Security Architecture for Device Encryption and VPN

  • Ammar Alkassar
  • Michael Scheibel
  • Michael Stübel
  • Ahmad-Reza Sadeghi
  • Marcel Winandy

Abstract

Encryption systems are widely used to protect stored and communicated data from unauthorized access. Unfortunately, most software-based encryption products suffer from various vulnerabilities such as insecure storage and usage capabilities for security-critical cryptographic keys and operations. In this paper we present a security architecture that allows secure, reliable and user-friendly encryption of devices and of TCPIIP communication. The architecture is capable of using Trusted Computing functionalities and offers a security level which is comparable to a hardware based solution, but is far more cost-effective. We have already implemented a device encryption system and a VPN client. Moreover, the security architecture is an appropriate basis for many applications such as Enterprise Rights Management (ERM) and secure Online Banking.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [AdvaO6]
    Advanced Micro Devices, Inc.: Amd virtualization solutions. http://enterprise.amd.comlus-enlSolutions/Consolidationlvirtualization.aspx, 2006.
  2. [CiscO4]
    Cisco Systemia]s, Inc: Cisco vpn client security policy, fips release 3.6.7. http://cco.cisco.comlenJtJS/products/sw/secursw/ps2308/prod_configuration guideO9l 86a00802218e3.html, 2004.
  3. [CiscO5l.
  4. [EmscO6]
    EMSCB Project Consortium: The emscb project. http://www.emscb.org, 2006.
  5. [InteO6]
    Intel Corporation: Intel virtualization technology. http://www.intel.com/technology/computing/vptechI, 2006.
  6. [Micro5a]
    Microsoft Corp.: Secure startup-full volume encryption: Technical overview. http://www.microsoft.comlwhdc/systemiplatformlpcdesign /secure-start_tech.mspx, April 2005.
  7. [Micr05b]
    Microsoft Corp.: Trusted platform module services in windows vista.http://www.microsoft.comlwhdc/systemlplatformlpcdesign /TPM_secure.mspx, April 2005.
  8. [MSMWO3]
    Macdonald, R., Smith, S., Marchesini, J., and Wild, O.: Bear: An open-source virtual secure coprocessor based on tcpa. Technical report, Dartmouth College, 2003.Google Scholar
  9. [MSWMO3]
    Marchesini, J., Smith, S., Wild, O., and MacDonald, R.: Experimenting with tcpaltcg hardware, or: How I learned to stop worrying and love the bear. Technical report, Dartmouth College, December 2003.Google Scholar
  10. [MSW+04]
    Marchesini, J., Smith, S., Wild, O., Stabiner, J., and Barsamian, A.: Open-source applications of tcpa hardware. ACSA/ACM Annual Computer Security Applications Conference, December 2004.Google Scholar
  11. [PGPCO5]
    PGP Corporation: Pgp whole disk encryption for enterprises data sheet. http://www.pgp.comlproducts/wholediskencryptionlpgp_wholedisk _enterprises.html, 2005.
  12. [SafeO5]
    SafeBoot N. V.: Safeboot device encryption for pc. http://www.safeboot.comlproducts/device-encryptionlpc, 2005.
  13. [SeStO6]
    Selhorst, M., and Stüble, C.: Trusted grub. http://www.prosec.rub.de/tmstedgrub.html, 2006.
  14. [SZJvO4]
    Sailer, R., Zhang, X., Jaeger, T., and van Doom, L.: Design and implementation of a tcg-based integrity measurement architecture. 13th Usenix Security Symposium, San Diego, California, August 2004.Google Scholar
  15. [TCGWO5]
    TCG Work Group: TCG TPM Specification Version 1.2 Revision 85, 2005.Google Scholar
  16. [UnivO6]
    University of Cambridge Computer Laboratory: Xen virtual machinemonitor. http://lwww.cl.cam.ac.ukfResearch/SRG/netos/xen, 2006.
  17. [USDe85]
    US Department of Defense: Trusted computer system evaluation criteria (orange book). http://www.kernel.org/pub/linuxllibs/security/Orange-Linux/refs/Orange /Orange0-5.html, December 1985.
  18. [UtimO5]
    Utimaco Safeware: Security for mobile pcs and data media-safe guard easy whitepaper. http://www.utimaco.comIC1257OCFOO3OCOOA/vwContentByKey /W26L6EHK398CCHEEN, April 2005.

Copyright information

© Friedr. Vieweg & Sohn Verlag | GWV-Fachverlage GmbH, Wiesbaden 2006

Authors and Affiliations

  • Ammar Alkassar
    • 1
  • Michael Scheibel
    • 1
  • Michael Stübel
    • 2
  • Ahmad-Reza Sadeghi
    • 2
  • Marcel Winandy
    • 2
  1. 1.Sirrix AG Security TechnologiesGermany
  2. 2.Ruhr-University BochumGermany

Personalised recommendations