Ye. V. Ostrianska, S.O. Kandiy, I. Gorbenko, M. Yesina
{"title":"现代信息系统在经典攻击和量子攻击中的漏洞分类与分析","authors":"Ye. V. Ostrianska, S.O. Kandiy, I. Gorbenko, M. Yesina","doi":"10.30837/rt.2022.4.211.01","DOIUrl":null,"url":null,"abstract":"Recent advances in quantum technology and the potential that practical quantum computers may become a reality in the future have led to renewed interest in developing cryptographic technologies that are secure against conventional and quantum attacks. Currently, virtually all asymmetric cryptographic schemes in use are threatened by the potential development of powerful quantum computers. Post-quantum cryptography is one of main the ways to combat this threat. Its security is based on the complexity of mathematical problems that are currently considered unsolvable efficiently, even with the help of quantum computers. The security of information systems is ensured through protection against various threats that use system vulnerabilities. Security protocols are the building blocks of secure communication. They implement security mechanisms to provide security services. Security protocols are considered abstract when analyzed, but may have additional vulnerabilities in implementation. This work contains a holistic study of security protocols. Basics of security protocols, taxonomy of attacks on security protocols and their implementation are considered, as well as various methods and models of protocol security analysis. In particular, the differences between information-theoretic and computational security, computational and symbolic models are specified. In addition, an overview of the computational security models for Authenticated Key Exchange (AKE) and Password Authentication Key Exchange (PAKE) protocols is provided. The most important security models for the AKE and PAKE protocols were also described. With the emergence of new technologies that may have different security requirements, as well as with increased opportunities for competition, there is always a need to develop new protocols. Thus, the purpose of this article is to review, classify, analyze, and research the vulnerabilities of information systems from classical, quantum, and special attacks, performed taking into account the forecast regarding the possibilities of attacks on post-quantum cryptographic transformations; studying security assessment models for existing cryptographic protocols, as well as reviewing and benchmarking security models and providing suggestions for protection against existing potential attacks.","PeriodicalId":41675,"journal":{"name":"Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia","volume":null,"pages":null},"PeriodicalIF":0.2000,"publicationDate":"2022-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Classification and analysis of vulnerabilities of modern information systems from classical and quantum attacks\",\"authors\":\"Ye. V. Ostrianska, S.O. Kandiy, I. Gorbenko, M. Yesina\",\"doi\":\"10.30837/rt.2022.4.211.01\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recent advances in quantum technology and the potential that practical quantum computers may become a reality in the future have led to renewed interest in developing cryptographic technologies that are secure against conventional and quantum attacks. Currently, virtually all asymmetric cryptographic schemes in use are threatened by the potential development of powerful quantum computers. Post-quantum cryptography is one of main the ways to combat this threat. Its security is based on the complexity of mathematical problems that are currently considered unsolvable efficiently, even with the help of quantum computers. The security of information systems is ensured through protection against various threats that use system vulnerabilities. Security protocols are the building blocks of secure communication. They implement security mechanisms to provide security services. Security protocols are considered abstract when analyzed, but may have additional vulnerabilities in implementation. This work contains a holistic study of security protocols. Basics of security protocols, taxonomy of attacks on security protocols and their implementation are considered, as well as various methods and models of protocol security analysis. In particular, the differences between information-theoretic and computational security, computational and symbolic models are specified. In addition, an overview of the computational security models for Authenticated Key Exchange (AKE) and Password Authentication Key Exchange (PAKE) protocols is provided. The most important security models for the AKE and PAKE protocols were also described. With the emergence of new technologies that may have different security requirements, as well as with increased opportunities for competition, there is always a need to develop new protocols. Thus, the purpose of this article is to review, classify, analyze, and research the vulnerabilities of information systems from classical, quantum, and special attacks, performed taking into account the forecast regarding the possibilities of attacks on post-quantum cryptographic transformations; studying security assessment models for existing cryptographic protocols, as well as reviewing and benchmarking security models and providing suggestions for protection against existing potential attacks.\",\"PeriodicalId\":41675,\"journal\":{\"name\":\"Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.2000,\"publicationDate\":\"2022-12-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.30837/rt.2022.4.211.01\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"ENGINEERING, ELECTRICAL & ELECTRONIC\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Visnyk NTUU KPI Seriia-Radiotekhnika Radioaparatobuduvannia","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.30837/rt.2022.4.211.01","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}
Classification and analysis of vulnerabilities of modern information systems from classical and quantum attacks
Recent advances in quantum technology and the potential that practical quantum computers may become a reality in the future have led to renewed interest in developing cryptographic technologies that are secure against conventional and quantum attacks. Currently, virtually all asymmetric cryptographic schemes in use are threatened by the potential development of powerful quantum computers. Post-quantum cryptography is one of main the ways to combat this threat. Its security is based on the complexity of mathematical problems that are currently considered unsolvable efficiently, even with the help of quantum computers. The security of information systems is ensured through protection against various threats that use system vulnerabilities. Security protocols are the building blocks of secure communication. They implement security mechanisms to provide security services. Security protocols are considered abstract when analyzed, but may have additional vulnerabilities in implementation. This work contains a holistic study of security protocols. Basics of security protocols, taxonomy of attacks on security protocols and their implementation are considered, as well as various methods and models of protocol security analysis. In particular, the differences between information-theoretic and computational security, computational and symbolic models are specified. In addition, an overview of the computational security models for Authenticated Key Exchange (AKE) and Password Authentication Key Exchange (PAKE) protocols is provided. The most important security models for the AKE and PAKE protocols were also described. With the emergence of new technologies that may have different security requirements, as well as with increased opportunities for competition, there is always a need to develop new protocols. Thus, the purpose of this article is to review, classify, analyze, and research the vulnerabilities of information systems from classical, quantum, and special attacks, performed taking into account the forecast regarding the possibilities of attacks on post-quantum cryptographic transformations; studying security assessment models for existing cryptographic protocols, as well as reviewing and benchmarking security models and providing suggestions for protection against existing potential attacks.