350 rub
Journal Highly available systems №2 for 2022 г.
Article in number:
The architecture and creation principles of the key management systems in the large-scale information and telecommunication systems
Type of article: scientific article
DOI: https://doi.org/10.18127/j20729472-202202-01
UDC: 681.3
Authors:

V.I. Budzko1, V.I. Korolev2, D.A. Melnikov3

1-3 Federal Research Center «Computer Science and Control» of the RAS (Moscow, Russia)

1,3 National Research Nuclear University «MEPhI» (Moscow, Russia)

2,3 Financial University under the Government of the Russian Federation (Moscow, Russia)

Abstract:

The article is devoted to the study of the problem of building an public key infrastructure (PKI) for the digital economy of the Russian Federation and the development of a way to fend off threats resulting from the presence of a serious vulnerability in the verification centre (VC). An analysis of modern cryptographic key management architectures shows that they are based on the PKI. When creating the information and telecommunication infrastructure of the digital economy, it will be necessary to combine various large-scale information and telecommunication systems (ITS) of organizations and departments that include their own PKI. In the Russian Federation, the PKI of organizations and departments do not interact with each other in any way, and therefore are not able to create a unified security infrastructure. It is also impossible to use well-known PKI models, because all Russian VC are built on an extremely vulnerable model, i.e. they simultaneously implement the functions of a certification authority (CA) and a registration center (CR): «CC+CR». In this regard, the most important problem of the move to a digital economy is the development of a new PKI architecture of distributed ITS, which form the basis for the information and telecommunication infrastructure of the Russian digital economy.

The paper proposes a fundamentally new PKI architecture for the information and telecommunication infrastructure of the Russian digital economy. An analysis of the concepts of security and trust is presented, and a new function of the PKI is outlined – the neutralization of the falsified public key certificates use. A method has been developed to protect citizens from issuing falsified public key certificates in their name.

The results obtained are important in developing the architecture and principles of construction, as well as improving the national trust system based on the PKI in the interests of the digital economy of the Russian Federation.

Pages: 5-24
For citation

Budzko V.I., Korolev V.I., Melnikov D.A. The architecture and creation principles of the key management systems in the large-scale information and telecommunication systems. Highly Available Systems. 2022. V. 18. № 2. P. 5−24. DOI: https://doi.org/10.18127/j20729472-202202-01 (in Russian)

References
  1. National Institute of Standards and Technology. Introduction to Public Key Technology and the Federal PKI Infrastructure. NIST Special Publication 800-32. 26 February 2001. URI: https://csrc.nist.gov/publications/detail/sp/800-32/archive/2001-02-26.
  2. Fomichjov V.M., Mel'nikov D.A. Kriptograficheskie metody zashhity informacii: Uchebnoe posobie. M.: Jurajt. 2016 (in Russian).
  3. Koroljov V.I. Arhitekturnoe postroenie infrastruktury otkrytyh kljuchej integrirovannogo informacionnogo prostranstva. Bezopasnost' informacionnyh tehnologij. 2015. T. 22. № 3. S. 59-71. URI: https://bit.mephi.ru/index.php/bit/article/view/92 (in Russian).
  4. Lu M., et al. The development of public key infrastructures; Are we on the right path? In the Proceedings of the Norwegian Informatics Conference (NIK’99). Trondheim, Norway. 1999. URI: https://folk.universitetetioslo.no/josang/papers/JML1999-NIK.pdf.
  5. U.S. Federal Public Key Infrastructure Guide Introduction. URI: https://playbooks.idmanagement.gov/ fpki/.
  6. DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 December 1999 on a Community framework for electronic signatures. Official Journal of the European Communities 19.01.2000. P. 0012-0020. URI: https://eur-lex.europa.eu/eli/dir/ 1999/93/oj.
  7. GOST R ISO/MJeK 15408-1-2012. Nacional'nyj standart Rossijskoj Federacii. «Informacionnaja tehnologija. Metody i sredstva obespechenija bezopasnosti. Kriterii ocenki bezopasnosti informacionnyh tehnologij. Ch. 1. Vvedenie i obshhaja model'». URI: https://docs.cntd.ru/document/ 1200101777 (in Russian).
  8. Jøsang A. The right type of trust for distributed systems. In C. Meadows (editor). Proc. of the 1996 New Security Paradigms Workshop. ACM. New York. 1996. URI: https://folk.universitetetioslo.no/josang/papers/ Jos1996-NSPW.pdf.
  9. ISO 31000:2018 – Risk management – A Practical Guide (1 ed.). ISO, UNIDO. 2021. ISBN 978-92-67-11233-6. Retrieved 17 December 2021. URI: https://www.iso.org/publication/PUB100464.html.
  10. Mel'nikov D.A. O probleme doverija k udostoverjajushhim centram v Rossijskoj Federacii.. Sistemy vysokoj dostupnosti. 2022. T. 18.
    № 1. S. 5-15. DOI: https://doi.org/10.18127/j20729472-202201-01 (in Russian).
  11. ITU-T. Recommendation X.509, Information technology – Open Systems Interconnection – The Directory: Public-key and attribute certificate frameworks (ISO/IEC 9594-8, 2016). 2016.
  12. Perechen' akkreditovannyh udostoverjajushhih centrov na sajte Ministerstva cifrovogo razvitija, svjazi i massovyh kommunikacij RF. URI: https://digital.gov.ru/ru/activity/govservices/certification_authority/ (in Russian).
  13. Programma «Cifrovaja jekonomika Rossijskoj Federacii». Rasporjazhenie Pravitel'stva RF ot 28.07.2017, № 1632-р. URI: http://publication.pravo.gov.ru/Document/View/0001201708030016 (in Russian).
  14. Arakeljan E., Hozhatelova Ju. Novyj vid moshennichestva: Ostavili bez kvartiry, poddelav jelektronnuju podpis'. Komsomol'skaja pravda. 2019. URI: https://www.kp.ru/daily/26979/4038526/ (in Russian).
  15. Rossijanka uznala o prodazhe svoej kvartiry iz kvitancii za uslugi ZhKH. RIA Novosti. 29.01.21. URI: https://ria.ru/20210129/kvitantsiya-1595122839.html (in Russian).
  16. Jøsang A. Subjective Logic. A Formalism for Reasoning Under Uncertainty. Springer International Publishing. Switzerland. 2016. 337 p. DOI: 10.1007/978-3319-42337-1.
  17. Chislo uchjotnyh zapisej na portale gosuslug dostiglo 135 mln. TASS. 4 ijunja 2021. URI: https:// tass.ru/ekonomika/11564097 (in Russian).
  18. Ellison C., Schneier B. Ten Risks of PKI: What you’re not being told about public key infrastructure. Computer Security Journal. 2000. V. XVI. № 1. Р. 1–8. URI: https://geocities.ws/rahuljg/Downloads/pki-risks.pdf.
  19. Mel'nikov D.A. i dr. Model' doverija dlja cifrovoj jekonomiki Rossijskoj Federacii. Bezopasnost' informacionnyh tehnologij. 2020. T. 27. № 2. S. 47–64. URI: https://bit. mephi.ru/index.php/bit/article/view/1270 (in Russian).
  20. Postanovlenie Pravitel'stva RF ot 22.12.2012 № 1376 «Ob utverzhdenii Pravil organizacii dejatel'nosti mnogofunkcional'nyh centrov predostavlenija gosudarstvennyh i municipal'nyh uslug». URI: http://www.consultant.ru/docu-ment/cons_doc_LAW_139747/ (in Russian).
Date of receipt: 11.04.2022
Approved after review: 20.04.2022
Accepted for publication: 16.05.2022