Minotaur is a flexible, scalable security system for personal computers.

logo11d 4 1

Flexible scalable Minotaur security system for personal computers.

Flexible scalable Minotaur security system for personal computers.

Signal- 1995 .-50, №2-P. 29-31

Flexible scalable Minotaur security system for personal computers

Developed by Lockheed Martin (USA) new security system for personal computers Minotaur(«Minotaur») performs a wide range of functions — from boot protection to highly reprogrammable cryptographic protection — using a single series of scalable components. These components can be included in many of the computers in use today, including miniature portable laptops, without modification to existing system protocols.

The Minotaur system can be embedded as an additional security tool in stand-alone and networked information systems. The functions performed by this system include: audit trail generation; discretionary access control; end-to-end encryption; cryptographic key generation and distribution.

The system can also provide secure communication between a large number of computers of different types and in different operating modes. The most advanced version of the Minotaur system is designed as a single microprocessor board that performs the same functions as a cryptographic device weighing 11 kg and occupying a volume of 0.2 cubic meters. The Minotaur system, transparent to normal system functions, can be used with any platform using Intel or compatible computers and running MS-DOS, MS-Windows, MS-Windows NT, SCO UNIX, Sun Solaris X86, and IBM OS/2 WARP operating systems.

The need to develop such a security system is caused by the increase in the number of personal computers connected to the Internet and their increasing vulnerability to intruders. It is aimed at groups of users dealing with financial and medical information and data that are personal secrets, and can be used by any organization that processes or uses important information that is not a state secret.

The Minotaur system is released in four versions, two of which are developed on the basis of license agreements. The first version Minotaur-I uses computer security technology obtained under a license from ALC — The Stealth Group (USA). The Minotaur version provides dynamic management of cryptographic keys and uses a license from TECSEC (USA). The third version Minotaur-III combines the Minotaur-I and Minotaur-II versions in a single package. The Minotaur-IV version contains upgraded boards and a cryptographic processor.

The Minotaur-I, -II, -III versions are not designed to protect classified information. Minotaur-I and -II can protect important, but unclassified information and information that does not represent a state secret. The Minotaur-IV versionwith a cryptographic microprocessor is also designed for government applications.

Minotaur-I Systemis designed to protect sensitive and private information stored by users on hard magnetic disks. The components of this version provide the ability to encrypt data written to hard disks using the DES algorithm. Therefore, this version is designed to ensure the security of individual personal computers with limited encryption capabilities. The company believes that this version will continue to be in demand due to its ability to protect records on hard disks during initial boot.

Security System Minotaur-Icontrols the initial boot by modifying the interrupt vector table. It has its own code for generating the display image on the display by hardware and firmware when registering for login, as well as the ability to block access to the floppy disk drive and keyboard. When logging into the system, the user must present a password and his personal identifier, displayed on the display screen.

The core technology of Minotaur-I is the concept of a reference monitor, approved by the National Computer Security Center (NCSC) of the USA. It is also possible to form homogeneous networks of Minotaur-I systems. In the Minotaur-I boardan end user identifier is embedded and transmitted securely each time a connection is established between two computers on the network. Authentication is performed in the access monitor to provide a high level of assurance that the computer requesting access has permission to access the computer being requested.

The system software allows for functional control of the computing environment with the generation and use of records in the audit trail. Utilities enable the chief security administrator to modify system parameters for specific conditions and initiate the assignment of identifiers and passwords to users. Additional authentication is required to use the utilities. Minotaur versioncompatible with systems using Intel computers from 286 to Pentium microchips. The operating systems used are MS-DOS 3.3 or its subsequent versions or MS-Windows for workgroups and 1-4 MB of random access memory.

The Minotaur-II system is a purely software product that implements various encryption algorithms in personal computers. These algorithms include the DES algorithm, used in four operating modes, and some of the users' own algorithms. At the same time, a key management infrastructure is in effect. Information can be exchanged in local and regional networks and even via the Internet.

The system operates at the application layer of the seven-layer OSI model and does not require reconfiguration of existing networks. It is transparent to protocols and communication standards and allows the use of up to ten different encryption algorithms at any time. Constructive key management is an important aspect of the Minotaur-II system.. The use of public key systems is impractical. For example, if a user wants to transmit a circular message to 100 recipients, he must encrypt it with the public key of each recipient, i.e. perform 100 separate encryptions. Constructive key management allows only one encryption to be performed to transmit a circular message to many recipients.

The Minotaur-III system combines the security features of versions I and II in a single computer and communications security product. The requirements are the same as for Minotaur-II.

The Minotaur-IV systemis designed to perform more complex functions, such as ensuring security during video conferences. This version performs all the functions of the first three versions, plus high-level hardware programmable encryption. The hardware requirements for the Minotaur-IV version are the same as for the Minotaur-II and -III versions. The Minotaur-I version's system access monitor is designed with ports. In general, the Minotaur-IV versionallows the user to have a personal computer with effective boot protection and a cryptographically strong encryption method. The version has a 16-bit industry standard ISA (Industry Standard Architecture), but the board is built into a personal computer workstation. The architecture of the security system meets the requirements of Class C2 and B1 of the National Center for Computer Security. The key element of the hardware of the Minotaur-IV versionis a CYPRIS reduced instruction set cryptographic microprocessor. This microprocessor was developed by Lockheed Martin for the U.S. National Security Agency (NSA) with permission to use it in the company's products. The CYPRIS microprocessor is designed to execute NSA Type 1 cryptographic algorithms.

Although the CYPRIS microprocessoroptimized for type 1 cryptographic algorithms, it can also perform commercial cryptographic algorithms exceptionally well. The processor operates at a clock rate of 40 MHz. During testing, it processed up to 15 video frames per second without data compression at a speed of 8 Mbit/s. Audio information was processed at a speed of about 500,000 bits/s.

A tactical unit or subunit commander using a personal computer with a Minotaur-IV board, can connect to the military messaging system and communicate with the US Department of Defense. The Minotaur-IV GUI allows you to select the communication mode. The same commander who wants to contact another tactical commander via the KG-84 line must use the GUI to select the appropriate mode, enter the KG-84 algorithm into the Minotaur-IV board, and establish the connection. To ensure the security of a video conference between commanding generals, it is necessary to select the KG-194 operating mode and enter this algorithm into the CYPRIS board.

This concept can be extended to commercial products as well. For example, a company's finance department may require that its communications mode be different from that of its technical department. A slight change in the internal security policy adopted can lead to disruption of the normal business operations of the company caused by the introduction of different security modes. Minotaur-IV Systemeasily solves this problem and allows the use of channels with different security levels. To do this, it is enough to enter the appropriate algorithms into the CYPRIS board.

The currently used version of the CYPRIS crypto boardis a semiconductor crystal (chip) with the dimensions of the microcircuit elements being 1 micron. The company's researchers have already reduced this size to 0.8 microns and expect to bring it to 0.6 microns. Reducing the size of the circuit elements will allow this chip to be used in various devices, for example, to be built into PCMCIA (new name for Type II PC) memory expansion cards for personal computers. It is only necessary to decide whether the life cycle of the chip will be long enough to justify the required investment.

The Lockheed Martin company has also added functions to accelerate the execution of operations by the CYPRIS processor. This provides for an increase in the clock frequency to 80 MHz. The company intends to transfer the execution of some cryptographic algorithms from the main personal computer to the cryptochip CYPRIS. The first of these cryptographic algorithms will be DES.

According to the company, customers are showing great interest in the bus interface for connecting peripheral devices, as well as in the ISA bus structure for the more powerful Pentium processes. Another possible improvement could be the use of sockets for Type II PC cards on the Minotaur-IV board. This innovation will allow connection to almost any communication network, such as Ethernet, and use modems of various types. The user can encrypt information for transmission over almost any medium. A representative of Lockheed Martin believes that the future of the Minotaur system depends on its ability to support traditional cryptographic devices and algorithms, as well as products developed under the MISSI (Multilevel Information System Security) program. The company has begun integrating the MISSI program into the Minotaur system. The first step was to include a library of programs supplied by the NSA in the Minotaur-II products. The use of NSA-approved Fortezza cards will provide the ability to select additional encryption menus. Future applications of Minotaur versions will also include protection of computers processing classified information, for example, in government agencies dealing with taxpayer information.

Мы используем cookie-файлы для наилучшего представления нашего сайта. Продолжая использовать этот сайт, вы соглашаетесь с использованием cookie-файлов.
Принять