Security Architecture for Device Encryption and VPN

Alkassar, Ammar; Scheibel, Michael; Stübel, Michael; Sadeghi, Ahmad-Reza; Winandy, Marcel

doi:10.1007/978-3-8348-9195-2_7

Ammar Alkassar¹,
Michael Scheibel¹,
Michael Stübel²,
Ahmad-Reza Sadeghi² &
…
Marcel Winandy²

561 Accesses
5 Citations

Abstract

Encryption systems are widely used to protect stored and communicated data from unauthorized access. Unfortunately, most software-based encryption products suffer from various vulnerabilities such as insecure storage and usage capabilities for security-critical cryptographic keys and operations. In this paper we present a security architecture that allows secure, reliable and user-friendly encryption of devices and of TCPIIP communication. The architecture is capable of using Trusted Computing functionalities and offers a security level which is comparable to a hardware based solution, but is far more cost-effective. We have already implemented a device encryption system and a VPN client. Moreover, the security architecture is an appropriate basis for many applications such as Enterprise Rights Management (ERM) and secure Online Banking.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Advanced Micro Devices, Inc.: Amd virtualization solutions. http://enterprise.amd.comlus-enlSolutions/Consolidationlvirtualization.aspx, 2006.
Cisco Systemia]s, Inc: Cisco vpn client security policy, fips release 3.6.7. http://cco.cisco.comlenJtJS/products/sw/secursw/ps2308/prod_configuration guideO9l 86a00802218e3.html, 2004.
Cisco Systems, Inc: Cisco vpn client data sheet. http://cco.cisco.comIenJIJS/products/sw/secursw/ps2308/products_data _sheet0900aecd80la9de9.html, 2005.
EMSCB Project Consortium: The emscb project. http://www.emscb.org, 2006.
Intel Corporation: Intel virtualization technology. http://www.intel.com/technology/computing/vptechI, 2006.
Microsoft Corp.: Secure startup-full volume encryption: Technical overview. http://www.microsoft.comlwhdc/systemiplatformlpcdesign /secure-start_tech.mspx, April 2005.
Microsoft Corp.: Trusted platform module services in windows vista.http://www.microsoft.comlwhdc/systemlplatformlpcdesign /TPM_secure.mspx, April 2005.
Macdonald, R., Smith, S., Marchesini, J., and Wild, O.: Bear: An open-source virtual secure coprocessor based on tcpa. Technical report, Dartmouth College, 2003.
Google Scholar
Marchesini, J., Smith, S., Wild, O., and MacDonald, R.: Experimenting with tcpaltcg hardware, or: How I learned to stop worrying and love the bear. Technical report, Dartmouth College, December 2003.
Google Scholar
Marchesini, J., Smith, S., Wild, O., Stabiner, J., and Barsamian, A.: Open-source applications of tcpa hardware. ACSA/ACM Annual Computer Security Applications Conference, December 2004.
Google Scholar
PGP Corporation: Pgp whole disk encryption for enterprises data sheet. http://www.pgp.comlproducts/wholediskencryptionlpgp_wholedisk _enterprises.html, 2005.
SafeBoot N. V.: Safeboot device encryption for pc. http://www.safeboot.comlproducts/device-encryptionlpc, 2005.
Selhorst, M., and Stüble, C.: Trusted grub. http://www.prosec.rub.de/tmstedgrub.html, 2006.
Sailer, R., Zhang, X., Jaeger, T., and van Doom, L.: Design and implementation of a tcg-based integrity measurement architecture. 13^th Usenix Security Symposium, San Diego, California, August 2004.
Google Scholar
TCG Work Group: TCG TPM Specification Version 1.2 Revision 85, 2005.
Google Scholar
University of Cambridge Computer Laboratory: Xen virtual machinemonitor. http://lwww.cl.cam.ac.ukfResearch/SRG/netos/xen, 2006.
US Department of Defense: Trusted computer system evaluation criteria (orange book). http://www.kernel.org/pub/linuxllibs/security/Orange-Linux/refs/Orange /Orange0-5.html, December 1985.
Utimaco Safeware: Security for mobile pcs and data media-safe guard easy whitepaper. http://www.utimaco.comIC1257OCFOO3OCOOA/vwContentByKey /W26L6EHK398CCHEEN, April 2005.

Download references

Author information

Authors and Affiliations

Sirrix AG Security Technologies, Germany
Ammar Alkassar & Michael Scheibel
Ruhr-University Bochum, Germany
Michael Stübel, Ahmad-Reza Sadeghi & Marcel Winandy

Authors

Ammar Alkassar
View author publications
You can also search for this author in PubMed Google Scholar
Michael Scheibel
View author publications
You can also search for this author in PubMed Google Scholar
Michael Stübel
View author publications
You can also search for this author in PubMed Google Scholar
Ahmad-Reza Sadeghi
View author publications
You can also search for this author in PubMed Google Scholar
Marcel Winandy
View author publications
You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Alkassar, A., Scheibel, M., Stübel, M., Sadeghi, AR., Winandy, M. (2006). Security Architecture for Device Encryption and VPN. In: ISSE 2006 — Securing Electronic Busines Processes. Vieweg. https://doi.org/10.1007/978-3-8348-9195-2_7

Download citation

DOI: https://doi.org/10.1007/978-3-8348-9195-2_7
Publisher Name: Vieweg
Print ISBN: 978-3-8348-0213-2
Online ISBN: 978-3-8348-9195-2
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics