Skip to main content
Springer Nature Link
Log in

Using Trusted Platform Modules for Location Assurance in Cloud Networking

  • Conference paper
Network and System Security (NSS 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7873))

Included in the following conference series:

  • 3758 Accesses

Abstract

In cloud networking users may want to control where their virtual resources are stored or processed, e.g., only in western Europe and not in the US. Cloud networking is the combined management of cloud computing and network infrastructures of different providers and enables dynamic and flexible placement of virtual resources in this distributed environment. In this paper, we propose a mechanism for verifying the geographic location of a virtual resource. Our approach uses Trusted Platform Modules (TPM) to identify physical machines and a trusted authority which verifies the actual location. In addition, our approach enables the verification of the trustworthiness of the machine of the cloud operator.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (directive on privacy and electronic communications). Official Journal of the European Union (L201), 0037–0047 (2002)

    Google Scholar 

  2. Amazon Virtual Private Cloud (July 2012), http://aws.amazon.com/ec2/

  3. CloudAudit: A6 - The Automated Audit, Assertion, Assessment, and Assurance API (July 2012), http://cloudaudit.org

  4. Google App Engine (July 2012), https://developers.google.com/appengine/

  5. Google Docs (July 2012), http://docs.google.com

  6. Trusted GRUB website (July 2012), http://projects.sirrix.com/trac/trustedgrub

  7. Xen website (July 2012), http://xen.org/

  8. Basescu, C., Carpen-Amarie, A., Leordeanu, C., Costan, A., Antoniu, G.: Managing data access on clouds: A generic framework for enforcing security policies. In: AINA, pp. 459–466. IEEE Computer Society (2011)

    Google Scholar 

  9. Castelluccia, C., Francillon, A., Perito, D., Soriente, C.: On the difficulty of software-based attestation of embedded devices. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 400–409. ACM (2009)

    Google Scholar 

  10. Chen, Y., Xiong, Y., Shi, X., Deng, B., Li, X.: Pharos: A decentralized and hierarchical network coordinate system for internet distance prediction. In: GLOBECOM, pp. 421–426 (2007)

    Google Scholar 

  11. Dabek, F., Cox, R., Kaashoek, F., Morris, R.: Vivaldi: A decentralized network coordinate system. In: SIGCOMM, pp. 15–26 (2004)

    Google Scholar 

  12. ENISA. Cloud computing security risk assessment. Technical report, European Network and Information Security Agency, ENISA (2009)

    Google Scholar 

  13. Fraser, D.: The canadian response to the USA Patriot Act. IEEE Security Privacy 5(5), 66–68 (2007)

    Article  Google Scholar 

  14. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC 2009: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, pp. 169–178. ACM, New York (2009)

    Chapter  Google Scholar 

  15. Heiser, J., Nicolett, M.: Assessing the security risks of cloud computing. Technical report, Gartner (2008)

    Google Scholar 

  16. Iskander, M.K., Wilkinson, D.W., Lee, A.J., Chrysanthis, P.K.: Enforcing policy and data consistency of cloud transactions. In: Proceedings of the Second International Workshop on Security and Privacy in Cloud Computing, ICDCS-SPCC 2011. IEEE Computer Society, Washington, DC (2011)

    Google Scholar 

  17. Ng, T.S.E., Zhang, H.: Towards global network positioning. In: Proceedings of the First ACM SIGCOMM Workshop on Internet Measurement, pp. 25–29 (2001)

    Google Scholar 

  18. Peterson, Z.N.J., Gondree, M., Beverly, R.: A position paper on data sovereignty: the importance of geolocating data in the cloud. In: Proceedings of the 3rd USENIX Conference on Hot Topics in Cloud Computing, HotCloud 2011 (2011)

    Google Scholar 

  19. Ries, T., Fusenig, V., Vilbois, C., Engel, T.: Verification of data location in cloud networking. In: Proceedings of the First International Workshop on Cloud Service Quality Measurement and Comparison, CSQMC 2011. IEEE Computer Society (2011)

    Google Scholar 

  20. Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. In: Proceedings of the 13th Usenix Security Symposium (2004)

    Google Scholar 

  21. Shamir, A.: How to share a secret. Commun. ACM 22, 612–613 (1979)

    Article  MathSciNet  MATH  Google Scholar 

  22. Trusted Computing Group. Cloud computing and security - a natural match. Technical report, Trusted Computing Group (2010)

    Google Scholar 

  23. Trusted Computing Group. TPM Main Specification (2011)

    Google Scholar 

  24. De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Pelosi, G., Samarati, P.: Encryption-based policy enforcement for cloud storage. In: Proceedings of the 2010 IEEE 30th International Conference on Distributed Computing Systems Workshops, ICDCSW 2010, pp. 42–51 (2010)

    Google Scholar 

  25. Yao, A.C.: Protocols for secure computations. In: Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, SFCS 1982, pp. 160–164. IEEE Computer Society, Washington, DC (1982)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Fraunhofer Research Institution for Applied and Integrated Security (AISEC), Parkring 4, 85748, Garching, Germany

    Christoph Krauß

  2. Siemens AG, Otto-Hahn-Ring 6, 81739, Munich, Germany

    Volker Fusenig

Authors
  1. Christoph Krauß
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Volker Fusenig
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, ETSI Informatica, University of Malaga, Campus de Teatinos, 29071, Malaga, Spain

    Javier Lopez

  2. School of Mathematics and Computer Science, Fujian Normal University, No. 32 Shangsan Road, 350007, Fuzhou, China

    Xinyi Huang

  3. Institute for Cyber Security,, University of Texas at San Antonio, One UTSA Circle, 78249, San Antonio, TX, USA

    Ravi Sandhu

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Krauß, C., Fusenig, V. (2013). Using Trusted Platform Modules for Location Assurance in Cloud Networking. In: Lopez, J., Huang, X., Sandhu, R. (eds) Network and System Security. NSS 2013. Lecture Notes in Computer Science, vol 7873. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38631-2_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38631-2_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38630-5

  • Online ISBN: 978-3-642-38631-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics