Previous work introduced TrustGuard, a design for a containment architecture that allows only the result of the correct execution of approved software to be outputted. A containment architecture prevents results from malicious hardware or software from being communicated externally. At the core of TrustGuard is a trusted, pluggable device that sits on the path between an untrusted processor and the outside world. This device, called the Sentry, is responsible for validating the correctness of all communication before it leaves the system. This thesis seeks to leverage the correctness guarantees that the Sentry provides to enable efficient secure communication between two systems each protected by their own Sentry. This thesis reviews the literature for methods of enabling secure communication between two computer-Sentry pairs. It categorizes the pieces of the solution into three sections: attestation, establishing a tunnel, and communicating securely. Attestation in this context provides evidence of identity. It proposes a new configurable design for a secure network architecture, which includes a new version of the Sentry with a hardware accelerator for secure symmetric encryption, ring oscillator-based physically unclonable functions, and random number generators for attestation and key generation. These design elements are then evaluated based on how they might affect the overall system in terms of resource constraints, performance impacts, and scalability.
| Identifer | oai:union.ndltd.org:CALPOLY/oai:digitalcommons.calpoly.edu:theses-4484 |
| Date | 01 June 2024 |
| Creators | Ward, Blake A |
| Publisher | DigitalCommons@CalPoly |
| Source Sets | California Polytechnic State University |
| Detected Language | English |
| Type | text |
| Format | application/pdf |
| Source | Master's Theses |
Page generated in 0.0108 seconds