没有合适的资源?快使用搜索试试~ 我知道了~
首页基于TPM的可信网络连接技术TNC IF-T协议绑定v2.0第5版
本资源是一份名为"TNC_IFT_EAP_v2_0_r5-a2.pdf"的技术规范文档,主要关注于基于TPM(Trusted Platform Module)的可信网络连接(TNC)通信技术。TPM是一种安全芯片,用于增强计算机平台的安全性和可信度,而TNC则是通过TPM实现的一种安全网络连接协议。 该文档详细规定了TNC IF-T(Trusted Network Communication IF for Tunneled EAP Methods)协议的绑定,专注于隧道化EAP(Extensible Authentication Protocol)方法的特定版本,即第2.0修订版第5版。EAP是一种在网络中验证用户身份的通用框架,而TNC IF-T则扩展了这一框架,通过TPM的保护,确保在传输过程中数据的完整性和隐私性。 文档中强调,这份技术规范是"AS IS"形式提供,即无任何保证,包括但不限于商品质量、非侵权性、适合特定目的或任何其他源于提案、规格或样例的保修。TCG(Trusted Computing Group)明确声明对此规范的使用责任自负,并且不对任何由此产生的知识产权侵犯、采购替代品的成本、利润损失、数据丢失或其他间接或特殊损害承担责任。 这份规范对于开发人员、系统管理员和安全专家来说具有重要意义,因为它提供了实现高度安全的网络连接所需的清晰指导,尤其是在支持TPM的环境中,这对于防止未经授权的访问和保护敏感信息至关重要。遵循这份规范有助于确保系统的可靠性和安全性,同时提醒用户在实施时应充分理解并处理相关的法律和责任问题。
资源详情
资源推荐
TNC IF-T: Protocol Bindings for Tunneled EAP Methods TCG Copyright 2004-
2014
Specification Version 2.0
Revision 5 Page 7 of 37
TCG Published
1 Scope and Audience
Trusted Network Communications (TNC) is a working group within the Trusted
Computing Group (TCG). TNC is defining an open solution architecture that
enables network operators to enforce policies regarding endpoint integrity when
granting access to a network infrastructure. Part of the TNC architecture is IF-T, a
standard for mapping the communications between TNC Clients and TNC Servers
onto existing protocols. Because TNC enables assessment to occur during the
process of joining a network and after the endpoint has been placed on the
network, several bindings of IF-T exist to address these different scenarios.
This document defines and specifies the IF-T protocol used when the endpoint has
not yet joined the network. In this circumstance, the assessment is carried as EAP
messages over 802.1X or IKE. This document is equivalent to IETF’s PT-EAP
specification and does not add any requirements to PT-EAP. Rather, it simply
clarifies where PT-EAP fits in the TNC architecture. Readers interested in the use
of IF-T when the endpoint has an IP address should refer to the TNC IF-T: Binding
for TLS specification [6].
IF-T is integral to the TNC reference architecture. The relationship of IF-T to other
components of the basic TNC reference architecture is shown below in Figure 1.
AR
PEP
Integrity Measurement
Verifiers
Integrity Measurement
Verifiers
Integrity Measurement
Collector
Integrity Measurement
Collector
Integrity Measurement
Collectors
Integrity Measurement
Verifiers
IF
-IMC IF-IMV
TNC
Client
Network Access
Requestor
Policy Enforcement
Point
Network Access
Authority
TNC
Server
IF
-TNCCS
PDP
Supplicant
/
VPN Client, etc.
Switch/
Firewall/
VPN Gateway
IF-M
Integrity
Collection
Layer
Integrity
Evaluation
Layer
Network
Access
Layer
IF
-T
IF
-PEP
AAA Server
Figure 1. Basic TNC Architecture
Architects, designers, developers, and technologists interested in the
development, deployment, and interoperation of trusted systems will find this
document necessary in providing specific mechanisms for transporting integrity
information.
TNC IF-T: Protocol Bindings for Tunneled EAP Methods TCG Copyright 2004-
2014
Specification Version 2.0
Revision 5 Page 8 of 37
TCG Published
Before reading this document any further, the reader should review and
understand the TNC architecture as described in [3].
1.1 Interoperable with IETF PT-EAP
One of the goals of the Trusted Network Communications WG is to maximize
interoperability using open standards. As part of fulfilling this goal, the TCG chose
to take the TCG standard IF-T Binding to Tunneled EAP Methods protocol to the
IETF for standardization. The IETF standardization process has now been
completed, allowing both the TCG and IETF to publish interoperable standards at
approximately the same time. This specification defines a new version 2.0 of the
IF-T Binding to Tunneled EAP Methods protocol that is interoperable with the
IETF’s equivalent protocol PT-EAP [2]. The TCG intends to keep the IF-T Binding
for Tunneled EAP Methods protocol and the IETF’s PT-EAP protocol interoperable
for the future.
1.2 IETF Terminology Mapping to TNC
In case readers of this specification are also looking at the IETF Network Endpoint
Assessment (NEA)’s PT-EAP specification, this section provides some guidance
on how the terminology aligns between the IETF and NEA specifications.
PA-TNC - IETF NEA name for the application layer protocol [19] that is
interoperable with IF-M [5]. “PA” is short for “Posture
Attribute” protocol and “-TNC” highlights that the protocol is
based upon work originally submitted by the TNC and is
interoperable with this specification.
PB-TNC - IETF NEA name for the protocol between the NEA client to
NEA server that is interoperable with the TNC’s IF-TNCCS
2.0. As with PA-TNC, the PB-TNC [20] protocol is based upon
work originally submitted by the TNC and is interoperable with
IF-TNCCS 2.0 thus carries the “-TNC” suffix.
PT-EAP - IETF NEA name for the transport protocol equivalent to this
document. The PT-EAP specification was largely based upon
the TCG predecessor specification and the current versions
of these documents are fully interoperable.
PT-TLS - IETF NEA name for the transport protocol equivalent to the
IF-T Binding for TLS specification from TCG. The PT-TLS
specification was largely based upon the TCG predecessor
specification and the current versions of these documents are
fully interoperable.
Posture – IETF NEA term for “measurement information” or “integrity
measurement” used by TNC. The posture is returned from
the NEA client (typically from its Posture Collectors) as part of
an assessment. This is synonymous with the measurement
information returned by the TNC client’s IMCs.
剩余36页未读,继续阅读
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功