Development of a concept for building a critical infrastructure facilities security system

To effectively protect critical infrastructure facilities (CIF), it is important to understand the focus of cybersecurity efforts. The concept of building security systems based on a variety of models describing various CIF functioning aspects is presented. The development of the concept is presented as a sequence of solving the following tasks. The basic concepts related to cyberattacks on CIF were determined, which make it possible to outline the boundaries of the problem and determine the level of formalization of the modeling processes. The proposed threat model takes into account possible synergistic/emergent features of the integration of modern target threats and their hybridity. A unified threat base that does not depend on CIF was formed. The concept of modeling the CIF security system was developed based on models of various classes and levels. A method to determine attacker's capabilities was developed. A concept for assessing the CIF security was developed, which allows forming a unified threat base, assessing the signs of their synergy and hybridity, identifying critical CIF points, determining compliance with regulatory requirements and the state of the security system. The mathematical tool and a variety of basic models of the concept can be used for all CIFs, which makes it possible to unify preventive measures and increase the security level. It is proposed to use post-quantum cryptography algorithms on crypto-code structures to provide security services. The proposed mechanisms provide the required stability (230–235 group operations), the rate of cryptographic transformation is comparable to block-symmetric ciphers (BSC) and reliability (Perr 10–9–10–12)

Tradeoff Attacks on Symmetric Ciphers

Tradeoff attacks on symmetric ciphers can be considered as the generalization of the exhaustive search. Their main objective is reducing the time complexity by exploiting the memory after preparing very large tables at a cost of exhaustively searching all the space during the precomputation phase. It is possible to utilize data (plaintext/ciphertext pairs) in some cases like the internal state recovery attacks for stream ciphers to speed up further both online and offline phases. However, how to take advantage of data in a tradeoff attack against block ciphers for single key recovery cases is still unknown. We briefly assess the state of art of tradeoff attacks on symmetric ciphers, introduce some open problems and discuss the security criterion on state sizes. We discuss the strict lower bound for the internal state size of keystream generators and propose more practical and fair bound along with our reasoning. The adoption of our new criterion can break a fresh ground in boosting the security analysis of small keystream generators and in designing ultra-lightweight stream ciphers with short internal states for their usage in specially low source devices such as IoT devices, wireless sensors or RFID tags.

On Hardware Implementation of Balanced S-boxes

An S-box is a non-linear transformation that takes n bits as input and returns m bits. This transformation is most easily represented as a nm lookup table. Most often, only balanced S-boxes are used in cryptography. This means that the number of input bits is equal to the number of output bits. The S-box is an important part of most symmetric ciphers. The selection of the correct substitution makes the link between the key and the ciphertext more complex (non-linear), which makes it much more difficult to hack. This paper deals with a hardware implementation of S-boxes. This implementation can be realized by using logical conjunction, disjunction, negation and delay blocks. The main indicator of productivity of such implementations is a circuit depth, namely the maximum length of a simple way of the circuit and a circuit complexity, namely the quantity of logic elements (negation elements are not taken into account). The article considers the standard synthesis methods (based on DNF, Shannon, Lupanov), proposes a new algorithm to minimize the complexity of an arbitrary Boolean functions system and a way to reduce the complexity of the circuit obtained after simplification by the ESPRESSO algorithm of DNF of the function related to the output of the S-box. To compare the efficiency of the methods, the C++ program was created that generates a circuit in the Verilog language. The estimates of depth and complexity are obtained for the schemes produced as a result of the programs operation. The article ends with a comparison of the efficiency of S-box schemes of known cryptographic standards obtained as the output of the program (with each other and with the result of the Logic Friday program).