1 1. Introduction

One of the threats to information security, which violates the confidentiality of information, is its leakage through technical channels formed during the operation of modern information and telecommunications systems (ITS) as a result of a number of undesirable parasitic effects (Figure 1).

Such effects are the side electromagnetic radiation of information signals into the environment, their guidance on extraneous conductors and lines beyond the control of the object, the infiltration of signals into the grounding and power supply circuits, etc. [1 - 4].

The peculiarity of this threat is that these effects are a natural manifestation of the physical environment where information is circulated. Securing information from leakage is usually associated with minimizing these manifestations and localizing the effects, and therefore cannot be done completely. This is a threat that can only be protected by finding a compromise between the attentiveness and value of information resources and the costs of protecting them. It is considered that the protection measure should correspond to the value of the protected information. Exceeding this measure over the value of information is impractical.

State information resources are public information that requires its circulation in cyberspace and involves the use of modern ITS, which are constantly evolving and improving. Thus, today the pace of development of information and telecommunications technology is such that due to its obsolescence, the feasibility of replacing old tools with new ones comes quite quickly after they enter the market. This rather high rate does not allow the implementation of proper provision, as was done for the equipment of previous years, for which this period was decades. With the development of ITS, the speed of data processing increases, the amount of memory increases, the range of signals used expands, and new functionalities appear that allow the introduction of new technologies [5].

Thus, modern ITS are software-controlled systems, where they are controlled automatically with minimal user involvement. They independently choose routes for data transmission, independently adjust the noise immunity of channels, making redundant data, independently repeat processing and transmission sessions, independently without notifying the user of the system perform backup data and so on. All this significantly affects the complexity of protection of information in ITS from leakage through technical channels and requires consideration when justifying the conditions of safe use of cyberspace for information circulation and ensuring protection of information from leakage through technical channels [6, 7].

This threat is relevant to public information in terms of information with limited access, which includes classified, official and confidential information. Accordingly, the secret information with limited access is divided into state, banking, professional secrets and the secret of the pre-trial investigation and other secrets provided by law. A separate category of information for which the threat of leakage through technical channels may be relevant is personal data. Its owners also have the right to ensure confidentiality with any level of protection. This distinction is made in the legal field of the state, takes into account the affiliation of information, their importance and value, ensures the interests of man, society and the state [5, 8].

World experience shows that the main indicator of safety is the risk, the permissible limits of which are set by the owner, which in the event of attacks or incidents may suffer damage. Obviously, the risk depends on the indicators of information security, which require periodic monitoring and analysis, and the required values for the indicators are from the specified risks [9].

Therefore, there is an urgent task to substantiate the totality of risk-oriented indicators that will characterize the protection of ITS from information leakage through technical channels and will allow the assessment and analysis of information security risk at the objects of information activities. 2. A set of risk-oriented indicators of its security for modern ITS

Let the information security risk be set according to an international standard for information security management, for example, ISO/IEC 2700x or other standards. Security risk quantifies the potential danger that leads to losses, and can be represented as the product of the probability of realization of the threat pr and Price consequences of it [10]: ( 1 )

In essence, risk is a general indicator of quality that quantitatively characterizes the degree or level of protection. If you set its maximum allowable value Rmax.allow, It is possible to implement a risk-oriented approach to protect information, including from leakage through technical channels. The convenience of implementing this approach in relation to the previous one, as it was done for the technology of previous years, is that on the basis of automated processing it allows to increase the efficiency of analysis, adjustment and management of information security.

Obviously, the price of possible losses Price and risk limits Rmax.allow, should be set by the owner of information, information resources, as an entity interested in the necessary degree of protection and effective management of information security of own resources [5]. The maximum allowable probability of risk pr.max.allow is a technological indicator that should provide a protection system and can be found from formula ( 1 ): ( 2 )

The protection system will be effective if its indicators reliably provide pr.max.allow and thus this system is proven to guarantee information security with a given risk.

Let the limit of probability of risk pr.max.allow be set – safety condition of information with limited access, which must be fulfilled in technical channels by means of technological indicators within its calculated limits. These indicators in their structured combination will represent a system of risk-oriented indicators that characterize the protection of ITS from information leakage through technical channels.

Security risk is a failure to meet its quality requirements, and therefore for the leakage of information through technical channels it can be considered as a leakage risk. Its maximum allowable value can be matched by such a characteristic of the channel as bandwidth – the maximum amount of information that can be allowed to flow through the technical channel of leakage [10]. where Cmax – is the maximum bandwidth of the technical channel of leakage.

The bandwidth of the channels is determined by the interference of the medium of physical media. Interference in the channel causes the probability of error p, which limits the ability of the channel to pass information. For discrete symmetric binary channels, the bandwidth is expressed by the formula: where h (…) – is the entropy function:

From formulas ( 4 ) and ( 5 ) you can find the maximum allowable value for the probability of error in the channel, which should provide camouflage interference: ( 6 )

Errors in the channel are formed as a result of incorrect reception of signals at the output of the channel. They depend not only on the properties of the environment of physical media, where there are interference, but also on the methods of processing information signals at the reception, their decision schemes, algorithms and so on.

Thus, the following three situations can be considered for information interception: 1. The attacker is quite interested in obtaining information, has unlimited ability to intercept it and monitors the source of leakage continuously. 2. The attacker is quite interested in obtaining information, but to intercept it has a limited ability to observe the source of leakage indefinitely. ( 3 ) ( 4 ) ( 5 ) 3. The attacker is not very interested in obtaining information, interception is carried out in fragments, sporadically.

Obviously, the second situation takes into account the real possibilities of interception, and therefore should be the most common in relation to other situations. However, here, when assessing security, it is necessary to have specific data about the receiver and its capabilities. Obviously, this is a challenge. It is also obvious that if the receiver is changed to a more efficient one, the information may become less secure and may not leak through the technical channel of leakage.

The third situation indicates that the owner has overestimated the importance (value) of his information or the information is narrow and interesting only to a limited group of attackers and of little interest to everyone else. In this case, the protection system requires a review, otherwise its use will be associated with excessive spending.

The first situation takes into account the potential for interception and is somewhat idealized in terms of reception. This situation has the least chance of prevalence. However, it is most in demand for justification of security. It is the best for interception and the worst in terms of protection, while covering the second and third situations, which mainly occur in practice. Its main disadvantage is that reasonable protection in the first situation for the other two acts with a margin and causes overspending. However, in order to ensure proper reliability of protection, it is necessary to sacrifice somewhere.

Let the first situation underlie the justification of information security. Interception is carried out constantly and in the best way. We find a condition for the environment in which, given the given security risk, interception will become impossible. At the same time we will consider that if in technical channel of leakage interception is not carried out and the receiver is absent, the channel all the same will take place with a certain representation of the receiver as if this receiver is present (Figure 1).

Assuming that Gaussian normally distributed white noise with a spectral density of N0 acts as an interference in the medium and interception is carried out using an ideal receiver, the required maximum allowable signal-to-noise ratio can be found as where P – is the power of the difference signal:

It is obvious that finding the signal-to-noise ratio δ from relations ( 12 ) and ( 13 ) is much more difficult than from ( 7 ). However, with the help of modern computer technology and technology, this is possible in real time.

In case of imbalance of signs the graphic dependence on Figure 2 in quadrant III. This

In the case of imbalance of information signs, which can sometimes occur in modern ITS, for example, the number of logical "1" exceeds the logical "0" or conversely, the ratio for find the desired signal-to-noise ratio ( 7 ) will be somewhat complicated. The error probabilities will be determined on average by all information signs xr. For binary systems [4, 9, 10 - 13]: p = p(x0)p(y1 / x0) + p(x1)p(y0 / x1), ( 11 ) where p(x0) and p(x1) – probabilities of information signs x0 and x1, for example, logical "0" and "1";

p(y1/x0) and p(y0/x1) – conditional probabilities of transitions in the channel of input information signs x0 and x1 to the output signs y1 and y0 accordingly: and s(t) – difference signal:

s(t) = s1(t) – s0(t), s0(t) and s1(t) – implementation of logical «0» and «1», T – pulse duration, F-1(…) – inverse function to the Laplace function: ( 7 ) ( 8 ) ( 9 ) ( 10 ) ( 12 ) ( 13 ) shows that with a fixed signal-to-noise ratio and with an increase in the predominance of some probabilities in the distribution of the source over others, the probability of error and protection of information from leakage will decrease. In this case, according to relations ( 3 ) and ( 4 ), the channel bandwidth and security risk will increase.

Thus, if the owner of the information wants to secure his information with the maximum allowable risk Rmax.allow then the required signalto-noise ratio can be established using a set of the following indicators: 1. the probability of security risk – pr ; 2. bandwidth of technical channel of leakage – С ; 3. the probability of error in the technical channel of leakage – p; 4. signal / noise ratio at the input of the receiver of the interception means – .

These indicators can be used as mandatory for the calculation of each ITS in order to ensure the leakage of information through the technical channel of leakage. Relationships ( 2 ), ( 3 ), ( 6 ) and ( 7 ) establish a relationship between the maximum allowable values of these indicators, which can be used to create an appropriate calculation methodological apparatus.

The principle of calculation can be represented by graphs arranged by quanrants, as shown on Figure 2.

On the axis of risks R (axis of ordinates of the first quantum), the value of admissible monetary losses Rmax.allow. The admissibility of these losses is established by the subject to whom the information belongs, who also manages the security of the object as a whole and its risks.

With the help of the graph is the maximum allowable value of the probability of risk pr max.allow., which is matched by the bandwidth of the channel Cmax.allow.. Using the graph of the second quadrant on Cmax.allow. – is the maximum allowable probability of error in the channel pmax.allow. and using the graph of the third quadrant – the required maximum allowable value of the signal-to-noise ratio δmax.allow. Execution of the received relation δmax.allow. at the input of the receiver interception in the technical channel of leakage, will ensure a given security risk Rmax.allow..

These indicators represent a certain hierarchical structure, where the indicators of the lower levels ensure the implementation of the indicators of the upper levels of the hierarchy. media and processing their values during the work of object of information activity allow automation of their control, analysis and adjustment, and risk management – information security management in general.   p  C  pr  R , (14) and the established restrictions of indicators of the top levels create conditions for finding of admissible limits of indicators of the lower levels of hierarchy.

Rmax.allow.  pr max.allow.  C max.allow.   pmax.allow.   max.allow.. (15)

A special convenience of using the proposed set of indicators is that they allow the use to protect information from leakage of technical channel of leakage not only the traditional method of noise, but also other methods, such as methods of random coding, randomization and more.

Indicators of information security with the use of modern means of receiving physical

The set of risk-oriented indicators of information security from leakage through technical channels for modern ITS is substantiated. This set represent a certain hierarchical structure, where the main risk or probability of risk is a common indicator of information security for all types of information. The other three indicators of technical channel leakage capacity, its probability of error and signal-to-noise ratio at the reception are related to the provision of a given risk on the types of information in their technological processing, circulation in technical means and circulation in the physical environment. Risk is a measure of information security at the object of information activity at the general upper level of the hierarchy, at the lower, physical level – the signal-to-noise ratio. The indicators of the lower levels ensure the implementation of the indicators of the upper levels of the hierarchy, and the maximum admissibility of the indicators of the upper levels determines the degree of admissibility of the indicators of the lower levels of the hierarchy.

The set of reasonable risk-oriented security indicators take into account the imbalance of signs and allow their automated control, analysis, adjustment and management of information security. The obtained relationships that establish a relationship between indicators can be implemented by real means, in real time.