Secure end node


A Secure End Node is a trusted, individual computer that temporarily becomes part of a trusted, sensitive, well-managed network and later connects to many other trusted networks/clouds. SEN's cannot communicate good or evil data between the various networks. SENs often connect through an untrusted medium and thus require a secure connection and strong authentication. The amount of trust required is commensurate with the risk of piracy, tampering, and reverse engineering. An essential characteristic of SENs is they cannot persist information as they change between networks.
The remote, private, and secure network might be organization's in-house network or a cloud service. A Secure End Node typically involves authentication of the remote computer's hardware, firmware, software, and/or user. In the future, the device-user's environment as communicated by means of its trusted sensors could provide another factor of authentication.
A Secure End Node solves/mitigates end node problem.
The common, but expensive, technique to deploy SENs is for the network owner to issue known, trusted, unchangeable hardware to users. For example, and assuming apriori access, a laptop's TPM chip can authenticate the hardware. A different example is the DoD 's that provides browser-only, immutable, anti-tamper thin clients to users Internet browsing. Another example is a non-persistent, remote client that boots over the network.
A less secure but very low cost approach is to trust any hardware but restrict user and network access to a known kernel and higher software. An implementation of this is a Linux Live CD that creates a stateless, non-persistent client, for example Lightweight Portable Security. A similar system could boot a computer from a flashdrive or be an immutable operating system within a smartphone or tablet.