Combining User and Platform Trust Properties to Enhance VPN Client Authentication

With PC manufacturers aggressively pushing trusted architectures in their new models, Trusted Platforms are quickly becoming a major component of the IT landscape. These platforms embed a security chip, the Trusted Platform Module (TPM), that is primarily used to attest the integrity of the system but that can also accurately identify the platform. While platform identification raises privacy issue in the consumer space, it represents a major requirement for corporations. Platform identification is particularly important in the case of remote access to corporate resources. Today, Virtual Private Network (VPN) client authentication mostly focuses on end-user identity without addressing the trust properties of the platform the end-user is operating. Starting with the benefits that TPM-based platform identification and authentication can bring to VPN client authentication this paper demonstrates how platform and end-user trust properties can be combined in a standard VPN authentication framework, such as the Extensible Authentication Protocol, and discusses possible implementations.