| With the continuous development of Internet technology, network security has became more and more important, how to build a trusted network effectively is the most concerned issue in recent years. Since almost all of the attacks are started from the terminal, the research on network connection control based on terminal is particularly important. Trust Network Connect is to extend trust chain to the network on the premise that terminal's hardware security is well protected, so the entire network can be credible and reliable. Trusted terminal access and remote attestation are key issues in the field of Trust Network Connect. The former technology could ensure the individual safety of terminal while the latter could extend trust and the combination of them would ensure the credibility of the entire network. In this paper, we study the drawbacks of existing mechanisms and propose an effective theory to build a trusted network, main work can be concluded into the following three parts:Firstly, to improve the effectiveness of control and remediation of failure access terminals in trusted network, a novel remediation scheme is proposed in this paper. Based on the introduction of a definition of stability of access terminals and the employment of the architecture of trusted network connect (TNC), the proposed remediation scheme can not only realize a dynamic control on terminal's behaviors but also support a trustworthy remediation. Simulation results demonstrate that the proposed scheme is more effective compared with static and integrity-based remediation scheme and significantly improve the speed of remediation.Secondly, since TCG-defined remote attestation is not sufficient for complicated attestation and privacy leaks, a bilinear mapping and property-based attestation scheme named BMPBA was proposed through using BBS+ signature based on bilinear mapping and property-based certificate instead of platform configuration information. Compared with the current remote attestation scheme, the risk of leaking platform configuration information could be better reduced; meanwhile the efficiency of remote attestation could be improved because of the shorter key and higher computing speed. The analysis shows that remote attestation between platforms could be efficiently implemented by using BMPBA, and the security, validity and enforceability of platform attestation also could be guaranteed.Finally, a TNC test environment is designed and implemented in this paper, meanwhile we formulate an effective network security strategy and have some correspondent functional test. The simulation result on terminal stability index shows that the introduction of terminal stability has a profound significance. |
PDF Full Text Request