Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Replay Attack in TCG Specification and Solution
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Proceedings of the 2007 ACM workshop on Scalable trusted computing
Automatic verification of correspondences for security protocols
Journal of Computer Security
A Logic of Secure Systems and its Application to Trusted Computing
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Analysing PKCS#11 Key Management APIs with Unbounded Fresh Data
Foundations and Applications of Security Analysis
Principles of remote attestation
International Journal of Information Security - Special Issue:10th International Conference on Information and Communications Security (ICICS)
Attack, solution and verification for shared authorisation data in TCG TPM
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
The AVISPA tool for the automated validation of internet security protocols and applications
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Security evaluation of scenarios based on the TCG's TPM specification
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
DAA protocol analysis and verification
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Hi-index | 0.00 |
The Trusted Platform Module (TPM) is a hardware chip designed to enable computers to achieve a greater level of security than is possible in software alone. To this end, the TPM provides a way to store cryptographic keys and other sensitive data in its shielded memory. Through its API, one can use those keys to achieve some security goals. The TPM is a complex security component, whose specification consists of more than 700 pages. We model a collection of four TPM commands, and we identify and formalise their security properties. Using the tool ProVerif, we rediscover some known attacks and some new variations on them. We propose modifications to the API and verify our properties for the modified API.