| The traditional VPN technology only authenticates the user’s legality, not thesafety of the user terminal.If the terminal carries viruses,Trojans or something likethis,such a device is very dangerous if it accesses to the network. The TNC architectureof TCG can provide the function of user authentication and platform integritymeasurement, thereby protecting corporate networks from harm. But TNC is mainlyused in the LAN, it is rarely used in the VPN. This paper studies the "IPsec VPNsystem supporting TNC", that is, to apply the TNC technology to remote accesstechnology-IPsec VPN. This technology will not only make the legitimate of user’sidentity but also the integrity of the platform meet the safety requirements.Firstly, this paper describes the TNC architecture and the IPsec VPNtechnology.Secondly, introduces the EAP extension of IKEv2technology, which makesit support the TNC.On the basis of it, this paper uses strongSwan,TNC@FHH andFREERADIUS to design and built IPsec VPN system to support the EAP messagewhich is needed by TNC.According to security needs, this paper designs andimplements the modules of the BOOTLOADER and firewall security inspection.Atlast, the system was tested in the IPsec VPN environment to achieve userauthentication and platform integrity metrics. |
PDF Full Text Request