The secure transmission of data is not a simple task for government agencies - especially after the disclosures of Edward Snowden. Main goal of this project was to development a simple but secure solution to transmit this kind of data. In this case a certification of the German BSI (Federal Office for Information Security) for data up to restricted level was necessary.

The main tasks of this project were:

• development of an embedded hardware
• changing and integration the available vpn software
• create a security concept according to Common Criteria EAL4+
• e.g. a concept for secure configuration of the device
• complete test for vulnerabilities
• test and certification through the German BSI

High secure solutions are mostly created concentrating on the security aspect of the solution neglecting usability completely or thinking about it after the project is mostly done. This leads to many secure, but unusable products. Therefore usability was a key requirement in this project from the start and has been carefully viewed during the development process.

The solution is essentially a hardware VPN client that can be attached to any laptop via USB. The complete communication is handled by the device (integrated LAN, Wifi and 3G). When attached to a laptop the device is shown as a standard network adapter and all data that is transmitted through this adapter is transparently encrypted and transmitted. There are no limitations that a routing or NAT device would generate (e.g. problems with VoIP).

The device offers a simple and fast configuration for the administrator. The solution is multi-user capable and so different workers can share one device. A professional GUI offers the user feedback about the status of the connection and potential error messages. The user is securely authenticated by a smartcard that can be inserted into the device

Links:
https://www.sit.fraunhofer.de/en/news-events/latest/press-releases/detai...