CC BY
21external device (plastic case) and an internal one: the information is in a system that can work autonomously and off-line. The code that provides the security device resides in memory that is protected from sudden power outages of the computer or other external influences. As for hacking, it can only be done in two ways: by emulating a key or by hacking a software module. Key emulation is a very time-consuming process, and rarely anyone has managed to crack it in this way. In 1999, attackers managed to develop a fairly correctly working Aladdin HASP3 dongle emulator. This became possible due to the fact that the encoding algorithms were implemented in software. Now, however, hackers most likely use the second method to crack keys. Hacking a software module is considered to be deactivating a piece of code. To prevent this from happening, developers use private algorithms that are designed specifically for this key and are not available to the public, however, they encrypt the most vulnerable parts of the code additionally, making access to structural protection very difficult.
There are smart cards that are easy to hack. But there are also cards that can only be hacked if there is special data available only to developers. At the same time, this does not mean at all that the more expensive
the means of protection, the better it is. But it is impossible to judge the efficiency of even security systems of the same type, for example, about all electronic keys taken together, without considering the features of the work.
References
1. Yarochkin V. I. Information security, a textbook for universities.
2. Technical means and methods of information protection: Textbook for universities / Zaitsev A.P., Shelupanov A.A., Meshcheryakov R.V. and etc.; ed. A.P. Zaitsev and A.A. Shelupanov. - M.: Mashi-nostroenie Publishing House LLC
3. The Law of the Russian Federation "On State Secrets", the Civil Code of the Russian Federation of 1994, the Law of the Russian Federation "On Information, Informatization and Information Protection".
4. Galatenko V.A. Fundamentals of information security
5. Melnikov VV. Textbook for the course Methods and means of information protection.
6. Melnikov, V. V. Information protection in computer systems
CLOUD STORAGE AND INFORMATION PROTECTION
Kushnir N.
Senior lecturer of the department of the information systems and programming of the institute of computer
systems and information security of the Kuban State Technological University
Yatskevich E.
Student of the department of the information systems and programming of the institute of computer systems
and information security of the Kuban State Technological University
Trishkin E.
Student of the department of the information systems and programming of the institute of computer systems
and information security of the Kuban State Technological University
Bobina N.
Student of the department of the information systems and programming of the institute of computer systems
and information security of the Kuban State Technological University
Abstract
Progress in the information technology sphere has also affected all types of life activity, bringing many positive aspects. It certainly brought all kinds of risk fronts that are associated with the protection of information. It is no secret to anyone that "Cloud technologies" constitute an integral part of the life of society in the 21st century. When information is provided with confidentiality, availability and integrity, information is secure. The methods of organizational and technical support of information security are: creation of systems and means to prevent UA (unauthorized access) to information that is being processed, improvement and use of information security tools, and identification of those that pose a danger to IT systems, programs and technical devices. modeling and use of information systems force the leaders of various organizations to find the latest ways to improve the efficiency of enterprises and organizations in the information field. "Cloud technologies" offer a full range of services related to information , such as: storage, search and transmission of information, ensuring its security and much more.
Keywords: Cloud technologies, information threat, espionage, information technology, unauthorized access,
risk.
The main characteristics of cloud storage are:
- scalability (by increasing the number of running instances, a scalable application provides a greater load);
- elasticity allows you to quickly accumulate infrastructure capacity without investing in equipment and software);
- multi-tenancy (uses available computing resources and reduces the cost of a platform in the cloud);
- payment for use (transfer of part of capital costs to operating costs);
- self-service (enables consumers to get and request the resources that the user needs in a matter of moments).
"Cloud technologies" and the services they represent can be compared to utilities. As the consumption of electricity and water changes in cold or hot weather, so the service consumption provided by "cloud" platforms can decrease or increase depending on the decrease or increase in loads. The similarity of utilities and services lies in the fact that: firstly, resources are leased, that is, service providers ensure their availability in the form of leased "resources", reserving the tasks of maintaining and creating infrastructure; secondly, consumers pay exclusively for existing disposal; thirdly, when concluding an agreement with the relevant organization, the availability of various resources is implied, and the organization ensures the timely payment of their rent.
Cloud storage has many advantages, such as:
- Ability to organize joint work with data;
- Ability to access data from any computer with Internet access;
- Quite high probability in case of hardware failures of data saving even;
- The client pays only for the space in the storage that he uses, but not for renting the server, all the resources of which he may not use at all;
- The customer does not need to purchase, maintain and support their storage infrastructure, which ultimately reduces the overall cost of production
- All procedures for backing up and maintaining data integrity are carried out by the provider of the "cloud" center (the client is not involved in this process).
One of the advantages of "Cloud technologies" can be called security (cloud services have a fairly high security if it is properly provided, but if it is neglected, the effect will be completely opposite). How to convince a client who doubts that his data will be safe? The solution to this issue is the compliance of "Cloud Technologies" with the requirements of the standards of regulatory documents in the field of information security. But there are still no standards in domestic legislation that describe the principles of information protection in Cloud Technologies. It follows that cloud service providers themselves need to choose how to protect information from a fairly large number of ready-made solutions provided by the market. But all means of protection must take into account the features of "Cloud technology". The most effective ways to ensure the security of "Cloud technologies" can be called:
1. Data security. Encryption.
Encryption is probably one of the most effective ways to protect data. The provider that provides access to data is obliged to encrypt the client's information stored in the Data Processing Center (DPC - a set of servers located on a common site in order to increase security and efficiency), and if there is no need, delete it permanently. When encrypting data, the question of keys is irrevocably raised. Storing them on a cloud server is unreasonable, because anyone with access to cloud servers or templates would be able to access the key, and hence the decrypted user data. When starting the system, as is customary in local data encryption solutions, typing a password is difficult due to the lack of a real console, but the idea is quite good. The request
replaces the physical key entry sent to the external source by the cloud server, the Key Management Server (KMS).
One of the decisive factors for ensuring the security of this solution is the separate use of the cloud server and the key management server, if both are hosted by the same cloud service provider, then all information is once again concentrated in one place. A very good alternative is to install a KMS server in a local data center or as an external service from another service provider.
2. Protection of data in transit
Encrypted transmission is a prerequisite for secure data processing. To protect data in the public cloud, a VPN (virtual private network tunnel) is used that connects the server and client to receive public cloud services. VPN allows you to use a single name and password to access different cloud resources and promotes secure connections. A VPN uses public resources such as the Internet as a means of transferring data across public clouds. This process is based on the Secure Sockets Layer (SSL) protocol and two-key encrypted access mode. As an option, most SSL and VPN protocols can support the use of digital certificates for authentication, which verify the identity of the other party, moreover, before the data transfer begins. These digital certificates can be stored on virtual hard disks in encrypted form. The key management server verifies the identity and integrity of the system before the certificates are used. From the foregoing, it follows that such a chain of interdependencies can allow data to be transmitted to cloud servers that have passed preliminary verification. When transmitted only after authentication, the encrypted data must be available. It will not be possible to make changes to the data (or read them), even if access through not the most reliable nodes. Such technologies are already known, algorithms and reliable protocols TLS, AES, IPsec, which have long been used by providers.
3. Authentication
Authentication - password protection. They often resort to tokens (an electronic key to access something) and certificates to ensure higher reliability. One Time Password (OTP) technology is one of the simplest and most reliable authentication methods. Such passwords can be generated either by additional devices, or special programs, or services by sending SMS to users. The use of mobile gadgets, which almost everyone has today, to obtain one-time passwords is coming to the fore. For example, in the simplest case, a special authentication server will generate and send a one-time password via SMS to the user's mobile phone immediately after entering the correct password on the cloud service access page. For transparent interaction of the provider with the identification system during authorization, it is also recommended to use the Security Assertion Markup Language (SAML) programming language and the Lightweight Directory Access Protocol (LDAP protocol).
4. User isolation
Using a virtual network and an individual virtual machine. Virtual networks must be deployed using technologies such as VPN (Virtual Private Network),
VLAN (Virtual Local Area Network) and VPLS (Virtual Private LAN Service). Often, when changing code in a single software environment, providers can isolate user data from each other. This approach has enough risks associated with the dangers of finding a loophole in non-standard code that allows access to user data. If an error occurs in the code, the user has the ability to access another user's information.
The main vulnerability of "cloudy" Internet services is the use of not quite reliable methods for recovering forgotten authentication data (primarily through email) and the use of almost exclusive password authentication.
If the user wants to provide additional information protection in the cloud or does not trust the cloud service provider, then he will be able to use data encryption in the cloud. If the user does not plan to process information in the cloud (for example, edit text or photo), but only store and transfer data in its original form, then this method of protection is in place.
In addition, it is necessary to take into account the complexity of managing and distributing cryptographic keys (especially for large organizations) and the loss in mobility (in order to access data, the user on the device must have an up-to-date cryptographic key stored in a secure manner, but this can technological or technical problems arise).
It is necessary to minimize the use of cloud services for storing confidential information, including personal data, or store them with a strong cryptographic protection method in encrypted form. Often, users place personal documents in cloud storage for temporary storage, indexed by search engines, which makes them more accessible to attackers.
From all of the above, we can highlight the main problems of cloud storage:
- Security in storing and transferring data is one of the main concerns when working with the "cloud", especially with confidential data. So, in particular, the provider has the ability to view user data (if they are not password protected), which, for example, can fall into the hands of hackers who managed to break into the provider's security systems;
- Reliability, availability of data and timeliness of receiving in the "cloud" quite strongly depend on many intermediate parameters, such as: reliability of the last mile, data transmission channels on the way from the client to the "cloud", availability of the "cloud" itself at a given time, quality work of the client's Internet provider. If the online storage company itself is liquidated, the client may lose all their data;
- Performance when working with data in the "cloud" may be lower than when working with local copies of data;
- Subscription fee for additional features (transfer of large files, increased data storage, etc.);
There are many free cryptographic information protection tools, such as: PGP, RAR archives with a password and filename encryption. The latter is the most acceptable option, millions of users use archives around the world, which means that it will be a rather difficult task to distinguish your information from all the rest, and even with a password.
So what kind of cloud storage should you use if the user still decides to upload his data there. Consider the three most popular services: Yandex.Disk, Google Drive, iCloud.
One of the most popular Russian storage services is Yandex.Disk. It has integration with other Yandex services, in addition, there is two-factor authentication, including using a QR code, pin code and TouchID. When downloading, data is transmitted over an encrypted channel, and files are scanned for viruses.
The next most reliable is Google Drive. It has two-factor authentication, and account recovery is carried out using a secret question. The service itself checks the password that the user came up with for reliability and does not allow the use of passwords that are easy to crack. The data is encrypted during transmission, which reduces the chances of being intercepted during download to zero, but you will need to use third-party programs to encrypt data on the server. Google Drive has a version for business accounts that allows you to provide a higher level of file protection. In it, in particular, there is no analysis of transmitted information for displaying advertising and there is a single sign-on system and email security rules, such as: forced inclusion of the TLS protocol, as well as IRM and DLP technologies.
References
1. Kotyashichev I. A. On the security of cloud technologies in the information environment / I. A. Kotyashichev, S. V. Smolentsev // Young scientist. - 2014. - No. 5.1. - S. 25-28.
2. Social dangers and protection from them: a textbook for students. institutions of higher prof. education / [V. M. Gubanov, L. A. Mikhailov, V. P. Solomin and others]; ed. L.A. Mikhailov. - M., Publishing Center "Academy", 2012.
3. Udo Schneider Using cloud services / W. Schneider //
4. Journal of network solutions / LAN. - 2013. -No. 04.
