Research On Trusted Network Access Model Of Mobile Terminal Based On TNC Architecture

With the rapid development of network technique and wireless network, people have begun to make more use of Mobile Terminal to access network resource. Meanwhile, the demand of Mobile network is increasing, which will directly lead to its own further development. Besides, the safety problems of Mobile Internet become more and more serious, which causes a lot of security threat that seriously hamper healthy and continuous development of Mobile Internet. The security issue of Mobile Terminal is the most severe among these unsafe elements. Under such background, researchers started to study how to solve safe hidden danger which was caused by Mobile Terminal in the Mobile Internet. Later, people applied the Trusted Computing to the Internet and called it "Trusted". From then on, the study of Trusted Network becomes more and more popular. Trusted Network Connection TNC, as one of Trusted Network techniques, is a good solution to safety of Terminal Access Network. TNC Frame Standard is to collect and verify the terminal integrity information, and the terminal that the integrity metric satisfies the demands of systematic safety can access to the network. As for those terminals that cannot satisfy the standard, the TNC Standard will ask terminals whether quarantine or repair. The successful repaired terminal can be verified once more and then the succeed ones can be inserted smoothly. The TNC Standard will refuse to insert those terminals that disagree to quarantine and that is unsuccessful repaired.But The TNC Frame doesn't give a specific instruction to solve the Mobile Terminal Trusted Network connection problems. Now, most of Mobile Terminals almost cannot satisfy The TNC Standard. That's why mobile trusted network connection cannot realize. This project is to discuss based on the TNC standard frame and combined the particularity of Mobile Terminal. The whole dissertation consists of three parts. The first part mainly analyzes TNC Frame and variational forms of other TNC Frames. The second part mentions the available model to access the mobile terminal trusted network and makes the model design verified. The third part profoundly studies MTA Model which generated the visit control strategy problems during the practical application process and puts forward dynamic access strategy model based on trusted value--role.The emphasis of this thesis mainly focuses on the design of the structure of Trusted Network Connection Model, and elaborately devises several important models. Meanwhile, it explores the access strategy problems of MTA Model and gives double trusted value evaluation and corresponding role algorithm and a kind of dynamic access strategy thought.On the aspect of overall design of MTA Model, this thesis detailed studies Trusted Network Connection TNC Model what TCG Organization mentioned, at the same time, it also analyzes and compares other practical model at home and abroad. The MTA Model is designed to apply to mobile terminal. Nowadays, most mobile terminals contain the feature of relative simple, low power consumption, lacking safety components and powerful mobility. Thus while considering these elements I deign the model and make the mobile terminal to be "thin client". Only in this way can increase feasibility of model. AEP is designed to be trusted third party agent and the function of Integrity Measurement Collect and other functions transferred to the AEP. This method can avoid the shortcoming that cannot realize Integrity Measurement Collect and lighten the work of mobile terminal, which mainly considers the feature of low power consumption of it. At the same time the verification function of the integrity metric is to be designed on the AEP entity. As for different network resource server, there is unnecessary to know the concrete integrity information of Mobile Terminal. Only the trusted third do realize relative information, which can protect the mobile terminal privacy well and also protect the mobile terminal safety. On the PDP, it will remove the TNCS Model of TNC Frame and transfer its function to NAAD Model, adding the quarantine repair model and trust metric value evaluation model. The former takes quarantine repair function to increase the accessing network chance of mobile terminal under the situation cannot realize systematic standard. And the latter takes the measure in order to balance single factor which lead to unreliable evaluation, based on the trusted evaluation of history mutual information to mobile terminal as well as combined with integrity and trust value. We can get the trust value information and make it keep the safe state. Using SMSSec short message agreement and fast shaking hands agreement to construct communication system ensures the reliability and integrity of message sending. Finally, utilizing colored Petri network model verifies the feasibility of MTA.From the perspective of accessing strategy of MTA Model, based on the traditional access control thought, combining with the trusted evaluation theory it will implement a kind of dynamic context access strategy and mention the dynamic access strategy model based on trusted value--role. According to the result of trusted value evaluation and the relative thought of client insert, it results in the corresponding relation between trusted value and role. Using the trusted evaluation value that combines terminal itself inherent and external two aspects is to reflect what the role pretends in the system. By means of role information it is to realize accessing control and permitting. Mobile terminal situation is linked to its limits of authority, which can make sure the safety and credibility of system. At the same time, this thesis was moved by the thought of behavior access control, applying a dynamic idea in the model. Also we can say a time valve was placed on the basis of current context and behavior situation of mobile terminal, it renew verification system in regular. What the limits of authority current verification time get if lowing the current limits of authority, it will be permitted again. If the evaluation result is not enough to the condition of insert or conducting illegal operation, the mobile terminal will immediately implement disrupt the connection. The permit of power will be followed minimum limit rule. It can be understood the minimal power what current need and then distribute power gradually with the implement of steps. At last, the feasibility of mobile can be verified by quantifying examples.Finally, this thesis briefly concludes the work 1 finished and discusses the limit and defect of this model. What's more, this thesis further mentions the value and future of the model.