main| new issue| archive| editorial board| for the authors| publishing house|
Πσρρκθι
Main page
New issue
Archive of articles
Editorial board
For the authors
Publishing house

 

 


ABSTRACTS OF ARTICLES OF THE JOURNAL "INFORMATION TECHNOLOGIES".
No. 6. Vol. 31. 2025

DOI: 10.17587/it.31.308-316

R. E. Asratian, Leading Researcher,
V. A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences, Moscow, 117997, Russian Federation

Secure Network Channel for Web Services Based on Cryptographic Message Syntax

Received on 02.08.2024
Accepted on 29.08.2024

A new approach to building secure network channels (tunnels) over the Internet for servicing web services in distributed systems based on the use of the Cryptographic Message Syntax (CMS) standard for secure data representation on the network is considered. Unlike VPN technology, the described approach is strictly focused on supporting only HTTP/SOAP interactions in distributed systems. It is shown that the described approach makes it possible to include additional functionality in a secure channel. This functionality relates to the demarcation of client access rights to web services and individual service functions, with the routing of information requests in the channel, as well as with the organization of parallel client access to several identical web services at once with the formation of a "total" processing result. The approach implies the use of special gateways that provide encapsulation of HTTP/SOAP-documents into the safe CMS-message structures on the sender side and deencaptulating on the receiver side to make up a "transparent" communication channel for system components. It is assumed that both client programs and web servers are located in the same secure private network (or even on the same network node) with the gateways serving them, and only the interaction between the gateways is carried out through the public network. The implementation of the approach in the Linux and Windows environment and the results of an experimental study are described. In particular, the study showed that when calling service functions with a runtime of 1.0 seconds or higher, the secure channel increases the total query execution time by only a few percent.
Keywords: distributed systems, information security, web service, CMS standard, VPN technology, public key certificate, digital signature, proxy-server, access demarcation, parallel processing

P. 308-316

Full text on eLIBRARY

References

  1. Available at: https://www.protokols.ru/WP/rfc5652 (date of application: 27.07.2024).
  2. Available at: https://www.protokols.ru/WP/rfc3852 (date of application: 27.07.2024).
  3. Kozlov A. D., Orlov V. L. Methods and tools for ensuring information security of distributed corporate systems, Moscow, IPU RAN, 2017, 156 p. (in Russian).
  4. Shaposhnikov I. V. Web-services Microsoft.NET, SPb, BHV-Peterburg, 2002, 336 p. (in Russian).
  5. Tarkhanov M. D. Using WEB services in a SCADA application, Novy'e informacionnye texnologii v neftegazovoj otrasli i obrazovanii: materialy X Mezhdunarodnoj nauchno-prakticheskoj konferencii-konkursa, Tyumen, 20—21 aprelya 2023 goda, Tyumen, Published of Tyumenskij industrialnyj universitet, 2023, pp. 188—192 (in Russian).
  6. Makeev A. K. Comparison of web services developed based on SOAP and REST using software quality assessment metrics, Texnicheskie nauki: problemy i resheniya: sbornik statej po materialam LXXII mezhdunarodnoj nauchno-prakticheskoj konferencii, Moskva, 19 maya 2023 goda, vol. 5 (67), Mocow, Obshhestvo s ogranichennoj otvetstvennostyu "Internauka", 2023, pp. 92—99 (in Russian).
  7. Dremliuga D. V. Virtual Private Network VPN Technology, Matricza nauchnogo poznaniya, 2024, no. 2-2, pp. 27—39 (in Russian).
  8. Akushuev R. T. The principle of VPN operation and its features, Modern Science, 2020, no. 7, pp. 312—314 (in Russian).
  9. Ketenchieva S. Zh., Kadykoev T. R. Virtual private networks, Cifrovye kompetencii v obrazovanii: sbornik materialov Vserossijskogo nauchnogo foruma s mezhdunarodnym uchastiem, Yakutsk, 13 fevralya 2024 goda, Kirov, Mezhregionalnyj centr innovacionnyx texnologij v obrazovanii, 2024, pp. 395—396 (in Russian).
  10. Koshenkov E. V. The relevance of using and the main problems of VPN technology, Nauchnyj aspect, 2024, vol. 10, no, 5, pp. 1323—1328 (in Russian).
  11. Available at: https://www.cryptomathic.com/news-events/ blog/introduction-to-digital-signatures-and-pkcs-7 (date of application: 22.07.2024).
  12. Available at: http://www.tcpipguide.com/free/index.htm (date of application: 15.01.2024).
  13. Baka P., Schatten J. SSL/TLS under lock and key: a guide to understanding SSL/TLS cryptography, Keyko books, 2020, 132 p.
  14. Salimova S. A. Cybersecurity in Russia: current threats and ways to ensure in modern conditions, Dostizhenija vuzovskoj nauki 2021: sbornik statej XVII Mezhdunarodnogo nauchno-issledovatelskogo konkursa, Penza, 20 janvarja 2021 goda, Penza, Nauka i Prosveshhenie, 2021, pp. 207—214 (in Russian).
  15. Zharanova A. O., Pticyna L. K. Analysis of the impact of distribution on the quality of functioning of complex information security systems, Aktual'nye problemy infotelekommunikacij v nauke i obrazovanii (APINO 2020): Sbornik nauchnyh statej IX Mezhdunarodnoj nauchno-tehnicheskoj i nauchno-metodicheskoj konferencii, SPb, SPBGUT, 2020, pp. 324—327 (in Russian).
  16. Zgoba A. I., Markelov D. V. Cyber security: threats, challenges, decisions, Voprosy kiberbezopasnosti, 2014, no. 5, pp. 30—38 (in Russian).
  17. Asratian R. E. Secure network channel for web services bases on SSL/TLS in a Linux environment, Programmnaya inzheneriya, 2022, no. 3, pp. 124—131 (in Russian).
  18. Snader J. Effective TCP/IP programming, New York, Addison-Wesley, 2000, 320 p.
  19. Hunt C. TCP/IP network administration, O'Reilly Media, 2002, 630 p.
  20. Kurako E. A., Asratian R. E., Orlov V. L. Import substitution of information systems based on C# and network architecture, Programmnaya inzheneriya, 2023, no. 10, pp. 471—481(in Russian).

To the contents