TNC-compatible NAC System implemented on Network Processor

In this paper, based on the trusted network connect architecture, we designed a novel TNC-compatible network access control system which ensures that network administrators enforce security policies on endpoint connection and communication with corporate network depending on the endpoint integrity and security status. The platform framework is built on the Intel IXP2400 network processor and a set of network access control mechanisms is implemented. The paper introduces the system design and implementation based on hardware characteristic of the IXP2400 architecture, presents emulation performance results of the system, and then proposes systemic performance optimizations, especially cryptographic performances, according to IXP2400 shared memory hierarchy and access latency, which averagely boost the throughput more than 25%. The novelty of system design is the utilization of IXP2400 multi-core and multi-thread network processor´s software and hardware platform to implement the NAC system framework through secure and reliable communication to ensure endpoint integrity and platform-authentication, which is compatible with trusted network connect.