Security Architecture for Device Encryption and VPN
Encryption systems are widely used to protect stored and communicated data from unauthorized access. Unfortunately, most software-based encryption products suffer from various vulnerabilities such as insecure storage and usage capabilities for security-critical cryptographic keys and operations. In this paper we present a security architecture that allows secure, reliable and user-friendly encryption of devices and of TCPIIP communication. The architecture is capable of using Trusted Computing functionalities and offers a security level which is comparable to a hardware based solution, but is far more cost-effective. We have already implemented a device encryption system and a VPN client. Moreover, the security architecture is an appropriate basis for many applications such as Enterprise Rights Management (ERM) and secure Online Banking.
Unable to display preview. Download preview PDF.
- [AdvaO6]Advanced Micro Devices, Inc.: Amd virtualization solutions. http://enterprise.amd.comlus-enlSolutions/Consolidationlvirtualization.aspx, 2006.
- [CiscO4]Cisco Systemia]s, Inc: Cisco vpn client security policy, fips release 3.6.7. http://cco.cisco.comlenJtJS/products/sw/secursw/ps2308/prod_configuration guideO9l 86a00802218e3.html, 2004.
- [CiscO5l.Cisco Systems, Inc: Cisco vpn client data sheet. http://cco.cisco.comIenJIJS/products/sw/secursw/ps2308/products_data _sheet0900aecd80la9de9.html, 2005.
- [EmscO6]EMSCB Project Consortium: The emscb project. http://www.emscb.org, 2006.
- [InteO6]Intel Corporation: Intel virtualization technology. http://www.intel.com/technology/computing/vptechI, 2006.
- [Micro5a]Microsoft Corp.: Secure startup-full volume encryption: Technical overview. http://www.microsoft.comlwhdc/systemiplatformlpcdesign /secure-start_tech.mspx, April 2005.
- [Micr05b]Microsoft Corp.: Trusted platform module services in windows vista.http://www.microsoft.comlwhdc/systemlplatformlpcdesign /TPM_secure.mspx, April 2005.
- [MSMWO3]Macdonald, R., Smith, S., Marchesini, J., and Wild, O.: Bear: An open-source virtual secure coprocessor based on tcpa. Technical report, Dartmouth College, 2003.Google Scholar
- [MSWMO3]Marchesini, J., Smith, S., Wild, O., and MacDonald, R.: Experimenting with tcpaltcg hardware, or: How I learned to stop worrying and love the bear. Technical report, Dartmouth College, December 2003.Google Scholar
- [MSW+04]Marchesini, J., Smith, S., Wild, O., Stabiner, J., and Barsamian, A.: Open-source applications of tcpa hardware. ACSA/ACM Annual Computer Security Applications Conference, December 2004.Google Scholar
- [PGPCO5]PGP Corporation: Pgp whole disk encryption for enterprises data sheet. http://www.pgp.comlproducts/wholediskencryptionlpgp_wholedisk _enterprises.html, 2005.
- [SafeO5]SafeBoot N. V.: Safeboot device encryption for pc. http://www.safeboot.comlproducts/device-encryptionlpc, 2005.
- [SeStO6]Selhorst, M., and Stüble, C.: Trusted grub. http://www.prosec.rub.de/tmstedgrub.html, 2006.
- [SZJvO4]Sailer, R., Zhang, X., Jaeger, T., and van Doom, L.: Design and implementation of a tcg-based integrity measurement architecture. 13th Usenix Security Symposium, San Diego, California, August 2004.Google Scholar
- [TCGWO5]TCG Work Group: TCG TPM Specification Version 1.2 Revision 85, 2005.Google Scholar
- [UnivO6]University of Cambridge Computer Laboratory: Xen virtual machinemonitor. http://lwww.cl.cam.ac.ukfResearch/SRG/netos/xen, 2006.
- [USDe85]US Department of Defense: Trusted computer system evaluation criteria (orange book). http://www.kernel.org/pub/linuxllibs/security/Orange-Linux/refs/Orange /Orange0-5.html, December 1985.
- [UtimO5]Utimaco Safeware: Security for mobile pcs and data media-safe guard easy whitepaper. http://www.utimaco.comIC1257OCFOO3OCOOA/vwContentByKey /W26L6EHK398CCHEEN, April 2005.