Security Evaluation of Scenarios Based on the TCG’s TPM Specification

Gürgens, Sigrid; Rudolph, Carsten; Scheuermann, Dirk; Atts, Marion; Plaga, R.

doi:10.1007/978-3-540-74835-9_29

Cited by 37 publications

(30 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, the ITadmin can successfully impersonate the TPM just because it knows the authdata of SRK. The attack scenario given in this example, in which ITadmin is the attacker, is similar to that illustrating the TPM CertifyKey attack in [12]. Many other scenarios are possible.…”

Section: The Attack In Practicementioning

confidence: 98%

See 1 more Smart Citation

Attack, Solution and Verification for Shared Authorisation Data in TCG TPM

Chen

Ryan

2010

Formal Aspects in Security and Trust

View full text Add to dashboard Cite

Abstract. The Trusted Platform Module (TPM) is a hardware chip designed to enable computers to achieve greater security. Proof of possession of authorisation values known as authdata is required by user processes in order to use TPM keys. If a group of users are to be authorised to use a key, then the authdata for the key may be shared among them. We show that sharing authdata between users allows a TPM impersonation attack, which enables an attacker to completely usurp the secure storage of the TPM. The TPM has a notion of encrypted transport session, but it does not fully solve the problem we identify. We propose a new authorisation protocol for the TPM, which we call Session Key Authorisation Protocol (SKAP). It generalises and replaces the existing authorisation protocols (OIAP and OSAP). It allows authdata to be shared without the possibility of the impersonation attack, and it solves some other problems associated with OIAP and OSAP. We analyse the old and the new protocols using ProVerif. Authentication and secrecy properties (which fail for the old protocols) are proved to hold of SKAP.

show abstract

Section: The Attack In Practicementioning

confidence: 98%

“…An attacker can in some circumstances illegitimately obtain a certificate on a TPM key of his choice [12]. Also, an attacker can intercept a message, aiming to cause the legitimate user to issue another one, and then cause both to be received, resulting in the message being processed twice [10].…”

Section: Introductionmentioning

confidence: 99%

Attack, Solution and Verification for Shared Authorisation Data in TCG TPM

Chen

Ryan

2010

Formal Aspects in Security and Trust

View full text Add to dashboard Cite

show abstract

“…Lin considered modelling PCR state, but was unable to do this with Otter. Gurgens et al [9] describe an analysis of the TPM API using a finite state automata, but the model fragment given does not appear to consider PCR state and the analysis in the paper is predominantly informal. Coker et al [3] focus on the analysis of TPM APIs for remote attestation, but their SAL model is not yet publicly available.…”

Section: Related Workmentioning

confidence: 99%

Dynamic Measurement and Protected Execution: Model and Analysis

Xu¹,

Batten

Ryan

2014

Trustworthy Global Computing

View full text Add to dashboard Cite

Abstract. Useful security properties arise from sealing data to specific units of code. Modern processors featuring Intel's TXT and AMD's SVM achieve this by a process of measured and protected execution. Only code which has the correct measurement can access the data, and this code runs in an environment protected from observation and interference. We present a modelling language with primitives for protected execution, along with its semantics. We characterise an attacker who has access to all the capabilities of the hardware. In order to achieve automatic analysis of systems using protected execution without attempting to search an infinite state space, we define transformations that reduce the number of times the attacker needs to use protected execution to a pre-determined bound. Given reasonable assumptions we prove the soundness of the transformation: no secrecy attacks are lost by applying it. We then describe using the StatVerif extensions to ProVerif to model the bounded invocations of protected execution. We show the analysis of realistic systems, for which we provide case studies.

show abstract

“…Finally, the project ASSERT4SOA (Advanced Security Service cERTificate for SOA) aims to define and develop a certification infrastructure dealing with both test-based and model-based certification to provide a certificate-aware SOA [41]. Gürgens and Rudolph proposed another interesting approach to find security flaws in a number of key exchange, authentication, and non-repudiation protocols [42][43][44]. Their approach is supported by the Simple Homomorphism Verification Tool [45].…”

Section: Related Workmentioning

confidence: 99%

Web Service Assurance: The Notion and the Issues

et al. 2012

View full text Add to dashboard Cite

Web service technology provides basic infrastructure for deploying collaborative business processes. Web Service security standards and protocols aim to provide secure communication and conversation between service providers and consumers. Still, for a client calling a Web service it is difficult to ascertain that a particular service instance satisfies-at execution time-specific non-functional properties. In this paper we introduce the notion of certified Web service assurance, characterizing how service consumers can specify the set of security properties that a service should satisfy. Also, we illustrate a mechanism to re-check non-functional properties when the execution context changes. To this end, we introduce the concept of context-aware certificate, and describe a dynamic, context-aware service discovery environment.

show abstract

Security Evaluation of Scenarios Based on the TCG’s TPM Specification

Cited by 37 publications

References 9 publications

Attack, Solution and Verification for Shared Authorisation Data in TCG TPM

Attack, Solution and Verification for Shared Authorisation Data in TCG TPM

Dynamic Measurement and Protected Execution: Model and Analysis

Web Service Assurance: The Notion and the Issues

Contact Info

Product

Resources

About