In terms of construction, «Marsh!» is designed as a USB-device and looks just like a regular «flash drive». However, «Marsh» resembles a flash drive only in terms of appearance. In fact, it is an active microprocessor, with a multistage cryptographic subsystem, verified secure Linux operating system, a browser, a special memory management subsystem, etc.
«Marsh!» as a trusted startup hardware module
The main objective of «Marsh!» is to create a trusted environment for cryptography. For this purpose, a special section of memory of «Marsh!» contains all the necessary software. The most important feature is the possibility to sign documents in XML format provided by «Marsh!». «Marsh» is prepared for use as a startup device. At the beginning of a trusted communication session the user is loaded from «Marsh!», thus ensuring a trusted environment. After that the browser and all associated software, required for its work, start. A secure exchange of information is ensured in the browser in a trusted session, which meets all the requirements of Federal law of Russian Federation no. 63-FZ.
After loading the operating system on the client computer and launching the browser, a trusted session with the server (VPN-gateway) of the central information system is provided, i.e. a secure connection based on cryptographic algorithms (private keys and certificates are stored in the protected memory of «Marsh!»).
«Marsh!» as a memory with hardware access control
In terms of access control, «Marsh!» represents a memory divided into several sections. As a rule, these are at least one section Read Only (RO), at least one section ReadWriteHidden (RWH), as well as sections AddOnly (AO) and sections with shared access RW. Division into sections is carried out while it is produced, and it cannot be changed by the user.
Usually the RO section hosts the operating system and other software, which remains unchanged for quite a long time, updates and additions of functional software are hosted in one of RWH sections, key VPN information is hosted in another one, and the AO section is used to keep hardware logs of security events.
Hardware resources of trusted communication session tool (TCST) «Marsh!»
In terms of its hardware resources TCST «Marsh!» represents a control microcontroller, a memory of the microcontroller’s software startup, a random number generator from physical noise sources and a memory with controlled access. This device performs memory control, generation and control of random sequences, and resident cryptography used to manage software updates. Hardware resources of «Marsh!» are not used for dataflow cryptography, but are used only for storage of the code and the key information, which allows to use this device with any certified CDSS without changing key management systems.
Resident software tools of TCST «Marsh!»
The composition of the resident software includes an operating system, a browser, an integration module, a library of electronic signatures, VPN, a crypto core, supports libraries for reliable work with the memory, the Mass Storage transport system and the file system.
Operating system: Linux.
Browser: Mozilla Firefox.
The integration module is embedded as a browser plug-in, and is intended to initiate operations with electronic signatures.
The library of electronic signatures is a tool allowing to use the electronic signatures not of bit strings, but of the documents in XML format.
VPN can be different. There is a successful experience in working with all spread VPNs.
The crypto core can be different. There is a successful experience in working with all spread crypto cores.
Integration of TCST «Marsh!» into functional subsystems based on WEB-services
To integrate with a functional subsystem built on WEB-services the server side should just establish a physical or virtual server of a trusted communication session — a TCS server. Its purpose is to support VPN from the side of the channel (the client) and to support the WEB-service from the side of the center. The current practice of integration shows that there are no difficulties at this stage is the system is developed correctly.
In case of integration with a system based not on a WEB-service technology, the system can be supplemented with a standard Integration Agent (IA), which is mass-produced. In this case the integration represents a description and customization of the services in the IA.
The cost of technical means of a TCS is much lower than in traditional approaches.