Abstract
In this paper we identify shortcomings of the TCG specification related to the availability of sealed data during software and hardware life cycles, i.e., software update or/and hardware migration. In our view these problems are major obstacles for large-scale use of trusted computing technologies, e.g., in e-commerce, as adopters are concerned that the use of this technology might render their data inaccessible.
We propose both software and hardware solutions to resolve these problems. Our proposals could be easily integrated into the TCG specification and preserve the interests of involved parties with regard to security and availability as well as privacy.
Chapter PDF
Similar content being viewed by others
Keywords
- Trusted Platform Module
- Trust Computing
- Trust Computing Group
- Direct Anonymous Attestation
- Platform Owner
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington, DC, USA. ACM Press, New York (October 2004)
England, P., Lampson, B., Manferdelli, J., Peinado, M., Willman, B.: A trusted open platform. IEEE Computer 36(7), 55–63 (2003)
Lenstra, A.K.: Further progress in hashing cryptanalysis (February 2005), http://cm.bell-labs.com/who/akl/hash.pdf
Microsoft Corporation. Building a secure platform for trustworthy computing. White paper, Microsoft Corporation (December 2002)
Mundie, C., de Vries, P., Haynes, P., Corwine, M.: Microsoft whitepaper on trustworthy computing. Technical report, Microsoft Corporation (October 2002)
National Institute of Standards and Technology (NIST), Computer Systems Laboratory. Secure hash standard. Federal Information Processing Standards Publication (FIPS PUB), 180-1 (April 1995)
National Research Council. The Digital Dilemma, Intellectual Property in the Information Age. National Academy Press, Washington (2000)
Poritz, J., Schunter, M., Van Herreweghen, E., Waidner, M.: Property attestation—scalable and privacy-friendly security assessment of peer computers. Technical Report RZ 3548, IBM Research (May 2004)
Sadeghi, A.-R., Stüble, C.: Taming “trusted computing” by operating system design. In: Chae, K.-J., Yung, M. (eds.) WISA 2003. LNCS, vol. 2908, pp. 286–302. Springer, Heidelberg (2004)
Sadeghi, A.-R., Stüble, C.: Property-based attestation for computing platforms: Caring about properties, not mechanisms. In: The 2004 New Security Paradigms Workshop, ACM SIGSAC, Virginia Beach, VA, USA. ACM Press, New York (September 2004)
Sadeghi, A.-R., Stüble, C., Pohlmann, N.: European multilateral secure computing base - open trusted computing for you and me. Datenschutz und Datensicherheit DuD, Verlag Friedrich Vieweg & Sohn, Wiesbaden 28(9), 548–554 (2004)
Safford, D.: Clarifying misinformation on TCPA. White paper, IBM Research (October 2002)
Safford, D.: The need for TCPA. White paper, IBM Research (October 2002)
Sailer, R., Jaeger, T., Zhang, X., van Doorn, L.: Attestation-based policy enforcement for remote access. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington, DC, USA. ACM Press, New York (October 2004)
Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 11th USENIX Security Symposium. USENIX (August 2004)
Trusted Computing Group. TPM main specification, Version 1.2 (November 2003), http://www.trustedcomputinggroup.org
Trusted Computing Platform Alliance (TCPA). Main specification, Version 1.1b (February 2002)
Wang, X., Yin, Y.L., Yu, H.: Collision search attacks on SHA1 (February 2005), http://cryptome.org/sha-attacks.htm
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kühn, U., Kursawe, K., Lucks, S., Sadeghi, AR., Stüble, C. (2005). Secure Data Management in Trusted Computing. In: Rao, J.R., Sunar, B. (eds) Cryptographic Hardware and Embedded Systems – CHES 2005. CHES 2005. Lecture Notes in Computer Science, vol 3659. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11545262_24
Download citation
DOI: https://doi.org/10.1007/11545262_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28474-1
Online ISBN: 978-3-540-31940-5
eBook Packages: Computer ScienceComputer Science (R0)