &
- Page 491 and 492: Chapter 4: Information Assurance &
- Page 493 and 494: Chapter 4: Information Assurance &
- Page 495: Chapter 4: Information Assurance &
- Page 498 and 499: 498 Military Communications and Inf
- Page 500 and 501: 500 Military Communications and Inf
- Page 502 and 503: 502 Military Communications and Inf
- Page 504 and 505: 504 Military Communications and Inf
- Page 506 and 507: 506 Military Communications and Inf
- Page 508 and 509: 508 Military Communications and Inf
- Page 511 and 512: A Abut Fatih 161 Akcaoglu Ismail 11
468 <strong>Military</strong> <strong>Communications</strong> <strong>and</strong> <strong>Information</strong> <strong>Technology</strong>...<br />
the information relations will be less in number than it results from the simple<br />
calculation being 867*866/2 = 375 411.<br />
Unfortunately, the amount of cryptographic data needed to ensure the system<br />
security will be equal to the number of information relations (assuming<br />
the symmetric encryption methods). The calculation of information relations<br />
is presented in Table 1. The number of information relations is not as dramatically<br />
high as for the “peer-to-peer” system, nevertheless their number amounts<br />
to nearly 20 thous<strong>and</strong>.<br />
Table I. Estimation of information relations in a system<br />
No. Relations Calculations Subtotal<br />
1 Central (57*56)/2 +(57*15)/2 + (15*14)/2 2128<br />
2 Including voivodeship level 2128*16 17024<br />
3 Voivodeship relations (11+15)*16 208<br />
4 Between voivodeships (16*15)/2 120<br />
5 Voivodeship-poviat relations 16*24/2 193<br />
Total 19673<br />
III. Generation of cryptographic data for large IT systems<br />
The cryptographic information generation subsystem for special networks<br />
consists of one or several combined computer station. These center perform various<br />
functions within a system:<br />
• Center for Special Network Planning <strong>and</strong> Cryptographic Data Distribution.<br />
Proper functioning of a secret data information system requires designing<br />
of a network made up of encryption devices <strong>and</strong> software as well as providing<br />
cryptographic data to every device <strong>and</strong> user (keys, passwords). This<br />
operation is carried out regularly at certain time intervals (every few/<br />
several months). When planning, the need to immediately generate data<br />
in particular emergency situations should be taken into account. Once<br />
generated, the cryptographic data should be combined into sets <strong>and</strong> distributed<br />
to loading st<strong>and</strong>s or directly to the devices. The data ought to be<br />
delivered in a safe manner, so as to preclude its disclosure <strong>and</strong> unauthorized<br />
modification.<br />
• Cryptographic Data Generation Center (CDGC). The station serves<br />
the cryptographic data generation for every cryptographic device operating<br />
within a communication network. The data is secured within the distribution<br />
period.
Change language