RU2462825C1 - Method of hidden transfer of coded information along multiple communication channels - Google Patents

Abstract

FIELD: information technologies.

SUBSTANCE: in the method secret keys are exchanged between correspondents, the open text is broken into blocks, they are coded with the help of a code with coupling of E¹ _k1 units on a key k₁, comprising elements e₁e₂e₃…e_n, as a result of which the first cryptogram C₁ is produced, made of m units, which are repeatedly coded with a code E² _k2 on the key k₂, as a result of which the second cryptogram C₂ is produced, comprising r units, in each unit C₂ during coding several blocks C₂ are placed, all units C₂ are numbered in a hidden manner, in n units C₂ n elements k₁ are placed, r units C₂ are steganographically hidden in r containers of different types using a key k₃, which identifies a container type and secret parameters of implementation logics, r containers are sent along several communication channels in compliance with an organisation chart and communication schedule determined by the key k₄.

EFFECT: higher cryptographic security of transferred information.

6 cl, 11 dwg, 3 tbl, 2 ex

Description

Analysis of the current status of the issue

This section discusses the closest technical solutions (analogues) aimed at protecting information using cryptographic and steganographic methods.

Methods of cryptographic information protection

The invention relates to the field of telecommunications and is intended to protect classified information from unauthorized reading.

There is a method of encrypting information, in which the plaintext is divided into several data blocks, the resulting data blocks are numbered sequentially, the serial numbers of all data blocks are encrypted, the encryption result is summed using the logical operation Exclusive OR with the corresponding plaintext block and the block operation is performed on the received amount encryption [18].

The operations listed in the claims are mathematically described as follows:

- операция шифрования счетчика; С₀ - вектор инициализации (псевдослучайная величина); i - порядковый номер блока; n - размер блока.where C _i is the i-th encrypted block; E _k is the operation of block encryption on the key k; M _i - i-th block of plaintext; ⊕ - logical operation Exclusive OR (XOR);

- counter encryption operation; C ₀ is the initialization vector (pseudo-random value); i - serial number of the block; n is the block size.

формируется псевдослучайный вектор V_i (гамма), величина которого зависит от порядкового номера блока i. Вектор V_i перед шифрованием с помощью операции E_k прибавляется к открытому тексту M_i. Таким образом, результат шифрования будет зависеть не только от открытого текста, алгоритмов шифрования, ключей, но и порядкового номера шифруемого блока.Using operation

a pseudo-random vector V _i (gamma) is formed, the value of which depends on the serial number of block i. Vector V _i before encryption using the operation E _{k is} added to the plaintext M _i . Thus, the result of encryption will depend not only on plain text, encryption algorithms, keys, but also the serial number of the encrypted block.

The cryptogram is decrypted using the ratio:

where D _{k is the} decryption operation, the inverse of the encryption operation is E _k .

The invention [18] is aimed at creating a method of working with an encrypted database in real time. This approach allows you to work individually with each data block (write and read individual blocks independently of each other). When a request is formed, only one data block that is necessary for operation is decrypted, and all other data blocks remain encrypted in the computer memory.

In the patent [18], a problem is solved that allows working with individual blocks independently of the rest of the database blocks.

In the claimed technical solution, a solution to another problem is required: to perform an encryption conversion so that the contents of each encrypted block depend on the contents of all blocks in the cryptogram.

The closest in essence to the claimed invention is the American standard for encryption DES [17]. The DES algorithm processes information in 64-bit blocks using a 56-bit key.

In the DES encryption process, the following plaintext and encrypted data conversions are performed.

1. In a 64-bit block of binary data, the initial permutation of bits is carried out in accordance with the table that determines the order of permutations of the bits.

2. The block obtained after permutation of bits is divided into two subblocks of 32 bits each (subblocks A and B). Over the subunits, 16 rounds of encryption transformations are performed:

A _i = B _i-1 ;

B _i = A _i-1 ⊕f (B _i-1 , K _i ),

where i is the number of the current encryption round; ⊕ - logical operation Exclusive OR (XOR, summation modulo two without hyphenation, disambiguation); K _i is the key of the i-th round.

The above expressions mathematically describe the Feistel network, which is successfully used in many well-known ciphers (see figure 1).

The encryption transformation f (B _i-1 , K _i ) includes several operations:

- expanding permutation, as a result of which the 32-bit subunit turns into a 48-bit block P _i ;

- summation (XOR operation) of the received block with a 48-bit key of this round P _i ⊕K _i ;

- the result is divided into 8 parts of 6 bits; each 6-bit part is encrypted using the replacement method with a 4-bit number in accordance with fixed replacement tables; as a result, a 32-bit block is formed.

3. The resulting sub-blocks A ₁₆ and B ₁₆ resulting from 16 rounds of encryption are combined into a 64-bit block, in which the final permutation of the bits (bits) is performed in accordance with a fixed table.

Note that in the claimed technical solution, any algorithms can be used as the first encryption function, including the current American standard AES [19], domestic standard [6], ciphers RC6, Twofish, IDEA, KASUMI [1] and others.

Of greatest interest in the context of the proposed technical solution are the modes of operation of the DES standard.

The DES cipher has four cryptogram generation modes, which significantly expand the capabilities of this cipher.

1. Electronic code book ERU (Electronics Code Book).

2. Coupling blocks of the SHS cipher (Cipher Block Chaining).

3. Feedback on CFB ciphertext (Chiper Feed Back).

4. Feedback on the output OFB (Output Feed Back).

The ERU electronic book mode is used to encrypt plaintext in separate (unconnected) blocks. This mode is designed to encrypt text that does not contain identical fragments, such as encryption keys. When encrypting identical blocks of plaintext, the blocks of the cryptogram will be identical. Obviously, this provides a clue for cryptanalysts.

In SHS mode, the previous encrypted block is added to the encrypted block (by the Exclusive OR rule). In this case, it is possible to reduce the likelihood of the appearance of identical blocks of the cryptogram. In this mode of operation of the cipher, decryption of part of the cryptogram is possible if there are two adjacent blocks of the cryptogram.

CFB mode is used to generate a pseudo-random gamma, which is superimposed using the exclusive OR operation on plain text. Moreover, when generating the gamma, the already generated cryptogram is used. From here the name of this mode becomes clear: Feedback on ciphertext, that is, feedback is used to form the gamma.

In OFB mode, the gamma is formed without the participation of the ciphertext and therefore the gamma can be formed in advance (in reserve). In one of the varieties of this mode, when creating a gamma, the Counter mode is used. Here, after the initialization of one of the registers of the encoder, its contents are simply incremented before the next formation of the gamma fragment. Thus, the composition of the gamma depends on the sequence number of the round (i.e., on the contents of the counter).

Many of the ideas used in the DES standard belong to Horst Feistel [14], [21].

Methods of steganographic information hiding

The blocks formed during the second encryption process must be covertly placed in steganographic containers.

To hide encrypted information, containers of various types and various algorithms can be used. A large number of information hiding algorithms are described in domestic sources [4, 7-10]. A much larger number of ideas are described in foreign sources.

The most popular was the least significant bit replacement (LSB) method. The essence of this method is that minor changes in the digital signal are not detected by the human senses. Therefore, replacing the last bit, you can transfer information using image files in BMP format, sound files in WAV format, etc.

The implementation of hidden information is carried out using a secret key that makes it difficult to unauthorized extraction of information. For example, in a wave file, the implementation is not carried out in a row, but after a certain number of samples. Figure 2 shows the procedure for analog-to-digital conversion of an audio signal. The introduction of classified information can be carried out, say, only in even counts. Samples can be calculated using a certain secret formula [9].

As containers, sound files of the MIDI format can be selected (used) [12]. Information is hidden in them due to a slight change in the volume or duration of the notes. Such music is often placed on HTML pages.

Known methods for hiding information in text documents by changing the number of spaces between words [9]. Moreover, these and other algorithms can be used for the hidden transmission of information in the subtitles of the video [11].

Information can be secretly transmitted by forcing the length of the TCP / IP packet [13].

Information can be discreetly placed on an HTML page [4]. Recording of hidden information is carried out using non-printable characters (space and tab).

You can even secretly embed information in a cryptogram.

The method proposed by Gustavus Simmons (Gustavus Simmons), establishes a hidden communication channel based on cryptograms, introducing additional information into them. The methods proposed by him are based on a change in the method of choosing the variables used in the key. Consider the method of incorporating El-Gamal into a digital signature scheme [20]. Key generation is performed in the same way as in the main El-Gamal signature scheme.

First, a prime number p and two random numbers g and r smaller than p are chosen. Then it is calculated:

K = g ^r modp

The public key is K, g, and p. The private (secret) key is r. In addition to the transmitting side, the value of r is also known at the receiving side, this number is used not only to sign a harmless message, but also as a key for sending and reading a hidden message.

To send a hidden message M as part of a harmless message, the numbers M ', M and p must be mutually simple, in addition, the values M and p-1 must be mutually simple. The transmitting side calculates:

X = g ^M modp

And the following equation is solved for Y (using the extended Euclidean algorithm):

M '= rX + MYmod (p-1)

As in the El-Gamal base scheme, the signature is a pair of numbers: X and Y. A third party (cryptanalyst, attacker) can verify El-Gamal's signature, making sure that:

K ^X X ^Y ≡g ^{M '} (modp)

The receiving side may recover the hidden message. First, verify that:

(g ^r ) ^X X ^Y ≡g ^{M '} (modp)

If so, the receiving party considers the message to be genuine (not tampered with by a third party). Then, to restore M, it is calculated:

M = (Y ^-1 (M'-rX)) mod (p-1)

Example

Let p = 11 and g = 2. The private key r is selected equal to 8. This means that the public key that a third party can use to verify the signature will be:

g ^r modp = 2 ⁸ mod11 = 3

To send a hidden message M = 9 using a harmless message M '= 5. The transmitting side checks that 9 and 11, as well as 5 and 11 are mutually prime numbers in pairs. It is also verified that the coprime numbers 9 and 11-1 = 10. This is indeed the case, so it computes:

X = g ^M modp = 2 ⁹ mod11 = 6

Then the following equation is solved for Y:

5 = 8 · 6 + 9 · Ymod10

Y = 3, so the signature is a pair of numbers 6 and 3 (X and Y). The receiving party is satisfied that:

(g ^r ) ^X X ^Y ≡g ^{M '} (modp)

(2 ⁸ ) ⁶ 6 ³ ≡2 ⁵ (mod11)

These equalities are true, so the receiving side can reveal the hidden message by calculating:

M = (Y ^-1 (M'-rX)) mod (p-1) = 3 ^-1 (5-8.6) mod (11-1) = 7 (7) mod10 = 49mod10 = 9

The advantage of the considered method of embedding information in a cryptogram is that hidden information is protected by a key.

The disadvantages of the method [20].

This method does not allow breaking the signature into blocks.

A number of restrictions are imposed on transmitted messages. This is due to the fact that it is necessary to take into account the mutual simplicity of a covertly transmitted message with other values of the digital signature scheme. Therefore, not every message can embed the necessary information. In addition, the key depends on the information being embedded.

Naturally, a large number of technical solutions for implementing hidden information in various containers is protected by patents.

The patent [15] describes a method for covert transmission of information in a graphic file. The method prevents distortion (destruction) of hidden information as a result of image conversion (cropping, rotation, adjustment of contrast, brightness, color, etc.). Resistance to distortion is achieved by the fact that for implementation they find extremum points (signature points) and use them to transmit hidden information. Signature points cannot be found or deleted without initial knowledge of their location.

The determination of extreme points is carried out by the so-called method of "Determining the difference of means" [15]. In this case, the difference between the average value of the pixels in a small neighborhood and the average value of the pixels in a large neighborhood of the investigated image area is determined. If the difference is large in comparison with the difference for neighboring image sections (pixels), then in this place there is a local maximum or minimum.

The number of local extrema in the image may seem large and for the introduction of information, the authors of [15] recommend selecting a part of the points manually or according to a random law.

One bit of hidden data is embedded in one signature point of the image, changing the values of the pixels surrounding the point. The image is changed by a small (2 ... 10%) positive or negative adjustment of the pixel value at a certain signature point to represent a binary zero or one.

The proposed implementation method is recommended for signing the image in order to indicate copyright. To extract the embedded information at the reception, the original image and the container with the embedded information are used.

The method can be used to form “watermarks”. However, for the transfer of hidden textual information, it is not acceptable due to existing shortcomings. The first drawback is the low throughput of the covert channel due to the use of a small number of signature points. The second drawback is the lack of a secret key that uniquely identifies the location of the embedded bits in the image file. For this reason, it is advisable to use the methods of embedding information in graphic files, which determine the place of start of implementation, the order of implementation and the place of end of implementation [9].

Information can be hidden (embedded) in various containers, for example, in MIDI audio files.

A standard MIDI file is not a sound file with digitized sound (like, say, MP3). A MIDI file is more like a score, which determines which instrument should play and what are the parameters of the sounds being played. Musical information is encoded by generating control signals.

In the method [16], the implementation of hidden information is carried out by changing the number of ticks (ticks) between two adjacent events. Moreover, these events are deliberately chosen so that they do not affect the reproduction of music. The disadvantage of the described implementation method is the lack of a key, which makes it difficult for cryptanalysts to extract information.

Technical result of the proposed technical solution is to increase the cryptographic stability of the transmitted information.

на ключе k₁, состоящим из элементов е₁е₂е₃…e_n, в результате чего получают криптограмму С₁, состоящую из m блоков, полученные m сцепленных блоков первой криптограммы C₁ повторно шифруют шифром

на ключе k₂, в результате второго шифрования получают вторую криптограмму С₂, состоящую из r блоков, в каждый блок второй криптограммы С₂, при шифровании помещают несколько блоков первой криптограммы С₁, скрытно нумеруют все блоки второй криптограммы С₂, в n блоков второй криптограммы С₂ скрытно помещают n элементов ключа k₁, r блоков второй криптограммы С₂ стеганографически скрывают в r контейнерах различного типа с использованием ключа k₃, который определяет тип контейнера и секретные параметры алгоритмов внедрения, r контейнеров пересылают по нескольким каналам связи в соответствии со схемой организации и расписанием связи, которые определяет ключ k₄, на приемной стороне извлекают информацию из стеганографических контейнеров с помощью ключа k₃, осуществляют дешифрацию второй криптограммы С₂ с помощью ключа k₂, в результате дешифрации получают первую криптограмму С₁, при дешифрации из n блоков второй криптограммы С₂ извлекают n элементов ключа k₁ и их порядковые номера, составляют из элементов e₁e₂e₃…e_n ключ k₁, который используют для дешифрации первой криптограммы С₁.The essence of the proposed method for the secret transmission of encrypted information over a variety of communication channels is that secret keys are exchanged between correspondents, the plaintext is divided into blocks, these blocks are encrypted using a block-linked cipher

on the key k ₁ consisting of elements e ₁ e ₂ e ₃ ... e _n , resulting in a cryptogram C ₁ consisting of m blocks, the resulting m linked blocks of the first cryptogram C _{1 are} re-encrypted with a cipher

on the key k ₂ , as a result of the second encryption, a second cryptogram C ₂ , consisting of r blocks, is received in each block of the second cryptogram C ₂ , when encrypting, several blocks of the first cryptogram C ₁ are placed, all blocks of the second cryptogram C ₂ are secretly numbered, in n blocks the second cryptogram C ₂ secretly place n key elements k ₁ , r blocks of the second cryptogram C ₂ steganographically hide in r containers of various types using the key k ₃ , which determines the type of container and the secret parameters of the implementation algorithms, r containers they are sent via several communication channels in accordance with the organization scheme and the communication schedule, which determines the key k ₄ , on the receiving side, information is extracted from steganographic containers using the key k ₃ , the second cryptogram C ₂ is decrypted using the key k ₂ , as a result of decryption, first cryptogram C _1, when decoding of n blocks of the second cryptogram C ₂ recovered key elements k n ₁ and their sequence numbers are composed of elements e ₁ e ₂ e ₃ ... e _n key k _1, which is used to decrypt the first cryptogram _1.

The inventive method may have several modifications.

используют шифр, в котором осуществляется сцепление всех блоков первой криптограммы в следующей последовательности:

, указанное шифрующее преобразование выполняют повторно, причем при повторном шифровании блоки криптограммы, полученные после первого шифрования, зеркально переставляют местами, где С₀ - вектор инициализации (псевдослучайный вектор); C_i - очередной блок криптограммы; k₁ - ключ шифрования; M_i - очередной блок открытого текста;

- шифрующее преобразование на ключе k₁; ⊕ - логическая операция Исключающее ИЛИ.As a clutch cipher

use a cipher in which all blocks of the first cryptogram are coupled in the following sequence:

the specified encryption conversion is performed again, and when re-encrypting, the blocks of the cryptogram obtained after the first encryption are rearranged in places where C ₀ is the initialization vector (pseudo-random vector); C _i - the next block of the cryptogram; k ₁ - encryption key; M _i - another block of plaintext;

- encryption transformation on the key k ₁ ; ⊕ - logical operation Exclusive OR.

для формирования второй криптограммы С₂ используют адаптивный многоалфавитный шифр с интегральным преобразованием, при реализации которого составляют секретную таблицу многоалфавитной замены, выбирают секретную подынтегральную функцию f(x), секретную информацию в виде ключа k₂ предварительно передают на приемную сторону, в процессе шифрования на передающей стороне каждый символ открытого текста заменяют вещественным числом I из таблицы многоалфавитной замены, генерируют случайное число a таким образом, чтобы обеспечить равномерность гистограммы, которая описывает распределение чисел в формируемой второй криптограмме С₂, вычисляют второе число b с учетом используемой подынтегральной функции f(x), выбранных I и а по формуле b=φ(a, I), которая определяется видом подынтегральной функции, осуществляют сокрытие номера блока криптограммы и одного элемента ключа k₁ путем кодирования двоичной информации за счет изменения положения пределов интегрирования в гистограмме, сформированные числа a и b передают на приемную сторону, на приемной стороне принятые числа a и b используют для вычисления интеграла

, с помощью рассчитанного числа I по таблице многоалфавитной замены определяют символ открытого текста, анализируют последовательность размещения чисел а и b в гистограмме и извлекают скрытую информацию.As cipher

for the formation of the second cryptogram C ₂ , an adaptive multi-alphabetic cipher with integral conversion is used, when implemented, a secret multi-alphabetic replacement table is compiled, a secret integrand f (x) is selected, secret information in the form of a key k _{2 is} preliminarily transmitted to the receiving side, during encryption on the transmitting side of each symbol of the plaintext is replaced by a real number of I multi-alphabet substitution tables, generating a random number so as to provide uniform histogram which describes the distribution of numbers formed by the second cryptogram C _2, calculating a second number b with the use of the integrand function f (x), the selected I and a formula b = φ (a, I) , which is determined by the form of the integrand, carried concealment number cryptogram block and one element key k ₁ by coding binary information by changing the position limits of integration in the histogram formed of a and b is transmitted to the receiving side, the reception side received a number of b and d used I calculate the integral

, using the calculated number I, the plaintext symbol is determined from the multi-alphabetical replacement table, the sequence of placing the numbers a and b in the histogram is analyzed, and hidden information is extracted.

When organizing communication between correspondents, S = S _c + S _{m of} available communication channels are used, and in the current communication session, using the key k ₄ , not all are allocated, but only a part of the available communication channels S _c , for all available communication channels S = S _c + S _m continuously transmit camouflage signals, and the transmission of signals carrying useful information is carried out at pseudo-random times.

The transmitting and receiving sides preliminarily exchange keys K (k ₂ , k ₃ , k ₄ ), which determine the secret parameters of the second cipher E ² , the type of containers and the parameters of the algorithms for embedding information in containers, the communication scheme and the schedule for transmitting information, and the key k _{1 are} generated on the fly only on the transmitting side at the time of the formation of the blocks of the first cryptogram C ₁ and are not previously transmitted to the receiving side, but elements of the key k ₁ are secretly placed in several blocks of the second cryptogram C ₂ .

The encryption of the blocks of the first cryptogram C ₁ on the transmitting side is carried out on the key k ₁ , to determine which the hash function of the elements e ₁ e ₂ e ₃ ... e _n is repeatedly calculated, on the receiving side using the elements e ₁ e ₂ e ₃ ... e _n repeatedly calculate the hash function, the value of which is used as the key k ₁ to decrypt the first cryptogram C ₁ .

The implementation of the invention

When describing the implementation of the invention, the following description structure was used: the main idea is stated, a detailed description of the operations performed on the transmitting and receiving sides is given, and implementation details are given in Appendices 1 and 2.

main idea

The way to protect information is reduced to cascading data encryption using two ciphers: a block cipher with data coupling and an adaptive multi-alphabet cipher with integral conversion. The term "block adhesion" is used in the American standard DES (CBC mode - Cipher Block Chaining) [17]. The blocks obtained as a result of encryption are hidden in stego containers, which are transmitted to the receiving side via a plurality of communication channels in pseudo-random order and at pseudo-random times.

The transmitting and receiving sides are pre-exchanged with the keys K (k ₂ , k ₃ , k ₄ ), and the key k _{1 is} formed only on the transmitting side and is not previously transmitted to the receiving side. The key k _{1 is} secretly transmitted in several blocks of the cryptogram.

Consider the principles of information processing using the proposed method on the transmitting and receiving sides.

Transmission side

. При шифровании используют некоторый блочный шифр (например, DES) со сцеплением E¹ с ключом k₁. В результате зашифрования формируется m сцепленных (связанных между собой) блоков.On the transmitting side, the plaintext M is encrypted using the key k ₁ . Key k ₁ consists of many elements e ₁ e ₂ e ₃ ... e _n . As a result of encryption, a cryptogram is formed

. When encrypting, use some block cipher (for example, DES) with the clutch E ¹ with the key k ₁ . As a result of encryption, m linked (interconnected) blocks are formed.

The key k ₁ on the receiving side is a priori unknown, it is not transmitted in advance. Correspondents do not previously exchange elements of this key. The key k _{1 is} session and it changes continuously, without repeating itself in any communication session. The key is not stored, but generated (hardware or software) at the time of encrypting the message, that is, it is created at the time of formation of the cryptogram C ₁ (on the fly).

A description of one of the many possible implementations of the E ¹ cipher is given in Appendix 1. The program text is intentionally made simplified, detailed, and transparent. This allows you to consider all the details of the transformations.

. Реализация одной из возможных реализаций алгоритма Е² описана в Приложении 2.The cryptogram C _{1 is} re-encrypted using the second cipher E ² using the second key k ₂ :

. The implementation of one of the possible implementations of the E ² algorithm is described in Appendix 2.

Key k ₂ is known both on the transmitting and receiving sides. In the process of forming a cryptogram C _2, it is divided into r blocks. Note that these are completely different blocks compared to the blocks formed during the first encryption of E ¹ . The sizes (volume, capacity, length) of the blocks of the second cryptogram C _{2 are} larger than the sizes of the blocks of the first cryptogram C ₁ . During the second encryption, several blocks of the first cryptogram fall into one block of the second cryptogram. The number of blocks of the first cryptogram that fit in one block of the second cryptogram is not an integer, that is, the numbers m and r are not multiple to each other (see figure 3). For this reason, some blocks of the cryptogram C ₁ can be placed in different blocks of the cryptogram C ₂ .

So, as a result of the second encryption, r blocks of the cryptogram C ₂ are obtained, and the number of blocks in the second cryptogram is r≥n. In other words: the number of separately transmitted blocks r of the cryptogram C ₂ forms at least the number of elements (components, symbols) that the key k ₁ consists _of . The blocks of the C ₂ cryptogram are sequentially numbered during the encryption process. As a result of the second encryption, a cryptogram C ₂ consisting of r blocks is formed on the key k ₂ .

Comments on figure 3.

Blocks b ₁₁ , b ₁₂ , ..., b _{1m of the} cryptogram C ₁ are located in blocks b ₂₁ , b ₂₂ , ..., b _{2r of the} cryptogram C ₂ . Moreover, in block b ₂₁ are placed blocks b ₁₁ , b ₁₂ and part of block b ₁₃ . In block b ₂₁ , the sequence number of this block is covertly indicated. In this case, it is the number 1. In block b _2r , the blocks b _m-1 , b _m are placed and the number r is hidden, which determines the serial number of this block. Key elements k ₁ e ₁ e ₂ e ₃ ... e _{n are} secretly placed in blocks of the cryptogram C ₂ : b ₂₁ , b ₂₂ , ..., b _2n (n≤r). In this case, the sequence numbers of the key elements k ₁ and the sequence numbers of the blocks of the cryptogram C ₂ coincide.

Thus, in blocks of the cryptogram C ₂ are placed blocks of the cryptogram C ₁ , serial numbers of blocks C ₂ and key elements k ₁ . Note that hidden serial numbers are contained in all blocks of the cryptogram C ₂ , and the elements of the key k ₁ - only in part of the blocks of the cryptogram C ₂ .

During the second encryption using the key k _{2, the} elements e ₁ e ₂ e ₃ ... e _{n of the} first key k ₁ are embedded (hidden) in n blocks of the cryptogram C ₂ , and the hidden numbers of the blocks of the cryptogram C ₂ coincide with the serial numbers of the elements e ₁ e ₂ e ₃ ... e _{n of the} first key k ₁ . In other words: the first element e _{1 of} key k _{1 is} hidden in the first block of cryptogram C ₂ , element e _{2 is} hidden in the second block of cryptogram C ₂ , element e _{i of} key k _{1 is} hidden in the ith block of cryptogram C ₂ , and element n of key k ₁ hide in the nth block of the cryptogram C ₂ . Due to this, by the known number of the cryptogram block C ₂ at the reception, you can determine the position of the element e _i in the key k ₁ .

In general terms, the previous paragraph can be formulated as follows. The elements of the key k ₁ are hidden in such a way that the position of the element e _i in the key k ₁ can be determined by the serial number of the cryptogram block b _2i at the reception.

Next, each block of cryptogram C _{2 is} hidden in a separate container. As containers, files of various formats are used (text, graphic, sound, video, HTML-pages, subtitles, program codes, etc.). As a result of this steganographic concealment, r stack containers are obtained in which r blocks of C ₂ cryptogram are embedded (hidden). The implementation of C ₂ cryptogram blocks in containers is performed on the key k ₃ , which determines the types of containers used (text, graphic, sound ...) and features (parameters) of each of r steganographic implementation algorithms.

The number and type of communication channels used determines the secret key k ₄ , which is known both on the transmitting and receiving sides.

Stego containers in a chaotic (pseudo-random) order send (transmit) to the receiving side via S _c (several) communication channels and at pseudo-random times. During such a transfer, an additional rearrangement of C ₂ cryptogram blocks actually occurs (at least in time). Moreover, the transmission of information blocks through communication channels is interspersed with the transmission of masking (camouflage, misinforming) blocks of information. Transfer is carried out in accordance with key k ₄ .

The communication scheme between correspondents A and B is shown in FIG. 4.

Comments on figure 4.

The network has a transmitting side A and a receiving side B. They have at their disposal S = S _c + S _m communication channels. In the current communication session, not all available S channels are used, but only their part S _c . The remaining channels S _m simulate activity (transmit noise, misinformation). Camouflage messages must be transmitted not only on the channels S _m , but also on the channels S _c .

Correspondent A can transmit blocks of cryptogram C ₂ (more precisely, steganogram containers) through various types of telecommunication channels. For example, channels g and h allow direct communication between correspondents. Such channels can be created using radio stations or directly laid communication lines (wired, cable, fiber optic, radio relay).

For communication, local and global networks can be used. So, on channel a, subscriber A can send an e-mail to mail server 1. Subscriber B on channel b has the ability to download this letter. For disguise, emails can be forwarded. A letter from mail server 4 will be automatically forwarded to mail server 5, to which subscriber B has access.

Channels c and d allow you to exchange information, for example, through a file server or messenger server (such as ICQ). Channels g and f can send messages using chat installed on server 3.

Obviously, this graph does not describe all possible options for organizing communications (for example, transmitting information over a wired telephone line or using a wireless mobile telephone network, Wi-Fi, etc.).

Thus, the exchange of information between correspondents is carried out on many telecommunication channels S, of which, in accordance with the key k ₄ , only S _c channels are used in this session. The transfer of information between correspondents is carried out according to a schedule, which is determined by the key k ₄ .

The considered method complicates the procedure for intercepting messages. So cryptanalysts have to consider that at 232 million sites at a certain point in time multimedia containers with steganographic attachments can be placed. Specialized programs scan previously unaccounted domains on the Internet at a speed of 2500 pages per hour. Thus, using multiple Web pages to transmit information reduces the likelihood of a message being intercepted.

Receiving side

. Алгоритм расшифрования D² является обратным по отношению к алгоритму шифрования Е².On the receiving side, one block of cryptogram C ₂ is extracted from each received container steg. When extracting the cryptogram from the container’s container, the key k _{3 is used} . The blocks of the cryptogram C _{2 are} independently decrypted (separately) using the key k ₂ :

. The decryption algorithm D ² is the opposite of the encryption algorithm E ² .

In the process of decryption of r blocks of cryptogram C ₂ , m blocks of cryptogram C ₁ are restored, key elements k ₁ are extracted, block numbers of cryptogram C _{2 are} determined, and therefore, the order (sequence) of placement of n elements e ₁ e ₂ e ₃ ... e _n in the key k ₁ . In this case, the sequence numbers of blocks of the cryptogram C ₂ determine the order of placement of blocks of the cryptogram C ₁ .

.After receiving and extracting all blocks of the cryptogram C ₁ , determining the serial numbers of the blocks, placing the blocks in their places and restoring the received key k ₁ , the cryptogram C ₁ is decrypted and the plaintext is extracted:

.

A detailed description of the encryption and decryption algorithms E ^one  and D ^one

As an algorithm for generating the first cryptogram E ^1, you can use a large number of different block ciphers that differ in cryptographic strength, encryption speed, resistance to attacks of various types, the presence of weak keys, etc. [one].

However, the most valuable property of the block algorithm in this case is the impossibility (more precisely, computational complexity) of decrypting the cryptogram in the absence of at least one block of the cryptogram C ₁ . This decryption resistance should be maintained even with the known (compromised) key k ₁ , on which the cryptogram was encrypted.

DES Algorithm

может быть использован блочный шифр со сцеплением блоков, описанный в прежнем американском стандарте DES [17]. Это позволяет при отсутствии одного блока криптограммы С₁ на приемной стороне предотвратить дешифрацию сцепленного с ним блока криптограммы (вычислительно сложно дешифрировать еще один блок криптограммы).As an algorithm

a block cipher with block coupling described in the former American DES standard [17] can be used. This allows, in the absence of one cryptogram block C ₁ on the receiving side, to prevent decryption of the cryptogram block linked to it (it is computationally difficult to decrypt another cryptogram block).

The block coupling algorithm in the SHS mode is described by the expression:

C _i = E _k (M _i ⊕C _i-1 ).

Before encryption of each block, its bitwise addition is performed according to the Exclusive OR rule with the result of encryption of the previous block.

When encrypting the first block of the cryptogram, the initialization vector C _{0 is used} :

C ₁ = E _k (M ₁ ⊕C ₀ ).

Such an algorithm does not solve the problem, since the absence of several blocks makes it difficult to decrypt only neighboring blocks, and not the entire cryptogram as a whole.

In the future, algorithms (encryption modes), which are conditionally named HALF and FULL, will be considered.

HALF Algorithm

Partially eliminate this drawback allows the following algorithm, in which there is a coupling of all previously formed blocks:

C _i = E _k (M _i ⊕C ₀ ⊕C ₁ ⊕ ... ⊕C _i-2 ⊕C _i-1 ),

moreover, the first block is encrypted in accordance with the expression:

C ₁ = E _k (M ₁ ⊕C ₀ ).

Here C ₀ is the initialization vector (pseudo-random vector).

This algorithm can prevent decryption of the entire cryptogram if the first block of the cryptogram is missing. If the block is lost (not intercepted by cryptanalysts) from the middle of the cryptogram, then it is impossible to decrypt all blocks formed later than the lost block (right blocks, with large indices). Decryption of blocks formed before a lost block (left blocks, with lower indices) occurs standardly and without distortion. If the first block of the cryptogram is lost, decryption of all blocks is impossible. If the last block is lost, decryption of only the lost (not intercepted) block is impossible. A detailed description of this algorithm is given in Appendix 1 (the program is compiled in the Mathcad mathematical system).

The following algorithm allows to completely exclude the possibility of decryption of the cryptogram C ₁ in the absence of at least one cryptogram block.

FULL Algorithm

The main idea of this algorithm is as follows.

The first round of encryption is carried out in accordance with the HALF algorithm. The resulting blocks of the cryptogram are mirrored (the first is the last, the second is the penultimate etc.).

P ₁ = C _m , P ₂ = C _m-1 , ..., P _m-1 = C ₂ , P _m = C ₁ .

The following figures (FIG. 5 and FIG. 6) illustrate these two rounds of encryption.

The new block sequence is re-encrypted using the HALF algorithm (second round).

Z _i = E _k (P _i ⊕Z ₀ ⊕Z ₁ ⊕ ... ⊕Z _i-2 ⊕Z _i-1 ).

As can be seen from the above formulas, the same encryption operation E _k is indicated in the first and second rounds of encryption.

The following considerations should be noted here. As the encryption transformation E _k , any known (suitable) encryption algorithm (cipher) can be used [1]. With this cipher, encryption can be performed twice: in the first and second round.

However, there are options in the implementation of the encryption conversion of the first and second rounds. In each round, you can use different encryption algorithms. For example, in the simplest case, in the first round, you can only rearrange the columns in the matrix (block), and in the second, a cyclic row shift.

The advantages of the proposed method

The inventive method of protecting transmitted information creates several levels of protection of transmitted information.

To crack a cipher, a cryptanalyst (an adversary, an attacker) needs to intercept at least r of its containers (cryptogram blocks C ₂ ), which secretly carry the key k ₁ . The process of intercepting container containers is complicated by the fact that the transmission is carried out over a number of communication channels that are not defined for a cryptanalyst (an attacker) and at pseudorandom moments in time. Communication channels can be very diverse: cable, wired, satellite, radio and radio relay. The transmission of information blocks is interspersed with the transmission of masking (misinforming) blocks. The attacker intercepting several encrypted blocks (not all blocks) and breaking them does not allow decrypting the cryptogram C ₁ , since the key k ₁ changes in each session, and the absence of at least one cryptogram block C ₁ practically prevents the decryption of the cryptogram by cryptanalysts. To a large extent, the decryption of the C ₁ cryptogram is complicated by the use of coupling of all blocks of the cryptogram. Thus, the transmitted plaintext becomes an element of the secret key.

Thus, cryptanalysis will require not only solving cryptanalysis and steganoanalysis problems, but also continuous monitoring of a large number of communication channels. At the same time, the organization of communication and the schedule for sending containers remain unknown to the enemy. Obviously, this is hindered by restrictions on the enemy’s technical resources (the availability of telecommunication means for intercepting messages, high-speed computers and large memory).

Cryptogram blocks (more precisely, containers) can be transmitted over cellular mobile networks (using MMS), over wired telephone networks, over Wi-Fi and Bluetooth wireless local networks, over local, global cable and satellite networks. Containers containing a cryptogram can be sent in chats (Web chats, IRC ...), in instant messengers (ICQ, QIP, MSN ...), secretly posted on Web pages, in Skype, blogs, microblogs (Twitter, Juick, Jaiku ... ), in video hosting (YouTube, RuTube, Yandex-video), in commenting systems (diaries, social networks, guest books), transmitted by e-mail, stored on pre-agreed (selected) file servers, through file-sharing networks (BitTorrent, eDonkey2000 , Direct Connect) and services (Rapideshare, iFolder, Depositefiles), etc.

In addition to the traditional tasks of cryptanalysis and steganoanalysis, cryptanalysts will have to solve the difficult task of continuous monitoring (monitoring) of a wide variety of communication channels, to filter (separate) information and masking messages (blocks). Cryptanalysts need to collect and store information from many sites, servers, monitor a variety of schedules on the global network, conduct radio interception and storage of phone messages, email and regular mail. The task of cryptanalysis is becoming multidimensional and computationally complex. In this case, you can choose such parameters of the information protection system that the technical implementation of cryptanalysis becomes impossible (limitation of computer memory, insufficient monitoring tools, computer speed).

The considered method allows to increase the reliability (noise immunity) of the transmission of classified information by duplicating the transmission of information through different communication channels and at different points in time, which is important in the presence of radio interference or network malfunctions. At the same time, the numbered blocks at the reception make it possible to find the missing block and not use the re-received one.

Many features of this method complicate the already computationally complex cryptanalysis task.

For example, the cryptanalyst’s absence of at least one container (block) container will not allow to restore the key k ₁ , and therefore, to decrypt the cryptogram C ₁ . The key k ₁ cannot be stolen (intercepted, attacked) before the start of the communication session on the transmitting side, since it is not formed in advance. It is created hardware or software in the process of encryption (on the fly). The value of this key is not known even to employees servicing classified equipment.

The inventive method improves cryptographic strength due to the high computational complexity of restoring the key k ₁ in the absence of at least one key element. To implement this idea in one of the variants of the proposed method on the transmitting side, a hash function of the values of the elements k ₁ = h (e ₁ e ₂ ... e _n ) is used as a key. An attacker in the absence of one key element will be forced to find the key not by force matching the missing element, but to repeatedly calculate the hash function. This significantly lengthens the procedure for selecting the missing element.

Bibliographic list

1. Panasenko S.P. Encryption algorithms. Special reference. - SPb .: BHV-Petersburg, 2009 .-- 576 p.

2. Alekseev A.P. Mathematical methods of forming multi-alphabetic ciphers of replacement // Infocommunication technologies, volume 7, No. 2, 2009. Pp. 21-25.

3. Alekseev A.P., Blatov I.A., Makarov M.I., Pokhlebaev V.A. A multi-alphabet adaptive cipher based on integrated transformations // Infocommunication Technologies, Volume 8, No. 1, 2010. Pages 70-75.

4. Alekseev A.P., Orlov V.V. Steganographic and cryptographic methods of information protection: a training manual. - Samara: IUNL PSUTI, 2010 .-- 330 p.

5. Alekseev A.P., Kamyshenkov G.E. The use of computers for mathematical calculations. - Samara: Sail, 1998 - 190 p.

6. GOST 28147-89. Information processing systems. Cryptographic protection. Cryptographic conversion algorithm. - M.: Gosstandart of the USSR, 1989.

7. Agranovsky A.V., Devyanin P.N., Khadi R.A., Cheremushkin A.V. Basics of computer steganography. - M .: Radio and communication. - 152 p.

8. Gribunin V.G., Okov I.N., Turintsev I.V. Digital steganography. - M.: SOLON-Press, 2002 .-- 272 p.

9. Konakhovich G.F., Puzyrenko A.Yu. Computer steganography. Theory and practice. - K .: MK-Press, 2006. - 288 p.

10. Alekseev A.P. Informatics 2007. Textbook with the stamp of UMO. - M.: SOLON-PRESS, 2007 .-- 608 p.

11. Makarov M.I., Bataev A.F., Alekseev A.P. Steganographic methods for embedding information in subtitles of multimedia containers of the ASF, AVI, and MATROSKA formats // Infocommunication Technologies, Volume 8, No. 2, 2010. Pages 32-36.

12. Alekseev A.P. Hiding information in midi files. Abstracts of the Sixth International NTK "Problems of engineering and technology of telecommunications" PTiTT-2008. Kazan 25 ... November 27, 2008, p. 444 ... 445.

13. Orlov V.V., Alekseev A.P. Active Steganography in TCP / IP Networks // Infocommunication Technologies, Volume 7, No. 2, 2009. Pages 73-79.

14. United States Patent US 3,798,359, Horst Feistel. Block Cipher Cryptographic System, Mar.19, 1974.

15. United States Patent US 6317505, Robert D. Powell, Mark J. Nitzberg. Image Marking with Error Correction. Nov 13, 2001.

16. United States Patent US 6798885. Jerry W. Malcolm. Method and apparatur for Encoding security Information in a MIDI Data stream. Sep. 28, 2004.

17. Data Encryption Standard (DES). Federal Information Processing Standards (FIPS). Publication 46-3. 10/25/1999. - 22 P.

18. United States Patent US 7319751. Alexey Kirichenko. Data Encryption. Jan. 15, 2008.

19. US National Institute of Standards. Specification for the Advanced Encryption Standard (AES). Draft Federal Information Processing Standards, Feb. 28, 2001. Based on: J. Daemen and V. Rijmen, "AES Proposal: Rijndael." 20 Sep. 3, 1999.

20. G.J. Simmons, "The Subliminal Channel and Digital Signatures," Advances in Cryptology: Proceedings of EUROCRYPT 84, Springer-Verlag, 1985, pp. 364-378

21. United States Patent US 3798360, Horst Feistel. Step Code Ciphering System. Jun. 30, 1971.

Appendix 2

Adaptive multi-alphabet cipher with integrated conversion and hiding block numbers and key elements

In ciphers of multi-alphabet substitution, each character of the plaintext is assigned not one, but several characters of the replacement alphabet [4]. To create cryptographic ciphers, a different mathematical apparatus can be used, for example, the integral calculus [2].

To increase the cryptographic strength of a cipher, it is possible, using multi-alphabet substitution and integral transforms, to ensure uniform distribution of the numerical data of the cryptogram, divide the cryptogram into blocks in the general case of different lengths, secretly number the blocks (attach additional information to each block) and transmit them via different communication channels.

The main idea of constructing the cipher in question is to form a cryptogram in the form of a uniform mixture of real numbers.

The uniformity of the distribution of real numbers in the cryptogram is achieved (and controlled) by the fact that the encryption process analyzes the resulting distribution of cipher program numbers. For this purpose, a histogram of the distribution of numbers in the cryptogram is continuously constructed. At the same time, the next elements of encryption are formed in such a way that they fall into those places of distribution where lows are observed. The ability to change (vary) the position of the next element of the cryptogram on the numerical axis is due to the fact that the encryption uses a multi-alphabetic replacement and integral transformation [3].

The encryption algorithm is such that a constant analysis of the output distribution is performed and such correction (adaptation) of the cipher is performed, in which the generated cryptogram numbers are brought closer to the uniform distribution law.

Multi-alphanumeric encryption assumes that each character of the plaintext is repeatedly found in the substitution table on different parts of the numerical axis. Table 1 shows a fragment of a simplified multi-alphabetical replacement table (TMZ). In this case, it is believed that the letter “e” is found in the clear text more often than others, and the letter “d” is less likely than others. For this reason, 6 intervals of multi-alphabet substitution are allocated for the letter “e”, and only 2 for the letter “d”.

Table 1. Fragment TMZ Plain text alphabet Replacement intervals but b at g d e [5 ... 6) [2 ... 3) [4 ... 5) [3 ... 4) [1 ... 2) [6 ... 7) [8 ... 9) [10 ... 11) [11 ... 12) [7 ... 8) [9 ... 10) [12 ... 13) [13 ... 14) [14 ... 15) [17 ... 18) [15 ... 16) - [16 ... 17) [18 ... 19) - [21 ... 22) [20 ... 21) - [19 ... 20) [23 ... 24) - - - - [22 ... 23) - - - - - [24 ... 25)

Consider how encryption is performed using a multi-alphabet replacement table. Suppose you want to encrypt the phrase "where is the abba." Encryption can be created in an infinite number of ways. Moreover, it is permissible to replace each letter with any real number from the indicated intervals. Here are two cryptograms for the specified phrase:

15.33-9.101-22.99-18.06-14.57-2.331-5.064

7.105-1.102-12.98-8.473-10.16-14.91-23.26

In the proposed cipher, after multi-alphabetic replacement, an integral conversion of each received number is carried out. This makes it possible to choose one of the limits of integration according to a random law [3]. In this case, it is necessary to find the next integration limit so that the generated number of the cryptogram falls into the zone of greatest failure (in the zone of the global depression) in the histogram.

For encryption with an adaptive (adjustable) cipher, it is necessary to constantly solve the following problem: by the number found in the output distribution (located in the global depression zone), choose a value for the integration limit that will necessarily fall into a given histogram interval. 7 schematically illustrates this idea. After encryption of the next symbol, the histogram is completed (replenished). The maximum value (peak), minimum value (global trough) and dips (local troughs) are highlighted on the histogram. The cryptogram is formed in such a way as to align the existing output distribution (of the numbers in the cryptogram) as much as possible.

Suppose that the largest dip in the histogram is observed in the range of numbers of the generated cryptogram [c _i , c _{i + 1} ]. Suppose that for this integral transformation we use some integrand function f (x):

In order to reduce the depth of the global depression in the histogram, a random number a is generated from the interval [c _i , c _{i + 1} ]. From the multi-alphabet substitution table, the value of the integral I is determined, which corresponds to the encrypted character. Using the known value of the lower limit of integration a and the value of the integral I, find the value of the upper limit of integration b:

b = φ ( a , I)

The resulting numbers a and b are transferred to the line as part of the blocks of cryptogram C ₂ . These numbers are elements of a cryptogram (encryption). Note that the integration limits can also be formed in the reverse order: first choose b, and then calculate a .

Table 2 shows the relationship between the integral and the integration limits for some integrands. Recall that the type of integral transformation is unknown to the enemy, and the correspondents pre-determine the integrand using the key k ₂ .

Table 2. Varieties of the integrand Subpoint. function f (x) Calculation of the lower limit a from the known I and b B restrictions Calculation of the upper limit b from the known I and a Limitations on a x

b ² -2 · I≥0

2I + a ² ≥0 x ²

-

- x ³

b ⁴ -4 · I≥0

4I + a ⁴ ≥0 x ⁴

-

- sinx a = arc cos (cosb + I)

b = arc cos (cos a -I)

1 / x

b> 0

a > 0 C ^x a = log _c (C ^b -I lnC) C ^b > I lnC b = log _c (I lnC + C ^a ) I lnC + C ^a > 0 e ^x a = ln (e ^b -I) e ^b > 1 b = ln (e ^a + I) I> -e ^a

On the receiving side, the type of integrated transform used (integrand) and the configuration of the multi-alphabet substitution table are known. These two elements are determined by the secret key k ₂ . Therefore, the process of decrypting a cryptogram for a legitimate user does not cause difficulties. It comes down to calculating a certain integral over the known values of the lower and upper limits of integration and determining the received symbol from the multi-alphabetic replacement table.

Thus, the generated value a will necessarily fall into the zone of the largest dip (global minimum) of the histogram, and the upper limit of integration b will happen to be in one of the zones of the histogram.

The value of b during the encryption process can also be tried to be approximated to one of the local depressions in the histogram (this value can even fall into the zone of the global depression). For this, it is necessary to perform calculations of the upper limit of integration b for the existing value of the lower limit of integration a , alternately choosing the permissible values of the integral I from the table of multi-alphabetic replacement. When calculating the upper limit of integration b, it is advisable to prevent this number from falling into the peak (maximum) zone of the histogram. All other calculation results (options for choosing the integration limit) are acceptable.

The number of intervals k in a histogram designed to control the output distribution of numbers in a C ₂ cryptogram can be approximately estimated using the Stergess formula [5]:

here n is the number of elements (real numbers) in the cryptogram.

Table 3 shows the dependence of the number of intervals in the histogram k on the length (number of characters) of the ciphertext n.

Table 3. The dependence of the number of intervals on the number of characters n one hundred 1000 10,000 100,000 1,000,000 k 7.64 10.96 14.28 17.6 20.92

Taking into account the fact that during encryption each character of plaintext s is replaced by two real numbers (n = 2 · s), then with the length of plaintext (message) s = 500 characters, the number of intervals k on the histogram is estimated at 10.96 (it should be rounded to the number 11).

The multi-alphabet substitution table serves on the transmitting side to replace the plaintext symbol with some real number. This number is equivalent to the value of a certain integral, for which the values of the upper and lower limits of integration are determined. On the receiving side, a multi-alphabetic replacement table is used to determine the value of the received symbol from the value of a certain integral calculated using the obtained values of the upper and lower integration limits. The multi-alphabet substitution table is an element of the secret key k ₂ .

Consider the order of formation of the multi-alphabet substitution table.

1. First, you need to determine the typical length of text messages that will be encrypted. Let S _max = 50,000 characters. Then the number of real numbers that the cryptogram will consist of is n = 100000.

2. According to the formula (1), one should estimate the number of necessary intervals on the histogram. For the selected value of S _{max, the} number of intervals k = 17.6 (after rounding, k = 18).

3. Determine the total number of intervals (cells) in the multi-alphabetical replacement table t, which should be one to two orders of magnitude greater than the number k. In addition, the number of intervals in TMZ should be at least 5 times the number of characters in the plaintext alphabet. Thus, the number of intervals in the multi-alphabet substitution table lies in the range of 180 ... 1800. Take t = 1000.

4. Find the sum of the normalized frequencies of the characters of the plaintext

Here r is the number of characters in the plaintext alphabet (r = 256 when using all characters of the CP-1251 table, and when using only Russian lowercase or capital letters r = 33); g _i is the normalized frequency.

The normalized frequencies of occurrence of characters in plaintext g _i are obtained by dividing the absolute frequencies by the smallest value of the absolute frequency.

5. Calculate the number of replacement intervals for each i-th character of the plaintext alphabet:

For example, we calculate the number of replacement intervals for the letters "a" and "b":

6. Set the range (width) of the histogram and its position on the numerical axis. This means that the values of a _min and b _{max are set} (this is for cases when a certain integral takes only positive values). Set the width and position on the numerical axis of the multi-alphabet substitution table, that is, determine the values of I _min and I _max . The listed values are interconnected and the relationships between them depend on the type of integrand:

I _max = φ ( a _min , b _max ), a I _min ≈0

For example, for the integrand f (x) = x ^{4, the} right border for the multi-alphabet substitution table is calculated by the formula:

Calculate the width of one replacement interval:

Let Δ = 0.1.

7. Create a multi-alphabetical replacement table in which the width of each replacement interval is ∆ and the total number of replacement intervals is t. All replacement intervals form a continuous interval of numbers of width ∆ · t. For the case under consideration, ∆ · t = 0.1 · 1000 = 100. Each replacement interval is associated with one of the characters of the plaintext alphabet. The number of replacement intervals for the letter “a” is equal to t _a , for the letter “b” is equal to t _b , etc. The replacement intervals for each character are arranged on a numerical axis in random order.

The multi-alphabet substitution table configuration is one of the elements of the secret key. The second element of the key is the form of the integrand. Note that the cryptanalysis of the cipher under consideration is complicated due to the fact that the number selected from TMZ and one of the integration limits are selected according to a random law.

Consider an example of encryption using an adaptive multi-alphabet cipher.

Suppose that at the current time it is necessary to encrypt the letter “c”. Table 1 is used as the first key element. The second element of the secret key is the form of the integrand. Let be

f (x) = x ⁴ .

Suppose that the histogram formed in the previous steps of encryption shows a global depression in the range of numbers [6 ... 10).

To encrypt the letter “c” according to a random law, one of the four replacement intervals is selected from table 1. Suppose that interval 3 is selected, that is (17 ... 18]. A random number is generated from this interval, for example, I = 17.58.

For filling failure in the histogram is generated as a random number from the interval [6 ... 10). Let a = 8.02. Taking into account the Newton-Leibniz formula for the selected integrand, we obtain:

The calculation of the upper limit of integration gives the value: b = 8,024. Thus, both numbers a and b fell into the zone of the global basin. The “scattering” (difference, deviation) of the integration limits in the case under consideration is small.

As an integrand, it is desirable to choose a function for which the amplitude and frequency of the oscillations change significantly with a change in the argument. A graph of such a function is shown in Fig. 8.

When choosing the form of the integrand f (x) and finding the antiderivative F (x), we can use the following considerations. Represent the integrand in the form:

Then, taking into account the known relation

F '(x) = f (x)

for the integrand (2) we get:

F (x) = - cos ω (x).

As ω (x), a large class of functions can be used, for example

ω (x) = Ax + C sin Bx.

Then

f (x) = (A + BC cos Bx) sin (Ax + C sin Bx).

In this case, the antiderivative is defined by the expression

F (x) = - cos (Ax + C sin Bx).

It is clear that the antiderivative should be used in calculating the lower and upper limits of integration, which are elements of the cipher.

Coefficients A, B and C can be used as key elements of the considered cipher.

Spatio-temporal spraying of information

Each block of the cryptogram on the transmission receives a serial number with which the message on reception is restored to the original sequence of blocks, regardless of the order and time of receipt of the blocks of the cryptogram in the communication channels on the transmission. In this cipher, the information to be hidden will be the serial number of the cryptogram block C ₂ and one key element k ₁ .

To hide one key element k _1, 8 bits are required. To hide the block number of the cryptogram, 16 ... 32 bits can be allocated. This means that secretly it is necessary to transmit cryptograms C ₂ 24 ... 40 bits of information in one block.

Embedding information in a cryptogram

The number of each cryptogram block and the key element k _{1 are} represented in binary notation [10]. When hiding, the embedded bit of the binary number is read, and if it is 1, then the column closest to the beginning of the histogram is selected during encryption (if possible, the leftmost column is used).

The expression "select column" should be understood as follows. In the process of encryption, two numbers must be formed: a and b, which are the lower and upper limits of a certain integral. The term “column selection”, introduced for brevity, means the choice of a number that falls within the range of numbers occupied by this column.

If the embedded bit is 0, then the histogram column (more precisely, the interval) is selected with the maximum distance from the beginning of the numerical axis (far right column). If there is no choice among the columns (that is, the only valid histogram interval remains), then the introduction of binary numbers is transferred to the next steps of the algorithm (see Fig. 9). On the receiving side, after decoding the transmitted message according to the received lower and upper limits of integration and the calculated values of the integral, the histogram is gradually restored (reconstructed). At the same time, at the reception, it is necessary to restore the histogram filling sequence implemented on the transmitting side.

Consider an example in which a multi-alphabetic replacement table is compiled so that for a given integrand, for example x ⁴ , the integration limit could be selected from all intervals of the histogram. Assume that the number of intervals (histogram columns) is five. Let the next cryptogram block need to be assigned a decimal ordinal number 44 (binary number 101100). Note that the implementation of the key element k _{1 is} carried out similarly to the implementation of the serial number.

In the initial state of the histogram (at the moment encryption started), all intervals of the histogram are empty (there are no columns yet). Since the first bit (the most significant bit of the number) of the hidden block number is 1, the integration limit is selected from the interval of the first column of the histogram (leftmost column, Fig. 10a).

Next, a preliminary calculation of the second integration limit for all possible values of the integral for a given encrypted character (letter) is performed. In this example, the TMZ is designed so that the integration limit can fall in any interval of the histogram. At this stage, a choice is made between the intervals (columns) 2, 3, 4, and 5. Since the second bit of the number to be hidden is 0, a number (integration limit) is selected from the fifth interval (rightmost column, Fig. 10b).

Consider the process of encrypting the second character of the cryptogram C ₁ . The interval is selected among the columns with numbers 2, 3, and 4. Since it is necessary to hide the bit with the value 1 (third bit), then column 2 (the leftmost among the empty columns of the histogram, Fig.10c) is selected. For the value of the second integration limit, the interval of numbers covered by columns 3 and 4 is selected. When hiding the fourth bit of the hidden number, which is 1, the third range is selected (the leftmost among the minimally filled histogram columns, Fig. 10d).

The next stage is the choice of the interval for the first limit of integration of the third letter. In this situation, there is no choice, since there is only one valid interval - the fourth, from where the next integration limit is chosen. In such cases (when there is no choice between two valid columns), it is impossible to hide the next bit of the number. In this situation, information hiding does not occur, but the cryptogram is regularly formed (Fig. 10d).

Then the second integration limit for the third letter is selected. Now there are five intervals with minimum filling - 1, 2, 3, 4 and 5. Now you need to hide the fifth bit of the binary number (block number) equal to 0. The rightmost column is selected - the fifth (Fig. 10f). Next, the first integration limit for the fourth letter is selected from the intervals with numbers 1, 2, 3, and 4. Since it is required to hide the bit equal to 0, the fourth interval is selected (rightmost valid, Fig. 10g).

Splitting a cryptogram into separate blocks

The partitioning of the C ₂ cryptogram into blocks occurs in those places of the algorithm (at those times), when during encryption all columns of the histogram have the same height.

Thus, each block of the cryptogram C ₂ at the reception can be decrypted separately, setting all the initial values of the histogram to zero. This will lead to the correct decryption of each cryptogram block and the correct extraction of the hidden block number and one key element k ₁ .

The following figure (Fig. 11) shows the user interface of a program that implements an adaptive multi-alphanumeric cipher with hiding additional information in cryptogram blocks.

Claims (6)

1. The method of covert transmission of encrypted information over multiple communication channels, which consists in the fact that correspondents exchange secret keys, break open text into blocks, encrypt these blocks using a block-linked cipher

on the key k ₁ consisting of elements e ₁ e ₂ e ₃ ... e _n , resulting in a cryptogram C ₁ consisting of m blocks, characterized in that the obtained m concatenated blocks of the first cryptogram C _{1 are} re-encrypted with a cipher

on the key k ₂ , as a result of the second encryption, a second cryptogram C ₂ consisting of r blocks is obtained, several blocks of the first cryptogram C ₁ are placed in each block of the second cryptogram C ₂ , all blocks of the second cryptogram C ₂ are hiddenly numbered, in n blocks of the second C ₂ cryptograms secretly place n key elements k ₁ , r blocks of the second C ₂ cryptogram steganographically hide in r containers of various types using key k ₃ , which determines the type of container and secret parameters of the implementation algorithms, r forwarding containers using several communication channels in accordance with the organization diagram and the communication schedule that defines the key k ₄ , on the receiving side, information is extracted from steganographic containers using the key k ₃ , the second cryptogram C ₂ is decrypted using the key k ₂ , as a result of decryption, first cryptogram C _1, decryption of n blocks of the second cryptogram C ₂ n elements extracted key k ₁ and their sequence numbers are composed of elements e ₁ e ₂ e ₃ -e _n key k _1, which is used to decrypt the first cryptogram C _1. 2. The method according to claim 1, characterized in that as a cipher with a clutch

use a cipher in which all blocks of the first cryptogram are coupled in the following sequence:

the specified encryption conversion is performed again, and when re-encrypting, the blocks of the cryptogram obtained after the first encryption are rearranged in places where C ₀ is the initialization vector (pseudo-random vector); C _i - the next block of the cryptogram; k ₁ - encryption key; M _i - another block of plaintext;

- encryption transformation on the key k ₁ ; ⊕ - logical operation Exclusive OR. 3. The method according to claim 1, characterized in that as a cipher

for the formation of the second cryptogram C ₂ , an adaptive multi-alphabetic cipher with integral transformation is used, when implemented, a secret multi-alphabetic replacement table is compiled, a secret integrand f (x) is selected, secret information in the form of a key k _{2 is} previously transmitted to the receiving side, during encryption on the transmitting side, each plaintext symbol is replaced by a real number I from the multi-alphabetic substitution table, a random number is generated in such a way as to ensure uniformity l the histogram that describes the distribution of numbers in the generated second cryptogram C ₂ , calculate the second number b taking into account the used integrand function f (x), selected I and a by the formula b = φ (a, I), which is determined by the type of integrand, hiding the cryptogram block number and one key element k ₁ by encoding binary information by changing the position of the integration limits in the histogram, the generated numbers a and b are transmitted to the receiving side, on the receiving side, the received numbers a and b use d To calculate the integral

, using the calculated number I, the plaintext symbol is determined from the multi-alphabetical replacement table, the sequence of placing the numbers a and b in the histogram is analyzed, and hidden information is extracted. 4. The method according to claim 1, characterized in that when organizing communication between correspondents, S = S _c + S _m available communication channels are used, and in the current communication session, using the key k ₄ , not all are allocated, but only a part of the available communication channels S _c , through all available communication channels S = S _c + S _m continuously transmit camouflage signals, and the transmission of signals carrying useful information is carried out at pseudo-random times. 5. The method according to claim 1, characterized in that the transmitting and receiving sides pre-exchange keys K (k ₂ , k ₃ , k ₄ ), which determine the secret parameters of the second cipher E ² , the type of containers and the parameters of the algorithms for embedding information in the container , the communication organization scheme and the information transfer schedule, and the key k _{1 is} generated on the fly only on the transmitting side at the time of formation of the blocks of the first cryptogram C ₁ and is not previously transmitted to the receiving side, but elements of the key k ₁ are covertly placed in several blocks of the second crypt C ₂ programs. 6. The method according to claim 1, characterized in that the encryption of the blocks of the first cryptogram C ₁ on the transmitting side is carried out on the key k ₁ , for determining which the hash function from the elements e ₁ e ₂ e ₃ ... e _n is repeatedly calculated, on the receiving side using the elements e ₁ e ₂ e ₃ -e _n repeatedly calculate the hash function, the value of which is used as the key k ₁ to decrypt the first cryptogram C ₁ .

Images