Research On Trusted Network Connection And Related Architecture

With the rapid development of Internet,safer network security protection is required.The problem of network security is gradually becoming the focus of attention.The traditional security technologies,such as installing firewall, antivirus software and intrusion detection are used to resist the Hacker and virus attacks, but these are not the root cause solution to the security of computer networks. In fact, all the computer invasion attacks are initiated from the personal computer terminal.Therefore,network security technology puts froward a new viewpoint——we should protect the security of the computer terminal directly. This viewpoint ensures the security of network resources to achieve security of the entire network. And network access control technology well statisfy this theory.In the protection of network security, network access control technology has a very important role. It makes full use of existing solutions and new technologies to ensure any device connecting to the protected network must pass the identity authentication and comply with the network security policy. Non-compliant devices are rejected to access or isolated until they have been meet the network security policy.This thesis focuses on three main Network Access Control(NAC) technologies:Microsoft Corp.’s Network Access Protection, Cisco Systems Inc.’s Network Admission Control and Trusted Network Connection by the Trusted Computing group. In comparison of these three technologies, we maily emphasise on their structure and function. At the same time, the TNC and related content are detailing as a separate chapter to lay the foundation for the final prototype system. This paper introduces the following aspects:Firstly, we research and analysis their technical ideas, components and the functional of the components. The thesis emphasis on the TNC information exchange processes and related technologies. Secondly, we compare the three technologies, and summarize their similarities and differences and the unique nature of the TNC technology. Meanwhile, we have extended the analysis of TNC architecture based on TPM TNC architecture, and elaborated the involved trusted platform. Thirdly, we proposed a JAVA program based on the client of trusted platform to extract information of the client. This program improves the efficiency of access authentication by realizing the self-assessment of the client. Finally, we implement a prototype system of TNC with TPM using open source software TPM_Emulator, the IAIK jTSS and libtnc, and build a TNC-server with freeradius-server. Then we run the java program on the system to extract the information and verify the whole system.According to the above analysis, we make the following conclusions, the TNC can be combined with trusted computing technology, therefore more reliable, while its openness makes its prospects more border, more development and greater market. In the TNC architecture based on TPM, the system administrator can acquire first-assess-and-then-access authentication method to raise the efficiency of access authentication and enhance the robustness of the network.