RU2628458C1 - System of monitoring of special purpose computers safety - Google Patents

Abstract

FIELD: information technology.

SUBSTANCE: system contains a management server, a database server, an administrator work place, radio frequency readers connected to the management server, and radio frequency identification emitters (RFID-tags) installed on the monitored components of computer, readers and tags contain unique electronic identifiers and are linked by a radio frequency channel for information exchange with the ability to monitor the status and location of monitored components. An active RFID-tag is generated on the critical monitored computer component, which generates information about the protected component and its location in this computer, and the monitored component is placed in a closed shielding RF signal housing that blocks the direct communication channel between the tag and the reader in normal closed state of the computer and opens the channel for transmitting information about an attempt to unauthorized access to the protected component at the opening of shielding housing.

EFFECT: increasing the efficiency of protecting the computer from unauthorized actions.

3 cl, 1 dwg

Description

The invention relates to the field of computer technology and is intended to control the location and condition of computers and their components, designed to process and store information with a high degree of confidentiality. Its use will allow to obtain a technical result in the form of increasing the efficiency of protecting a computer from unauthorized actions, in particular, from unauthorized removal of critical components, such as hard drives or modules for creating a trusted environment when processing sensitive information.

Special purpose computers are usually not combined into a single computer network to avoid unauthorized actions through network channels, organized as an automated workstation (AWS) for personal work, usually in a protected area, and equipped with hardware-software protection against unauthorized access, including tools cryptographic protection. Therefore, the main security threat to such AWS and their information resources is represented by the maintenance staff and the users themselves.

Since the protected workstation does not have communication with external devices, and the removal of critical components or the entire system unit of the computer occurs, as a rule, when the computer is turned off, the problem arises of monitoring the presence and location of the workstation components and its state.

To solve this problem, it is proposed to use the technology of radio frequency identification (RFI or RFID-Radio Frequency IDentification), which is currently widely used to identify and determine the location of various objects (see, for example, patent RU 2378661 “Method for determining the storage location of an object using radio frequency tags ”from 04.24.2008, publ. 01/10/2010).

Closest to the proposed technical solution is a system for monitoring and determining the location of the equipment of a data storage and processing center (in particular, servers), described in US patent No. 8779922, cl. G06K 7/01, G08B 13/22, filing date 08/10/2012, publ. 07/15/2014.

The system includes the following components: a control computer with application software, a database, a user interface and a display; controllers installed on racks with servers located in them and connected to the control computer via a local network; electronic readers located on a rack opposite each server and connected to the rack controller with cables; passive RFI tags installed on each of the servers at a short distance from the reader (in the near field of interaction).

RFID tag readers have an original small-sized design. They include a processor, its own memory and a power management system coming from the rack controller, and additional sensors can also be included (temperature control, touch indicator, integrity sensor or unauthorized reader disconnection, etc.). Each reader has a permanent unique electronic identifier corresponding to the equipment it controls.

The system operates as follows. Application software provides interaction between the control computer through the operator’s interface and the controllers of the hardware racks with readers installed on the rack, which poll polls installed on the servers. Since each controller has a code that identifies it with the rack on which it is installed, and each passive tag and the reader located opposite it, in turn, identify a specific server, as a result, information from each reader received in real time allows the computer Management to monitor the status of each piece of equipment, namely the status of each of the servers in a particular rack.

During the monitoring process, the information of each reader is monitored, and if the read unique electronic identifier of the controlled equipment does not match the identifier in the database of the control computer, a violation (substitution) is recorded. In the case of, for example, attempts to unauthorized removal of the server from the rack, the reader installed on the rack body, when interrogating a tag located on the server, does not receive a response signal from it (the required signal level for the passive tag is provided only in the near field and is not fixed with increasing distance more than permissible), which is also recorded by the control computer as a violation (theft).

The known system has a number of significant drawbacks when used to protect AWP for special purposes. It requires complex installation directly on the protected equipment, installation of additional power supplies, development of additional equipment (special readers), as well as cable management and the organization of a local network for information interaction between system components. Such operations on special-purpose equipment are extremely undesirable, while additional channels of unauthorized influence on the components of the protected workstation arise, which may adversely affect the effectiveness of protecting the workstation from unauthorized actions.

The proposed security monitoring system for special-purpose computers consists of a management server (SU), an administrator's workstation (AWS-A), a database server (SBD), RFID tag readers, and active RFI tags. SU, SBD and ARM-A are located in a dedicated room and can be combined in one server, which is part of the administrator’s workstation. Protected workstations of users are located in one or several dedicated rooms with an access control system in each of them. Critical components of the workstation are placed in a shielded case, which can be the metal case of the computer system unit, on which additional shielding elements can be installed if necessary. An active RFI tag is installed on the protected component (for example, a hard disk with confidential information). An additional mark may be placed under the base of the shielded enclosure at its permanent location.

Each reader has a code identifying it and is tied to the room in which it is installed. Each active label also has an identification code and is associated with a specific AWP and / or controlled component. The reader and the case with the guarded object and the active tag are oriented in space within the line of sight and at a distance that ensures reliable reception of the tag signal.

The control system is connected to the room readers, monitors their operability and receives information read from RFI tags located in the rooms. Through standard protocols, it also interacts with the DBMS, which provides storage of all long-term and short-term data used by the control system, including data on all components of the system and the relationships between them.

According to standard protocols, the control system interacts with AWP-A, the software of which allows the administrator to carry out general system configuration, as well as to configure and control current system events, configure variable equipment parameters, link components and monitoring objects to a specific location, etc. ARM-A graphically displays the location and status of all monitored objects, and also displays a list of emergency messages about events related to a security violation. Administrator software allows event logging.

The placement of objects with radio frequency identifiers in shielding volumes is known, but other tasks are being solved, namely, protecting the system based on RFI tags from attacks of unauthorized reading of information from the tag with the subsequent opening of a communication session with it and substituting data on it (this type of attack the system was called "skimming"). To combat unauthorized reading, a number of shielding-based solutions have been proposed, starting from the creation of narrowly directed communication channels between the tag and the reader by selecting the frequency and shielding the RF radiation in metal cabinets with a selected size of openings for radiation output with a given wavelength (see, for example , patent US 8692654, 04/08/2014) and ending with complete shielding of the RFI carrier during storage and transportation in special containers and various accessories made of shielding material that provide radio astotnuyu protection (see., e.g., US Patent Application 20110016615, 27.01.2011).

The proposed monitoring system works as follows.

The active label of the protected component generates a signal of a given frequency and intensity, with a specified frequency generates and transmits a signal containing information about the protected object and the workstation, which it is part of. However, this signal is not recorded by the reader located in the room where the workstation is located, since the case of the unit where the protected component is installed shields the tag signal.

In case of unauthorized access to the component when opening the shielding case, the tag signal is recorded by the reader, the information is sent to the control system and displayed on the AWP-A with a graphic display of the room and the workstation on which the violation is recorded, and an emergency message about the event. In this case, the information is recorded in an electronic journal.

If you try to transfer a unit with guarded objects to open its case to a place inaccessible for receiving a tag signal by the reader, the signal of an additional shielded tag installed under the base of the shielded case in the place of its permanent placement will be recorded, and a message about unauthorized movement of the block will be recorded on the workstation And similarly to the situation of opening the block body.

Using an active tag allows you to implement the described protection mechanism both on a running workstation and when it is inactive in real time and at any time, since the system does not require additional power sources related to the workstation. The performance of the system is ensured by the reliable operation of the tag signal reader and the tags themselves. To do this, a control system for the readers' work is installed in the control system, and in case of failure of the reader or its intentional deactivation from an operational state, an emergency message about a security violation will also be issued, and a room and a reader will be marked on the graphic display of the ARM-A display, the operation of which is broken.

The reliability of the active tags will be mainly determined by the state of their power source and can be supported by routine work to replace or recharge the power source, taking into account its service life.

A further development of the proposed technical solution is the use of intelligent active tags. The presence of their own processor allows programming functions to control operating modes and provide certain conditions for interaction with the reader.

It is proposed to program the operation of smart active tags with a reader in two transmission modes by controlling the power and / or frequency of the tag signal. In one mode, the shielding element completely shields the tag signal, and in another mode, the signal passes through the shielding element and is received by the reader. The main mode is to work when the label generates a “weak” shielded signal, when used, its fixation by the reader, as well as when using the usual active tag, will inform about the absence of the screen (opening the unit). Work in the “strong” signal mode will allow receiving information about the status of the label (for example, about the parameters of its power supply and the need to replace them or (in the absence of this signal) to monitor the malfunction of the label itself at specified times.

The technical result of the proposed monitoring system is the implementation of an additional mechanism for protecting special-purpose computers and their components, which can be integrated with other AWP protection tools that provide comprehensive protection for an information system designed to process and store information with a high level of confidentiality. At the same time, the integration of the monitoring system does not require changes and improvements in the hardware of the protected workstation and is ensured by a simple refinement of the software component of the protection complex, which consists in connecting the monitoring system control server to it with its application software.

The technical result is achieved by the fact that in the known system for monitoring the location and condition of computer equipment, consisting of a control computer, including application software, a database and a user interface, radio frequency readers connected to the control computer, radio frequency identification emitters (RFI tags) installed on controlled components of computer equipment, with readers and tags containing unique electronic identifiers and connected adiochastotnym information exchange channel, with monitoring the status and location controlled components introduced RF signal shielding housing in which is located a protected piece of equipment, and it is set active RFID tag, generating information on a secure component and its location.

The inclusion of an active RFI tag, which has its own power supply, provides the ability to generate a signal in real time under any condition of the equipment being monitored. The presence of a shielding case provides physical and radio shielding of the protected component, as well as the control of the signal about an attempt of unauthorized access to a critical component of a computer system. The use of an intelligent active RFI tag additionally allows you to obtain the necessary information about the status of the tag itself at any time at the request of a reader managed by a management server with administrator workstation.

As a result of the analysis of the prior art by the applicant, including a search by patent and scientific and technical sources of information and identification of sources containing information about analogues of the claimed technical solution, no source was found characterized by features identical to all the essential features of the claimed technical solution. The determination from the list of identified analogues of the prototype as the closest in terms of the totality of the characteristics of the analogue made it possible to establish the set of essential features relative to the technical result perceived by the applicant as the claimed system for monitoring the security of special purpose computers and protecting the computer from unauthorized actions, in particular from unauthorized removal of critical components, set forth in the claims. Therefore, the claimed technical solution meets the criterion of "novelty."

An additional search carried out by the applicant did not reveal known solutions containing features that match the distinctive features of the claimed security monitoring system for special purpose computers from the prototype. The claimed technical solution does not follow for the specialist explicitly from the prior art and is not based on a change in quantitative characteristics. Therefore, the claimed technical solution meets the criterion of "inventive step".

Graphic Images

In FIG. 1 schematically shows the implementation structure of the proposed system, where:

1 - administrator workstation (AWP-A);

2 - management server (SU);

3 - database server (DBMS);

4 - RFI reader (tag reader);

5 - active RFI tag (emitter);

6 - controlled component of the computer;

7 - shielded case;

8 - additional mark under the housing.

Designation of spatial features of the system:

C - server;

P - premises with hosted computers for special purposes;

AWP - automated workstations of users.

In each of the rooms can be several AWP. The monitoring system can serve several rooms at the same time.

The proposed computer security monitoring system is implemented by the applicant using well-known purchased components. The domestic device SPRUT-1, consisting of a reader and active tags, was chosen as the basis. The reader is connected to the tags via the radio interface with an operating frequency of 2.4 GHz, the transfer is carried out according to the ZigBee protocol (IEEE 802.15.4-2006 standard). The reader is a controller with a receiving pin antenna that allows you to read information from tags and program them to a given mode of operation. It has low power consumption, small dimensions, high noise immunity and security. In case of loss of communication with the control system, it can work autonomously with the accumulation of information and its subsequent transmission. Communication with control system wired via RS232, RS485, USB. The SPRUT-1 device is based on a general-purpose transceiver manufactured by DIG International (DIGI).

The reader has its own unique code containing information about its inventory number, model, as well as the type that defines the set of its additional properties and relationships. Each reader is tied to a specific room.

The active tag that works with the reader is a miniature transmitter with its own memory, where identification data is entered: number, model, description, its purpose, etc. In addition, the label transmits data on the state of its battery and allows you to generate two different signal strengths. The maximum radiated power of the tag is 100 mW, which does not require additional licensing for its use. The battery provides the life of the label from 1 month to 3-5 years, depending on the installed signal power and pulse frequency.

The developed control systems and database systems work under the control of the operating systems Windows Server 2008/2012 and can be combined on one physical server. SU provides the ability to connect to it (directly or through appropriate controllers) of all managed components of the system and manage them. The software allows the installation and removal of components of the control system and the database. The interaction between the components of the control system and the DBMS is carried out using standard network protocols.

The ARM-A software modules operate under the operating systems Windows 7/8 / 8.1, Windows Server 2008/2012. AWP-A interacts with the components of the control system through standard network protocols. ARM-A software consists of several software modules, including the following programs: a program for performing long-term settings of system objects and the connections between them, as well as general system settings; a program for monitoring the system events and making settings for the current session; a program for viewing system operation protocols. The current control program contains a graphic image of the set of rooms registered in the system, with the help of marking the current location and status of the AWP users and RFI carriers identifying controlled objects. The program displays a list of emergency messages (security violation messages).

The tests of the prototype carried out by the applicant confirmed the possibility of its implementation with the achievement of the specified positive technical result.

The above information indicates the fulfillment of the following set of conditions when using the claimed technical solution:

- means that embody the claimed device in its implementation, are intended for use in industry, namely in automated systems using radio frequency identification technology of objects and subjects, including information and computing systems to protect against unauthorized access to their components;

- for the claimed device in the form as described in the independent clause of the claims, the possibility of its implementation using the means described in the application is confirmed.

Therefore, the claimed technical solution meets the criterion of "industrial applicability".

Thus, the proposed monitoring system retained the advantages of the prototype, namely the ability to control the location and condition of the components of the computer system. At the same time, the technical solutions of the proposed monitoring system do not require complicated installation and laying of cable lines on the equipment of the protected computer system, which does not interfere with its hardware components, cannot adversely affect the effectiveness of the existing protection against unauthorized actions and allows using this system for monitoring the security of special purpose computers, while ensuring their additional protection and thereby increasing the effectiveness of general protection . The system is easily integrated into the integrated security system of information and computer systems.

Information sources

1. Patent RU No. 2378661, cl. G01S 5/16, 04.24.2008, publ. 01/10/2010.

2. Patent US 8692654, CL H04Q 5/22, 06/26/2012, publ. 04/08/2014.

3. Patent US 20110016615, cl. A41D 27/20, 01/01/2010, publ. 01/27/2011.

4. Patent US 8779922, cl. G06K 7/01, G08B 13/22, 08/10/2012, publ. 07/15/2014. - prototype.

Claims (5)

1. The security monitoring system for special-purpose computers, consisting of a control subsystem, including a management server, a database server and the administrator’s workstation, radio-frequency readers connected to the management server, and radio-frequency identifying emitters equipped with application software and interacting using standard protocols RFI tags) installed on the controlled components of the computer, with readers and tags containing unique electronic ronnye identifiers and associated radio frequency channel of information exchange with the ability to monitor the status and location controlled components characterized in that to increase the reliability of protecting the computer from unauthorized exposure to its critical controlled component, an active RFI tag is installed that generates information about the protected component and its location in this computer, and the controlled component is placed in a closed case that shields the RF signal, blocking the direct channel of information exchange between the tag and a reader in the normal closed state of the computer and opening a channel for transmitting information about an unauthorized attempt access to the protected component when opening the shielding enclosure. 2. The system according to claim 1, characterized in that for the possibility of obtaining information identifying the controlled object at any required time, an intelligent active tag is set on it, programmed to work with the reader in a weak signal mode, blocked by a screening element and ensuring the system to operate in the mode according to claim 1, and a signal of increased intensity passing through the screen and providing the ability to transmit information to the reader about the current state of the controlled object and th marks. 3. The system according to claim 1, characterized in that in order to exclude the possibility of removing the shielding case with the controlled component from the reader's coverage area, the regular location of the shielding case is provided with an additional RFI tag, which is installed under the case and, if it is moved and eliminated, organizes the shielding a communication channel with a reader for transmitting information about unauthorized movement of a protected component.

Images