Skip to main content
SpringerLink
Log in
Book cover

International Conference on Network and System Security

NSS 2015: Network and System Security pp 110–123Cite as

Universally Composable Secure TNC Protocol Based on IF-T Binding to TLS

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8792))

Abstract

Trusted Network Connect (TNC) requires both user authentication and integrity validation of an endpoint before it connects to the internet or accesses some web service. However, as the user authentication and integrity validation are usually done via independent protocols, TNC is vulnerable to the Man-in-the-Middle (MitM) attack. This paper analyzes TNC which uses keys with Subject Key Attestation Evidence (SKAE) extension to perform user authentication and the IF-T protocol binding to TLS to carry integrity measurement messages in the Universally Composable (UC) framework. Our analysis result shows that TNC using keys with SKAE extension can resist the MitM attack. In this paper, we introduce two primitive ideal functionalities for TNC: an ideal dual-authentication certification functionality which binds messages and both the user and platform identities, and an ideal platform attestation functionality which formalizes the integrity verification of a platform. We prove that the SKAE extension protocol and the basic TCG platform attestation protocol, both of which are defined by TCG specifications, UC-realizes the two primitive functionalities respectively. In the end, we introduce a general ideal TNC functionality and prove that the complete TNC protocol, combining the IF-T binding to TLS which uses keys with SKAE extension for client authentication and the basic TCG platform attestation platform protocol, securely realizes the TNC functionality in the hybrid model.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Asokan, N., Niemi, V., Nyberg, K.: Man-in-the-middle in tunnelled authentication protocols. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2003. LNCS, vol. 3364, pp. 28–41. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  2. Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science, pp. 136–145. IEEE (2001)

    Google Scholar 

  3. Canetti, R.: Universally composable signature, certification, and authentication. In: Proceedings of the 17th IEEE Computer Security Foundations Workshop, pp. 219–233. IEEE (2004)

    Google Scholar 

  4. Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  5. Chen, L., Warinschi, B.: Security of the TCG Privacy-CA solution. In: 2010 IEEE/IFIP 8th International Conference on Embedded and Ubiquitous Computing (EUC), pp. 609–616. IEEE (2010)

    Google Scholar 

  6. Gajek, S., Manulis, M., Pereira, O., Sadeghi, A.-R., Schwenk, J.: Universally composable security analysis of TLS. In: Baek, J., Bao, F., Chen, K., Lai, X. (eds.) ProvSec 2008. LNCS, vol. 5324, pp. 313–327. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  7. Institute for Electrical and Electronics Engineers (IEEE). IEEE802, Port-Based Network Access Control, IEEE Std 802.1X-2004 (December 2004)

    Google Scholar 

  8. Küsters, R., Tuengerthal, M.: Joint state theorems for public-key encryption and digital signature functionalities with local computation. In: IEEE 21st Computer Security Foundations Symposium, CSF 2008, pp. 270–284. IEEE (2008)

    Google Scholar 

  9. McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: An execution infrastructure for tcb minimization. ACM SIGOPS Operating Systems Review 42, 315–328 (2008)

    Article  Google Scholar 

  10. Melnikov, A., Zeilenga, K.: Simple Authentication and Security Layer (SASL). Technical report, RFC 4422 (June 2006)

    Google Scholar 

  11. Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, S&P 2001, pp. 184–200. IEEE (2001)

    Google Scholar 

  12. Sailer, R., Zhang, X., Jaeger, T., Van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. In: USENIX Security Symposium, vol. 13, p. 16 (2004)

    Google Scholar 

  13. Trusted Computing Group. Subject Key Attestation Evidence Extension Version 1.0, Revision 7 (June 16, 2005)

    Google Scholar 

  14. Trusted Computing Group. TNC IF-T: Protocol Bindings for Tunneled EAP Methods Specification Version 1.1, Revision 10 (May 21, 2007)

    Google Scholar 

  15. Trusted Computing Group. Trusted Platform Module Library Part 1: Architecture, Family “2.0” Level 00, Revision 00.99 (August 22, 2013)

    Google Scholar 

  16. Trusted Computing Group. Trusted Platform Module Library Part 3: Commands, Family “2.0” Level 00, Revision 00.99 (August 22, 2013)

    Google Scholar 

  17. Trusted Computing Group. TNC IF-TNCCS: TLV Binding Specification Version 2.0, Revision 16 (January 22, 2010)

    Google Scholar 

  18. Trusted Computing Group. TNC IF-T: Binding to TLS Specification Version 2.0, Revision 7 (February 27, 2013)

    Google Scholar 

  19. Trusted Computing Group. TNC Architecture for Interoperability Specification Version 1.5, Revision 3 (May 7, 2012)

    Google Scholar 

  20. Xiao, Y., Wang, Y., Pang, L.: Security analysis and improvement of TNC IF-T Protocol Binding to TLS. Communications, China 10(7), 85–92 (2013)

    Article  Google Scholar 

  21. Zhang, J., Ma, J., Moon, S.: Universally composable secure TNC model and EAP-TNC protocol in IF-T. Science China Information Sciences 53(3), 465–482 (2010)

    Article  MathSciNet  Google Scholar 

  22. Zhang, Z., Zhu, L., Wang, F., Liao, L., Guo, C., Wang, H.: Computationally sound symbolic analysis of EAP-TNC protocol. In: Chen, L., Yung, M., Zhu, L. (eds.) INTRUST 2011. LNCS, vol. 7222, pp. 113–128. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  23. Zhao, S., Zhang, Q., Qin, Y., Feng, D.: Universally Composable secure TNC protocol based on IF-T binding to TLS, https://eprint.iacr.org/2014/490.pdf

Download references

Author information

Authors and Affiliations

  1. Institute of Software Chinese Academy of Sciences, ISCAS, Beijing, China

    Shijun Zhao, Qianying Zhang, Yu Qin & Dengguo Feng

Authors
  1. Shijun Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qianying Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yu Qin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dengguo Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, Hong Kong Polytechnic University, Hung Hom, Kowloon, Hong Kong

    Man Ho Au

  2. Department of Computer Science and Communication, University of Insubria, Via Mazzini, 5, 21100, Varese, Italy

    Barbara Carminati

  3. Ming Hsieh Department of Electrical Engineering, University of Southern California, 3740 McClintock Avenue, EEB 100, 90089-2560, Los Angeles, CA, USA

    C.-C. Jay Kuo

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Zhao, S., Zhang, Q., Qin, Y., Feng, D. (2014). Universally Composable Secure TNC Protocol Based on IF-T Binding to TLS. In: Au, M.H., Carminati, B., Kuo, CC.J. (eds) Network and System Security. NSS 2015. Lecture Notes in Computer Science, vol 8792. Springer, Cham. https://doi.org/10.1007/978-3-319-11698-3_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11698-3_9

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11697-6

  • Online ISBN: 978-3-319-11698-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation