中国科技核心期刊      中国指挥与控制学会会刊     军事装备类重点期刊
Command Control and Simulation

Command Control and Simulation >

2018 , Vol. 40 >Issue 1: 123 - 127

DOI: https://doi.org/10.3969/j.issn.1673-3819.2018.01.024

Engineering & Application

Intrusion Tolerant Model and Security Protocols of Trusted Network Connection

  • LI Lin-feng ,
  • KONG Xiang-ying ,
  • ZHANG Zhen-hua
Expand
  • Jiangsu Automation Research Institute, Lianyungang 222061, China

Received date: 2017-11-20

  Revised date: 2017-12-10

  Online published: 2022-05-14

Copyright

, 2018, Copyright reserved © 2018. Office of Acta Agronomica Sinica All articles published represent the opinions of the authors, and do not reflect the official policy of the Chinese Medical Association or the Editorial Board, unless this is clearly specified.
Fold

Abstract

In the TNC architecture, there are several limitations that limit the application scenario of the TNC architecture. Concerning the fact that the TNC architecture is lack of invasive treatment, this paper proposed a intrusion tolerant of redundant servers model and a design of security protocols within the servers group in order to improve the reliability of TNC architecture, which still correctly complete the certification in the case of being attacked. Under the assumption that a secure server’s signature couldn’t be tampered with by a hacker, the model used a server cluster instead of a single point authentication server. The server in the cluster completed the authentication synchronously and determined the scope of the secure servers with several rounds of information exchange. Then the proxy server was elected by the secure servers. The proxy server delivered the final authentication results to the policy execution point. Security analysis and efficiency comparision with other protocals show that the model can significantly improve the reliability of trusted network connection architecture, and the time overhead can be accepted while completing security goals.

Key words: trusted network connection(TNC); intrusion tolerance; security analysis; reliability; server cluster

Cite this article

LI Lin-feng , KONG Xiang-ying , ZHANG Zhen-hua . Intrusion Tolerant Model and Security Protocols of Trusted Network Connection[J]. Command Control and Simulation, 2018 , 40(1) : 123 -127 . DOI: 10.3969/j.issn.1673-3819.2018.01.024

References

[1] TCG trusted network connect TNC architecture for interoperability version 1.1 version 1.1[S]. http://www.trustedcomputinggroup.org,2006.
[2] Federated trusted network connect(TNC) version 1.0, Revision 27[EB/OL].[2009-05-18]. https://www.trustedcomputinggroup.org/wp-content/uploads/TNC-Federated-TNC-v1.0-r27.pdf.
[3] TCG trusted network connect TNC architecture for interoperability specification version 1.3[EB/OL].[2008-09-15]. https://www.trustedcomputinggroup.org/specs/TNC.
[4] TCG trusted network connect TNC architecture for interoperability specification version1.4[EB/OL].http://www.trustedcomputinggroup.org/resources/tcg-architecture-overview-version-14, 2009.
[5] TNC IF-TNCCS: Protocol Bindings for SoH, Version 1.0[EB/OL].[2007-05-21]. https://www.trustedcomputinggroup.org/wp-content/uploads/IF-TNCCS-SOH-v1.0-r8.pdf.
[6] TNC IF-PEP: Protocol Bindings for RADIUS Specification, Version 1.1[EB/OL].[2007-02-01]. https://trustedcomputinggroup.org/wp-content/uploads/TNC-IF-PEP-v1.1-rev-0.8.pdf.
[7] TNC IF-IMC Version 1.1, Revision 5[EB/OL].[2006-05-01].https://trustedcomputinggroup.org/wp-content/uploads/TNC-IFIMC-v1-1-r5.pdf.
[8] TNC IF-IMV Version 1.0, Revision 3[EB/OL].[2005-05-03]. https://trustedcomputinggroup.org/wp-content/uploads/TNC-IFIMV-v1-0-r3.pdf.
[9] 张立茹, 鄢楚平, 詹葆荣. 基于EAP-TTLS的可信网络接入认证技术[J]. 计算机与现代化, 2013(10):111-116.
[10] D. Simon, B. Aboba, R Hurst. "The RFC Series and RFC Editor". RFC 5216. Retrieved March, 2008.
[11] 符湘萍, 吴振强. 可信网络接入认证协议的设计与分析[J]. 计算机工程与设计, 2011,32(12):3993-3996.
[12] 魏达, 贾翔鹏, 王健 等. 基于可信证书的可信网络接入模型及实现[J]. 吉林大学学报(工学版), 2010,40(2):496-500.
[13] 赵世军, 冯登国. 基于属性证明的可信网络接入方案[J]. 武汉大学学报(理学版), 2012,58(6):519-525.
[14] Lamport L, Shostak R, Pease M. The byzantine generals problem[J]. ACM Trans on Programming Languages & Systems. 1982,4(3):382-401.
[15] Castro M. Practical byzantine fault tolerance and proactive recovery[J]. ACM Trans on Computer Systems(TOCS). 2002,20(4):398-461.
[16] Cowling J, Myers D, Liskov B, Rodrigues R, Shrira L. HQ replication: A hybrid quorum protocol for Byzantine fault tolerance. In: Proc. of the 7th Symp. on Operating Systems Design and Implementation. Berkeley: USENIX Association, 2006,177.
[17] Kotla R, Alvisi L, Dahlin M, Clement A, Wong E. Zyzzyva: Speculative Byzantine fault tolerance. In: Proc. of the 21st ACM SIGOPS Symp. on Operating Systems Principles. New York: ACM Press, 2007,4558.
[18] GARCIA-MONILA H. Elections in a distributed computing system[J]. IEEE Transactions on Computers, 1982,100(1):48-59.
[19] Lamport L. Paxos Made Simple[J]. ACM SIGACT News, 2001,32(4):18-25.
Options
Outlines

/