Interoperable remote attestation for VPN environments

  • Authors:

  • Ingo Bente;Bastian Hellmann;Joerg Vieweg;Josef von Helden;Arne Welzel

  • Affiliations:

  • Trust@FHH Research Group, Fachhochschule Hannover - University of Applied Sciences and Arts, Hannover, Germany;Trust@FHH Research Group, Fachhochschule Hannover - University of Applied Sciences and Arts, Hannover, Germany;Trust@FHH Research Group, Fachhochschule Hannover - University of Applied Sciences and Arts, Hannover, Germany;Trust@FHH Research Group, Fachhochschule Hannover - University of Applied Sciences and Arts, Hannover, Germany;Trust@FHH Research Group, Fachhochschule Hannover - University of Applied Sciences and Arts, Hannover, Germany

  • Venue:
  • INTRUST'10 Proceedings of the Second international conference on Trusted Systems
  • Year:
  • 2010

Quantified Score

Hi-index 0.00

Visualization

Abstract

This paper describes an approach to perform a Remote Attestation in VPN environments, using Trusted Network Connect techniques. The solution is based on the VPN connection set up to authenticate the user, and the afterwards established VPN tunnel to perform a TNC handshake. In this handshake the Remote Attestation takes place. The result of this Attestation is then used by the Policy Enforcement Point to configure a packet filter. The initial configuration of this packet filter allows only communication with the Policy Decision Point and according to the Attestation result, the configuration is changed to either allow or forbid network access. The approach is completely independent of the used VPN solution, thus realising interoperability. The approach is also compared against other ideas for a VPN-based Remote Attestation. Furthermore, this paper also describes an implementation of this approach.