Mutual remote attestation in IPSec based VPN
Secure communication between computer systems is normally established using secure tunnel technologies such as Internet Protocol Security (IPSec). IPSec protocol guarantees authenticity of communication and secure the data at each gateway but it does not provide any assurance on the entity authentic...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Malaysian Society for Cryptology Research
2013
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/51910/1/Mutual%20remote%20attestation%20in%20IPSec%20based%20VPN.pdf http://psasir.upm.edu.my/id/eprint/51910/ http://www.mscr.org.my/ijcr_volumes%204(1).htm |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Putra Malaysia |
| Language: | English |
| id |
my.upm.eprints.51910 |
|---|---|
| record_format |
eprints |
| spelling |
my.upm.eprints.519102017-05-03T04:20:07Z http://psasir.upm.edu.my/id/eprint/51910/ Mutual remote attestation in IPSec based VPN Abd Aziz, Norazah Setapa, Sharipah Udzir, Nur Izura Secure communication between computer systems is normally established using secure tunnel technologies such as Internet Protocol Security (IPSec). IPSec protocol guarantees authenticity of communication and secure the data at each gateway but it does not provide any assurance on the entity authentication. So, it is important to make sure the trustworthiness of the remote party that already has a faithful system. Trusted Computing Group (TCG) has introduced a platform to solve this issue into the mainstream computer industry through their main approach called Trusted Platform Module (TPM). TPM is a security module which has been designed to store information of system events securely as well as the key component in the attestation realization. Trusted Computing Platform (TCP) provides a mechanism to supports attestation by its Platform Configuration Registers (PCR) which has become the integrity measurement of a platform. Attestation is a mechanism to provide remote assurance of the state of the hardware component running on a computing device. This paper, proposes an extension to the IPSec key exchange protocol by establishing properties-based attestation. An embedded attestation extension is provided in VPN communication such as IPSec protocol by establishing mutual properties based attestation using Internet Security Association and Key Management Protocol (ISAKMP) measurement value as properties that are computed from security policy database (SPD). Hence, the proposed approach will protect both sender's and receiver's platforms integrity at their respective gateways. Malaysian Society for Cryptology Research 2013 Article PeerReviewed application/pdf en http://psasir.upm.edu.my/id/eprint/51910/1/Mutual%20remote%20attestation%20in%20IPSec%20based%20VPN.pdf Abd Aziz, Norazah and Setapa, Sharipah and Udzir, Nur Izura (2013) Mutual remote attestation in IPSec based VPN. International Journal of Cryptology Research, 4 (1). pp. 55-67. ISSN 1985-5753 http://www.mscr.org.my/ijcr_volumes%204(1).htm |
| institution |
Universiti Putra Malaysia |
| building |
UPM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Putra Malaysia |
| content_source |
UPM Institutional Repository |
| url_provider |
http://psasir.upm.edu.my/ |
| language |
English |
| description |
Secure communication between computer systems is normally established using secure tunnel technologies such as Internet Protocol Security (IPSec). IPSec protocol guarantees authenticity of communication and secure the data at each gateway but it does not provide any assurance on the entity authentication. So, it is important to make sure the trustworthiness of the remote party that already has a faithful system. Trusted Computing Group (TCG) has introduced a platform to solve this issue into the mainstream computer industry through their main approach called Trusted Platform Module (TPM). TPM is a security module which has been designed to store information of system events securely as well as the key component in the attestation realization. Trusted Computing Platform (TCP) provides a mechanism to supports attestation by its Platform Configuration Registers (PCR) which has become the integrity measurement of a platform. Attestation is a mechanism to provide remote assurance of the state of the hardware component running on a computing device. This paper, proposes an extension to the IPSec key exchange protocol by establishing properties-based attestation. An embedded attestation extension is provided in VPN communication such as IPSec protocol by establishing mutual properties based attestation using Internet Security Association and Key Management Protocol (ISAKMP) measurement value as properties that are computed from security policy database (SPD). Hence, the proposed approach will protect both sender's and receiver's platforms integrity at their respective gateways. |
| format |
Article |
| author |
Abd Aziz, Norazah Setapa, Sharipah Udzir, Nur Izura |
| spellingShingle |
Abd Aziz, Norazah Setapa, Sharipah Udzir, Nur Izura Mutual remote attestation in IPSec based VPN |
| author_facet |
Abd Aziz, Norazah Setapa, Sharipah Udzir, Nur Izura |
| author_sort |
Abd Aziz, Norazah |
| title |
Mutual remote attestation in IPSec based VPN |
| title_short |
Mutual remote attestation in IPSec based VPN |
| title_full |
Mutual remote attestation in IPSec based VPN |
| title_fullStr |
Mutual remote attestation in IPSec based VPN |
| title_full_unstemmed |
Mutual remote attestation in IPSec based VPN |
| title_sort |
mutual remote attestation in ipsec based vpn |
| publisher |
Malaysian Society for Cryptology Research |
| publishDate |
2013 |
| url |
http://psasir.upm.edu.my/id/eprint/51910/1/Mutual%20remote%20attestation%20in%20IPSec%20based%20VPN.pdf http://psasir.upm.edu.my/id/eprint/51910/ http://www.mscr.org.my/ijcr_volumes%204(1).htm |
| _version_ |
1643835092519354368 |