RU2846307C1 - Method for information-logical interaction of modules of a quantum cryptographic system (qcs) with information cryptographic protection means (icpm) for joint generation of encryption keys in the automated information security control system of the switching control centre (scc) of the program-configurable network - Google Patents

Abstract

FIELD: information technology.

SUBSTANCE: invention relates to information technology. Method includes determining a sequence of actions for transmitting requests and receiving messages for initiating transmission of quantum values between modules of a quantum system sender (MQSS), a quantum system recipient (MQSR) and ICPM, QCS status request, QCS status message, PRS generation request, request for generation of quantum value, transfer of quantum value to ICPM.

EFFECT: enabling generation of encryption keys for network traffic data of program-configured networks using a quantum cryptographic system.

1 cl, 1 dwg, 6 tbl

Description

The invention relates to the field of information technology (IT), in particular to the interaction of subsystems of means of protecting information from unauthorized use and distribution.

There are no known methods for implementing information-logical interaction between a quantum cryptographic system (QCS) and cryptographic information protection tools (CIPS) for the joint formation of data encryption keys.

The technical results achieved as a result of solving the set task are: providing the ability for the KKS to form and transmit coded quantum states to the CIPF; providing the ability to form a key matrix in the ARM-R based on the obtained quantum states; providing the ability to control the sender and recipient modules of the KKS; providing the organization of a service channel between the KKS modules with the ability to authenticate the subscriber; providing the ability to transmit a pseudo-random sequence to the KKS modules that meets the specified requirements.

The specified technical result is achieved in that the interaction method determines the list of interaction channels, the composition and structure of requests and messages between the modules of the quantum system sender (MSS), the quantum system receiver (QSR) and the cryptographic information protection system (CIPF) (request for the state of the QSR, message for the state of the QSR, request for the formation of the PSP, request for the formation of a quantum value, transmission of a quantum value), a description of the sequence of transmission and reception of requests and responses to requests and the initialization of the transmission of quantum values.

When turning on the SKZI products, with a period of 10 seconds, it generates “Status Requests” to the KKS product.

States:

- disabled (no response to "Status Request");

- ready for initialization (at least one "Status Request Response" with a non-zero value has been generated);

- ready to receive a pseudo-random sequence;

- Job.

Upon receipt of the first "Response..." from the KKS product, the SKZI product analyzes the "Response..." information field "Request for receiving PSP". If the value is 0×40 (or any other non-zero value), a one-time "Request with initializing PSP" is generated to start the pseudo-random sensor. After confirmation from the KKS product about receiving PSP, transition to the "Work" state.

The diagram of the organization of information interaction is shown in Fig. 1, where:

1 - service channel of the KKS,

2 - pseudo-random sequence (primary keys),

3 - quantum quantities (keys).

The connection between the CIPF and the KKS is provided via a physical 1Gb Ethernet connection. At the transport level, the exchange is provided via the UDP (User Datagram Protocol) protocol with a useful data volume of no more than 1432 bytes. If the data volume is less than 1432 bytes, the packet is sent without padding. The order of the data bytes is big-endian.

MAC and IP address values in the Ethernet frame are ignored by the KKS. Port 5552 is used for message exchange between the CIPF and the KKS, and port 5554 is used for service traffic between the KKS.

The terms "port 5552" and "port 5554" are defined by the IETF RFC 761 standard:

TCP port 5552 uses the Transmission Control Protocol (TCP), which is one of the fundamental protocols in TCP/IP networks. TCP is a connection-oriented protocol and requires handshaking to establish end-to-end communication. Only after a connection is established can user data be forwarded to the sides. TCP port 5554 uses the Transmission Control Protocol (TCP), which is one of the fundamental protocols in TCP/IP networks. TCP is a connection-oriented protocol and requires handshaking to establish end-to-end communication. Only after a connection is established can user data be forwarded in both directions.

Each UDP packet has a CRC32 checksum. The checksum calculation algorithm is identical to the FCS (Frame Check Sequence, four-byte CRC) calculation algorithm. All fields in the UDP payload are in network byte order (big-endian), except for the CRC32 field, which is in reverse byte order (little-endian).

Logical organization of interaction

When the quantum system sender module (QSM) and the quantum system receiver modules (QRM) and the CIPF are turned on, the CIPF product starts generating "Status Requests" to the QMS modules via the service channel (1) with a period of 10 seconds. The QMS module is considered to be turned on and is in the "Initialization" mode if at least one "Response to Status Request" has been generated. For requests of another type, the QMS module generates a response with the content of information field 4 "Result Code" equal to 0×00 00 00 02, which means that the command cannot be executed.

Upon receipt of the first "Response..." from the KKS module, the CIPF product analyzes information field 17 of the "Response..." "Request for receiving the PSP". If the value is 0×40 (or any other non-zero value), a one-time "Request with initializing PSP" (2) is generated to start the PDS in the KKS modules. After confirmation from the KKS module about receiving the PSP, it is considered that the KKS module goes into the "Work" state.

Subsequently, the cryptographic information protection tool analyzes the value in information field 17 of the “Response...” and, if the value is non-zero, generates a “Request with initializing PSP”.

The status request has the structure shown in Table 1.

The response to the status request has the structure shown in Table 2.

Request with initializing PSP

The message for transmitting the initialization sequence to the KKS modules is generated by the CIPF. This message is generated if there is a value of 0×01 in the information field 17 of the "Response to the status request".

The KKS module provides the issuance of a response receipt of a message containing an initialization sequence.

The request has the structure presented in Table 3.

The structure of the response to a request with an initializing PSP is presented in Table 4.

Upon request, the protocol ensures delivery of quantum quantities (3) from the KKS to the CIPF. All quantum quantities have a fixed bit length equal to 512 bits. Quantum quantities are formed with the "local" and "global" attributes. The structure of the quantum quantity request is presented in Table 5, the structure of the response to the quantum quantity request is presented in Table 6.

Claims (1)

A method of information and logical interaction via a service channel of modules of a quantum cryptographic system (QCS) with cryptographic information protection tools (CIPF) for joint formation of data encryption keys, implemented by a sequence of actions: formation and sending from the CIPF a request about the state of the QCS: switched off, ready for initialization, ready to receive a pseudo-random sequence, operation; receiving a response from the QCS about the states; receiving from the QCS a request for transmission of a pseudo-random sequence (PRS); transmission of a pseudo-random sequence to the QCS; formation and sending a request to the QCS for formation of a quantum value; receiving a quantum value in the CIPF.