A trusted process to digitally sign a document
Proceedings of the 2001 workshop on New security paradigms
Authenticated Operation of Open Computing Devices
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
OSLO: improving the security of trusted computing
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Practical Techniques for Operating System Attestation
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
The Trusted Execution Module: Commodity General-Purpose Trusted Computing
CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Lest we remember: cold boot attacks on encryption keys
SS'08 Proceedings of the 17th conference on Security symposium
Towards customizable, application specific mobile trusted modules
Proceedings of the fifth ACM workshop on Scalable trusted computing
Hi-index | 0.00 |
We explore a new model for trusted computing in which an existing fixed-function Trusted Platform Module (TPM) is coupled with user application code running on a programmable smart card. We will show that with appropriate coupling the resulting system approximates a "field-programmable TPM." A true field-programmable TPM would provide higher levels of security for user-functions that would otherwise need to execute in host software. Our coupling architecture supports many (but not all) of the security requirements and applications scenarios that you would expect of a programmable TPM, but has the advantage that it can be deployed using existing technology. This paper describes our TPM-smart card coupling architecture and the services that we have prototyped. The services include: (1) An implementation of count-limited objects in which keys can only be used a preset number of times. (2) More flexible versions of the TPM Unseal and Unbind primitives that allow sealing to groups of equivalent configurations. And (3) a version of Quote that uses alternative signature formats and cryptography available within smart cards but not in the TPM itself. We also describe the limitations of the coupling architecture and how some of the limitations could be overcome with a true programmable TPM.