With the rapid popularization of Internet applications, the relationship between people and networks has become increasingly close. However, due to the openness and interconnectivity of the Internet, there are many insecure factors in the network, malicious software attacks, and hacking behavior seriously threaten people's interests and security. Therefore, we need a solution that can protect computers against malicious attacks and provide security for network access.
The trusted network connection (TNC) architecture proposed by the Trusted Computing Organization (TCG) is created in this context. TNC can solve terminal security problems in the network environment and evaluate the applicability of the terminal to access the network by measuring the integrity of the terminal, to ensure that only valid and secure terminals can access the network. TNC uses the access control technology combined with the terminal integrity test to achieve secure connection to the terminal host. This article first studies the TNC architecture, analyzes the various principles and design ideas, and then implements the TNC architecture.
Research on TNC Architecture
TNC is a new concept model proposed by TCG. It is also an open general architecture. TNC does not rely on specific technologies or models, but can perform good interoperability with various technologies. The TNC architecture will utilize and combine existing network access control technologies, such as 802.1x, to provide the following functions.
A. Platform authentication: Verify the platform identity and platform integrity of a network access requester.
B. Terminal integrity authentication (authorization): establishes a credibility level for a terminal, such as ensuring the performance, status, and software version of the instruction application, and the integrity of the virus signature database, intrusion detection and defense system programs, as well as patch levels for terminal operating systems and programs. Note that policy compliance can also be seen as authorization. In this sense, the terminal integrity test is used as the input of authorization decisions to obtain access to the network.
C. Access Policy: ensure that the terminal machine and/or its users authorize and disclose their security conditions before connecting to the network, using some existing and emerging standards, products or technologies.
D. Evaluation, isolation and repair: ensure that systems that require access to the network but do not meet the requirements of terminal security policies can be isolated or checked from other parts of the network, and if appropriate repairs are possible, such as updating software or virus signature databases, to enhance security policy adaptation and make connections to other parts of the network qualified.
Through the above method, TNC allows terminals that pass the test to access the network, and terminals that fail the test to be isolated and repaired. In addition, users and platforms are authenticated to ensure the legitimacy of users and platforms.
TNC Architecture
The TNC architecture adopts the server/client mode. From the vertical perspective, TNC contains three logical entities: Access Requestor and Policy execution Point PEP (Policy Enforcement Point) and Policy Decision Point PDP ). The access requestor is the logical entity requesting access to the protected network. The policy execution point is the network entity that executes the PDP Access Authorization decision. The policy decision point is to check the access authentication of the access requestor based on a specific network access policy, and decide whether to authorize the access to the network entity.
From the horizontal perspective, TNC is divided into the integrity measurement layer, Integrity Evaluation layer, and network access layer.
In the design of the TNC architecture, the integrity and security of the access terminal are emphasized. The concept is that only one instance is complete, in addition, terminal hosts with high security can be connected to dangerous network environments. Therefore, based on the original AAA architecture, TNC tries to add content that measures and reports the integrity and security status of the terminal as part of authentication and authorization. In this way, based on the mature Authentication Architecture, TNC adds platform certificate authentication, integrity verification handshake, and other content to greatly improve the security of the access network. Based on the above purpose, the integrity measurement layer in the TNC architecture is used to collect, measure, and analyze Device integrity information, and provide the analysis results to the Integrity Evaluation layer for evaluation of terminal security status.
TNC Access Control Process
As shown in 3, the access control process of TNC includes information collection, information reporting, decision making, decision implementation, isolation repair, and other steps. First, in the information collection phase, the AR entity should collect terminal information, including whether to install anti-virus software, whether to install a firewall, whether to patch the system, and other Device integrity information, in Figure 2, the Integrity collector IMC (Integrity Measurement Collectors) is mainly responsible for collecting information. In the information reporting stage, AR sends the information to the Policy Decision Point PDP through the policy implementation point PEP. In the decision-making stage, PDP makes a decision based on the previous policies and various information reported. In Figure 2, Integrity analyzer IMV (Integrity Measurement Verifiers) is mainly responsible for this work. In the policy implementation phase, PDP communicates the decision result to PEP. If the detection is successful, the terminal is allowed to access the network. If the detection fails, the pep is allowed to isolate the terminal, install the latest patch or protective software for the terminal. After the repair is completed, the terminal can re-apply for access to network resources and continue to repeat the above process.