Combining User and Platform Trust Properties to Enhance VPN Client Authentication
نویسندگان
چکیده
With PC manufacturers aggressively pushing trusted architectures in their new models, Trusted Platforms are quickly becoming a major component of the IT landscape. These platforms embed a security chip, the Trusted Platform Module (TPM), that is primarily used to attest the integrity of the system but that can also accurately identify the platform. While platform identification raises privacy issue in the consumer space, it represents a major requirement for corporations. Platform identification is particularly important in the case of remote access to corporate resources. Today, Virtual Private Network (VPN) client authentication mostly focuses on end-user identity without addressing the trust properties of the platform the end-user is operating. Starting with the benefits that TPM-based platform identification and authentication can bring to VPN client authentication this paper demonstrates how platform and end-user trust properties can be combined in a standard VPN authentication framework, such as the Extensible Authentication Protocol, and discusses possible implementations.
منابع مشابه
Bandwidth and Delay Optimization by Integrating of Software Trust Estimator with Multi-User Cloud Resource Competence
Trust Establishment is one of the significant resources to enhance the scalability and reliability of resources in the cloud environment. To establish a novel trust model on SaaS (Software as a Service) cloud resources and to optimize the resource utilization of multiple user requests, an integrated software trust estimator with multi-user resource competence (IST-MRC) optimization mechanism is...
متن کاملA Person-Oriented Ubiquitous and Secure Information Communication Environment Supported by Data-Driven Networking Processor
This paper proposes a basic concept of person-oriented ubiquitous and secure information sharing environment. In the ubiquitous network environment, people, within a predefined restriction, can access and use information, network and computing resources wherever and whenever they are. Here, the owner of the resource and/or information is not necessarily same as the user. At the same time, the u...
متن کاملProof of Concept Implementation of Trustworthy Mutual Attestation Architecture for True Single Sign-on
To overcome computer network issues, user credentials for security and management have been used for single sign-on solutions and they have apparently helped to boost the security and usability of credentials. For true single sign-on solutions, where trusted entities are assisted by trusted platform module in the client and server platforms, they need a module that plays the role of authenticat...
متن کاملAn Enhanced Remote Authentication Scheme using Secure Key Exchange Protocol with Platform Integrity Attestation
Most remote authentication schemes use key exchange protocol to provide secure communication over an untrusted network. The protocol enables remote client and host to authenticate each other and communicate securely with prearranged shared secret key or server secret key. Many remote services environment such as online banking and electronic commerce are dependent on remote authentication schem...
متن کاملUser Authentication with Smart Cards in Trusted Computing Architecture
The introduction of smart cards into trusted architectures establishes a clear-cut separation between the roles and responsibilities of both platform and user. On one hand, the Trusted Platform Module (TPM) ensures the platform trustworthiness and secures platform credentials and secrets, while smart cards guarantee user identity and protect user credentials and access authorization. Starting f...
متن کامل