Abstract
We present the first automated proof of the authorization protocols in TPM 2.0 in the computational model. The Trusted Platform Module(TPM) is a chip that enables trust in computing platforms and achieves more security than software alone. The TPM interacts with a caller via a predefined set of commands. Many commands reference TPM-resident structures, and use of them may require authorization. The TPM will provide an acknowledgement once receiving an authorization. This interact ensure the authentication of TPM and the caller. In this paper, we present a computationally sound mechanized proof for authorization protocols in the TPM 2.0. We model the authorization protocols using a probabilistic polynomial-time calculus and prove authentication between the TPM and the caller with the aid of the tool CryptoVerif, which works in the computational model. In addition, the prover gives the upper bounds to break the authentication between them.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)
Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)
Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006)
Blanchet, B.: A computationally sound mechanized prover for security protocols. IEEE Transactions on Dependable and Secure Computing 5(4), 193–207 (2008)
Blanchet, B.: A Computationally Sound Mechanized Prover for Security Protocols. In: IEEE Symposium on Security and Privacy (SP 2006), pp. 140–154 (2006)
Blanchet, B.: Computationally sound mechanized proofs of correspondence assertions. In: CSF 2007, pp. 97–111 (2007)
Blanchet, B., Pointcheval, D.: Automated Security Proofs with Sequences of Games. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 537–554. Springer, Heidelberg (2006)
Blanchet, B., Jaggard, A.D., Scedrov, A., Tsay, J.-K.: Computationally Sound Mechanized Proofs for Basic and Public-Key Kerberos. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security (ASIACCS 2008), pp. 87–99. ACM (2008)
Bruschi, D., Cavallaro, L., Lanzi, A., Monga, M.: Replay attack in TCG specification and solution. In: Proc. 21st Annual Computer Security Applications Conference (ACSAC 2005), pp. 127–137. IEEE Computer Society (2005)
Chen, L., Ryan, M.D.: Offine dictionary attack on TCG TPM weak authorisation data, and solution. In: Future of Trust in Computing. Vieweg & Teubner (2009)
Chen, L., Ryan, M.: Attack, solution and verification for shared authorisation data in TCG TPM. In: Degano, P., Guttman, J.D. (eds.) FAST 2009. LNCS, vol. 5983, pp. 201–216. Springer, Heidelberg (2010)
Delaune, S., Kremer, S., Ryan, M.D., Steel, G.: A formal analysis of authentication in the TPM. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 111–125. Springer, Heidelberg (2011)
Delaune, S., Kremer, S., Ryan, M.D., Steel, G.: Formal Analysis of Protocols Based on TPM State Registers. In: Proc. 24th IEEE Computer Security Foundations Symposium (CSF 2011), pp. 66–80 (2011)
ISO/IEC PAS DIS 11889: Information technology C security techniques C Trusted Platform Modules
Laud, P.: Secrecy Types for a Simulatable Cryptographic Library. In: Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS 2005), pp. 26–35. ACM (2005)
Lin, A.H.: Automated Analysis of Security APIs. Masters thesis. MIT (2005), http://groups.csail.mit.edu/cis/theses/amerson-masters.pdf
Mitchell, J., Ramanathan, A., Scedrov, A., Teague, V.: A Probabilistic Polynomial-Time Process Calculus for the Analysis of Cryptographic Protocols. Theoretical Computer Science 353(1-3), 118–164 (2006)
Shao, J., Feng, D., Qin, Y.: Type-based analysis of protected storage in the TPM. In: Qing, S., Zhou, J., Liu, D. (eds.) ICICS 2013. LNCS, vol. 8233, pp. 135–150. Springer, Heidelberg (2013)
Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332 (2004), http://eprint.iacr.org/2004/332
Trusted Computing Group. TPM Specification version 2.0. Parts 1-4, revision 00.99 (2013), http://www.trustedcomputinggroup.org/resources/tpm_library_specification
Wang, W.J., Qin, Y., Feng, D.G.: Automated Proof for Authorization Protocols of TPM 2.0 in Computational Model (full version). Cryptology ePrint Archive (2014), http://eprint.iacr.org/2014/120
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Wang, W., Qin, Y., Feng, D. (2014). Automated Proof for Authorization Protocols of TPM 2.0 in Computational Model. In: Huang, X., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2014. Lecture Notes in Computer Science, vol 8434. Springer, Cham. https://doi.org/10.1007/978-3-319-06320-1_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-06320-1_12
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-06319-5
Online ISBN: 978-3-319-06320-1
eBook Packages: Computer ScienceComputer Science (R0)