The Credibility Of The Wireless Terminal Access To Confirm The Model Design And Analysis

Recently a variety of wireless network technology develops continuously. However the existence of network security threats brings people some worries when carrying wireless network applications. With the increasement of applications in the wireless network, people have a growing demand of wireless network security. The focus of wireless network security is the accessing security when wireless terminal requires joining the network. If the security of the wireless terminal can be judged before entering into the network, the wireless network security can be controlled in term of source. At present the researches on wireless terminal accessing network security focus on the authentication of the accessing device, such as IEEE 802.1x, 802.11i and our own WAPI. These traditional solutions have only done accessing check and are lack of system integrity check and effective supervision on behavior. The security protection of wireless terminal itself is also ignored, which may permit the terminal device with potential security threats such as virus and Torjan horse to get into wireless network and then poses a great threat to the later network applications.In the 1980s, a new concept, called trusted computing, was proposed, which provides a new solution to wireless terminal accessing security research. Trusted Computing Group (TCG) makes the device installed an independent hardware, called Trusted Platform Module (TPM). Inside TPM there are some cryptogram, as well as the certificate signature algorithm, key management and other functions that can be used to check whether the device's own integrity is destroyed (as a trojaned one). And then the trustiness of terminal will be protected. The presentation of trusted computing provides a new solution to the research of wireless terminal accessing security. On the basis of terminal credibility, the Trusted Network Connection (TNC) architecture is proposed by TCG. TNC architecture gives trustiness judgement on the accessing device besides normal identity authentication. However, it considers only the accessing trustiness of terminals with TPM but not considers how to ensure the trustinesss after accessing into network. At the same time, it only gives the trusted network connecting architecture overall without detailed inner protocols design under some specific environment. This paper researchs on the trusted accessing in wireless environment based on the current TNC specification by integrating TPM module of trusted computing and wireless environment charactors. And a trusted wireless network secure accessing architecture is proposed. On the basis of the architecuture, we propose further more the remote attestation model and its detailed protocols between wireless terminal and accessing point. Finally the protocols are analyzed in terms of security and efficiency and then the test platform of attestation model is constructed. The main contributions of this paper are as follows:(1) The concept of multi-level trusted network is proposed. The trusted network is devided into several sub-networks logically. Every sub-network has different trusted level. Wireless terminals which meet the security requirement of some sub-network can be put into the corresponding one in multi-level trusted network and take the services in it.(2) In this paper, we analyze the inadequacies of TNC specification in the wireless environment and propose a wireless terminal accessing trusted network architecture which is more suitable to the wireless environment. The architecture extends the concept of trustworthy from the accessing to network. The traditional wireless terminal is compatible with the wireless terminal with TPM chip in the architecture.(3)On the basis of the proposed architecture, the discussion focuses on the wireless terminal trusted accessing attestation model. Combined with Combined Public Key and Direct Anonymous Attestation, three sub-protocols are proposed: the two-way authentication between wireless terminal and access point, the platform and integrity authentication of wireless terminal by access point. the security and efficiency of the model and its protocols are analyzed. It is proved that the protocols under the attestation model have a higher security and can reach the efficiency which wireless environment requires. At the same time, some anonymity of user platform can also be assured.(4)In the Linux operating system, we discuss about the open source TPM-emulator and build a test platform of attestation model by using it.