Android BYOD Security based on Trusted Network Connect¶
An experimental BYOD version of the popular strongSwan Android VPN Client allows the collection of integrity measurements on Android 4.x devices. A special Android BYOD IMC written in Java communicates via the TNC IF-M 1.0 Measurement protocol with an Operating System IMV and a Port Scanner IMV. The strongSwan Android VPN Client transports the IF-M messages in IF-TNCCS 2.0 Client/Server protocol batches via the IF-T for Tunneled EAP Methods 1.1 Transport protocol protected by IKEv2 EAP-TTLS.
The Android VPN client profile BYOD specifies the VPN gateway byod.strongswan.org, the user authentication is based on IKEv2 EAP-MD5, possible user names are john or jane and the user password is byod-test. The byod.strongswan.org server certificate is issued by the strongSwan 2009 certification authority. Therefore the strongSwan 2009 CA certificate must be imported into the Android certificate trust store before the first connection can be attempted.