Secure VPNs for Trusted Computing Environments

  • Steffen Schulz
  • Ahmad-Reza Sadeghi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5471)


Virtual Private Networks are a popular mechanism for building complex network infrastructures. Such infrastructures are usually accompanied by strict administrative restrictions on all VPN endpoints to protect the perimeter of the VPN. However, enforcement of such restrictions becomes difficult if these endpoints are personal computers used for remote VPN access. Commonly employed measures like anti-virus or software agents fail to defend against unanticipated attacks. The Trusted Computing Group invested significant work into platforms that are capable of secure integrity reporting. However, trusted boot and remote attestation also require a redesign of critical software components to achieve their full potential.

In this work, we design and implement a VPN architecture for trusted platforms. We solve the conflict between security and flexibility by implementing a self-contained VPN service that resides in an isolated area, outside the operating system environment visible to the user. We develop a hardened version of the IPsec architecture and protocols by addressing known security issues and reducing the overall complexity of IPsec and IKEv2. The resulting prototype provides access control and secure channels for arbitrary local compartments and is also compatible with typical IPsec configurations. We expect our focus on security and reduced complexity to result in much more stable and thus also more trustworthy software.


Security Service Secure Channel Internet Engineer Task Force Trust Computing Internet Engineer Task 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Sadeghi, A.R., Stüble, C.: Bridging the Gap between TCPA/Palladium and Personal Security (2003),
  2. 2.
    Helmuth, C., Warg, A., Feske, N.: Mikro-SINA - Hands-on Experiences with the Nizza Security Architecture. In: Proceedings of the D.A.CH Security (March 2005)Google Scholar
  3. 3.
    Kent, S.: IP Encapsulating Security Payload (ESP). RFC 4303, Internet Engineering Task Force (December 2005)Google Scholar
  4. 4.
    Kaufman, C.: Internet Key Exchange (IKEv2) Protocol. RFC 4306, Internet Engineering Task Force (December 2005)Google Scholar
  5. 5.
    Kocher, P.C.: Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  6. 6.
    Percival, C.: Cache missing for fun and profit. In: Proceedings of BSDCan 2005 (2005)Google Scholar
  7. 7.
    Sailer, R., Valdez, E., Jaeger, T., Perez, R., van Doorn, L., Griffin, J.L., Berger, S.: sHype: Secure Hypervisor Approach to Trusted Virtualized Systems. Research Report RC23511, IBM Research (February 2005)Google Scholar
  8. 8.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A Virtual Machine-Based Platform for Trusted Computing. In: Proceedings of the 9th ACM Synopsium on Operating System Principles, pp. 193–206 (2003)Google Scholar
  9. 9.
    Shapiro, J., Hardy, N.: EROS: A Principle-Driven Operating System from the Ground Up. IEEE Software, 26–33 (January 2002)Google Scholar
  10. 10.
    Härtig, H., Hohmuth, M., Feske, N., Helmuth, C., Lackorzynski, A., Mehnert, F., Peter, M.: The Nizza Secure-System Architecture. In: Proceedings of IEEE CollaborateCom 2005, p. 10. IEEE Press, Los Alamitos (2005)Google Scholar
  11. 11.
    Heiser, G., Elphinstone, K., Kuz, I., Klein, G., Petters, S.M.: Towards Trustworthy Computing Systems: Taking Microkernels to the Next Level. ACM Operating Systems Review 41(4), 3–11 (2007)CrossRefGoogle Scholar
  12. 12.
    Syckor, J.: IPSec Infrastruktur für Mikro-SINA, Diplomarbeit, Technische Universität Dresden (November 2004),
  13. 13.
    McDonald, D., Metz, C., Phan, B.: PF_KEY Key Management API, Version 2. RFC 2367, Internet Engineering Task Force (July 1998)Google Scholar
  14. 14.
    Atkinson, R.: Security Architecture for the Internet Protocol. RFC 1825, Internet Engineering Task Force (August 1995)Google Scholar
  15. 15.
    Kent, S., Seo, K.: Security Architecture for the Internet Protocol. RFC 4301, Internet Engineering Task Force (2005)Google Scholar
  16. 16.
    Kent, S.: IP Authentication Header. RFC 4302, Internet Engineering Task Force (December 2005)Google Scholar
  17. 17.
    Doraswamy, N., Harkins, D.: IPsec: The new Security Standard for the Internet, Intranets and Virtual Private Networks, 2nd edn. Prentice Hall PTR, Englewood Cliffs (2003)Google Scholar
  18. 18.
    Paterson, K.G.: A Cryptographic Tour of the IPsec Standards,
  19. 19.
    Aiello, W., Bellovin, S.M., Blaze, M., Ioannidis, J., Reingold, O., Canetti, R., Keromytis, A.D.: Efficient, DoS-resistant, secure key exchange for internet protocols. In: CCS 2002: Proceedings of the 9th ACM conference on Computer and communications security, pp. 48–58. ACM, New York (2002)Google Scholar
  20. 20.
    Ferguson, N., Schneier, B.: A Cryptographic Evaluation of IPsec (2000),
  21. 21.
    Bellovin, S.: Problem Areas for the IP Security Protocols. In: Proceedings of the Sixth Usenix Security Symposium (July 1996)Google Scholar
  22. 22.
    Degabriele, J.P., Paterson, K.G.: Attacking the IPsec Standards in Encryption-only Configurations (2007),
  23. 23.
    Kiraly, C., Bianchi, G., Formisano, F., Teofili, S., Lo Cigno, R.: Traffic masking in IPsec: architecture and implementation. In: Mobile and Wireless Communications Summit, 16th IST, pp. 1–5 (2007)Google Scholar
  24. 24.
    Simpson, W.A.: IKE/ISAKMP Considered Harmful. Usenix, login 24(6) (December 1999)Google Scholar
  25. 25.
    Aziz, A., Patterson, M.: Design and Implementation of SKIP. In: INET 1995 Hypermedia Proceedings (1995)Google Scholar
  26. 26.
    Kaufman, C., Perlman, R., Sommerfeld, B.: DoS protection for UDP-based protocols. In: CCS 2003: Proceedings of the 10th ACM conference on Computer and communications security, pp. 2–7. ACM, New York (2003)Google Scholar
  27. 27.
    Izadinia, V.D., Kourie, D., Eloff, J.: Uncovering identities: A study into VPN tunnel fingerprinting. Computers & Security 25(2), 97–105 (2006)CrossRefGoogle Scholar
  28. 28.
    Storage Work Group. Tcg storage architecture core specification. Technical report, Trusted Computing Group (May 2007)Google Scholar
  29. 29.
    Lau, J., Townsley, M., Goyret, I.: Layer Two Tunneling Protocol - Version 3 (L2TPv3). RFC 3931, Internet Engineering Task Force (2005)Google Scholar
  30. 30.
    Alkassar, A., Stüble, C.: Die Sicherheitsplattform Turaya. In: Trusted Computing, pp. 86–96. Vieweg+Teubner (May 2008)Google Scholar
  31. 31.
    Härtig, H., Roitzsch, M.: Ten years of research on l4-based real-time systems. In: Proceedings of the Eighth Real-Time Linux Workshop (2006)Google Scholar
  32. 32.
    Aboba, B., Dixon, W.: IPsec-Network Address Translation (NAT) Compatibility Requirements. RFC 3715, Internet Engineering Task Force (2004)Google Scholar
  33. 33.
    Huttunen, A., Swander, B., Volpe, V., DiBurro, L., Stenberg, M.: UDP Encapsulation of IPsec ESP Packets. RFC 3948, Internet Engineering Task Force (2005)Google Scholar
  34. 34.
    Shacham, A., Monsour, R., Pereira, R., Thomas, M.: IP Payload Compression Protocol (IPComp). RFC 2393, Internet Engineering Task Force (December 1998)Google Scholar
  35. 35.
    Eronen, P.: IKEv2 Mobility and Multihoming Protocol (MOBIKE). RFC 4555, Internet Engineering Task Force (June 2006)Google Scholar
  36. 36.
    TNC Work Group. Architecture for interoperability. Specification, Trusted Computing Group (April 2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Steffen Schulz
    • 1
  • Ahmad-Reza Sadeghi
    • 1
  1. 1.Horst-Görtz Institute and Chair for System SecurityRuhr-University BochumGermany

Personalised recommendations