Lock-Keeper: A New Implementation of Physical Separation Technology
“Physical Separation” is a simple, but hard to be realized, security concept. The paper proposes a new implementation of this principle, named Lock-Keeper. By means of the SingleGate Lock-Keeper system, which is an initial realization of the Lock-Keeper technology, the possibility of direct network attacks to a protected network can be eliminated entirely and data can be exchanged between two networks through a completely secure and reliable way. The analysis on comparing the Lock-Keeper with other similar “Physical Separation” approaches shows that this new implementation has a lot of remarkable innovations. As an advanced implementation, the DualGate Lock-Keeper is proposed by including another new “gate” unit. Along with this development, the Lock-Keeper’s performance on data transfer, especially the throughput, is improved significantly as well as some other new functional characteristics appear to make the Lock-Keeper technology more efficient, flexible and applicable. In addition, several application scenarios are revealed to explain how the Lock-Keeper can be integrated into complex structures and provide a higher level of security.
KeywordsData Transfer Versus Versus Versus Versus Physical Separation Versus Versus Versus Versus Versus Security Solution
Unable to display preview. Download preview PDF.
- [Brun94]Brunnstein, K.: Beastware (Viren, Würmer, trojanische Pferde): Paradigmen systemischer Unsicherheit, sichere Daten, sichere Kommunikation, Springer-Verlag, 1994.Google Scholar
- [BrCo+02]Brunner, R., Cochen, F., et al.: Java™ Web Services Unleashed, Sams Publishing, 2002.Google Scholar
- [ChBe+03]Cheswick, W., R., Bellovin, S. M., et. al.: Firewalls and Internet Security: Repelling the Wily Hacker, Addison-Wesley, 2003.Google Scholar
- [ChMeO4]Cheng, F. and Meinel, Ch.: Research on the Lock-Keeper Technology: Architectures, Applications and Advancements, International Journal of Computer & Information Science, Vol. 5, No. 3, September 2004, pp. 236–245.Google Scholar
- [FeHu98]Ferguson, P. and Huston P.: White paper: “What is a VPN?”, Revision 1, April 1998.Google Scholar
- [HEMe98]Haffner, Ernst-Georg, Engel, Th., and Meinel, Ch.: The Flood-Gate Principle-a Hybrid Approach to a High Security Solution, in Proc. of the International Conference on Information Security and Cryptology (ICISC’98), Seoul, South Korea, December 18-19, 1998, pp. 147–160.Google Scholar
- [KaMo93]Kang, M. H. and Moskowitz, I. S.: A Pump for Rapid, Reliable, Secure Communication, in Proceedings of 1st ACM Conference on Computer & Communications Security, Fairfax, VA, Nov 3-5, 1993, pp. 119-129.Google Scholar
- [LWSIO5]Lock-Keeper Website in Siemens Switzerland, http://www.siemens.chl, 2005.
- [LWHPO4]Lock-Keeper Website in Hasso-Plattner-Institute at University of Potsdam, http://www.hpi.uni-potsdam.de/—meinellprojectsflock-keeper.html, 2004.
- [MeSaO4]Meinel, Ch. and Sack, H.: WWW-Kommunikation, Internetworking, WebTechnologien, Springer-Verlag, Berlin, Heidelberg, New York, 2004.Google Scholar
- [SearO5]Sears, T.: Internet Access and Security Solutions: Description of Security Features and Benefits, Technical Report of Network Appliance, Inc., 2005.Google Scholar
- [TaneO3]Tanenbaum, A. S.: Computer Networks, fourth edition, Prentice Hall, March, 2003.Google Scholar
- [Wood79]Woodward, J. P. L.: Applications for Multilevel Secure Operating Systems, proceedings of the NCC 48, 1979, pp. 319–328.Google Scholar
- [Denn84]Denning, D. E.: Cryptographic Checksums for Multilevel Database Security, in Proc. of the 1984 Symposium on Security and Privacy, Silver Spring 1984, pp. 52-61.Google Scholar
- [Ziem+96]Ziemba, G. P., et al.: Request for Comments: 1858, Security Considerations-IP Fragment Filtering, 1996.Google Scholar