Towards Trusted Network Access Control

Bente, Ingo; von Helden, Josef

doi:10.1007/978-3-8348-9324-6_17

Ingo Bente¹ &
Josef von Helden¹

399 Accesses
4 Citations

Abstract

Network Access Control (NAC) solutions promise to significantly increase the security level of modern networks. In short, they allow to measure the integrity state of an endpoint that tries to get access to the network. Based upon the measurement results, which are compared to a defined NAC policy, access to the network can be allowed or denied. One problem of all currently available NAC solutions is referred to as the “lying endpoint” problem. Normally, special software components are responsible for gathering the relevant integrity information on the endpoint. If an attacker modifies those software components, an endpoint can lie about its current integrity state. Therefore, endpoints which are not compliant to the defined NAC policy can get access to the network. Those endpoints must be considered as potential threat. This paper summarizes a possible solution for the lying endpoint problem based upon the specifications of the Trusted Computing Group (TCG) and the results of the two research projects TNC@ FHH and Turaya. The goal is to develop an open source, TNC compatible NAC solution with full TPM support within a new research project: tNAC.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

eBook: USD 14.99; Price excludes VAT (USA)

Softcover Book: USD 19.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Home of Cisco Network Admission Control http://www.cisco.com/en/US/netsol/ns466/networking_ solutions_package.html
Home of EMSCB project: http://www.emscb.com/
Home of FreeRADIUS: http://freeradius.org/
TCG Trusted Network Connect, TNC IF-IMC. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.2, Revision 8, 05 February 2007, Published
TCG Trusted Network Connect, TNC IF-IMV. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.2, Revision 8, 05 February 2007, Published
TCG Trusted Network Connect, TNC IF-MAP binding for SOAP. In: https://www.trustedcomputing-group.org/specs/TNC/. Specification Version 1.0, Revision 25, 28 April 2008, Published
TCG Trusted Network Connect, TNC IF-PEP: Protocol Bindings for RADIUS. In: https://www.trust-edcomputinggroup.org/specs/TNC/. Specification Version 1.1, Revision 0.7, 05 February 2007, Published
TCG Infrastructure Working Group, Platform Trust Services Interface Specification (IF-PTS). In: https://www.trustedcomputinggroup.org/specs/IWG/. Specification Version 1.0, Revision 1.0, 17 November 2006, FINAL
TCG Trusted Network Connect, TNC IF-TNCCS: Protocol Bindings for SoH. In: https://www.trusted-computinggroup.org/specs/TNC/. Specification Version 1.0, Revision 0.08, 21 May 2007, Published
TCG Trusted Network Connect, TNC IF-T: Protocol Bindings for Tunneled EAP Methods. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.1, Revision 10, 21 May 2007, Published
TCG Trusted Network Connect, TNC IF-TNCCS. In: https://www.trustedcomputinggroup.org/specs/TNC/. Specification Version 1.1, Revision 1.00, 05 February 2007, Published
Home of Project libtnc: http://sourceforge.net/projects/libtnc
Home of Microsoft Network Access Protection http://technet.microsoft.com/en-us/network/bb545879.aspx
Roecher Dror-John, Thumann Michael, NACATTACK. In: Black Hat Europe 2007, http://www.Hack-hat.com/html/bh-europe-07/bh-eu-07-speakers.html
TCG Trusted Network Connect, TNC Architecture for Interoperability. In: https://www.trustedcomput-inggroup.org/specs/TNC/. Specification Version 1.3, Revision 6, 28 April 2008, Published
Homepage of TNC@FHH: http://tnc.inform.fh-hannover.de
Homepage of wpa_supplicant: http://hostap.epitest.fi/wpa_supplicant/
Homepage of Xsupplicant: http://openlx.sourceforge.net/

Download references

Author information

Authors and Affiliations

Faculty IV – Business and Computer Science, University of Applied Sciences and Arts, Hanover
Ingo Bente & Josef von Helden

Authors

Ingo Bente
View author publications
You can also search for this author in PubMed Google Scholar
Josef von Helden
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

David Gawrock Helmut Reimer Ahmad-Reza Sadeghi Claire Vishik

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Bente, I., von Helden, J. (2009). Towards Trusted Network Access Control. In: Gawrock, D., Reimer, H., Sadeghi, AR., Vishik, C. (eds) Future of Trust in Computing. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9324-6_17

Download citation

DOI: https://doi.org/10.1007/978-3-8348-9324-6_17
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-0794-6
Online ISBN: 978-3-8348-9324-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics