15:24, 21 October 2020 275 views
Government published recommendations for migration to domestic crypto communication
The government of the Russian Federation has published recommendations on the migration of public services to the domestic encryption methods and facilities. The interim recommendations are developed in accordance with the Federal law “On information, information technology and information protection”.
The text of the new draft law has been published for discussion on the specialized federal portal. The document is intended to help authorities build the client side of the so-called Secure Соmmunication Service (SZV), an integrated service that ensures secure communication. The SZV development includes the design of a subsystem with a client-server architecture implementing the TLS protocol. By design, this subsystem should provide a single point of access to the resources of government agencies and municipal services, one-way authentication, and decryption of the traffic with its further forwarding to other SZV subsystems for processing. When creating the client side of SZV, developers are advised to observe the following requirements:
minimize the number of components, implement them by means of software alone, diversify solutions;
provide for the possibility of functioning on stationary and mobile devices, as well as the use of various cryptographic information protection facilities (CIPF) on the user's side;
provide technical support for the programmes in use and ensure the compliance of their operation conditions with the standards defined for CIPF;
enable Russian-language exchange with users;
taking into account the SZV development prospects, provide for the possibility of supporting a protocol with two-way authentication and independence from the architectures of the information systems connected to the SZV. Authentication and establishment of a secure client-side connection must be performed in a secure mode and without user interaction. Besides, these procedures should not interfere with the operation of other programmes on the user's device. It is recommended to implement the settings and graphical interface functions taking into account the specifics of the OS on which the client side of the SZV runs. When choosing software, developers are also advised to give preference to domestic serial products with active technical support.
Apart from that, they should be guided by built-in or shared CIPF based on TLS 1.2 with crypto-algorithms complying with GOST R 34.12-2015 or MR 26.2.001-2013. At the same time, the CIPF must have a valid certificate from the Federal Security Service of Russia (FSB) proving their conformity with the requirements for CIPF class KC1 and higher.