APPLICATION OF DIGITAL CELLULAR RADIO FOR MOBILE LOCATION ESTIMATION IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 SOFTWARE, ALGORITHMS AND METHODS OF DATA ENCRYPTION BASED ON NATIONAL STANDARDS RAKHMATILLO DJURAEVICH ALOEV1, MIRKHON MUKHAMMADOVICH NURULLAEV2* 1Department of Computational Mathematics and Information Systems, National University of Uzbekistan named after M. Ulugbek, Tashkent, Uzbekistan 2Department of Information Communication Technology, Bukhara Engineering Technological Institute, Bukhara, Uzbekistan *Corresponding author: mirxon@mail.ru (Received: 13th June 2019; Accepted: 30th September 2019; Published on-line: 20th January 2020) ABSTRACT: The article provides a brief description of the cryptography service provider software developed by the authors of this article, which is designed to create encryption keys, create private and public keys of electronic digital signature, create and confirm authenticity of digital signatures, hashing, encrypting, and simulating data using the algorithms described in the State Standards of Uzbekistan. It can be used in telecommunications networks, public information systems, and government corporate information systems by embedding into applications that store, process, and transmit information that does not contain information related to state secrets, as well as in the exchange of information, and ensuring the legal significance of electronic documents. The cryptography service provider includes the following functional components: a dynamically loadable library that implements a biophysical random number sensor; a dynamic library that implements cryptographic algorithms in accordance with the State Standards of Uzbekistan; a module supporting work with external devices; an installation module that provides the installation of a cryptography service provider in the appropriate environment of operation (environment). ABSTRAK: Artikel ini memberikan penerangan ringkas tentang perisian penyedia perkhidmatan kriptografi yang dibangunkan oleh pengarang artikel ini, yang direka untuk membuat kunci penyulitan, kunci persendirian dan awam tandatangan digital elektronik, membuat dan mengesahkan kesahihan tandatangan digital, hashing, penyulitan dan simulasi data menggunakan algoritma yang dinyatakan dalam Standard Negeri Uzbekistan. Ia boleh digunakan dalam rangkaian telekomunikasi, sistem maklumat awam, sistem maklumat korporat kerajaan dengan memasukkan aplikasi aplikasi yang menyimpan, memproses dan menghantar maklumat yang tidak mengandungi maklumat yang berkaitan dengan rahsia negara, serta pertukaran maklumat dan memastikan undang-undang kepentingan dokumen elektronik. Penyedia perkhidmatan kriptografi termasuk komponen berfungsi sebagai berikut: perpustakaan dinamik yang boleh dimuatkan yang melaksanakan sensor nombor rawak biofisika; perpustakaan dinamik yang melaksanakan algoritma kriptografi mengikut Standard Negeri Uzbekistan; modul menyokong kerja dengan peranti luaran; modul pemasangan yang menyediakan pemasangan penyedia perkhidmatan kriptografi dalam persekitaran operasi yang sesuai (persekitaran). KEY WORDS: Tools of cryptographic protection of information, Data encryption algorithm, Cryptographic provider, Hash function, Encryption key. 142 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 1. INTRODUCTION The cryptography service provider (CSP) provides the creation of private and public electronic digital signature keys and encryption keys; creation and confirmation of authenticity of electronic digital signature according to the algorithms described in [2, 7]; the formation of derived encryption keys used by data encryption algorithms described in [4, 5]; work with key information stored on external media; hashing of memory areas and other data according to the algorithms described in [3, 6]; and encryption of memory areas and other data in accordance with the data encryption algorithms described in [4, 5]. The cryptography service provider provides support for identifiers of algorithms and parameters for compatibility with third-party crypto-providers in terms of the ability to work with public-key certificates issued by third-party registration centers, provided they use the cryptographic algorithms described in [2, 3, 4, 5, 6, and 7]. The cryptography service provider provides the ability to work with digital certificates of public keys, which are structured in binary ASN.1 format, conforming to the ITU-T X.509 v.3 standard and IETF RFC 5280 and RFC 3739 recommendations. The cryptography service provider provides work with external key carriers such as USB-flash, and eToken Aladdin (eToken PRO 72K (JAVA)). As part of CIPF1 – CSP, modules are provided that provide for calling cryptographic functions through the Microsoft CryptoAPI 2.0 interface when running under Microsoft operating systems. In accordance with the functional purpose of a cryptography service provider, it generates public and private electronic digital signature keys, hash keys, functional keys and encryption keys for use, respectively, in the algorithms described in [2, 3, 4, 5, 6, and 7]. In applications where the cryptography service provider will be integrated, an appropriate key manufacturing and distribution system is provided, which will be based on the key generation functions of the cryptography service provider. The cryptography service provider allows the use of a multi-level key protection model using random and derivative keys of key protection. Protection of keys is carried out on the basis of cryptographic transformations in accordance with the PKCS #5 standard [9] using the State Standards of Uzbekistan [3], [4] or the interstate standard [5]. A cryptography service provider provides storage of key information on a hard magnetic disk drive (HDD) and/or external key storage devices, such as USB-flash or eToken Aladdin (eToken PRO 72K (JAVA)). A cryptography service provider provides work with key containers of signature keys, encryption keys, and additional information necessary to ensure the cryptographic protection of keys and ensure control of their integrity. To protect key information from substitution and/or distortion during its storage on HDD and external key carriers, as well as during distribution, key information is supplied with a checksum. In order to ensure the safe use of the cryptography service provider installed on a PC, organizational measures are provided, as well as software and hardware methods and means of protecting information are used to ensure the secrecy of secret keys located in the PC's memory during the operation of the cryptography service provider, as well as the service cryptography service provider parameters stored on the hard disk. The cryptography service provider contains a component that allows you to verify the operability of the cryptographic algorithms implemented in it. Functioning is carried out on the basis of test examples. To ensure the safe use of an application with a built-in ICS-CSP, mechanisms are provided to control the integrity of the cryptography service provider libraries. In the cryptography service provider, a biophysical sensor of random numbers is used to generate random binary 1 CIPF - Cryptographic Information Protection Facility 143 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 sequences, which implements the mechanism for generating secret digital signature keys, encryption keys, initialization vectors using various algorithms. The paper briefly describes the software necessary for the operation of the tools of cryptographic protection of information (TCPI) - data encryption cryptography service provider which is developed by the authors based on national standards. Furthermore, the purpose, capabilities of the TCPI - CSP software and its main characteristics, and the limitation of the using area of this software are given here. One of the following operating systems is necessary in order to perform the TCPI - CSP: Microsoft Windows XP (32 bit) Professional SP3; Microsoft Windows Vista (32 bit) Ultimate SP2; Microsoft Windows 7 (32 bit) Ultimate; Microsoft Windows Server 2003 (32 bit) Enterprise Edition R2 SP2; Microsoft Windows Server 2008 (32 bit) Enterprise Edition SP2. The original programming languages for the TCPI - CSP are C and C ++. TCPI - CSP performs the following main functions: generation of encryption keys for the data encryption algorithm O`z DSt2 1105: 2009 [1] and the algorithm GOST3 28147-89 [6]; encryption of RAM4 areas and other data in accordance with the data encryption algorithm O`z DSt 1105: 2009 [1] and the algorithm GOST 28147-89 [6]; generation of keys for implementing and verifying the electronic digital signature (EDS) using algorithms 1 and 2 of O`z DSt 1092: 2009 [3] and the algorithm of GOST R 34.10-2001 [8]; hashing of memory areas and other data according to algorithm 1 with the parameter p = 256 O`z DSt 1106: 2009 [2] and the algorithm GOST 34.11-94 [7]; formation and verification of the EDS result in accordance with O`z DSt 1092: 2009 [3] algorithms 1 and 2 and GOST R 34.10-2001 [8]; work with key information stored on external media. TCPI - CSP can be used as a default crypto-provider for the Windows operating system. TCPI - CSP supports the cryptographic algorithms of the Republic of Uzbekistan and Russia as well as some of the common cryptographic algorithms used in Windows OS, such as RSA, 3DES, SHA-1 etc. 2. FUNCTIONS OF WORKING WITH KEY INFORMATION TCPI - CSP product works with key information in a key container - storage (Key Container). Since TCPI – CSP is built in accordance with Microsoft technology, the container contains the following keys: AT_KEYEXCHANGE key used to encrypt and exchange session keys; AT_SIGNATURE - keys used to create and verify a digital signature. 2 O`z DSt - State standard of Uzbekistan 3 GOST - Interstate standard 4 RAM - Random Access Memory 144 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 Note: Private keys (encryption keys and secret signature keys) contained in the container are protected using a security key, which is derived from the value of the user's PIN-code of the token. Cryptographic procedures are invoked in TCPI - CSP using the PKCS #11 interface. The underlying concepts of the PKCS #11 interface are slot and token. The token is a repository of some personal information (various keys, certificates, private data, etc.), and the slot acts as a link between a computer and a token that allows different tokens to be connected at different times. For both AT_KEYEXCHANGE and AT_SIGNATURE, the same and different PKCS #11 slots can be used. TCPI - CSP supports work with containers located both on the hard disk of the computer and on removable media such as Flash Memory and Smart Card. Each container has a unique name consisting of a prefix or several prefixes and the name itself. Prefixes in the container name are separated from each other by the “\” symbol. The container name can contain from zero to three prefixes: Container Name = [pref1 \] [pref2 \] [pref3 \] Name The location of the media is determined by the first prefix in the container name, depending on the presence of the CRYPT_MACHINE_KEYSET flag in the CPAcquireContext function. In the container name, the second prefix is a reference to the slot for AT_KEYEXCHANGE, and the third is for AT_SIGNATURE. If the third prefix is absent, then AT_KEYEXCHANGE and AT_SIGNATURE are stored in the same slot. Protection of token's private objects is carried out using the PKCS #5 cryptographic interface. This algorithm solves two problems at once: encrypting private data and protecting it from accidental or intentional distortion. 3. ENCRYPTION FUNCTION The encryption function is a cryptographic algorithm, which is a bijective mapping from a finite set of plaintext to a finite set of encrypted texts, in which the mapping function depends on a secret parameter called a key. The encryption function is used to encrypt and decrypt information. The encryption function in accordance with [1] can use cryptographic keys of length 256 or 512 bits for encrypting and decrypting data blocks of length 256 bits. The encryption function is used for cryptographic protection of data storing and transmitting in computer networks, telecommunications, in separate computing systems or in computers of enterprises, organizations, and institutions. In symmetric cryptosystems, data exchange takes place in three stages: 1) the sender of the message sends the encryption key (or/and functional key) to the recipient via a secure channel that is known only to them; 2) the sender, using the encryption key and the function key, converts the original data into encrypted data and sends them to the recipient via the communication channel; 145 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 3) the recipient, having received the encrypted data, decrypts it with the help of an encryption key and a function key. Both sides may use these keys several times. In addition to data protection, the encryption function can be used to protect the symmetric keys themselves as they are transmitted over unprotected communication channels. In this case, the transmitted symmetric key is encrypted with some other key, called the security key. The encryption function [1] contains two modes: electronic codebook mode (ECM); block chaining mode (BCM). The electronic codebook mode is an encryption mode in which all plaintext blocks are encrypted independently of one another on the same key, in accordance with the data encryption algorithm. ЕСM mode is usually used when encrypting symmetric keys. The block chaining mode of encryption is a mode in which each encrypted (decrypted) depends on the previous block of an encrypted (decrypted) block. For the first block, the initialization vector is used as the previous block. If the last block of text is not complete, it is supplemented to the required length. This procedure is called padding. BCM mode is usually used when encrypting data. The purpose of these functions and functionality of operation algorithms are presented in the document “O`z DSt 1105: 2009. State Standard of Uzbekistan. Information technology. CRYPTOGRAPHIC PROTECTION OF INFORMATION. Data encryption algorithm.” 4. HASH FUNCTION The hash function is designed to implement a unidirectional compressing mapping from set to set , the input of which is a message of arbitrary length М, and the output is a string of fixed length . Using a hashing transform allows you to reduce the input text redundancy. The hashing function is used in cryptographic methods for processing and protecting information, including for the implementation of electronic digital signature procedures (herein after referred to as EDS5) when transferring, processing and storing information in automated systems. The following are the basic requirements for a hash function: the input of the function must be a message of any length; at the output of the function, a message of fixed length is obtained; the hash function is simply calculated for any message; hash function - unidirectional function; knowing the message , it is almost impossible to find another message for which . In the TCPI - CSP hash function, the output sequence and the hash key have fixed lengths of 256 bits. 5 EDS - electronic digital signature 146 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 The composition and purpose of this function, functionality, and functioning algorithm are presented in the document “O`z DSt 1106: 2009. State Standard of Uzbekistan. Information technology. CRYPTOGRAPHIC PROTECTION OF INFORMATION. A hash function”. 5. SIGNATURE FUNCTION The electronic digital signature function is used to generate and confirm the authenticity of an electronic digital signature (EDS) under a given message (electronic document) transmitted over unprotected public telecommunications channels. Upon receipt of the message, the recipient can verify the integrity of the message transmitted by the sender and verify the authenticity of the sender's authorship. EDS is an electronic analog of a written signature and therefore an EDS can be used by the recipient or a third party to verify that the message was actually signed by the sender. To describe the formation and confirmation of the authenticity of a digital signature, two algorithms are used (Algorithm 1, Algorithm 2)6. Algorithm 1 is considered in two basic modes: without session key7; with a session key. Algorithm 2 is used in the classical (without session key) mode. Algorithm 1 provides a backup path for detecting a fake digital signature by introducing a session key procedure used in the process of authenticating the authenticity of a digital signature to the EDS generation process. The composition and purpose of this function, functionality, and functioning algorithm are presented in the document “O`z DSt 1092: 2009. State Standard of Uzbekistan. Information technology. CRYPTOGRAPHIC PROTECTION OF INFORMATION. Processes of formation and verification of electronic digital signature”. Functional restrictions on the use of TCPI – CSP The cryptographic interface TCPI - CSP is implemented in accordance with the CSP standard, which is applicable only in the Windows operating system and is not applicable in other operating systems such as Linux, Mac, Unix, etc. Since cryptographic algorithms of the Republic of Uzbekistan are implemented in TCPI - CSP, which are not recognized by standard Windows tools, embedding TCPI in typical Windows applications (MS Outlook, Internet Explorer, VPN, etc.) requires changes to the standard OS software (advapi32.dll, cryptsp.dll, crypt32.dll, inetcomm.dll, schannel.dll, secur32.dll, mailcomm.dll, etc.). Making such changes to Windows can be done in various ways. 6. DESCRIPTION OF THE LOGICAL STRUCTURE 6.1. The algorithms and methods used When implementing cryptographic algorithms of the Republic of Uzbekistan, including the implementation of operations with big numbers, the source texts of programs from the 6 Algorithm 1, Algorithm 2 - A description of these algorithms is given in the document “O`z DSt 1092: 2009. State standard of Uzbekistan. Information technology CRYPTOGRAPHIC PROTECTION OF INFORMATION. Processes of formation and verification of electronic digital signature”. 7 a session key is a single-use symmetric key used for encrypting all messages in one communication session. 147 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 OpenSSL8 the software package was used. When implementing cryptographic algorithms of the Republic of Uzbekistan, all simple numbers that are part of the parameters of the algorithms are checked for simplicity using the standard procedures contained in the OpenSSL package. 6.2. Data Encryption Algorithm Data encryption in TCPI - CSP supports both cryptographic algorithms of the Republic of Uzbekistan [1] and cryptographic standards of the Russian Federation (GOST 28147-89) [6]. Data encryption Cryptographic provider TCPI - CSP supports various algorithms for symmetric data encryption (SDE) [10], including the data encryption algorithm of the Republic of Uzbekistan [1]. According to section 6.4 [1], an SDE in TCPI - CSP is implemented in three different ways: DEA9 with key 256-bit; DEA with key 512-bit; DEA with the function key update. Here is the implementation of all three of these methods using the TCPI - CSP. 6.2.1. DEA with key 256-bit To implement a DEA with a key of 256 bits, you need to: 1) get the key for the algorithm CALG_SYMM10. This key can be obtained in the following ways, in which Algid = CALG_SYMM: CryptGenKey, CryptDeriveKey, Either through CryptImportKey from SIMPLEBLOB11 or SYMMETRICWRAPKEYBLOB12, created previously via CryptExportKey; 2) call function CryptEncrypt or CryptDecrypt depending on the operation performed. 6.2.2. DEA with key 512-bit To implement a DEA with a key of 512 bits, you need to: 1) get the key of the DEA algorithm with the key 256 (in accordance with paragraph 1 of the DEA with the key of 256 bits); 2) perform a function CryptSetKeyParam with parameter KP_FUNC_KEY (#define KP_FUNC_KEY 200). The value pbData will be the value of the function key that can be generated, in particular, using the function CryptGenRandom or by other means; 3) perform a function CryptEncrypt or CryptDecrypt depending on the operation performed. 8 OpenSSL - OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library. 9 DEA - Data Encryption Algorithm 10 CALG_SYMM - The description of this parameter is given in the document [1] 11 SIMPLEBLOB - The description of this parameter is given in the document [1] 12 SYMMETRICWRAPKEYBLOB - The description of this parameter is given in the document [1] 148 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 6.2.3. DEA with the function key update To implement a DEA with a function key update, you need to: 1) get the key of the DEA algorithm with the key 256 (in accordance with paragraph 1 of the DEA with the key of 256 bits); 2) if necessary, install a function key (see p. 2 of the DEA with a key of 512 bits); 3) perform a function CryptSetKeyParam with parameter KP_OID (#define KP_OID 102). As a value for pbData fed to the input value of the function szOID_SYMM_B13; 4) call function CryptEncrypt or CryptDecrypt depending on the performed operation. In the encryption function, the lengths of the input and output blocks, as well as the length of the elements of the array Holat14 are equal 256 bit. The length of the encryption key and the function key are also equal 256 bit. The number of steps for the encryption feature is set to . In both the encryption mode and the decryption mode, the algorithm uses a one-time conversion - forming an array of the session key and the next four bytes - oriented and one bit - oriented conversion at each stage. These transformations include: forming arrays of step keys; mixing data based on the session key array; cyclic shifts of rows and columns of the array Holat for various values of displacement; byte-wise replacement of bytes of the Holat array based on linear array arrays; addition operation modulo 2 Holat arrays and an array of the stage key ; cyclic shifts of a linear array of a session-stage key by the same value of bits at each stage. When encrypting a cryptographic module is initialized, the encryption key and functional key , number of stages аnd also initialization vector for mode m=ShBil is first loaded into the cryptographic module. Also, when encrypting a cryptographic module into the Holat array, the plaintext is loaded; when decrypted, the ciphertext is loaded. At the beginning of the encryption procedure, ShaklSeansKalitBayt( )15, ShaklSeansKalit( )16 and ShaklBosqichKalit( ) crypto-transformations are initialized. At the outputs of crypto transformations ShaklSeansKalitBayt( ), ShaklSeansKalit( ), byte-level arrays of substitutions and a session key consisting of diamatrix parts are formed at the byte level. These arrays are used in the following sessions as long as remain constant. At the output of the crypto-transformation ShaklBosqichKalit( ) the initial key and the set of stage keys formed for each stage are formed. 7. CRYPTOGRAPHIC TRANSFORMATIONS Aralash() – is a function that is a cryptographic transformation and is performed on diamatrix parts during encryption and decryption. 13 szOID_SYMM_B - The description of this parameter is given in the document [1] 14 Holat - array containing one block of information 15 ShaklSeansKalitBayt( ) - is a function that is used to generate the key for each session and to perform the BaytAlmash() conversion when encrypting and decrypting. 16 ShaklSeansKalit( ) - is a function that is used to generate the key for each session and to perform the Aralash() transformation when encrypting and decrypting. 149 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 When encrypting, the input data are the diamatrix parts of the Holat array, the and arrays, the output is the Holat array. The Aralash (Holat, ) transformation involves performing the following operations: if m=sh, then: 1) is accepted ; 2) is calculated ; 3) the result is written to arrays ; 4) copy the result to an array Holat; if m=dsh, then: 5) is accepted ; 6) is calculated ; 7) the result is written to arrays ; 8) copy the result to an array Holat. The operation of diamatrix multiplication is performed on the basis of the following expressions, here the index used in the expressions takes the values . Expressions for : , , , , Expressions for : , , , , , , , 150 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 , , , , , This transformation is more efficient compared to the matrix transformation. Here, when changing one element in the Holat source array, depending on the address of the changed element, 6 or 7 elements change. BaytAlmash() – a function that is a cryptographic transformation and is used to replace elements of the Holat array with elements of the replacement array at the byte level. The input data of this crypto-transform is Holat array, linear array of or replacements at the byte level, output data is Holat array at the byte level. BaytAlmash(Holat, ) conversion involves performing the following operations: 1) renaming the Holat[8,4] array, specified at the byte level, as Holatb[8, 4] at the byte level; 2) if m=sh, then accepted ; each element of the Holatb[8, 4] is replaced with an element of the array located at an address equal to the value of the Holatb[8,4] array element; the resulting Holatb[8, 4] array is assigned to the Holat[8, 4] array specified by the byte level; 3) if m=dsh, then accepted ; replaces each element of the array Holatb[8,4] element of the array located at the address equal to the value of the element of the array Holatb[8, 4]; the resulting Holatb [8,4] array is assigned to the Holat [8,4] array specified by the byte level, here . Sur() – a function that is used when encrypting and decrypting to thoroughly mix the elements of the Holat array. The input data of this transformation is the Holat array, while the output data is encrypted: Hol Holat array with columns cyclically shifted downwards and rows cyclically shifted to the right; when decrypted, the output is a Holat array with columns cyclically shifted upwards and rows cyclically shifted to the left. The Sur (Holat) conversion is to perform the following operations: if m = sh, then first cyclically shift the j-column of the Holat array to bytes down, then shift the i-string of the resulting array to bytes right; if m=dsh, then first cycle the - string of the Holat array by bytes left, then shift the j-column of the resulting array by bytes up. Here, . 151 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 8. KEY GENERATION ShaklSeansKalitBayt() – a function that is used to generate a key for each session and to perform the BaytAlmash() transformation when encrypting and decrypting. In this transformation, the input data is the encryption key and the function key , the output is arrays or byte level. The ShaklSeansKalitBayt( ) transformation is to perform the following operations: 1) Calculation and the remaining 672 bits on the left, here is 192 bits on the right. Note. When generating an encryption key, a set of functional keys that are updated using an encryption key, and forming a key based on them, they must be checked based on randomness criteria and 672 bits are allocated from the left side of the resultant kse; 2) selection from the right side of 256+64 bits, from the left 256-bit part of the formation of a linear array of , consisting of byte elements, from the remaining 64-bit part, the formation of a linear array , consisting of elements at the byte level; 3) formation of a pair of arrays from the elements of the linear array and and the formation of the three parameters ( and ( based on the following rules: for , if , is accepted , otherwise ; for , if , is accepted , otherwise ; for , if , is accepted , otherwise ; for , if , is accepted , otherwise ; for , if , is accepted , otherwise ; for , if , is accepted , otherwise ; for , if , is accepted , otherwise , here ; for , if , then is accepted ; for , if , is accepted ; for , if , is accepted ; 4) formation of a pair of arrays ( , ) to perform transformations at the byte level and get the encrypted text; 5) raising to the power with the parameter modulo 257 value , corresponding to each address , the result is given modulo 256 and in each step the current value compared with the value of the previous step and . If the values are equal or if the current value is close to the previous value, then the current value is replaced with ( )) with and on ( ) with . Here, . Note. In the pseudo-code, in the odd-numbered stages, the is used, and in the even-numbered stages, the is used. The algorithm of calculations includes the following operations: 1) calculation bsA[i] (((i+L) mod 256)+1 )| ds (mod 257)(mod 256) 152 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 for ; 2) condition check and , at every step since . If both conditions are met, then the value is accepted. Otherwise, when , swap and the element located at , or when the position and the element located at . Then accepted for or for ; 3) formation of a pair of linear arrays ( , ) of the elements . It is necessary to get the cipher text at the byte level, i.e. for use in sh mode; 4) formation of a pair of linear arrays ( , ) for decryption at the byte level, i.e. for use in dsh mode; 5) replacing each element with a value in the linear array with an index equal to its value and positioning the elements of the formed array in increasing order of the address. It is necessary to get the cipher text (dsh) at the byte level. Here, . Note. In the pseudo-code in the odd-numbered stages, the array is used, in the even-numbered stages, the array is used; ShaklSeansKalit() – is a function that is used to generate a key for each session and to perform the Aralash() conversion when encrypting and decrypting. The input to this transformation is the array at the byte level; the output is a pair of arrays ( , ) or ( , ), consisting of diamatrix of a special structure. The ShaklSeansKalit ( ) transformation is to perform the following operations: 1) the formation of a linear array , consisting of 20 byte elements from the left of the linear array , consisting of byte elements; if for , to replace on ; if , to replace on ; if , to replace on ; if , to replace on ; if , to replace on ; if , to replace on ; if , to replace on ; if , to replace on ; if , to replace on . 2) formation of two-dimensional arrays and from the elements of the linear array in the following order: 153 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 division of the linear array into two linear arrays and . Each of them is uniquely displayed in an ordered set and The formation of the elements of arrays and ; the formation of the remaining elements of the array , based on the following rule: for , if , then the corresponding elements are equal in value ; for , corresponding elements are equal in value ; for , corresponding elements are equal in value ; 3) as a result, for use in encryption mode as a pair of diamatrix of a special structure is formed and ; Array Array 154 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 4) calculation of the inverse matrix of a special structure for the matrix of the special structure for use in sh mode; 5) calculation of the inverse matrix of the special structure for the matrix of the special structure for use in dsh mode; 6) obtaining an inverse matrix for the diamatrix of a special structure (here ), in which the diadetergent is not zero, consists in calculating the inverse matrix for the matrix obtained as a result of performing a diagonal transformation over it and the result of performing a transform over the obtained inverse matrix; 7) as a result of the inversion of the diamatrices of the special structure and the diamatrices of the special structure and , are formed, having the following form ( and ). Array Array In sh mode, a pair consisting of ( , ), is fed to the input; in dsh mode, a pair consisting of ( , ) is fed to the input. ShaklBosqichKalit() – is a function that is used to form a stage key from a session-stage key and to perform the Qo’shBosqichKalit() transformation when encrypting and decrypting. The input data of this transformation is the linear array of the session-stage key , the output data is the two-dimensional array specified by the byte level ; 155 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 The ShaklBosqichKalit ( ) transformation (generation of a linear session-stage key) occurs as follows: 1) if bosqich=1 and m=sh, then the array of the linear session-stage key is left unchanged, if bosqich=1 and m=dsh, then the array is shifted by 672-(е х 83) mod 672 bits to the right; 2) the left 256 bit part of the linear session-stage key array is separated and the array is formed from it at the byte level. This conversion is performed for all stages prior to the start of the encryption procedure; 3) if and m=sh, then the array cyclically shifts 83 bits to the left, if and m=dsh, then the array cyclically shifts 83 bits to the right; 4) the left 256 bit part of the linear session-stage key array is separated and an array is formed from it at the byte level . This conversion is performed for all stages prior to the start of the decryption procedure. 9. SIMPLE CRYPTO-TRANSFORMATION Qo’shBosqichKalit() – is a function that is simple crypto-transform and consists of performing an exclusive “or” (bitwise addition modulo 2) when encrypting and decrypting Holat arrays and an array of the step-key . The input data of this transformation are the Holat and arrays at the byte level, the output data is the Holat array at the byte level. The Qo’shBosqichKalit (Holat, ) transformation consists of performing an exclusive “or” operation (bitwise modulo-2 addition) on elements of the same name at the byte level of Holat and arrays. For : . The result must be copied to the Holat array. Qo’shHolat() – is a function that is a simple crypto-transform and is performed on blocks of encrypted blocks using the XOR operation when encrypting and decrypting in all modes except the electronic codebook mode. In the Qo’shHolat(Holatn, Holat) transformation, each byte of the Holatn array is added bitwise using the XOR addition operation (modulo 2 addition operation) the same byte of the Holat array. Holatn array consists of eight words. When these words are in the range of , the elements of the Holat array that are in the columns are added separately as follows: , here: hn - array elements Holatn, – elements of the resulting array. The result of the conversion is copied to the Holat array. 9.1. Encryption of symmetric keys using symmetric keys To encrypt symmetric keys using symmetric keys, a DEA is used in ECM mode. To produce imitation protection, a hash function from cryptographic standards of Uzbekistan in 156 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 256 bit mode is used. The first 4 bytes of the key's hash function is the simulated prefix for the encrypted key. 9.2. Encryption of symmetric keys using asymmetric keys When encrypting symmetric keys using asymmetric keys, the following algorithm is used. Using the Diffie-Hellman method, a common key of the form is formed, where , are private keys, the common key size is 256 and 64 bytes for algorithms 1 and 2, respectively. This shared key is used instead of a password to generate a shared symmetric key and initialization vector in accordance with PKCS #5. The original symmetric key is encrypted in BCM mode using a common symmetric key and an initialization vector. The size of the encrypted key is 64 bytes. Imitation protection provides padding size of 32 bytes. 9.3. An algorithm of generation and verification of EDS Processes of formation and verification of electronic digital signatures in TCPI - CSP supports both cryptographic algorithms of the Republic of Uzbekistan [3] and the cryptographic standard of the Russian Federation (GOST R 34.10-2001) [8]. The function of EDS (formation and verification) is designed to ensure the reliability of the transmitted and received information and confirm its authorship. 9.4. Development and verification of EDS The following parameters are used for the signature function: ( ) –pair of integers - private key of EDS; ( ) – pair of integers – public key EDS; ( ) – pair of integers – electronic digital signature under the message ; ( ) – pair of integers – fake detection key EDS, which is a pair of control and session public key; ( , ) – special private key of the authorized subject. The generally accepted digital signature model spans three processes: generation of EDS keys; formation of EDS; verification (authentication) EDS. 9.4.1. Algorithm 1 Algorithm 1 uses the following parameters: – is a module, a prime number. The upper limit of this number should be determined by the specific implementation of the electronic digital signature algorithm, depending on the type of cryptographic module: for software, hybrid and hardware types and for special hardware type; - is a prime number, which is a factor (simple factor) , where ; – is the parameter - a positive integer satisfying the condition ; can be an open, shared private key for a limited group of users or a component of a special private key of an authorized entity; m = H( ) – is a hash function that displays the message in a string of length 256 bits; In software, hybrid and hardware types of a cryptographic module, a hash function without a key is used, and in a special hardware type, a key hash function. 157 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 To implement EDS processes (i.e., EDS key generation, EDS generation, and EDS authentication), each user must have a private EDS key ( ), where: are private keys, randomly or pseudo-randomly generated integers satisfying the condition , ; the parameter is a private or public parameter representing an integer that is calculated: , the public key of the digital signature ( ). Where: ( ) are public keys calculated by the formula and ; if the open parameter (base) is used, then and ; and the EDS fake detection key ( ), where: is the control key (open or closed), selected from the range ; if is closed, then must be a joint secret key for the signer and the verifier; – is a session (public) key calculated for each electronic digital signature as a result of exponentiation with the parameter. Formation of electronic digital signature and session key To create a digital signature and session key under the message M for Algorithm 1, the following actions are performed: 1) the hash function of the message is calculated: . Moreover, ; 2) is calculated. If , then is assumed and it is necessary to return to step 2; 3) calculate with the parameter ; 4) calculate . If , then ) is assumed and it is necessary to return to step 3. 5) is calculated. If , then is assumed and it is necessary to return to step 3; 6) compute . If , then , is output and calculations stop; 7) calculate . If , then is assumed and it is necessary to return to step 3; 8) is calculated. If , then is assumed and it is necessary to return to step 3; 9) with the parameter is calculated and output . Further, the signed message (message and addition) is transmitted to the receiving side. Also, the session key is transmitted to the receiving side if the session key mode is used. Digital Signature Authentication To confirm the authenticity of EDS under the received message, , the following actions are performed: 1) hash function is calculated; 2) if then go to the next step, otherwise the “signature is not authentic” is accepted; 3) is calculated with the parameter R; 4) is calculated; 5) is calculated with the parameter R; 6) is calculated; 7) is calculated; 158 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 8) if and , then the output is “signature authentic”; if and , then go to the next step; if , then the “signature is not authentic” is accepted; 9) is calculated; 10) is calculated; 11) is calculated; 12) is calculated; 13) ; 14) is calculated with the parameter ; 15) is calculated with the parameter ; 16) is calculated; 17) if , then “signature is authentic” is accepted, otherwise “signature is not authentic” is accepted. Algorithm 1 uses a one-way function in a group with a parameter, calculations for which are carried out easily at the same level of labor intensity as in the exponentiation operations, and inverting (inversion) of a function requires no less computational time and effort than in solving a discrete problem logarithm The main operations of multiplication, exponentiation, and treatment in a group with a parameter are called multiplication, exponentiation, and treatment of the parameter. The one-sided exponentiation function is a special case of this one-way function. 9.4.2. Algorithm 2 For Algorithm 2, the following parameters are used: elliptic curve E, given by its invariant J(E) or by coefficients ; integer w is the order of a group of points of an elliptic curve E; prime t is the order of a cyclic subgroup of a group of points of an elliptic curve Е for which the following conditions are satisfied: point of an elliptic curve , with coordinates ( ), satisfying the equality [t] ; hash function , displaying the message , in a string of length 256 bits. For the listed parameters of EDS the following requirements are met: 1) for all integers where satisfies the inequality ; 2) ; 3) the invariant of the curve satisfies the condition or 1728. To implement EDS processes (i.e., EDS key generation, EDS generation and EDS authentication), each user must have an EDS private key, an integer , satisfying 159 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 and the public EDS key is a point of an elliptic curve with coordinates ( ), satisfying the equality [d]N=T . Formation of electronic digital signature To obtain a digital signature under the message, , the following actions are performed: 1) calculate the hash function of message: ; 2) calculate . If , then define ; 3) a random (pseudo-random) integer is generated, satisfying the inequality ; 4) the point of the elliptic curve is calculated and , is determined, where is the coordinate of point . If , then it is necessary to return to step 3; 5) compute the value of . If , then you need to return to step 3; 6) issue to the output of and as a digital signature. Digital Signature Authentication To confirm the authenticity of EDS under the received message, , the following actions are performed: 1) if , then go to the next step, otherwise the “signature is not authentic” is accepted; 2) calculate the message hash function: ; 3) compute by . If , then define ; 4) calculate the value of ; 5) values are calculated; 6) the point of the elliptic curve is calculated and is defined, where – is the coordinate of point ; 7) if the equality holds, then the “signature is authentic” is accepted, otherwise “the signature is not authentic”. Algorithm of generation and verification of EDS using the algorithm of the Russian Federation For the algorithm of the Russian Federation, the following parameters of the digital signature scheme are used: a prime number - is a module of an elliptic curve such that ; the elliptic curve is defined by its invariant or the coefficients , where is a finite field of p elements. is related to the coefficients and as follows , and ; integer - is the order of a group of points of an elliptic curve, must be different from ; a prime number , the order of a cyclic subgroup of a group of points of an elliptic curve, that is, ; for some . Also lies within ; 160 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 the point of the elliptic curve , which is the generator of a subgroup of order , that is, and for all , where is a neutral element groups of points of an elliptic curve ; - hash function (GOST R 34.11-94) [7], which displays message in binary vector length of 256 bits. Every digital signature user has private keys: encryption key integer number within ; decryption key , calculated as . Additional requirements: , any , where ; . Digital Signature Generation To obtain a digital signature under the message M, the following actions are performed: 1) calculation of the hash function from the message ; 2) calculation of , and if , set . Where is an integer corresponding to ; 3) generation of a random number such that ; 4) calculation of the point of the elliptic curve , and finding where is the coordinate of the point . If , we return to the previous step; 5) verification of . If , go back to step 3; 6) digital signature generation , where and are vectors corresponding to and . Verifying Digital Signatures. To confirm the authenticity of EDS under the received message M, the following actions are performed: 1) calculation by digital signature of numbers r and s, taking into account that , where and are numbers corresponding to vectors and . If at least one of the inequalities and is incorrect, then wrong signature; 2) calculation of the hash function from the message ; 3) calculation of , and if , set . Where is an integer corresponding to ; 4) calculation of ; 5) calculation of and ; 6) calculation of the point of the elliptic curve ; 7) definition , where is the coordinate of the curve definition , where is the coordinate of the curve ; 8) in the case of equality the signature is correct, otherwise - is incorrect. 161 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 Program structure This subsection presents the general structure of the TCPI - CSP, as well as a description of the functions of each module of the system. 10. GENERAL STRUCTURE TCPI - CSP is implemented in the form of the following dynamic libraries: CSP.DLL - loading the CSP interface using the Crypto API; CSPFUNC.DLL - loading the CSP interface directly; PKCS11.DLL - loading the PKCS #1117 interface (PKCS #11 interface for TCPI - CSP, hereinafter PKCS #11); SCTOKEN.DLL - functions for working with a smart card through the interface PKCS #11; VTOKEN.DLL - functions for working with virtual slots and tokens through the interface PKCS #11; CRYPTOSP.DLL - a library of cryptographic procedures. The above libraries are located in the WINDOWS \ SYSTEM32 folder. Also, the following modules are included in the scope of delivery of TCPI - CSP: GUI.DLL - interface for entering the password to the key, random number generation using the electronic roulette mechanism; CSP_INTEGRAL_TEST.EXE integral test for TCPI - CSP; PKCS11INI.EXE initialization of virtual slots and tokens for the PKCS #11 interface; CRYPTOTEST.EXE - tests of cryptographic algorithms; KEYMANAGER.EXE - test program for obtaining and viewing certificates; KM.DLL - dynamic library for supporting the work of the test program KEYMANAGER.EXE; CSPCON.DLL is a dynamic library for supporting the import and export of private keys in the PFX format. Note. The KEYMANAGER.EXE program and two dynamic libraries supporting it are intended only for testing the operation of CSP with certificates and private keys. 11. CSP INTERFACE The TCPI - CSP interface consists of two dynamic libraries CSP.DLL, CSPFUNC.DLL, as well as an auxiliary test program CSP_INTEGRAL_TEST.EXE. The cryptographic interface TCPI - CSP was created in accordance with the requirements of the Microsoft Cryptography Service Provider (CSP) standard. A description of the CSP standard (with a detailed description of all functions) can be found on the Microsoft website (http://msdn.microsoft.com/en-us/library/aa380245(v=VS.85).aspx). The TCPI - CSP 17 PKCS #11 - is one of the standards of the Public-Key Cryptography Standards (PKCS) family. It defines a platform- independent software interface for accessing cryptographic devices (smartcards, tokens, cryptographic accelerators, key servers and other means of cryptographic information protection). 162 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 interface was developed for the implementation of cryptographic algorithms of the Republic of Uzbekistan [1], [2], [3], Russian encryption algorithms and electronic signatures [6, 7, 8] using PKCS #11 [5] interface. When developing the software implementation of the cryptographic interface of TCPI - CSP, the source texts of programs from the world - famous and freely distributed software package OpenSSL were widely used. Using TCPI - CSP can be done directly, by loading the CSPFUNC.DLL library using the LoadLibrary mechanism and obtaining addresses of cryptographic functions using the GetProcAddress18 command, or via the CryptoAPI19 interface. Input and output data The cryptographic interface of TCPI-CSP was created in accordance with the requirements of the Microsoft Cryptography Service Provider (CSP). A description of the CSP standard can be found on the Microsoft website. A description of the input and output data for the CSP standard can also be found on the Microsoft website at the links below. CSP connection functions: Function & Description CPAcquireContext – Associates a key container with a CSP pointer. CPGetProvParam – Displays CSP parameters. CPReleaseContext – Frees pointer received by CPAcquireContext. CPSetProvParam – Sets specific CSP parameters. Key generation and CSP key exchange functions: Function & Description CPDeriveKey – Creates a key from a password. CPDestroyKey – Removes a key from memory. CPDuplicateKey – Creates a copy of the key. CPExportKey – Export key. CPGenKey – Generates a random key. CPGenRandom – Generates random numbers. CPGetKeyParam – Gets key parameters. CPGetUserKey – Gets a user key pointer. 18 GetProcAddress - The GetProcAddress function retrieves the address of the exported function or variable from the specified dynamic link library (DLL). 19 CryptoAPI - CryptoAPI is an application programming interface that provides Windows developers with a standard set of functions for working with a cryptographic provider. Included in the Microsoft operating systems. Most CryptoAPI features are supported starting from Windows 2000. CryptoAPI supports asymmetric and symmetric keys, that is, allows you to encrypt and decrypt data, as well as work with electronic certificates. The set of supported cryptographic algorithms depends on the specific cryptographic provider. 163 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 CPImportKey – Imports key. CPSetKeyParam – Sets key parameters. Encryption and decryption functions: Function & Description CPDecrypt – Decrypts encrypted text with a key for encryption. CPEncrypt – Encrypts plaintext with an encryption key. Hashing and EDS functions: Function & Description CPCreateHash – Creates a hash pointer. CPDestroyHash – Deletes a hash pointer. CPDuplicateHash – Creates a copy of the hash function. CPGetHashParam – Gets the properties of the hash function. CPHashData – Hashes data CPHashSessionKey – Hashes session key. CPSetHashParam – Sets hash options. CPSignHash – Sets signature hash function. CPVerifySignature – Sets signature verification hash function. 12. CONCLUSION REMARKS This work is devoted to a brief description of the CSP software, which is designed to create encryption keys, private and public keys of an electronic digital signature, creating and authenticating EDS, hashing, encrypting and simulating data using the algorithms described in the State Standards of Uzbekistan. It can be used in telecommunications networks, public information systems, government corporate information systems by embedding into applications that store, process and transmit information that does not contain information related to state secrets, as well as in the exchange of information and ensuring the legal significance of electronic documents [11]. CSP includes the following functional components: a dynamically loadable library that implements a biophysical sensor of random numbers; dynamic library that implements cryptographic algorithms in accordance with the State Standards of Uzbekistan; module supporting the work with external devices; installation module that provides the installation of CSP in the appropriate environment of operation (environment). CSP provides the creation of private and public EDS keys and encryption keys; creation and confirmation of authenticity of EDS according to the algorithms described in [2, 7]; the formation of derived encryption keys used by data encryption algorithms described in [4, 5]; work with key information stored on external media; hashing of memory areas and other data according to the algorithms described in [3, 6]; encryption of memory areas and other data in accordance with the data encryption algorithms described in [4, 5]. CSP provides support for identifiers of algorithms and parameters for the implementation of compatibility with third-party cryptographic providers in terms of the ability to work with 164 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 public-key certificates issued by third-party registration centers, provided they use the cryptographic algorithms described in [2, 3, 4, 5, 6, and 7]. The cryptography service provider provides the ability to work with digital certificates of public keys, which are structured binary in ASN.1 format, conforming to ITU-T X.509 v.3 standard and IETF RFC 5280, RFC 3739 Recommendations. CSP provides work with external key carriers such as USB-flash, eToken Aladdin (eToken PRO 72K (JAVA)). As part of CSP, modules are provided that provide for calling cryptographic functions through the Microsoft CryptoAPI 2.0 interface when running under Microsoft operating systems. In accordance with the functional purpose, CSP provides the generation of public and private EDS keys, hashing keys, functional keys and encryption keys for use, respectively, in the algorithms described in [2, 3, 4, 5, 6, and 7]. In the application where the CSP will be integrated, an appropriate system for the manufacture and distribution of keys will be provided, which will be based on the functions of generation of CSP keys. CSP allows the use of a multi-level key protection model using random and derivative keys of key protection. Protection of keys is carried out on the basis of cryptographic transformations in accordance with the PKCS #5 standard [9] using the State Standards of Uzbekistan [3], [4] or the interstate standard [5]. CSP provides storage of key information on a hard disk drive (HDD) and/or external key storage devices, such as USB-flash, eToken Aladdin (eToken PRO 72K (JAVA)). CSP provides work with key containers containing: signature keys, encryption keys and additional information necessary to ensure the cryptographic protection of keys and ensure control of their integrity. To protect key information from substitution and/or distortion during its storage on HDD and external key carriers, as well as during distribution, key information is supplied with a checksum. In order to ensure the safe use of the CSP installed on the PC, organizational measures are provided, as well as software and hardware methods and means of protecting information are used to ensure that secret keys stored in the PC's memory during operation of the CSP are kept secret, as well as the CSP service parameters stored on the hard drive. CSP contains a component that allows you to verify the operation of cryptographic algorithms implemented in it. Functioning is carried out on the basis of test examples. To ensure the safe use of an application with a built-in CSP, mechanisms are provided to control the integrity of the CSP libraries. In CSP, a biophysical random number sensor is used to generate random binary sequences that implement the mechanism for generating secret digital signature keys, encryption keys, initialization vectors using various algorithms. REFERENCES [1] O`z DSt 1105: 2009. State standard of Uzbekistan. Information technology CRYPTOGRAPHIC PROTECTION OF INFORMATION. Data encryption algorithm. [2] O`z DSt 1106: 2009. State standard of Uzbekistan. Information technology CRYPTOGRAPHIC PROTECTION OF INFORMATION. A Hash function. [3] O`z DSt 1092: 2009. State standard of Uzbekistan. Information technology CRYPTOGRAPHIC PROTECTION OF INFORMATION. Processes of formation and verification of electronic digital signature. [4] PKCS #5 v2.0: Password-Based Cryptography Standard. RSA Laboratories. March 25, 1999. [Electronic resource]. - Access mode: https://tools.ietf.org/html/rfc2898. [5] Expansion of PKCS #11 for the use of Russian cryptographic algorithms. Moscow, 2008. [6] GOST 28147-89 - Information processing systems. Cryptographic protection. An algorithm of cryptographic transformation. [7] GOST R 34.11-94 - Information technology. Cryptographic protection of information. A Hash function. 165 IIUM Engineering Journal, Vol. 21, No. 1, 2020 Aloev et al. https://doi.org/10.31436/iiumej.v21i1.1179 [8] GOST R 34.10-2001 - Information technology. Cryptographic protection of information. Processes of formation and verification of electronic digital signature. [9] RFC 4357 Additional Cryptographic Algorithms for Use with GOST 28147-89, GOST R 34.10- 94, GOST R 34.10-2001, and GOST R 34.11-94 Algorithms. [10] Aloev R.D., Nurullaev M.M. (2019) Cryptography Service Provider - Data Encryption. In Proceedings of the 10 th International Multi-Conference on Complexity, Informatics and Cybernetics: 12-15 March 2019; Orlando, Florida, USA. Edited by Nagib Gallaos, Hsing-Wie Chu, Jeremy Horne, Suzanne K. Lunsford, Belkis Sánchez, Michael Savoie; pp 127-131. [11] Aripov M.M., Alaev R.H. (2019) Research of the application of the new cryptographic algorithms: applying the cipher algorithm O'zDSt1105:2009 for MS office document encryption. In Proceedings of the 5th International Conference on Engineering and MIS (ICEMIS '19): 06-08 June 2019; Astana, Kazakhstan. ACM, New York, NY, USA. https://doi.org/10.1145/3330431.3330434. 166 << /ASCII85EncodePages false /AllowTransparency false /AutoPositionEPSFiles false /AutoRotatePages /None /Binding /Left /CalGrayProfile (Gray Gamma 2.2) /CalRGBProfile (None) /CalCMYKProfile (None) /sRGBProfile (sRGB IEC61966-2.1) /CannotEmbedFontPolicy /Warning /CompatibilityLevel 1.7 /CompressObjects /Off /CompressPages true /ConvertImagesToIndexed true /PassThroughJPEGImages true /CreateJobTicket false /DefaultRenderingIntent /Default /DetectBlends true /DetectCurves 0.0000 /ColorConversionStrategy /LeaveColorUnchanged /DoThumbnails false /EmbedAllFonts true /EmbedOpenType false /ParseICCProfilesInComments true /EmbedJobOptions true /DSCReportingLevel 0 /EmitDSCWarnings false /EndPage -1 /ImageMemory 1048576 /LockDistillerParams true /MaxSubsetPct 100 /Optimize false /OPM 0 /ParseDSCComments false /ParseDSCCommentsForDocInfo false /PreserveCopyPage true /PreserveDICMYKValues true /PreserveEPSInfo false /PreserveFlatness true /PreserveHalftoneInfo true /PreserveOPIComments false /PreserveOverprintSettings true /StartPage 1 /SubsetFonts false /TransferFunctionInfo /Remove /UCRandBGInfo /Preserve /UsePrologue false /ColorSettingsFile () /AlwaysEmbed [ true ] /NeverEmbed [ true ] /AntiAliasColorImages false /CropColorImages true /ColorImageMinResolution 200 /ColorImageMinResolutionPolicy /OK /DownsampleColorImages true /ColorImageDownsampleType /Bicubic /ColorImageResolution 300 /ColorImageDepth -1 /ColorImageMinDownsampleDepth 1 /ColorImageDownsampleThreshold 1.50000 /EncodeColorImages true /ColorImageFilter /DCTEncode /AutoFilterColorImages false /ColorImageAutoFilterStrategy /JPEG /ColorACSImageDict << /QFactor 0.76 /HSamples [2 1 1 2] /VSamples [2 1 1 2] >> /ColorImageDict << /QFactor 0.76 /HSamples [2 1 1 2] /VSamples [2 1 1 2] >> /JPEG2000ColorACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 15 >> /JPEG2000ColorImageDict << /TileWidth 256 /TileHeight 256 /Quality 15 >> /AntiAliasGrayImages false /CropGrayImages true /GrayImageMinResolution 200 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 300 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.50000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages false /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict << /QFactor 0.76 /HSamples [2 1 1 2] /VSamples [2 1 1 2] >> /GrayImageDict << /QFactor 0.76 /HSamples [2 1 1 2] /VSamples [2 1 1 2] >> /JPEG2000GrayACSImageDict << /TileWidth 256 /TileHeight 256 /Quality 15 >> /JPEG2000GrayImageDict << /TileWidth 256 /TileHeight 256 /Quality 15 >> /AntiAliasMonoImages false /CropMonoImages true /MonoImageMinResolution 400 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages true /MonoImageDownsampleType /Bicubic /MonoImageResolution 600 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict << /K -1 >> /AllowPSXObjects false /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile (None) /PDFXOutputConditionIdentifier () /PDFXOutputCondition () /PDFXRegistryName () /PDFXTrapped /False /CreateJDFFile false /Description << /ARA /BGR /CHS /CHT /CZE /DAN /DEU /ESP /ETI /FRA /GRE /HEB /HRV /HUN /ITA (Utilizzare queste impostazioni per creare documenti Adobe PDF adatti per visualizzare e stampare documenti aziendali in modo affidabile. I documenti PDF creati possono essere aperti con Acrobat e Adobe Reader 6.0 e versioni successive.) /JPN /KOR /LTH /LVI /NLD (Gebruik deze instellingen om Adobe PDF-documenten te maken waarmee zakelijke documenten betrouwbaar kunnen worden weergegeven en afgedrukt. De gemaakte PDF-documenten kunnen worden geopend met Acrobat en Adobe Reader 6.0 en hoger.) /NOR /POL /PTB /RUM /RUS /SKY /SLV /SUO /SVE /TUR /UKR /ENU (Use these settings to create Adobe PDF documents suitable for reliable viewing and printing of business documents. Created PDF documents can be opened with Acrobat and Adobe Reader 6.0 and later.) >> >> setdistillerparams << /HWResolution [600 600] /PageSize [595.440 841.680] >> setpagedevice