The Study Of Trusted Remediation In Trusted Network

From on-line shopping, e-transaction to on-line share market, thewidespread of internet and explosion in network technologies are bringingabout significant shifts to individuals and businesses. Ironically, uponchanging nowadays life style and improving enterprises' productivity,modern information technologies are also introducing new threads to thesecurity of information assets. The presents of security issues such as junkemails, computer viruses and denial of service attacks, to name a few, leadsthe internet to a state of user distrust which has become one of thebottlenecks of further development of the network functions.A good amount of research has been done by industry in order tobalance between the ever increasing demands for high quality of networkservices and the limited capability of security services provision. Firewalls,intrusion defection systems and many other network security protectionsolutions have been widely applied with the company of virus preventiontechnologies. So far these attempts are, to some extend, successful inprotecting the safety of system wide. But the drawback is that the majoritypart of these approaches is based upon system plug-in, simply focusing ondefense. Such passive-defending measures are seen vulnerable in faced ofthe internal attacks. And because of the distributed structures in terms offunctionalities, they are considered to be short of the capabilities of copingwith those sneak and propagate attacks coming from various randomsources. On the other hand, current network attacks are falling into a trendof intelligentizing, systemizing and synthetizing. The rapid emerging of newways of attacking keeps putting pressure on existing security system.Chances are it may easily end up with swelling in system scale, increasingin the number of mis-reports and the amount of security investment. System maintenance will be so complicated to perform that the efficiency of theinformation system will be drastically dragged down.The essential reason of this situation happening is the simplicity ondesign of the network structure and the terminal system which gives thosemalwares the opportunities to conduct attacks. It has come to an agreementwithin industry that the ultimate solution can be found at the hardware layerof the endpoints. In light of this thought, the recent emerging technology oftrusted computing narrows its emphasis on hardware, trying to solve thesecurity problem from the root.It has been admitted by the world of information security thattrustworthiness has higher priority than security in terms of coretechnologies and importance. Trusted network is the network that features:1) implemented conventional security concepts including theinformation confidentiality, integrity and availability;2) authenticity of user's identification, information sources andinformation content;3) accountability, which means any behavior the network entityconducted is traceable;4) privacy, user's privacy is under protection and some applications areallowed to be anonymous;5) survivability, the ability of providing effective services under thecircumstance of system malfunctioning and malicious attacking;6) controllability, the ability of controlling actions violating thenetwork security policies.Designing an absolute secure network to completely eliminate thevulnerability is, theoretically, infeasible. However, necessary effort has to betaken by the new generation of internet for the trustworthiness; at least, thehypothesis that security is totally established upon the trust of users shouldnot hold any more. In 2005, Trusted Computing Group (TCG) released Trusted NetworkConnect (TNC) standards. Using TNC, the access controller is able todetermine whether to grant or deny the network connection request from asystem, or even to isolate the system, according to the access policies andthe security properties including the completeness of the system. Once inthe state of isolation, the system will be undergoing a process ofremediation. And only when its level of completeness and other securityproperties satisfy the requirements of the access policies, the system iseligible to be granted with the privilege of accessing the network. Therefore,the security and trusty of the network as a whole could be tremendouslyenhanced. Meanwhile, TNC standards is an open architecture whichprovides the possibility of integration with many of the existing networkaccess control mechanisms and security technologies including 802.1x andIPSec, etc and thus constructs a complete and effective security frameworkfor the entire network system.One of the most important components of TNC architecture is TrustRemediation. However, unfortunately, no solution for it has been given bythe de facto standards yet. The concept of Trust Remediation technologies isto repair the endpoints that fail to meet the requirements of network accessby installing system patches or updating software versions, etc, to makethem gain the network connection. Based upon the research on existingtrusted network architecture, this paper brings forward a feasible approachof Trust Remediation which enables the endpoints initially failing to satisfythe TNC policies to successfully access any trusted networks afterremediation.The works this paper has done include:1) revealed the necessity of the research on trusted networktechnologies, introduced current endpoints control solutions; 2) discussed the mechanism and architecture of TNC technologies,analyzed the communication protocols involved during thecertification process;3) raised the concept of trusted remediation, its working principle andnetwork model;4) explained the communication mechanism applied, the design andimplemention of different modules, and the secure isolationtechnology;5) proved the performance of the trust remediation system raised byexperimentsThe measure raised by this paper provides the end users with a simpleyet safe approach of trust remediation, avoiding the trouble of manual repair.This remediation system is implemented with trusted connect certification,using Diameter and PANA protocols as under layer secure carrier to ensurethe safety of the remediate endpoints. The isolation technology guaranteesthe separation of remediate network from the users, which reduces thepossibility of potential attacks to the trust remediation server and thusenforces the safety of the server.The trust remediation measure discussed in this paper is also applicablein AAA field for certificating, authorizing and charging. This can beachieved via adding authorizing and charging structure into the process oftrust remediation. By integrating with more remediation solutions, thismeasure is also a potential approach to satisfy more advanced remediationrequirements.