RDP protection in accordance with GOST with the help of Rutoken EDS. Two Level TLS

RDP is an application layer protocol and therefore TLS, which works on the transport layer, is ideal for its protection.

In this topic, using open source applications OpenSSL and sTunnel, we will protect RDP connections using TLS protocol with Russian ciphers support (GOST2001-GOST89-GOST89), client authentication according to GOST certificates will be performed onboard the USB token Rutoken EDS with generation key matching under the scheme VKO GOST 34-10.2001. In this case, the authentication key is non-recoverable and cannot be stolen. Also, the Rutoken EDS will be used as a hardware RND.
')
For the case of authentication on the terminal server about Active Directory with RSA certificates, we wrap TLS over RSA in TLS according to GOST. Thus, we get a two-level TLS - RSA with client authentication will go inside the channel, protected by state standards.



OpenSSL has a TLS cipher implementation based on Russian algorithms in accordance with draft-chudov-cryptopro-cptls .

sTunnel is a compact TLS proxy: accepts unprotected TCP connections at the input, TLS-ziruet them and forwards to a remote server. As a "cryptographic kernel" stunnel uses OpenSSL.

sTunnel from the "box" does not know how to work with guests, so I patched and reassembled it. Patch size of approximately 2 lines.

Rutoken EDS connects to OpenSSL in the manner described on the vendor forum forum.rutoken.ru/topic/1639 . At the same time, the hardware implementation of Russian on-board cryptoalgorithms “on board” Rutoken EDS is used.

Protection according to GOST

The basic scheme is shown in the figure.



First you need to make a small CA that would issue GOST certificates to the sTunnel server and sTunnel clients. To do this, it makes sense to use OpenSSL. Generation of client keys on the token, formation of applications for certificates are described in the article habrahabr.ru/blogs/infosecurity/134725 . The key and certificate of the server makes sense to do in the form of regular files.

Details on this topic, I will not stop.

Server Tuning:

Install sTunnel as a service on a Windows server with a raised terminal server and configure it:

• Download and unpack the archive ubuntuone.com/4zOP5AR39vKxk0uF6rwxNM
• talking stunnel-install (with stunnel being registered as a service)
• set the system environment variable OPENSSL_ENGINES = [path to the folder into which the archive was unpacked]
• we enclose the sTunnel CA certificate, certificate and server key (in accordance with the config)
• we enclose a config (I saved it in the stunnel.conf file and put it next to c sTunnel.exe)
• reboot the computer

Server config:

verify = 2 cafile = crypto/ca.crt cert = crypto/server.crt key = crypto/server.key engine=gost socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 output = stunnel.log client = no [RDP-TLS-GOST] ciphers = GOST2001-GOST89-GOST89 accept = 1494 connect = localhost:3389 

Do not forget to close the 3389th port of the IP address sticking out on the server with a firewall!

Setting up the client (on Windows):

• Download and unpack the archive ubuntuone.com/5D4sNc9i29MDgdW9KvROZa
• We enclose the client certificate and CA certificate (client key on the token)
• set the user environment variable OPENSSL_ENGINES = [path to the folder into which the archive was unpacked]
• we enclose a config

Client config:

 verify=2 client=yes CAFile=ca.crt output=stunnel.log sslVersion=TLSv1 taskbar=yes DEBUG=7 engine=pkcs11_gost engineCtrl=MODULE_PATH:rtPKCS11ECP.dll engineCtrl=INIT engineCtrl=PIN:12345678 [RDP-TLS-GOST] engineNum=1 key=100 cert=client.crt accept = 127.0.0.1:8088 connect = xxxx:1494 ciphers = GOST2001-GOST89-GOST89 TIMEOUTclose = 1 

An important point . sTunnel does not require installation with administrator rights. Generally speaking, it can be used in conjunction with Rutoken EDS Flash .
Rutoken EDS Flash is a CCID device that does not require installation of drivers on modern operating systems. The necessary files are put on Flash-memory and written small.
script for Windows, which starts the sTunnel process with the desired environment (OPENSSL_ENGINES =) and runs the Windows RDP client on the desired host: port (mstsc /v:127.0.0.1:8088)

Two Level TLS

In the case of user authentication about Active Directory using RSA certificates, I suggest using plain TLS with storing the client RSA authentication key on Rutoken EDS, but going through sTunnel. In this case, TLS via RSA will be transmitted within the TLS channel from GOST.

Two schemes are possible. In the first, TLS with RSA is organized directly by the RDP client. At the same time, two keys are stored on the token - GOST (authentication "friend-foe" to log in on the sTunnel server)
and RSA (if the user was able to pass the first barrier, then this key is used to authenticate about AD, the user immediately enters his account on the RDP server).



To access the RSA key / certificate stored on the Rutoken EDS, and the RSA hardware implementation on board the Rutoken DS used on Windows Rutoken CSP (included in the Rutoken driver distribution), on Linux, the rdesktop application runs through PC / SC.

In the second scheme, TLS for RSA and GOST is provided by sTunnel itself. Immediately I warn you that I have not tried this second scheme.



To access the RSA key and the RSA hardware implementation “on board” Rutoken EDS, use the engine pkcs11 from the OpenSC project www.opensc-project.org/engine_pkcs11 .

Accordingly, in the sTunnel client configuration there will be two sections:

 [RDP-TLS-GOST] engineNum=1 key=100 cert=client_gost.crt accept = 127.0.0.1:8088 connect = xxxx:1494 ciphers = GOST2001-GOST89-GOST89 TIMEOUTclose = 1 [RDP-TLS-RSA] engineNum=2 key=101 cert=client_rsa.crt accept = 127.0.0.1:8087 connect = 127.0.0.1:8088 TIMEOUTclose = 1 

And it is necessary to go by the client of RDP on 127.0.0.1:8087.