Enhancing Flexibility of TCG's TNC through Layered Property Attestation

Abstract

TCG's trusted network connect (TNC) architecture improves network security through remote attestation. However, because of the deficiencies of existing binary attestation and property attestation, current TNC is not flexible and privacy-friendly enough to be used in a large scale network environment such as Internet. Aiming at these problems, this paper firstly analyzes the relations among system properties in the context of TCG-based remote attestation and proposes a new property relation model. Then a layered property attestation framework is proposed based on this model. Finally these ideas are used in the design of a real trusted network connect system. It is shown that the verifier need only obtain and verify the specific integrity measurement that he is interested in and the privacy of the attester's configuration is protected reasonably.