SlideShare a Scribd company logo

Introduction to Trusted Network Connect (TNC

Download as PPT, PDF
H
Houcheng Lee

The document discusses Trusted Network Connect (TNC), which is an open architecture for network access control developed by the Trusted Computing Group. TNC aims to control the integrity of systems connecting to a network by checking both who and what is accessing the network. It uses a client-server model where the TNC Client collects integrity measurements from the endpoint and sends them to the TNC Server for verification against policy rules. If any issues are found, the system may be quarantined or remediated before access is granted. The Trusted Platform Module is discussed as a way to establish the root of trust for integrity measurements collected by the TNC architecture.

Presentations & Public Speaking
1 of 37
Introduction of Trusted Network Connect Houcheng Lee houchen1@umbc.edu May 9, 2007
What is Trusted Computing?
Trusted Computing Group (TCG)
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Promoters AMD Hewlett-Packard IBM Intel Corporation Microsoft Sun Microsystems, Inc. Contributors Adaptec, Inc. Agere Systems American Megatrends, Inc. ARM Atmel AuthenTec, Inc. AVAYA Broadcom Corporation Certicom Corp. Check Point Software, Inc. Citrix Systems, Inc. Comodo Dell, Inc. Endforce, Inc. Ericsson Mobile Platforms AB France Telecom Group Freescale Semiconductor Fujitsu Limited Fujitsu Siemens Computers Trusted Computing Group (TCG) Membership 170 Total Members as of January, 2007 Contributors Funk Software, Inc. General Dynamics C4 Systems Giesecke & Devrient Hitachi, Ltd. Infineon InfoExpress, Inc. InterDigital Communications iPass Lenovo Holdings Limited Lexmark International Lockheed Martin M-Systems Flash Disk Pioneers Maxtor Corporation Meetinghouse Data Communications Mirage Networks Motorola Inc. National Semiconductor nCipher NEC Nevis Networks, USA Nokia NTRU Cryptosystems, Inc. NVIDIA OSA Technologies, Inc Philips Phoenix Pointsec Mobile Technologies Renesas Technology Corp. Ricoh Company LTD RSA Security, Inc. Samsung Electronics Co. SanDisk Corporation SCM Microsystems, Inc. Adopters ConSentry Networks CPR Tools, Inc. Credant Technologies Fiberlink Communications Foundstone, Inc. GuardianEdge ICT Economic Impact Industrial Technology Research Institute Infosec Corporation Integrated Technology Express Inc. LANDesk Lockdown Networks Marvell Semiconductor, Inc. MCI Meganet Corporation Roving Planet SafeBoot Safend Sana Security Secure Elements Senforce Technologies, Inc SII Network Systems, Inc. Silicon Storage Technology, Inc. Softex, Inc. StillSecure Swan Island Networks, Inc. Symwave Telemidic Co. Ltd. Toppan Printing Co., Ltd. Trusted Network Technologies ULi Electronics Inc. Valicore Technologies, Inc. Websense Contributors Seagate Technology Siemens AG SignaCert, Inc. Silicon Integrated Systems Corp. Sinosun Technology Co., Ltd. SMSC Sony Corporation STMicroelectronics Symantec Symbian Ltd Synaptics Inc. Texas Instruments Toshiba Corporation TriCipher, Inc. Unisys UPEK, Inc. Utimaco Safeware AG VeriSign, Inc. Vernier Networks Vodafone Group Services LTD Wave Systems Winbond Electronics Corporation Adopters Advanced Network Technology Labs Apani Networks Apere, Inc. ATI Technologies Inc. BigFix, Inc. BlueRISC, Inc. Bradford Networks Caymas Systems Cirond
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TCG Key Players
Trusted Platform Module (TPM)
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Trusted Platform Module (TPM) Introduction  What is a TPM?  A Hardware  What it does? V1.2 functions, including: •stores OS status information •generates/stores a private key •creates digital signatures •anchors chain of trust for keys, digital certificates, and other credentials
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TPM – TCG Definition  Asymmetric Key Module  Generate, store & backup public/private key pairs  Generate digital signatures, encrypt/decrypt data  Trusted Boot Configuration  Storage of software digests during boot process  Anonymous Attestation  Endorsement key used to establish properties of multiple identity keys  TPM Management  Turn it on/off, ownership / configure functions, etc.
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TPM – Abstract Definition  Root of Trust in a PC  Operations or actions based on the TPM have measurable trust.  Flexible usage model permits a wide range of actions to be defined.  Doesn’t Control PC (About DRM)  User still has complete control over platform. It’s OK to turn the TPM off (it ships disabled).  User is free to install any software he/she pleases.
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Why Not Software?  Software is hard to secure.  Ultimately, it is usually based on something stored in a relatively insecure location (like the hard drive).  Soft data can be copied.  Lets an attacker take more time or apply more equipment to the attack procedure.  Security can’t be measured.  Two users running same software operation may see radically different risks.
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TPM Measurement flow
Trusted Network Connection (TNC)
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. What is TNC?  Open Architecture for Network Access Control  Suite of Standards  Developed by Trusted Computing Group
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Network Endpoint Problem  Sophisticated Attacks  Viruses, Worms, Spyware, Rootkits, Botnets  Zero-Day Exploits  Targeted Attacks  Rapid Infection Speed  Exponential Growth  > 40,000,000 Infected Machines  > 35,000 Malware Varieties  Motivated Attackers (Bank Crackers)  Any vulnerable computer is a stepping stone
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Key Computing Trends Drive the Need for TNC TREND  Increasing network span to mobile workers, customers, partners, suppliers  Network clients moving to wireless access  Malware increasingly targeting network via valid client infection  New malware threats emerging at an increasing rate IMPLICATION  Less reliance on physical access identity verification (i.e. guards & badges)  Remote access sequences easily monitored, cloned  Clients ‘innocently” infect entire networks  Client scanning demands move from once/week to once/login
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Network Integrity Architectures  Several Initiatives are pursuing Network Integrity Architectures  All provide the ability to check integrity of objects accessing the network  [Cisco] Network Admission Control (NAC)  [Microsoft] Network Access Protocol (NAP)  [TCG] Trusted Network Connect (TNC)  Support multi-vendor interoperability  Leverage existing standards  Empower enterprises with choice
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Trusted Network Connect Advantages Open standards  Open standards process  multi-vendor compatibility  Enable customer choice  open technical review  Integrates with established protocols like EAP, TLS, 802.1X, and IPsec Incorporates Trusted Computing Concepts - guarding the guard
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.  Moving from “who” is allowed on the network  User authentication  To “who” and “what” is allowed on the network  Adding Platform Integrity verification Controlling Integrity of What is on the Network
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Check at connect time - Who are you - - What is on your computer User DB + Integrity DB Can I connect? Access control dialog Enterprise Net QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture.
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Quarantine and Remediation No I am quarantining you Try again when you’re fixed up Remediation Server Access control dialog data User DB + Integrity DB Can I connect? Enterprise Net Quarantine Net QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture.
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TNC Architecture
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TNC Architecture VerifiersVerifiers t Collector Collector Integrity Measurement Collectors (IMC) Integrity Measurement Verifiers (IMV) Network Access Requestor Policy Enforcement Point (PEP) Network Access Authority TNC Server (TNCS) Policy Decision Point TSS TPM Platform Trust Service (PTS) TNC Client (TNCC) Peer Relationship Peer Relationship (IF-TNCCS) (IF-T) (IF-M) Policy Enforcement Point Access Requestor (IF-IMC) (IF-IMV) (IF-PTS) (IF-PEP)
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Endpoint Integrity Policy  Machine Health  Anti-Virus software running and properly configured  Recent scan shows no malware  Personal Firewall running and properly configured  Patches up-to-date  No authorized software  Machine Behavior  No porting scanning, sending spam, etc.
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Examples of Integrity Checks  Virus scan  Is virus scanner present/ which version  Has it run “recently” / what is the result  Spyware checking  Is Spyware checker running/ what version  Have programs been deleted/isolated  What is your OS patch level  Is unauthorized software present?  Other - IDS logs, evidence of port scanning
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Network Operator Access Policy  Define policy for what must be checked  e.g. Virus, Spyware and OS Patch level and results of checks  e.g. Must run  VirusC- version 3.2 or higher, clean result  SPYX- version 1.5 or higher  Patchchk - version 6.2 or higher, patchlevel-3 or newer
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TNC Scenario (Anti-Virus) Sequence 1) Harvesting 2) Policy authoring 3) Collection 4) Reporting 5) Evaluation 6) Enforcement 7) Remediation TNC Server TNC Client Anti-Virus Services AV-IMC Network Access Requestor Network Access Authority Other IMCs AV-IMV Other IMVs Policies 2 AR PDP Integrity Measurements4 Control Request 6 Policy Decision 5 Baseline Measurements 1 Embedded AV configuration AV engine AV definitions 3 Measured
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Anti-virus Collector Patch mgt Collector firewall Collector Platform trust Collector Anti-virus Verifier Patch mgt Verifier firewall Verifier Platform trust Verifier TNC Client TNC Server IF-T - Messages are batched by TNCC/ TNCS - Either side can start batched exchange - IMC/IMV may subscribe to multiple message types - Exchanges of TNC batches called handshake TNC Model for Exchanging Integrity Data
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Authorized Access Only JoeK Guest LynnP Hacker_Cindi Access Requestor Policy Decision Point Policy Enforcement Point Authorized Users JoeK NoelC KathyR LynnP Access Denied Access Denied
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Corporate SW Requirements Compliant System Windows XP SP2 OSHotFix 2499 OSHotFix 9288 AV - Symantec AV 10.1 Firewall Non-compliant System Windows XP SP2 xOSHotFix 2499 xOSHotFix 9288 AV - McAfee Virus Scan 8.0 Firewall Corporate Network R em ediation N etw ork Access Requestor Policy Decision Point Policy Enforcement Point Client Rules Windows XP •SP2 •OSHotFix 2499 •OSHotFix 9288 •AV (one of) •Symantec AV 10.1 •McAfee Virus Scan 8.0 •Firewall
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Customized Network Access Ken – R&D Guest User Access Requestor Policy Decision Point Policy Enforcement Point Finance Network R&D Network Linda – Finance Windows XP OS Hotfix 9345 OS Hotfix 8834 AV - Symantec AV 10.1 Firewall Guest NetworkInter net Only Access Policies •Authorized Users •Client Rules
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Platform Trust Services PTS  IF-PTS evaluates the integrity of TNC components and makes integrity reports available to the TNCC and TNCS  The PTS establishes the integrity state of the TNC framework and binds this state to the platform transitive-trust chain  PTS IMC collects integrity information about TNC elements and sends to PTS IMV  PTS IMV has information (probably from vendors) on expected values for IMCs and other TNC and verifies received values
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TPM Integrity Check Compliant System TPM verified BIOS OS Drivers Anti-Virus SW Corp LAN Access Requestor Policy Decision Point Policy Enforcement Point Client Rules TPM enabled •BIOS •OS •Drivers •Anti-Virus SW TPM – Trusted Platform Module • HW module built into most of today’s PCs • Enables a HW Root of Trust • Measures critical components during trusted boot • PTS-IMC interface allows PDP to verify configuration and remediate as necessary
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TNC Architecture – Existing Support Endpoint Supplicant/VPN Client, etc. Network Device FW, Switch, Router, Gateway Access Requestor Policy Decision Point Policy Enforcement Point AAA Server, Radius, Diameter, IIS, etc
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TPM Use Cases - Government & Regulatory  National Security Agency  Full drive encryption  TCG for compatibility  U.S. Army  Network Enterprise Technology Command now requires TPM 1.2 on new computers  F.D.I.C.  Promotes TPM usage to member banks
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TPM Use Cases – Realistic Projects  Pharmacy Company  With VPN over public network, put TPMs on all clients  Access dependent on digital certificate  Verifies both user and machine  Hardware and software from Lenovo  Japanese Health Care Projects  Obligation to preserve data; METI funded  Fujitsu’s TNC deployment verifies HW and app config for session of broadband telemedicine  Hitachi’s TPM-based system for home health care  IBM’s Trusted Virtual Domains  MicroSoft Vista BitLocker
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Thank you Question?
Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Reference  Trusted Computing Group (TCG) - https://www.trustedcomputinggroup.org/home  Trusted Network Connection (TNC) - https://www.trustedcomputinggroup.org/groups/ne

Recommended

Comp tia a+_session_15
Comp tia a+_session_15Comp tia a+_session_15
Comp tia a+_session_15Niit Care
 
Knorr-Bremse Group Strong Authentication Case Study
Knorr-Bremse Group Strong Authentication Case StudyKnorr-Bremse Group Strong Authentication Case Study
Knorr-Bremse Group Strong Authentication Case StudySafeNet
 
C90 Security Service
C90 Security ServiceC90 Security Service
C90 Security Servicechristoboshoff
 
Altiris IT Management Suite 7
Altiris IT Management Suite 7Altiris IT Management Suite 7
Altiris IT Management Suite 7Symantec
 
ITE - Chapter 10
ITE - Chapter 10ITE - Chapter 10
ITE - Chapter 10Irsandi Hasan
 
Air defense wireless_vulnerability_assessement_module_spec_sheet
Air defense wireless_vulnerability_assessement_module_spec_sheetAir defense wireless_vulnerability_assessement_module_spec_sheet
Air defense wireless_vulnerability_assessement_module_spec_sheetAdvantec Distribution
 
Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011chaucheckpoint
 
Secure nets-and-data
Secure nets-and-dataSecure nets-and-data
Secure nets-and-dataKevin Mayo
 

Recommended

Comp tia a+_session_15
Comp tia a+_session_15Comp tia a+_session_15
Comp tia a+_session_15Niit Care
 
Knorr-Bremse Group Strong Authentication Case Study
Knorr-Bremse Group Strong Authentication Case StudyKnorr-Bremse Group Strong Authentication Case Study
Knorr-Bremse Group Strong Authentication Case StudySafeNet
 
C90 Security Service
C90 Security ServiceC90 Security Service
C90 Security Servicechristoboshoff
 
Altiris IT Management Suite 7
Altiris IT Management Suite 7Altiris IT Management Suite 7
Altiris IT Management Suite 7Symantec
 
ITE - Chapter 10
ITE - Chapter 10ITE - Chapter 10
ITE - Chapter 10Irsandi Hasan
 
Air defense wireless_vulnerability_assessement_module_spec_sheet
Air defense wireless_vulnerability_assessement_module_spec_sheetAir defense wireless_vulnerability_assessement_module_spec_sheet
Air defense wireless_vulnerability_assessement_module_spec_sheetAdvantec Distribution
 
Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011chaucheckpoint
 
Secure nets-and-data
Secure nets-and-dataSecure nets-and-data
Secure nets-and-dataKevin Mayo
 
Comp tia n+_session_09
Comp tia n+_session_09Comp tia n+_session_09
Comp tia n+_session_09Niit Care
 
Regulatory Compliance Financial Institution
Regulatory Compliance Financial InstitutionRegulatory Compliance Financial Institution
Regulatory Compliance Financial InstitutionApani Enterprise Security Software
 
Breakingpoint Application Threat and Intelligence (ATI) Program
Breakingpoint Application Threat and Intelligence (ATI) ProgramBreakingpoint Application Threat and Intelligence (ATI) Program
Breakingpoint Application Threat and Intelligence (ATI) ProgramIxia
 
NIST Definition of Cloud Computing
NIST Definition of Cloud ComputingNIST Definition of Cloud Computing
NIST Definition of Cloud ComputingScientia Groups
 
Reducing Cost and Complexity with Industrial System Consolidation
Reducing Cost and Complexity with Industrial System ConsolidationReducing Cost and Complexity with Industrial System Consolidation
Reducing Cost and Complexity with Industrial System ConsolidationIntel IoT
 
OCS LIA
OCS LIAOCS LIA
OCS LIAsimoninsa
 
Intel Gateway Solutions for the Internet of Things
Intel Gateway Solutions for the Internet of ThingsIntel Gateway Solutions for the Internet of Things
Intel Gateway Solutions for the Internet of ThingsIntel IoT
 
BreakingPoint FireStorm CTM Datasheet
BreakingPoint FireStorm CTM DatasheetBreakingPoint FireStorm CTM Datasheet
BreakingPoint FireStorm CTM DatasheetIxia
 
Symantec control compliance suite
Symantec control compliance suiteSymantec control compliance suite
Symantec control compliance suiteSymantec
 
Windows 7 security enhancements
Windows 7 security enhancementsWindows 7 security enhancements
Windows 7 security enhancementsNarenda Wicaksono
 
SPS Enterprise Family
SPS Enterprise FamilySPS Enterprise Family
SPS Enterprise FamilySymantec
 
Comguard expanding-portfolio
Comguard expanding-portfolioComguard expanding-portfolio
Comguard expanding-portfolioxband
 
Air defense services_platform_spec_sheet
Air defense services_platform_spec_sheetAir defense services_platform_spec_sheet
Air defense services_platform_spec_sheetAdvantec Distribution
 
VSD Infotech
VSD InfotechVSD Infotech
VSD InfotechVSD infotech
 
BreakingPoint 3G Testing Data Sheet
BreakingPoint 3G Testing Data SheetBreakingPoint 3G Testing Data Sheet
BreakingPoint 3G Testing Data SheetIxia
 
Personal identity information protection
Personal identity information protectionPersonal identity information protection
Personal identity information protectionApani Enterprise Security Software
 
HyTrust-FISMA Compliance in the Virtual Data Center
HyTrust-FISMA Compliance in the Virtual Data CenterHyTrust-FISMA Compliance in the Virtual Data Center
HyTrust-FISMA Compliance in the Virtual Data CenterHyTrust
 
Air defense ap_test_spec_sheet
Air defense ap_test_spec_sheetAir defense ap_test_spec_sheet
Air defense ap_test_spec_sheetAdvantec Distribution
 
VMware vShield - Overview
VMware vShield - OverviewVMware vShield - Overview
VMware vShield - OverviewIrsandi Hasan
 
Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify PillarEd Wong
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
Abbie Barbir Tcg Final
Abbie Barbir Tcg FinalAbbie Barbir Tcg Final
Abbie Barbir Tcg FinalAbbie Barbir
 

More Related Content

What's hot

Comp tia n+_session_09
Comp tia n+_session_09Comp tia n+_session_09
Comp tia n+_session_09Niit Care
 
Breakingpoint Application Threat and Intelligence (ATI) Program
Breakingpoint Application Threat and Intelligence (ATI) ProgramBreakingpoint Application Threat and Intelligence (ATI) Program
Breakingpoint Application Threat and Intelligence (ATI) ProgramIxia
 
NIST Definition of Cloud Computing
NIST Definition of Cloud ComputingNIST Definition of Cloud Computing
NIST Definition of Cloud ComputingScientia Groups
 
Reducing Cost and Complexity with Industrial System Consolidation
Reducing Cost and Complexity with Industrial System ConsolidationReducing Cost and Complexity with Industrial System Consolidation
Reducing Cost and Complexity with Industrial System ConsolidationIntel IoT
 
Intel Gateway Solutions for the Internet of Things
Intel Gateway Solutions for the Internet of ThingsIntel Gateway Solutions for the Internet of Things
Intel Gateway Solutions for the Internet of ThingsIntel IoT
 
BreakingPoint FireStorm CTM Datasheet
BreakingPoint FireStorm CTM DatasheetBreakingPoint FireStorm CTM Datasheet
BreakingPoint FireStorm CTM DatasheetIxia
 
Symantec control compliance suite
Symantec control compliance suiteSymantec control compliance suite
Symantec control compliance suiteSymantec
 
Windows 7 security enhancements
Windows 7 security enhancementsWindows 7 security enhancements
Windows 7 security enhancementsNarenda Wicaksono
 
SPS Enterprise Family
SPS Enterprise FamilySPS Enterprise Family
SPS Enterprise FamilySymantec
 
Comguard expanding-portfolio
Comguard expanding-portfolioComguard expanding-portfolio
Comguard expanding-portfolioxband
 
Air defense services_platform_spec_sheet
Air defense services_platform_spec_sheetAir defense services_platform_spec_sheet
Air defense services_platform_spec_sheetAdvantec Distribution
 
BreakingPoint 3G Testing Data Sheet
BreakingPoint 3G Testing Data SheetBreakingPoint 3G Testing Data Sheet
BreakingPoint 3G Testing Data SheetIxia
 
HyTrust-FISMA Compliance in the Virtual Data Center
HyTrust-FISMA Compliance in the Virtual Data CenterHyTrust-FISMA Compliance in the Virtual Data Center
HyTrust-FISMA Compliance in the Virtual Data CenterHyTrust
 
VMware vShield - Overview
VMware vShield - OverviewVMware vShield - Overview
VMware vShield - OverviewIrsandi Hasan
 
Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify PillarEd Wong
 

What's hot (20)

Comp tia n+_session_09
Comp tia n+_session_09Comp tia n+_session_09
Comp tia n+_session_09
 
Regulatory Compliance Financial Institution
Regulatory Compliance Financial InstitutionRegulatory Compliance Financial Institution
Regulatory Compliance Financial Institution
 
Breakingpoint Application Threat and Intelligence (ATI) Program
Breakingpoint Application Threat and Intelligence (ATI) ProgramBreakingpoint Application Threat and Intelligence (ATI) Program
Breakingpoint Application Threat and Intelligence (ATI) Program
 
NIST Definition of Cloud Computing
NIST Definition of Cloud ComputingNIST Definition of Cloud Computing
NIST Definition of Cloud Computing
 
Reducing Cost and Complexity with Industrial System Consolidation
Reducing Cost and Complexity with Industrial System ConsolidationReducing Cost and Complexity with Industrial System Consolidation
Reducing Cost and Complexity with Industrial System Consolidation
 
OCS LIA
OCS LIAOCS LIA
OCS LIA
 
Intel Gateway Solutions for the Internet of Things
Intel Gateway Solutions for the Internet of ThingsIntel Gateway Solutions for the Internet of Things
Intel Gateway Solutions for the Internet of Things
 
BreakingPoint FireStorm CTM Datasheet
BreakingPoint FireStorm CTM DatasheetBreakingPoint FireStorm CTM Datasheet
BreakingPoint FireStorm CTM Datasheet
 
Symantec control compliance suite
Symantec control compliance suiteSymantec control compliance suite
Symantec control compliance suite
 
Windows 7 security enhancements
Windows 7 security enhancementsWindows 7 security enhancements
Windows 7 security enhancements
 
SPS Enterprise Family
SPS Enterprise FamilySPS Enterprise Family
SPS Enterprise Family
 
Comguard expanding-portfolio
Comguard expanding-portfolioComguard expanding-portfolio
Comguard expanding-portfolio
 
Air defense services_platform_spec_sheet
Air defense services_platform_spec_sheetAir defense services_platform_spec_sheet
Air defense services_platform_spec_sheet
 
VSD Infotech
VSD InfotechVSD Infotech
VSD Infotech
 
BreakingPoint 3G Testing Data Sheet
BreakingPoint 3G Testing Data SheetBreakingPoint 3G Testing Data Sheet
BreakingPoint 3G Testing Data Sheet
 
Personal identity information protection
Personal identity information protectionPersonal identity information protection
Personal identity information protection
 
HyTrust-FISMA Compliance in the Virtual Data Center
HyTrust-FISMA Compliance in the Virtual Data CenterHyTrust-FISMA Compliance in the Virtual Data Center
HyTrust-FISMA Compliance in the Virtual Data Center
 
Air defense ap_test_spec_sheet
Air defense ap_test_spec_sheetAir defense ap_test_spec_sheet
Air defense ap_test_spec_sheet
 
VMware vShield - Overview
VMware vShield - OverviewVMware vShield - Overview
VMware vShield - Overview
 
Hp Fortify Pillar
Hp Fortify PillarHp Fortify Pillar
Hp Fortify Pillar
 

Similar to Introduction to Trusted Network Connect (TNC

Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
Abbie Barbir Tcg Final
Abbie Barbir Tcg FinalAbbie Barbir Tcg Final
Abbie Barbir Tcg FinalAbbie Barbir
 
Why TPM in Automotive?
Why TPM in Automotive?Why TPM in Automotive?
Why TPM in Automotive?Alan Tatourian
 
Secure Trustworthy Enterprise
Secure Trustworthy EnterpriseSecure Trustworthy Enterprise
Secure Trustworthy EnterpriseDMIMarketing
 
IT Pros and The Cloud
IT Pros and The CloudIT Pros and The Cloud
IT Pros and The CloudStephen Rose
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solutionmatthew.maisel
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VRISC-V International
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 
The infrastructure and the Security Essentials of Information Technology in a...
The infrastructure and the Security Essentials of Information Technology in a...The infrastructure and the Security Essentials of Information Technology in a...
The infrastructure and the Security Essentials of Information Technology in a...adeel hamid
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesKrishna Chennareddy
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1bora.gungoren
 
Trusted Computing _plate form_ model.ppt
Trusted Computing _plate form_ model.pptTrusted Computing _plate form_ model.ppt
Trusted Computing _plate form_ model.pptnaghamallella
 
Tech trendnotes
Tech trendnotesTech trendnotes
Tech trendnotesStudying
 
CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11Nil Menon
 
How to deploy Windows Mobile to 40,000 users
How to deploy Windows Mobile to 40,000 usersHow to deploy Windows Mobile to 40,000 users
How to deploy Windows Mobile to 40,000 usersjasonlan
 

Similar to Introduction to Trusted Network Connect (TNC (20)

Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
Abbie Barbir Tcg Final
Abbie Barbir Tcg FinalAbbie Barbir Tcg Final
Abbie Barbir Tcg Final
 
Why TPM in Automotive?
Why TPM in Automotive?Why TPM in Automotive?
Why TPM in Automotive?
 
Secure Trustworthy Enterprise
Secure Trustworthy EnterpriseSecure Trustworthy Enterprise
Secure Trustworthy Enterprise
 
IT Pros and The Cloud
IT Pros and The CloudIT Pros and The Cloud
IT Pros and The Cloud
 
The 300 Leonidas Solution
The 300 Leonidas SolutionThe 300 Leonidas Solution
The 300 Leonidas Solution
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
 
50120140502015
5012014050201550120140502015
50120140502015
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 
The infrastructure and the Security Essentials of Information Technology in a...
The infrastructure and the Security Essentials of Information Technology in a...The infrastructure and the Security Essentials of Information Technology in a...
The infrastructure and the Security Essentials of Information Technology in a...
 
5691 computer network career
5691 computer network career5691 computer network career
5691 computer network career
 
DDS Secure Intro
DDS Secure IntroDDS Secure Intro
DDS Secure Intro
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討
 
Operational Technology Security Solution for Utilities
Operational Technology Security Solution for UtilitiesOperational Technology Security Solution for Utilities
Operational Technology Security Solution for Utilities
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
 
Trusted Computing _plate form_ model.ppt
Trusted Computing _plate form_ model.pptTrusted Computing _plate form_ model.ppt
Trusted Computing _plate form_ model.ppt
 
Tech trendnotes
Tech trendnotesTech trendnotes
Tech trendnotes
 
Sutedjo - Introduction to Cloud
Sutedjo - Introduction to CloudSutedjo - Introduction to Cloud
Sutedjo - Introduction to Cloud
 
CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11CCNA 1 Routing and Switching v5.0 Chapter 11
CCNA 1 Routing and Switching v5.0 Chapter 11
 
How to deploy Windows Mobile to 40,000 users
How to deploy Windows Mobile to 40,000 usersHow to deploy Windows Mobile to 40,000 users
How to deploy Windows Mobile to 40,000 users
 

Recently uploaded

Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝soniya singh
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxFamilyWorshipCenterD
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxBasil Achie
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation TrackSBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation TrackSebastiano Panichella
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfakankshagupta7348026
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxmavinoikein
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)Basil Achie
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfhenrik385807
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@vikas rana
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSebastiano Panichella
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )Pooja Nehwal
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringSebastiano Panichella
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...NETWAYS
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 

Recently uploaded (20)

Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
Call Girls in Sarojini Nagar Market Delhi 💯 Call Us 🔝8264348440🔝
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
 
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptxLANDMARKS AND MONUMENTS IN NIGERIA.pptx
LANDMARKS AND MONUMENTS IN NIGERIA.pptx
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation TrackSBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
SBFT Tool Competition 2024 - CPS-UAV Test Case Generation Track
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdf
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptx
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation Track
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software Engineering
 
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
Open Source Camp Kubernetes 2024 | Running WebAssembly on Kubernetes by Alex ...
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 

Introduction to Trusted Network Connect (TNC

  • 1. Introduction of Trusted Network Connect Houcheng Lee houchen1@umbc.edu May 9, 2007
  • 2. What is Trusted Computing?
  • 4. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Promoters AMD Hewlett-Packard IBM Intel Corporation Microsoft Sun Microsystems, Inc. Contributors Adaptec, Inc. Agere Systems American Megatrends, Inc. ARM Atmel AuthenTec, Inc. AVAYA Broadcom Corporation Certicom Corp. Check Point Software, Inc. Citrix Systems, Inc. Comodo Dell, Inc. Endforce, Inc. Ericsson Mobile Platforms AB France Telecom Group Freescale Semiconductor Fujitsu Limited Fujitsu Siemens Computers Trusted Computing Group (TCG) Membership 170 Total Members as of January, 2007 Contributors Funk Software, Inc. General Dynamics C4 Systems Giesecke & Devrient Hitachi, Ltd. Infineon InfoExpress, Inc. InterDigital Communications iPass Lenovo Holdings Limited Lexmark International Lockheed Martin M-Systems Flash Disk Pioneers Maxtor Corporation Meetinghouse Data Communications Mirage Networks Motorola Inc. National Semiconductor nCipher NEC Nevis Networks, USA Nokia NTRU Cryptosystems, Inc. NVIDIA OSA Technologies, Inc Philips Phoenix Pointsec Mobile Technologies Renesas Technology Corp. Ricoh Company LTD RSA Security, Inc. Samsung Electronics Co. SanDisk Corporation SCM Microsystems, Inc. Adopters ConSentry Networks CPR Tools, Inc. Credant Technologies Fiberlink Communications Foundstone, Inc. GuardianEdge ICT Economic Impact Industrial Technology Research Institute Infosec Corporation Integrated Technology Express Inc. LANDesk Lockdown Networks Marvell Semiconductor, Inc. MCI Meganet Corporation Roving Planet SafeBoot Safend Sana Security Secure Elements Senforce Technologies, Inc SII Network Systems, Inc. Silicon Storage Technology, Inc. Softex, Inc. StillSecure Swan Island Networks, Inc. Symwave Telemidic Co. Ltd. Toppan Printing Co., Ltd. Trusted Network Technologies ULi Electronics Inc. Valicore Technologies, Inc. Websense Contributors Seagate Technology Siemens AG SignaCert, Inc. Silicon Integrated Systems Corp. Sinosun Technology Co., Ltd. SMSC Sony Corporation STMicroelectronics Symantec Symbian Ltd Synaptics Inc. Texas Instruments Toshiba Corporation TriCipher, Inc. Unisys UPEK, Inc. Utimaco Safeware AG VeriSign, Inc. Vernier Networks Vodafone Group Services LTD Wave Systems Winbond Electronics Corporation Adopters Advanced Network Technology Labs Apani Networks Apere, Inc. ATI Technologies Inc. BigFix, Inc. BlueRISC, Inc. Bradford Networks Caymas Systems Cirond
  • 5. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TCG Key Players
  • 7. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Trusted Platform Module (TPM) Introduction  What is a TPM?  A Hardware  What it does? V1.2 functions, including: •stores OS status information •generates/stores a private key •creates digital signatures •anchors chain of trust for keys, digital certificates, and other credentials
  • 8. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TPM – TCG Definition  Asymmetric Key Module  Generate, store & backup public/private key pairs  Generate digital signatures, encrypt/decrypt data  Trusted Boot Configuration  Storage of software digests during boot process  Anonymous Attestation  Endorsement key used to establish properties of multiple identity keys  TPM Management  Turn it on/off, ownership / configure functions, etc.
  • 9. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TPM – Abstract Definition  Root of Trust in a PC  Operations or actions based on the TPM have measurable trust.  Flexible usage model permits a wide range of actions to be defined.  Doesn’t Control PC (About DRM)  User still has complete control over platform. It’s OK to turn the TPM off (it ships disabled).  User is free to install any software he/she pleases.
  • 10. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Why Not Software?  Software is hard to secure.  Ultimately, it is usually based on something stored in a relatively insecure location (like the hard drive).  Soft data can be copied.  Lets an attacker take more time or apply more equipment to the attack procedure.  Security can’t be measured.  Two users running same software operation may see radically different risks.
  • 11. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TPM Measurement flow
  • 13. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. What is TNC?  Open Architecture for Network Access Control  Suite of Standards  Developed by Trusted Computing Group
  • 14. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Network Endpoint Problem  Sophisticated Attacks  Viruses, Worms, Spyware, Rootkits, Botnets  Zero-Day Exploits  Targeted Attacks  Rapid Infection Speed  Exponential Growth  > 40,000,000 Infected Machines  > 35,000 Malware Varieties  Motivated Attackers (Bank Crackers)  Any vulnerable computer is a stepping stone
  • 15. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Key Computing Trends Drive the Need for TNC TREND  Increasing network span to mobile workers, customers, partners, suppliers  Network clients moving to wireless access  Malware increasingly targeting network via valid client infection  New malware threats emerging at an increasing rate IMPLICATION  Less reliance on physical access identity verification (i.e. guards & badges)  Remote access sequences easily monitored, cloned  Clients ‘innocently” infect entire networks  Client scanning demands move from once/week to once/login
  • 16. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Network Integrity Architectures  Several Initiatives are pursuing Network Integrity Architectures  All provide the ability to check integrity of objects accessing the network  [Cisco] Network Admission Control (NAC)  [Microsoft] Network Access Protocol (NAP)  [TCG] Trusted Network Connect (TNC)  Support multi-vendor interoperability  Leverage existing standards  Empower enterprises with choice
  • 17. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Trusted Network Connect Advantages Open standards  Open standards process  multi-vendor compatibility  Enable customer choice  open technical review  Integrates with established protocols like EAP, TLS, 802.1X, and IPsec Incorporates Trusted Computing Concepts - guarding the guard
  • 18. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners.  Moving from “who” is allowed on the network  User authentication  To “who” and “what” is allowed on the network  Adding Platform Integrity verification Controlling Integrity of What is on the Network
  • 19. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Check at connect time - Who are you - - What is on your computer User DB + Integrity DB Can I connect? Access control dialog Enterprise Net QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture.
  • 20. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Quarantine and Remediation No I am quarantining you Try again when you’re fixed up Remediation Server Access control dialog data User DB + Integrity DB Can I connect? Enterprise Net Quarantine Net QuickTime™ and a TIFF (Uncompressed) decompressor are needed to see this picture.
  • 21. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TNC Architecture
  • 22. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TNC Architecture VerifiersVerifiers t Collector Collector Integrity Measurement Collectors (IMC) Integrity Measurement Verifiers (IMV) Network Access Requestor Policy Enforcement Point (PEP) Network Access Authority TNC Server (TNCS) Policy Decision Point TSS TPM Platform Trust Service (PTS) TNC Client (TNCC) Peer Relationship Peer Relationship (IF-TNCCS) (IF-T) (IF-M) Policy Enforcement Point Access Requestor (IF-IMC) (IF-IMV) (IF-PTS) (IF-PEP)
  • 23. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Endpoint Integrity Policy  Machine Health  Anti-Virus software running and properly configured  Recent scan shows no malware  Personal Firewall running and properly configured  Patches up-to-date  No authorized software  Machine Behavior  No porting scanning, sending spam, etc.
  • 24. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Examples of Integrity Checks  Virus scan  Is virus scanner present/ which version  Has it run “recently” / what is the result  Spyware checking  Is Spyware checker running/ what version  Have programs been deleted/isolated  What is your OS patch level  Is unauthorized software present?  Other - IDS logs, evidence of port scanning
  • 25. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Network Operator Access Policy  Define policy for what must be checked  e.g. Virus, Spyware and OS Patch level and results of checks  e.g. Must run  VirusC- version 3.2 or higher, clean result  SPYX- version 1.5 or higher  Patchchk - version 6.2 or higher, patchlevel-3 or newer
  • 26. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TNC Scenario (Anti-Virus) Sequence 1) Harvesting 2) Policy authoring 3) Collection 4) Reporting 5) Evaluation 6) Enforcement 7) Remediation TNC Server TNC Client Anti-Virus Services AV-IMC Network Access Requestor Network Access Authority Other IMCs AV-IMV Other IMVs Policies 2 AR PDP Integrity Measurements4 Control Request 6 Policy Decision 5 Baseline Measurements 1 Embedded AV configuration AV engine AV definitions 3 Measured
  • 27. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Anti-virus Collector Patch mgt Collector firewall Collector Platform trust Collector Anti-virus Verifier Patch mgt Verifier firewall Verifier Platform trust Verifier TNC Client TNC Server IF-T - Messages are batched by TNCC/ TNCS - Either side can start batched exchange - IMC/IMV may subscribe to multiple message types - Exchanges of TNC batches called handshake TNC Model for Exchanging Integrity Data
  • 28. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Authorized Access Only JoeK Guest LynnP Hacker_Cindi Access Requestor Policy Decision Point Policy Enforcement Point Authorized Users JoeK NoelC KathyR LynnP Access Denied Access Denied
  • 29. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Corporate SW Requirements Compliant System Windows XP SP2 OSHotFix 2499 OSHotFix 9288 AV - Symantec AV 10.1 Firewall Non-compliant System Windows XP SP2 xOSHotFix 2499 xOSHotFix 9288 AV - McAfee Virus Scan 8.0 Firewall Corporate Network R em ediation N etw ork Access Requestor Policy Decision Point Policy Enforcement Point Client Rules Windows XP •SP2 •OSHotFix 2499 •OSHotFix 9288 •AV (one of) •Symantec AV 10.1 •McAfee Virus Scan 8.0 •Firewall
  • 30. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Customized Network Access Ken – R&D Guest User Access Requestor Policy Decision Point Policy Enforcement Point Finance Network R&D Network Linda – Finance Windows XP OS Hotfix 9345 OS Hotfix 8834 AV - Symantec AV 10.1 Firewall Guest NetworkInter net Only Access Policies •Authorized Users •Client Rules
  • 31. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Platform Trust Services PTS  IF-PTS evaluates the integrity of TNC components and makes integrity reports available to the TNCC and TNCS  The PTS establishes the integrity state of the TNC framework and binds this state to the platform transitive-trust chain  PTS IMC collects integrity information about TNC elements and sends to PTS IMV  PTS IMV has information (probably from vendors) on expected values for IMCs and other TNC and verifies received values
  • 32. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TPM Integrity Check Compliant System TPM verified BIOS OS Drivers Anti-Virus SW Corp LAN Access Requestor Policy Decision Point Policy Enforcement Point Client Rules TPM enabled •BIOS •OS •Drivers •Anti-Virus SW TPM – Trusted Platform Module • HW module built into most of today’s PCs • Enables a HW Root of Trust • Measures critical components during trusted boot • PTS-IMC interface allows PDP to verify configuration and remediate as necessary
  • 33. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TNC Architecture – Existing Support Endpoint Supplicant/VPN Client, etc. Network Device FW, Switch, Router, Gateway Access Requestor Policy Decision Point Policy Enforcement Point AAA Server, Radius, Diameter, IIS, etc
  • 34. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TPM Use Cases - Government & Regulatory  National Security Agency  Full drive encryption  TCG for compatibility  U.S. Army  Network Enterprise Technology Command now requires TPM 1.2 on new computers  F.D.I.C.  Promotes TPM usage to member banks
  • 35. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. TPM Use Cases – Realistic Projects  Pharmacy Company  With VPN over public network, put TPMs on all clients  Access dependent on digital certificate  Verifies both user and machine  Hardware and software from Lenovo  Japanese Health Care Projects  Obligation to preserve data; METI funded  Fujitsu’s TNC deployment verifies HW and app config for session of broadband telemedicine  Hitachi’s TPM-based system for home health care  IBM’s Trusted Virtual Domains  MicroSoft Vista BitLocker
  • 36. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Thank you Question?
  • 37. Copyright© 2007 Trusted Computing Group - Other names and brands are properties of their respective owners. Reference  Trusted Computing Group (TCG) - https://www.trustedcomputinggroup.org/home  Trusted Network Connection (TNC) - https://www.trustedcomputinggroup.org/groups/ne

Editor's Notes

  1. System behaved as expected
  2. Trusted computing is promoted by TCG (trusted computing group) The Trusted Computing Group (TCG) is an industry standards body, comprised of computer and device manufacturers, software vendors and others with a stake in enhancing the security of the computing environment across multiple platforms and devices.
  3. As you can see Cisco is not there
  4. Connected to Platform No dongles, keys or cards to lose or break. Lower implementation cost (included in PC). Few Limits Number of keys (users), secured data, etc. limited only by disk space Single ‘owner’ controls various policies of the TPM operation. Common Criteria Certification Third party measurement of security properties Random Number Generator Very high quality, can be used for many existing security and communications applications Standard Algorithms Can interoperate with software solutions running on existing platforms Confidence in algorithms due to long analysis by cryptographic community
  5. Security Requirements Interoperability Standards Permit only authenticated users and devices to connect to the network IEEE 802.1x, IETF RADIUS, IETF EAP Enable administrator to establish security policies for anti-virus, patch levels, software versions, etc. Measure device configuration against security policies before connection to the network is allowed Identify devices that are not compliant Quarantine non-compliant devices Remediate non-compliant devices to ensure compliance to security policies
  6. What the TNC Architecture adds to the field of AAA is the ability to measure and report on the security state of the endpoint platform as part of an authentication and authorization process. This measurement involves capturing the security-relevant operational state of the endpoint as integrity information that can be sent to a AAA Server. In communicating a client’s integrity information to a AAA Server, the TNC Architecture uses and extends existing protocols defined within the IETF so that it does not impact AAA architectures that are being deployed in the field today. Here, the TNC Architecture seeks to provide a richer set of security attributes for use in authorization policies. Thus, a Requestor can be given or denied network access based on a set of finer grain rules that peer deeper into the Requestor’s system state. In this way, a AAA Server can provide authorization to a Client not only on the basis of the Client’s network-related attributes (e.g. IP address, domain) and user-related attributes (e.g. user password, user certificate), but also on the Client platform integrity state (e.g. hardware configuration, BIOS, Kernel versions, OS patch level, Anti-Virus signatures, etc). The TNC Architecture seeks to enhance AAA-related architectures and protocols developed in the IETF with increased security functions that are provided by Trusted Platforms. As such, the TNC Architecture does not exist in a vacuum, but rather relies on other established technologies that have been standardized in the IETF in the area of AAA. The broad aim of the TNC efforts is the same as and builds upon those of the AAA-related efforts in the IETF, namely to provide network access to endpoints that have been successfully authenticated and meet network-access endpoint integrity policies. The work in the IETF in the area of AAA has proceeded for a number of years now, focusing on various aspects of AAA. These include efforts related to the architecture of a AAA system [15][16] and a AAA Authorization Framework [13] in the AAAARch Research Group [12], efforts in the AAA Working Group focusing on RADIUS, Diameter, the NAI and Network Access [14], as well as efforts in the Policy Framework Working Group
  7. Access Requestor (AR): Integrity Measurement Collector: Measures aspects of the AR's integrity (e.g. AV, etc). May use Platform Trust Services (PTS) to obtain integrity information regarding every component on the platform. TNC Client: Aggregates integrity measurements (from IMCs) Assists the management of the integrity check handshakes Assists in the measurement & reporting of platform and IMC integrity. Network Access Requestor: Network-layer negotiation & access onto a given network. Network layer transport protocol. End-to-end secure channel creation & management. Policy Decision Point (PDP) Integrity Measurement Verifier: Verifies AR’s integrity based on measurements received from IMCs, against network security policy. TNC Server: Manages IMV-to-IMC (peer) message flows. Gathers recommendations from IMVs. Provides action-recommendation to the NAA. Network Access Authority: Decides whether a Access Requestor should be granted network access. Network layer transport protocol. End-to-end secure channel creation & management.
  8. Ms vist bitlocker encrypted the whole disk, and when your laptop is stolen, the thieves cannot see the data in it