Digital Guard Key_P1: creation history and first results
Recently, there are regularly reports of leaks.
This article wanted to share the experience of creating a device in the field of information security.
At the end of 2013, ideas about moving forward and producing not only domestic processors, but also serial devices, appeared in the Multiklet company. The ideas of creating an accelerator board with huge performance for ordinary PCs and devices for information protection were considered. Since the company is private and large funding for the accelerator at the time it was not possible to attract to start with the production of devices to protect information.
The idea of ​​creating a device to protect information was born after the test of the algorithm GOST89 on the processor Multiclet P1. It turned out that the encryption algorithm is fairly well parallelized and is suitable for a multicellular architecture, the user of the habr rnouse detected the acceleration of encryption on the multicellular architecture by comparing with processors in routocans by 4-5 times.
Figure 1. First hull image
')
The preliminary considerations underlying the terms of reference were as follows:
- the shortcomings of software, consisting in less security compared with hardware;
- In encryption flash drives the disadvantage is limited functionality.
Therefore, it was decided to make a device that would contain the flexibility and versatility of software and the response to new threats (for example, BadUSB) and the possibility of creating corporate hierarchical information security systems. As always, I wanted "all in one."
In early 2014, a large layout was made for the development of a device from debug boards.
At the same time, the technical task for the device was adjusted. The first case sketch is shown in fig. one.
An approximate work schedule was developed with the end of development in August. Tasks that could run simultaneously were parallelized depending on resources. Then we started developing a prototype board and software. At the same time, it took the team of information security specialists.
The next step was an attempt to launch a project on kickstarter, but the necessary funds were not collected. Perhaps the reason was the lack of media training before the project and the beginning of the period of sanctions. Many crowdfunding specialists also noted that the project is too complex for this site.
By April, we already had the device boards with a debugging part in our hands (see Figure 2). It was possible to make the correct PCB layout and determine the components at the second attempt.
Figure 2. Device debug board
At about the same time, the first prototype cases made on a 3D printer were obtained, see figure 3. The inscription was made in the form of a sticker that wrapped the entire case printed on the printer.
Figure 3. Hull Prototypes
And after that, the start was given to the development of press molds for the manufacture of plastic cases at one of the enterprises of Yekaterinburg. As it turned out, the process of making molds for the case and the cap is quite long and required corrections, despite the fact that the 3D printer had no problems with the manufacture of the case. As a result, the corps were received two months later. And so that the result was, like Apple, you need to use hot casting instead of cold casting.
To develop devices with encryption functions, an enterprise must be licensed by the FSC. Quickly enough in 2 months, including work on fulfillment of licensing requirements, this license was obtained.
In addition, in order for users to understand that they are installing the software that we issued, we received a certificate for signing applications. As it turned out cheaper to get this certificate here codesigning.ksoftware.net
Note that for the development of software that works with the Key_P1 device, the Qt system was chosen to organize support for the Windows and Linux operating systems, as well as the Mac, after a series of discussions.
Throughout the development phase, adjustments were made to the TOR, since only after the implementation of certain functions comes an understanding of how to do it comfortably and what functionality is required. As a result, the course was determined for two versions of the device: business and professional.
The professional version differs from the business version by its compliance with the KS3 security class with an FSB certificate (a number of additional conditions, including the tamper-proof case).
The business version is already being mass-produced; the professional version is under development. According to the main functionality, the devices of the two versions will be identical.
When we started developing the device, we didn’t even imagine that information leaks occur so often and could cause multimillion-dollar damage to Russian companies.
Recently, a number of analytical materials devoted to this issue have appeared.
The main problems encountered during the beta testing phase (although they did alpha testing on dozens of computers), which were fixed at the time of this writing:
- the error "perhaps the door is open", which arose when determining the device
- inability to decrypt files with corporate keys
- error of work on the scsi channel during the work of our driver
- it was decided to set the names of open and closed sections on drives, due to problems with their perception by users
- eliminated the problems of indication of blocking pin codes, after 10 attempts
It was also noticed that after several openings / closings of the transparent cover protecting the USB connector Key_P1, it began to close without a noticeable click, which indicates rapid wear of the fixing projections on the case. However, the cover is quite tightly fitted to the body, which ultimately does not allow it to arbitrarily fall away from the body, even with a significant erasure of the locking protrusions.
The reject rate on the first batch of devices was about 10%. This percentage is obtained on the basis of the allowable marriage of the import base of elements, the deformation of the legs of the elements, the defective of printed circuit boards. But in further batches after the elimination of the revealed remarks, the marriage rate should decrease.
The device for information security, which the company issued Multiklet acquired the name Key_P1 Multilet (valid name Key_P1). The basic principles that were laid in the device:
- friendly window interface
- data security
- focus on individual and corporate users
- mobility
In general, this device is designed to protect information on PCs and storage devices, developed on the basis of a multicellular processor and made in the form of a portable gadget with three connectors: USB - socket and plug, as well as a connector for SD cards. The device that turned out is shown in Fig. four.
Figure 4. The result of the work
Brief comparison of software and hardware solutions
The difference between hardware information security devices and software, such as (Verba OW 6.1, Lissy CSP 2.0, Bicript 4.0, Crypto Pro 3.6), is the storage of keys on the device itself, without the need to install software. The difference between the Key_P1 device itself and such hardware devices as Samurai, Shipka, DataShur is that the device in question does not have built-in memory for storing information (only memory for encryption keys, firmware, etc.), and is designed to work with unlimited number of drives. And also has encryption on the drives by sector 1024 keys. Thus, Key_P1 has a wide software functionality and enhanced hardware protection.
To use the Key_P1 Multiclet device, you need to download the Key_P1 Manager application. The Key_P1 Manager program supports all device functionality, provides device initialization, initialization of drives, generates corporate keys, etc.
Distinctive features of the program:
1) The program does not require installation on the operating system
2) To support cross-platform work, it is recommended to save the version for Windows and Linux OS to the open partition of the drive.
3) The program, like Key_P1 Multiclet, is not tied to a specific PC or drive, which allows the device to work on different PCs and provide support for an unlimited number of drives
4) The program has a simple and convenient interface, and also provides for differentiation of access rights to the functionality of the device (by PIN code for the user and administrator, which can be from 4 to 16 characters)
To start working with the device in full, you must perform the following steps:
1) Install the internal firmware of the device
2) Initialize the device (setting 1024 keys, administrator's PIN
User PIN, alarm PIN code, device name)
3) Initialize the drives (split into two sections (open and closed), set partition labels)
Figure 5. The main window of the program Key_P1 Manager
1) Protect your PC from spyware
Key_P1 allows only ordinary storage devices to operate, the operation of “spy devices” (represented simultaneously by the keyboard and the storage device and others) will be blocked. Key_P1 is protected from the “BadUSB” problem. Control of connected devices is carried out at the hardware level. The PC simply does not see the malicious device connected to Key_P1.
2) Encryption of information
Encryption of information is possible on drives and PCs. Encryption is carried out according to the algorithm of GOST 28147-89 with a key width of 256 bits.
Encryption of files on the Key_P1 device is performed in the following ways:
1) automatically when copying files to the closed partition of the initialized drive: in this case, the files on the drive will be encrypted to:
- storage by sector groups using several keys from 1024 created;
- at device initialization.
To connect a private section, the user ID is used.
2) by selecting the encryption method in the “File Encryption” section : in this case, file encryption can be performed in one of 3 ways:
- a random key (several keys from 1024 defined during initialization, parts of one file can be encrypted with 1024 keys);
- synchronized key (using the selected synchronized key);
- corporate key (one of several keys for encrypting files of the selected corporate group):
Figure 6. File Encryption
The window for decryption looks similar to the window shown in Figure 6.
3) Safe for passwords
The device allows you to save user passwords and logins to the internal protected memory of the Key_P1 device. In the future, the user can, by clicking with the mouse, copy the login to the clipboard of the operating system and paste into the desired field to enter the login. A similar operation can be done for the password. This way we ensure convenient use and storage of our passwords, as well as protect ourselves from keyloggers on a PC.
Figure 7. Personal data storage
4) Log action and time
5) Read-only mode
6) Three types of encryption keys
A) random
B) Synchronous
B) Corporate
To encrypt these types of keys, the same window is used - “File Encryption”, see fig. 6
7) Fast crypto-transform
Key_P1 device allows you to quickly encrypt or decrypt information. Thus, users can easily and quickly exchange encrypted text messages that are sent via email, various messaging systems (such as skype), social networks, etc.
Figure 11. Initial Message
Figure 12. The result of encryption
Purpose: the device is designed to encrypt small amounts of confidential information.
Work speed: with an open drive section - up to 3.2 Mbit / s, with a closed drive section up to 1.2 Mbit / s.
Supported USB port types: 1.1, 2.0, 3.0
Supported OS: WindowsXP, Windows 7, Windows 8, Linux 2.6.x, Linux 3.x
Supported drive types: USB, SD, microSD, miniSD, MMC
Production of Key_P1 devices (business version) in the city of Yekaterinburg has been launched.
The device is patented, made on the basis of the multicellular processor Multiclet P1.
There are foreign components in the device, but the development, main processor, manufacturing, including cases, soldering, testing, is Russian in the amount of 80% of the cost, which allowed the “Made in Russia” inscription to be made. At the moment, work is underway to bring the professional version of the device into a series and to obtain permits for export, as The device is interested in foreign companies.
The Key_P1 device has the ability to update the firmware (with checking the EDS before starting).
Therefore, a decent list has been compiled for updating the firmware and software, the main points of which are:
1) Mac OS support
2) The “Settings” menu, the parameters of which are saved on Key_P1
3) Ability to set private keys for encryption
4) Support for EDS functionality
5) Setting the criteria for setting a PIN user code
6) Generate password for authentication data storage
7) Setting up a list of trusted devices and enabling them, as well as their monitoring
8) Server-client system for remote control of devices
9) Secure Browser
In the future, it is possible to introduce Key_P1 into the Mozilla Thunderbird email client, although there are a number of issues that need to be resolved. And it is also potentially feasible to create your own messenger or work together with existing ones, such as qip, icq.
Of interest is also the release of a device for integration into system units, with connection directly to the motherboard and protection of all peripheral USB ports. Such a device can be based on the domestic processor Multiclet R1, which will increase the performance tenfold. In this case, Key_P1 will be able to protect against the problems described in the article on 4G USB security modem habrahabr.ru/company/pt/blog/243697/#first_unread . Although the modern version of Key_P1 after the release of a special update will be able to protect your PC from malicious devices.
In addition, an important feature of the device is its simple integration into security software systems, since The device does not require installation of software and drivers for the OS.
The device for identification in the OS uses standard system drivers.
We carefully consider useful tips and user comments, as well as analyze customer reviews. It is on the basis of this information that the choice of the next device updates and directions for its development will be made. We are aimed at making a high-quality and demanded device for information protection with a wide range of applications.
In 1988, the American Computer Hardware Association declared November 30 (the day of the first recorded epidemic of the Morris worm) to be International Computer Protection Day. The purpose of the Day is to remind users of the need to protect their computers and all information stored in them.
Congratulations to all the specialists who guard information security!
UPD1: also in the development process of the device, we received a VID for our USB device, which cost us $ 5.000 at usb.org and this is the price without using the usb logo on the case.
PS By the current moment for the business version of the received requirements:
- weakening algorithms: 0
- adding special keys: 0
- create firmware for hacking: 0
This article wanted to share the experience of creating a device in the field of information security.
1. History of creation
At the end of 2013, ideas about moving forward and producing not only domestic processors, but also serial devices, appeared in the Multiklet company. The ideas of creating an accelerator board with huge performance for ordinary PCs and devices for information protection were considered. Since the company is private and large funding for the accelerator at the time it was not possible to attract to start with the production of devices to protect information.
The idea of ​​creating a device to protect information was born after the test of the algorithm GOST89 on the processor Multiclet P1. It turned out that the encryption algorithm is fairly well parallelized and is suitable for a multicellular architecture, the user of the habr rnouse detected the acceleration of encryption on the multicellular architecture by comparing with processors in routocans by 4-5 times.
Figure 1. First hull image
')
Formulation of the problem
The preliminary considerations underlying the terms of reference were as follows:
- the shortcomings of software, consisting in less security compared with hardware;
- In encryption flash drives the disadvantage is limited functionality.
Therefore, it was decided to make a device that would contain the flexibility and versatility of software and the response to new threats (for example, BadUSB) and the possibility of creating corporate hierarchical information security systems. As always, I wanted "all in one."
In early 2014, a large layout was made for the development of a device from debug boards.
At the same time, the technical task for the device was adjusted. The first case sketch is shown in fig. one.
An approximate work schedule was developed with the end of development in August. Tasks that could run simultaneously were parallelized depending on resources. Then we started developing a prototype board and software. At the same time, it took the team of information security specialists.
The next step was an attempt to launch a project on kickstarter, but the necessary funds were not collected. Perhaps the reason was the lack of media training before the project and the beginning of the period of sanctions. Many crowdfunding specialists also noted that the project is too complex for this site.
By April, we already had the device boards with a debugging part in our hands (see Figure 2). It was possible to make the correct PCB layout and determine the components at the second attempt.
Figure 2. Device debug board
At about the same time, the first prototype cases made on a 3D printer were obtained, see figure 3. The inscription was made in the form of a sticker that wrapped the entire case printed on the printer.
Figure 3. Hull Prototypes
Some points of development
And after that, the start was given to the development of press molds for the manufacture of plastic cases at one of the enterprises of Yekaterinburg. As it turned out, the process of making molds for the case and the cap is quite long and required corrections, despite the fact that the 3D printer had no problems with the manufacture of the case. As a result, the corps were received two months later. And so that the result was, like Apple, you need to use hot casting instead of cold casting.
To develop devices with encryption functions, an enterprise must be licensed by the FSC. Quickly enough in 2 months, including work on fulfillment of licensing requirements, this license was obtained.
In addition, in order for users to understand that they are installing the software that we issued, we received a certificate for signing applications. As it turned out cheaper to get this certificate here codesigning.ksoftware.net
Note that for the development of software that works with the Key_P1 device, the Qt system was chosen to organize support for the Windows and Linux operating systems, as well as the Mac, after a series of discussions.
Throughout the development phase, adjustments were made to the TOR, since only after the implementation of certain functions comes an understanding of how to do it comfortably and what functionality is required. As a result, the course was determined for two versions of the device: business and professional.
The professional version differs from the business version by its compliance with the KS3 security class with an FSB certificate (a number of additional conditions, including the tamper-proof case).
The business version is already being mass-produced; the professional version is under development. According to the main functionality, the devices of the two versions will be identical.
When we started developing the device, we didn’t even imagine that information leaks occur so often and could cause multimillion-dollar damage to Russian companies.
Recently, a number of analytical materials devoted to this issue have appeared.
Analytics and information leaks for November
More than 90% of companies are faced with large data breaches, leading to serious financial problems up to bankruptcy - such conclusions Zecurion Analytics made on the basis of a survey conducted among companies that use information protection systems against leaks.
Zecurion analysts conducted more than 100 interviews with top managers of companies and cybersecurity experts and studied the real cases of detection of intentional and accidental leaks of corporate information. It turned out that only 8% of organizations do not suffer from data leaks, and 30% of large and medium-sized businesses record an average of two attempts a month to steal valuable information, the loss of which affects the company's financial stability. This confirms the maximum amount of damage of $ 30 million, which the Russian company suffered from the leakage of confidential data.
Some of the most famous data breaches over the past couple of months:
1) As a result of a hacker attack, data from employees, management and customers of the US Postal Service (USPS) were compromised. In the hands of the intruders, there may have been 800,000 records, including the names, addresses and social security numbers of Americans, reports The Wall Street Journal.
2) Names, addresses, phone numbers, email addresses of about 83 million household owners and businesses were stolen through the JPMorgan Chase system, Vedomosti reports, citing Reuters. The bank does not have information on whether hackers got access to account numbers, passwords, dates of birth and SSN.
3) Home Depot, the largest construction materials and repair equipment company in the world, said that 53 million email addresses of customers of the chain store were compromised. According to preliminary estimates, Home Depot’s losses due to hacking amounted to $ 56 million, reports portal securitylab.ru citing a company report.
Zecurion analysts conducted more than 100 interviews with top managers of companies and cybersecurity experts and studied the real cases of detection of intentional and accidental leaks of corporate information. It turned out that only 8% of organizations do not suffer from data leaks, and 30% of large and medium-sized businesses record an average of two attempts a month to steal valuable information, the loss of which affects the company's financial stability. This confirms the maximum amount of damage of $ 30 million, which the Russian company suffered from the leakage of confidential data.
Some of the most famous data breaches over the past couple of months:
1) As a result of a hacker attack, data from employees, management and customers of the US Postal Service (USPS) were compromised. In the hands of the intruders, there may have been 800,000 records, including the names, addresses and social security numbers of Americans, reports The Wall Street Journal.
2) Names, addresses, phone numbers, email addresses of about 83 million household owners and businesses were stolen through the JPMorgan Chase system, Vedomosti reports, citing Reuters. The bank does not have information on whether hackers got access to account numbers, passwords, dates of birth and SSN.
3) Home Depot, the largest construction materials and repair equipment company in the world, said that 53 million email addresses of customers of the chain store were compromised. According to preliminary estimates, Home Depot’s losses due to hacking amounted to $ 56 million, reports portal securitylab.ru citing a company report.
Bug work
The main problems encountered during the beta testing phase (although they did alpha testing on dozens of computers), which were fixed at the time of this writing:
- the error "perhaps the door is open", which arose when determining the device
- inability to decrypt files with corporate keys
- error of work on the scsi channel during the work of our driver
- it was decided to set the names of open and closed sections on drives, due to problems with their perception by users
- eliminated the problems of indication of blocking pin codes, after 10 attempts
It was also noticed that after several openings / closings of the transparent cover protecting the USB connector Key_P1, it began to close without a noticeable click, which indicates rapid wear of the fixing projections on the case. However, the cover is quite tightly fitted to the body, which ultimately does not allow it to arbitrarily fall away from the body, even with a significant erasure of the locking protrusions.
The reject rate on the first batch of devices was about 10%. This percentage is obtained on the basis of the allowable marriage of the import base of elements, the deformation of the legs of the elements, the defective of printed circuit boards. But in further batches after the elimination of the revealed remarks, the marriage rate should decrease.
The device for information security, which the company issued Multiklet acquired the name Key_P1 Multilet (valid name Key_P1). The basic principles that were laid in the device:
- friendly window interface
- data security
- focus on individual and corporate users
- mobility
In general, this device is designed to protect information on PCs and storage devices, developed on the basis of a multicellular processor and made in the form of a portable gadget with three connectors: USB - socket and plug, as well as a connector for SD cards. The device that turned out is shown in Fig. four.
Figure 4. The result of the work
Brief comparison of software and hardware solutions
The difference between hardware information security devices and software, such as (Verba OW 6.1, Lissy CSP 2.0, Bicript 4.0, Crypto Pro 3.6), is the storage of keys on the device itself, without the need to install software. The difference between the Key_P1 device itself and such hardware devices as Samurai, Shipka, DataShur is that the device in question does not have built-in memory for storing information (only memory for encryption keys, firmware, etc.), and is designed to work with unlimited number of drives. And also has encryption on the drives by sector 1024 keys. Thus, Key_P1 has a wide software functionality and enhanced hardware protection.
2. How key_P1 works
To use the Key_P1 Multiclet device, you need to download the Key_P1 Manager application. The Key_P1 Manager program supports all device functionality, provides device initialization, initialization of drives, generates corporate keys, etc.
Distinctive features of the program:
1) The program does not require installation on the operating system
2) To support cross-platform work, it is recommended to save the version for Windows and Linux OS to the open partition of the drive.
3) The program, like Key_P1 Multiclet, is not tied to a specific PC or drive, which allows the device to work on different PCs and provide support for an unlimited number of drives
4) The program has a simple and convenient interface, and also provides for differentiation of access rights to the functionality of the device (by PIN code for the user and administrator, which can be from 4 to 16 characters)
To start working with the device in full, you must perform the following steps:
1) Install the internal firmware of the device
2) Initialize the device (setting 1024 keys, administrator's PIN
User PIN, alarm PIN code, device name)
3) Initialize the drives (split into two sections (open and closed), set partition labels)
Figure 5. The main window of the program Key_P1 Manager
3. Functional device
1) Protect your PC from spyware
Key_P1 allows only ordinary storage devices to operate, the operation of “spy devices” (represented simultaneously by the keyboard and the storage device and others) will be blocked. Key_P1 is protected from the “BadUSB” problem. Control of connected devices is carried out at the hardware level. The PC simply does not see the malicious device connected to Key_P1.
2) Encryption of information
Encryption of information is possible on drives and PCs. Encryption is carried out according to the algorithm of GOST 28147-89 with a key width of 256 bits.
Encryption of files on the Key_P1 device is performed in the following ways:
1) automatically when copying files to the closed partition of the initialized drive: in this case, the files on the drive will be encrypted to:
- storage by sector groups using several keys from 1024 created;
- at device initialization.
To connect a private section, the user ID is used.
2) by selecting the encryption method in the “File Encryption” section : in this case, file encryption can be performed in one of 3 ways:
- a random key (several keys from 1024 defined during initialization, parts of one file can be encrypted with 1024 keys);
- synchronized key (using the selected synchronized key);
- corporate key (one of several keys for encrypting files of the selected corporate group):
Figure 6. File Encryption
The window for decryption looks similar to the window shown in Figure 6.
3) Safe for passwords
The device allows you to save user passwords and logins to the internal protected memory of the Key_P1 device. In the future, the user can, by clicking with the mouse, copy the login to the clipboard of the operating system and paste into the desired field to enter the login. A similar operation can be done for the password. This way we ensure convenient use and storage of our passwords, as well as protect ourselves from keyloggers on a PC.
Figure 7. Personal data storage
4) Log action and time
Detailed description
The event log displays the connection and disconnection time of the Key_P1 device and is not available for correction. Thus, ad hoc shutdowns of the device will provide information to the security service about a possible unauthorized insider leak.
In the future we plan to display also the main user actions.
In the future we plan to display also the main user actions.
5) Read-only mode
Detailed description
The ability to record information from computers to removable drives connected to Key_P1 can be blocked by the administrator's PIN code. To do this, set the “read only” mode in order for Key_P1 to block any unauthorized recording of confidential data, viruses or other programs on the drive at the hardware level.
6) Three types of encryption keys
A) random
Detailed description
Creation: Formed during device initialization.
Quantity: 1024 pieces (fixed)
Application: for encrypting information on a closed section of drives and for encrypting ordinary information.
Figure 8. Forming random keys
Quantity: 1024 pieces (fixed)
Application: for encrypting information on a closed section of drives and for encrypting ordinary information.
Figure 8. Forming random keys
B) Synchronous
Detailed description
Creation: Before starting to create synchronous keys, subscribers who plan to send encrypted information need to be exchanged among themselves.
the following data: algorithm number (first, second or third) and initial value
(code word or phrase) so that identical keys have been formed
all subscribers.
Quantity: 104 pieces
Application: to encrypt information between users when it is necessary to quickly exchange confidential information (for example, on a business trip).
Figure 9. The formation of synchronous keys
the following data: algorithm number (first, second or third) and initial value
(code word or phrase) so that identical keys have been formed
all subscribers.
Quantity: 104 pieces
Application: to encrypt information between users when it is necessary to quickly exchange confidential information (for example, on a business trip).
Figure 9. The formation of synchronous keys
B) Corporate
Detailed description
Creation: Key_P1 provides for differentiation of access rights to encrypted files. The enterprise security service will be able to create different demarcations of rights across departments. In this case, the manager will have access to all files. Employees of the company can encode files for their colleagues using the Key_P1 Manager program with an appropriate level of access.
Quantity: 512 pieces
Application: to encrypt information between users within the company.
Figure 10. Formation of corporate keys
Quantity: 512 pieces
Application: to encrypt information between users within the company.
Figure 10. Formation of corporate keys
To encrypt these types of keys, the same window is used - “File Encryption”, see fig. 6
7) Fast crypto-transform
Key_P1 device allows you to quickly encrypt or decrypt information. Thus, users can easily and quickly exchange encrypted text messages that are sent via email, various messaging systems (such as skype), social networks, etc.
Figure 11. Initial Message
Figure 12. The result of encryption
4. Specifications
Purpose: the device is designed to encrypt small amounts of confidential information.
Work speed: with an open drive section - up to 3.2 Mbit / s, with a closed drive section up to 1.2 Mbit / s.
Supported USB port types: 1.1, 2.0, 3.0
Supported OS: WindowsXP, Windows 7, Windows 8, Linux 2.6.x, Linux 3.x
Supported drive types: USB, SD, microSD, miniSD, MMC
5. Current status
Production of Key_P1 devices (business version) in the city of Yekaterinburg has been launched.
The device is patented, made on the basis of the multicellular processor Multiclet P1.
There are foreign components in the device, but the development, main processor, manufacturing, including cases, soldering, testing, is Russian in the amount of 80% of the cost, which allowed the “Made in Russia” inscription to be made. At the moment, work is underway to bring the professional version of the device into a series and to obtain permits for export, as The device is interested in foreign companies.
6. Further development
The Key_P1 device has the ability to update the firmware (with checking the EDS before starting).
Therefore, a decent list has been compiled for updating the firmware and software, the main points of which are:
1) Mac OS support
2) The “Settings” menu, the parameters of which are saved on Key_P1
3) Ability to set private keys for encryption
4) Support for EDS functionality
5) Setting the criteria for setting a PIN user code
6) Generate password for authentication data storage
7) Setting up a list of trusted devices and enabling them, as well as their monitoring
8) Server-client system for remote control of devices
9) Secure Browser
In the future, it is possible to introduce Key_P1 into the Mozilla Thunderbird email client, although there are a number of issues that need to be resolved. And it is also potentially feasible to create your own messenger or work together with existing ones, such as qip, icq.
Of interest is also the release of a device for integration into system units, with connection directly to the motherboard and protection of all peripheral USB ports. Such a device can be based on the domestic processor Multiclet R1, which will increase the performance tenfold. In this case, Key_P1 will be able to protect against the problems described in the article on 4G USB security modem habrahabr.ru/company/pt/blog/243697/#first_unread . Although the modern version of Key_P1 after the release of a special update will be able to protect your PC from malicious devices.
In addition, an important feature of the device is its simple integration into security software systems, since The device does not require installation of software and drivers for the OS.
The device for identification in the OS uses standard system drivers.
One of the reasons why we are here
We carefully consider useful tips and user comments, as well as analyze customer reviews. It is on the basis of this information that the choice of the next device updates and directions for its development will be made. We are aimed at making a high-quality and demanded device for information protection with a wide range of applications.
In 1988, the American Computer Hardware Association declared November 30 (the day of the first recorded epidemic of the Morris worm) to be International Computer Protection Day. The purpose of the Day is to remind users of the need to protect their computers and all information stored in them.
Congratulations to all the specialists who guard information security!
UPD1: also in the development process of the device, we received a VID for our USB device, which cost us $ 5.000 at usb.org and this is the price without using the usb logo on the case.
PS By the current moment for the business version of the received requirements:
- weakening algorithms: 0
- adding special keys: 0
- create firmware for hacking: 0
Source: https://habr.com/ru/post/244743/
All Articles