Search

US-12627684-B2 - System and method for secure transfer of data between networks

US12627684B2US 12627684 B2US12627684 B2US 12627684B2US-12627684-B2

Abstract

Disclosed system and method for secure transfer of data between networks. An example method comprises: setting a first state of the gateway, wherein in the first state a destination agent of the gateway is granted access to a first memory and denied access to a second network; while the gateway is in the first state, configuring the destination agent, based on one or more parameters stored in the first memory, to transfer data received from a source agent of the gateway to the second network; changing the state of the gateway to a second state, wherein in the second state the destination agent is denied access to the first memory and granted access to the second network; and while the gateway is in the second state, controlling transfer of the data from the source agent of the first network to the destination agent of the second network.

Inventors

  • Dmitry S. Lukiyan
  • Alexey G. Vereshchagin
  • Maxim A. Dontsov
  • Ruslan Y. Morozov
  • Denis S. Kashitsyn

Assignees

  • AO Kaspersky Lab

Dates

Publication Date
20260512
Application Date
20241030
Priority Date
20211014

Claims (20)

  1. 1 . A method for transferring data from a first network to a second network using a gateway, comprising: setting a first state of the gateway, wherein in the first state a destination agent of the gateway is granted access to a first memory and denied access to the second network; while the gateway is in the first state, configuring the destination agent, based on one or more parameters stored in the first memory, to transfer data received from a source agent of the gateway to the second network; changing the state of the gateway to a second state, wherein in the second state the destination agent is denied access to the first memory and granted access to the second network; and while the gateway is in the second state, controlling transfer of the data from the source agent of the first network to the destination agent of the second network.
  2. 2 . The method of claim 1 , wherein the first memory comprises a trusted memory for storing data critical to secure operation of the gateway.
  3. 3 . The method of claim 1 , wherein, in the second state, data transfer from the source agent to the destination agent is permitted.
  4. 4 . The method of claim 1 , wherein the data transfer is performed based on the one or more parameters of the destination agent stored in the first memory.
  5. 5 . The method of claim 1 , wherein changing the state of the gateway to the second state further comprises changing the state of the gateway to the second state after configuration of the destination agent is complete.
  6. 6 . The method of claim 1 , wherein the one or more parameters include one or more transmission authorization parameters.
  7. 7 . The method of claim 1 , wherein the one or more parameters including a list of data to be transferred from the first network.
  8. 8 . The method of claim 1 , wherein in the first state, the access is denied to the second memory, and in the second state the access is granted to the second memory.
  9. 9 . The method of claim 8 , wherein the second memory comprises untrusted memory contains a buffer for storing the data to be transferred and destination agent information.
  10. 10 . The method of claim 1 , wherein controlling transfer of the data further comprises controlling communications between one or more resources according to one or more security policies, wherein the one or more resources comprise the destination, the source agent, and the first memory.
  11. 11 . The method of claim 10 , wherein the one or more security policies employ a finite state machine, where a state of the finite state machine represents a state of the gateway, and wherein the one or more security policies determine whether to allow or deny access from one gateway component to another gateway component depending on the state of the finite state machine.
  12. 12 . A system for transferring data from a first network to a second network using a gateway, comprising: at least one memory; at least one hardware processor coupled with the at least one memory and configured, individually or in combination, to: set a first state of the gateway, wherein in the first state a destination agent of the gateway is granted access to a first memory and denied access to the second network; while the gateway is in the first state, configure the destination agent, based on one or more parameters stored in the first memory, to transfer data received from a source agent of the gateway to the second network; change the state of the gateway to a second state, wherein in the second state the destination agent is denied access to the first memory and granted access to the second network; and while the gateway is in the second state, control transfer of the data from the source agent of the first network to the destination agent of the second network.
  13. 13 . The system of claim 12 , wherein the first memory comprises a trusted memory for storing data critical to secure operation of the gateway.
  14. 14 . The system of claim 12 , wherein in the second state data transfer from the source agent to the destination agent is permitted.
  15. 15 . The system of claim 12 , wherein the data transfer is performed based on the one or more parameters of the destination agent stored in the first memory.
  16. 16 . The system of claim 12 , wherein in the first state, the access is denied to the second memory, and in the second state the access is granted to the second memory.
  17. 17 . The system of claim 16 , wherein the second memory comprises untrusted memory contains a buffer for storing the data to be transferred and destination agent information.
  18. 18 . A non-transitory computer readable medium storing computer executable instructions for transferring data from a first network to a second network using a gateway, including instructions for: setting a first state of the gateway, wherein in the first state a destination agent of the gateway is granted access to a first memory and denied access to the second network; while the gateway is in the first state, configuring the destination agent, based on one or more parameters stored in the first memory, to transfer data received from a source agent of the gateway to the second network; changing the state of the gateway to a second state, wherein in the second state the destination agent is denied access to the first memory and granted access to the second network; and while the gateway is in the second state, controlling transfer of the data from the source agent of the first network to the destination agent of the second network.
  19. 19 . The non-transitory computer readable medium of claim 18 , wherein the first memory comprises a trusted memory for storing data critical to secure operation of the gateway.
  20. 20 . The non-transitory computer readable medium of claim 18 , wherein in the second state data transfer from the source agent to the destination agent is permitted.

Description

CROSS REFERENCE TO RELATED APPLICATIONS The present application is a continuation of U.S. patent application Ser. No. 17/750,652 filed May 23, 2022, which claims benefit of priority to a Russian Application No. 2021130011 filed on Oct. 14, 2021, and which is incorporated by reference herein. FIELD OF TECHNOLOGY The present invention relates generally to the field of network communications and, more specifically, to a network gateway and a method for transferring data from a first network to a second network. BACKGROUND Currently, the application of digital services in the Industrial Internet of things (IIoT) is becoming more widespread. Such digital services are typically installed on a remote server and are typically intended for the processing and analysis of data received from devices (hardware) of an Information System (hereafter, IS) based on the Internet of Things (IoT). Data from IS devices, such as, for example, transducers and sensors, actuators, is transferred to the remote server via a network gateway. It is the network gateway (hereafter, the gateway) that is responsible for ensuring a reliable and secure connection of the IS devices to the remote server. The IS devices communicate with the server through the gateway. In other words, the IS devices are located on an internal network with respect to the server. The server is located on an external network, and the communication between the server and the IS devices takes place through the gateway. Generally, the internal IS network should be protected from computer-based attacks from the external network. The remote server is, typically, the most vulnerable component because it is connected to an external network, such as the Internet. Thus, the remote server may be a subject to a whole range of computer attacks, including, but not limited to: MITC attacks (Man in the cloud); attacks that use bugs and vulnerabilities in the remote server code and architecture and the installed services; buffer overflow attacks; Structured Query Language (SQL) injection database attacks; elevation of privilege attacks; vulnerable channel attacks; Distributed Denial of Service (DDoS) attacks; data integrity violation attacks; certificate spoofing attacks; phishing attacks; password selection or password reset to obtain unauthorized access; social engineering attacks; attacks involving installation of malicious software (hereafter “SW”); attacks that exploit vulnerabilities; insecure application installation attacks, and the like. MITC attack is an attack based on the theft of unique tokens which are generated when a service is first used and which are stored on the user's machine for convenience. By running a computer attack on a remote server, an attacker could continue the attack on the gateway and gain access to the internal IS network. Getting access to the internal network, in turn could lead to unauthorized access to the IS device data and even put the IS devices and the IS itself out of action. It should be noted that an attack on a remote server can be carried out both externally and internally, for example, by physical access to the server. Another type of a computer attack on the internal IS network is an attack on the communication channel between the gateway and the remote server, that is, on the external network. An attacker may carry out such an attack by, for example, searching for devices through open ports, searching for device vulnerabilities, hacking into the communication link, performing a man-in-the-middle attack, and by gaining unauthorized access to device applications. A third type of a computer attack is a gateway attack, which may be accomplished by physically accessing the gateway or by using an external network in the event of a successful attack on a remote server or an external network. Therefore, the technical problem arises involving a level of security of the devices connected to the first network (the internal network) against computer network attacks originating from the second network (the external network). However, the known technology does not solve the stated technical problem, since duplicating network traffic into a hidden network for analysis does not fully protect an operational network from computer attacks from the Internet. Therefore, there is a need for increasing level of security of the devices connected to the internal network against computer network attacks originating from the external network. SUMMARY Disclosed are systems and methods for transferring data from a first network to a second network using a gateway. Advantageously, the disclosed method performs a secure unidirectional data transfer from a first network to a second network. Another advantage is an increase in a level of security of a trusted memory of a network gateway against computer network attacks by allowing access to the trusted memory, while the gateway is in a first (‘safe’) state and by denying access to the trusted memory while the gatew