Paper 2014/490

Universally Composable secure TNC protocol based on IF-T binding to TLS

Shijun Zhao, Qianying Zhang, Yu Qin, and Dengguo Feng


Trusted Network Connect (TNC) requires both user authentication and integrity validation of an endpoint before it connects to the internet or accesses some web service. However, as the user authentication and integrity validation are usually done via independent protocols, TNC is vulnerable to the Man-in-the-Middle (MitM) attack. This paper analyzes TNC which uses keys with Subject Key Attestation Evidence (SKAE) extension to perform user authentication and the IF-T protocol binding to TLS to carry integrity measurement messages in the Universally Composable (UC) framework. Our analysis result shows that TNC using keys with SKAE extension can resist the MitM attack. In this paper, we introduce two primitive ideal functionalities for TNC: an ideal dual-authentication certification functionality which binds messages and both the user and platform identities, and an ideal platform attestation functionality which formalizes the integrity verification of a platform. We prove that the SKAE extension protocol and the basic TCG platform attestation protocol, both of which are defined by TCG specifications, UC-realizes the two primitive functionalities respectively. In the end, we introduce a general ideal TNC functionality and prove that the complete TNC protocol, combining the IF-T binding to TLS which uses keys with SKAE extension for client authentication and the basic TCG platform attestation platform protocol, securely realizes the TNC functionality in the hybrid model.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. NSS'14
Universally Composable securityTrusted Network ConnectSKAETLS
Contact author(s)
zqyzsj @ gmail com
2014-09-10: last of 2 revisions
2014-06-23: received
See all versions
Short URL
Creative Commons Attribution


      author = {Shijun Zhao and Qianying Zhang and Yu Qin and Dengguo Feng},
      title = {Universally Composable secure TNC protocol based on IF-T binding to TLS},
      howpublished = {Cryptology ePrint Archive, Paper 2014/490},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.