Abstract
In today’s globalized digital world, network-based, mobile, and interactive collaborations have enabled work platforms of personal computers to cross multiple geographical boundaries. The new requirements of privacy-preservation, sensitive information sharing, portability, remote attestation, and robust security create new problems in system design and implementation. There are critical demands for highly secure work platforms and security enhancing mechanisms for ensuring privacy protection, component integrity, sealed storage, and remote attestation of platforms. Trusted computing is a promising technology for enhancing the security of a platform using a trusted platform module (TPM). TPM is a tamper-resistant microcontroller designed to provide robust security capabilities for computing platforms. It typically is affixed to the motherboard with a low pin count (LPC) bus. However, it limited in that TPM cannot be used directly in current common personal computers (PCs), and TPM is not flexible and portable enough to be used in different platforms because of its interface with the PC and its certificate and key structure. For these reasons, we propose a portable trusted platform module (PTPM) scheme to build a trusted platform for the common PC based on a single cryptographic chip with a universal serial bus (USB) interface and extensible firmware interface (EFI), by which platforms can get a similar degree of security protection in general-purpose systems. We show the structure of certificates and keys, which can bind to platforms via a PTPM and provide users with portability and flexibility in different platforms while still allowing the user and platform to be protected and attested. The implementation of prototype system is described in detail and the performance of the PTPM on cryptographic operations and time-costs of the system bootstrap are evaluated and analyzed. The results of experiments show that PTPM has high performances for supporting trusted computing and it can be used flexibly and portably by the user.
Similar content being viewed by others
References
Trusted Computing Group. TPM main part 1 design principles, specification version 1.2, revision94. March, 2006
Trusted Computing Platform Alliance. Trusted computing platform alliance (tcpa) main specification, version 1.1a (Republished as Trusted Computing Group (TCG) main specification, version 1.1b). 2001
Trusted Computing Group. TCG specification architecture overview, specification revision 1.4. August, 2007
TCG Best Practices Committee. Design, implementation and usage principles, version 2.0. December 2005
Shen C X, Zhang H G, Feng D G. Survey of information security. Chinese Science, 2007, 37(2): 129–150 (in Chinese)
Intel. Low pin count (LPC) interface specification, revision 1.1. August 2002
Trusted Computing Group. TCG PC client specific implementation specification for conventional BIOS version 1.20 final revision 1.00. July, 2005
Challener D, Yoder K, Catherman R, Safford D, Van Doorn L. A Practical Guide to Trusted Computing. Lebanon: IBM Press, 2008
Ren J C, Dai K, Wang Z Y. Trust-enhanced alteration scenario for universal computer. In: Proceedings of 11th Pacific Rim International Symposium on Dependable Computing. 2005, 275–280
Peng S H, Han Z. Enhancing PC security with U-Key. IEEE Security and Privacy, 2006, 4(5): 34–39
Peng S H, Han Z. Trust of user using U-Key on trusted platform. In: Proceedings of 8th International Conference on Signal Processing. 2006, 3023–3026
Tang W M, Peng S H. Research on secure enhancement frame of general personal computer. Journal of Communication, 2008, 29(11A): 17–22 (in Chinese)
Tang W M, Peng S H. Design and implementation of UsbKey device driver based on extensible firmware interface. In: Proceedings of 9th International Conference on Signal Processing. 2008, 2833–2836
Trusted Computing Group. TCG EFI platform specification version 1.20, final revision 1.0. June, 2006
Trusted Computing Group. TCG EFI protocol specification, version 1.20. June, 2006
Zhang R, Liu J Q, Peng S H. Research and implementation of trust transition based on EFI. Computer Applications, 2007, 27(9): 2174–2176 (in Chinese)
Zhang Y, Zhou C S. Research on trusted computing platform in EFI based on portable TPM. Computer Technology and Devolopment, 2010, 20(1): 167–171 (in Chinese)
Intel. Extensible firmware interface specification, version 1.10. December 1, 2002
Trusted Computing Group. TPM main part 3 commands, specification version 1.2 level 2 revision. October, 2006
USB Implementers Forum. Universal serial bus mass storage class bulk-only transport (revision 1.0). 1999
Intel. Platform innovation framework for UEFI. http://www.intel.com/technology/framework/
Author information
Authors and Affiliations
Corresponding author
Additional information
Lei HAN, born in 1983, received his B.S. Degree in automation from Beijing Jiaotong University, China, in 2006. Currently, he is a Ph.D. candidate of School of Electronics and Information of Beijing Jiaotong University. His main research interests are trusted computing, mobile ad hoc networks security and sensor networks security.
Jiqiang LIU, born in 1973, received his B.S. (1994) and Ph.D. (1999) from Beijing Normal University. Currently, he is a Professor at the Department of Computer and Information Technology of Beijing Jiaotong University. His main research interests are trusted computing, cryptographic protocols, privacy preserving and networks security.
Zhen HAN, born in 1962, received his Ph.D. from China Academy of Engineering Physics, in 1991. Currently, he is a Professor and Doctoral supervisor at the Department of Computer and Information Technology of Beijing Jiaotong University. His main research interests are information security architecture and trusted computing.
Xueye WEI, born in 1963, received his Ph.D. from Beijing Institute of Technology, in 1994. Currently, he is a Professor and Doctoral supervisor at the School of Electronics and Information of Beijing Jiaotong University. His main research interests are internet of things and signal detection.
Rights and permissions
About this article
Cite this article
Han, L., Liu, J., Han, Z. et al. Design and implementation of a portable TPM scheme for general-purpose trusted computing based on EFI. Front. Comput. Sci. China 5, 169–180 (2011). https://doi.org/10.1007/s11704-011-9180-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11704-011-9180-4