Proceedings of the 11th ACM conference on Computer and communications security
Virtual monotonic counters and count-limited objects using a TPM without a trusted OS
Proceedings of the first ACM workshop on Scalable trusted computing
How to build a trusted database system on untrusted storage
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Certificate revocation and certificate update
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A survey of key management schemes in wireless sensor networks
Computer Communications
Secure data management in trusted computing
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Hi-index | 0.00 |
A Trusted Platform Module (TPM) offers a number of basic security services which can be used to build complex trusted applications. One of the main functionalities of a TPM is the provision of a protected storage, including access management for cryptographic keys. To allow for scalability in spite of the resource constraints of the TPM, keys are not stored inside the TPM, but in encrypted form on external, untrusted storage. This has the consequence that the actual key storage is not under control of the TPM, and it is therefore not possible to revoke individual keys. In this paper we introduce two basic methods to implement key revocation without major changes to the TPM command set, and without inhibiting backwards compatibility with the current specification. Our methods introduce no overhead for normal operation, and a reasonable small effort for managing revocable keys.