The software secure data transmission channel BHTunnel

Assignment

The software of a secure channel for data transfer BHTunnel (hereinafter – BHTunnel) is a cryptographic information protection means, and is intended to secure the organization of interaction between computers of an information system.

BHTunnel has certificate of conformity ТR № BY/112 02.01.036 00272 in the National system of conformity assessment, and is relevant to the technical regulation TR 2013/027/BY and 11 State standards of the Republic of Belarus.

Scope

BHTunnel enables to create trusted secure channel between two or more computers of an information system via wired communication or 3G modem, for an exception the possibility of the threat of traffic listening, connection hijacking or modification of transmitted data, without the need to make changes to the operation of application software (applications) of the client workstation and/or the server of an information system. BHTunnel runs under the operating systems Windows, Linux.

Main features: – identification and authentication of the communicating parties (client workstation and server) of an information systems by verification their technological certificates of the public signature key (hereinafter – the certificate), which provides protection against attacks “man in the middle” and protection against unauthorized access to resources of an information system;

– protection of the transmitted data for any application protocol of an information system running on TCP-connections;

– the ability to configure the allowed paths of data transmission in the secure channel and the applied certificates;

– protection of paths (connections) of the data transmission channel by implementation of cryptographic operations of forming of a common secret master key of encryption (enciphering) , generating on the basis of the created master key of common secret session key, encryption, hashing, development and verification of the digital signature, imitating insert to provide properties confidentiality, integrity and authenticity of transmitted data;

– creation of the infrastructure of the technological public key of the digital signature of the secure channel, intended for identification and check of the authenticity of the communicating parties (client workstation and server) of an information system according to certificates and ensure in integrity and authenticity of the data during transmission, providing:

1) creation, configuration, destruction of the cryptographic keys, their storage in an crypto-container of the software carrier of key information;

2) formation of the request for the certificate issuing, support of certificate formats and certificate revoketion lists, checks of the certificate’s authenticity, presence of the certificate in the trusted list certificates and the absence in the certificate revoketion lists;

3) creation and verification of the digital signature of the data by transfer;

– access control to management functions and setting BHTunnel, to management of protection context (setup cipher suite, length of keys and other parameters of a communication session) of BHTunnel;

– protection against unauthorized modification of the critical parameters, configuration integrity control and self-testing of BHTunnel.

img