Strong Authentication over Lock-Keeper

  • Feng Cheng
  • Christoph Meinel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4910)


Based on the principle that ”the ultimate method to secure a network is to disconnect it”, the Lock-Keeper technology has been known as an efficient approach to guarantee the high-level security and prevent online network attacks by physically separating the protected hosts or networks. Because of its simple idea and extensible architecture, the Lock-Keeper system can be easily and seamlessly integrated with other security methods or solutions to provide thorough protection for most actual network-based applications. This paper will propose an advanced strong authentication framework based on the Lock-Keeper. Thanks to Lock-Keeper’s physical disconnection, all the credentials, privacies and policies required by the authentication mechanism can be securely stored and manipulated by being completely isolated with both the external and the internal networks. The whole authentication procedure can be performed in the clean and trusted Lock-Keeper GATE component. Based on the proposed framework, a prototypical platform is implemented in the Lock-Keeper to enhance the security of the Lock-Keeper Web Service module, which is one of important Lock-Keeper application modules, and can be applied to secure most web applications in Service-Oriented-Architecture environment.


Virtual Machine Physical Separation Authentication Procedure Security Assertion Markup Language Authentication Credential 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Zviran, M., Haga, W.J.: A Comparison of Password Techniques for Multilevel Authentication Mechanisms. Computer Journal 36(3), 227–237 (1993)CrossRefGoogle Scholar
  2. 2.
    Housley, R., Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile. IETF - Network Working Group, The Internet Society, RFC 2459 (January 1999)Google Scholar
  3. 3.
    Cantor, S., Moreh, I.J., Philpott, S.R., Maler, E.: Metadata for the OASIS Security Assertion Markup Language (SAML), V2.0. OASIS SSTC, (2005)Google Scholar
  4. 4.
    Rankl, W., Effing, W.: Smart Card Handbook, 3rd edn. John Wiley and Sons, Ltd., Hoboken, NJ (2003)Google Scholar
  5. 5.
    Wayman, J.L.: Fundamentals of Biometric Authentication Technologies. International Journal of Image and Graphics 1(1), 93–113 (2001)CrossRefGoogle Scholar
  6. 6.
    RSA Security, Inc. Strong Authentication: An Essential Component of Identity and Access Management. White Paper, RSA Security, Inc.: SA-WP-0804 (2004)Google Scholar
  7. 7.
    Lobel, M.: Case for Strong User Authentication White Paper, TRS, PrincewaterhaouseCoopers: CSUA-WP-0200 (2005)Google Scholar
  8. 8.
    Witty, R.J., Wagner, R.: The Growing Need for Identity and Access Management. White Paper, Gartner, Inc.: AV-21-4512 (2003)Google Scholar
  9. 9.
    Alonso, G., Casati, F., Kuno, H., Machiraju, V.: Web Services: Concepts, Architectures and Applications. Springer, Berlin, Germany (2004)zbMATHGoogle Scholar
  10. 10.
    Cheng, F., Meinel, Ch.: Research on the Lock-Keeper Technology: Architectures, Applications and Advancements. International Journal of Computer & Information Science 5(3), 236–245 (2004)Google Scholar
  11. 11.
    IAG 2007 website in Microsoft (2006-2007),
  12. 12.
    Menoher, J.: Owl Computing Product Overview: Secure One-Way Data Transfer Systems. White Paper, Owl Computing Technologies, Inc. (2007)Google Scholar
  13. 13.
    Kang, M.H., Moskowitz, I.S.: A Pump for Rapid, Reliable, Secure Communication. In: CCS 1993. Proceedings of 1st ACM Conference on Computer & Communications Security, Fairfax, VA (1993)Google Scholar
  14. 14.
    Lock-Keeper WebSite of Siemens Switzerland (2005-2007),
  15. 15.
    Cheng, F., Meinel, C.: Deployment Virtual Machines in Lock-Keeper. In: WISA 2006. LNCS, vol. 4298, Springer, Heidelberg (2006)Google Scholar
  16. 16.
    User Mode Linux Core Team: User Mode Linux HOWTO,
  17. 17.
    Cheng, F., Menzel, M., Meinel, Ch.: A Secure Web Services Providing Framework based on Lock-Keeper. In: APNOMS2007. LNCS, vol. 4773, Springer, Heidelberg (2007)Google Scholar
  18. 18.
    ForumSystems: Forum Xwall - XML Firewall Product Data Sheet (2005),
  19. 19.
    Curphey, M., Scambray, J., Olson, E., Howard, M.: Improving Web Application Security: Threats and Countermeasures. Microsoft Press, Washington (2003)Google Scholar
  20. 20.
    Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos Network Authentication System Kerberos RFC4120, (July 2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Feng Cheng
    • 1
  • Christoph Meinel
    • 1
  1. 1.Hasso Plattner InstituteUniversity of PotsdamPotsdamGermany

Personalised recommendations