A formal analysis of authentication in the TPM
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
Attack, solution and verification for shared authorisation data in TCG TPM
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Modeling TCG-Based secure systems with colored petri nets
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
DAA protocol analysis and verification
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
| Hi-index | 0.00 |
We prove the existence of a flaw which we individuated in the design of the Object-Independent Authorization Protocol (OIAP), which represents one of the building blocks of the Trusted Platform Module (TPM), the core of the Trusted Computing Platforms (TPs) as devised by the Trusted Computing Group (TCG) standards. In particular, we prove, also with the support of a model checker, that the protocol is exposed to replay attacks, which could be used for compromising the correct behavior of a TP. We also propose a countermeasure to undertake in order to avoid such an attack as well as any replay attacks to the aforementioned protocol.