image
image
 image
image


Cryptographic security system for IP-networks "MalvaSC"

Cryptographic security system for IP-networks "MalvaSC" is used for:

  • mutual network authentication and tunneling between two legitimate principals;
  • mutual network authentication between a client and a shared network resource (FTP, WEB, Database - server);
  • mutual network authentication between two servers;
  • secure generation and session key exchange based on Kerberos network authentication protocol (RFC 1510, RFC 4120) and national cryptographic standards (GOST 28147-89, GOST 34.311-95, DSTU 4145-2002) using trusted thirdparty technology.

MalvaSC can be used on an open LAN/WAN network.

Implemented protocol assumes that all communication transactions take place in non-secure environment where packets can be generated, monitored and modified at will.

The system guarantees stable and secure communication over the network where an attacker can easily pose as either client or a server, and can eavesdrop on or tamper with communications between legitimate users. MalvaSC can be used while deploying distributed corporate network infrastructure to provide secure and confidential connection between organisation units, branch offices and headquarters. It gives the possibility to control the use of network resources. MalvaSC allows centralization of management and security administration of the whole corporate network. IP-network cryptographic security system "MalvaSC" implements Kerberos, which is one of the most popular and bulletproof authentication protocol.

The list of well-known software products that benefit by using Kerberos includes:

  • Microsoft Windows 2000/XP/2003/Vista;
  • Kerberos libraries can be found in every Linux distribution package;
  • any Java-based software is able to use Kerberos via JAAS/JGSS to perform mutual authentication and create encrypted tunnels;
  • Kerberos is extensively used in Mac OS X, Eudora, Samba, AFS, Apache, Coda File System, Mulberry, NFS, OpenSSH, PAM, SOCKS, Netatalk;
  • operating systems of Cisco switches and routers (Cisco IOS with cryptography support);
  • every application that uses SASL calls Kerberos functionality indirectly: OpenLDAP, Dovecot IMAP4, POP3, Postfix.

MalvaSC extends standard MIT Kerberos implementation with national cryptographic algorithms:

  • encryption algorithm according to GOST 28147-89;
  • digest algorithm according to GOST 34.311-95;
  • encryption key generation according to DSTU 4145-2002 appendix А
  • MalvaSC still supports native Kerberos cryptography: DES, DES3, ARCFOUR, RC4, AES128, AES256, MD4, MD5, RAW, SHA1, HMAC and various combinations of these algorithms for checksums.

State expertise was successfully passed: expert conclusion No 18/2/1-7188 DSTSZI, 05.12.2006.

MalvaSC includes cryptographic library MCrypt (conformance certificate № UA1.112.0074139-06, 31.05.06). Key generation complies with officially approved methodic: "Key generation method" 24117037.97779.004.MGK Key distribution complies with the following white paper: "Key distribution methodic" 24117037.97779.017.MRGK.

Installation package consists of:

  • Master CARSK Server (Master MalvaSC KDC) - Linux
  • Slave CARSK Server (Slave MalvaSC KDC) - Linux
  • ASTRA KeyMaster key generation and key document creation workbench (Windows)
  • Client pack (Windows, Linux)
  • Administrator pack (Windows, Linux).


image

image
Top of Page
  
image
image
 image