Abstract
Encryption systems are widely used to protect stored and communicated data from unauthorized access. Unfortunately, most software-based encryption products suffer from various vulnerabilities such as insecure storage and usage capabilities for security-critical cryptographic keys and operations. In this paper we present a security architecture that allows secure, reliable and user-friendly encryption of devices and of TCPIIP communication. The architecture is capable of using Trusted Computing functionalities and offers a security level which is comparable to a hardware based solution, but is far more cost-effective. We have already implemented a device encryption system and a VPN client. Moreover, the security architecture is an appropriate basis for many applications such as Enterprise Rights Management (ERM) and secure Online Banking.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Advanced Micro Devices, Inc.: Amd virtualization solutions. http://enterprise.amd.comlus-enlSolutions/Consolidationlvirtualization.aspx, 2006.
Cisco Systemia]s, Inc: Cisco vpn client security policy, fips release 3.6.7. http://cco.cisco.comlenJtJS/products/sw/secursw/ps2308/prod_configuration guideO9l 86a00802218e3.html, 2004.
Cisco Systems, Inc: Cisco vpn client data sheet. http://cco.cisco.comIenJIJS/products/sw/secursw/ps2308/products_data _sheet0900aecd80la9de9.html, 2005.
EMSCB Project Consortium: The emscb project. http://www.emscb.org, 2006.
Intel Corporation: Intel virtualization technology. http://www.intel.com/technology/computing/vptechI, 2006.
Microsoft Corp.: Secure startup-full volume encryption: Technical overview. http://www.microsoft.comlwhdc/systemiplatformlpcdesign /secure-start_tech.mspx, April 2005.
Microsoft Corp.: Trusted platform module services in windows vista.http://www.microsoft.comlwhdc/systemlplatformlpcdesign /TPM_secure.mspx, April 2005.
Macdonald, R., Smith, S., Marchesini, J., and Wild, O.: Bear: An open-source virtual secure coprocessor based on tcpa. Technical report, Dartmouth College, 2003.
Marchesini, J., Smith, S., Wild, O., and MacDonald, R.: Experimenting with tcpaltcg hardware, or: How I learned to stop worrying and love the bear. Technical report, Dartmouth College, December 2003.
Marchesini, J., Smith, S., Wild, O., Stabiner, J., and Barsamian, A.: Open-source applications of tcpa hardware. ACSA/ACM Annual Computer Security Applications Conference, December 2004.
PGP Corporation: Pgp whole disk encryption for enterprises data sheet. http://www.pgp.comlproducts/wholediskencryptionlpgp_wholedisk _enterprises.html, 2005.
SafeBoot N. V.: Safeboot device encryption for pc. http://www.safeboot.comlproducts/device-encryptionlpc, 2005.
Selhorst, M., and Stüble, C.: Trusted grub. http://www.prosec.rub.de/tmstedgrub.html, 2006.
Sailer, R., Zhang, X., Jaeger, T., and van Doom, L.: Design and implementation of a tcg-based integrity measurement architecture. 13th Usenix Security Symposium, San Diego, California, August 2004.
TCG Work Group: TCG TPM Specification Version 1.2 Revision 85, 2005.
University of Cambridge Computer Laboratory: Xen virtual machinemonitor. http://lwww.cl.cam.ac.ukfResearch/SRG/netos/xen, 2006.
US Department of Defense: Trusted computer system evaluation criteria (orange book). http://www.kernel.org/pub/linuxllibs/security/Orange-Linux/refs/Orange /Orange0-5.html, December 1985.
Utimaco Safeware: Security for mobile pcs and data media-safe guard easy whitepaper. http://www.utimaco.comIC1257OCFOO3OCOOA/vwContentByKey /W26L6EHK398CCHEEN, April 2005.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2006 Friedr. Vieweg & Sohn Verlag | GWV-Fachverlage GmbH, Wiesbaden
About this chapter
Cite this chapter
Alkassar, A., Scheibel, M., Stübel, M., Sadeghi, AR., Winandy, M. (2006). Security Architecture for Device Encryption and VPN. In: ISSE 2006 — Securing Electronic Busines Processes. Vieweg. https://doi.org/10.1007/978-3-8348-9195-2_7
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9195-2_7
Publisher Name: Vieweg
Print ISBN: 978-3-8348-0213-2
Online ISBN: 978-3-8348-9195-2
eBook Packages: Computer ScienceComputer Science (R0)