TNC Presentation
advertisement
TNC Presentation Minneapolis IETF March 10, 2005 John Vollbrecht Meetinghouse Data Communications Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 TCG Mission Develop and promote open, vendor-neutral, industry standard specifications for trusted computing building blocks and software interfaces across multiple platforms Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #2 TCG Organization Board of Directors Jim Ward, IBM, President and Chairman, Geoffrey Strongin, AMD, Mark Schiller, HP, David Riss, Intel, Steve Heil, Microsoft, Tom Tahan, Sun, Nicholas Szeto, Sony, Bob Thibadeau, Seagate, Thomas Hardjono, VeriSign Marketing Workgroup Technical Committee Advisory Council Administration Brian Berger, Wave Graeme Proudler, HP Invited Participants VTM, Inc. Public Relations Anne Price, PR Works Events Marketing Support VTM, Inc. TPM Work Group Conformance WG David Grawrock, Intel Randy Mummert, Atmel TSS Work Group PC Client WG David Challener, IBM Monty Wiseman, Intel Mobile Phone WG Infrastructure WG Janne Uusilehto, Nokia Thomas Hardjono, Verisign Ned Smith, Intel Peripherals WG Position Key GREEN Box: BLUE Box: RED Box: BLACK Box: Elected Officers Chairs Appointed by Board Chairs Nominated by WG, Appointed by Board Resources Contracted by TCG Hard Copy WG Colin Walters, Comodo Brian Volkoff, HP (interim) Server Specific WG Storage Systems Larry McMahan, HP Marty Nicholes, HP Robert Thibadeau, Seagate Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #3 Technical Workgroups • Technical Committee • Work groups – Trusted Platform Module (TPM) – TPM Software Stack (TSS) – PC Specific Implementation – Peripheral Implementation – Server Specific Implementation – Storage Systems Implementation – Mobile Phone Specific Implementation – Conformance (Common Criteria) – Infrastructure – Trusted Network Connect • Marketing Work Group Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #4 Contributors Meetinghouse Data Communications Motorola Inc. National Semiconductor nCipher Network Associates Nokia Contributors Promoters NTRU Cryptosystems, Inc. Agere Systems AMD NVIDIA ARM Hewlett-Packard OSA Technologies, Inc ATI Technologies Inc. IBM Philips Atmel Intel Corporation Phoenix AuthenTec, Inc. Microsoft Pointsec Mobile Technologies AVAYA Sony Corporation Renesas Technology Corp. Broadcom Corporation Sun Microsystems, Inc. RSA Security, Inc. Certicom Corp. SafeNet, Inc. Comodo Adopters Samsung Electronics Co. Dell, Inc. BigFix, Inc. SCM Microsystems, Inc. Endforce, Inc. Citrix Systems, Inc Seagate Technology Ericsson Mobile Platforms AB Enterasys Networks SignaCert, Inc. Extreme Networks Foundry Networks Inc. Sinosun Technology Co., Ltd. France Telecom Group Foundstone, Inc. Standard Microsystems Corporation Freescale Semiconductor Gateway STMicroelectronics Industrial Technology Research Institute Fujitsu Limited Sygate Technologies, Inc. Fujitsu Siemens Computers Interdigital Communications Symantec Funk Software, Inc. Latis Networks, Inc. Symbian Ltd Gemplus MCI Synaptics Inc. Giesecke & Devrient Nevis Networks, USA Texas Instruments Hitachi, Ltd. PC Guardian Technologies Transmeta Corporation Infineon Sana Security Trend Micro InfoExpress, Inc. Senforce Technologies, Inc Utimaco Safeware AG iPass Silicon Integrated Systems Corp. VeriSign, Inc. Juniper Networks Silicon Storage Technology, Inc. Vernier Networks Lenovo Holdings Limited Softex, Inc. VIA Technologies, Inc. Lexmark International Telemidic Co. Ltd. Vodafone Group Services LTD M-Systems Flash Disk Pioneers Toshiba Corporation Wave Systems TriCipher, Inc. Labs, Inc. Copyright© 2004 Trusted Computing Group - Other names and brands are properties of theirZone respective owners. Slide #5 ULi Electronics Inc. TCG Membership 92 Total Members as of January 13, 2005 7 Promoter, 64 Contributor, 21 Adopter Overview of TNC • Trusted Network Connection Subgroup – Infrastructure Working Group – Trusted Computing Group (TCG) – http://www.trustedcomputinggroup.org • TNC V1 is being reviewed by TCG – Goal is to release V1 Q2 ‘05 – Goal is to support limited initial interoperability demos at same time – Standards documents become available to non-members when released Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #6 TNC Purpose • The Trusted Network Connect Sub Group (TNC-SG) is working to define and promote an open solution architecture that enables network operators to enforce policies regarding endpoint integrity when granting access to a network infrastructure. Endpoint integrity policies may involve integrity parameters spanning a range of system components (hardware, firmware, software and application settings), and may or may not include evidence of a Trusted Platform Module (TPM) Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #7 Overview of TNC Server Client Integrity Measurement Clients Integrity Measurement Verifiers Integrity dialog TNC-C TNC-S TNC Dialog TNC Transport Network Access Requestor Network Access Authority PEP data control Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #8 TNC Version 1 • TNC Version 1 contains 3 specs – Architecture Spec – Interface from TNC Client to Integrity Measurement Collectors – Interface from TNC Server to Integrity Measurement Verifiers • Future releases will include – TNC-C to TNC-S protocol – Transport Layer requirements for TNC – Mapping of how to carry TNC dialog in EAP Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #9 TNC Role • TNC provides a way for remote “verifiers” to check integrity of client elements using client “collectors” • Check is made as part of Access Authorization dialog • Role of interest for this discussion is 802.1X/ EAP Access • Assumption is that TNC dialog is part of EAP dialog Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #10 TNC as part of EAP Dialog • Current assumption is that in an 802.1X Access, TNC must be done in an “inner” dialog – If assumption is correct, TNC can only be done inside a “protected” method • can be done in PEAP, TTLS, FAST, -• Cannot be done in SIM, TLS, MD5, -- Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #11 TNC as a protected Dialog • Within Protected Method there may be several dialogs - e.g. – May do platform authentication followed by user authentication – May do TNC integrity verification after authentication(s) • Would be helpful to have state machine for how inner dialogs interact Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #12 State machine for inner EAP Questions on Proceeding • Is there a standard way of handling inner dialogs between existing protected methods? – PEAP/ FAST – TTLS • Should Inner dialog be a “common capability” for future “protected” methods? • Are there underlying differences in ways that protected methods support inner dialogs? – E.g. how to handle brokers? Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #13 Inner dialogs in Protected methods repeat for each inner dialog Copyright© 2004 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #14
