Automated Proof for Authorization Protocols of TPM 2.0 in Computational Model
نویسندگان
چکیده
We present the first automated proof of the authorization protocols in TPM 2.0 in the computational model. The Trusted Platform Module(TPM) is a chip that enables trust in computing platforms and achieves more security than software alone. The TPM interacts with a caller via a predefined set of commands. Many commands reference TPM-resident structures, and use of them may require authorization. The TPM will provide an acknowledgement once receiving an authorization. This interact ensure the authentication of TPM and the caller. In this paper, we present a computationally sound mechanized proof for authorization protocols in the TPM 2.0. We model the authorization protocols using a probabilistic polynomial-time calculus and prove authentication between the TPM and the caller with the aid of the tool CryptoVerif, which works in the computational model. In addition, the prover gives the upper bounds to break the authentication between them.
منابع مشابه
Enabling Key Migration Between Non-compatible TPM Versions
We consider the problem of migrating keys from TPM 1.2 to the backwards incompatible TPM 2.0. The major di↵erences between the two versions introduce several challenges for deployed systems when support for TPM 2.0 is introduced. We show how TPM 2.0 support can be introduced while still maintaining the functionality specified by TPM 1.2, allowing a smoother transition to the newer version. Spec...
متن کاملA Unified Security Analysis of Two-Phase Key Exchange Protocols in TPM 2.0
The Trusted Platform Module (TPM) version 2.0 provides an authenticated key exchange functionality by a single key exchange primitive, which can be called to implement three key exchange protocols (denoted as two-phase key exchange protocols in TPM 2.0): the Full Unified Model, the MQV, and the SM2 key exchange protocols. However, some vulnerabilities have been found in all of these protocols. ...
متن کاملAttack, Solution and Verification for Shared Authorisation Data in TCG TPM
The Trusted Platform Module (TPM) is a hardware chip designed to enable computers to achieve greater security. Proof of possession of authorisation values known as authdata is required by user processes in order to use TPM keys. If a group of users are to be authorised to use a key, then the authdata for the key may be shared among them. We show that sharing authdata between users allows a TPM ...
متن کاملAnalysis of Object-Specific Authorization Protocol (OSAP) using Coloured Petri Nets
The use of Trusted Platform Module (TPM) is becoming increasingly popular in many security systems. To access objects protected by TPM (such as cryptographic keys), several cryptographic protocols, such as the Object Specific Authorization Protocol (OSAP), can be used. Given the sensitivity and the importance of those objects protected by TPM, the security of this protocol is vital. Formal meth...
متن کاملAutomated Verification of Dynamic Root of Trust Protocols
Automated verification of security protocols based on dynamic root of trust, typically relying on protected hardware such as TPM, involves several challenges that we address in this paper. We model the semantics of trusted computing platforms (including CPU, TPM, OS, and other essential components) and of associated protocols in a classical process calculus accepted by ProVerif. As part of the ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2014 شماره
صفحات -
تاریخ انتشار 2014