Trusted Network Connect

Last updated

Trusted Network Connect (TNC) is an open architecture for Network Access Control, promulgated by the Trusted Network Connect Work Group (TNC-WG) of the Trusted Computing Group (TCG). [1] [2] [3]

Contents

History

The TNC architecture was first introduced at the RSA Conference in 2005. [4] TNC was originally a network access control standard with a goal of multi-vendor endpoint policy enforcement. [5]

In 2009 TCG announced expanded specifications which extended the specifications to systems outside of the enterprise network. [6] Additional uses for TNC which have been reported include Industrial Control System (ICS), SCADA security, [7] [8] and physical security. [9]

Specifications

Specifications introduced by the TNC Work Group: [10]

TNC Vendor Adoption

A partial list of vendors who have adopted TNC Standards: [15]

Also, networking by

TNC Customer Adoption

The U.S. Army has planned to use this technology to enhance the security of its computer networks. [16]

The South Carolina Department of Probation, Parole, and Pardon Services has tested a TNC-SCAP integration combination in a pilot program. [17]

See also

Related Research Articles

USB Standard for computer data connections

Universal Serial Bus (USB) is an industry standard that establishes specifications for cables, connectors and protocols for connection, communication and power supply (interfacing) between computers, peripherals and other computers. A broad variety of USB hardware exists, including 14 different connector types, of which USB-C is the most recent and the only one not currently deprecated.

Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning that is distinct from the field of Confidential Computing. The core idea of trusted computing is to give hardware manufacturers control over what software does and does not run on a system by refusing to run unsigned software. With Trusted Computing, the computer will consistently behave in expected ways, and those behaviors will be enforced by computer hardware and software. Enforcing this behavior is achieved by loading the hardware with a unique encryption key that is inaccessible to the rest of the system and the owner.

Supervisory control and data acquisition (SCADA) is a control system architecture comprising computers, networked data communications and graphical user interfaces for high-level supervision of machines and processes. It also covers sensors and other devices, such as programmable logic controllers, which interface with process plant or machinery.

Zigbee is an IEEE 802.15.4-based specification for a suite of high-level communication protocols used to create personal area networks with small, low-power digital radios, such as for home automation, medical device data collection, and other low-power low-bandwidth needs, designed for small scale projects which need wireless connection. Hence, Zigbee is a low-power, low data rate, and close proximity wireless ad hoc network.

Wireless USB Wireless radio communication protocol

Wireless USB was a short-range, high-bandwidth wireless radio communication protocol created by the Wireless USB Promoter Group which intended to increase the availability of general USB-based technologies. It was unrelated to Wi-Fi, and different from the Cypress WirelessUSB offerings. It was maintained by the WiMedia Alliance which ceased operations in 2009. Wireless USB is sometimes abbreviated as "WUSB", although the USB Implementers Forum discouraged this practice and instead prefers to call the technology Certified Wireless USB to distinguish it from the competing UWB standard.

The OPC Data Access Specification is the first of a group of specifications known as the OPC Classic Specifications.

The Data Distribution Service (DDS) for real-time systems is an Object Management Group (OMG) machine-to-machine standard that aims to enable dependable, high-performance, interoperable, real-time, scalable data exchanges using a publish–subscribe pattern.

Xsupplicant is a supplicant that allows a workstation to authenticate with a RADIUS server using 802.1X and the Extensible Authentication Protocol (EAP). It can be used for computers with wired or wireless LAN connections to complete a strong authentication before joining the network and supports the dynamic assignment of WEP keys.

strongSwan is a multiplatform IPsec implementation. The focus of the project is on authentication mechanisms using X.509 public key certificates and optional storage of private keys and certificates on smartcards through a PKCS#11 interface and on TPM 2.0.

Trusted Computing Group American-based computer technology consortium

The Trusted Computing Group is a group formed in 2003 as the successor to the Trusted Computing Platform Alliance which was previously formed in 1999 to implement Trusted Computing concepts across personal computers. Members include Intel, AMD, IBM, Microsoft, and Cisco.

Trusted Platform Module Standard for secure cryptoprocessors

Trusted Platform Module is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard.

Intel Trusted Execution Technology is a computer hardware technology whose primary goals are:

In computing, the USB human interface device class is a part of the USB specification for computer peripherals: it specifies a device class for human interface devices such as keyboards, mice, game controllers and alphanumeric display devices.

IEC 60870 part 6 in electrical engineering and power system automation, is one of the IEC 60870 set of standards which define systems used for telecontrol in electrical engineering and power system automation applications. The IEC Technical Committee 57 have developed part 6 to provide a communication profile for sending basic telecontrol messages between two systems which is compatible with ISO standards and ITU-T recommendations.

Hardware-based full disk encryption (FDE) is available from many hard disk drive (HDD/SSD) vendors, including: ClevX, Hitachi, Integral Memory, iStorage Limited, Micron, Seagate Technology, Samsung, Toshiba, Viasat UK, Western Digital. The symmetric encryption key is maintained independently from the computer's CPU, thus allowing the complete data store to be encrypted and removing computer memory as a potential attack vector.

The Opal Storage Specification is a set of specifications for features of data storage devices that enhance their security. For example, it defines a way of encrypting the stored data so that an unauthorized person who gains possession of the device cannot see the data. That is, it is a specification for self-encrypting drives (SED).

The Interface for Metadata Access Points (IF-MAP) is an open specification for a client/server protocol developed by the Trusted Computing Group (TCG) as one of the core protocols of the Trusted Network Connect (TNC) open architecture.

Linaro Engineering organization for open source software

Linaro is an engineering organization that works on free and open-source software such as the Linux kernel, the GNU Compiler Collection (GCC), QEMU, power management, graphics and multimedia interfaces for the ARM family of instruction sets and implementations thereof as well as for the Heterogeneous System Architecture (HSA). The company provides a collaborative engineering forum for companies to share engineering resources and funding to solve common problems on ARM software.

The Physical Security Interoperability Alliance (PSIA) is a global consortium of more than 65 physical security manufacturers and systems integrators focused on promoting interoperability of IP-enabled security devices and systems across the physical security ecosystem as well as enterprise and building automation systems.

Cloud Infrastructure Management Interface (CIMI) is an open standard API specification for managing cloud infrastructure.

References

  1. ""Using Trusted Network Connect for NAC — FedTech Magazine" — FedTech Magazine". Archived from the original on 2011-07-10. Retrieved 2010-10-14.
  2. "Wireless Infrastructure Advice, Discussion, Community". Network Computing. Retrieved 2017-05-03.
  3. "Archived copy" (PDF). Archived from the original (PDF) on 2011-07-13. Retrieved 2010-10-20.{{cite web}}: CS1 maint: archived copy as title (link)
  4. "'Trusted Network Connect' Puts Hardware Security Agent in Every PC - - - Informationweek". www.informationweek.com. Archived from the original on 4 September 2012. Retrieved 3 February 2022.
  5. Vijayan, Jaikumar (2005-05-09). "Vendor Group Adds Net Access Specs". Computerworld. Retrieved 2017-05-03.
  6. 1 2 "Trusted Computing Group Widens Security Specs Beyond Enterprise Networks". Darkreading.com. 18 May 2009. Retrieved 2017-05-03.
  7. "Not your Father's Control System | Tofino Industrial Security Solution". Tofinosecurity.com. Retrieved 2017-05-03.
  8. "Securing SCADA and Control Networks". Archived from the original on 2011-07-28. Retrieved 2010-09-13.
  9. "Hirsch Demonstrates Industry's First Standards-Based Network / Physical Access Control Enforcement Solution". Archived from the original on 2009-12-30. Retrieved 2010-10-14.
  10. "Trusted Computing Group Continues to Extend TNC Specifications | Current Analysis". Archived from the original on 2010-01-09. Retrieved 2010-09-15.
  11. "Archived copy" (PDF). Archived from the original (PDF) on 2011-01-03. Retrieved 2010-10-14.{{cite web}}: CS1 maint: archived copy as title (link)
  12. "TCG Trusted Network Connect : TNC IF-TNCCS: Protocol Bindings for SoH" (PDF). Opus1.com. Retrieved 2017-05-03.
  13. "Archived copy" (PDF). Archived from the original (PDF) on 2011-09-28. Retrieved 2010-10-14.{{cite web}}: CS1 maint: archived copy as title (link)
  14. "Archived copy" (PDF). Archived from the original (PDF) on 2011-09-30. Retrieved 2010-10-14.{{cite web}}: CS1 maint: archived copy as title (link)
  15. Archived 2011-07-16 at the Wayback Machine
  16. "Archived copy" (PDF). Archived from the original (PDF) on 2006-10-03. Retrieved 2006-08-05.{{cite web}}: CS1 maint: archived copy as title (link)
  17. Jackson, William (2010-09-28). "Speed of cybersecurity rises with combination of Trusted Network Connect and Security Content Automation Protocols". Fcw.com. Retrieved 2017-05-03.

Sources

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.