Secure end node

Last updated

A Secure End Node is a trusted, individual computer that temporarily becomes part of a trusted, sensitive, well-managed network and later connects to many other (un)trusted networks/clouds. SEN's cannot communicate good or evil data between the various networks (e.g. exfiltrate sensitive information, ingest malware, etc.). SENs often connect through an untrusted medium (e.g. the Internet) and thus require a secure connection and strong authentication (of the device, software, user, environment, etc.). The amount of trust required (and thus operational, physical, personnel, network, and system security applied) is commensurate with the risk of piracy, tampering, and reverse engineering (within a given threat environment). An essential characteristic of SENs is they cannot persist information as they change between networks (or domains).

The remote, private, and secure network might be organization's in-house network or a cloud service. A Secure End Node typically involves authentication of (i.e. establishing trust in) the remote computer's hardware, firmware, software, and/or user. In the future, the device-user's environment (location, activity, other people, etc.) as communicated by means of its (or the network's) trusted sensors (camera, microphone, GPS, radio, etc.) could provide another factor of authentication.

A Secure End Node solves/mitigates end node problem.

The common, but expensive, technique to deploy SENs is for the network owner to issue known, trusted, unchangeable hardware to users. For example, and assuming apriori access, a laptop's TPM chip can authenticate the hardware (likewise a user's smartcard authenticates the user). A different example is the DoD Software Protection Initiative's Cross Fabric Internet Browsing System that provides browser-only, immutable, anti-tamper thin clients to users Internet browsing. Another example is a non-persistent, remote client that boots over the network. [1]

A less secure but very low cost approach is to trust any hardware (corporate, government, personal, or public) but restrict user and network access to a known kernel (computing) and higher software. An implementation of this is a Linux Live CD that creates a stateless, non-persistent client, for example Lightweight Portable Security. [2] [3] [4] [5] A similar system could boot a computer from a flashdrive [6] [7] or be an immutable operating system within a smartphone or tablet.

See also

Related Research Articles

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.

Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line, login, and remote command execution, but any network service can be secured with SSH.

Thin client Non-powerful computer optimized for remote server access

In computer networking, a thin client is a simple (low-performance) computer that has been optimized for establishing a remote connection with a server-based computing environment. The server does most of the work, which can include launching software programs, performing calculations, and storing data. This contrasts with a fat client or a conventional personal computer; the former is also intended for working in a client–server model but has significant local processing power, while the latter aims to perform its function mostly locally.

Telnet Network protocol for bidirectional communication using a virtual terminal connection

Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP).

Trusted Computing (TC), also often referred to as Confidential Computing, is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning. The core idea of trusted computing is to give hardware manufacturers control over what software does and does not run on a system by refusing to run unsigned software. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by computer hardware and software. Enforcing this behavior is achieved by loading the hardware with a unique encryption key that is inaccessible to the rest of the system and the owner.

Secure cryptoprocessor Device used for encryption

A secure cryptoprocessor is a dedicated computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. Unlike cryptographic processors that output decrypted data onto a bus in a secure environment, a secure cryptoprocessor does not output decrypted data or decrypted program instructions in an environment where security cannot always be maintained.

Public key infrastructure

A public key infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred.

The Network Information Service, or NIS, is a client–server directory service protocol for distributing system configuration data such as user and host names between computers on a computer network. Sun Microsystems developed the NIS; the technology is licensed to virtually all other Unix vendors.

A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name files outside the designated directory tree. The term "chroot" may refer to the chroot(2) system call or the chroot(8) wrapper program. The modified environment is called a chroot jail.

In computer security, a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures and/or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory scratch space. Network access, the ability to inspect the host system, or read from input devices are usually disallowed or heavily restricted.

Trusted Platform Module Standard for secure cryptoprocessors

Trusted Platform Module is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard.


This is a comparison of notable free and open-source configuration management software, suitable for tasks like server configuration, orchestration and infrastructure as code typically performed by a system administrator.

Intel Active Management Technology Hardware and firmware

Intel Active Management Technology (AMT) is hardware and firmware for remote out-of-band management of select business computers, running on the Intel Management Engine, a separate microprocessor not exposed to the user, in order to monitor, maintain, update, upgrade, and repair them. Out-of-band (OOB) or hardware-based management is different from software-based management and software management agents.

SSL-Explorer: Community Edition

SSL-Explorer: Community Edition was an open-source SSL VPN product developed by 3SP Ltd, a company acquired by Barracuda Networks. It is licensed under the GNU General Public License (GPL), and is aimed primarily at smaller businesses that need remote access to internal network resources.

Man-in-the-browser, a form of Internet threat related to man-in-the-middle (MITM), is a proxy Trojan horse that infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a covert fashion invisible to both the user and host web application. A MitB attack will be successful irrespective of whether security mechanisms such as SSL/PKI and/or two- or three-factor authentication solutions are in place. A MitB attack may be countered by using out-of-band transaction verification, although SMS verification can be defeated by man-in-the-mobile (MitMo) malware infection on the mobile phone. Trojans may be detected and removed by antivirus software; this approach scored a 23% success rate against Zeus in 2009 and still low rates in a 2011 report. The 2011 report concluded that additional measures on top of antivirus software were needed.

The end node problem arises when individual computers are used for sensitive work and/or temporarily become part of a trusted, well-managed network/cloud and then are used for more risky activities and/or join untrusted networks. End nodes often are not managed to the trusted network‘s high computer security standards. End nodes often have weak/outdated software, weak security tools, excessive permissions, mis-configurations, questionable content and apps, and covert exploitations. Cross contamination and unauthorized release of data from within a computer system becomes the problem.

Lightweight Portable Security

Lightweight Portable Security (LPS) was a Linux LiveCD distribution, developed and publicly distributed by the United States Department of Defense’s Air Force Research Laboratory, that is designed to serve as a secure end node. The Air Force Research Laboratory actively maintained LPS and its successor, Trusted End Node Security (TENS) from 2007 to 2021. It can run on almost any x86_64 computer. LPS boots only in RAM, creating a pristine, non-persistent end node. It supports DoD-approved Common Access Card (CAC) readers, as required for authenticating users into PKI-authenticated gateways to access internal DoD networks.

A trusted execution environment (TEE) is a secure area of a main processor. It guarantees code and data loaded inside to be protected with respect to confidentiality and integrity. A TEE as an isolated execution environment provides security features such as isolated execution, integrity of applications executing with the TEE, along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security for trusted applications running on the device than a rich operating system (OS) and more functionality than a 'secure element' (SE).

μTorrent Proprietary adware BitTorrent client

μTorrent, or uTorrent is a proprietary adware BitTorrent client owned and developed by Rainberry, Inc. With over 150 million users. It is the most widely used BitTorrent client outside China; globally only behind Xunlei. The "μ" in its name comes from the SI prefix "micro-", referring to the program's small memory footprint: the program was designed to use minimal computer resources while offering functionality comparable to larger BitTorrent clients such as Vuze or BitComet. μTorrent became controversial in 2015 when many users unknowingly accepted a default option during installation which also installed a cryptocurrency miner. The miner was removed in later versions, but had already done irreversible damage to μTorrent's reputation.

References

  1. SEN/SKG, "Archived copy" (PDF). Archived from the original (PDF) on 2011-10-18. Retrieved 2011-09-26.CS1 maint: archived copy as title (link)
  2. LPS main page, "Archived copy". Archived from the original on 2012-09-02. Retrieved 2012-07-31.CS1 maint: archived copy as title (link)
  3. Lifehacker, http://lifehacker.com/5824183/lightweight-portable-security-is-a-portable-linux-distro-from-the-department-of-defense
  4. Linux Journal, http://www.linuxjournal.com/content/linux-distribution-lightweight-portable-security
  5. InformationWeek, http://www.informationweek.com/news/government/security/231002431
  6. Secure Pocket Drive, "Archived copy". Archived from the original on 2011-09-03. Retrieved 2011-09-26.CS1 maint: archived copy as title (link)
  7. Trusted Client, "Archived copy". Archived from the original on 2010-12-06. Retrieved 2011-09-26.CS1 maint: archived copy as title (link)