Research on Some Key Technologies of Trusted Network Connect
|Keywords||Trusted Computing Trusted Computing Platform Trusted Network Connection Transitive Trust Remote Attestation Analytic Hierarchy Process Trusted- degree Evaluation authorization access control trusted-degree based RBAC|
The security solutions of most current information system are technical measures to defend and stop up by firewalls, intrusion detection and virus prevention and so on, and their operations focus on the share resource and prevent the lawless users from accessing or attack coming form outside . The solutions don’t control the source console accessing the share resource and there are some security hole in the application system , so that the solutions can’t, resolve the security problems of information system. The main reason of this result is that The current security solutions don’t concern the security of the each endpoint attempting to access the protected network, but block up lawless access periphery of the information system. The security system only check each endpoint being authenticated and authorized access the protected network ,but don’t concern whether each endpoint is security and trusty.In the early 1990’s, the idea that from terminal platform to resolve information security problem was presented by academician Shen Changxiang who is the national famous information security expert. It is in fact a way to resolve security problem in nature. Recently the rising of "trusted computing" show that the idea was abroad approved. The Trusted Network Connect (TNC) working group of the Trusted Computing Group (TCG) has created an open, standards-based architecture. By integrating the trusted hardware of the TPM into a network access control framework, the TCG combine Conventional access control technology with trusted computing technology .The TNC architecture build a trusted network by checking that each endpoint attempting to access the network, and trustless access operation is controlled in the source. Recently the research about TNC develops rapidly and acquire some important fruits . But theory and practice of TNC are developing, and there are some problems like lack of theory support and guide TNC development ,The imperfect architecture etc. This thesis focus on the above important problems and research on TNC in its development to research and practice.At first, the idea of the TNC architecture is researched in the thesis. The TNC architecture is focused on the security of the each endpoint attempting to access the protected network .The TNC architecture protect a network by each endpoint being authenticated and authorized access the protected network and checking that each endpoint attempting to access the protected network complies with an organization’s security policies. Based on the security policy of organization, trusted endpoints gain access to the protected network, infected endpoints are quarantined and repaired, and vulnerable endpoints are updated. This ensures that all endpoints attempting to connect to the protected network always have the most up-to-date and properly configured security software, as defined by the organization.Trusted hardware and system bootstrap is defined in the TCG specifications ,but the way of mono- chain of trust verification in system bootstrap is not fit to the trust transition from OS to applications. Mechanism and prevention of malicious code destroying the system integrity is analyzed. Based on the transitive trust defined in the TCG specifications , We can provide a model about system integrity Measurement, the executable right of the executable object defined and described strictly in the model . The measurements mechanism in the model consists of a base measurement when a new executable object is loaded and During it is executed and the ability to measure sensitive data files, in order to ensures that malicious code will not be executed and. the promised system integrity will not be compromised . We combine the model with practice , implement a run-time service about system integrity Measurement based on the trusted computing technology. The service be used to measure the integrity of applications and trust transition from OS to applications.Based on the idea of trust transition and the trusted measurement and trusted reporting function of TPM , we present a thought of Remote Attestation . TPM is the root of trust in the computer , and transitive trust is applied to network for trust be extended into network. When the console create the connect to network, the each entity in the network not only be authenticated and authorized access the protected network , but also the running environment of each endpoint attempting to access the protected network be checked . By this means, trust be transited in the network and be extended into network, and the trust of the whole network be insured. The functions of Remote Attestation mechanism is described simply in the TNC specifications, but how to implementing the functions of Remote Attestation mechanism isn’t researched in the TNC specifications. In the thesis , we researched the problems about transporting trust report, verification of measurement and evaluating the trust degree of the endpoint based on the measurement in the Remote Attestation mechanism. Ensuring the security of transporting trust report ,we present Rempte Attestation transporting protocol , which can insure the authenticity of identification , confidentiality and integrity of data and the nonce of the message between the entity in communications. We demonstrated the secrecy and authentication correctness of the protocol with the strand space model. We provide a way about verification of measurement and evaluating the trust degree of the endpoint based on the measurement, the way include two steps, first , based on the rule of verification of measurement, Rough-grained estimation has been done. The challenger verify measurement and judge whether the endpoint is trusted. The endpoint that isn’t trusted can be isolated and refused to provide service for the endpoints. Moreover, the trusted endpoint has been assessed with fine-grained estimation way. The challenger use the trust degree to denote the degree of believing the endpoint. The trust degree of the endpoint was measured by applying Analytic Hierarchy Process (AHP) and the evaluation results has been expressed a value. Based on the trust degree of the endpoint, the challenger can implement some operations to the endpoint.In order to Insure security and trustworthiness of application circumstance and control access action of the endpoint in the course of access , we propose a trust degree based access control model called TD-RBAC , which can integrate RBAC model into the architecture of TNC. In the model, we combine trusted computing theory with access control and assign the role to the user by the trust degree of the endpoint. The new model extends the conventional role based access control model with the notion of trust degree, the trust degree of the endpoint is made a factor of authorization and concerned with the security decision. The formal description and analysis about the model has been done and the model has been proved correctness of the model .In the model, based on the distinguishing trust degree of the user , the trust degree is made a aspect of authorization, and the user who own higher trust degree can be authorized higher right. If a lawless user isn’t evaluated the trust degree of the user by remote attestation mechanism, the user can’t be authorized administrator’s right even if the user can enter the system. During the user accessing process, TD-RBAC can adjust the trust degree of the user based on a number of factors like user behavior history, the state of user accomplishing task etc. The TD-RBAC model make the TNC architecture have more fine-grained access control mechanism, enhance the system flexibleness and provide a more perfect system security .Finally, based on the research about the TNC architecture, we combine the research fruits of our work with practice , apply theory of the TNC to implement the software of a trusted IPSec VPN client who can remote access the enterprise network, and build a trusted application circumstance of enterprise.The thesis is focused on architecture of TNC, and the models and methods that have been put forward, will have the positive meaning for the research of the TNC and theories of information security.