Trusted Network Connect Access And Authorization Model Of The Entire Lifecycle Of Design

With the increasing applications of embedded devices, consumer digital products, as well as a large number of sensors and other devices,the scale and applications of the Internet is continuing to expand, the influence and global role of the network in our lives is enhanced. But at the same time, the network also faces great security problems, spam, viruses and Trojan horse programs seriously endanger our lives. However, the existing network security measures are mostly aimed at the network perimeter to guard the terminal, the terminal lacks security management within the boundaries, bringing a serious impact on security solutions. Currently, solving network security issues from the endpoint have become a consensus. It has appeared in Cisco's NAC, Microsoft's NAP, TCG's TNC, TNA of TOPSEC, Huawei's EAD and many other terminal security access architecture, intending to solve the problems from the terminal. However, existing programs mostly focus on the integrity of the terminal when it accesses the network, the act after the terminal accesses network lack real-time control, this is not accordant with the actual situation of complex networks.The main contributions of this thesis are as follows after the solutions are researched in detail:1) Aiming at lack of management, an entire life cycle of Trusted Network access and authorization model is proposed, combining usage control model based on TNC specifications. This architecture not only ensure the integrity when the network terminal access the network based on the organization's security policy, but also control the real-time behavior of the terminal through the changes of the properties and reliabilities.2) The integrity of the information is abstracted to the trusted level by fuzzy decision-making synthetic evaluation, and then the trusted level become a crucial part in the decision-making authority, realizing management of the entire life cycle when the terminal accesses the trusted network.3) A new authentication of accessing Trusted Network protocol is proposed. The identity authentication, platform authentication and integrity authentication are used to determine the corresponding permissions of the terminal, the security is proofed by Universally Composable Secure model.4) Application software is developed under the Linux operating system using a TPM simulator based on the model proposed in the thesis. Users can use TPM function through the graphical interfaces. The protocol authentication is proposed and tested in experimental platform.