Article

TCG inside?: a note on TPM specification compliance

Authors:
Ahmad-Reza Sadeghi

Ruhr-University Bochum, Germany

Ruhr-University Bochum, Germany
View Profile

,
Marcel Selhorst

Ruhr-University Bochum, Germany

Ruhr-University Bochum, Germany
View Profile

,
Christian Stüble

Ruhr-University Bochum, Germany

Ruhr-University Bochum, Germany
View Profile

,
Christian Wachsmann

Ruhr-University Bochum, Germany

Ruhr-University Bochum, Germany
View Profile

,
Marcel Winandy

Ruhr-University Bochum, Germany

Ruhr-University Bochum, Germany
View Profile

STC '06: Proceedings of the first ACM workshop on Scalable trusted computingNovember 2006Pages 47–56https://doi.org/10.1145/1179474.1179487

Published:03 November 2006Publication History

STC '06: Proceedings of the first ACM workshop on Scalable trusted computing

Pages 47–56

ABSTRACT

The Trusted Computing Group (TCG) has addressed a new generation of computing platforms employing both supplemental hardware and software with the primary goal to improve the security and the trustworthiness of future IT systems. The core component of the TCG proposal is the Trusted Platform Module (TPM) providing certain cryptographic functions. Many vendors currently equip their platforms with a TPM claiming to be TCG compliant. However, there is no feasible way for application developers and users of TPM-enabled systems to verify this compliance. In practice, manufacturers may exploit the flexibility that the specification itself provides, or they may deviate from it by inappropriate design that might lead to security vulnerabilities. Hence, it is crucial to have an independent means for testing the compliance as well as analyzing the security of different TPMs. In this paper, we aim at making the first steps towards fulfilling this requirement: We have developed a test strategy as well as a prototype test suite for TPM compliance testing. Although our test does not cover the complete TCG specification, our test results show that many TPM implementations do not meet the TCG specification and have bugs. Moreover, we discuss that non-compliance may have crucial impact on security, and point out the corresponding security problems in case of a widespread TPM.

References

TrustedGRUB. http://www.prosec.rub.de/trusted_grub.html.Google Scholar
Linux Device Driver for Infineon TPMs. http://www.prosec.rub.de/tpm/index.html, 2006.Google Scholar
Atmel. AT97SC3201 --- The Atmel Trusted Platform Module. http://www.atmel.com/dyn/resources/prod_documents/doc5010.pdf, August 2004.Google Scholar
Atmel. AT97SC3203 Advanced Information Summary. http://www.atmel.com/dyn/resources/prod_documents/5116s.pdf, July 2005.Google Scholar
Atmel. AT97SC3203S for SMBus Protocol Summary. http://www.atmel.com/dyn/resources/prod_documents/5132s.pdf, August 2005.Google Scholar
Atmel. Trusted Platform Module AT97SC3201 Summary. http://www.atmel.com/dyn/resources/prod_documents/2015s.pdf, June 2005.Google Scholar
B. Beizer. Black Box Testing. John Wiley & Sons, 1995.Google Scholar
Broadcom. Broadcom Revolutionizes LAN Communications by Introducing the World's First PCI Express Gigabit Ethernet Controllers for Server, Desktop and Mobile PCs. http://www.broadcom.com/press/release.php?id=461159, October 2003.Google Scholar
Broadcom. BCM5752 Product Brief. http://www.broadcom.com/collateral/pb/5752-PB00-R.pdf, 2005.Google Scholar
Broadcom. BCM5752M Product Brief. http://www.broadcom.com/collateral/pb/5752M-PB00-R.pdf, 2005.Google Scholar
Broadcom. Broadcom Controllers Integrate TPM 1.2 enabling OEMs to Offer Hardware-Based Security as a Standard Feature on all PCs. http://www.broadcom.com/press/release.php?id=700509, 2005.Google Scholar
T. S. Chow. Test design modeled by finite-state machines. IEEE Transactions on Software Engineering, 4(3):178--187, 1978.Google ScholarDigital Library
K. El-Fakih, N. Yevtushenko, and G. v. Bochmann. FSM-based incremental conformance testing methods. IEEE Transactions on Software Engineering, 3 (7):425--436, 2004. Google ScholarDigital Library
Horst Görtz Institute for IT Security, Ruhr-University Bochum, Applied Data Security Group. Technical Report. http://www.prosec.rub.de/tpmcompliance.html, May 2006.Google Scholar
Infineon Technologies AG. Product Brief --- TPM 1.2 Hardware. http://www.infineon.com/tpm, May 2005.Google Scholar
D. Lee and M. Yannakakis. Principles and methods of testing finite state machines - A survey. In Proceedings of the IEEE, volume~84, pages 1090--1123, 1996.Google ScholarCross Ref
L. Li, S. A. Szygenda, and M. A. Thornton. Combining simulation and formal verification for integrated circuit design validation. In Proceedings of the 9th World Multi-Conference on Systemics, Cybernetics and Informatics (WMSCI), pages 92--97, 2005.Google Scholar
H.-M. Lin, C.-C. Yen, C.-H. Shih, and J.-Y. Jou. On Compliance-Test of On-Chip Bus for SOC. In Proceedings of the 2004 Asia and South Pacific Design Automation Conference (ASP-DAC'04). IEEE Press, 2004. Google ScholarDigital Library
National Semiconductor. Product Brief: PC8374T SafeKeeper Desktop TrustedI/O. http://www.winbond-usa.com/products/winbond_products/pdfs/APC/PC8374T.p df, August 2004.Google Scholar
J. Ruiz, A. Vallejo, and J. Abella. IPv6 conformance and interoperability testing. In Proceedings of the 10th IEEE Symposium on Computers and Communications (ISCC 2005). IEEE Press, 2005. Google ScholarDigital Library
Data Brief: ST19WP18-TPM-A Trusted Platform Module. http://www.st.com/stonline/products/literature/bd/10926.pdf, 2004.Google Scholar
Data Brief: ST19WP18-TPM-B Trusted Platform Module. http://www.st.com/stonline/products/literature/bd/10927.pdf, 2004.Google Scholar
Data Brief: ST19WP18-TPM-C Trusted Platform Module. http://www.st.com/stonline/products/literature/bd/10928.pdf, 2004.Google Scholar
Trusted Computing Group (TCG). TCPA Main Specification, Version~1.1b. https://www.trustedcomputinggroup.org/specs/TPM/TCPA_Main_TCG_Architecture_v1_1b.pdf, February 2002.Google Scholar
Trusted Computing Group (TCG). TPM Main Specification, Version 1.2 Revision 94. https://www.trustedcomputinggroup.org/specs/TPM/, March 2006.Google Scholar

Index Terms

TCG inside?: a note on TPM specification compliance
1. Hardware
  1. Hardware test
  2. Robustness

Recommendations

Research on Trust Evaluation Model Based on TPM
FCST '09: Proceedings of the 2009 Fourth International Conference on Frontier of Computer Science and Technology

Trusted computing is an important research field in information security and trust evaluation for trust model is the key issue to be resolved. It is great significance for ensuring security of trust model for trusted computing to analyze normally and ...
Read More
Research of Trust Chain Improvement Technology
NSWCTC '10: Proceedings of the 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing - Volume 01

Trust chain is one of the key technologies in trusted computing. According to analyzing and researching the concept and structure of trusted computing, this paper proposes an improved method to measure trust chain. Trust measurement is computed directly ...
Read More
A DRTM-Based Method for Trusted Network Connection
TRUSTCOM '11: Proceedings of the 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications

Trusted Network Connection (TNC for short) can prevent insecure terminal from accessing protected network and thus strengthen the security of network. Existing TNC solutions face a serious problem called lying endpoint problem (LEP for short). If an ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
STC '06: Proceedings of the first ACM workshop on Scalable trusted computing
November 2006
66 pages
ISBN:1595935487
DOI:10.1145/1179474
General Chair:
Ari Juels
RSA Laboratories
,
Program Chairs:
Gene Tsudik
University of California, Irvine, CA
,
Shouhuai Xu
University of Texas, San Antonio, TX
,
Moti Yung
RSA Labs and Columbia University
Copyright © 2006 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 3 November 2006
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
TPM
compliance
test
trusted computing
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate17of31submissions,55%
Upcoming Conference
CCS '24

Sponsor:

sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 52
  Total Citations
  View Citations
- 1,208
  Total Downloads
- Downloads (Last 12 months)6
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

TCG inside?: a note on TPM specification compliance

STC '06: Proceedings of the first ACM workshop on Scalable trusted computing

ABSTRACT

References

Cited By

Index Terms

Recommendations

Research on Trust Evaluation Model Based on TPM

Research of Trust Chain Improvement Technology

A DRTM-Based Method for Trusted Network Connection