RU57030U1 - DEVICE PROTECTION AGAINST UNAUTHORIZED DOWNLOAD OF SOFTWARE - Google Patents

Abstract

The utility model relates to computer technology and can be used to control the integrity of all types of software in a PC: basic input-output system (BIOS), the kernel of the operating system and application software. The technical result achieved by the proposed device is to control the integrity of all types of software by assigning control functions to the units included in the PC, while further simplifying the device and thereby increasing the reliability of its operation. The device comprises a personal computer, an external storage medium, an input-output controller, a memory unit, and a specialized bootloader. The memory block and the specialized bootloader are connected directly to the PC system bus, and the external storage medium is connected via the input / output controller. The essence of the proposed technical solution consists in introducing a specialized bootloader into the device, which, before loading the application software onto the hard disk drive, checks its integrity according to the GOST 28147-89 algorithm, while the operating system kernel programs and BIOS programs are also tested for integrity.

Description

The utility model relates to computer technology and can be used to control the integrity of all types of software in a PC: basic input-output system (BIOS), kernel operating system (OS), application software.

When designing data processing systems, one of the most important tasks is to fulfill the requirements for data privacy and integrity. This problem is most fully solved by cryptographic methods based on the classification of information for storage or transmission through the communication channel and declassifying it if necessary.

In relation to PCs, the most urgent task is to protect against unauthorized entry of software and, first of all, the operating system. This problem is solved, for example, by a secure boot device [1], which prevents unauthorized replacement of a program, for example, a BIOS stored in non-volatile memory, by encrypting this program with a cryptographic key when transferring it to a central processor (CPU) and decrypting it when receiving a CPU . The substitution of memory by an attacker will lead to the inability to decrypt the program and, therefore, its use. In the known device, the storage of the cryptographic key on the transmitting and receiving sides is carried out in another non-volatile memory, which is recorded in the production process. Encryption and decryption is carried out by specialized devices built on the basis of hardware or software and hardware.

A disadvantage of the known device lies in its complexity, due to the presence of specialized cryptographic devices in addition to the CPU equipment.

In addition, the known device does not provide verification of the integrity of the program entered into the CPU.

The latter drawback is eliminated in the method of authentication of the BIOS system before its activation and in the device for implementing this method [2]. The device contains

main processor, main memory, cryptographic device and a number of peripheral devices connected to the system bus, one of which contains memory for storing the BIOS program and memory for storing the BIOS signature.

The signature is computed and written into memory during production using a cryptographic key. The key, the signature calculation and verification program are stored in a cryptographic device made on two microcircuits, connected via a socket to the main processor. After turning on the power, the processor calculates the BIOS signature, compares it with the reference one and, if matching, allows further use of the BIOS.

The disadvantage of the described device is its complexity, due to the presence of a specialized cryptographic device. In addition, the devices [1, 2] do not provide protection for the PC from loading the operating system, which may contain unauthorized programs and violate the integrity of the programs.

Closest to the proposed technical solution for the purpose and composition, and therefore selected as a prototype, is a protection device against unauthorized access to information stored in a personal computer [3].

The known device contains a PC, a controller for exchanging information with a PC and a first memory unit connected to a PC system bus, a remote contact node, an external storage medium, an exchange controller with an external storage medium connected via a local bus to a controller for exchanging information with a PC.

Personal information about the user and a hash function (integrity codes) of all protected files of this user are recorded in an external storage medium. In the first memory block, a program for reading information from an external storage medium and a program for monitoring the integrity of PC information are recorded.

Before starting to use the PC, the PC’s hard disk contains identification information about the user, a list of files protected from changes, and the name of the start-up program for this user. When the PC is turned on, its loading is initially controlled in the normal mode, but until the BIOS is finished loading, the program recorded in the first memory block intercepts the control and prompts the user to touch the external data carrier to the external information carrier and reads from the external media identification characteristics of the user, compares them with those recorded on the hard disk and with a positive result

comparison calculates the value of the hash function of all files included in the list of protected for this user, and compares with the hash function read from an external storage medium. If the hash functions coincide, the program recorded in the memory block transfers control to the standard PC firmware and hardware to complete the BIOS boot and load the disk operating system from the hard disk. If the hash functions do not coincide, which indicates a violation of the integrity of the protected information, including the files of the operating system, a warning is displayed.

The disadvantage of the prototype device is its low reliability, due to the presence of hardware in addition to the personal computer equipment: an external storage medium, an external contact node for reading information from an external storage medium, two controllers and a memory unit.

In addition, the known device does not provide control of the integrity of the BIOS program, which creates an opportunity for an attacker to replace a memory block with a BIOS or reprogram it if reprogrammable memory devices widely used in modern PCs are used as a memory block.

The need to take measures to prevent the aforementioned actions is specifically stipulated in the technical specifications for development (see, for example, the KRIPTON-ZAMOK / PCI product [4]).

The objective of the proposed technical solution is to expand the functionality of the device for monitoring the integrity of the software, while improving the reliability of the device.

The technical result achieved by the proposed device is to control the integrity of both the operating system programs and the BIOS and application software while assigning control functions to the blocks included in the PC, which further simplifies the device and thereby increases its reliability.

The specified technical result is achieved by the fact that a specialized bootloader is introduced into the device for protection against unauthorized downloading of software containing a personal computer, an external storage medium, an input / output controller, a memory unit connected to the PC system bus and containing an information integrity control program and device identification program connected to a PC system bus, to which an external storage medium is also connected via an I / O controller, containing application software carelessness. In this case, a specialized loader contains memory areas:

- BIOS integrity code standard;

- the standard of the integrity code of the information storage device of a flexible magnetic disk (HDD) PC;

- the standard of the integrity code of application software;

- identifier standard;

- management programs for monitoring the integrity of information and device identification.

HMD contains memory areas:

- identifier;

- a key sector;

- bootloader operating system;

- kernel operating system.

The essence of the proposed technical solution consists in introducing a specialized bootloader into the device, which, before loading the application software onto the hard disk drive (HDD), checks its integrity according to the GOST 28147-89 algorithm, while the kernel programs of the operating system and programs are also checked for integrity BIOS In addition, due to the rational placement of the source data and programs in a specialized bootloader, memory block and hard drive, the overall device is simplified and its reliability is improved.

Figure 1 presents the electrical structural diagram of the proposed device, figure 2 is an enlarged block diagram of the algorithm of the device. The proposed device (implementation example) contains the following nodes:

1 - PC;

2 - external storage medium;

3 - input / output controller;

4 - memory block;

5 - specialized bootloader;

PC 1 contains:

6 - floppy disk drive (HMD);

7 - display;

8 - processor;

9 - BIOS memory block;

10 - floppy drive;

11 - keyboard;

12 - random access memory (RAM);

13 - HDD hard disk drive;

14 - system bus.

The memory block 4 contains:

- the memory area in which the program for monitoring the integrity of information is recorded, for example, according to GOST 28147-89;

- the area of memory in which the device identification program is recorded.

Specialized bootloader 5 contains:

- the memory area in which the standard code for the integrity of the BIOS programs, memory block 4, and the most specialized bootloader is recorded;

- the area of memory in which the standard of the integrity code of the contents of the HDD of the PC or part of it is recorded, for example, the kernel and the kernel loader of the OS;

- the area of memory in which the standard of the integrity code of the application software is recorded;

- the area of memory in which the identifier standard is recorded;

- the area of memory in which the program for controlling the integrity of information and device identification is recorded.

HMD 6 contains:

- the identifier memory area in which the serial number of the PC and the type of disk are recorded: installation (Instdisk) and work (Workdisk);

- the memory area of the key sector in which cryptographic keys and initial data are written for calculating integrity codes, for example, according to GOST 28147-89;

- the memory area of the kernel of the operating system in which the programs that are part of the kernel of the operating system are recorded, including the cryptographic information protection program, which is used to encrypt (decrypt) information, for example, according to GOST 28147-89;

- memory area of the kernel loader program of the operating system.

The memory unit 4 and the specialized loader 5 are connected directly to the system bus 14 of the PC 1, and the external storage medium 2 is connected via the input-output controller 3.

The proposed technical solution can be implemented in several versions. According to one of them, the BIOS 9 memory unit is implemented on a read-only memory device, which is typical for PCs of the early 90s. Typically, PCs have free slots connected to the PC system bus in one of

which install a board on which an external storage medium 2, an input-output controller 3, a memory unit 4, and a specialized bootloader 5 are located.

According to another option, which is expedient to implement in PCs currently being manufactured, for example, Getac A770 laptop [5], which uses a non-volatile reprogrammable memory device to host BIOS programs, programs contained in memory block 4 and specialized bootloader 5 are written to the same device. For this purpose, BIOS programs, if there is no free space there, remove programs that are not used in specific operating conditions. For example, they uninstall the BIOS flashing program and related programs. Removing the specified program, in addition to freeing up memory for recording the necessary programs, is aimed at protecting BIOS programs from purposeful or accidental changes in the course of operation.

The BIOS update (modification) procedure for MS-DOS and Windows environments is described in sufficient detail in [6, p. 248-264].

For open operating systems such as Unix and Linux, executable codes are considered known.

An external storage medium together with an input-output controller can be implemented on flash memory, for example, Flashdisk PCMCIA [7], which includes an input-output adapter.

In any embodiment, the operation of the proposed device is carried out in accordance with the algorithm, a block diagram of which is shown in figure 2.

After turning on the power, the PC performs self-diagnostics (block 1) in the normal mode (POST hot start procedure), which ends with the interruption of Int 19H. With a working PC (block 2), this interrupt launches a specialized bootloader (block 3), which controls the identification of the hard disk drive and the integrity of the BIOS, the hard disk drive, during the implementation of which the operator is prompted to install the installation disk (blocks 4 and 6), after which the specialized bootloader compares (block 5) the identifier recorded on the HDD, (the serial number of the PC and the type of disk: Instdisk or Workdisk) with the identifier standard recorded in the corresponding memory area of the specialized loader, according to the program, finds yascheysya in the memory unit 4 (Figure 1). If the identifiers match (block 7, Fig. 2), the integrity of the BIOS programs stored in the BIOS 9 memory block (Fig. 1) is monitored, as well as the programs stored in the memory block 4 and specialized bootloader 5, for which key is read from the HDD 6 sector (block 8, figure 2) in which cryptographic keys and source data are recorded

for calculating the integrity code of the above programs, for example, imitation by the algorithm GOST 28147-89. A program that implements this algorithm is recorded in the memory unit 4 (Fig. 1) or in the corresponding memory zone of the modified BIOS in the case of implementing the device according to the second embodiment. The generated integrity code and the integrity code standard stored in a specialized bootloader are compared (blocks 9 and 10, figure 2) and if they match (block 11), which indicates the absence of distortions in the controlled programs, the integrity of the contents of the installation disk is checked (block 12). To do this, similarly to the above, an integrity code is generated on the contents of the installation disk, which is compared with the standard, and when the codes match, which indicates the absence of distortion on the installation disk (block 13), the operating system kernel loader program is read from the installation disk into RAM, which loads the kernel of the operating system into RAM and transfers control to it (block 14). Thus, at the end of this stage of the device’s operation, there is a mutual check of two pieces of software, on the one hand, the contents of the installation disk and, on the other hand, BIOS programs, a memory block, and a specialized boot loader, as a result of which an intruder will distort any part of the software using second part.

Since a joint event: an attacker’s access to both parts of the software in order to introduce undetectable distortions is unlikely, unauthorized downloading of the software is considered impossible.

The kernel of the operating system contains programs that manage the recording of application software to the hard disk, during which encryption of this software is performed. For this purpose, a cryptographic information protection program (cryptodriver) is included in the kernel, for example, according to the GOST 28147-89 algorithm, under the control of which an operator key diskette (BWW) is entered containing cryptographic keys (block 15), read from an external medium (Flashdisk ) in the RAM of the application software (block 16) and checking the latter for integrity (block 17). If the generated integrity code matches the reference, then it is considered that there are no distortions in the application software (block 18). After that, the programs for cleaning the hard drive and forming the file system (block 19) are started and the application software is copied from RAM to the hard disk (block 20), during which the so-called “transparent” (invisible to the user) encryption of information on cryptographic keys is performed, read by a cryptodriver with BWW. Encryption is performed below the file level, i.e. by

sectors, while both data fields and service fields are encrypted, carrying information on file parameters (root record, FAT file allocation table, directories).

Thus, when implementing the algorithm shown in Fig. 2, the integrity of all types of software is checked: BIOS programs, the kernel of the operating system, application software, and the latter will be written to the hard disk in encrypted form, which does not allow an attacker (unauthorized user) to obtain any information about this software or introduce undetected distortions into it.

Access to the application software is possible only when installing, instead of the installation disk, a working disk that also contains an identifier, a key sector, an operating system kernel, and an operating system kernel loader. In this case, the algorithm for checking the integrity of this disk, shown in Fig. 2, is repeated, after which the cryptodriver, which is part of the kernel of the operating system, is launched, which decrypts the application software using cryptographic keys entered from BWW, after which the operator is given the opportunity to work with application software. At the end of the work, the PC is turned off, the contents of the RAM are erased, and only the application software in encrypted form remains on the hard disk. At the same time, protection against unauthorized access to installation and working disks, BWW, an external storage medium, and a PC case for opening it is provided by organizational and technical measures.

Thus, the proposed technical solution in conjunction with organizational and technical measures allows us to achieve the claimed technical result: integrity control of all types of software both at the stage of entering it into the PC and during operation by creating an isolated hardware and software environment that meets the requirements for her [8, p. 54]:

1. A proven operating environment is installed on a PC with a verified BIOS.

2. The immutability of the BIOS and the operating environment is reliably established.

3. In addition to the tested programs in the PC, it is impossible to start any other programs.

4. Excluded the launch of trusted programs outside the trusted environment.

Information sources.

1. Secure bootstrap system. US patent No. 5937063 IPC H 04 L 9/00.

2. A way to authenticate a BIOS before activating it. US patent No. 6401208 IPC H 04 L 9/32.

3. A device for protecting against unauthorized access to information stored in a personal computer. Patent RU No. 2067313 dated 03/29/95 IPC G 06 F 12/14

4. www.ancud.ru. Krypton Lock / PCI:

The product "Hardware-software module trusted boot." Form CBJ.468243.034 FO / Firm ANKAD.M., 2003

5. Getac A 770 - the new ultra-secure laptop. 101203. hfm

6. Traskovsky A.V. BIOS secrets. - SPb .: BHV-Petersburg, 2003.

Claims (1)

A personal computer with a device for protection against unauthorized downloading of software containing an external storage medium, the security device including an input / output controller, a memory unit connected to the PC system bus and containing an information integrity control program and a device identification program, characterized in that the external the storage medium through the input-output controller is connected to the PC system bus and contains application software, and as part of the anti-tamper device The boot disk is inserted into the floppy disk drive and the bootloader connected to the PC system bus and contains the memory areas of the BIOS integrity code template reference, the floppy disk drive information integrity code template, the application software integrity code template, the identifier template, and information integrity and identity management control program device, and the memory area of the identifier, in which the serial number of the PC and the type of disk, the bootloader of the operating system and the kernel of the opera are recorded The systems that record application software on a PC hard disk are located on a floppy disk drive, which additionally contains memory areas of the key sector.