Alexandra Savelieva is a post-graduate student at Higher School of Economics. Under the supervision of Dr. Prof. Avdoshin she has been engaged in research work in cryptography and cryptanalysis since her 3rd year in Russian State Technological University where she obtained a BSc in Computer Science degree with honours in 2006. Alexandra was recognized for outstanding research results by The Ministry of Education and Science of the Russian Federation (Diploma for the best students’ research in 2006). She continued her education at Higher School of Economics and received a MSc in Business Informatics, honours, in 2008. For her strong academic achievements, she was a President’s scholar in 2006-2008 and Russian Government scholar in 2007 – 2008.

As of September 2008, Alexandra took a part-time job of a lecturer at Higher School of Economics. She is actively participating in the life of research communities in Russia by reporting the research results at professional conferences and workshops on Information Security and Software Engineering. Alexandra has over 30 publications on solving linear systems over residue rings, cryptanalysis methods, practical application of cryptography in software products, and efficiency of investments in information security systems. When not working, Alexandra enjoys theater, visiting photo exhibitions, and embroidering.

Abstract

Classically, the research has mostly focused on cryptographic security, whereas other important parameters of a cryptographic tool such as performance, cost and implementation complexity have not received as much attention. The main thread of our work is the development of formal techniques to analyze the efficiency of cryptographic tools. In this paper, we introduce a mathematical model of threats for cryptographic systems evaluation based on risk management principles. We also provide economic indicators as a basis to build a rationale for investments to cryptographic systems. The second main thread is the development of software tools to support the process of cryptosystem efficiency assessment by computer security specialists. Some points of designing software tools to support our methodology are covered in the paper. The new approach that incorporates the threat model, automatic cryptographic strength verification tools and economic techniques, is instrumental for providing sound arguments to choose a cryptographic system and for implementing an information security strategy. An overview of alternative approaches is provided along with the results of comparative analysis revealing their drawbacks as compared to the method presented in this paper.