Design and implementation of an open security architecture for a software-based security module


Tezin Türü: Yüksek Lisans

Tezin Yürütüldüğü Kurum: Orta Doğu Teknik Üniversitesi, Enformatik Enstitüsü, Siber Güvenlik Anabilim Dalı, Türkiye

Tezin Onay Tarihi: 2009

Öğrenci: KAAN KAYNAR

Danışman: ATTİLA ÖZGİT

Özet:

Main purpose of this thesis work is to design a comprehensive and open security architecture whose desired parts could be realized on a general-purpose embedded computer without any special cryptography hardware. The architecture provides security mechanisms that implement known cryptography techniques, operations of some famous network security protocols and appropriate system security methods. Consequently, a server machine may offload a substantial part of its security processing tasks to an embedded computer realizing the architecture. The mechanisms provided can be accessed by a server machine using a client-side API and via a secure protocol which provides message integrity and peer authentication. To demonstrate the practicability of the security architecture, a set of its security mechanisms was realized on an embedded PC/104-plus computer. A server machine was connected to and requested mechanisms from the embedded computer over the Ethernet network interface. Four types of performance parameters were measured. They are; number of executions of a symmetric encryption method by the embedded computer per second, number of executions of a public-key signing method by the embedded computer per second, footprint of the implementation on the embedded computer memory, and the embedded computer CPU power utilized by the implementation. Apart from various security mechanisms and the secure protocol via which they can be accessed, the architecture defines a reliable software-based method for protection and storage of secret information belonging to clients.