MATHEMATICAL MODELS OF HYBRID CRYPTO CODE CONSTRUCTIONS ON DAMAGED CODES

Main Article Content

Serhii Yevseiev
http://orcid.org/0000-0003-1647-6444
Lala Rustam Bakirova
http://orcid.org/0000-0003-0584-7916
Mariia Sushchenko
http://orcid.org/0000-0002-3275-235X

Abstract

The subject are mathematical models of building hybrid (complex) cryptosystems based on Mac-Elis crypto-code constructions on damaged codes. The purpose of this work is cryptographic mechanisms design in post-quantum cryptography to provide basic security services. The use of crypto-code structures in the mechanisms of strong authentication based on OTP passwords Development of practical algorithms for their implementation based on the proposed mathematical models. The tasks: analysis of the main threats of using OTP passwords; basics of construction and using multi-channel cryptography systems on damaged codes; a formal description of mathematical models of hybrid crypto-code constructions on damaged codes based in the modified McEliece and Niederreiter crypto-code systems in elliptic curves; development of algorithms for data encryption and decryption at the Niederreiter-McEliece hybrid crypto code constructions (НССС). Conclusion: The comprehensive protection mechanisms proposed in the article ensure the use of a strong authentication protocol in post-quantum cryptography based on OTP passwords. The use of damaged codes extends the possibilities of using crypto-code structures by significantly reducing the power of the alphabet while maintaining the required level of cryptographic resistance.

Article Details

Section
Methods of information systems protection
Author Biographies

Serhii Yevseiev, Simon Kuznets Kharkiv National University of Economics, Kharkiv

Doctor of Technical Sciences, Senior Research, Associate Professor, Head of the Department of Cybersecurity and Information Technologies

Lala Rustam Bakirova, Azerbaijan State Oil and Industry University, Baku

Doctor of Technical Sciences, Associate Professor, Head of Department “Instrumentation Engineering”

Mariia Sushchenko, University of Science and Technology of China

masters student

References

Scott, Rose (2016), Domain name systems-based electronic mail security, available to:

https://nccoe.nist.gov/sites/default/files/library/sp1800/dns-secure-email-sp1800-6-draft.pdf

Quynh, Dang (2012), Recommendation for Applications Using Approved Hash Algorithms, available to: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-107r1.pdf

Schneider, Bruce (2016), Applied cryptography. Protocols, algorithms, source texts in the C language, available to: https://www.labirint.ru/books/345501/

Digital Identity Guidelines (2018), available to: https://doi.org/10.6028/NIST.SP.800-63b

The Cybersecurity Framework (2019), available to: http://csrc.nist.gov/publications/drafts/nistir-8170/nistir8170-draft.pdf.

Guide to LTE Security (2019), available to: csrc.nist.gov/publications/drafts/800-187/sp800_187_draft.pdf

Shapiro, Leonid (2012), Authentication and one-time passwords. Theoretical basis. Part 1, available to: https://elibrary.ru/item.asp?id=20464464

Shapiro, Leonid (2012), Authentication and one-time passwords. Part 2. Implementing OTP for authentication in AD, available to: https://elibrary.ru/item.asp?id=20464277

SHA-3 Derived Functions: cSHAKE, KMAC, TupleHash and ParallelHash (2019), available to:

https://csrc.nist.gov/publications/.../800-185/sp800_185_draft.pdf.

Evseev, S.P. and Abdullaev, V.G. (2015), “Algorithm for Monitoring the Two-Factor Authentication Method Based on the Passwindow System”, East European Journal of Advanced Technologies, Issue. 2/2 (74), pp. 9–15.

Evseev, S.P., Abdullaev, Zh., Agazade, F. and Abbasova V.S. (2016), “Improvement of the method of two-factor authentication based on the use of modified crypto-code schemes”, System of information boxes, No. 9 (146), pp. 132–145.

Evseev, S.P., Kots, G.P. and Lekarev E.V. (2016), “Development of the method of multifactor authentication based on the modified Niedereiter-McEliece crypto-code systems”, East-European Journal of Advanced Technologies, 6/4 (84), pp. 11–23.

Robert, Hackett (2016), You’re implementing this basic security feature all wrong, available to:

http://fortune.com/2016/06/27/two-factor-authentication-sms-text/

Guide for Cybersecurity Event Recovery (2019), available to:

https://nvlpubs.nist.gov/nistpubs/.../NIST.SP.800-184.pdf

Security requirements for cryptographic modules (2019), available to:

https://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf

Annex A: Approved Security Functions for FIPS PUB 140-2 (2019),

available to: csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf

Annex B: Approved Protection Profiles for FIPS PUB 140-2 (2019), available to:

csrc.nist.gov/publications/fips/fips140-2/fips1402annexb.pdf

Annex C: Approved Random Number Generators for FIPS PUB 140-2 (2019),

available to: https://csrc.nist.gov/publications/fips/fips140-2/fips1402annexc.pdf

Evseev, S.P., Rzaev, Kh.N. and Korol, O.G. (2016), “Development of the modified asymmetric crypto-code system of McEliece on truncated elliptic codes”, East European Journal of Advanced Technologies, Kharkiv, Is. 4/9 (82), pp. 4–12.

Mishchenko, V. A. and Vilansky, Yu. V. (2007), Damage texts and multichannel cryptography, Encyclopedic, Minsk, 292 p.

Mishchenko, V. A. ,Vilansky, Yu. V. and Lepin, V.V. (2006), The cryptographic algorithm MV 2, Minsk, 177 p.

Shannon, K.E. (1963), “The theory of communication in secret systems”, Work on the theory of information and cybernetics, Moscow, pp. 333–402.

Hryshchuk, R., Yevseiev, S. and Shmatko, A. (2018), Construction methodology of information security system of banking information in automated banking systems, monograph, Premier Publishing s. r. o., Vienna, 284 p.

Schwartz, M. J. (2011), “Zeus Banking Trojan Hits Android Phones”, Information week, available:

http://www.informationweek.com/mobile/zeus-banking-trojan-hits-android-phones/d/d-id/1098909

Trojan Writers Target UK Banks with Botnets (2010), TechWorld, available to: http://news.techworld.com/security/3228941/trojan-writers-target-uk-banks-with-botnets

Grishchuk R., Danik Yu. (2016), Fundamentals of cyber security, Zhitomir: ZHNAEU, 228 р.

Kiberbezopasnost 2016–2017: Otitogov k prognozam (2017), available to:

https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/Cybersecurity-2016-2017-rus.pdf

Rise of IoT Botnets Showcases Cybercriminals’ Ability to Find New Avenues of Attack (2019), available to:

http://storage.pardot.com/44731/127332/Cybercrime_Trends_Report___2016_Year_in_Review__1_.pdf

HP research: average annual damage from cyber attacks increased up to 15 million USD for organization (2015), available to: http://www.connect-wit.ru/issledovanie-hp-crednij-godovoj-ushherb-ot-kiberatak-vyros-do-15-mln-doll-na-organizatsiyu.html

Data Bank of Information Security Threats (2019), available to: http://bdu.fstec.ru/vul

Guide for Cybersecurity Event Recovery (2019), available: https://nvlpubs.nist.gov/nistpubs/.../NIST.SP.800-184.pdf

Guide to LTE Security, [Online]. Available: https://csrc.nist.gov/publications/drafts/800-187/sp800_187_draft.pdf