Security evaluation of scenarios based on the TCG's TPM specification

Authors:
Sigrid Gürgens;Carsten Rudolph;Dirk Scheuermann;Marion Atts;Rainer Plaga
Affiliations:
Fraunhofer-Institute for Secure Information Technology, Darmstadt, Germany;Fraunhofer-Institute for Secure Information Technology, Darmstadt, Germany;Fraunhofer-Institute for Secure Information Technology, Darmstadt, Germany;Federal Office for Information Security, Bonn, Germany;Federal Office for Information Security, Bonn, Germany
Venue:
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Year:
2007

Citing 5
Cited 7

Efficient and timely mutual authentication

ACM SIGOPS Operating Systems Review
Using encryption for authentication in large networks of computers

Communications of the ACM
Role Based Specification and Security Analysis of Cryptographic Protocols Using Asynchronous Product Automata

DEXA '02 Proceedings of the 13th International Workshop on Database and Expert Systems Applications
Security analysis of efficient (Un-) fair non-repudiation protocols

Formal Aspects of Computing
Design and implementation of a TCG-based integrity measurement architecture

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13

Trusted computing: special aspects and challenges

SOFSEM'08 Proceedings of the 34th conference on Current trends in theory and practice of computer science
A formal analysis of authentication in the TPM

FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Compiling information-flow security to minimal trusted computing bases

ESOP'11/ETAPS'11 Proceedings of the 20th European conference on Programming languages and systems: part of the joint European conferences on theory and practice of software
Enforcing S&D pattern design in RCES with modeling and formal approaches

Proceedings of the 14th international conference on Model driven engineering languages and systems
Attack, solution and verification for shared authorisation data in TCG TPM

FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Trust in peer-to-peer content distribution protocols

WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Modeling TCG-Based secure systems with colored petri nets

INTRUST'10 Proceedings of the Second international conference on Trusted Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Trusted Platform Module TPM is a basic but nevertheless very complex security component that can provide the foundations and the root of security for a variety of applications. In contrast to the TPM, other basic security mechanisms like cryptographic algorithms or security protocols have frequently been subject to thorough security analysis and formal verification. This paper presents a first methodic security analysis of a large part of the TPM specification. A formal automata model based on asynchronous product automata APA and a finite state verification tool SHVT are used to emulate a TPM within an executable model. On this basis four different generic scenarios were analysed with respect to security and practicability: secure boot, secure storage, remote attestation and data migration. A variety of security problems and inconsistencies was found. Subsequently, the TPM specification was adapted to overcome the problems identified. In this paper, the analysis of the remote attestation scenario and some of the problems found are explained in more detail.