Biometrics with Rostelecom Key: how did the FSB for the first time launch Russian cryptography in application stores

    In the summer of this year, the Unified Biometric System for a legally significant and at the same time simple user verification of identity has earned in Russia. About how it is arranged, we wrote in a recent post.

    To make the system convenient to use, you need an application. The creation of this application - “Key Rostelecom” - has opened for us a whole bonus level with new tasks, new challenges. Which, as it is easy to guess, are aimed at improving user security.

    Briefly about the main product. A single biometric system allows using a combination of biometric data to carry out legally significant remote identification of a person without his personal presence. So you can get a bank loan even from some "depth of Siberian ores." In the presence of the Internet, of course.

    How the application works

    A regular user starts working with the system from a visit to the bank, where he submits biometric data for the Unified Biometric System and links them to the ESIA . After that, new opportunities open up for him. The scheme of the application "Key Rostelecom":

    1. User downloads application "Key Rostelecom"
    2. The user opens the application of the bank of interest and selects the service.
    3. The bank's application sends the user to the Rostelecom Key application installed, simultaneously transferring the session identifier via a secure communication channel to the bank.
    4. In the “Key Rostelecom” application, the user is authorized in ESIA (in other words, in the State services) and receives an authorization token - ESIA-ID;
    5. In the application “Key Rostelecom” with the received ESIA-ID, the user is accessing the Unified Biometric System. If ESIA-ID is registered there, the application collects biometrics - it records video with the sound of a voice and a face image. These data via a secure channel go to the Unified biometric system.
    6. The system compares the data with the existing sample, determines the probability of a match. In case of exceeding the level set by the order of the Ministry of Communications and Mass Media (99.99%), the probability is transferred to the bank.
    7. The bank receives a response and, if necessary, requests additional information about the user from the ESIA via the ESIA-ID. In this case, the data are already transferred directly between the ESIA and banking systems.

    How everything is protected

    The main question is, of course, data security. All communication channels between the three interacting systems — the ESIA, the Unified Biometric System and the Bank — are protected by TLS gateways using Russian cryptography.

    In the application, the user can compare the parameters of the certificate in the system with the parameters of the certificate posted on the website of the Unified Biometric System. So you can make sure that the connection really goes to the Unified biometric system. The FSB recommends a comparison in order to rule out man in the middle attacks when all user requests are intercepted via an attacker's TLS gateway.

    In addition, checks of the checksums of the application and the cryptographic protection module are implemented. This happens automatically when you start the application, as well as manually at any time in the Settings and Security menu. If the checksums do not match, the application shuts down and runs to offline mode until the problem is resolved.

    As a result, the security mechanisms of Rostelecom Key do not rely on the operating system - their own means of encryption and integrity control are tied to the application. It’s impossible to substitute someone else’s biometrics at the verification stage - the system will determine fraud. But due to security breaches on the OS side, in principle, it is possible to interpose between the user and the application and intercept the data transmitted for authorization. Unfortunately, this is possible, especially on rooted devices with trojans. We cannot take responsibility for the operating environment. The application simply determines the presence of the root and does not start, if it exists.

    Initially, in terms of UX, everything was organized very difficult. The user path in the "Key of Rostelecom" included 20 screens, 13 of which were related to security. But after evaluating all this from the point of view of UX, we reduced this part to 3-4 screens . This progress required more than one discussion at different levels.

    The rigor of the law

    Storage and transfer of biometric data in Russia is regulated by several acts:

    • Security of biometric personal data - Bank of Russia Ordinance №4859-У dated July 9, 2018
    • This instruction refers to the Order of the Federal Security Service of Russia No. 378 dated July 10, 2014, which establishes the need to use security class KS1, and therefore requires the use of Russian cryptography to protect the communication channel between the Unified Biometric System and the user device.
    • При использовании российской криптографии для сертификации решений положение ПКЗ 2005 ФСБ РФ требует проводить в ФСБ так называемые тематические исследования создаваемых решений.

    In order to pass certification, it is necessary to provide the FSB with full information about which protection mechanisms are used in the application, what is signed by what functions, as well as the source codes of not only the application itself, but also other interaction points. This procedure is in no way regulated by time and results in huge financial expenses. Any change in the banking application code requires repeating the procedure, which is impossible with releases once a quarter and even more so once a month. And in general, imagine how many banking applications in Russia. It looks like a dead end.

    But we found a way out of this impasse. When working with Rostelecom Key, banking applications do not interact with biometrics, but only receive the user session ID. Thus, bank applications are not subject to the instructions of the Bank of Russia.

    Another problem has become the mandatory accounting of applications using Russian cryptography. This issue was also resolved: if the authentication is successful, the device ID and the user ID of the ESIA are transmitted to the system, which allows the registration server to fully identify the user and the device.

    The first Russian cryptography on Google Play and the App Store

    On this adventure is not over. From the point of view of the FSB, Google Play and the AppStore are not trusted sources, and applications of the “Key Rostelecom” class cannot be distributed with their help. If you add the module SKZI (means of cryptographic information protection) "Key Rostelecom" in a regular Rostelecom application from a trusted source, application stores will be against. Because such schemes are standard for distributing Trojans or spyware. And if Google Play met us, then the AppStore refused flatly.

    Theoretically, there is another approach - to install the application from the server of Rostelecom itself. But then we come to a paradox: to install a secure solution, users need to reduce the security of the environment by allowing the installation of applications from any sources.

    We spent more than one week discussing with the regulators how to solve the problem. And in the end, we were able to reach an agreement, get permission to distribute through Google Play and the App Store applications with Russian cryptography embedded in the process.

    From factor analysis to behavior analysis

    Although this is not directly related to the application “Key Rostelecom”, we want to talk a little more about how the data are verified in the Unified biometric system.

    Each biometric factor separately - a voice, a face - can be faked. So we adhere to a more complex and reliable "behavioral" approach - we analyze the factors in the aggregate. Users first smile, then turn their heads and finally pronounce the control phrase. A relatively complex sequence of actions that may vary by system. The more suspicion she has, the more difficult the algorithm. An additional level of protection is the need to enter a username and password for public services.

    When analyzing biometric samples, different biometric processors are used at the same time with fundamentally different algorithms for generating and verifying verification templates. If at least one of them suspects a substitution, we consider it a hacking attempt and send the data for analysis. Therefore, knowing in detail the algorithms of one or even a pair of processors will not be enough. At the moment, unfortunately, this can lead to verification errors. For example, if a person's voice has changed, there is little light or much noise around him. Nevertheless, it is better to be safe anyway: when the slightest suspicion of fraud appears, we report this to the bank.

    In parallel, we apply quite standard approaches to security - for example, a limit on the number of login attempts. If the user has always entered the application from Moscow, and then suddenly he first received a request from Bangladesh, and then from Hong Kong. All this is a reason to find the profile compromised.

    In principle, the system allows you to identify and more complex schemes of fraud, with the participation of bank employees who collected biometric data. When such situations are detected, we block the offender for all banks and other organizations using the system. In difficult cases, you can block all biometrics collected by the bank.

    Who is following whom?

    According to the laws of the Russian Federation, biometric data (like any other user information) is transferred to the investigating authorities only upon official request and by court decision. Standard rules apply here.

    By default, only the Rostelecom operator has access to the Unified Biometric System. Banks and any other organizations the user cooperates with do not provide biometric data - organizations only get an assessment of the comparison results, the likelihood that the person entering their mobile applications is the same as the person registered in the Unified Biometric System.

    Not all banks are integrated with Rostelecom Key yet. A biometric authentication system cannot simply be introduced instead of personal attendance. To alter the processes on the back-up of banks, taking into account scoring checks, is not a trivial task. It is necessary to organize the process so that the client can choose the bank services of interest before the identity check.

    If you are interested in the functionality of the application, you can evaluate it using the demo mode. "Key Rostelecom" is now available on Google Play and will soon appear in the App Store.

    Also popular now: