ISSE 2006 — Securing Electronic Busines Processes

pp 54-63

Security Architecture for Device Encryption and VPN

  • Ammar AlkassarAffiliated withSirrix AG Security Technologies
  • , Michael ScheibelAffiliated withSirrix AG Security Technologies
  • , Michael StübelAffiliated withRuhr-University Bochum
  • , Ahmad-Reza SadeghiAffiliated withRuhr-University Bochum
  • , Marcel WinandyAffiliated withRuhr-University Bochum

* Final gross prices may vary according to local VAT.

Get Access


Encryption systems are widely used to protect stored and communicated data from unauthorized access. Unfortunately, most software-based encryption products suffer from various vulnerabilities such as insecure storage and usage capabilities for security-critical cryptographic keys and operations. In this paper we present a security architecture that allows secure, reliable and user-friendly encryption of devices and of TCPIIP communication. The architecture is capable of using Trusted Computing functionalities and offers a security level which is comparable to a hardware based solution, but is far more cost-effective. We have already implemented a device encryption system and a VPN client. Moreover, the security architecture is an appropriate basis for many applications such as Enterprise Rights Management (ERM) and secure Online Banking.