Abstract
Network Access Control (NAC) is the most promising approach to provide protection against sophisticated attacks that first compromise endpoints to subsequently continue their evil work in networks accessible via the compromised endpoint. Trusted Network Connect (TNC) is a NAC approach featuring interoperability and unforgeability due to its openness, broad vendor support and integration of Trusted Computing functions.
This paper presents experiences with TNC gained from the development of a TNC implementation, called TNC@FHH and some analyses on how to adopt TNC in real world scenarios.
It comes to the conclusion that interoperability between basic TNC components of different vendors and developers is obviously actually good, unforgeability is well designed but hard to achieve, and the adoption of TNC in real world scenarios is on the one hand desired because of obvious security benefits, but on the other hand today there are several handicaps leading to high complexity and costs.
That’s why further developments and enhancements concerning TNC and Trusted Computing are required to finally succeed in having a real interoperable and unforgeable NAC solution, being easily adoptable and manageable.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Home of EMSCB project: http://www.emscb.com/
Home of FreeRADIUS: http://freeradius.org/
TCG Trusted Network Connect, TNC IF-IMC. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.2, Revision 8, 05 February 2007, Published
TCG Trusted Network Connect, TNC IF-IMV. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.2, Revision 8, 05 February 2007, Published
TCG Trusted Network Connect, TNC IF-MAP binding for SOAP. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.0, Revision 25, 28 April 2008, Published
TCG Trusted Network Connect, TNC IF-PEP: Protocol Bindings for RADIUS. In: https://www.trustedcomputinggroup.org/specs/TNC/.Specification Version 1.1, Revision 0.7, 05 February 2007, Published
TCG Infrastructure Working Group, Platform Trust Services Interface Specification (IF-PTS). In: https://www.trustedcomputinggroup.org/specs/IWG/. Specification Version 1.0, Revision 1.0, 17 November 2006, FINAL
TCG Trusted Network Connect, TNC IF-TNCCS: Protocol Bindings for SoH. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.0, Revision 0.08, 21 May 2007, Published
TCG Trusted Network Connect, TNC IF-T: Protocol Bindings for Tunneled EAP Methods. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.1, Revision 10, 21 May 2007, Published
TCG Trusted Network Connect, TNC IF-TNCCS. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.1, Revision 1.00, 05 February 2007, Published
Home of Project libtnc: http://sourceforge.net/projects/libtnc
Pohlmann Norbert, Integrity Check of Remote Computer Systems — Trusted Network Connect. In: ISSE 2007, http://www.internet-sicherheit.de/fileadmin/docs/publikationen/isse-2007-trusted-networkconnect-pohlmann_21_09_07.pdf
Roecher Dror-John, Thumann Michael, NACATTACK. In: Black Hat Europe 2007, http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html
Symantec Global Internet Security Threat Report, Trends for July-December 07. In: http://www.symantec.com/business/theme.jsp?themeid=threatreport. Volume XII, Published April 2008
TCG Trusted Network Connect, TNC Architecture for Interoperability. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.3, Revision 6, 28 April 2008, Published
Homepage of TNC@FHH: http://tnc.inform.fh-hannover.de
Homepage of wpa_supplicant: http://hostap.epitest.fi/wpa_supplicant/
Homepage of XSupplicant: http://open1x.sourceforge.net/
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2009 Vieweg+Teubner | GWV Fachverlage GmbH, Wiesbaden
About this chapter
Cite this chapter
von Helden, J., Bente, I. (2009). Towards real Interoperable, real Trusted Network Access Control: Experiences from Implementation and Application of Trusted Network Connect. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2008 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9283-6_16
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9283-6_16
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-0660-4
Online ISBN: 978-3-8348-9283-6
eBook Packages: Computer ScienceComputer Science (R0)