Protection of RDP in accordance with GOST using Rutoken EDS. Duplex TLS

RDP is an application layer protocol, and therefore TLS, which works on a transport layer, is ideal for protecting it.

In this topic, with the help of open source OpenSSL and sTunnel applications, we will protect RDP connections using the TLS protocol with support for Russian cipher suites (GOST2001-GOST89-GOST89), client authentication according to GOST certificates will be carried out hardware on board the USB token Rutoken EDS with generation key agreement according to the scheme VKO GOST 34-10.2001. However, the authentication key is non-recoverable and cannot be stolen. Rutoken EDS will also be used as a hardware frequency converter.

For the case of authentication on a terminal server about Active Directory using RSA certificates, we will wrap TLS over RSA in TLS according to GOST. Thus, we get a two-level TLS - RSA with client authentication will go inside the channel protected by GOST.



OpenSSL has a TLS encryption implementation based on Russian algorithms in accordance with draft-chudov-cryptopro-cptls .

sTunnel is a compact TLS proxy: it accepts insecure TCP connections as input, TLS calls them and forwards them to a remote server. As a “cryptographic core”, stunnel uses OpenSSL.

sTunnel from the "box" does not know how to work with GOSTs, so I patched it and rebuilt it. A patch about 2 lines in size.

Rutoken EDS is connected to OpenSSL in the manner described on the vendor forum forum.rutoken.ru/topic/1639 . In this case, hardware implementation of Russian cryptographic algorithms “on board” Rutoken EDS is used.

Protection in accordance with GOST

The basic scheme is shown in the figure.



First you need to make a small CA that would issue GOST certificates to the sTunnel server and sTunnel clients. To do this, it makes sense to use OpenSSL. Generation of client keys on the token, the formation of applications for certificates are described in the article habrahabr.ru/blogs/infosecurity/134725 . The server key and certificate makes sense in the form of ordinary files.

Details on this topic I will not stop.

Server setup:

Install sTunnel as a service on a Windows server with a raised terminal server and configure it:

• Download and unpack the ubuntuone.com/4zOP5AR39vKxk0uF6rwxNM archive
• we say stunnel -install (while stunnel is registered as a service)
• set the system environment variable OPENSSL_ENGINES = [path to the folder into which the archive was unpacked]
• put sTunnel CA certificate, certificate and server key (in accordance with the config)
• put the config (I saved it in the stunnel.conf file and put it next to c sTunnel.exe)
• restart the computer

Server config:

verify = 2
cafile = crypto/ca.crt
cert = crypto/server.crt
key = crypto/server.key
engine=gost
socket = l:TCP_NODELAY=1 
socket = r:TCP_NODELAY=1 
debug = 7 
output = stunnel.log 
client = no 
[RDP-TLS-GOST] 
ciphers = GOST2001-GOST89-GOST89
accept = 1494 
connect = localhost:3389 

Do not forget on the server to close the firewall 3389 port of the IP address sticking out!

Client setup (on Windows):

• Download and unpack the ubuntuone.com/5D4sNc9i29MDgdW9KvROZa archive
• put the client certificate and CA certificate (client key on the token)
• set the environment variable OPENSSL_ENGINES = [path to the folder into which the archive was unpacked] for the user
• put the config

Client config:

verify=2
client=yes
CAFile=ca.crt
output=stunnel.log
sslVersion=TLSv1
taskbar=yes
DEBUG=7
engine=pkcs11_gost
engineCtrl=MODULE_PATH:rtPKCS11ECP.dll
engineCtrl=INIT 
engineCtrl=PIN:12345678
[RDP-TLS-GOST]
engineNum=1
key=100
cert=client.crt
accept = 127.0.0.1:8088
connect = x.x.x.x:1494
ciphers = GOST2001-GOST89-GOST89
TIMEOUTclose = 1

An important point . sTunnel does not require installation with administrator rights. Generally speaking, it can be used in conjunction with the Rutoken EDS Flash .
Rutoken EDS Flash is a CCID device that does not require installing drivers on modern OS. The necessary files are placed on the Flash-memory and a small
script for Windows is written that starts the sTunnel process with the desired environment (OPENSSL_ENGINES =) and launches the Windows RDP client on the desired host: port (mstsc /v:127.0.0.1:8088)

Duplex TLS

In the case of user authentication about Active Directory using RSA certificates, I suggest using normal TLS with storing the RSA authentication client key on the Rootoken EDS, but go through sTunnel. In this case, TLS via RSA will be transmitted inside the TLS channel with GOST.

Two schemes are possible. In the first TLS with RSA, the RDP client directly organizes. At the same time, two keys are stored on the token - GOST (authentication “friend or foe” to log in to the sTunnel server)
and RSA (if the user was able to pass the first barrier, this key is used to authenticate about AD, the user immediately logs into his account on RDP server).



To access the RSA key / certificate stored on the Rutoken EDS and the hardware implementation of the RSA on the “board”, the Rutoken EDS is used on Windows Rutoken CSP (included in the Rootoken driver distribution package), on Linux, rdesktop runs through PC / SC.

In the second scheme, TLS by RSA and GOST is provided by sTunnel itself. I immediately warn that I did not try this second scheme.



To access the RSA key and the RSA hardware implementation “on board”, Rutoken EDS uses engine pkcs11 from the OpenSC project www.opensc-project.org/engine_pkcs11 .

Accordingly, in the sTunnel client config there will be two sections:

[RDP-TLS-GOST]
engineNum=1
key=100
cert=client_gost.crt
accept = 127.0.0.1:8088
connect = x.x.x.x:1494
ciphers = GOST2001-GOST89-GOST89
TIMEOUTclose = 1
[RDP-TLS-RSA]
engineNum=2
key=101
cert=client_rsa.crt
accept = 127.0.0.1:8087
connect = 127.0.0.1:8088
TIMEOUTclose = 1

And the RDP client needs to go to 127.0.0.1:8087.