A SYSTEM AND METHOD FOR ESTABLISHING MUTUAL REMOTE ATTESTATION IN INTERNET PROTOCOL SECURITY (IPSEC) BASED VIRTUAL PRIVATE NETWORK (VPN)

摘要

The system and method of the present invention proposes an extension to the IPSec key exchange protocol by establishing properties-based attestation using key management service. The present invention protects integrity between network encryptor of sender-receiver/gateway to gateway platform machine by measuring properties which bundles with IPSec based VPN network. The system of the present invention comprising at least one sender and receiver platform; IPsec components extension; a plurality of properties of remote attestation modules (600); at least one signer mechanism (602); and at least one TPM (604). The methodology of the present invention establishes mutual remote attestation in IPSec based VPN by obtaining at least one key management service (KeyMS) measurement value to configure each KeyMS in VPN (102); establishing attestation in KeyMS session (104); signing Encapsulation Security Protocol (ESP) Authentication header (AH) packet with TPM certificate (106); appending signature to ESP and/or AH payload (108) and validating attestation data between gateways through trusted third party (110).