On the data protection in distributed systems founded on Cryptographic Message Syntax

Cover Page

Cite item

Full Text

Open Access Open Access
Restricted Access Access granted
Restricted Access Subscription or Fee Access

Abstract

A new approach to building secure network channels (tunnels) over the Internet for servicing web services in distributed systems based on the use of the Cryptographic Message Syntax (CMS) standard for secure data representation on the network is considered. Unlike VPN technology, the described approach is strictly focused on supporting only HTTP/SOAP interactions in distributed systems — the basis of network.NET architecture. This approach is based on creating a secure "tunnel" through the Internet that uses the structure of a secure CMS message as a secure "container" for transporting HTTP/SOAP documents over the network: information requests to web services and "responses" to them. The approach implies the use of special gateways that provide encapsulation of HTTP/SOAP-documents into the safe CMS-message structures on the sender side and deencaptulating on the receiver side to make up a "transparent" communication channel for system components. It is assumed that both client programs and web servers are located in the same secure private network (or even on the same network node) with the gateways serving them, and only the interaction between the gateways is carried out through the public network. The implementation of the approach in the Linux environment and the results of an experimental study are described. As this study has shown, the use of OpenSSL crypto-libraries can significantly speed up the work of CMS-based data protection tools, which is of great importance in the development of distributed systems based on the.NET network architecture.

Full Text

Restricted Access

About the authors

R. E. Asratian

V. A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences

Author for correspondence.
Email: rubezas@yandex.ru

Cand. of Tech. Sc., Leading Researcher

Russian Federation, Moscow, 117997

A. D. Kozlov

V. A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences

Email: alex4590alex@yandex.ru

Researcher

Russian Federation, Moscow, 117997

E. A. Kurako

V. A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences

Email: kea@ipu.ru

Cand. of Tech. Sc., Senior Researcher

Russian Federation, Moscow, 117997

V. L. Orlov

V. A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences

Email: ovl@ipu.ru

Cand. of Tech. Sc., Leading Researcher

Russian Federation, Moscow, 117997

References

  1. Shigin V. V. Information security risk analysis in existing and prospective industrial information management and exchange systems, Aktual’nye voprosy obshhestva, nauki i obrazovanija: sbornik statej XIX Mezhdunarodnoj nauchno-prakticheskoj konferencii, Penza, 05 fevralja 2025 goda, Penza, Nauka i Prosveshhenie, 2025, pp. 16—19 (in Russian).
  2. Kozlov A. D., Orlov V. L. Methods and tools for ensuring information security of distributed corporate systems, Moscow, IPU RAN, 2017, 156 p. (in Russian).
  3. Piscova А. V. Digitalization and cybersecurity issues in the modern Russian economy, Cifrovaja transformacija: nauka, tehnologii, innovacii: sbornik statej Mezhdunarodnoj nauchno-prakticheskoj konferencii, Kazan’, 01 fevralja 2025 goda, Ufa: Obshhestvo s ogranichennoj otvetstvennost’ju "Ajeterna", 2025, pp. 128—130 (in Russian).
  4. Zgoba A. I., Markelov D. V. Cyber security: threats, challenges, decisions, Voprosy kiberbezopasnosti, 2014, no. 5, pp. 30—38 (in Russian).
  5. Baka P., Schatten J. SSL/TLS under lock and key: a guide to understanding SSL/TLS cryptography, Sydney, Keyko books, 2020, 132 p.
  6. Asratian R. E. Secure network channel for web services based on SSL/TLS in a Linux environment, Programmnaya inzheneriya, 2022, no. 3, pp. 124—131 (in Russian).
  7. Shaposhnikov I. V. Web-services Microsoft.NET, SPb, BHV-Peterburg, 2002, 336 p. (in Russian).
  8. Tarkhanov M. D. Using WEB services in a SCADA application, Novy`e informacionnye texnologii v neftegazovoj otrasli i obrazovanii: materialy X Mezhdunarodnoj nauchno-prakticheskoj konferencii-konkursa, Tyumen, 20—21 aprelya 2023 goda, Tyumen, Tyumenskij industrialnyj universitet, 2023, pp. 188—192 (in Russian).
  9. Makeev А. K. Comparison of web services developed based on SOAP and REST using software quality assessment metrics, Texnicheskie nauki: problemy i resheniya: sbornik statej po materialam LXXII mezhdunarodnoj nauchno-prakticheskoj konferencii, Moskva, 19 maya 2023 goda, vol. 5 (67), Moscow, Obshhestvo s ogranichennoj otvetstvennostyu "Internauka", 2023, pp. 92—99 (in Russian).
  10. Kurako E. A., Asratian R. E., Orlov V. L. Import substitution of information systems based on C# and network architecture, Programmnaya inzheneriya, 2023, no. 10, pp. 471—481(in Russian).
  11. Dremliuga D. V. Virtual Private Network VPN Technology, Matricza nauchnogo poznaniya, 2024, no. 2-2, pp. 27—39 (in Russian).
  12. Akushuev R. T. The principle of VPN operation and its features, Modern Science, 2020, no. 7, pp. 312—314 (in Russian).
  13. Ketenchieva S. Zh., Kadykoev T. R. Virtual private networks, Cifrovye kompetencii v obrazovanii: sbornik materialov Vserossijskogo nauchnogo foruma s mezhdunarodnym uchastiem, Yakutsk, 13 fevralya 2024 goda, Kirov, Mezhregionalnyj centr innovacionnyx texnologij v obrazovanii, 2024, pp. 395—396 (in Russian).
  14. Koshenkov E. V. The relevance of using and the main problems of VPN technology, Nauchnyj aspect, 2024, vol. 10, no, 5, pp. 1323—1328 (in Russian).
  15. Fall K. R., Stevens W. R. TCP/IP Illustrated, Volume 1: The Protocols, Sebastopol, US, O’Reilly, 2011, 1056 p.

Supplementary files

Supplementary Files
Action
1. JATS XML
Download
2. Fig. 1. Principles of organization of a secure tunnel

Download (193KB)
Indexing metadata
3. Fig. 2. Processing information requests in a secure tunnel

Download (554KB)
Indexing metadata
4. Fig. 3. Comparative performance of the CMS tunnel (implementation in System.Security.Cryptography.Pkcs)

Download (150KB)
Indexing metadata
5. Fig. 4. CMS tunnel gateways and intermediary libraries

Download (114KB)
Indexing metadata
6. Figure 5. An example of the C# source code with a call to cryptographic functions

Download (426KB)
Indexing metadata
7. Fig. 6. Comparative performance of the CMS tunnel (implementation with OpenSSL)

Download (184KB)
Indexing metadata

Copyright (c) 2026 Informacionnye Tehnologii


СМИ зарегистрировано Федеральной службой по надзору в сфере связи, информационных технологий и массовых коммуникаций (Роскомнадзор).
Регистрационный номер и дата принятия решения о регистрации СМИ: серия ПИ № 77 - 15565 от 02 июня 2003 г.