RU181870U1 - Device for monitoring the integrity of components of the software environment of computer technology - Google Patents

Abstract

The utility model relates to the field of computer technology and information technology and is intended for trusted computer boot and protection against unauthorized access (unauthorized access) to the information processed and stored on it. The technical result is achieved by the fact that the device contains a control microcontroller (CMD), which operates independently from the computer’s central processor, non-volatile flash memory and high-speed memory, a USB interface for communication with the computer’s central processor, and the CMD is included a module for identifying and authenticating users, a module for diagnosing the state of the hardware components of the device, a module for monitoring critical intervals of the computer startup and boot procedure, a module for configuring the device, a module for monitoring the voltage of the device’s power supplies, non-volatile flash memory contains a block with software for checking the integrity of controlled objects, a block with a list of controlled hardware and software objects, a block with a trusted operating system and a long-term nal events, and high-speed memory has operational and electronic journal unit with user credentials, the following components are entered: a part of the device - a smart card reader (IC), the block interface devices and external hardware random numbers; in UMK - a module for interacting with a SK reader, a key information loading control module, and a server interaction support module; in addition, a block with the client part of the “thin client” software is added to the contents of non-volatile flash memory. Due to its wide functionality and introduction of a smart reader cards and a module for interacting with it, the proposed device synergistically combines a trusted boot and anti-tamper device with an SK reader, ensuring the creation of a trusted Reda at the computer and its effective protection from unauthorized access. 2 ill.

Description

The utility model relates to the field of computer technology and information technology. The inventive device is intended for trusted computer boot and protection against unauthorized access (unauthorized access) to information processed and stored in computer technology (CBT).

State of the art

The development of information technology requires the need to ensure the security of electronic processing and transmission of information. Currently, one of the main security concepts for this technology is the concept of creating a trusted computing environment (ICE), implemented using the trusted boot tool (SDZ), which checks the integrity of the hardware and software of the computer, performs hardware identification / authentication of the user, and loads the verified operating system (OS) only from predefined media.

One of the possible SDZ implementations is a hardware-software module of trusted loading (APMDZ or, in the terminology of domestic regulators, “means of trusted loading of the expansion board level”) installed on the SVT motherboard via PCI and PCI-Express interfaces, including various data form factors interfaces. A representative of devices of this type is, for example, the certified product “KRIPTON-Zamok / PCI” manufactured by Firm ANKAD LLC (patent RU No. 2323255 dated May 12, 2006, class G06F 21/20, published March 27, 2008) .

However, when using APMDZ in various SVT, despite standardization, there really are problems of hardware compatibility associated with tolerances and ranges defined by standards (see, for example, the publication Sinyakin S.A. Features of Accord-APMDZ compatibility and modern SVT. // "Comprehensive information protection. Electronics info." Materials of the XVIII International Conference May 21-24, 2013. Brest (Republic of Belarus), 2013, P. 142-144), and with deviations caused by the spread of microcircuit parameters or the features of the wiring th board. Thus, APMDZ are very complex and expensive SDZs that perform, in addition to trusted downloads, many additional functions, and their use is advisable when processing information with a high level of confidentiality.

It is known SDZ, called by developers a mobile integrity control device (MCC), which makes it possible to use it on various CBTs, since it is an autonomously functioning highly protected device with secure memory that can be accessed through an active element (controller) and connected to the CBT through external USB interface, which is currently the standard for connecting various devices to a computer and a mandatory component of almost all SVT x (see. article Altukhov AA integrity monitoring concept of personal computing environment of the device. // The protection information 2014, №4, pp 64-68).

The ILCC implements the main functions of the SDZ. When connecting the MCCS to the CBT via an external USB port after the start of the CBT, the control is transferred to the MCCC, which carries out all the necessary self-test checks, after which the user is prompted to select the desired user mode and go through the program identification procedure. Then, in accordance with the profile of this CBT, the device initiates the process of checking the integrity of the CBT environment, and if successful, the MCC transmits the download to a predefined boot device. The ILCC implements a list of security functions described in the SDZ protection profile of the expansion board level of the fourth protection class (see FSTEC of Russia. Methodological document. Protection profile of the trusted boot means of the expansion board level of the fourth protection class. IT. SDZ.PR4.PZ-December 30, 2013 .), in particular, the function of monitoring the integrity of computer hardware, software (system and application software files) and boot areas of the hard drive, authenticates users, records administration events and wound integrity base for a variety of computing environments (different MCA).

The main purpose of the ILCC is to initiate the start of the procedure for creating an internal combustion engine by one user (administrator) on different SVTs (mainly on several SVTs served by the administrator of the local network, in particular, servers). After a trusted start of the CBT, the ILCC is removed and does not participate in the further operation of the CBT. The ability to carry out the necessary operations to create an internal combustion engine on virtually any arbitrary SVT, the profile of which is listed in the ISTC base, is the main advantage of this module.

Thus, in essence, the ILCC is a personal tool for creating internal combustion engines on SVT, the main disadvantage of which is the ability to start SVT in its absence, when the internal combustion engine on SVT is not provided. Therefore, in the case of unauthorized users working on the SVT or the possibility of access to the SVT by unauthorized persons, the computer becomes unprotected, since it can also be started without the ISCC. Therefore, to ensure the protection of the computer from unauthorized access, additional technical and / or organizational measures are required that make it impossible for the CBT to function if it does not have a trusted environment.

Closest to the proposed one is the Inaf information security measure against unauthorized access (SZI NSD) (hereinafter referred to as the device) developed by OKB SAPR CJSC on the basis of the ILCC and which is a USB-based hardware module designed for use on stand-alone PCs, servers and workstations of the local network (see materials from the site www.accord.ru/accord-inaf.html).

The known device is installed on a free internal or external USB-connectors of SVT and provides the following basic functions:

- hardware-based integrity monitoring of hardware, software, conditionally-constant CBT information before loading the OS, with the implementation of a step-by-step control algorithm;

- the ability to trust OS loading, as well as system and application software while installing several OSs on disks or in logical partitions of a CBT disk;

- automatic logging of recorded events at the stage of trusted OS loading (in the system log located in the non-volatile memory of the hardware of the complex);

- administration of the firmware of the complex (generating an administrator password and determining its parameters; assigning files to monitor the integrity and control modes, working with the system event log, monitoring the hardware of the CBT) and sharing the rights of the security administrator of the complex information and the CBT user;

- registration, collection, storage and issuance of data on events occurring in the CBT regarding the system of protection against unauthorized access.

The main component of the device is a non-volatile memory controller. The software and information part of the device, including the controller firmware, the control base, the event log and administration tools, is located in the non-volatile memory of the device. It provides the opportunity to conduct integrity control procedures for hardware and software of the CBT, administration and audit by means of the device at the hardware level before loading the OS.

The device operates as follows.

Before working with the device, the computer BIOS configures the boot from the device controller as from a hard disk. During the start of the computer, the device receives control, carries out the procedures for monitoring the integrity of the equipment and files, and, if this procedure is successfully completed, transfers control to the OS on the disk.

The device can be used in the framework of the implementation of two types of scenarios: for stationary installation in CBT or as a mobile device.

With a stationary installation in an SVT, the device’s functionality is continuously implemented. In this case, the controller is appropriately configured and connected to the USB port of the CBT permanently, and each time before loading the OS by the CBT user, the device controller performs the integrity control procedure for the objects defined in advance. In case of integrity violation, OS loading is blocked and the intervention of the information security administrator is required.

“Inaf” is used as a mobile device when it is not necessary to carry out integrity monitoring procedures for objects and prohibit OS users from loading the OS in case of integrity violation, but it is only necessary to identify the fact of the integrity violation of the monitoring objects.

In this case, first, the administrator performs all the necessary settings of the device controller connected to the CBT, then the functions for checking the integrity of the CBT components are implemented, after which the device is removed from the CBT and stored in a safe place (for example, in a safe). The CBT users work as usual, and the administrator periodically connects the device to the CBT in order to make sure that the composition of the CBT and the objects established earlier for monitoring are unchanged. It is also possible to work with the device when it is connected to the CBT every time before the start of the work session and is removed from the CBT after it is turned off. For the correct implementation of work on this type of scenario, special regulations must be provided for the actions of users whose responsibilities include starting CBT. In particular, for the correct implementation of the work it is necessary:

- install the BIOS option to boot from the device as from a hard drive;

- set a password to enter the BIOS;

- take administrative measures to prevent unauthorized disconnection of the device from the USB port: restrict physical access to the CBT and / or take measures to prevent physical removal of the device.

However, the known device does not have a sufficient level of functionality for protection against unauthorized access to information stored and processed on SVT, and does not provide sufficient protection efficiency.

The main disadvantage of the Inaf device is the possibility of unauthorized access to CBT. The device solves the problem of creating a trusted environment in SVT for the work of a trusted user, but does not prevent access to the SVT by an unscrupulous user or by unauthorized persons. Since this device does not provide for any components of the CBT interacting with it, unauthorized access to the CBT can be obtained by removing the Inaf device from the USB CBT port or by configuring the CBT BIOS for another boot option.

In addition, to protect against unauthorized access, it is first of all necessary to identify and authenticate users when accessing CBT, for the implementation of which various personal media of authentication information (TM identifiers, USB carriers, smart cards) are usually used. SDZ should include an authentication module that, according to certain algorithms, authenticates the user based on personal media data, which is interacted with through the corresponding reader. At the same time, the key information input path may be one of the components of the anti-tamper protection tool attacked by an attacker in order to gain unauthorized access to a computer.

Utility Model Disclosure

One of the widespread and reliable means for authenticating information carriers is smart cards (SC). Smart card readers (SSK) are devices that are connected to the relevant systems of access control and access control and ensure the exchange of information between the IC and the access control system, in particular, with APMDZ. The exchange of information between the SK and the reader can be carried out either by contact or non-contact (via radio frequency channel).

LLC ANKAD LLC has developed CRIPTON-SSK series readers, designed to build systems for delimiting and controlling users' access to computer hardware, as well as building cryptographic information protection tools based on the use of microprocessor smart cards that comply with ISO 7816 -3 (see materials of the website http://ancud.ru/cckm.html). SSK data can be placed in cases under standard SVT compartments, in particular, 5.25 '' or 3.5 '', and have a USB Full-speed interface with the SVT motherboard and with the SDM type APMDZ.

To eliminate the above drawbacks characteristic of the Inaf prototype, it is proposed to synergistically combine SDZ with SSK, that is, execute the trusted boot tool as a standard device in the housing under the standard SVT compartment, introducing into it a functional module that implements the SSK functions and providing direct permanent communication with the SVT motherboard via USB.

The technical result of the proposed utility model is to increase the level of functionality of the computer’s trusted boot device and the effectiveness of protection against unauthorized access to information stored and processed on the SVT by introducing hardware and software blocks into the device that provide the required level of functionality, as well as implementing structural layout solutions, providing a synergistic combination of the two devices, which allows to increase the reliability of the system of differentiation and access control and trusted SVT loading, while reducing its weight and size parameters and lowering the cost. Improving the reliability of the system, in particular, is ensured by reducing the path of entering authentication and key information from the SC by eliminating external communication channels, since the device is both a reader and a means of trusted download. An additional positive effect is the lack of the requirement for an additional port for connecting a reader of user authentication information.

The technical result is achieved by the fact that in the known means of protecting information from unauthorized access, containing a control microcontroller (UMK), operating independently of the central processing unit of the computer, a USB communication interface with the central processing unit of the computer, non-volatile flash memory and high-speed memory, the composition of the UMC included module for identification and authentication of users, a module for diagnosing the state of hardware components of a device, a module for monitoring critical time intervals of a procedure computer startup and boot, the device settings module, the voltage monitoring module of the device’s power supplies, the non-volatile flash memory contains a block with software for checking the integrity of controlled objects, a block with a list of controlled hardware and software objects, a block with a trusted operating system and a long-term log events, and in the high-speed memory there is an online electronic journal and a block with user credentials, the following components are introduced: device - reading unit smart card (SC) block external device interfaces and hardware random numbers; in UMK - a module for interacting with an IC reader, a module for managing key information loading, and a module for supporting interaction with servers; in addition, a block with the client part of the thin client software has been added to the contents of non-volatile flash memory.

The introduced modules and blocks provide the universality of the proposed device, expanding its functionality, while some of the modules can be installed optionally at the request of the customer when using the device for specific applications.

For example, when used to create a trusted environment and to protect against unauthorized access and to constantly monitor the state of the computer environment, the device is implemented in the “internal” version, that is, directly embedded in a computer, placed in a free standard compartment and USB interface directly connected to the motherboard eliminating the possibility of unauthorized extraction. In this version, in order to increase the protective functions of a computer system, communication interfaces with external devices, for example, with encoders, can be additionally installed; then, when the key information loading module is installed in the CMD, the encoders can be controlled, and when the communication interface with the computer’s power system is installed manage power, providing additional blocking when detecting tampering attempts. Optionally, the device may also contain a module for interacting with an access control system (RDS), installed and functioning at the level of the computer's operating system. Thus, the functionally proposed device can correspond to the level of existing APMDZ, but at the same time it can be installed on almost any SVT, since it operates on a USB bus.

If the protected SVT is used in a computer system operating on the basis of the thin client technology, a module for supporting interaction with servers is installed in the CMD of the device, and a block with the client part of the thin client software is added to the contents of the non-volatile flash memory.

When using SVT as part of a computer network, in order to ensure effective administration, the remote control unit of the device is additionally introduced into the contents of the non-volatile flash memory of the proposed device, and the unit with settings and remote control keys is added to the high-speed memory.

Additional installation in the device of a physical hardware random number sensor (DCH) allows you to increase the durability of key information and the reliability of cryptographic operations carried out in the process of creating authenticating user media and subsequent user authentication.

In the process of functioning of the device can be laid various options for implementing control from the computer BIOS. The main option can be considered the option when the BIOS of the computer is configured to boot from the device as from an external hard drive connected via USB, and a password is set to enter the BIOS to prevent unauthorized modifications to this device. In this case, the device receives control as a boot device.

The main option of transferring control to the device can be used on a wide range of CBTs, but its reliability is determined only by the strength of the set password for entering the BIOS (there are also known “bypass” methods that allow you to enter the computer’s BIOS settings without knowing the password for entry). Therefore, a more reliable option is the transfer of control to the device by modifying the CBT BIOS (this is possible for a relatively narrow circle of CBTs). In this case, a sequence of commands for loading and executing software modules stored in the non-volatile memory of the device is entered into the CBT BIOS. In case of unsuccessful user authentication or a negative result of checking the integrity of the system and application modules of the computer’s operating environment, the device may block further loading of the computer. An option is also to transfer control back to the CBT BIOS; In this case, the CBT BIOS can monitor the result of execution and block the further loading of the computer in case of unsuccessful execution of the device functions. Unlike the main option, this option also makes it impossible to boot up the CBT if the device is not connected to the USB bus, since the device is not connected at the stage of loading the modules from the non-volatile memory of the device; In this case, the CBT BIOS may also block further boot of the computer. To increase the level of CBT protection, this control transfer option can be combined with ensuring the integrity of the CBT BIOS through the use of specialized hardware or organizational measures.

The described options do not exhaust the entire spectrum of possible implementations of the device. Thus, the proposed device allows you to implement the option for specific conditions and tasks, starting from the minimum basic configuration and ending with a fully functional version, without significant additional costs, since the main changes concern not the hardware but the software part and consist in adding the necessary software modules and blocks to the CMD or device memory, which slightly increases the complexity of its implementation.

The proposed device, like the prototype, can also be implemented in the mobile version of the “external” version, when communication with the CBT is provided through its external USB interface. With this design, the level of reliability of protection is naturally reduced, since the inherent disadvantages of the prototype are manifested, and it becomes impossible to implement a number of functions, for example, the management of encoders and the power of the computer.

As a result of the analysis of the prior art by the applicant, including a search by patent and scientific and technical sources of information and identification of sources containing information about analogues of the claimed technical solution, no source was found characterized by features identical to all the essential features of the claimed technical solution. The determination from the list of identified analogues of the prototype as the closest in terms of the totality of the attributes of the analogue made it possible to establish the combination of the essential characteristics of the claimed device of trusted computer loading and protection against unauthorized access to information stored and processed on it, set out in the useful formula models. Therefore, the claimed technical solution meets the criterion of "novelty."

The fact that the analogues and prototype of the claimed device are industrially manufactured products widely used in CBT, and in the manufacture of the device uses a similar component base, confirms the feasibility and industrial applicability of the proposed utility model.

Located on the UMK device’s common board in cooperation with program blocks located in non-volatile flash memory and high-speed memory, also installed on the device’s common board, not only user identification and authentication programs are executed, but also all critical operations of trusted computer loading while ensuring control all critical time intervals when unauthorized interference with the startup procedure is possible.

Increases the reliability and effectiveness of protection as well as the presence of additional locks implemented during various attempts of unauthorized actions. The device implements testing of its hardware components, implements the ability to limit and differentiate access to the hardware and software components of the computer. As already noted, additional blocks can optionally be installed in the claimed protection device, in particular, when cryptographic tools (encoders) are installed on the computer, the device is equipped with a control unit for encryptors and ensures that encryption keys are downloaded to prevent the keys from entering the RAM of the computer, which prevents them from being intercepted or interventions in the process of downloading key information. In addition, a higher level of functionality and high protection efficiency of the proposed device can be additionally (optionally) provided by the presence of communication interfaces and program blocks for interacting with other protection means (access control system, blocking devices, etc.). If necessary, the device can provide reliable protection of CBT during remote control, as well as in information and computer systems using the technology of "thin client".

Brief Description of the Drawings

In FIG. 1 is a structural diagram of a device for trusted loading of SVT and protection against unauthorized access to information stored and processed on it, which is installed on a standard USB interface of the motherboard.

In FIG. Figure 2 shows a general view of one of the possible variants of the device in a housing for placement in a standard compartment of a 3.5 '' computer.

Trusted boot and tamper protection device FIG. 1 contains the following main components:

1 - the total board of the device;

2 - control microcontroller (UMK);

3 - non-volatile flash memory with a flash disk implemented on it for a service partition;

4 - non-volatile high-speed memory;

5 - block of switches for selecting the operating mode of the device;

6 - communication interface of the UMK with the central processor SVT (USB HS);

7 - power supplies of UMK;

8 - hardware (physical) random number sensor (optional);

9 - source of an audio signal;

10 - block interfaces of external devices;

11 - smart card reader.

Components of UMK 2:

12 - user identification and authentication module;

13 is a module for diagnosing the state of the hardware components of the device;

14 - voltage control module for power supplies of the UMK;

15-module for monitoring critical intervals of the procedure for starting and loading a computer;

16 - random number sensor module;

17 - a module for supporting interaction with a computer access control system (SRD) of a computer (optional);

18 - key information loading control module (optional);

19 - a module for supporting interaction with servers of an information-computing system (optionally during operation of CBT in a network);

20 - control module for the main power of the computer (optional);

21 is a device settings module.

Components of non-volatile flash memory 3:

22 - block with software (software) for checking the integrity of controlled objects and dialogue with the operator;

23 is a block with a list of controlled hardware and software objects;

24 - block with software for remote control of the device (optional);

25 - block with a trusted OS;

26 - block with the client part of the software "thin client" (optional);

27 - long-term event log (in the service section on a flash drive);

28 - block additional settings (in the service section on a flash drive).

Components of high-speed memory 4:

29 - online electronic journal;

30 - block with user credentials;

31 - block with settings and remote control keys (optional); Components of the block of interfaces of external devices 10 (optional):

32 - intermodule interface (MMI) for managing encoders;

33 - CBT power management interface.

Utility Model Implementation

The applicant has implemented a prototype device ("KRIPTON-APMD3-USB"). The tests of the prototype carried out by the applicant confirmed the possibility of its implementation with the achievement of the specified positive technical result.

The above information indicates the fulfillment of the following set of conditions when using the claimed technical solution:

- the claimed device is intended for use in industry, namely, for trusted download and protection against unauthorized access to light-emitting diodes, used both as personal information processing and storage tools, as well as automated information processing systems working as part of computer networks;

- for the claimed device in the form as described in the independent clause of the claims, the possibility of its implementation on the basis of commercially available and commercially available components has been confirmed.

Therefore, the claimed technical solution meets the criterion of "industrial applicability".

1. Patent RU No. 2323255 of 05/12/2006, cl. G06F 21/20, publ. 03/27/2008

2. Sinyakin S.A. Features of compatibility Accord-APMDZ and modern CBT. // “Comprehensive information protection. Electronics info. " Materials of the XVIII International Conference May 21-24, 2013. Brest (Republic of Belarus), 2013, S. 142-144.

3. Altukhov A.A. The concept of a personal computer integrity monitoring device. // Issues of information security, 2014, No. 4, S. 64-68.

4. FSTEC of Russia. Methodical document. The protection profile of the trusted boot layer of the fourth-level expansion card extension. IT. SDZ.PR4.PZ-December 30, 2013

5. www.accord.ru/accord-inaf.html

6.http: //ancud.ru/cckm.html.

Claims (8)

1 A device for trusted loading and protection against unauthorized access of a computer tool made on a common board located in the case on which a control microcontroller is located, operating independently of the computer’s central processor and connected to it via a USB communication interface, non-volatile flash memory and high-speed memory, interacting with the control microcontroller via standard internal communication interfaces, and an ID module is included in the control microcontroller user authentication and authentication, a module for diagnosing the state of the hardware components of the device, a module for monitoring critical intervals of the computer startup and boot procedure, a device settings module, a voltage monitoring module for the device’s power supplies, non-volatile flash memory contains a unit with software for checking the integrity of controlled objects, a unit with a list of controlled hardware and software objects, a block with a trusted operating system and a long-term event log th, and in the high-speed memory there is an online electronic journal and a block with user credentials, characterized in that a smart card reader is integrated into the device, integrated on the device’s common board, having an external interface for connecting smart cards and connected by an internal interface to the control a microcontroller, which includes a module for interaction with a smart card reader. 2 The device according to p. 1, characterized in that the device additionally includes a block of interfaces of external devices, and the control module for downloading key information is additionally included in the control microcontroller. 3 The device according to claim 1, characterized in that the module for supporting interaction with servers is additionally introduced into the control microcontroller, and a block with the client part of the “thin client” software is additionally introduced into the contents of the non-volatile flash memory. 4 The device according to claim 1, characterized in that a random number sensor is additionally introduced into the device. 5 The device according to claim 2, characterized in that a module for supporting interaction with servers is additionally included in the control microcontroller, and a block with the client part of the thin client software is additionally added to the contents of the non-volatile flash memory. 6 The device according to claim 2, characterized in that a random number sensor is additionally introduced into the device. 7 The device according to p. 3, characterized in that a random number sensor is additionally introduced into the device. 8 The device according to p. 5, characterized in that a random number sensor is additionally introduced into the device

Images