Towards real Interoperable, real Trusted Network Access Control: Experiences from Implementation and Application of Trusted Network Connect

von Helden, Josef; Bente, Ingo

doi:10.1007/978-3-8348-9283-6_16

Towards real Interoperable, real Trusted Network Access Control: Experiences from Implementation and Application of Trusted Network Connect

Josef von Helden¹ &
Ingo Bente¹

Chapter

461 Accesses
2 Citations

Abstract

Network Access Control (NAC) is the most promising approach to provide protection against sophisticated attacks that first compromise endpoints to subsequently continue their evil work in networks accessible via the compromised endpoint. Trusted Network Connect (TNC) is a NAC approach featuring interoperability and unforgeability due to its openness, broad vendor support and integration of Trusted Computing functions.

This paper presents experiences with TNC gained from the development of a TNC implementation, called TNC@FHH and some analyses on how to adopt TNC in real world scenarios.

It comes to the conclusion that interoperability between basic TNC components of different vendors and developers is obviously actually good, unforgeability is well designed but hard to achieve, and the adoption of TNC in real world scenarios is on the one hand desired because of obvious security benefits, but on the other hand today there are several handicaps leading to high complexity and costs.

That’s why further developments and enhancements concerning TNC and Trusted Computing are required to finally succeed in having a real interoperable and unforgeable NAC solution, being easily adoptable and manageable.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Home of EMSCB project: http://www.emscb.com/
Google Scholar
Home of FreeRADIUS: http://freeradius.org/
Google Scholar
TCG Trusted Network Connect, TNC IF-IMC. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.2, Revision 8, 05 February 2007, Published
Google Scholar
TCG Trusted Network Connect, TNC IF-IMV. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.2, Revision 8, 05 February 2007, Published
Google Scholar
TCG Trusted Network Connect, TNC IF-MAP binding for SOAP. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.0, Revision 25, 28 April 2008, Published
Google Scholar
TCG Trusted Network Connect, TNC IF-PEP: Protocol Bindings for RADIUS. In: https://www.trustedcomputinggroup.org/specs/TNC/.Specification Version 1.1, Revision 0.7, 05 February 2007, Published
Google Scholar
TCG Infrastructure Working Group, Platform Trust Services Interface Specification (IF-PTS). In: https://www.trustedcomputinggroup.org/specs/IWG/. Specification Version 1.0, Revision 1.0, 17 November 2006, FINAL
Google Scholar
TCG Trusted Network Connect, TNC IF-TNCCS: Protocol Bindings for SoH. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.0, Revision 0.08, 21 May 2007, Published
Google Scholar
TCG Trusted Network Connect, TNC IF-T: Protocol Bindings for Tunneled EAP Methods. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.1, Revision 10, 21 May 2007, Published
Google Scholar
TCG Trusted Network Connect, TNC IF-TNCCS. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.1, Revision 1.00, 05 February 2007, Published
Google Scholar
Home of Project libtnc: http://sourceforge.net/projects/libtnc
Google Scholar
Pohlmann Norbert, Integrity Check of Remote Computer Systems — Trusted Network Connect. In: ISSE 2007, http://www.internet-sicherheit.de/fileadmin/docs/publikationen/isse-2007-trusted-networkconnect-pohlmann_21_09_07.pdf
Google Scholar
Roecher Dror-John, Thumann Michael, NACATTACK. In: Black Hat Europe 2007, http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html
Google Scholar
Symantec Global Internet Security Threat Report, Trends for July-December 07. In: http://www.symantec.com/business/theme.jsp?themeid=threatreport. Volume XII, Published April 2008
Google Scholar
TCG Trusted Network Connect, TNC Architecture for Interoperability. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.3, Revision 6, 28 April 2008, Published
Google Scholar
Homepage of TNC@FHH: http://tnc.inform.fh-hannover.de
Google Scholar
Homepage of wpa_supplicant: http://hostap.epitest.fi/wpa_supplicant/
Google Scholar
Homepage of XSupplicant: http://open1x.sourceforge.net/
Google Scholar

Download references

Author information

Authors and Affiliations

University of Applied Science and Arts, Hanover
Josef von Helden & Ingo Bente

Authors

Josef von Helden
View author publications
You can also search for this author in PubMed Google Scholar
Ingo Bente
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Norbert Pohlmann Helmut Reimer Wolfgang Schneider

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

von Helden, J., Bente, I. (2009). Towards real Interoperable, real Trusted Network Access Control: Experiences from Implementation and Application of Trusted Network Connect. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2008 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9283-6_16

Download citation

DOI: https://doi.org/10.1007/978-3-8348-9283-6_16
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-0660-4
Online ISBN: 978-3-8348-9283-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics