A marriage of machines: take a careful look before tying the knot

Company representatives and researchers from the Fraunhofer Institute for Secure Information Technology in Darmstadt got together from March 20 to 22 during the first European PlugFest of the Trusted Network Connect (TNC) Group.

During such get-togethers, which usually take place in the USA, developers test new trusted computing standards that have been designed to protect the computer networks of companies in future. During the tests in Darmstadt focus was placed on the IF-MAP protocol, which software and hardware components can use to exchange security information. Fifty test runs were carried out, and most of the associated communication attempts were successful. More information on this subject can be found at www.sit.fraunhofer.de/trustedcomputing.

Can security software A communicate with server B, does device X understand sensor Y without any problems whatsoever, or are they having problems communicating with one another? This is precisely what is tested during a so-called PlugFest. Machine components should communicate using protocols from the TNC specifications, which include IF-MAP, a protocol for exchanging security-relevant metadata via an internal database. The data of all participating components are stored on a MAP server in such a way that each machine or software can access the data that it needs at that precise moment.

The IF-MAP protocol is a communication language that should simplify the connections and interaction between business software and hardware systems. All devices and software systems connected to IF-MAP can also publish security-relevant information, subscribe to updates from other systems and also search for interesting data. They should be able to communicate with one another and be interchangeable – irrespective of the company that developed them. Companies hope to be able to increase the security of their networks and simplify their processes as a result of this. For example, IF-MAP can be implemented using a single-sign-on solution. This, in turn, would enable users to access all services and computers that are of relevance to them after signing on just once, thereby avoiding the need to authenticate themselves for each individual service.

“We tested the interoperability of NCP's VPN gateway with Juniper Networks Junos(R) Pulse Access Control Service,and found it worked immediately without any issues, highlighting the benefit of open standards,“said Lisa Lorenzin, principal solutions architect at Juniper Networks who participated in PlugFest.

The individual, successful connections were signed off by a tester from the Trusted Computing Group – with an official TCG certificate. Some companies identified interoperability issues in their network components during the tests. “And such error messages are also beneficial to the companies,”said Ronald Marx from Fraunhofer SIT, as “this enables products to be improved.” In addition to Juniper Networks and NCP from the US, the companies Infoblox, DECOIT and Mikado participated as well as the University of Applied Sciences and Arts in Hanover and the Open Source MAP Server project. The next TNC PlugFest will take place in the USA in autumn.