Today’s Enterprise Article competition entry is from Georgi T. Gerasimov from Gatelink Ltd in Bulgaria. Georgi sent us a remarkably detailed paper where he describes the challenges of being asked for Windows app development that would securely protect digital data when one of the constraints was that it had to do the encryption work in under 34 milliseconds. You know it’s going to be a challenging coding assignment when one part of the program requirements includes the phrase “post-quantum protection of digital data“.
Table of Contents
Staging of the problem
In 2022, our company received a proposal to design and develop an enterprise business application for digital data protection. The project was very limited both in terms of budget and development time.
The client‘s requirements were formulated around a carefully conducted analysis of existing problems that require flexible, complex, and working solutions. A significant challenge that we faced, in the beginning, was the initial requirements that were conflicting with the standard protocols for critical information protection.
The restrictions imposed included the following irrevocable requirements:
- It is allowed to store files containing critical information on external devices, including portable ones.
- The information must be protected from unauthorized access, even if unauthorized persons have access to user passwords and secret keys used by both end users and employees with master administrator system access privileges.
- Each secure transaction to the databases should be processed for a period that is less than 34 milliseconds.
The deadline for implementation of the project was 90 (ninety) days from the date of signing the agreement with the client. It is important to note that the design, development, and system integration of program solutions should be carried out.
As a result of careful planning, it was decided to draw up three independent applications as follows:
- Specialized system for protection against unauthorized access to files containing critical information.
- Platform-independent application for secure messaging.
- A hybrid application that allows establishing a secure environment for processing secure transactions when working with databases.
The subject of this article is the problems and the approach to their resolution, which we used in the development of the first of these solutions, namely the protection of files containing critical information.
Rationale for choice of development environment
The reason we chose RAD Studio as a development environment is not only due to the experience we had at our disposal but also to the proven advantages of this tool.
An important factor in justifying this choice was the ability to combine intuitive code with modules written in assembler. This, along with the possibility of cross-platform programming, are some of the biggest advantages that RAD Studio provides to developers.
Another advantage that determined our final choice is the quality of the available components and program libraries, the available technical documentation, the convenient tools for testing, refactoring, and documentation, as well as the exceptional efficiency and high degree of reliability of the applications developed using Delphi.
As mentioned at the beginning of the article, the requirements set by the client went beyond the limits of all known security protocols.
In this specific case, we had to combine both proven standard cryptographic solutions and methods known to us from the object-relational encryption of digital data. This is an extremely serious challenge because it implies the unification of two mutually exclusive approaches.
To understand the importance and advantages provided by RAD Studio and Delphi in particular, in the development of hybrid solutions for the protection of large information arrays, so please allow some explanation on the subject taken from an article called: “Contemporary forms of information protection”, related to the use of fuzzy logic in object-relational encryption using control strings for generation of cryptographic mechanisms.
The technological solutions used in object-relational encryption are combined based on the following input data:
- Nature of the information being processed (operational or strategic);
- Devices used to store and transfer the data (specialized media or computer network);
- The programming language used.
Each of the listed indicators is of critical importance in the correct choice of a technological solution. Another characteristic of object-relational encryption is that it does not always present information in its usual form.
Let’s look at a typical example using fuzzy logic to represent numerical information.
Example:
Let us consider the following fuzzy set:
In this case, the number 7 is represented as 40% of the number 3 and 60% of the number 4. For all other numbers, it is 0%.
If the definition of the number seven is written in this way, it will be easy to define the connection between the number and the set, but for the set:
such a claim would be open to reasonable doubt.
The reason for this is the presence of “parasitic elements” marked in red. In the particular example, the sequence of parasitic elements follows a certain logic, but in real applications, they are randomly distributed, which significantly complicates the subsequent cryptanalysis, even when it is carried out with the help of specialized hardware and software tools. Also, in the given an example, the information noise is greater than the useful information, but this should not be considered a necessary condition.
Let’s add “Seven” to the first set and transform it into a series of symbols that look like this:
The recorded string can be defined as follows:
In the second case, variables of type AnsiString
cannot be included as elements of the structure record. This also applies to dynamic arrays.
Thus, the MyFuzzySet
type can describe any type of information (audio, video, text, binary, or other) using fuzzy logic. The same is true for variables of type AnsiString
(or String
type variable) under certain conditions. However, both approaches to presenting information can be defined as “traditional“.
Let us look at a different method for program presentation of the same information.
Example:
In this case, we’ll use Delphi’s built-in text information replacement function to write the number seven as a fuzzy set.
Result: { S4 = “Seven”, [1, 3, 7], {< 0/1 >, < 0.4/3 >, <1/7> } }
The result is our set again.
In all three cases, the information does not change its character, but its definition and the following internal interpretation are performed in three completely different ways.
The examples thus presented illustrate some of the principles of object-relational encryption used as a defense against high-tech attacks.
Objectively speaking, such logic cannot be accepted as crypto-proof, outside of systems using control strings. In combination with them and proven crypto primitives and using the capabilities that RAD Studio provides, it becomes quite possible to build a wide range of highly effective tools for post-quantum protection of digital data.
Practical implementation
To understand the fundamental differences between our approach and standard digital data protection solutions, we will take a detailed look at how, using the advantages that RAD Studio provides to developers, we were able to create in an extremely short period an application that allows for the effective encryption of large arrays of files located on different physical media.
Definition
File Package Manager (FPM) is a specialized application for encrypting files and folders located on local, networks, servers, or external data media.
The application allows the following actions:
- Secure е-notebooks;
- Encrypting the files in the package;
- Decrypting the files in the package;
- Crypto processes control reporting;
- File integrity check (FIM control);
- File modification control;
- Checking the current status of files and directories;
- Shredding and/or sanitizing the files saved in the package etc.
The encryption of the files for which meta-information is available in the packages and which are physically accessible is performed based on session crypto mechanisms.
Each crypto mechanism uses a set of proven cryptographic primitives. Configuration of crypto primitives is done automatically. If necessary, it is possible to make security protocols hardware-dependent, which significantly improves security.
All operations on the files and folders saved in the package are performed only when the files and folders are physically accessible. If they cannot be accessed (deleted, physically inaccessible network drive, or other reason), this will be reflected in the packet, recording the time when this finding was made (real-time control, RTC).
The following visual components were used in the development of the application:
- DCPcrypt-master – Base standard crypto primitives. Hash algorithms, cipher algorithms, block concatenating modes, HMAC, PBKDF1, PBKDF2;
- Delphi Encryption Compendium, DEC – Standard crypto primitives. Hash algorithms, cipher algorithms, block concatenating modes, key derivation algorithms, CRCs, etc.;
- Fast Reports – For generating reports and documents for the crypto process as well as for exporting the obtained results in various formats such as HTML, PDF, RTF, DOC, XLS, XML, etc.;
- JAM Software – Building an intuitive user interface for working with Windows Shell, and managing file packages;
- Konopka Signature VCL Controls – Building an intuitive interface allowing end-users to quickly learn how to work with applications.
The choice made in this way allowed us to minimize the time required for the development of the individual components.
We gained an additional advantage in the development process from the specificity of Delphi as a programming language.
The accessible functionality and available documentation allowed our team to create a working application for generating control strings using graphics cards (digital images subject to a specific protocol) in less than seventy-two hours.
In Delphi, the pseudo properties look like serialized published property in a DFM format, but in practice, it is something completely different.
For example, in the serialized composition TImage
– TPicture
, the TPicture
object is accessed through its Picture
property:
TPersistent
inherits TPicture
, but in its public properties, you will not find Data. To serialize the information, it is necessary to take advantage of the pseudo properties, that are set in the protected method of the class TPersistent
which is subject to redefinition
What is important to understand is that control strings have nothing to do with user passwords and secret keys used in the encryption process. Their main purpose is to form a set of base crypto mechanisms. In turn, the crypto mechanisms are the ones that generate the secret keys needed to encrypt or decrypt the selected files.
Crypto mechanisms are a set of proven cryptographic primitives united in a common functional mechanism. This approach allowed us to avoid the disadvantages of symmetric forms of encryption while preserving their advantages.
In the process of encrypting file packages containing large volumes of information, three main modes are used as follows:
- Standard Protection Mode, SPM;
- Package Protection Mode, PPM;
- Hybrid Protection Mode, HPM.
In the standard protection mode, all files whose information is stored in the file package are encrypted using a predefined set of cryptographic primitives (a crypto mechanism), which means that the same session secret key will be generated for each file.
In this case, the configuration of the cryptographic mechanism is performed by the operator, and the parameters are set in the specialized module. In this case, the information recorded in the electronic notebook and the file package related to the crypto primitives used will be ignored.
In package protection mode, the files whose information is stored in the file batch are encrypted using an encryption mechanism that is generated using the cryptographic primitives written in the batch for each file.
This means that it is possible for individual files and/or groups of files to be encrypted with different secret keys and to use different crypto primitives.
Unlike the standard security mode, here the session crypto mechanism is formed based on the information about the standard crypto primitives recorded in the file package. In this case, the crypto mechanism information contained in the Crypto primitive’s management module will be ignored. However, this does not mean that this information cannot be written into the packet and used in the encryption process. The choice to do so is left to cybersecurity professionals.
This method has a lower performance than the standard one, but with the proper configuration of the crypto primitives, it will guarantee a significant increase in the level of protection.
In hybrid encryption mode, the files whose information is stored in the file package are encrypted using a modified encryption mechanism. This mechanism not only provides a session cryptographic mechanism for each file but also manages the secret key generation process.
This method is a variation of object-relational encryption. The difference is that the numeric object or control string is replaced by a function that selects how the session secret key will be generated.
We can assume that in practice this is the file packet encryption method that guarantees the highest possible degree of protection. The main advantage is that the mechanism of choosing cryptographic primitives remains hidden from the user. This feature allows us to block access to the secret parameters of the used mechanism even in case of intervention of a user with master administrator privileges.
This method is used as an element of a specialized protection mechanism for countering “insider attacks“.
The method is suitable for enterprise solutions, as well as for institutions working with sensitive information, while the costs of operational maintenance of security file systems are reduced to a minimum.
Specific problems
During the development process, our team had to solve several problems, the solution of which enriched our technological practices.
Many of these issues were related to the way end users interact with the applications and how they react to the functionality provided. One of these issues was the possibility that the user could attempt to decrypt files that were not encrypted, a process that results in corrupting these files.
To avoid such mistakes, another non-standard approach was chosen. In this approach, the end-users authorization panels in the encryption and decryption cases were made to stand out visually. Although this decision may seem insignificant at first glance, it proved its importance in the operation process and was appreciated by our client’s employees.
What we adhered to in solving this specific problem was to determine UI on the functionality of the software, i.e. to first develop the front side of the solution and after that to go to the back end. When designing the UI, we considered the fact that this is an everyday business process application, that requires zero-error possibility, a user-friendly interface, and a design that allows continuous work with the application without fatigue.
One of the most serious challenges we faced was how to prevent protected information from being accessed outside of authorized premises, even if it is exported by a person who has super administrator rights.
Due to the limited development time, as well as the impossibility of conducting continuous QA and real-time tests, it was decided to use a model based on hardware binding of sessions. Before encryption or decryption is performed, the application performs an automatic check of the hardware architecture used by the end user. Based on the received results, a control string is generated. This string defines the mechanism used to implement the subsequent crypto-processes. If the control string check shows a mismatch, a process blocking protocol is automatically triggered by the system. This protection mechanism is not only related to local working stations and single nodes of the company information infrastructure, but to the whole infrastructure (servers, storage, etc.). When such an event occurs the system automatically generates a report that covers all the events that led to such a situation and allows easier incident response and investigation.
The simplicity of this solution happened to be an effective solution for a complex problem that in other cases would require a long R&D period and lots of testing. We’ve managed to utilize this approach even for the control and monitoring of remote nodes of the client infrastructure (nodes that are outside of the client’s headquarters, DCs, and locations) which was needed for the remote-work ability of the employees. For this case, we used some additional components.
The presented case scenarios are just a small part of the problems we encountered during the development process. In reality, we’ve managed to face and solve a larger number of complex problems, which forced us to execute non-standard approaches, and methods that are not orthodox and to test various types of solutions. All these were made because we’ve been facing very short deadlines that did not allow us to cope with the traditional methodology, which requires a significant amount of development time.
Final results analysis
Despite all the difficulties and existing budget constraints, the project was delivered on time. Our team was satisfied by the acceptance of the solution from the employees of our client, more specifically, we were surprised to see that the software was well accepted by the employees that were in the age group below 35.
A very important conclusion that was made by the executive team and the technical team after the project was finished was that when it comes to enterprise applications designed to work with critical information, it is of utmost importance to strictly follow the existing industry standards.
In this case, we do not limit ourselves only to standards such as NIST SP 800-60, FIPS 200, ISO 10116, ISO 9798-2, ISO 11770-2, etc., but also standards concerning the way it should be designed, the official documentation and the afterward process control.
The development and deployment of an application are just a couple of pieces from a large-scale and complex tech and business puzzle. We would like to note that operational support and the related costs are key parts of this puzzle and deserve attention.
Sadly, for us, there is a question that is underestimated by the industry and fellow IT professionals, this question is the use of different programming concepts that affect the overall energy consumption of a provided software solution, i.e., green IT solutions. Often, we manage to see that data processing affects the overall CPU load and hence the power consumption levels of both workstations and servers. If this aspect can be considered minor for SMEs, then this can’t be said for large enterprises which consume a significant quantity of energy resources in their everyday business processes.
Another conclusion that we’ve made is that the focus on information protection should not be only on the Internet and the various threats that it can comprise.
There are many problems currently that need to be addressed and solved. Regardless of the results achieved, and the resources involved and invested, we should take the fact that industrial intelligence, engineering scouting, and related activities are continuously improving their means, related to day-to-day business activities. The aforementioned comes to say that our industry needs to invest resources, capital, and energy in the research and development of contemporary solutions based on both state-of-the-art concepts and solutions proven over time. This need is addressed mostly by governments and large enterprises where the continuity of information and business processes is a must.
With the advent of quantum technologies, it is necessary to look for alternative solutions for the protection of digital data. This issue will become a mainstream theme in the next decades. The experience we gained during this project showed us how, with the help of RAD Studio, we can build modern post-quantum protection applications with a high degree of efficiency in a relatively short time frame and with a limited budget.
References
[1] Pfitzman B., Information Hiding Terminology, Information hiding: first international workshop, Cambridge, UK. Lecture Notes in Computer Science, Vol. 1174. Springer-Verlag, Berlin Heidelberg New York, 1996, pp. 347 – 350.
[2] Anderson R., Petitcolas F., On the Limits of Steganography, IEEE Journal on Selected Areas in Communications, Vol. 16, No. 4, May 1998, 474 – 481.
[3] Bender W., Gruhl D., Morimoto N., Lu A. Techniques for Data Hiding. IBM Systems Journal Vol. 35, No. 3&4. MIT Media Lab, 1996, 313 – 336.
[4] Petitcolas F., Anderson R., Kuhn M. Attacks on Copyright Marking Systems. Second Workshop on Information Hiding, Portland, Oregon, April. These proceedings, 1998.
[5] Johnson N.F., Jajodia S. Steganalysis of the image created using current steganography software, Proc. 2nd International Workshop on Information Hiding, 1998, LNCS, v.1525, 273 – 289.
[6] Kutter M., S. Voloshynovskiy, A. Herrigel. The Watermark Copy Attack. In Proceedings of SPIE: Security and Watermarking of Multimedia Content II, Vol. 3971, January 2000, San Jose, CA, USA.
[7] Gerasimov G.T, P.G.Gerasimov . Contemporary forms of information protection, Practical aspects of object-relational encryption, International Conference on Regional and National Security 2000.
[8] Герасимов Г.Т., П.Г.Герасимов, Contemporary forms of information protection, НАУЧНА КОНФЕРЕНЦИЯ 2018 “Политиката на Европейския съюз по защитата на информацията и личните данни”, стр.187- 195, https://www.aadcf.nvu.bg/scientific_events/papers_is/IS_2018.pdf
[9] File package Manager, FPM II spe, End-user online help, End-user online help
This article was submitted as part of our Enterprise Article Showcase. If you have a success story to tell about a project which makes use of RAD Studio with Delphi or C++ Builder, or any of our other great enterprise products please get in touch, you could be featured too and win a prize! Read all about it here: Enterprise Article Showcase