Science China Information Sciences

, Volume 53, Issue 3, pp 465–482 | Cite as

Universally composable secure TNC model and EAP-TNC protocol in IF-T

  • JunWei Zhang
  • JianFeng Ma
  • SangJae Moon
Research Papers


This paper analyzes trusted network connect (TNC) protocols within the universally composable (UC) framework. We propose the first TNC model in the UC framework by first designing the TNC ideal functionality ℱTNC, the EAP ideal functionality ℱEAP and the EAP-TNC ideal functionality ℱE-PA. Then, we construct a trusted network connect protocol named TK-TNC that UC-realizes ℱTNC in the (ℱEAP, ℱE-PA)-hybrid model. Subsequently, we perform a security analysis on protocol D-H PN given in the TCG specification and show that this protocol cannot securely realize the EAP-TNC ideal functionality and be resistant to an attack. Finally, we propose an alternative protocol using the twin Diffie-Hellman key-exchange technique, named protocol TD-H PN, which can securely realize the EAP-TNC ideal functionality in the (ℱREG, ℱCERT)-hybrid model.


network security universally composable security trusted network connect 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Trusted Computing Group. TCG Specification Architecture Overview, Revision 1.4. August 2007Google Scholar
  2. 2.
    Trusted Computing Group. TNC Architecture for Interoperability, Specification Version 1.4, Revision 4. May 2009Google Scholar
  3. 3.
    Datta A, Derek A, Mitchell J C, et al. A derivation system and compositional logic for security protocols. J Comput Security, 2005, 13: 423–482Google Scholar
  4. 4.
    Datta A, Franklin J, Garg D, et al. A logic of secure systems and its application to trusted computing. In: IEEE Symposium on Security and Privacy (S&P). Washington DC: IEEE Computer Society, 2009Google Scholar
  5. 5.
    Canetti R. Universally composable security: A new paradigm for cryptographic protocols. A revised version (2005) is available at IACR Eprint Archive, and at the ECCC archive,
  6. 6.
    Trusted Computing Group. Subject Key Attestation Evidence Extension, Specification version 1, revision 7. June 16, 2005Google Scholar
  7. 7.
    Trusted Computing Group. TNC IF-T: Protocol Bindings for Tunneled EAP Methods Specification Version 1.1, Revision 10.21 May 2007Google Scholar
  8. 8.
    Trusted Computing Group. TNC IF-T: Binding to TLS Specification Version 1.0, Revision 16. 18 May 2009Google Scholar
  9. 9.
    Cash D, Kiltz E, Shoup V. The Twin Diffie-Hellman problem and applications. In: Advances in Cryptology—EUROCRYPT’ 08, Lecture Notes in Computer Science, Vol. 4965. Berlin: Springer-Verlag, 2008. 127–145Google Scholar
  10. 10.
    Trusted Computing Group. TPM Specification Vol. 2. March 2006Google Scholar
  11. 11.
    Institute for Electrical and Electronics Engineers (IEEE). IEEE802, Port-Based Network Access Control, IEEE Std 802.1X-2004. December 2004Google Scholar
  12. 12.
    Zhang F, Ma J F, Moon S J. Universally composable anonymous Hash certification model. Sci China Ser F-Inf Sci, 2007, 50: 440–455zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Feng T, Li F H, Ma J F, et al. A new approach for UC security concurrent deniable authentication. Sci China Ser F-Inf Sci, 2008, 51: 352–367zbMATHCrossRefGoogle Scholar
  14. 14.
    Goldreich O. The Foundations of Cryptography. Cambridge: Cambridge University Press, 2001CrossRefGoogle Scholar
  15. 15.
    Canetti R, Krawczyk H. Universally composable notions of key exchange and secure channels. In: Advances in Cryptology—EUROCRYPT’02, Lecture Notes in Computer Science, Vol. 2332. Berline: Springer-Verlag, 2002. 337–351Google Scholar
  16. 16.
    Canetti R. Universally composable signatures, certification,and authenticated communication. In: Proceedings of 17th Computer Security Foundations Workshop. Washington DC: IEEE Computer Society, 2004Google Scholar

Copyright information

© Science in China Press and Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  1. 1.Key Laboratory of Computer Networks and Information Security (Ministry of Education)Xidian UniversityXi’anChina
  2. 2.Mobile Network Security Technology Research CenterKyungpook National UniversityDaeguKorea

Personalised recommendations