Abstract
Network Access Control (NAC) solutions promise to significantly increase the security level of modern networks. In short, they allow to measure the integrity state of an endpoint that tries to get access to the network. Based upon the measurement results, which are compared to a defined NAC policy, access to the network can be allowed or denied. One problem of all currently available NAC solutions is referred to as the “lying endpoint” problem. Normally, special software components are responsible for gathering the relevant integrity information on the endpoint. If an attacker modifies those software components, an endpoint can lie about its current integrity state. Therefore, endpoints which are not compliant to the defined NAC policy can get access to the network. Those endpoints must be considered as potential threat. This paper summarizes a possible solution for the lying endpoint problem based upon the specifications of the Trusted Computing Group (TCG) and the results of the two research projects TNC@ FHH and Turaya. The goal is to develop an open source, TNC compatible NAC solution with full TPM support within a new research project: tNAC.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Home of Cisco Network Admission Control http://www.cisco.com/en/US/netsol/ns466/networking_ solutions_package.html
Home of EMSCB project: http://www.emscb.com/
Home of FreeRADIUS: http://freeradius.org/
TCG Trusted Network Connect, TNC IF-IMC. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.2, Revision 8, 05 February 2007, Published
TCG Trusted Network Connect, TNC IF-IMV. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.2, Revision 8, 05 February 2007, Published
TCG Trusted Network Connect, TNC IF-MAP binding for SOAP. In: https://www.trustedcomputing-group.org/specs/TNC/. Specification Version 1.0, Revision 25, 28 April 2008, Published
TCG Trusted Network Connect, TNC IF-PEP: Protocol Bindings for RADIUS. In: https://www.trust-edcomputinggroup.org/specs/TNC/. Specification Version 1.1, Revision 0.7, 05 February 2007, Published
TCG Infrastructure Working Group, Platform Trust Services Interface Specification (IF-PTS). In: https://www.trustedcomputinggroup.org/specs/IWG/. Specification Version 1.0, Revision 1.0, 17 November 2006, FINAL
TCG Trusted Network Connect, TNC IF-TNCCS: Protocol Bindings for SoH. In: https://www.trusted-computinggroup.org/specs/TNC/. Specification Version 1.0, Revision 0.08, 21 May 2007, Published
TCG Trusted Network Connect, TNC IF-T: Protocol Bindings for Tunneled EAP Methods. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.1, Revision 10, 21 May 2007, Published
TCG Trusted Network Connect, TNC IF-TNCCS. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.1, Revision 1.00, 05 February 2007, Published
Home of Project libtnc: http://sourceforge.net/projects/libtnc
Home of Microsoft Network Access Protection http://technet.microsoft.com/en-us/network/bb545879.aspx
Roecher Dror-John, Thumann Michael, NACATTACK. In: Black Hat Europe 2007, http://www.Hack-hat.com/html/bh-europe-07/bh-eu-07-speakers.html
TCG Trusted Network Connect, TNC Architecture for Interoperability. In: https://www.trustedcomput-inggroup.org/specs/TNC/. Specification Version 1.3, Revision 6, 28 April 2008, Published
Homepage of TNC@FHH: http://tnc.inform.fh-hannover.de
Homepage of wpa_supplicant: http://hostap.epitest.fi/wpa_supplicant/
Homepage of Xsupplicant: http://openlx.sourceforge.net/
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2009 Vieweg+Teubner | GWV Fachverlage GmbH
About this chapter
Cite this chapter
Bente, I., von Helden, J. (2009). Towards Trusted Network Access Control. In: Gawrock, D., Reimer, H., Sadeghi, AR., Vishik, C. (eds) Future of Trust in Computing. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9324-6_17
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9324-6_17
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-0794-6
Online ISBN: 978-3-8348-9324-6
eBook Packages: Computer ScienceComputer Science (R0)