EDS - Is it So Simple?
Relatively recently, one of the participants in the habrasociety began a series of articles on the use of electronic digital signature (EDS). A wonderful cycle, opening to the inexperienced users on this issue a veil of secrecy over this concept.
But, unfortunately, the respected author did not talk about several important aspects of information security that must be taken into account when using EDS, especially when signing legally significant electronic documents.
I will try to fill this gap so that the respected user knows what he will encounter when working with a beast called "EDS".
First of all, I propose to understand why EDS is needed from a legal, and not from a technical point of view. According to the current law No. 1-ФЗ “On electronic digital signature”:
An electronic digital signature in an electronic document is equivalent to a handwritten signature in a paper document, subject to the following conditions:
This fact opens up many opportunities for various document management systems, such as tax reporting, remote signing of contracts, approval of orders, remote banking services (RBS), etc. etc.
But, at the same time, this opens up enormous opportunities for attackers who, having forged a digital signature of a legal owner, can give out their will for a legal one belonging to the owner of an electronic digital signature.
What does this mean? Here you can fantasize: (1) they give an incorrect tax return for a large organization and it runs into a huge fine, (2) an absurd press release comes to the newspaper signed by the director of a large holding, (3) the money from the company’s account is transferred to the administrator Vasily Petrovich signed General Director, (4) Your money is transferred through the RB system to an account in Yekaterinburg. And from the point of view of legislation, everything is legitimate. Your signature (EDS) is on your “will” (electronic document).
And I dare to assure you that if examples 1, 2 and 3 are fictitious, then example 4 is an everyday practice that many leading companies in the information security market try to fight. And I brought Yekaterinburg for a reason - 70% of the funds flow away, for some reason to this city, and then dissolve almost without a trace.
And most importantly, how to deal with it?
I’ll give you some statistics that approximately reflect the direction of attacks, the result of which is an attacker getting a copy of your digital signature under his document.
To understand the first part of the table, we will be helped by the well-known (I hope for this) series of articles on EDS. As we know, there is a key pair for working with EDS - public and private keys. In order to put an EDS, you need a private key. The first part of the table reflects attacks on this user asset.
Unfortunately, the vast majority of users store a key container (this is such a thing, a set of files where a key pair is stored, a certificate and some service information) anywhere, but not in a secure place. For example, a flash drive, a folder “C: \ Keys for a bank account”, a diskette, etc. You need to understand that if you copy this information, the new owner will be able to give out his will for yours. You will say: “But I have the keys with a password!” And I will answer: “This is not a reliable defense. After you select your password, you will work all your life for a loan in your name. ”
Now ask yourself: “Do I have a lot of money for WebMoney? Where do I store the keys for my WMID? Do you feel sorry for this money in case of something? ”
Or like this: “Where are the digital signature keys for working with my company’s bank account? Where will I look for this money if someone sits for 5 minutes on my work laptop? ”
The solution is very simple - store keys to critical systems (to where your money is) on secure media (for example, smart cards, USB tokens). Fortunately, there are plenty of such people on the market. This will close 70% of attacks.
But there is another 5% on the tablet. These attacks are possible due to the fact that, usually, the development of EDS is carried out on a computer by software. And, as soon as the EDS keys are obtained by these means from the secure storage, the evil Trojan comes into effect and steals these keys. This type of attack is much more complicated than just copying keys from a flash drive, but it has its 5% overall.
The way out is specialized devices (the same smart cards and USB tokens) that implement the mechanisms for generating EDS independently (hardware cryptographic information protection devices). That is, they are given a document or its hash at the input, and at the output we have an electronic digital signature. In such devices, all operations with the private key (generation, use, destruction) are performed only inside the device. The private key physically cannot leave it, that is, attacks on it are impossible - only to steal the device, but it is very problematic to hide the fact of theft. According to modern trends and Western experience, such devices are the future. If you are interested in specific models - advertise in the comments.
We pass to attacks more difficult than key theft.
So, they stole the cryptographic information protection system, which itself produces an electronic digital signature (10% of attacks). Password access to the device! Well, as usual - do not write the password on pieces of paper, make it persistent and set a limit on the number of attempts to enter - modern hardware cryptographic information protection devices allow this. And as soon as they discovered the theft of cryptographic information protection - revoke the certificate!
Another 14% of attacks are remote computer control at the moment when the CIPF is connected. A banal example: an aunt accountant works in the RB system with a company account, stuck in a cryptographic information protection system, has already authorized it after filling in the first payment, and filling out the second. Then an inscription like “Wait, the system is updating ...” appears, the screen goes dark and inaccessible. At this time, the attacker connects to the machine remotely, changes the payment details and sends the document for execution. CIPF produces an EDS, the payment goes to the bank, the money is gone, the aunt accountant is indignant.
There are even more sophisticated methods of remote access to cryptographic information protection (for example, USB over IP), but they are technically complex, although they are used for well-organized attacks.
Output: use one-time passwords to confirm transactions when working with critical systems (for example, when working with accounts where you have stored gold in the lot). One-time passwords are passwords that are valid for only one operation or for a short period of time (usually 5-10 minutes). Perhaps, if you use Internet banking as an individual, you will be given a printout with a bunch of so-called TSAs, which must be entered sequentially, each time a new one. So this is one-time passwords, only there are more civilized devices for generating them than a piece of paper with a printout (http://en.wikipedia.org/wiki/One-time_password).
And the last and most difficult type of attack is the substitution of a document at the stage of its transmission to the CIPF for signature. That is, you compose an electronic document, transfer it for signature to the CIPF, at this time specialized virus software replaces the document and transfers it to your signature. Further, the CIPF requests a password for access to the keys, you are fully confident in the correctness of your actions, enter the password and get an electronic digital signature. The next step is you press the hypothetical “send” button, indicate your document, but the ugly virus again replaces the document with your own with the received digital signature, misleads you in any way possible, up to replacing the image on the screen, and you send the document to the attacker with your own hands.
This is the most complex type of attack, which is prepared for a particular system, usually by highly skilled specialists along with insiders. It is a kind of combination of the will of your and the attacker, but in fact - a banal deception. There are currently no ways to counter such attacks other than using a trusted isolated operating system environment (a specialized operating system). But, I dare to assure you, the work is underway.
Information about the attacks described in the article and statistics are collected within the Russian Federation. These are the realities of our life when working with electronic documents and technical means of verifying authenticity and authorship. Be careful and apply adequate measures to protect your money and reputation when using modern technical means.
But, unfortunately, the respected author did not talk about several important aspects of information security that must be taken into account when using EDS, especially when signing legally significant electronic documents.
I will try to fill this gap so that the respected user knows what he will encounter when working with a beast called "EDS".
Legal aspects of using EDS
First of all, I propose to understand why EDS is needed from a legal, and not from a technical point of view. According to the current law No. 1-ФЗ “On electronic digital signature”:
An electronic digital signature in an electronic document is equivalent to a handwritten signature in a paper document, subject to the following conditions:
- the signature key certificate related to this electronic digital signature has not expired (is valid) at the time of verification or at the time of signing of the electronic document if there is evidence that determines the moment of signing;
- The authenticity of the electronic digital signature in the electronic document is confirmed;
- electronic digital signature is used in accordance with the information specified in the signature key certificate.
This fact opens up many opportunities for various document management systems, such as tax reporting, remote signing of contracts, approval of orders, remote banking services (RBS), etc. etc.
But, at the same time, this opens up enormous opportunities for attackers who, having forged a digital signature of a legal owner, can give out their will for a legal one belonging to the owner of an electronic digital signature.
What does this mean? Here you can fantasize: (1) they give an incorrect tax return for a large organization and it runs into a huge fine, (2) an absurd press release comes to the newspaper signed by the director of a large holding, (3) the money from the company’s account is transferred to the administrator Vasily Petrovich signed General Director, (4) Your money is transferred through the RB system to an account in Yekaterinburg. And from the point of view of legislation, everything is legitimate. Your signature (EDS) is on your “will” (electronic document).
And I dare to assure you that if examples 1, 2 and 3 are fictitious, then example 4 is an everyday practice that many leading companies in the information security market try to fight. And I brought Yekaterinburg for a reason - 70% of the funds flow away, for some reason to this city, and then dissolve almost without a trace.
So how does this happen?
And most importantly, how to deal with it?
I’ll give you some statistics that approximately reflect the direction of attacks, the result of which is an attacker getting a copy of your digital signature under his document.
| The threat | Risk | Relevance of risk | Decision |
| Asset: private key of the user's digital signature | |||
| Violation of confidentiality followed by unauthorized use of the user's private key EDS | Theft of a private key from insecure storage (e.g. from a Flash drive) | 70% | Non-Retrievable Private Key Cryptographic Devices |
| Theft of the private key from RAM | 5% | ||
To understand the first part of the table, we will be helped by the well-known (I hope for this) series of articles on EDS. As we know, there is a key pair for working with EDS - public and private keys. In order to put an EDS, you need a private key. The first part of the table reflects attacks on this user asset.
Unfortunately, the vast majority of users store a key container (this is such a thing, a set of files where a key pair is stored, a certificate and some service information) anywhere, but not in a secure place. For example, a flash drive, a folder “C: \ Keys for a bank account”, a diskette, etc. You need to understand that if you copy this information, the new owner will be able to give out his will for yours. You will say: “But I have the keys with a password!” And I will answer: “This is not a reliable defense. After you select your password, you will work all your life for a loan in your name. ”
Now ask yourself: “Do I have a lot of money for WebMoney? Where do I store the keys for my WMID? Do you feel sorry for this money in case of something? ”
Or like this: “Where are the digital signature keys for working with my company’s bank account? Where will I look for this money if someone sits for 5 minutes on my work laptop? ”
The solution is very simple - store keys to critical systems (to where your money is) on secure media (for example, smart cards, USB tokens). Fortunately, there are plenty of such people on the market. This will close 70% of attacks.
But there is another 5% on the tablet. These attacks are possible due to the fact that, usually, the development of EDS is carried out on a computer by software. And, as soon as the EDS keys are obtained by these means from the secure storage, the evil Trojan comes into effect and steals these keys. This type of attack is much more complicated than just copying keys from a flash drive, but it has its 5% overall.
The way out is specialized devices (the same smart cards and USB tokens) that implement the mechanisms for generating EDS independently (hardware cryptographic information protection devices). That is, they are given a document or its hash at the input, and at the output we have an electronic digital signature. In such devices, all operations with the private key (generation, use, destruction) are performed only inside the device. The private key physically cannot leave it, that is, attacks on it are impossible - only to steal the device, but it is very problematic to hide the fact of theft. According to modern trends and Western experience, such devices are the future. If you are interested in specific models - advertise in the comments.
We pass to attacks more difficult than key theft.
| The threat | Risk | Relevance of risk | Decision |
| Asset: cryptographic capabilities of hardware cryptographic information protection devices | |||
| Unauthorized Use of CIPF | Crypto-theft, insider | 10% | To work with user objects (including private keys), authentication is required on the device based on the user's PIN code. After 10 failed authentication attempts, the device is blocked. Further use is possible only after passing the unlocking procedure. |
| Remote control of the machine with connected cryptographic information protection device | 14% | Along with the use of the digital signature generated by the cryptographic information protection system, the system may require confirmation of transactions with a one-time password (OTP) | |
So, they stole the cryptographic information protection system, which itself produces an electronic digital signature (10% of attacks). Password access to the device! Well, as usual - do not write the password on pieces of paper, make it persistent and set a limit on the number of attempts to enter - modern hardware cryptographic information protection devices allow this. And as soon as they discovered the theft of cryptographic information protection - revoke the certificate!
Another 14% of attacks are remote computer control at the moment when the CIPF is connected. A banal example: an aunt accountant works in the RB system with a company account, stuck in a cryptographic information protection system, has already authorized it after filling in the first payment, and filling out the second. Then an inscription like “Wait, the system is updating ...” appears, the screen goes dark and inaccessible. At this time, the attacker connects to the machine remotely, changes the payment details and sends the document for execution. CIPF produces an EDS, the payment goes to the bank, the money is gone, the aunt accountant is indignant.
There are even more sophisticated methods of remote access to cryptographic information protection (for example, USB over IP), but they are technically complex, although they are used for well-organized attacks.
Output: use one-time passwords to confirm transactions when working with critical systems (for example, when working with accounts where you have stored gold in the lot). One-time passwords are passwords that are valid for only one operation or for a short period of time (usually 5-10 minutes). Perhaps, if you use Internet banking as an individual, you will be given a printout with a bunch of so-called TSAs, which must be entered sequentially, each time a new one. So this is one-time passwords, only there are more civilized devices for generating them than a piece of paper with a printout (http://en.wikipedia.org/wiki/One-time_password).
| The threat | Risk | Relevance of risk | Decision |
| Asset: the document for which the digital signature is generated, or its hash | |||
| Substitution of a document or hash value in the process of its transmission to the CIPF | Specialized virus software activity | 1% | ... |
And the last and most difficult type of attack is the substitution of a document at the stage of its transmission to the CIPF for signature. That is, you compose an electronic document, transfer it for signature to the CIPF, at this time specialized virus software replaces the document and transfers it to your signature. Further, the CIPF requests a password for access to the keys, you are fully confident in the correctness of your actions, enter the password and get an electronic digital signature. The next step is you press the hypothetical “send” button, indicate your document, but the ugly virus again replaces the document with your own with the received digital signature, misleads you in any way possible, up to replacing the image on the screen, and you send the document to the attacker with your own hands.
This is the most complex type of attack, which is prepared for a particular system, usually by highly skilled specialists along with insiders. It is a kind of combination of the will of your and the attacker, but in fact - a banal deception. There are currently no ways to counter such attacks other than using a trusted isolated operating system environment (a specialized operating system). But, I dare to assure you, the work is underway.
As a result
Information about the attacks described in the article and statistics are collected within the Russian Federation. These are the realities of our life when working with electronic documents and technical means of verifying authenticity and authorship. Be careful and apply adequate measures to protect your money and reputation when using modern technical means.