A Model of Trusted Connection Architecture

According to that traditional trusted network connection architecture (TNC) has limitations on dynamic network environment and the user behavior support, we develop TCA to propose a trusted connection architecture supporting behavior measurement (TCA-SBM), besides, the structure diagram of network architecture is given. Through introducing user behavior measure elements, TCA-SBM can conduct measurement on the whole network in time dimension periodically, and refine the measurement on network behavior in measure dimension to conduct fine-grained dynamic trusted measurement. As a result, TCA-SBM enhances the TCA’s ability to adapt to the dynamic change of network and makes up the deficiency of trusted computing framework in the network connection.


Access requester
The main functions of access requester include: send request of accessing trusted network, and identify the user's identity with access controller; collect the platform integrity metric values of access requester and report to the access controller, complete the evaluation and report of trusted platform integrity between requester and controller; adopt the behavior report or behavior statement of requesters, and sent them to policy manager.

The access controller
The access controller is an entity that controls the requesters' access to a trusted network, whose functions mainly include: complete the user identity authentication, trusted platform evaluation and network behavior measurement between the access requesters; receive the integrity metric values of requesters and collect its own integrity metric values, and send the values to policy manager; adopt the behavior report or behavior statement of requesters, and sent them to policy manager; perform access control in case of the result generated during the processes such as user identity authentication, trusted platform evaluation and trusted behavior measurement. This entity includes the following parts: network access controller, trusted network connection access point, integrity collector and Behavior measurement collector.

Policy manager
According to the different security requirements of trusted network environment, policy manager formulates the integrated security policy including user identity authentication, trusted platform evaluation and trusted behavior measurement, verify the validity of PIK certificates and platform integrity metric values from requesters and controllers, verify the results of trusted measurement for requesters' behavior, generate the results of user identity authentication, trusted platform evaluation and trusted behavior measurement performed by requesters and controllers; push network behavior statement, and verify the credibility of it.
This entity includes the following parts: evaluation policy service provider, identification policy service provider, integrity verifier and behavior policy service provider.

Network access control layer
Network access control layer is the layer to realize the control in trusted network access, where network access requester, network access controller and identification policy service provider preform the protocol for verifying user identity, and realize the identification of user identity of requesters and controllers. As the trusted party in the protocol for verifying user identity, the service provider should verify whether the service provider can perform the verification for user identity, besides, it can perform the corresponding trusted network access control according to whether the results of user identity authentication, trusted platform evaluation and behavioral trusted measurement meet the integrated security policy.

Trusted platform evaluation layer
Trusted platform evaluation layer is the layer to perform the platform state evaluation, where trusted network connection client, trusted network connection access point and evaluation policy service provider perform trusted platform evaluation protocol, and realize the trusted platform evaluation for requesters and controllers. As the trusted party in the protocol for trusted platform evaluation, the evaluation policy service provider should verify the validity of PIK certificate of requesters and controllers, complete the platform integrity check of requesters and controllers by calling the integrity verifier form integrity measurement layer. The trusted network connection client and point generate the connection decision based on the corresponding trusted platform evaluation result, and send it to the requesters and controllers respectively.

Integrity measurement layer
Integrity measurement layer is the layer to perform the platform integrity measurement, where the platform integrity of requesters and controllers will be collected and verified. The integrity collector is to collect the integrity information in each component of platform, and the information include hardware factory information, software and hardware configuration, operating system certificate, browser certificate, third party application software certificate and so on, which the Integrity verifier should verify uniformly. Behavior measurement layer is the layer to perform the behavior measurement for network visitor, collect the metric element information of behaviors, which try to access platform, such as create, delete, call, execution, access, upload or download and so on, determine whether the network visitor meet the network security policy according to the measurement results, besides, perform the corresponding access control for network visitor through network access control layer. Behavior measurement layer is the dynamic measure part during the trusted network connection, when having met the identity and integrity measurement policy and connected in trusted network, realizes the behavioral trusted measurement for network visitor during network connection, in addition, the metric elements and time accuracy of behavioral measurement can be self-configured according to behavior metric policy.

Network access requester
Initiate an access request to access controller, perform user identity authentication protocol in company with network access controller and identification policy service provider, and realize the user identity authentication performed by requesters and controllers when they are in the network access control layer; Forward the upper layer protocol data to the access controller and policy manager; In case of the result of user identification the connection decision made by the identification policy service provider and the trusted network connection client respectively, control its own port, and realize the connection control of the access controller.

Network access controller
Activate user identity authentication protocol on the network access control layer, perform the user identity authentication protocol with requesters and service providers while realizing the two-way user authentication between them.
Forward the protocol data of the trusted platform evaluation layer and the behavior measurement layer to the access request and policy manager.
In case of the result of user identification, the result of platform state measurement and the result of behavior measurement, control its own port, and realize the access control of the access requester.

Identification policy service provider
Perform user identity authentication protocol in company with network access requester and network access controller, and as the trusted party in this protocol, realize the two-way user authentication between requesters and controllers.

Trusted network connection client
Request and receive the integrity values of measurement to the integrity collector through the interface IF-IMC, perform the trusted platform evaluation protocol with trusted network connection access point and evaluation policy service provider, let requesters and controllers realize the trusted platform evaluation.
In case of the trusted platform evaluation results generated by the service provider, make the connection decision and send it to the network access requester. protocol with trusted network connection client and evaluation policy service provider, realize the two-way trusted platform evaluation between requesters and controllers.

Trusted network connection access point
In case of the trusted platform evaluation results generated by the service provider, make the connection decision and send it to the network access requester.

Evaluation policy service provider
Perform the trusted platform evaluation protocol with trusted network connection access point and trusted network connection client, and as the trusted party in this protocol, realize the trusted platform evaluation between requesters and controllers.
The evaluation policy service provider verifies the validity of the PIK certificate of the access request and the access controller, when after confirming the validity of the PIK certificate, send to the integrality verifier e platform integrity metric values of requesters and controllers through the interface IF-IMV, and then receive the verified result returned by the verifier, finally generate a trusted platform evaluation result to send to the requesters and the controllers.

Integrity collector
Collect the platform integrity information of access requesters and access controllers with integrity services provided by trusted computing platform.

Integrity verifier
Check the platform integrity information of access requesters and access controllers with integrity reference values provided by platform components in integrity management.

Behavior measurement collector
Behavior measurement collector receives the request, report and declaration sent by requesters, and transmits them to the policy service provider. Behavior measurement collector bases on whether the metric result provided by the policy service provider meets the behavior security policy to determine whether the network connection port is connected to the network or disconnect from the network, which is depended on the network access controller.

Behavior policy service provider
The behavior policy service provider and behavior measurement collector carry out the behavior measurement protocol, and as the trusted party in this protocol, measure the behavior. What's more, the service provider can synthetically determine whether the requesters' behavior meet the security policy. Finally, the service provider has integrated network behavior metric functions including individual similarity and swarm similarity evaluation, direct trust evaluation and risk assessment.

The design of TCA-SBM network connection process
Trusted network measurement is divided into three levels: before the trusted network connection is established they need to perform the identity measurement on network access requesters; after that they will further perform the platform status measurement; when the two metrics are meet the security policy, the access controller and the access requester establish the trusted network connection. After the establishment of network connection, they perform the behavior measurement for visitors successfully accessing network. Behavioral measure layer is a dynamic measure layer where they perform the behavior measurement for visitors successfully accessing trusted network, configure the frequency of GCMM matecconf/201 64 metric time according to behavior measurement policy, for the common safety requirements of system can adopt the snapshot, for all highly principal system can adopt the real-time behavior measurement.
The specific process and steps of the TCA-SBM network connection are as follows: (0) Before the establishment of trusted network connection, client and access point must be respectively load their each IMC according to the platform specific binding function while evaluation policy service provider must load it its each IMV according to the platform specific binding function.
(1) The network access requester initiates an access request to the network access controller.
(2) Network access controller receives a request to access, and after that, performs user authentication protocol to realize two-way user authentication with network access requester and evaluation policy service provider, in which the service provider should not have to participate. If it participates in the user identity authentication protocol, the policy service provider acts as a trusted third party. In the protocol, the network access controller and the network access requester are also allowed to negotiate the session key.
If required to make the access decision immediately after the completion of user authentication, network access controller and network access requester generate the access decision respectively according to the user identity authentication results, and then perform the access control according to the generated access decision, otherwise go to the step (3).
(3) If network access requester requires the platform identification, network access requesters send the platform authentication request. If the network access controller requires the platform identification, network access controllers send the platform authentication request.
(4) A: Having received the platform authentication request messages, the network access controller starts the platform identification process, perform a round or multi round of platform authentication protocol to realize the authentication among platforms. If they did not receive the messages, they initiate a round of platform authentication protocol.  Network access requester and controller perform access controls according to the received access decision, realize the trusted network connect control, that is, they determine whether to connect this protected trusted network by the access decision and complete the measurement on identity and status in trusted network connection.
(6) After the establishment of the trusted network connection and before the behavior measurement, the trusted network connection client must bind to the specific platform to initialize the behavior measurement request.

Conclusion
The scheme is mainly on the basis of TCA, integrates dynamic behavior measurement methods, ensure the credibility of the terminal identity and status through techniques of trusted computing platform and TCA integrity measurement mechanism, and ensure the credibility of the terminal behavior through the dynamic behavior measurement mechanism.
This framework exploratively gathers measurement, report and declaration, verification mechanisms and so on, and combines the behavior measurement supporting the historical analysis. In theory, if the terminal does operations which do not meet the behavior security policy or malicious behavior and other events, it will be found by the behavior policy service provider, and the terminal will be isolated.