The Study Of Secure Protocol And Service In Trusted Network

With the rapid development of Internet, the requirements of authentication, authorization and accounting (AAA) in network system are increasingly complex. Traditional protocol and system, either in reliability or security aspect, have been unable to meet the needs in future network system. For this, Internet Engineering Task Force (IETF) and Trusted Computing Group (TCG) put forward their own solution respectively from two aspects. In aspect of reliability of authentication protocol, IETF proposed Protocol PANA and Diameter to ensure the reliable of authentication information transmission. In aspect of security of authentication system, TCG proposed Trusted Network Connect (TNC) Specification to improve the security of authentication systems using preventive measures.So far, two kinds of proposals are relatively independent. If the two proposals can integrate and put into use effectively, it will meet the needs of AAA both in terms of reliability and security. However, there are some problems in the integration of the two proposals, manifested in the following aspects. First, whether PANA and Diameter can combine effectively or not and how to achieve the combination. Second, the EAP method which TNC proposed exist some deficiency. Third, how to develop security services in trusted network, which can make fully use of the large platform of audit in trusted network. Only by solving these problems, the integration of the two proposals can be truly effective.This paper introduces the basic theory of trusted network and some related research results. The basic theory includes principle, architecture and process of the TNC. Related research results include trusted remedy, trusted level and trusted signature. On this basis, several issues mentioned above have been studied in this paper and put forward some solutions, including the combination of Protocol PANA and Diameter, the EAP extension method for trusted information transmission, and the tracking service of invasion based on the platform of audit in trusted network.Protocol PANA and Diameter are used in two separate sections of an AAA communication. In this paper, the research result on the combination possibility of the two protocols shows that the two protocols have a good combination. On this basis, the key device of combination has been defined according to the structure of communication devices in AAA Process; the architecture and implementation of the software on key device has been worked out according to the hierarchy of protocols. This architecture is divided into Access Control Layer, Protocol Conversion Layer and the EAP layer, which implements protocol conversion and access control. The experiment results show that the proposal is effective, which can be used directly in trusted network.The document of the TNC Architecture described a proposal of the IF-T protocol binding on EAP method. This proposal has certain shortcomings and poor expansibility, which is unable to meet the requirements of carrying various data in future development of the trusted network. In this paper, the research on the proposal and implementation of the IF-T protocol binding on tunnel EAP has been carried out; the substantial improvement on EAP-TNC Method has been carried out, which proposed EAP-ETNC extension method, and then, provided specific details of the protocol and some cases of implementation. EAP-ETNC Method has merit on integrity and expansibility. EAP-ETNC Method can be used normally whether there are EAP agents or not, but it is more fit for agents. Through the extension method, agents can hide the server well, which can ensure the network system safe and reliable.Access Control and Audit are used in TNC Architecture in order to control behavior of users. As the time goes by, the audit data will form a huge data platform on which the trusted network can provide certain security services for users. Audit data platform has its true significance only by providing security services. In this paper, the audit system in trusted network has been studied, and then, put forward a point of improvements on interactive structure and worked out an abstract summary of the characteristics of trusted network services. On this basis, embedded research has been carried out using invasion tracking system as a typical example. The content of the research includes the structure of network devices, software architecture, data storage structure, data mining methods, tracing methods and so on. We can design and construct the tracking system of invasion according to the description of this paper, so it has some practical significance. This section summarized the main supporting technologies of security service based on the audit data platform, such as distributed database, data storage, knowledge representation, data mining and so on.In the end of this paper, we can draw a conclusion that we can construct a safety and reliability trusted network AAA system based on the research result to meet the current requirements of safety, reliability and ability of providing service. Further, we believe that the trusted network has many developing directions and great research potential.The purpose of this paper is to apply Protocol PANA and Diameter to trusted network, to enhance the secure performance of AAA system, and then, to construct a more secure and reliable AAA system. Based on this system, we can make the greatest effort to make full use of audit data resources to provide users better and more convenient service.