Secure end node
A Secure End Node is a trusted, individual computer that temporarily becomes part of a trusted, sensitive, well-managed network and later connects to many other (un)trusted networks/clouds. SEN's cannot communicate good or evil data between the various networks (e.g. exfiltrate sensitive information, ingest malware, etc.). SENs often connect through an untrusted medium (e.g. the Internet) and thus require a secure connection and strong authentication (of the device, software, user, environment, etc.). The amount of trust required (and thus operational, physical, personnel, network, and system security applied) is commensurate with the risk of piracy, tampering, and reverse engineering (within a given threat environment). An essential characteristic of SENs is they cannot persist information as they change between networks (or domains).
The remote, private, and secure network might be organization's in-house network or a cloud service. A Secure End Node typically involves authentication of (i.e. establishing trust in) the remote computer's hardware, firmware, software, and/or user. In the future, the device-user's environment (location, activity, other people, etc.) as communicated by means of its (or the network's) trusted sensors (camera, microphone, GPS, radio, etc.) could provide another factor of authentication.
A Secure End Node solves/mitigates end node problem.
The common, but expensive, technique to deploy SENs is for the network owner to issue known, trusted, unchangeable hardware to users. For example, and assuming apriori access, a laptop's TPM chip can authenticate the hardware (likewise a user's smartcard authenticates the user). A different example is the DoD Software Protection Initiative's Cross Fabric Internet Browsing System that provides browser-only, immutable, anti-tamper thin clients to users Internet browsing. Another example is a non-persistent, remote client that boots over the network.
A less secure but very low cost approach is to trust any hardware (corporate, government, personal, or public) but restrict user and network access to a known kernel (computing) and higher software. An implementation of this is a Linux Live CD that creates a stateless, non-persistent client, for example Lightweight Portable Security. A similar system could boot a computer from a flashdrive or be an immutable operating system within a smartphone or tablet.
- SEN/SKG, http://www.spi.dod.mil/docs/SEN_SKG_DS_20081024.pdf
- LPS main page, http://www.spi.dod.mil/lipose.htm
- Lifehacker, http://lifehacker.com/5824183/lightweight-portable-security-is-a-portable-linux-distro-from-the-department-of-defense
- Linux Journal, http://www.linuxjournal.com/content/linux-distribution-lightweight-portable-security
- InformationWeek, http://www.informationweek.com/news/government/security/231002431
- Secure Pocket Drive, http://www.spyrus.com/products/secure_pocket_drive.asp
- Trusted Client, http://www.becrypt.com/americas/products/trusted-client/product