Efficient, DoS-resistant, secure key exchange for internet protocols
Proceedings of the 9th ACM conference on Computer and communications security
IPSec
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
DoS protection for UDP-based protocols
Proceedings of the 10th ACM conference on Computer and communications security
Attacking the IPsec Standards in Encryption-only Configurations
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Problem areas for the IP security protocols
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Towards trustworthy computing systems: taking microkernels to the next level
ACM SIGOPS Operating Systems Review
A cryptographic tour of the IPsec standards
Information Security Tech. Report
Extending IPsec for efficient remote attestation
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
Interoperable remote attestation for VPN environments
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Hi-index | 0.00 |
Virtual Private Networks are a popular mechanism for building complex network infrastructures. Such infrastructures are usually accompanied by strict administrative restrictions on all VPN endpoints to protect the perimeter of the VPN. However, enforcement of such restrictions becomes difficult if these endpoints are personal computers used for remote VPN access. Commonly employed measures like anti-virus or software agents fail to defend against unanticipated attacks. The Trusted Computing Group invested significant work into platforms that are capable of secure integrity reporting. However, trusted boot and remote attestation also require a redesign of critical software components to achieve their full potential. In this work, we design and implement a VPN architecture for trusted platforms. We solve the conflict between security and flexibility by implementing a self-contained VPN service that resides in an isolated area, outside the operating system environment visible to the user. We develop a hardened version of the IPsec architecture and protocols by addressing known security issues and reducing the overall complexity of IPsec and IKEv2. The resulting prototype provides access control and secure channels for arbitrary local compartments and is also compatible with typical IPsec configurations. We expect our focus on security and reduced complexity to result in much more stable and thus also more trustworthy software.