Download Mutual Attestation of IoT Devices via strongSwan VPN

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Carrier IQ wikipedia , lookup

Malware wikipedia , lookup

Cryptography wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Wireless security wikipedia , lookup

Security-focused operating system wikipedia , lookup

Authentication wikipedia , lookup

Web of trust wikipedia , lookup

Post-quantum cryptography wikipedia , lookup

Quantum key distribution wikipedia , lookup

Mobile security wikipedia , lookup

Next-Generation Secure Computing Base wikipedia , lookup

Diffie–Hellman key exchange wikipedia , lookup

3-D Secure wikipedia , lookup

Secure multi-party computation wikipedia , lookup

Trusted Computing wikipedia , lookup

Transcript 
www.strongswan.org/tnc/
Mutual Attestation of IoT Devices
via strongSwan VPN
SUPPORTED STANDARDS
RFC 4301 Security Architecture for the
Internet Protocol (IPsec)
RFC 4303 IP Encapsulating Security
Payload (ESP)
RFC 7296 Internet Key Exchange
Protocol Version 2 (IKEv2)
RFC 5281 The EAP-TTLS Authentication Protocol Version 0
RFC 5792 PA-TNC: A Posture Attribute
Protocol Compatible with TNC
RFC 5793 PB-TNC: A Posture Broker
Protocol Compatible with TNC
RFC 6876 PT-TLS: Posture Transport
Protocol over TLS
RFC 7171 PT-EAP: Posture Transport
Protocol for EAP Tunnel Methods
TCG TNC IF-IMC 1.3
TCG TNC IF-IMV 1.4
TCG Attestation PTS Protocol:
Binding to TNC IF-M (PA-TNC)
TCG TNC SWID Messages and
Attributes for IF-M (PA-TNC)
ISO/IEC 19770-2:2015 Software
Asset Management Part 2: Software
Identification Tag
Live Demo: Mutual Attestation of Secure Video Phones
Before a pair of Raspberry Pi 2 based video phones set up a secure IPsec-protected
multimedia connection, the IoT devices mutually determine the trustworthiness of
their peer by attesting all system libraries and executables installed on the remote
firmware platform. The SHA-256 file measurement values are exchanged using the
Trusted Network Connect (TNC) protocol suite standardized by the IETF and the
Trusted Computing Group (TCG). The TNC PT-EAP transport protocol is protected
by an EAP-TTLS tunnel which in turn is embedded into the IKEv2 EAP authentication
protocol already used for the IPsec connection setup. A tamper-proof hardware
Trusted Platform Module (TPM) certifies the correctness of the measurement values
by signing the final checksum with a public key bound to the TPM. This solves the
«lying endpoint» problem occurring when an IoT device gets infested by root kit
malware. Each IoT device compares the received measurements with reference
values from a local database. This reference database is regularly updated from a
trusted site in the cloud.
IPsec Software with Quantum-Resistant Cryptography
The open source strongSwan VPN software is ready for the post-quantum-computer
age by offering a novel IKEv2 key exchange method based on NTRU encryption as
well as authentication based on BLISS public key signatures. Both algorithms use
lattices that are known to be resistant against quantum computer attacks.
Related documents
Globalisation- 10 important facts
Globalisation- 10 important facts
Great Lakes
Great Lakes
CHAP 26: GLOBAL BUSINESS
CHAP 26: GLOBAL BUSINESS
Conservation Easements and Climate Change
Conservation Easements and Climate Change
(home market saturated) Mass Produce: Economies of Scale
(home market saturated) Mass Produce: Economies of Scale
Document
Document
board of neighborhood - Tarzana Neighborhood Council
board of neighborhood - Tarzana Neighborhood Council
Packet Radio
Packet Radio
Needed to support their own body weight over a prolonged period of
Needed to support their own body weight over a prolonged period of
Hypertext Transfer Protocol (HTTP)
Hypertext Transfer Protocol (HTTP)
Business Class DSL Routers
Business Class DSL Routers
SDTM Mary Doi
SDTM Mary Doi
Left Focus Test Slide
Left Focus Test Slide
Pipeline Development – Strategies and Tools to Minimize
Pipeline Development – Strategies and Tools to Minimize
IxNetwork
IxNetwork
17NDT
17NDT
GE Sr. Marketing Manager_Job Posting
GE Sr. Marketing Manager_Job Posting
Security services at various protocols levels
Security services at various protocols levels
Actiontec PK5000 Wireless DSL Modem Router Product Datasheet
Actiontec PK5000 Wireless DSL Modem Router Product Datasheet
commercial laboratory services
commercial laboratory services
USB/Ethernet DSL Modem With Wireless Gateway
USB/Ethernet DSL Modem With Wireless Gateway
Actiontec GT704WG Wireless DSL Gateway Product Datasheet
Actiontec GT704WG Wireless DSL Gateway Product Datasheet