Security Architecture for Device Encryption and VPN
Encryption systems are widely used to protect stored and communicated data from unauthorized access. Unfortunately, most software-based encryption products suffer from various vulnerabilities such as insecure storage and usage capabilities for security-critical cryptographic keys and operations. In this paper we present a security architecture that allows secure, reliable and user-friendly encryption of devices and of TCPIIP communication. The architecture is capable of using Trusted Computing functionalities and offers a security level which is comparable to a hardware based solution, but is far more cost-effective. We have already implemented a device encryption system and a VPN client. Moreover, the security architecture is an appropriate basis for many applications such as Enterprise Rights Management (ERM) and secure Online Banking.
KeywordsTrusted Platform Module Virtual Private Network Encryption System Trust Computing Security Architecture
Unable to display preview. Download preview PDF.
- [AdvaO6]Advanced Micro Devices, Inc.: Amd virtualization solutions. http://enterprise.amd.comlus-enlSolutions/Consolidationlvirtualization.aspx, 2006.
- [CiscO4]Cisco Systemia]s, Inc: Cisco vpn client security policy, fips release 3.6.7. http://cco.cisco.comlenJtJS/products/sw/secursw/ps2308/prod_configuration guideO9l 86a00802218e3.html, 2004.
- [CiscO5l.Cisco Systems, Inc: Cisco vpn client data sheet. http://cco.cisco.comIenJIJS/products/sw/secursw/ps2308/products_data _sheet0900aecd80la9de9.html, 2005.
- [EmscO6]EMSCB Project Consortium: The emscb project. http://www.emscb.org, 2006.
- [InteO6]Intel Corporation: Intel virtualization technology. http://www.intel.com/technology/computing/vptechI, 2006.
- [Micro5a]Microsoft Corp.: Secure startup-full volume encryption: Technical overview. http://www.microsoft.comlwhdc/systemiplatformlpcdesign /secure-start_tech.mspx, April 2005.
- [Micr05b]Microsoft Corp.: Trusted platform module services in windows vista.http://www.microsoft.comlwhdc/systemlplatformlpcdesign /TPM_secure.mspx, April 2005.
- [MSMWO3]Macdonald, R., Smith, S., Marchesini, J., and Wild, O.: Bear: An open-source virtual secure coprocessor based on tcpa. Technical report, Dartmouth College, 2003.Google Scholar
- [MSWMO3]Marchesini, J., Smith, S., Wild, O., and MacDonald, R.: Experimenting with tcpaltcg hardware, or: How I learned to stop worrying and love the bear. Technical report, Dartmouth College, December 2003.Google Scholar
- [MSW+04]Marchesini, J., Smith, S., Wild, O., Stabiner, J., and Barsamian, A.: Open-source applications of tcpa hardware. ACSA/ACM Annual Computer Security Applications Conference, December 2004.Google Scholar
- [PGPCO5]PGP Corporation: Pgp whole disk encryption for enterprises data sheet. http://www.pgp.comlproducts/wholediskencryptionlpgp_wholedisk _enterprises.html, 2005.
- [SafeO5]SafeBoot N. V.: Safeboot device encryption for pc. http://www.safeboot.comlproducts/device-encryptionlpc, 2005.
- [SeStO6]Selhorst, M., and Stüble, C.: Trusted grub. http://www.prosec.rub.de/tmstedgrub.html, 2006.
- [SZJvO4]Sailer, R., Zhang, X., Jaeger, T., and van Doom, L.: Design and implementation of a tcg-based integrity measurement architecture. 13th Usenix Security Symposium, San Diego, California, August 2004.Google Scholar
- [TCGWO5]TCG Work Group: TCG TPM Specification Version 1.2 Revision 85, 2005.Google Scholar
- [UnivO6]University of Cambridge Computer Laboratory: Xen virtual machinemonitor. http://lwww.cl.cam.ac.ukfResearch/SRG/netos/xen, 2006.
- [USDe85]US Department of Defense: Trusted computer system evaluation criteria (orange book). http://www.kernel.org/pub/linuxllibs/security/Orange-Linux/refs/Orange /Orange0-5.html, December 1985.
- [UtimO5]Utimaco Safeware: Security for mobile pcs and data media-safe guard easy whitepaper. http://www.utimaco.comIC1257OCFOO3OCOOA/vwContentByKey /W26L6EHK398CCHEEN, April 2005.