An efficient implementation of trusted channels based on openssl

Security breaches on the Internet rarely involve compromising secure channels - typically based on protocols like Transport Layer Security (TLS) or Internet Protocol Security (IPsec) - because communication endpoints are much easier to compromise. Recent approaches aiming to solve this problem rely on the TLS protocol to additionally provide integrity information of the involved endpoints. However, these solutions have shortcomings with regard to either security, functionality or compliance to the TLS specification. This prevents that those approaches are deployed in practice. In this paper, we present an implementation of a security architecture for establishing Trusted Channels based on OpenSSL that resolves the deficiencies of the previous solutions. It provides the possibility to convey reliable integrity information of the involved endpoints and offers the high security standards of former approaches while being flexible, scalable and efficient to enable widespread deployment.