2. Составьте с производными словами собственные предложения.

3. Текст организован в две секции:

1. Description of encryption techniques.

2. The examples of encryption techniques.

Прочитайте каждую часть текста, вставьте пропущен­ные слова:

Encryption techniques

Encryption techniques can be broadly classified according to how much of the encryption process need be kept secret in order not to compromise encrypted texts.

Clearly it is best to have to protect as little as possible of (.lie encryption ... (процесса). In the following sections of this chapter we consider three categories of methods that require protection for respectively:

The encryption ... (алгоритм);

The key.

Description of encryption techniques.

1. Private algorithm

Our first category of methods requires that the encryption nlgorithm itself be kept secret (private) because knowledge of the encryption algorithm is sufficient to produce a ... (де­шифровки) algorithm.

The examples of encryption techniques Algorithm

1. Alphabet shifting

ABCDEFGHIJKfflNOPQRSTUVWXYZ

11 bcdef ghl j klmnopqrstuvwxyz rstuvwxyzABCDEFGHIJKLMNOPQRSTUVWxYZ

11 bcdef ghl j klmnopq

... (чтобы зашифровать), find the character on the top row and replace it by the corresponding character on the bottom row. ... (чтобы расшифровать), reverse the process. Thus, for example, plaintext: This is a secret message ciphertext: KZ jR jRSRjWUiWkRdWjjSYW.

2. Four-step encryption algorithm

1. Translate the text from English to Navajo.

2. Write the input row-by-row in a matrix of a certain size, output the matrix column-by-column.

3. Compress the file using Huffman ceding.

4. Swap disjoint pairs of bytes.

An algorithm typically does not use a key as described above. For example, encryption may ... (состоять из последо­вательности) of reversible steps. If the steps were known, the inverse operations could simply be applied in the reverse order to decrypt a ciphertext. An example of a four-step algorithm is shown in section of examples.

5.2. Public algorithm, private key

Our second category of methods does not require that the encryption algorithm be ... (держать в секрете). Knowledge of the algorithm may allow a more focused attack on a ciphertext but is not by itself sufficient. An arbitrary ciphertext file is protected by keeping secret the key needed to decrypt it. The size of the key space, that is the number of ... (воз­можных ключей), is important in any encryption technique that uses keys. It should not be feasible for an attacker to decrypt a ciphertext via a direct search of the key space. In the case of each of the algorithms discussed in this section, the key to encrypt a file is also used to decrypt it.

1. Caesar code

To encrypt a file, replace ... (каждый знак) bv the character k further on in the (wran-around~) alphabet. An example shows an alphabet and the alphabet shifted 9 places.

This method is easily attacked because of the small set of keys; the number of effective keys is the same as the size of the alphabet.

2. Simple substitution code

Suppose we write out the alphabet, as in the top row for example, and make the bottom row a ... (перестановку) of it. In the second section an example is shown.

For example, suppose we choose “Pascal” as our keyword and we use the same plaintext as in our previous examples.

We merge This is a secret message

with Pascal Pascal Pasgal Pascal

The kth character of the ciphertext is some function (such as exclusive or) of the character in the plaintext and the kth character in the repeating keyword string. The ... (алгоритм дешифровки) applies the repeating keyword to the ciphertext and reverses the letter function to ... (восстановить) the plaintext. If we map out alphabet onto the integers 0 to 52 and perform modulo 52 addition on a pair of characters, the ciphertext resulting from our example can be represented:

hlaVAUHATCTQrSXWAY tTkTkDHQ

Frequencies of letters in the first four chapters of this hook were counted. Mapping lower onto upper case letters, the ranks were.

The number of ... (возможных ключей) is now larger (N! ruther than N, where N is the size of the alphabet). However, t he method is easily attacked because every occurrence of a particular character in the plaintext is mapped onto a particular character in the ... (зашифрованном тексте). We saw in the previous chapter that natural language is redundant-letters mid letter groups do not occur with ... (равной частотой). In Knglish, the rank ordering of the most frequent half-dozen or но letters is fairly constant from text to text. In the second m'ction an example is show.

Слово	Перевод	Предложение
to bore	надоедать, с трудом пробивать себе путь	Frequent examples are the bored teenager, the disgruntled ex-employee, the corporate spy, or the government intelligence agent.
disgruntle	сердить, раздражать
employee	служащий, работающий по найму
spy	шпион, заметить, увидеть, разглядеть
intelligence	ум, рассудок, смышленость
estimation	суждение, оценка, подсчет	Estimation of the skill, frequency and methods of the attacker all belong to a related process to risk assessment which Bruce Schneier calls ‘attack tree analysis’.
skill	искусство, мастерство, умение
implement	орудие, инструмент, прибор	Organize information about the kind of security you need to implement in your design.
assessment	оценка, обложение, сумма обложения	This process helps to formalize what’s otherwise a significantly subjective process of analysis and assessment, and can help to prioritize your project’s security goals.
undertake	предпринимать, брать обязательства	A risk assessment is a process that people undertake (sometimes aided by organization-enhancing software) to determine risks surrounding their specific efforts.
to enhance	увеличивать, усиливать, усугублять
vulnerability	уязвимость, ранимость	On the other hand, there are many software tools available for security assessments that will analyze your network and servers for known vulnerabilities.

Слово	Перевод	Предложение
lip	намек, совет, подсказка	Three tips for using these kinds of software tools.
environment	окружение, окружающая среда	Test the tool in an isolated testing environment before applying it.
extant	сохранившийся, существующий, наличный	They may help you do risk assessment for extant problems with existing software, they will not be able to do the job for you in regard to designing and developing new software and applications.
to exist	существовать, находиться, быть
in regard to	в отношении

executive (прил.)

to leverage

involvement

to involve

to estimate

enhancement

2. Прочтите, вставьте пропущенные слова и переве- ците текст.

Risk Assessment

1. Risk assessment should be among the first steps in your design process, and will help you frame your further efforts In design a ... (систему безопасности). Making risk assessment и priority will also help you ... (убедить) your executive officers I" be both informed about and integral to the beginnings of vMir securely designed project. During the risk assessment phase

design, you may find important supporters and champions nniong the executive officers: you should actively recruit their l»ii t.icipation if they’re not... (еще не вовлечены).

2. Business majors and MBAs already know about the niniiagerial aspects of risk assessment. This methodology is

heavily used in most ... (офис), especially with respect to business planning. Risk assessment is no less important in secure, ... (хорошо разработанном программном обеспече­нии) or applications development projects. Take advantage of the fact that your managers and executives are probably already familiar with ... (методикой оценки рисков). Armed with a common language and methodology, you can inform your managers of the relative risks to which the application exposes you or your customers, and you can additionally leverage their and buy-in. This will help you in the end: if there should ever be an attack on your application, you will already have a champion to go to bat for the ... (целост­ность) of your application and the care with which it was designed.

3. The basic steps of risk assessment are as follows:

1. Identify protected resources

2. Assign relative value

3. Identify possible attackers

4. Estimate relative frequency of each kind of attacker

5. Carry out attack tree analysis (Identify possible attack routes)

6. Protect all possible attack routes (Protect attack routes)

4. Protected resources include things like your customer database, customer credit card information, or personal information. If you thought about the policies regarding the privacy, disposition and handling of customer information and other social and legal issues you would understand that your risk assessment process ... (зависит в большей степени) on such things. Your executive managers must be involved in deciding these policies.

5. For each resource, assign it a relative value (i.e. your customer credit card database will probably be more valuable than your vendor contact list). Next, ... (определите) possible attackers. Frequent examples are the bored teenager, the disgruntled ex-employee, the corporate spy, or the government intelligence agent.

6. Estimation of the skill, frequency and methods of the attacker all belong to a related process to risk assessment which Bruce Schneier calls ‘attack tree analysis’. This process helps to formalize what’s otherwise a significantly subjective process of analysis and assessment, and can help to prioritize your project’s security goals. If you saw chapter 21 of Bruce Schneier’s book: Secrets and Lies: Digital Security in a Networked World you could know more about attack trees. A ... (очень рекомендуемый) resource on all of digital security.)

7. Once you knew what routes or attack you should be ... (защищать) (from your attack tree analysis), you would already organize information about the ... (вид безопасности) you need l,o implement in your design. You may also find that this information will be helpful in writing security and privacy policies to accompany your application design efforts.

8. Please be very careful ... (выполняя) your own research about risk assessment. It is very easy to confuse this process with another process, usually called ‘security assessment’. A risk assessment is a process that people undertake (sometimes aided by organization-enhancing software) to determine risks surrounding their specific efforts. On the other hand, there are many software tools available for ... (оценки безопасности) that will analyze your network and servers for known vulnerabilities.

9. Three tips for using these kinds of software tools:

1. if you research the producing company carefully you will be sure you can trust them with the necessary access privileges before (установки программного обеспечения) up on your network, 2) test the tool in an isolated testing 1'iivironment ... (до его применения), and 3) strongly consider pel itioning your internal Information Technology department

о i I lelp Desk for permission to run this kind of tool on your rompany’s internal networks. Security assessment tools can be useful, but cannot be 100% effective, and though they may help you do risk assessment for extant problems with

• i,sting software, they will not be able to ... (работать вместо та ) in regard to designing and developing new software and

• 

  TEXT №21 •

  АНГЛИЙСКИЙ ЯЗЫК. ИНФОРМАЦИОННЫЕ СИСТЕМЫ И ТЕХНОЛОГИИ

applications.