Abstract
A Trusted Platform Module (TPM) offers a number of basic security services which can be used to build complex trusted applications. One of the main functionalities of a TPM is the provision of a protected storage, including access management for cryptographic keys. To allow for scalability in spite of the resource constraints of the TPM, keys are not stored inside the TPM, but in encrypted form on external, untrusted storage. This has the consequence that the actual key storage is not under control of the TPM, and it is therefore not possible to revoke individual keys. In this paper we introduce two basic methods to implement key revocation without major changes to the TPM command set, and without inhibiting backwards compatibility with the current specification. Our methods introduce no overhead for normal operation, and a reasonable small effort for managing revocable keys.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Brickell, E.F., Camenisch, J., Chen, L.: Direct anonymous attestation. In: ACM Conference on Computer and Communications Security, pp. 132–145 (2004)
Kühn, U., Kursawe, K., Lucks, S., Sadeghi, A.-R., Stüble, C.: Secure data management in trusted computing. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 324–338. Springer, Heidelberg (2005)
Maheshwari, U., Vingralek, R., Shapiro, W.: How to build a trusted database system on untrusted storage. In: OSDI 2000 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation, Berkeley, CA, USA, p. 10. USENIX Association (2000)
Naor, M., Nissim, K.: Certificate revocation and certificate update. In: Proceedings of the 7th USENIX Security Symposium, pp. 217–228 (1998)
Sarmenta, L.F.G., van Dijk, M., O’Donnell, C.W., Rhodes, J., Devadas, S.: Virtual monotonic counters and count-limited objects using a tpm without a trusted os. In: STC 2006: Proceedings of the first ACM workshop on Scalable trusted computing, pp. 27–42. ACM, New York (2006)
Trusted Computing Group. TCG TPM Specification Version 1.2 Revision 103, TPM Main Part 2 TPM Structures. Technical report, TCG (July 2007)
Trusted Computing Group. TCG TPM Specification Version 1.2 Revision 103, TPM Main Part 1 Design Principles. Technical report, TCG (July 2007)
Trusted Computing Group. TCG TPM Specification Version 1.2 Revision 103, TPM Main Part 3 Command. Technical report, TCG (July 2007)
Trusted Computing Group. Trusted Platform Module (TPM) specifications. Technical report (2008), https://www.trustedcomputinggroup.org/specs/TPM
Xiao, Y., Rayi, V.K., Sun, B., Du, X., Hu, F., Galloway, M.: A survey of key management schemes in wireless sensor networks. Comput. Commun. 30(11-12), 2314–2341 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Katzenbeisser, S., Kursawe, K., Stumpf, F. (2009). Revocation of TPM Keys. In: Chen, L., Mitchell, C.J., Martin, A. (eds) Trusted Computing. Trust 2009. Lecture Notes in Computer Science, vol 5471. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00587-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-00587-9_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00586-2
Online ISBN: 978-3-642-00587-9
eBook Packages: Computer ScienceComputer Science (R0)