Minneapolis IETF March 10, 2005 John Vollbrecht Meetinghouse Data Communications
TCG Mission Develop and promote open, vendor-neutral, industry standard specifications for trusted computing building blocks and software interfaces across multiple platforms
TCG Organization
Technical Workgroups Technical Committee Work groups - Trusted Platform Module (TPM)
- TPM Software Stack (TSS)
- PC Specific Implementation
- Peripheral Implementation
- Server Specific Implementation
- Storage Systems Implementation
- Mobile Phone Specific Implementation
- Conformance (Common Criteria)
- Infrastructure
- Trusted Network Connect
TCG Membership 92 Total Members as of January 13, 2005 7 Promoter, 64 Contributor, 21 Adopter
Overview of TNC Trusted Network Connection Subgroup - Infrastructure Working Group
- Trusted Computing Group (TCG)
- http://www.trustedcomputinggroup.org
TNC V1 is being reviewed by TCG - Goal is to release V1 Q2 ‘05
- Goal is to support limited initial interoperability demos at same time
- Standards documents become available to non-members when released
TNC Purpose The Trusted Network Connect Sub Group (TNC-SG) is working to define and promote an open solution architecture that enables network operators to enforce policies regarding endpoint integrity when granting access to a network infrastructure. Endpoint integrity policies may involve integrity parameters spanning a range of system components (hardware, firmware, software and application settings), and may or may not include evidence of a Trusted Platform Module (TPM)
Overview of TNC
TNC Version 1 TNC Version 1 contains 3 specs - Architecture Spec
- Interface from TNC Client to Integrity Measurement Collectors
- Interface from TNC Server to Integrity Measurement Verifiers
Future releases will include
TNC Role TNC provides a way for remote “verifiers” to check integrity of client elements using client “collectors” Check is made as part of Access Authorization dialog Role of interest for this discussion is 802.1X/ EAP Access Assumption is that TNC dialog is part of EAP dialog
TNC as part of EAP Dialog Current assumption is that in an 802.1X Access, TNC must be done in an “inner” dialog - If assumption is correct, TNC can only be done inside a “protected” method
- can be done in PEAP, TTLS, FAST, --
- Cannot be done in SIM, TLS, MD5, --
TNC as a protected Dialog Within Protected Method there may be several dialogs - e.g. - May do platform authentication followed by user authentication
- May do TNC integrity verification after authentication(s)
State machine for inner EAP Questions on Proceeding Is there a standard way of handling inner dialogs between existing protected methods? Should Inner dialog be a “common capability” for future “protected” methods? Are there underlying differences in ways that protected methods support inner dialogs? - E.g. how to handle brokers?
Dostları ilə paylaş: |