A DRTM-Based Method for Trusted Network Connection

Trusted Network Connection (TNC for short) can prevent insecure terminal from accessing protected network and thus strengthen the security of network. Existing TNC solutions face a serious problem called lying endpoint problem (LEP for short). If an attacker modifies the terminal agent software which is responsible for collecting the integrity state of an endpoint platform, Trusted Network Connection will lose its meanings. Trusted Computing Group (TCG) adds the functionality of trusted computing to prevent lying endpoint problem, but TCG´s TNC relies on the traditional Static Root of Trust for Measurement (SRTM) which has too big TCB (Trusted Computing Base) and has been proved unsafe. In this paper, we design and implement an improved TNC scheme with high reliability and scalability based on trusted integrity status of terminal. While focusing on LEP problem under the context of Network Access Control (NAC), we leverage Dynamic Root of Trust for Measurement (DRTM) technology to realize desired security requirements such as smaller TCB. We also use the Logic of Secure Systems (LS²) to prove the security properties of our improved TNC system. Our experimental evaluation demonstrates that our method is feasible.