A Clientless Endpoint Authentication SchemeBased on TNC

Full Text (PDF, 872KB), PP.9-16

Views: 0 Downloads: 0

Author(s)

Kun Wu 1,* Zhongying Bai 1

1. Department of Computer, Beijing University of Posts and Telecommunications, Beijing, China

* Corresponding author.

DOI: https://doi.org/10.5815/ijitcs.2010.02.02

Received: 12 May 2010 / Revised: 24 Jul. 2010 / Accepted: 5 Oct. 2010 / Published: 8 Dec. 2010

Index Terms

Trusted network connect, network access control, clientless endpoint authentication

Abstract

Trusted Network Connect (TNC) proposes a hierarchical and scalable architecture to securely and efficiently control endpoints` admission to the trusted computing platform to implement message passing and resource sharing. But, not all endpoints support or run a functional TNC client performing integrity checking, which represents a security risk in lots of environments. We have to consider the problem how to make these "clientless endpoints" access to trusted networks. It is of significance for improving the TNC mechanism. To solve the problem above, under the framework of TNC, this paper comes up with a clientless endpoint authentication scheme named CEAS. CEAS designs five enforcement mechanisms and the related message format to authenticate and authorize clientless endpoints. Furthermore, after the endpoints have connected to the networks, their initial determinations may be dynamically modified according to the updated circumstances. The experiment results prove that CEAS has the capability of effectively and flexibly making clientless endpoints access to trusted networks in a controlled and secure manner.

Cite This Paper

Kun Wu, Zhongying Bai, "A Clientless Endpoint Authentication SchemeBased on TNC", International Journal of Information Technology and Computer Science(IJITCS), vol.2, no.2, pp.9-16, 2010. DOI: 10.5815/ijitcs.2010.02.02

Reference

[1] ZHANG HuanGuo, CHEN Lu, and ZHANG Liqiang, ”Research on Trusted Network Connection,”Chinese Journal of Computers, vol. 33, pp. 706–717, April 2010, (In Chinese).

[2] TCG Trusted Network Connect, “TNC Architecture for Interoperability Specification Version 1.4 Revision 4,” http://www.trustedcomputinggroup.org/files/resource_files /51F9691E-1D09-3519-AD1C1E27D285F03B/TNC_Architecture_v1_4_r4.pdf, May 2009.

[3] LIU Weiwei, HAN Zhen, and SHEN Changxiang, “Trusted network connect control based on terminal behavior,” Journal on Communications, vol. 30, pp. 127–134, November 2009, (In Chinese).

[4] YIN Jianchun, SI Zhigang, and CHANG Chaowen,“Research on trustworthiness computing-based network access authentication model,” Computer Engineering and Design, vol. 29, pp. 4417–4419, September 2008, (In Chinese).

[5] LIU Wei, YANG Lin, DAI Hao, and HOU Bin, “A New Network Access Control Method and Performance Analysis of Authentication Session,” Chinese Journal of Computers, vol. 30, pp. 1806–1812, October 2007, (In Chinese).

[6] XIAO Zheng, LI Jingxia, LIU Xiaojie, CHEN Jun, and HOU Zifeng, “Design and Research of a Trusted Network Attestation Model and Improved OSAP Protocol,” Computer Science, vol. 33, pp. 56–60, 2006, (In Chinese).

[7] Richard Froom, Balaji Sivasubramanian, Erum Frahim, Building Cisco Multilayer Switched Networks (BCMSN) (Authorized Self-Study Guide), 4rd ed., USA: Cisco Press,2007.

[8] IEEE Computer Society, “Port-Based Network Access Control,” IEEE Std 802.1XTM-2004, December 2004.

[9] Telecommunications Industry Association, “Link Layer Discovery Protocol for Media Endpoint Devices,” ANSI/TIA-1057-2006, April 2006.

[10] TCG Trusted Network Connect, “TNC IF-T: Binding to TLS Specification Version 1.0 Revision 16,” http://www.trustedcomputinggroup.org/files/resource_files/51F0757E-1D09-3519-AD63B6FD099658A6/TNC_IFT_TLS_v1_0_r16.pdf, May 2009.

[11] TCG Trusted Network Connect, “TNC IF-MAP Metadata for Network Security Specification Version 1.0 Revision 25,” http://www.trustedcomputinggroup.org/files/static_ page_files/FCED7251-1A4B-B294-D000EDCD8C39D226 /TNC_IFMAP_Metadata_For_Network_Security_v1_0r25.pdf, September 2010.

[12] TCG Trusted Network Connect, “TNC IF-MAP Binding for SOAP Specification Version 2.0 Revision 36,” http://www.trustedcomputinggroup.org/files/static_page_files/15 28BAC2-1A4B-B294-D02E5F053A3CF6C9/TNC_IFMAP_v2_0r36.pdf, July 2010.