The TPM and Some Attacks
The trusted platform module (TPM) is a hardware chip designed to enable commodity computers to achieve greater levels of security than is possible in software alone. There are 300 million TPMs currently in existence, mostly in highend laptops, but now increasingly in desktops and servers. Application software such as Microsoft’s BitLocker and HP’s ProtectTools use the TPM in order to guarantee security properties. The TPM specification is an industry standard [1] and an ISO/IEC standard [2] co-ordinated by the Trusted Computing Group.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Trusted Computing Group: TPM Specification version 1.2. Parts 1–3 (2007), http://www.trustedcomputinggroup.org/resources/tpm_main_specification
ISO/IEC: ISO/IEC PAS DIS 11889: Information technology – Security techniques – Trusted platform module
Gürgens, S., Rudolph, C., Scheuermann, D., Atts, M., Plaga, R.: Security Evaluation of Scenarios Based on the TCG’s TPM Specification. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 438–453. Springer, Heidelberg (2007)
Chen, L., Ryan, M.D.: Offline dictionary attack on TCG TPM weak authorisation data, and solution. In: Grawrock, D., Reimer, H., Sadeghi, A., Vishik, C. (eds.) Future of Trust in Computing. Vieweg & Teubner (2008)
Chen, L., Ryan, M.D.: Attack, Solution and Verification for Shared Authorisation Data in TCG TPM. In: Degano, P., Guttman, J.D. (eds.) FAST 2009. LNCS, vol. 5983, pp. 201–216. Springer, Heidelberg (2010)
Bruschi, D., Cavallaro, L., Lanzi, A., Monga, M.: Replay attack in TCG specification and solution. In: ACSAC 2005: Proceedings of the 21st Annual Computer Security Applications Conference, pp. 127–137. IEEE Computer Society, Washington, DC (2005)
Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: Schneider, S. (ed.) 14th IEEE Computer Security Foundations Workshop, pp. 82–96. IEEE Computer Society Press, Cape Breton (2001)
Delaune, S., Kremer, S., Ryan, M.D., Steel, G.: A Formal Analysis of Authentication in the TPM. In: Degano, P., Etalle, S., Guttman, J. D. (eds.) FAST 2010. LNCS, vol. 6561, pp. 111–125. Springer, Heidelberg (2011)
Delaune, S., Kremer, S., Ryan, M.D., Steel, G.: Formal analysis of protocols based on TPM state registers. In: [16], pp. 66–80
Weidenbach, C.: Towards an Automatic Analysis of Security Protocols in First-Order Logic. In: Ganzinger, H. (ed.) CADE 1999. LNCS (LNAI), vol. 1632, pp. 314–328. Springer, Heidelberg (1999)
Microsoft: BitLocker FAQ, http://technet.microsoft.com/en-us/library/ee449438WS.10.aspx
Ables, K., Ryan, M.D.: Escrowed Data and the Digital Envelope. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 246–256. Springer, Heidelberg (2010)
Arapinis, M., Ritter, E., Ryan, M.D.: StatVerif: Verification of stateful processes. In: [16], pp. 33–47
Xu, S., Batten, I., Ryan, M.: Dynamic measurement and protected execution: model and analysis. Paper in Preparation
McCune, J.M., Parno, B., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: An execution infrastructure for tcb minimization. In: Proceedings of the ACM European Conference in Computer Systems (EuroSys) (April 2008)
Proceedings of the 24th IEEE Computer Security Foundations Symposium, CSF 2011, June 27-29, IEEE Computer Society, Cernay-la-Ville, France (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ryan, M.D. (2012). Automatic Analysis of Security Properties of the TPM. In: Mitchell, C.J., Tomlinson, A. (eds) Trusted Systems. INTRUST 2012. Lecture Notes in Computer Science, vol 7711. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35371-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-642-35371-0_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35370-3
Online ISBN: 978-3-642-35371-0
eBook Packages: Computer ScienceComputer Science (R0)