Novel access and remediation scheme in hierarchical trusted network

Trusted computing technology is expected to guarantee security for network and terminal in future communication environment. In this work, we introduce the concept of trusted attribute to build a novel framework for hierarchical trusted access and feasible remediation. The categorization of trusted attribute is justified primarily in terms of the point in the boot cycle of a system at which the respective attributes are measured. The concept of trusted attribute is extended to the notion of a ''trusted grade'' that is granted by a new added module so-called trusted level division function. Also we give a reasonable example of dividing trusted grades. We discuss the promising applications of our presented framework and the access procedure of terminal. The simulations show that by the proposed framework, not only the security and reliability of network can be ensured, but also the flexibility of terminal to access network is improved. And that the presented framework can provide necessary supports for interoperability of different equipment manufacturers. It also can be concluded that the presented remediation framework is easy to be deployed, by which the convenient and reliable remediation services are able to be offered to those terminals without achieving the security standards of local network.

[1]  Chuang Lin,et al.  TNC-compatible NAC System implemented on Network Processor , 2007, 32nd IEEE Conference on Local Computer Networks (LCN 2007).

[2]  Mark Crosbie Trusted Computing: Trusted Computing - closing that lingering doubt , 2006 .

[3]  Bart Preneel,et al.  Remote attestation on legacy operating systems with trusted platform modules , 2008, Sci. Comput. Program..

[4]  Zhiming Zhang,et al.  A Trust Model Based Cooperation Enforcement Mechanism in Mesh Networks , 2007, Sixth International Conference on Networking (ICN'07).

[5]  Paul England,et al.  NGSCB: A Trusted Open System , 2004, ACISP.

[6]  Ying-Chang Liang,et al.  Cognitive radio network architecture: part II -- trusted network layer structure , 2008, ICUIMC '08.

[7]  Dan Forsberg,et al.  Protocol for Carrying Authentication for Network Access (PANA) , 2008, RFC.

[8]  Nicolai Kuntze,et al.  Protection of DVB Systems by Trusted Computing , 2007, ArXiv.

[9]  Jari Arkko,et al.  Diameter Base Protocol , 2003, RFC.

[10]  G. E. Rizos,et al.  A trusted network model using the lightweight directory access protocol , 2007 .

[11]  Maryline Laurent-Maknavicius,et al.  Handover-Aware Access Control Mechanism: CTP for PANA , 2004, ECUMN.

[12]  Lu Chen,et al.  A New Information Measurement Scheme Based on TPM for Trusted Network Access , 2007, 2007 International Conference on Computational Intelligence and Security Workshops (CISW 2007).

[13]  Nicolai Kuntze,et al.  Trust for Location-Based Authorisation , 2008, 2008 IEEE Wireless Communications and Networking Conference.

[14]  Nicolai Kuntze,et al.  On the Deployment of Mobile Trusted Modules , 2007, 2008 IEEE Wireless Communications and Networking Conference.

[15]  Harsha Sirisena,et al.  Trust-Based Fast Authentication for Multiowner Wireless Networks , 2008, IEEE Transactions on Mobile Computing.

[16]  Ahmad-Reza Sadeghi,et al.  Beyond secure channels , 2007, STC '07.

[17]  Daniel P. Siewiorek,et al.  Industry Trends and Research in Dependable Computing , 2007 .