Why do we insist on hardware?
How to provide the integrity of the software which checks the integrity?
Using some other software?
And how to check THAT software integrity?
Using…
What should the unauthorized access protection tool be like?
independent from operation and file system of the PC
inaccessible for making changes
hardware.
Basis: trusted startup
Superstructure: trusted environment
Superstructure: trusted system
Superstructure: trusted infrastructure
Superstructure: trusted virtual infrastructure
Data Security Systems for Unauthorized Access Protection
Stationary
Based on Accord (Trusted Startup Hardware Module – TSHM) controllers
Mobile
Based on Enough TSHM controllers
Cryptographic Data Security Tools
Stationary
Accord-U КВ2, Accord-U КС3
Mobile
PCDST SHIPKA, HSC Privacy
Infrastructural solutions
Stationary
Accord-V., Accord-DAC, RCCS
Mobile
HSC «Center-Т», TST «MARSH!»
Safe Official Storage Device
SECRET
For usage on separate PC or in LAN
ACCORD
it is the very user, who has a right to work on this PC;
it is the very PC, which the very user must use.
Can be achieved by the trusted startup mode, that confirms the following:
Unauthorized Access Protection
Accord-TSHM. Trusted Startup
Trusted Startup
the user identification/authentication.
integrity checking of the PC hardware and the software utilities, using a step-by-step integrity inspection algorithm;
blocking the operating system boot from the external storage mediums;
The operating system boot is performed only after a successful completion of the following procedures:
Reliability in an unreliable world:
introducing modification into the Accord-TSHM firmware is impossible;
the controller’s even log is accessible only to the information security administrator, that is why concealing an attempt of UA from him is impossible;
on the basis of Accord-TSHM, there have been developed the access isolation and information protection control systems.
Accord-TSHM architecture provides
Access Isolation
Access Isolation
Accord-Win32, Accord-Win64 – for Windows;
Accord-Х – for Linux
Hardware-and-Software Complexes based on Accord-TSHM and special software
HSC Accord
Identification/authentification of users (local and remote);
An isolated working software environment for each user on an individual basis;
Mutual authentification of interacting devices;
The users' access to data arrays and programs isolation (discretional access control method);
The access of users and processes to data arrays isolation (capability-based access control method).
Terminal System Protection
The user interacts only with the protected server;
With the server interacts only the user of protected “thin client”.
Interaction mode confirming that
Terminal System Protection
Components of HSC Accord TSE
RDP and
ICA
This fact makes possible using already set channel for interacting instead of setting the new one.
Installed both into terminal servers and into users terminals interact through virtual channels based on protocols:
Trusted infrastructure
Trusted startup of the OS of the terminal client can be provided either by installing in it the Accord-TSHM, or by using HSC “Center-T” or TST “MARСH!”, entirely integrated with DSS UAA Accord.
of the remote access contains the protected terminal client – the trusted startup of its OS
Trusted infrastructure
Trusted Virtual Infrastructure
Accord-V.
Entirely integrates into the virtual infrastructure, so doesn’t need any additional servers;
Realizes the correct start conception at all levels of the system startup;
Doesn’t narrow the features of virtual infrastructure in safety sake, all its benefits stay available.
Data protection system
Remote Access
Remote Access
Terminal access (operation with terminal server in terminal session)
Web-access (operation through the web-interface with the web-resource)
Mixed system (operation in both modes)
Remote access systems can be built in several ways
Remote Access
Thin clients are cheaper then PC It needs less costs for data protection tools with
the same security level You can use a lot of different computer kinds as
the client’s workplaces
is reasonable because it makes the system more budget
Remote Access
Thin clients are cheaper then PC It needs less costs for data protection tools with
the same security level You can use a lot of different computer kinds as
the client’s workplaces
is reasonable if these principals ARE NOT TROUBLED while system building
Remote Access
the remote source itself,clients’ workplaces and their interaction
is safe, if you protect
And components of DSS are to be the parts of the whole system, not the set of uncoordinated tools.
Bottleneck
HSC «Center-Т»(operation with terminal server in terminal session)
TST «MARСH!»(operation through the web-interface with the web-resource and mixed systems)
of the remote access system is the trusted environment at the client’s workplace
HSC «Center-Т» and TST «MARСH!» can be used in the same system in the same time, or in different systems, remote clients of which use the same computers for access to the remote resource.
TST “MARСH!”
Trusted Session definition
Trusted session (TS) – is the computer operation period when following conditions are provided:
the trusted startup of the OS the trusted connectionEDS using conditions
«MARСH!» operation scheme
Center-ТProtected network software
loading system
System purpose
Organization of terminal access from workstations by software images loading to the terminal stations through the network. Ensuring of centralized management and audit of process of loading of images. Control of loaded images integrity. Realization of user entrance to the terminal server protected by HCS Accord TSE.
Users’ operation order1. User starts terminal client
with SHIPKA-K connection;
2. Image of Initial Loading is loaded from SHIPKA-K, PIN-code is requested;
3. After PIN-code input software image is loaded, its integrity is checked;
4. After successfull integrity check management is transferred to loaded software image;
5. Terminal session is starting by means of loaded image.
Remote Access
You are not to reequip your system or change its operation regulations
Security costs are less then for traditional approaches
You don’t loose investments as you can use quit different computers as clients’ workstations
Protected with TST “MARCH!” and/or HSC “Center-T” doesn’t loose its benefits
Personal Cryptographic Data Security Tool
SHIPKA
Функциональность ПСКЗИ ШИПКА
Hardware CDST Hardware identification/authentification of users in Accord
(on PC and also in terminal decisions) Hardware identification/authentification of users in OS
Windows Hardware identification/authentification of users in domain Protected keys storehouse for software CDST, including
VPN Web-forms and Windows-forms autofilling, protected
passcards storage (login/password)
PCDST SHIPKA is the base of HSC «Center-Т» and Privacy
Cryptographic functions
File enciphering and signing (by means of keys or certificates)
E-mail messages enciphering and signing Self signed digital certificates generation, getting CA
certificates, storage and usage of certificates Key generating and management in three
paradigms :- exchanging keys and using them as is- using keys through the certificates- using keys in “web of trust” mode
«Accord-U»
«Accord-U» <–> SHIPKAentirely compatible:
can exchange keys;can provide all cross-operations;users’ software is absolutely the same.
It is reasonable to build systems, which combine the devices of both kinds. That will allow to get flexible and budget solution.
Certificate of compliance to requirements of FSS of Russia
“Accord-U” versions has FSS certificates as CDST and EDS tool for FSS classes KC3 and KB2
«Autograph» certification authority, built on the
base of OKB SAPR devices:
PCDST SHIPKA Accord-U HSC Accord
Official Storage Device
SECRET
Using the external storage devices threats
You can loose it – and someone can find it.
Inside threats can be realized (unauthorized usage of the official data).
Corporation computers can be infected with viruses.
Traditional protection methodswhen using storage devices
PIN-code or fingerprint authentification; Encryption of data on the storage in a
background mode after authentification (unitary password input);
USB-filters (operation with “alien” storage devices barring);
Full usage barring.
Official Storage Device “SECRET”
special USB storage device (mass storage), which can be used just on the legal computers (allowed by administrator):
Personal Secret; Trade Secret; Distinctive Secret.
Москва, 2011
OKB SAPR
Если Вам есть что скрывать.
Any offers?