V.I. Budzko1, D.A. Melnikov2, V.G. Belenkov3, V.I. Korolev4

1−4 FRC «Computer Science and Control» RAS (Moscow, Russia)

1 National Research Nuclear University MEPhI

4 Financial University under the Government of the Russian Federation (Moscow, Russia)

The article discusses the features of the use of the cryptographic information protection means (CIPM)in the environment of distributed processing and storage of data of large information and telecommunication systems (LITS).A brief characteristic is given of the properties of the cryptographic protection control subsystem - the key system (CS). A description is given of symmetric and asymmetric cryptographic systems, required to describe the problem of using KS in LITS.Functional and structural models of the use of KS and CIPM in LITS, are described. Generalized information about the features of using KS in LITS is given.

The obtained results form the basis for further work on the development of the architecture and principles of KS construction in LITS that implement distributed data processing and storage technologies. They can be used both as a methodological guide, and when carrying out specific work on the creation and development of systems that implement these technologies, as well as when forming technical specifications for the implementation of work on the creation of such systems.

Budzko V.I., Melnikov D.A., Belenkov V.G., Korolev V.I. Keysystems in large systems implementingdistributed data processing and storage technologies. Highly Available Systems. 2021. V. 17. № 3. P. 5−15. DOI: https://doi.org/10.18127/j20729472-202103-01  (in Russian)

1. ISO/IEC. Information technology – Security techniques – Information security management systems – Requirements. International Standard ISO/IEC27001. Second edition2013-10. URI: https://www.iso.org/ru/standard/54534.html.
2. Fomichjov V.M., Mel'nikov D.A. Kriptograficheskie metody zashhity informacii: Ucheb. (v dvuh chastjah). M.: Jurajt. 2016. ISBN978-5534-01741-0, ISBN 978-5-534-01740-3 (in Russian).
3. Budzko V.I., Mel'nikov D.A., Fomichjov V.M. Bazovye trebovanija k podsistemam obespechenija kriptokljuchami v informaci-onnotehnologicheskih sistemah vysokoj dostupnosti. Sistemy vysokoj dostupnosti. 2016. T. 12 № 3. URI: http:// radiotec.ru/ru/journal/Highly_available_systems/number/2016-3. (in Russian)
4. ISO/IEC. Informationtechnology – Security techniques – Keymanagement – Part 1: Framework. International Standard ISO/IEC11770-1. Second edition2010-12-01. URI: https:// www.iso.org/ru/standard/53456.html.
5. ISO/IEC. Information technology – Security techniques – Information security management systems – Overview and vocabulary. International Standard ISO/IEC27000. Fifth edition2018-02. URI: https://www.iso.org/ru/standard/73906.html.
6. Budzko V.I., Mel'nikov D.A., Fomichjov V.M. Politiki bezopasnosti v podsistemah obespechenija kriptokljuchami informa-cionno-tehnologicheskih sistem vysokoj dostupnosti..Sistemy vysokoj dostupnosti.2016.T.12 № 3.URI: http://radiotec.ru/ru/journal/Highly_available_systems/number/2016-3 (in Russian).
7. NIST. A Framework for Designing Cryptographic Key Management Systems. Special Publication (SP) 800-130, August 2013. URI: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-130.pdf.
8. ITU-T. Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks. Recommendation Х.509, 2019. URI: https://www.itu. int/rec/T-REC-X.509-201910-I/en.
9. ITU-T. Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems: Access Control Framework. Recommendation Х.812, 1995. URI: https://www. itu.int/rec/T-REC-X.812-199511-I/en.
10. ITU-T. Information Technology – Open Systems Interconnection – Security Frameworks for Open Systems:Non-repudiation framework. Recommendation Х.813, 1996. URI: https://www.itu.int/rec/T-REC-X.813-199610-I/en.
11. OASIS. Key Management Interoperability Protocol Specification, Version 1.2. OASIS Standard.19 May 2015. URI: http://docs.oasisopen.org/kmip/spec/v1.2/os/kmip-spec-v1.2-os.pdf.