Research Of Enhancement Of SSL VPN Protocol Based On TPM

VPN Systems, which are mainly based on techniques such as tunnel, authorization and encryption, enable us to communicate in the open Internet environment without worrying about the threats from endorsement, unauthorized access or several other attacking methods.According to its implementation and protocol level, the current VPN systems can be divided into three classes: L2TP, which is working on data-link level, IPSec VPN, network level, and SSL VPN, which is session level. IPSec VPN is the most widely deployed one, which replaces the tradition TCP/IP kernel protocols stack with its own.SSL VPN is much more simple and flexible when compared with IPSec VPN, and now has got fast growth in both large enterprises and small business units. But every coin has two sides, basing on high level protocol gives SSL VPN the flexibility to adjust to various application environments, while make it vulnerable to attacks from lower levels. So it's quite reasonable that we try to find a solution to those problems.Trusted Computing is a new solution to the current information security. It's enables end-to-end machine level authorization mechanism. Trusted Platform Module (TPM) is the key component of the above concept. We can use this little facility to solve some of the most difficult security problems from machine level. TPM has also become more and more widely used in the last few years.This paper designs the enhancement of SSL VPN system based on TPM. By studying the protocol and communication details of SSL VPN, we present the TPM based solution In order to be compatible with the now widely deployed SSL VPN system, we extend the TLS handshake protocol with TPM facilities, and give a detailed description about how it works. Inorder to analyze the solution presented in this paper, we implement and test extended TLS handshake protocol, as well as the standard TLS handshake protocol which is used to campare with. By comparing the testing result we can better understand this solution. And finally we give some examples of its use in the electronic commerce.The extended handshake protocol designed in this paper makes a good enhancement to the current SSL VPN system.