📜 ⬆️ ⬇️

EDS - is it all so simple?

Relatively recently, one of the participants in the community has started a series of articles on the use of electronic digital signature (EDS). Remarkable cycle, revealing to the users who are not experienced in this matter, a veil of secrecy over this concept.
But, unfortunately, the distinguished author did not talk about several important aspects of information security, which must be taken into account when using EDS, especially when signing legally significant electronic documents.
I will try to fill this gap so that a respected user will know what he will face when working with a beast called “EDS”.

Legal aspects of using EDS

First of all, I propose to find out why we need an EDS from a legal and not from a technical point of view. According to the current law № 1- “On electronic digital signature”:

Electronic digital signature in an electronic document is equivalent to a handwritten signature in a document on paper with simultaneous observance of the following conditions:From this paragraph it follows that in the case of the validity of the certificate and a positive result of the verification, the EDS is considered equivalent to a handwritten signature. And this, in turn, means that the will of a citizen in electronic form is equivalent to a hand-written and signed document.
This fact opens up many opportunities for various workflow systems, such as tax reporting, remote signing of contracts, approval of orders, remote banking services (RB), etc. etc.
But, at the same time, this opens up tremendous opportunities for attackers who, by faking the EDS of the legal owner, can give out their will for the legal belonging to the owner of the EDS.
What does this mean? Here you can dream: (1) an incorrect tax return is submitted for a large organization and it runs into a huge fine, (2) an absurd press release comes to the newspaper with the signature of the director of a large holding, (3) money is transferred to the administrator Vasily Petrovich from the company’s account and signed CEO, (4) Your money through the RBS system is transferred to an account in Yekaterinburg. And in terms of legislation, everything is legitimate. Your signature (EDS) is on “your” will (electronic document).
And I dare to assure you that if examples 1, 2 and 3 are fictional, then example 4 is a daily practice that many companies leading the information security market are struggling with. And I brought Yekaterinburg for a reason - 70% of the funds flow away, for some reason, to this city, and then almost completely dissolve.

So how does this happen?

And most importantly, how to deal with it?
I will cite a few statistics that approximately reflect the direction of the attacks, which result in an attacker getting a copy of your EDS under his document.
Relevance of risk
Asset: user private EDS key
Violation of confidentiality followed by unauthorized use of the user's private key.
Theft of the private key from unprotected storage (eg from a flash disk)
Cryptographic devices with non-recoverable private key
Theft of the private key from RAM

The well-known (I hope so) series of articles on EDS will help us to understand the first part of the table. As we know, there is a key pair for working with EDS: public and private keys. In order to put an EDS, you need a private key. The first part of the table reflects attacks on this user asset.
Unfortunately, the vast majority of users store a key container (this is such a thing, a set of files where a key pair is stored, a certificate and some service information) anywhere, just not in a protected place. For example, a flash drive, a folder “C: \ Keys for a bank account”, a floppy disk, etc. You need to understand that if you copy this information, the new owner will be able to give his will to yours. You will say: “But I have the keys under the password!” And I will answer: “This is not a reliable protection. After your password is picked up, you will work for a loan in your name all your life. ”
Now ask yourself the question: “Do I have a lot of money for WebMoney? Where do I keep the keys to my WMID? Do I feel sorry for this money if anything happens? ”
Or so: “Where are the keys of EDS for working with the bank account of my company? Where will I look for this money if someone sits for 5 minutes behind my working laptop? ”
The solution is very simple - keep the keys to critical systems (to where your money is) on a protected medium (for example, smart cards, USB tokens). Fortunately, there are plenty of such on the market now. This will close 70% of the attacks.
But there is another 5% in the tablet. These attacks are possible due to the fact that usually the generation of EDS is carried out on a computer using software. And, as soon as the EDS keys are obtained from these secure storage facilities, an evil Trojan comes into play and steals these keys. This type of attack is much more complicated than just copying keys from a flash drive, but it has its own 5% overall.
Output - specialized devices (the same smart cards and USB-tokens), which implement the mechanisms to generate digital signature on their own (hardware SKZI). That is, they receive a document or its hash at the entrance, and at the output we have an EDS. In such devices, all operations with a private key (generation, use, destruction) are performed only inside the device. The private key cannot physically leave it, that is, attacks on it are impossible - just steal the device, but the fact of theft is very difficult to hide. According to modern trends and Western experience, such devices are the future. If you are interested in specific models - advertise in the comments.
Go to the attacks more difficult theft of keys.
Relevance of risk
Asset: cryptographic capabilities of hardware SKZI
Unauthorized use of SKZI
Theft of SKZI, insider
To work with user objects (including private keys) authentication is required on the device based on the user's PIN code. After 10 failed authentication attempts, the device is blocked. Further use is possible only after passing through the unlock procedure.
Remote control of the machine with connected SKZI
Along with the use of electronic signature generated by the CIPS, the system may require confirmation of transactions with a one-time password (OTP)

So, stole SKZI, which itself produces EDS (10% of attacks). Zaparolte access to the device! Well, as usual - do not write the password on pieces of paper, make it resistant and put a limit on the number of input attempts - modern hardware SKZI allow it. And as soon as they found out the theft of SKZI - withdraw the certificate!
Another 14% of attacks - remote control of the computer at the moment when SKZI is connected. A trivial example: an aunt accountant works in the RBS system with the company's account, stuck in the SKZI, has already logged in after filling out the first payment, fills the second one. There appears an inscription like “Wait, the system is updating ...”, the screen is getting dark and inaccessible. At this time, the attacker connects to the machine remotely, changes the details of the payment and sends the document for execution. SKZI generates an EDS, the payment goes to the bank, the money is gone, the aunt-accountant is indignant.
There are even more sophisticated methods for remote access to SKZI (for example, USB over IP), but they are technically difficult, although they are used for well-organized attacks.
Output: use one-time passwords to confirm transactions when working with critical systems (for example, when working with accounts where you store batch gold). One-time passwords are passwords that are valid for only one operation or for a short period of time (usually 5-10 minutes). Perhaps, if you use Internet banking as an individual, you are given a printout with a bunch of so-called TSAs that you need to enter sequentially, each time a new one. So this is one-time passwords, only there are more civilized devices for their generation than a piece of paper with a printout (http://en.wikipedia.org/wiki/One-time_password).
Relevance of risk
Asset: the document for which the EDS is generated, or its hash
Substitution of a document or hash value in the process of its transfer to the SKZI
Specialized Virus Software Activity

And the last and most difficult type of attack is the substitution of a document at the stage of its transfer to the SKZI for signature. That is, you are compiling an electronic document, transferring it for signature to the CIPF, at this time specialized virus software replaces the document and transfers it to your signature. Further, SKZI asks for a password for access to the keys, you are in full confidence in the correctness of your actions, enter the password and receive an EDS. The next step is to press the hypothetical “send” button, specify your document, but the ugly virus again replaces the document with your already received EDS, misleads you in any way possible, until you change the picture on the screen, and you send the document with your own hands.
This is the most difficult type of attack, which is prepared for a certain system, usually by highly qualified specialists together with insiders. It is a kind of combination of the wills of your and the malefactor, and in fact is a banal deception. Currently, there are no ways to counter such attacks, except for using a trusted isolated operating environment (specialized operating system). But, I dare to assure you, the work is being carried out in full.

As a result

Information about the attacks described in the article and statistics are collected within the framework of the Russian Federation. This is the reality of our life when working with electronic documents and technical means of authentication and authorship. Be careful and apply adequate measures to protect your money and reputation when using modern technical means.

Source: https://habr.com/ru/post/100059/

All Articles