Towards a Programmable TPM

England, Paul; Tariq, Talha

doi:10.1007/978-3-642-00587-9_1

Towards a Programmable TPM

Paul England¹⁹ &
Talha Tariq¹⁹

Conference paper

1023 Accesses
5 Citations
3 Altmetric

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5471))

Abstract

We explore a new model for trusted computing in which an existing fixed-function Trusted Platform Module (TPM) is coupled with user application code running on a programmable smart card. We will show that with appropriate coupling the resulting system approximates a “field-programmable TPM.” A true field-programmable TPM would provide higher levels of security for user-functions that would otherwise need to execute in host software. Our coupling architecture supports many (but not all) of the security requirements and applications scenarios that you would expect of a programmable TPM, but has the advantage that it can be deployed using existing technology.

This paper describes our TPM-smart card coupling architecture and the services that we have prototyped. The services include: (1) An implementation of count-limited objects in which keys can only be used a preset number of times. (2) More flexible versions of the TPM Unseal and Unbind primitives that allow sealing to groups of equivalent configurations. And (3) a version of Quote that uses alternative signature formats and cryptography available within smart cards but not in the TPM itself.

We also describe the limitations of the coupling architecture and how some of the limitations could be overcome with a true programmable TPM.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Trusted Computing Group TPM Specification Version 1.2 Revision 103 (2007), https://www.trustedcomputinggroup.org/specs/TPM/
England, P., Peinado, M.: Authenticated operation of open computing devices. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 346–361. Springer, Heidelberg (2002)
Chapter Google Scholar
Sparks, E.R.: A Security Assesment of Trusted Platform Modules. Dartmouth College, Technical Report. TR2007-597
Google Scholar
Halderman, J.A., et al.: Lest We Remember: Cold Boot Attacks on Encryption Keys. In: Proc. 2008 USENIX Security Symposium (2008)
Google Scholar
Bruschi, D., et al.: Attacking a Trusted Computing Platform. Improving the Security of the TCG Specification. Technical Report. Università degli Studi di Milano. Milan (2005)
Google Scholar
England, P.: Practical Techniques for Operating System Attestation. Proceedings of Trust (2008)
Google Scholar
Costan, V., et al.: The Trusted Execution Module: Commodity General-Purpose Trusted Computing. In: Eighth Smart Card Research and Advanced Application Conference
Google Scholar
Offline dictionary attack on TCG TPM weak authorisation data, and solution. In: Chen, L., Ryan, M.D., Grawrock, D., Reimer, H., Sadeghi, A., Vishik, C. (eds.): Future of Trust in Computing, Vieweg & Teubner, 2008 (2008)
Google Scholar
Sarmenta, L.F., et al.: Virtual Monotonic Counters and Count-Limited Objects using a TPM without a Trusted OS (Extended Version), Mit Technical Report MIT-CSAIL-TR-2006-064 (2006)
Google Scholar
George, P.: User Authentication with Smart Cards in Trusted Computing. In: Arabnia, H.R., Aissi, S., Mun, Y. (eds.) Security and Management, SAM 2004, pp. 25–31. CSREA Press, Las Vegas (2004)
Google Scholar
Balacheff, B., et al.: A trusted process to digitally sign a document. In: Proceedings of the 2001 workshop on New security paradigms. pp. 79–86 (2001) 1-58113-457-6
Google Scholar
Giraud, J.-L., Rousseau, L.: Trust Relations in a Digital Signature System Based on a Smart Card. In: Proceedings of 23rd National Information Systems Security Conference, Baltimore
Google Scholar
Costan, V.: The Trusted Execution Module Commodity General-Purpose Trusted Computing. In: The Eighth Smart Card Research and Advanced Application Conference
Google Scholar
Grawrock, D.: The Intel Safer Computing Initiative: Building Blocks for Trusted Computing, 1st edn. Intel Press (2006) 0976483262
Google Scholar
Kauer, B.: OSLO: Improving the Security of Trusted Computing. In: Proceedings of the 16th Usenix Security Symposium (2001)
Google Scholar
McCune, J.M., et al.: Flicker: An Execution Infrastructure for TCB Minimization. In: Proceedings of the ACM European Conference on Computer Systems (EuroSys 2008) held in Glasgow (2008)
Google Scholar

Download references

Author information

Authors and Affiliations

Microsoft Corporation, 1 Microsoft Way, Redmond, WA 98052, USA
Paul England & Talha Tariq

Authors

Paul England
View author publications
You can also search for this author in PubMed Google Scholar
Talha Tariq
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Hewlett Packard Labs, Filton Road, BS34 8QZ, Bristol, Stoke Gifford, UK
Liqun Chen
Information Security Group, Royal Holloway, University of London, TW20 0EX, Surrey, Egham, UK
Chris J. Mitchell
Oxford University Computing Laboratory, Wolfson Building, Parks Road, OX1 3QD, Oxford, UK
Andrew Martin

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

England, P., Tariq, T. (2009). Towards a Programmable TPM. In: Chen, L., Mitchell, C.J., Martin, A. (eds) Trusted Computing. Trust 2009. Lecture Notes in Computer Science, vol 5471. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00587-9_1

Download citation

DOI: https://doi.org/10.1007/978-3-642-00587-9_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00586-2
Online ISBN: 978-3-642-00587-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics