File Protect System (version FPS-II se) is a specialized, hybrid application for managing the life cycle of critical information that is stored on local or server data devices.
The application allows the following actions:
• Encrypt or decrypt selected files and folders;
• Management of the cryptographic primitives used;
• Storing the used primitives in secure electronic notebooks;
• Management of delta cryptographic primitives (implicit security primitives, ISP);
• Formation of session secret keys based on randomly selected delta primitives (CDP encryption);
• Recording the critical information in implicit security form.
• Management of digital certificates (generation, export, signing, etc.);
• Secure electronic notebooks for storing digital certificates and secret keys;
• Management of cryptographic processes for file packages;
• Design and implementation of meta scenarios for the protection of digital data;
• Real-time processes control;
• Automatic formation of official reports;
• Management of the processes related to the destruction of critical information, etc.
FIELD OF APPLICATION
Protecting large arrays of files located on different media is a complex and difficult process to perform.
Procedures related to the storage, editing, transfer, and destruction of files are of utmost importance to ensure compliance with security protocols during the exploitation cycle.
Statistics show that most unauthorized access attempts aim at the critical information in specific files, including the authentication certificates used.
FPS enables the maximum reduction of risks by using a set of highly effective professional solutions to protect both specific groups of files and any information located on data storage devices
The application uses some of the most effective standard encryption algorithms used by government organizations and corporate structures.
The module for the formation of service reports makes the application an indispensable tool when building cyber security systems that meet the requirements of ISO - ISO/IEC 27001 and ISO - ISO/IEC 27002.
The development process used both standard algorithms described in NIST SP 800-88 and NIST SP 800-90A, which include Hash DRBG (based on a hash function), HMAC DRBG (based on HMAC), and CTR DRBG (based on block ciphers in counter mode), as well as some specific solutions used in the technology BS 1443, BS 7122, etc.
The correct choice of algorithms and software technologies for digital data encryption is a guarantee of the high efficiency and reliability of the application.
The application uses a set of standard and modified algorithms for encrypting mechanisms.
The following standard algorithms are used in the base versions:
STANDARD ENCRYPTION ALGORITHMS
• CAST-128 [ CAST-5 ]
• CAST-256 [ CAST-6 ]
• Data Encryption Standard [ DES ]
• Triple DES [ 3DES ]
• Information Concealment Engine [ ICE ]
• Thin-ICE [Information Concealment Engine]
• Information Concealment Engine 2 [ ICE-2 ]
• IDEA [ PGP ]
• MISTY1 [ MISTY-1 ]
• Ron’s Code or Rivest’s Cipher 2 [ RC-2 ]
• Ron’s Code or Rivest’s Cipher 4 [ RC-4 ]
• Ron’s Code or Rivest’s Cipher 5 [ RC-5 ]
• Ron’s Code or Rivest’s Cipher 6 [ RC-6 ]
• Advanced Encryption Standard [ AES, Rijndael ]
• Tiny Encryption Algorithm [ TEA ]
AFFORDABLE HASH FUNCTIONS
• Haval [ 256 Bit, 5 passes ]
• Message Digest 4 [ MD-4 ]
• Message Digest 5 [ MD-5 ]
• Secure Hash Algorithm 1 [ SHA-1 ]
• SHA-256 [ SHA-2 family ]
• SHA-384 [ SHA-2 family ]
• SHA-512 [ SHA-2 family ]
STANDARD ENCRYPTION MODES
• CBC (Cipher Block Chaining)
• CFB (Cipher Feedback)
• CFB8 (Cipher Feedback 8)
• CTR (Counter Mode )
• OFB (Output Feedback Mode)
The available hybrid solutions for the non-special purpose versions are as follows:
• BS Standard Protection Mode (SPM) - Crypto-mechanisms are generated by using specialized control panels. Each of these crypto mechanisms uses a set of cryptographic primitives that can be session-based or stored in highly secure digital containers.
BS Package Protection Mode (PPM) - The crypto mechanisms used are common to each of the files, information about which is contained in the file package. In case of need, individual elements of the crypto mechanisms can be hardware dependent or be tied to the use of control strings.
• BS Hybrid Protection Mode (HPM) - In this case, each of the files in the package is encrypted using a session crypto mechanism, which is formed based on the information in the electronic notebook and the specialized areas in the control strings. In addition, individual elements of the meta-information about the files and folders stored in the package are used.
ACCORDANCE WITH ACCEPTED STANDARDS:
• ISO 10116: Information Processing - Modes of Operation for an n-bit block cipher algorithm.
• ISO 9797: Data cryptographic techniques - Data integrity mechanism using a cryptographic check function employing a block cipher algorithm.
• ISO 9798-2: Information technology - Security techniques - Entity authentication mechanisms - Part 2: Entity authentication using symmetric techniques.
• ISO 10118-2: Information technology - Security techniques - Hash-functions - Part 2: Hash-functions using an n-bit block cipher algorithm.
• ISO 11770-2: Information technology - Security techniques - Key management - Part 2: Key management mechanisms using symmetric techniques.
• FIPS 140 - Federal Information Processing Standard (FIPS) 140-2, Security Requirements for Cryptographic Modules, May 25, 2001
(including Change Notices as of December 3, 2002).
• FIPS 180 - Federal Information Processing Standard (FIPS) 180-4, Secure Hash Standard (SHS), March 2012.
• FIPS 197 - Federal Information Processing Standard (FIPS) 197, Advanced Encryption Standard (AES), November 2001.
• FIPS 198 - Federal Information Processing Standard (FIPS) 198-1, The Keyed-Hash Message Authentication Code (HMAC), July 2008.
• SP 800-38D - National Institute of Standards and Technology Special Publication (SP) 800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, November 2007.
• SP 800-57 - NIST Special Publication (SP) 800-57 Part 1 Revision 3, Recommendation for Key Management - Part 1: General, July 2012.
• SP 800-90B - NIST Special Publication (SP) 800-90B (Draft), Recommendation for the Entropy Sources Used for Random Bit Generation, August 2012.
• SP 800-90C - NIST Special Publication (SP) 800-90C (Draft), Recommendation for Random Bit Generator (RBG) Constructions, August 2012.
• SP 800-107 - NIST Special Publication (SP) 800-107 Revision 1, Recommendation for Applications Using Approved Hash Algorithms, August 2012 etc.