FSM-Based Incremental Conformance Testing Methods
IEEE Transactions on Software Engineering
On compliance test of on-chip bus for SOC
Proceedings of the 2004 Asia and South Pacific Design Automation Conference
IPv6 Conformance and Interoperability Testing
ISCC '05 Proceedings of the 10th IEEE Symposium on Computers and Communications
Remote Attestation on Legacy Operating Systems With Trusted Platform Modules
Electronic Notes in Theoretical Computer Science (ENTCS)
Turtles all the way down: research challenges in user-based attestation
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
OSLO: improving the security of trusted computing
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
A Software-Based Trusted Platform Module Emulator
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Embedded Trusted Computing with Authenticated Non-volatile Memory
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Improving the scalability of platform attestation
Proceedings of the 3rd ACM workshop on Scalable trusted computing
e-EMV: emulating EMV for internet payments with trusted computing technologies
Proceedings of the 3rd ACM workshop on Scalable trusted computing
Remote attestation on legacy operating systems with trusted platform modules
Science of Computer Programming
Flexible μTPMs through disembedding
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Trusted Computing: Security and Applications
Cryptologia
TPM meets DRE: reducing the trust base for electronic voting using trusted platform modules
IEEE Transactions on Information Forensics and Security - Special issue on electronic voting
Mobile user location-specific encryption (MULE): using your office as your password
Proceedings of the third ACM conference on Wireless network security
Trusted computing: special aspects and challenges
SOFSEM'08 Proceedings of the 34th conference on Current trends in theory and practice of computer science
CodeVoting protection against automatic vote manipulation in an uncontrolled environment
VOTE-ID'07 Proceedings of the 1st international conference on E-voting and identity
Proceedings of the fifth ACM workshop on Scalable trusted computing
Trust extension as a mechanism for secure code execution on commodity computers
Trust extension as a mechanism for secure code execution on commodity computers
Improving remote voting security with codevoting
Towards Trustworthy Elections
Modeling TCG-Based secure systems with colored petri nets
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Mutual remote attestation: enabling system cloning for TPM based platforms
STM'11 Proceedings of the 7th international conference on Security and Trust Management
| Hi-index | 0.00 |
The Trusted Computing Group (TCG) has addressed a new generation of computing platforms employing both supplemental hardware and software with the primary goal to improve the security and the trustworthiness of future IT systems. The core component of the TCG proposal is the Trusted Platform Module (TPM) providing certain cryptographic functions. Many vendors currently equip their platforms with a TPM claiming to be TCG compliant. However, there is no feasible way for application developers and users of TPM-enabled systems to verify this compliance. In practice, manufacturers may exploit the flexibility that the specification itself provides, or they may deviate from it by inappropriate design that might lead to security vulnerabilities. Hence, it is crucial to have an independent means for testing the compliance as well as analyzing the security of different TPMs. In this paper, we aim at making the first steps towards fulfilling this requirement: We have developed a test strategy as well as a prototype test suite for TPM compliance testing. Although our test does not cover the complete TCG specification, our test results show that many TPM implementations do not meet the TCG specification and have bugs. Moreover, we discuss that non-compliance may have crucial impact on security, and point out the corresponding security problems in case of a widespread TPM.