Tnc presentation



Yüklə 220 Kb.
tarix08.08.2018
ölçüsü220 Kb.
#61359


TNC Presentation

  • Minneapolis IETF

  • March 10, 2005

  • John Vollbrecht

  • Meetinghouse Data Communications


TCG Mission

  • Develop and promote open, vendor-neutral, industry standard specifications for trusted computing building blocks and software interfaces across multiple platforms



TCG Organization



Technical Workgroups

  • Technical Committee

  • Work groups

    • Trusted Platform Module (TPM)
    • TPM Software Stack (TSS)
    • PC Specific Implementation
    • Peripheral Implementation
    • Server Specific Implementation
    • Storage Systems Implementation
    • Mobile Phone Specific Implementation
    • Conformance (Common Criteria)
    • Infrastructure
    • Trusted Network Connect
  • Marketing Work Group



TCG Membership

  • 92 Total Members as of January 13, 2005

  • 7 Promoter, 64 Contributor, 21 Adopter



Overview of TNC

  • Trusted Network Connection Subgroup

    • Infrastructure Working Group
    • Trusted Computing Group (TCG)
    • http://www.trustedcomputinggroup.org
  • TNC V1 is being reviewed by TCG

    • Goal is to release V1 Q2 ‘05
    • Goal is to support limited initial interoperability demos at same time
    • Standards documents become available to non-members when released


TNC Purpose

  • The Trusted Network Connect Sub Group (TNC-SG) is working to define and promote an open solution architecture that enables network operators to enforce policies regarding endpoint integrity when granting access to a network infrastructure. Endpoint integrity policies may involve integrity parameters spanning a range of system components (hardware, firmware, software and application settings), and may or may not include evidence of a Trusted Platform Module (TPM)



Overview of TNC



TNC Version 1

  • TNC Version 1 contains 3 specs

    • Architecture Spec
    • Interface from TNC Client to Integrity Measurement Collectors
    • Interface from TNC Server to Integrity Measurement Verifiers
  • Future releases will include



TNC Role

  • TNC provides a way for remote “verifiers” to check integrity of client elements using client “collectors”

  • Check is made as part of Access Authorization dialog

  • Role of interest for this discussion is 802.1X/ EAP Access

  • Assumption is that TNC dialog is part of EAP dialog



TNC as part of EAP Dialog

  • Current assumption is that in an 802.1X Access, TNC must be done in an “inner” dialog

    • If assumption is correct, TNC can only be done inside a “protected” method
      • can be done in PEAP, TTLS, FAST, --
      • Cannot be done in SIM, TLS, MD5, --


TNC as a protected Dialog

  • Within Protected Method there may be several dialogs - e.g.

    • May do platform authentication followed by user authentication
    • May do TNC integrity verification after authentication(s)
  • Would be helpful to have state machine for how inner dialogs interact



State machine for inner EAP Questions on Proceeding

  • Is there a standard way of handling inner dialogs between existing protected methods?

    • PEAP/ FAST
    • TTLS
  • Should Inner dialog be a “common capability” for future “protected” methods?

  • Are there underlying differences in ways that protected methods support inner dialogs?

    • E.g. how to handle brokers?




Yüklə 220 Kb.

Dostları ilə paylaş:




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©genderi.org 2024
rəhbərliyinə müraciət

    Ana səhifə