Using Trusted Platform Modules for Location Assurance in Cloud Networking

  • Christoph Krauß
  • Volker Fusenig
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7873)


In cloud networking users may want to control where their virtual resources are stored or processed, e.g., only in western Europe and not in the US. Cloud networking is the combined management of cloud computing and network infrastructures of different providers and enables dynamic and flexible placement of virtual resources in this distributed environment. In this paper, we propose a mechanism for verifying the geographic location of a virtual resource. Our approach uses Trusted Platform Modules (TPM) to identify physical machines and a trusted authority which verifies the actual location. In addition, our approach enables the verification of the trustworthiness of the machine of the cloud operator.


Security Cloud Networking TPM Location 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (directive on privacy and electronic communications). Official Journal of the European Union (L201), 0037–0047 (2002)Google Scholar
  2. 2.
    Amazon Virtual Private Cloud (July 2012),
  3. 3.
    CloudAudit: A6 - The Automated Audit, Assertion, Assessment, and Assurance API (July 2012),
  4. 4.
    Google App Engine (July 2012),
  5. 5.
    Google Docs (July 2012),
  6. 6.
    Trusted GRUB website (July 2012),
  7. 7.
    Xen website (July 2012),
  8. 8.
    Basescu, C., Carpen-Amarie, A., Leordeanu, C., Costan, A., Antoniu, G.: Managing data access on clouds: A generic framework for enforcing security policies. In: AINA, pp. 459–466. IEEE Computer Society (2011)Google Scholar
  9. 9.
    Castelluccia, C., Francillon, A., Perito, D., Soriente, C.: On the difficulty of software-based attestation of embedded devices. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 400–409. ACM (2009)Google Scholar
  10. 10.
    Chen, Y., Xiong, Y., Shi, X., Deng, B., Li, X.: Pharos: A decentralized and hierarchical network coordinate system for internet distance prediction. In: GLOBECOM, pp. 421–426 (2007)Google Scholar
  11. 11.
    Dabek, F., Cox, R., Kaashoek, F., Morris, R.: Vivaldi: A decentralized network coordinate system. In: SIGCOMM, pp. 15–26 (2004)Google Scholar
  12. 12.
    ENISA. Cloud computing security risk assessment. Technical report, European Network and Information Security Agency, ENISA (2009)Google Scholar
  13. 13.
    Fraser, D.: The canadian response to the USA Patriot Act. IEEE Security Privacy 5(5), 66–68 (2007)CrossRefGoogle Scholar
  14. 14.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC 2009: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, pp. 169–178. ACM, New York (2009)CrossRefGoogle Scholar
  15. 15.
    Heiser, J., Nicolett, M.: Assessing the security risks of cloud computing. Technical report, Gartner (2008)Google Scholar
  16. 16.
    Iskander, M.K., Wilkinson, D.W., Lee, A.J., Chrysanthis, P.K.: Enforcing policy and data consistency of cloud transactions. In: Proceedings of the Second International Workshop on Security and Privacy in Cloud Computing, ICDCS-SPCC 2011. IEEE Computer Society, Washington, DC (2011)Google Scholar
  17. 17.
    Ng, T.S.E., Zhang, H.: Towards global network positioning. In: Proceedings of the First ACM SIGCOMM Workshop on Internet Measurement, pp. 25–29 (2001)Google Scholar
  18. 18.
    Peterson, Z.N.J., Gondree, M., Beverly, R.: A position paper on data sovereignty: the importance of geolocating data in the cloud. In: Proceedings of the 3rd USENIX Conference on Hot Topics in Cloud Computing, HotCloud 2011 (2011)Google Scholar
  19. 19.
    Ries, T., Fusenig, V., Vilbois, C., Engel, T.: Verification of data location in cloud networking. In: Proceedings of the First International Workshop on Cloud Service Quality Measurement and Comparison, CSQMC 2011. IEEE Computer Society (2011)Google Scholar
  20. 20.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. In: Proceedings of the 13th Usenix Security Symposium (2004)Google Scholar
  21. 21.
    Shamir, A.: How to share a secret. Commun. ACM 22, 612–613 (1979)MathSciNetzbMATHCrossRefGoogle Scholar
  22. 22.
    Trusted Computing Group. Cloud computing and security - a natural match. Technical report, Trusted Computing Group (2010)Google Scholar
  23. 23.
    Trusted Computing Group. TPM Main Specification (2011)Google Scholar
  24. 24.
    De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Pelosi, G., Samarati, P.: Encryption-based policy enforcement for cloud storage. In: Proceedings of the 2010 IEEE 30th International Conference on Distributed Computing Systems Workshops, ICDCSW 2010, pp. 42–51 (2010)Google Scholar
  25. 25.
    Yao, A.C.: Protocols for secure computations. In: Proceedings of the 23rd Annual Symposium on Foundations of Computer Science, SFCS 1982, pp. 160–164. IEEE Computer Society, Washington, DC (1982)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Christoph Krauß
    • 1
  • Volker Fusenig
    • 2
  1. 1.Fraunhofer Research Institution for Applied and Integrated Security (AISEC)GarchingGermany
  2. 2.Siemens AGMunichGermany

Personalised recommendations