FPS-fe

File Protect System (version FPS-II fe) is a specialized, hybrid application for managing the life cycle of critical information that is stored on local or server data devices.

The application allows the following actions:

• Encrypt or decrypt selected files and folders; • Management of the cryptographic primitives used; • Storing the used primitives in secure electronic notebooks (test only); • Management of delta cryptographic primitives (implicit security primitives, ISP); • Formation of session secret keys based on randomly selected delta primitives (CDP encryption); • Recording the critical information in implicit security form. • Management of digital certificates (generation, export, signing, etc.); • Secure electronic notebooks for storing digital certificates and secret keys (test only); • Management of cryptographic processes for file packages; • Design and implementation of meta scenarios for the protection of digital data; • Real-time processes control; • Automatic formation of official reports (test only); • Management of the processes related to the destruction of critical information, etc.

FIELD OF APPLICATION

Protecting large arrays of files located on different media is a complex and difficult process to perform.

Procedures related to the storage, editing, transfer, and destruction of files are of utmost importance to ensure compliance with security protocols during the exploitation cycle.

Statistics show that most unauthorized access attempts aim at the critical information in specific files, including the authentication certificates used.

FPS enables the maximum reduction of risks by using a set of highly effective professional solutions to protect both specific groups of files and any information located on data storage devices

The application uses some of the most effective standard encryption algorithms used by government organizations and corporate structures.

The module for the formation of service reports makes the application an indispensable tool when building cyber security systems that meet the requirements of ISO - ISO/IEC 27001 and ISO - ISO/IEC 27002.

The development process used both standard algorithms described in NIST SP 800-88 and NIST SP 800-90A, which include Hash DRBG (based on a hash function), HMAC DRBG (based on HMAC), and CTR DRBG (based on block ciphers in counter mode), as well as some specific solutions used in the technology BS 1443, BS 7122, etc.

TECHNOLOGICAL SOLUTIONS

The correct choice of algorithms and software technologies for digital data encryption is a guarantee of the high efficiency and reliability of the application.

The application uses a set of standard and modified algorithms for encrypting mechanisms.

The following standard algorithms are used in the base versions:

STANDARD ENCRYPTION ALGORITHMS (basic technologies)

• 1 DES (symmetric-key algorithm) • 2 DDES (symmetric-key algorithm) • 2 DES (symmetric-key algorithm) • 3 DDES (symmetric-key algorithm) • 3 DES (symmetric-key algorithm) • 3 TDES (symmetric-key algorithm) • 3 Way ( block cipher) • Blowfish (symmetric-key block cipher) • Cast 128 (block cipher) • Cast 256 (block cipher) • DES (symmetric-key algorithm) • GOST 28147-89 (RFC 5830, symmetric key block cipher) • IDEA (symmetric-key block cipher) • Mars (block cipher) • Misty (block cipher) • Q 128 (block cipher) • RC 2 (ARC2, symmetric-key block cipher) • RC 4 (ARC4, symmetric-key block cipher) • RC 5 (ARC5, symmetric-key block cipher) • RC 6 (ARC6, symmetric-key block cipher) • Rijndael/AES ( symmetric-key algorithm) • SAFER (block cipher) • Sapphire (stream cipher) • SCOP (steam cipher) • Shark (block cipher) • Skipjack (block cipher) • Square (block cipher) • TEA ( block cipher) • TEAN (block cipher) • Twofish (symmetric key block cipher)

AFFORDABLE HASH FUNCTIONS (basic technologies)

• Haval 128 • Haval 160 • Haval 192 • Haval 224 • Haval 256 • MD2 • MD4 • MD5 • Panama • RipeMD 128 • RipeMD 160 • RipeMD 256 • RipeMD 320 • Sapphire • SHA0 • SHA1 • SHA256 • SHA384 • SHA512 • Snefru 128 • Snefru 256 • Square • Tiger • Whirlpool 0 • Whirlpool 1 • Whirlpool T

STANDARD ENCRYPTION MODES (basic technologies)

• CBC (Cipher Block Chaining) • CFB (Cipher Feedback) • CFB8 (Cipher Feedback 8) • CFS (Cryptographic File System) • CFS8 (Cryptographic File System 8) • CTS (Ciphertext Stealing) • OFB (Output Feedback Mode) • OFB8 (Output Feedback Mode 8) • ECB (Electronic Code Book)

The available hybrid solutions for the non-special purpose versions are as follows:

SPECIAL ALGORITHMS (hybrid technology)

• BS Standard Protection Mode (SPM) - Crypto-mechanisms are generated by using specialized control panels. Each of these crypto mechanisms uses a set of cryptographic primitives that can be session-based or stored in highly secure digital containers.

BS Package Protection Mode (PPM) - The crypto mechanisms used are common to each of the files, information about which is contained in the file package. In case of need, individual elements of the crypto mechanisms can be hardware-dependent or be tied to the use of control strings.

• BS Hybrid Protection Mode (HPM) - In this case, each of the files in the package is encrypted using a session crypto mechanism, which is formed based on the information in the electronic notebook and the specialized areas in the control strings. In addition, individual elements of the meta-information about the files and folders stored in the package are used.

ACCORDANCE WITH ACCEPTED STANDARDS:

• ISO 10116: Information Processing - Modes of Operation for an n-bit block cipher algorithm. • ISO 9797: Data cryptographic techniques - Data integrity mechanism using a cryptographic check function employing a block cipher algorithm. • ISO 9798-2: Information technology - Security techniques - Entity authentication mechanisms - Part 2: Entity authentication using symmetric techniques. • ISO 10118-2: Information technology - Security techniques - Hash-functions - Part 2: Hash-functions using an n-bit block cipher algorithm. • ISO 11770-2: Information technology - Security techniques - Key management - Part 2: Key management mechanisms using symmetric techniques. • FIPS 140 - Federal Information Processing Standard (FIPS) 140-2, Security Requirements for Cryptographic Modules, May 25, 2001 (including Change Notices as of December 3, 2002). • FIPS 180 - Federal Information Processing Standard (FIPS) 180-4, Secure Hash Standard (SHS), March 2012. • FIPS 197 - Federal Information Processing Standard (FIPS) 197, Advanced Encryption Standard (AES), November 2001. • FIPS 198 - Federal Information Processing Standard (FIPS) 198-1, The Keyed-Hash Message Authentication Code (HMAC), July 2008. • SP 800-38D - National Institute of Standards and Technology Special Publication (SP) 800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, November 2007. • SP 800-57 - NIST Special Publication (SP) 800-57 Part 1 Revision 3, Recommendation for Key Management - Part 1: General, July 2012. • SP 800-90B - NIST Special Publication (SP) 800-90B (Draft), Recommendation for the Entropy Sources Used for Random Bit Generation, August 2012. • SP 800-90C - NIST Special Publication (SP) 800-90C (Draft), Recommendation for Random Bit Generator (RBG) Constructions, August 2012. • SP 800-107 - NIST Special Publication (SP) 800-107 Revision 1, Recommendation for Applications Using Approved Hash Algorithms, August 2012 etc.