Lock-Keeper: A New Implementation of Physical Separation Technology

  • Feng Cheng
  • Christoph Meinel


“Physical Separation” is a simple, but hard to be realized, security concept. The paper proposes a new implementation of this principle, named Lock-Keeper. By means of the SingleGate Lock-Keeper system, which is an initial realization of the Lock-Keeper technology, the possibility of direct network attacks to a protected network can be eliminated entirely and data can be exchanged between two networks through a completely secure and reliable way. The analysis on comparing the Lock-Keeper with other similar “Physical Separation” approaches shows that this new implementation has a lot of remarkable innovations. As an advanced implementation, the DualGate Lock-Keeper is proposed by including another new “gate” unit. Along with this development, the Lock-Keeper’s performance on data transfer, especially the throughput, is improved significantly as well as some other new functional characteristics appear to make the Lock-Keeper technology more efficient, flexible and applicable. In addition, several application scenarios are revealed to explain how the Lock-Keeper can be integrated into complex structures and provide a higher level of security.


Data Transfer Versus Versus Versus Versus Physical Separation Versus Versus Versus Versus Versus Security Solution 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [Brun94]
    Brunnstein, K.: Beastware (Viren, Würmer, trojanische Pferde): Paradigmen systemischer Unsicherheit, sichere Daten, sichere Kommunikation, Springer-Verlag, 1994.Google Scholar
  2. [BrCo+02]
    Brunner, R., Cochen, F., et al.: Java™ Web Services Unleashed, Sams Publishing, 2002.Google Scholar
  3. [ChBe+03]
    Cheswick, W., R., Bellovin, S. M., et. al.: Firewalls and Internet Security: Repelling the Wily Hacker, Addison-Wesley, 2003.Google Scholar
  4. [ChMeO4]
    Cheng, F. and Meinel, Ch.: Research on the Lock-Keeper Technology: Architectures, Applications and Advancements, International Journal of Computer & Information Science, Vol. 5, No. 3, September 2004, pp. 236–245.Google Scholar
  5. [FeHu98]
    Ferguson, P. and Huston P.: White paper: “What is a VPN?”, Revision 1, April 1998.Google Scholar
  6. [HEMe98]
    Haffner, Ernst-Georg, Engel, Th., and Meinel, Ch.: The Flood-Gate Principle-a Hybrid Approach to a High Security Solution, in Proc. of the International Conference on Information Security and Cryptology (ICISC’98), Seoul, South Korea, December 18-19, 1998, pp. 147–160.Google Scholar
  7. [KaMo93]
    Kang, M. H. and Moskowitz, I. S.: A Pump for Rapid, Reliable, Secure Communication, in Proceedings of 1st ACM Conference on Computer & Communications Security, Fairfax, VA, Nov 3-5, 1993, pp. 119-129.Google Scholar
  8. [LWSIO5]
    Lock-Keeper Website in Siemens Switzerland, http://www.siemens.chl, 2005.
  9. [LWHPO4]
    Lock-Keeper Website in Hasso-Plattner-Institute at University of Potsdam, http://www.hpi.uni-potsdam.de/—meinellprojectsflock-keeper.html, 2004.
  10. [MeSaO4]
    Meinel, Ch. and Sack, H.: WWW-Kommunikation, Internetworking, WebTechnologien, Springer-Verlag, Berlin, Heidelberg, New York, 2004.Google Scholar
  11. [SearO5]
    Sears, T.: Internet Access and Security Solutions: Description of Security Features and Benefits, Technical Report of Network Appliance, Inc., 2005.Google Scholar
  12. [TaneO3]
    Tanenbaum, A. S.: Computer Networks, fourth edition, Prentice Hall, March, 2003.Google Scholar
  13. [Wood79]
    Woodward, J. P. L.: Applications for Multilevel Secure Operating Systems, proceedings of the NCC 48, 1979, pp. 319–328.Google Scholar
  14. [Denn84]
    Denning, D. E.: Cryptographic Checksums for Multilevel Database Security, in Proc. of the 1984 Symposium on Security and Privacy, Silver Spring 1984, pp. 52-61.Google Scholar
  15. [Ziem+96]
    Ziemba, G. P., et al.: Request for Comments: 1858, Security Considerations-IP Fragment Filtering, 1996.Google Scholar

Copyright information

© Friedr. Vieweg & Sohn Verlag | GWV-Fachverlage GmbH, Wiesbaden 2006

Authors and Affiliations

  • Feng Cheng
    • 1
  • Christoph Meinel
    • 1
  1. 1.Hasso-Plattner-InstituteUniversity of PotsdamPotsdamGermany

Personalised recommendations