Key Management with Trusted Platform Modules

Key Management with Trusted Platform Modules The concept of Trusted Computing, which aims at making computing platforms more reliable, is based on a chip called Trusted Platform Module (TPM). The TPM is a chip which provides cryptographic functionality like RSA encryption and secure key storage. The aim of the Master’s project was to analyse and implement TPM based pre-boot authentication for the disc encryption software Pointsec for PC. The system was analysed with respect to manageability and security. With regard to manageability the findings were that two critical implementation factors will be interoperability and user transparency. Some TPM features are not standardized which complicates the implementation of a general system. Recovery from password loss or hardware failure can be achieved with Remote help or TPM key backup. The security analysis focused on the software and hardware attack mitigation integrated into the TPM. The chip was found to be somewhat vulnerable to sophisticated laboratory based attacks but fully comparable to smartcards. A prototype using the TPM for RSA key storage and RSA-wrapping of the disc encryption key was developed. The prototype has two parts; one Windows based user installation utility and one pre-boot authentication module. In order to communicate with the TPM in the pre-boot environment a kernel device driver was developed.