Research On Trusted Network Access And Remote Attestation Scheme

With the continuous development of Internet technology, the network security problemhas become a research focus in the industry, particularly the military and governmentdepartments put forward higher requirement for network security, which requires the systemto ensure high degree on its confidentiality, authentication, controllable, integrity andnon-repudiation. At present, China’s information security work is gradually strengthening, anduse some safety protection measures to build secret-involved information system for themilitary and government departments. But the traditional information security technologyfocus only on the authentication to access user’s identity but ignore the terminal credibilityauthentication to access users, Thus study on network connection control to terminal isextremely important. Trusted Network Connection theory is on the basis of terminal security,use remote attestation mechanism for delivery of trust, finally pass the credibility of theterminal to the entire secret-involved information system. The topic research of remoteattestation is the key technology to support the Trusted Network Connection theory,specifically through the integrity measurement, storage and reporting capabilities of remoteattestation mechanism to prove access terminal’s credibility, and transfer the credibility of theterminal to the secret-involved information system, thus make the safety protection ofsecret-involved information system overall upgrade.The paper seems secret-involved information system as a research object, the fusion ofthe remote attestation technology and information security technology, mutual penetrationapplied to secret-involved information system, ultimately achieve the goal of informationsecurity of secret-involved information system. Specific work by the paper include thefollowing three aspects:First of all, I analyze the framework and process of the Trusted Network Connection indetail, especially focus on the remote attestation mechanism which is the key technology ofthe Trusted Network Connection, including integrity measurement, storage and report, remoteattestation transfer protocol. At the same time, I introduce four types of interaction model ofremote attestation as well as two typical remote attestation programs.Secondly, analyze the security requirements of secret-involved information system,in-depth study of current typical information security technologies and security services. Mapthe secret-involved information system security requirements to security service whichprovide by information security technology, propose a secret-involved information system security framework based on multi-layer mapping.Lastly, Combined with TNC to design the overall framework of secret-involvedinformation system, and formulate secure access strategy of secret-involved informationsystem. According to security requirements of Secret-involved information system, analyzeand design remote attestation program, the important is the design remote attestation transferprotocol, and analyze security of protocol. Analysis shows that the designed remoteattestation transfer protocol can ensure the identity of the authenticity of the communicatingparties, no repudiation of spontaneous acts, and confidentiality, integrity and fresh of crediblereport during transmission, while resist replay attack and parallel session attack.