[strongSwan] mutual TNC attestation

Andreas Steffen andreas.steffen at strongswan.org
Sun Aug 16 10:41:16 CEST 2015


Hi Thomas,

I documented the mutual attestation between two Raspberry Pi 2
devices equipped with Infineon TPM 1.2 daughterboards:

https://wiki.strongswan.org/projects/strongswan/wiki/TrustedNetworkConnect#Mutual-Attestation-of-IoT-Devices

Best regards

Andreas

On 08/03/2015 08:56 PM, Thomas Strobel wrote:
> Hello Andreas,
> 
> thank you very much for your help and the fast reply! Amazing, I'm
> looking forward to test it! :)
> 
> Many thanks!
> Thomas
> 
> 
> On 08/03/2015 08:10 PM, Andreas Steffen wrote:
>> Hello Thomas,
>>
>> yes this is possible with strongswan 5.3.2. Have a look at my
>> presentation given at the 2015 TCG Members Meeting in Edinburgh:
>>
>>   https://www.strongswan.org/docs/TCG_Edinburgh_2015.pdf
>>
>> The only thing you have to do is to load the tnc-imc and tmc-imv
>> plugins on both the TNC client and TNC server and of course the
>> needed IMCs and IMVs (for attestation usually the OS and Attestation
>> IMC plus the Attestation IMV). In order to activated the mutual
>> attestation capability set the following parameter in strongswan.conf
>>
>> charon {
>>   plugins {
>>     tncss-20 {
>>       mutual = yes
>>     }
>>   }
>> }
>>
>> Best regards
>>
>> Andreas
>>
>> On 03.08.2015 19:42, Thomas Strobel wrote:
>>> Hello everyone,
>>>
>>> being new to the mailing list, I first want to thank everyone that is or
>>> was involved in developing strongswan as open source project, it's
>>> amazing! Thanks!
>>>
>>> Now my question. I'm thinking of using strongswan to secure P2P networks
>>> with mutual TNC remote attestation. Does strongswan support that use
>>> case? I mean, is it possible that both sides act as TNC client and
>>> server at the same time, and that a connection is only established after
>>> both sides verified the integrity of the other side?
>>>
>>> Many thanks
>>> Thomas
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.strongswan.org
>>> https://lists.strongswan.org/mailman/listinfo/users
>>>
>>
> 

-- 
======================================================================
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution!          www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
===========================================================[ITA-HSR]==

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4255 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150816/7adcb1d3/attachment.bin>


More information about the Users mailing list