Research On Key Technologies Of Trusted Network Connect And Their Application

With the rapid development of network technologies, the network and itsapplications have become increasingly prevalent and far-reaching. In the meantime,network security problems including viruses, spywares, trojan horses, hacking, etc. isgetting more and more serious and complicated, and the incidence rate of them isbecoming higher and higher, resulting in serious risks and hampering the furtherprogress of network technologies and their applications. However, traditional networksecurity systems can not stand up to the growing network security problems. Toovercome these network security problems, trusted network connect is proposed, andhas been a hot research topic of the academia. Meanwhile, the work of trusted networkconnect standardization at various standards organization is running in a orderly manner.The National Technical Committee for Information Security Standardization formedChina Trusted Computing Standard Working Group in January2005. And then ChinaIWNCOMM Co., Ltd., as the network group leader of China Trusted ComputingStandard Working Group, began to draft the national standard of trusted connectarchitecture (Grant Number:20090337-T-469) in April2007, which was completed inDecember2012. As a new security technology, many questions about trusted networkconnect remain to be answered.This dissertation is supported by the national standard of trusted connectarchitecture that IWNCOMM Co., Ltd. undertakes, and mainly concerned with theresearch on key technologies of trusted network connect and their applications. Theauthor’s major contributions are outlined as follows:1. Extending current strand space model (SSM), and making the extened SSM canbe used to analyze the security of trusted network connect protocols correctly.2. Two new remote attestation models are proposed on basic of the current remoteattestation models, and robust unidirectional and mutual platform authenticationprotocols are further proposed. Then, some trusted network connect protocols based onthese robust unidirectional and mutual platform authentication protocols are proposed,whose advantage is that current user authentication protocols can be apply to thesetrusted network connect protocols without any change.3. Based on the extended SSM, the MN-TAP protocol is analyzed, and it is pointedout that it can not prevent Man-in-the-Middle (MITM) attacks. Then, the MN-TAPprotocol is improved and the improved MN-TAP protocol is proved secure in theextended SSM. 4. WLAN access authentication schemes in trusted environment based onpre-shared key and certificate models are proposed, achieving WLAN accessauthentication in trusted environment. Moreover, they are proved secure based on theextended SSM.5. A WLAN Mesh security association scheme based on an extended WAI protocolis proposed. The results of performance analysis of the scheme show that the schemeimproves the performance of WLAN Mesh security association, especially decreasesthe overhead of the Authentication Server (AS). Then, on basis of this scheme, a WLANMesh security association scheme in trusted computing environment is put forward tomeet the demand of trusted computing environment. Moreover, the two WLAN Meshsecurity association schemes are proved secure in the extended SSM.6. By analyzing the TNC architecture and its interfaces systemly, some securityproblems and apllicaiton limitations of them are pointed out. Then, an improved TNCIF-T protocol binding to TLS, an improved TNC IF-T protocol binding for TunneledEAP methods, and a platform authentication scheme for the TNC architecture areproposed. Finally, they are proved secure and practical.7. To overcome these limitations of the TNC architecture, a trusted networknetwork connect architecture based on tri-element peer authenticaton, called TrustedConnect Architecture (TCA). Then, the interfaces of the TCA are defined in detail.Finally, by analyzing the TCA and its interfaces, they are proved secure and practical,and have good application scalabilities.8. Based on the research on multi-factor authenticaton and trusted network connect,the probability, design and analysis of multi-identity authentication are first discussed.Then, a simple multi-identity authentication system for services is proposed, and it isproved secure and practical.