Skip to main content
SpringerLink
Log in

Interoperable Remote Attestation for VPN Environments

(Work in Progress)

  • Conference paper
Book cover Trusted Systems (INTRUST 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6802))

Included in the following conference series:

Abstract

This paper describes an approach to perform a Remote Attestation in VPN environments, using Trusted Network Connect techniques. The solution is based on the VPN connection set up to authenticate the user, and the afterwards established VPN tunnel to perform a TNC handshake. In this handshake the Remote Attestation takes place. The result of this Attestation is then used by the Policy Enforcement Point to configure a packet filter. The initial configuration of this packet filter allows only communication with the Policy Decision Point and according to the Attestation result, the configuration is changed to either allow or forbid network access. The approach is completely independent of the used VPN solution, thus realising interoperability. The approach is also compared against other ideas for a VPN-based Remote Attestation. Furthermore, this paper also describes an implementation of this approach.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Baiardi, F., Sgandurra, D.: Attestation of integrity of overlay networks. Journal of Systems Architecture (2010) (in press) (corrected proof), http://www.sciencedirect.com/science/article/B6V1F-508PPYT-1/2/59cabe0d98e91e12c75b03d76b270d9f

  2. Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: CCS 2004: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 132–145. ACM, New York (2004)

    Google Scholar 

  3. Camenisch, J.: Better privacy for trusted computing platforms. In: Samarati, P., Ryan, P.Y.A., Gollmann, D., Molva, R. (eds.) ESORICS 2004. LNCS, vol. 3193, pp. 73–88. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  4. Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A.R., Stüble, C.: A protocol for property-based attestation. In: STC 2006: Proceedings of the First ACM Workshop on Scalable Trusted Computing, pp. 7–16. ACM, New York (2006)

    Chapter  Google Scholar 

  5. Netfilter and Iptables Project Homepage, http://www.netfilter.org/ (accessed on 2010/08/04)

  6. Kaufman, C.: Internet key exchange (ikev2) protocol (2005), http://tools.ietf.org/html/rfc4306

  7. Kent, S., Atkinson, R.: Security architecture for the internet protocol (1998), http://tools.ietf.org/html/rfc2401

  8. libtnc Website, http://sourceforge.net/projects/libtnc/ (accessed on 2010/08/04)

  9. Maughan, D., et al.: Internet security association and key management protocol (isakmp) (1998), http://tools.ietf.org/html/rfc2408

  10. OpenVPN Website, http://openvpn.net/ (accessed on 2010/08/04)

  11. Schulz, S., Sadeghi, A.R.: Secure VPNs for trusted computing environments. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Trust 2009. LNCS, vol. 5471, pp. 197–216. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  12. Schulz, S., Sadeghi, A.R.: Extending ipsec for efficient remote attestation. In: Sion, R. (ed.) Financial Cryptography. LNCS. Springer, Heidelberg (January 2010), Workshop on Real-Life Cryptographic Protocols (RLCPS)

    Google Scholar 

  13. TCG Infrastructure Work Group: Reference Architecture for Interoperability (Part I) (June 2005), http://www.trustedcomputinggroup.org/resources/infrastructure_work_group_reference_architecture_for_interoperability_specification_part_1_version_10 , specification Version 1.0 Revision 1

  14. TCG Infrastructure Working Group: Platform Trust Services Interface Specification (IF-PTS) (November 2006), http://www.trustedcomputinggroup.org/files/temp/6427263A-1D09-3519-ADEE3EFF23C8F901/IWG%20IF-PTS_v1.pdf , specification Version 1.0

  15. TCG Trusted Network Connect Work Group: TNC IF-IMC (February 2007), http://www.trustedcomputinggroup.org/resources/tnc_ifimc_specification , specification Version 1.2 Revision 8

  16. TCG Trusted Network Connect Work Group: TNC IF-IMV (February 2007), http://www.trustedcomputinggroup.org/resources/tnc_ifimv_specification , specification Version 1.2 Revision 8

  17. TCG Trusted Network Connect Work Group: TNC Architecture for Interoperability (May 2009), http://www.trustedcomputinggroup.org/resources/tnc_architecture_for_interoperability_specification , specification Version 1.4 Revision 4

  18. TCG Trusted Network Connect Working Group: TNC IF-PEP: Protocol Bindings for RADIUS (February 2007), http://www.trustedcomputinggroup.org/files/resource_files/8CC5592B-1D09-3519-AD45F0F893766F6B/TNC_IF-PEP_v1.1_rev_0.7.pdf , specification Version 1.1 Revision 0.7

  19. TCG Trusted Platform Module Work Group: TPM Main Part 2 TPM Structures (October 2006), http://www.trustedcomputinggroup.org/files/resource_files/E14876A3-1A4B-B294-D086297A1ED38F96/mainP2Structrev103.pdf , specification Version 1.2 Level 2 Revision 103

  20. TCG Trusted Platform Module Work Group: TPM Main Part 3 Commands (October 2006), http://www.trustedcomputinggroup.org/files/resource_files/E14A09AD-1A4B-B294-D049ACC1A1A138ED/mainP3Commandsrev103.pdf , specification Version 1.2 Level 2 Revision 103

  21. TCG Trusted Platform Module Work Group: TPM Main Part 1 Design Principles (July 2007), http://www.trustedcomputinggroup.org/files/resource_files/ACD19914-1D09-3519-ADA64741A1A15795/mainP1DPrev103.zip , specification Version 1.2 Level 2 Revision 103

  22. TNC at FHH Website, http://www.trust.inform.fh-hannover.de/ (accessed on 2010/08/04)

  23. Trusted Computing Group: Glossary, http://www.trustedcomputinggroup.org/developers/glossary/ (accessed on 2010/08/06)

Download references

Author information

Authors and Affiliations

  1. Trust@FHH Research Group, Fachhochschule Hannover - University of Applied Sciences and Arts, Ricklinger Stadtweg 120, 30459, Hannover, Germany

    Ingo Bente, Bastian Hellmann, Joerg Vieweg, Josef von Helden & Arne Welzel

Authors
  1. Ingo Bente
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bastian Hellmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Joerg Vieweg
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Josef von Helden
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Arne Welzel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Hewlett-Packard Labs, Long Down Avenue, Stoke Gifford, BS34 8QZ, Bristol, UK

    Liqun Chen

  2. Google Inc. and Department of Computer Science, Columbia University, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bente, I., Hellmann, B., Vieweg, J., von Helden, J., Welzel, A. (2011). Interoperable Remote Attestation for VPN Environments. In: Chen, L., Yung, M. (eds) Trusted Systems. INTRUST 2010. Lecture Notes in Computer Science, vol 6802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25283-9_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-25283-9_20

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-25282-2

  • Online ISBN: 978-3-642-25283-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation