1 / 14

TNC Presentation

TNC Presentation. Minneapolis IETF March 10, 2005 John Vollbrecht Meetinghouse Data Communications. TCG Mission. Develop and promote open, vendor-neutral, industry standard specifications for trusted computing building blocks and software interfaces across multiple platforms.

olga-sharpe
Télécharger la présentation

TNC Presentation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TNC Presentation Minneapolis IETF March 10, 2005 John Vollbrecht Meetinghouse Data Communications

  2. TCG Mission Develop and promote open, vendor-neutral, industry standard specifications for trusted computing building blocks and software interfaces across multiple platforms

  3. TCG Organization Board of Directors Jim Ward, IBM, President and Chairman, Geoffrey Strongin, AMD, Mark Schiller, HP, David Riss, Intel, Steve Heil, Microsoft, Tom Tahan, Sun, Nicholas Szeto, Sony, Bob Thibadeau, Seagate, Thomas Hardjono, VeriSign Technical Committee Graeme Proudler, HP Advisory Council Invited Participants Administration VTM, Inc. Marketing Workgroup Brian Berger, Wave Public RelationsAnne Price,PR Works TPM Work Group David Grawrock, Intel Conformance WG Randy Mummert, Atmel Position Key GREEN Box: Elected Officers BLUE Box: Chairs Appointed by Board RED Box: Chairs Nominated by WG, Appointed by Board BLACK Box: Resources Contracted by TCG TSS Work Group David Challener, IBM PC Client WG Monty Wiseman, Intel EventsMarketingSupportVTM, Inc. Infrastructure WG Thomas Hardjono, VerisignNed Smith, Intel Mobile Phone WG Janne Uusilehto, Nokia Peripherals WG Colin Walters, Comodo Hard Copy WG Brian Volkoff, HP (interim) Storage Systems Robert Thibadeau, Seagate Server Specific WG Larry McMahan, HPMarty Nicholes, HP

  4. Technical Workgroups • Technical Committee • Work groups • Trusted Platform Module (TPM) • TPM Software Stack (TSS) • PC Specific Implementation • Peripheral Implementation • Server Specific Implementation • Storage Systems Implementation • Mobile Phone Specific Implementation • Conformance (Common Criteria) • Infrastructure • Trusted Network Connect • Marketing Work Group

  5. 92 Total Members as of January 13, 2005 7 Promoter, 64 Contributor, 21 Adopter Contributors Meetinghouse Data Communications Motorola Inc. National Semiconductor nCipher Network Associates Nokia NTRU Cryptosystems, Inc. NVIDIA OSA Technologies, Inc Philips Phoenix Pointsec Mobile Technologies Renesas Technology Corp. RSA Security, Inc. SafeNet, Inc. Samsung Electronics Co. SCM Microsystems, Inc. Seagate Technology SignaCert, Inc. Sinosun Technology Co., Ltd. Standard Microsystems Corporation STMicroelectronics Sygate Technologies, Inc. Symantec Symbian Ltd Synaptics Inc. Texas Instruments Transmeta Corporation Trend Micro Utimaco Safeware AG VeriSign, Inc. Vernier Networks VIA Technologies, Inc. Vodafone Group Services LTD Wave Systems Zone Labs, Inc. TCG Membership Contributors Agere Systems ARM ATI Technologies Inc. Atmel AuthenTec, Inc. AVAYA Broadcom Corporation Certicom Corp. Comodo Dell, Inc. Endforce, Inc. Ericsson Mobile Platforms AB Extreme Networks France Telecom Group Freescale Semiconductor Fujitsu Limited Fujitsu Siemens Computers Funk Software, Inc. Gemplus Giesecke & Devrient Hitachi, Ltd. Infineon InfoExpress, Inc. iPass Juniper Networks Lenovo Holdings Limited Lexmark International M-Systems Flash Disk Pioneers Promoters AMD Hewlett-Packard IBM Intel Corporation Microsoft Sony Corporation Sun Microsystems, Inc. Adopters BigFix, Inc. Citrix Systems, Inc Enterasys Networks Foundry Networks Inc. Foundstone, Inc. Gateway Industrial Technology Research Institute Interdigital Communications Latis Networks, Inc. MCI Nevis Networks, USA PC Guardian Technologies Sana Security Senforce Technologies, Inc Silicon Integrated Systems Corp. Silicon Storage Technology, Inc. Softex, Inc. Telemidic Co. Ltd. Toshiba Corporation TriCipher, Inc. ULi Electronics Inc.

  6. Overview of TNC • Trusted Network Connection Subgroup • Infrastructure Working Group • Trusted Computing Group (TCG) • http://www.trustedcomputinggroup.org • TNC V1 is being reviewed by TCG • Goal is to release V1 Q2 ‘05 • Goal is to support limited initial interoperability demos at same time • Standards documents become available to non-members when released

  7. TNC Purpose • The Trusted Network Connect Sub Group (TNC-SG) is working to define and promote an open solution architecture that enables network operators to enforce policies regarding endpoint integrity when granting access to a network infrastructure. Endpoint integrity policies may involve integrity parameters spanning a range of system components (hardware, firmware, software and application settings), and may or may not include evidence of a Trusted Platform Module (TPM)

  8. Overview of TNC Server Client Integrity Measurement Verifiers Integrity Measurement Clients Integrity dialog TNC-C TNC-S TNC Dialog TNC Transport Network Access Requestor Network Access Authority PEP data control

  9. TNC Version 1 • TNC Version 1 contains 3 specs • Architecture Spec • Interface from TNC Client to Integrity Measurement Collectors • Interface from TNC Server to Integrity Measurement Verifiers • Future releases will include • TNC-C to TNC-S protocol • Transport Layer requirements for TNC • Mapping of how to carry TNC dialog in EAP

  10. TNC Role • TNC provides a way for remote “verifiers” to check integrity of client elements using client “collectors” • Check is made as part of Access Authorization dialog • Role of interest for this discussion is 802.1X/ EAP Access • Assumption is that TNC dialog is part of EAP dialog

  11. TNC as part of EAP Dialog • Current assumption is that in an 802.1X Access, TNC must be done in an “inner” dialog • If assumption is correct, TNC can only be done inside a “protected” method • can be done in PEAP, TTLS, FAST, -- • Cannot be done in SIM, TLS, MD5, --

  12. TNC as a protected Dialog • Within Protected Method there may be several dialogs - e.g. • May do platform authentication followed by user authentication • May do TNC integrity verification after authentication(s) • Would be helpful to have state machine for how inner dialogs interact

  13. State machine for inner EAPQuestions on Proceeding • Is there a standard way of handling inner dialogs between existing protected methods? • PEAP/ FAST • TTLS • Should Inner dialog be a “common capability” for future “protected” methods? • Are there underlying differences in ways that protected methods support inner dialogs? • E.g. how to handle brokers?

  14. Inner dialogs in Protected methods repeat for each inner dialog

More Related