A Clientless Endpoint Authentication Scheme Based on TNC

Trusted Network Connect (TNC) proposes a hierarchical and scalable architecture to securely and efficiently control endpoints` admission to the trusted computing platform to implement message passing and resource sharing. But, not all endpoints support or run a functional TNC client performing integrity checking, which represents a security risk in lots of environments. We have to consider the problem how to make these "clientless endpoints" access to trusted networks. It is of significance for improving the TNC mechanism. To solve the problem above, under the framework of TNC, this paper comes up with a clientless endpoint authentication scheme named CEAS. CEAS designs five enforcement mechanisms and the related message format to authenticate and authorize clientless endpoints. Furthermore, after the endpoints have connected to the networks, their initial determinations may be dynamically modified according to the updated circumstances. The experiment results prove that CEAS has the capability of effectively and flexibly making clientless endpoints access to trusted networks in a controlled and secure manner.