Secure VPNs for Trusted Computing Environments

  • Steffen Schulz
  • Ahmad-Reza Sadeghi
Conference paper

DOI: 10.1007/978-3-642-00587-9_13

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5471)
Cite this paper as:
Schulz S., Sadeghi AR. (2009) Secure VPNs for Trusted Computing Environments. In: Chen L., Mitchell C.J., Martin A. (eds) Trusted Computing. Trust 2009. Lecture Notes in Computer Science, vol 5471. Springer, Berlin, Heidelberg

Abstract

Virtual Private Networks are a popular mechanism for building complex network infrastructures. Such infrastructures are usually accompanied by strict administrative restrictions on all VPN endpoints to protect the perimeter of the VPN. However, enforcement of such restrictions becomes difficult if these endpoints are personal computers used for remote VPN access. Commonly employed measures like anti-virus or software agents fail to defend against unanticipated attacks. The Trusted Computing Group invested significant work into platforms that are capable of secure integrity reporting. However, trusted boot and remote attestation also require a redesign of critical software components to achieve their full potential.

In this work, we design and implement a VPN architecture for trusted platforms. We solve the conflict between security and flexibility by implementing a self-contained VPN service that resides in an isolated area, outside the operating system environment visible to the user. We develop a hardened version of the IPsec architecture and protocols by addressing known security issues and reducing the overall complexity of IPsec and IKEv2. The resulting prototype provides access control and secure channels for arbitrary local compartments and is also compatible with typical IPsec configurations. We expect our focus on security and reduced complexity to result in much more stable and thus also more trustworthy software.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Steffen Schulz
    • 1
  • Ahmad-Reza Sadeghi
    • 1
  1. 1.Horst-Görtz Institute and Chair for System SecurityRuhr-University BochumGermany

Personalised recommendations