The Experts below are selected from a list of 360 Experts worldwide ranked by ideXlab platform
Mark Ryan - One of the best experts on this subject based on the ideXlab platform.
-
a formal analysis of authentication in the tpm
Formal Aspects in Security and Trust, 2010Co-Authors: Stephanie Delaune, Mark Ryan, Steve Kremer, Graham SteelAbstract:The Trusted Platform Module (TPM) is a hardware chip designed to enable computers to achieve a greater level of security than is possible in software alone. To this end, the TPM provides a way to store cryptographic keys and other sensitive data in its shielded memory. Through its API, one can use those keys to achieve some security goals. The TPM is a complex security component, whose specification consists of more than 700 pages. We model a collection of four TPM commands, and we identify and formalise their security properties. Using the tool ProVerif, we rediscover some known attacks and some new variations on them. We propose modifications to the API and verify our properties for the modified API.
-
attack solution and verification for shared authorisation data in tcg tpm
Formal Aspects in Security and Trust, 2009Co-Authors: Liqun Chen, Mark RyanAbstract:The Trusted Platform Module (TPM) is a hardware chip designed to enable computers to achieve greater security. Proof of possession of authorisation values known as authdata is required by user processes in order to use TPM keys. If a group of users are to be authorised to use a key, then the authdata for the key may be shared among them. We show that sharing authdata between users allows a TPM impersonation attack, which enables an attacker to completely usurp the secure storage of the TPM. The TPM has a notion of encrypted transport session, but it does not fully solve the problem we identify. We propose a new authorisation protocol for the TPM, which we call Session Key Authorisation Protocol (SKAP). It generalises and replaces the existing authorisation protocols (OIAP and OSAP). It allows authdata to be shared without the possibility of the impersonation attack, and it solves some other problems associated with OIAP and OSAP. We analyse the old and the new protocols using ProVerif. Authentication and secrecy properties (which fail for the old protocols) are proved to hold of SKAP.
-
towards a verified reference implementation of a Trusted Platform Module
International Workshop on Security, 2009Co-Authors: Andrew D Gordon, Aybek Mukhamedov, Mark RyanAbstract:We develop a reference implementation for a fragment of the API for a Trusted Platform Module. Our code is written in a functional language, suitable for verification with various tools, but is automatically translated to a subset of C, suitable for interoperability testing with production code, and for inclusion in a specification or standard for the API. One version of our code corresponds to the widely deployed TPM 1.2 specification, and is vulnerable to a recently discovered dictionary attack; verification of secrecy properties of this version fails producing an attack trace and highlights an ambiguity in the specification that has security implications. Another version of our code corresponds to a suggested amendment to the TPM 1.2 specification; verification of this version succeeds. From this case study we conclude that recent advances in tools for verifying implementation code for cryptographic APIs are reaching the point where it is viable to develop verified reference implementations. Moreover, the published code can be in a widely understood language like C, rather than one of the specialist formalisms aimed at modelling cryptographic protocols.
-
offline dictionary attack on tcg tpm weak authorisation data and solution
ftc, 2009Co-Authors: Liqun Chen, Mark RyanAbstract:The Trusted Platform Module (TPM) is a hardware chip designed to enable PCs achieve greater security. Proof of possession of values known as authData is required by user processes in order to use TPM keys. We show that in certain circumstances dictionary attacks can be performed offline on authdata. In this way an attacker can circumvent some crucial operations of the TPM, and impersonate the TPM owner to the TPM, or the TPM to its owner. For example, he can unbind data or migrate keys without possessing the required authorisation data, or fake the creation of TPM keys. This means that any application that relies on the TPM may be vulnerable to attack.
David Challener - One of the best experts on this subject based on the ideXlab platform.
-
Trusted Platform Module Evolution
2015Co-Authors: Justin D. Osborn, David ChallenerAbstract:or more than a decade, commercial PC Platforms have been shipping with a standards-based embedded security subsystem on the motherboard known as the Trusted Platform Module, or TPM. TPMs have been used in a wide variety of applications, but some issues have hampered large-scale adoption. During the last 8 years, the Trusted Computing Group has been working on revising the specification to increase its flexibility, manageability, and utility. This article presents TPM use cases and explains the motivation for the major changes made to improve the TPM specification
-
a practical guide to tpm 2 0 using the Trusted Platform Module in the new age of security
2015Co-Authors: Will Arthur, David ChallenerAbstract:A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security is a straight-forward primer for developers. It shows security and TPM concepts, demonstrating their use in real applications that the reader can try out. Simply put, this book is designed to empower and excite the programming community to go out and do cool things with the TPM. The approach is to ramp the reader up quickly and keep their interest. A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security explains security concepts, describes the TPM 2.0 architecture, and provides code and pseudo-code examples in parallel, from very simple concepts and code to highly complex concepts and pseudo-code. The book includes instructions for the available execution environments and real code examples to get readers up and talking to the TPM quickly. The authors then help the users expand on that with pseudo-code descriptions of useful applications using the TPM. What youll learn TPM 2.0 architecture fundamentals, including changes from TPM 1.2 TPM 2.0 security concepts Essential application development techniques A deep dive into the features of TPM 2.0A primer on the execution environments available for application development. Learn as you go! Who this book is for Application software developers, OS developers, device-driver developers, and embedded-device specialists, who will benefit from mastering TPM 2.0 capabilities and building their own applications quickly. This book will give them the tools they need to experiment with and understand the technology. Software architects who need to understand the security guarantees provided by TPMs Managers who fund the projects that use TPMs. Non-technical users who may want to know why TPMs are on their computers and how to make use of them.
-
Trusted Platform Module evolution
2015Co-Authors: Justin D. Osborn, David ChallenerAbstract:536 or more than a decade, commercial PC Platforms have been shipping with a standards-based embedded security subsystem on the motherboard known as the Trusted Platform Module, or TPM. TPMs have been used in a wide variety of applications, but some issues have hampered large-scale adoption. During the last 8 years, the Trusted Computing Group has been working on revising the specification to increase its flexibility, manageability, and utility. This article presents TPM use cases and explains the motivation for the major changes made to improve the TPM specification. Trusted Platform Module Evolution
Antonio Munoz - One of the best experts on this subject based on the ideXlab platform.
-
icitpm integrity validation of software in iterative continuous integration through the use of Trusted Platform Module tpm
European Symposium on Research in Computer Security, 2020Co-Authors: Antonio Munoz, Aristeidis Farao, Jordy Ryan Casas Correia, Christos XenakisAbstract:Software development has passed from being rigid and not very flexible, to be automated with constant changes. This happens due to the creation of continuous integration and delivery environments. Nevertheless, developers often rely on such environments due to the large number of amenities they offer. They focus on authentication only, without taking into consideration other aspects of security such as the integrity of the source code and of the compiled binaries. The source code of a software project must not be maliciously modified. Notwithstanding, there is no safe method to verify that its integrity has not been violated. Trusted computing technology, in particular, the Trusted Platform Module (TPM) can be used to implement that secure method.
-
agent protection based on the use of cryptographic hardware
Computer Software and Applications Conference, 2009Co-Authors: Antonio Munoz, Antonio Mana, Rajesh Harjani, Marioli MontenegroAbstract:Mobile agents are processes that can migrate autonomously from new hosts. Despite of the huge number of fields of application of this technology, a lack in the security exists. The main approach of this work is based on the provision of a secure execution environment for mobile agents. Our approach is based on the idea of the Trusted migration. This Trusted migration is reached by means of the use of cryptographic hardware. Concretely, Trusted Computing Module (TPM). Thus, we have designed and developed a specific protocol, which is the basis to build the solution. In order to build our solution on a robust basis, we have validated this protocol by means of a model checking tool called AVISPA. Finally, we built a library to provide access to TPM (Trusted Platform Module) functionalities. The idea behind of this is based on the easy in using cryptographic hardware in the agent based systems development, disposing to agent developers of the security related tasks of their systems. The most relevant aspects of this library are described along this paper both at development stage of it and while we use it to develop a system based agent.
-
a hardware based infrastructure for agent protection
2009Co-Authors: Antonio Munoz, Antonio ManaAbstract:Mobile agents are software entities consisting of code and data that can migrate autonomously from host to host executing their code. Despite its benefits, security issues strongly restrict the use of code mobility. The protection of mobile agents against the attacks of malicious hosts is considered the most difficult security problem to solve in mobile agents systems. The centre of our work is a new agent migration protocol that takes advantage of TPM technology. The protocol has been validated using AVISPA model checking toolsuite. In order to facilitate its adoption, we have developed a software library to access TPM functionality from agents and to support their secure migration. This paper presents hardware-based system to protect agent systems. Concretely our work is based on Trusted Platform Module (TPM) protocol, which is the basis to build the solution. In order to build our solution on a robust basis, we validate this protocol by means of a model checking tool called AVISPA. Then as final result we provide a library to access to TPM (Trusted Platform Module) functionality from software agents. Along this paper we detail more relevant aspects of this library both in the development stage of it and while we use it to develop a system based agent.
Christos Xenakis - One of the best experts on this subject based on the ideXlab platform.
-
icitpm integrity validation of software in iterative continuous integration through the use of Trusted Platform Module tpm
European Symposium on Research in Computer Security, 2020Co-Authors: Antonio Munoz, Aristeidis Farao, Jordy Ryan Casas Correia, Christos XenakisAbstract:Software development has passed from being rigid and not very flexible, to be automated with constant changes. This happens due to the creation of continuous integration and delivery environments. Nevertheless, developers often rely on such environments due to the large number of amenities they offer. They focus on authentication only, without taking into consideration other aspects of security such as the integrity of the source code and of the compiled binaries. The source code of a software project must not be maliciously modified. Notwithstanding, there is no safe method to verify that its integrity has not been violated. Trusted computing technology, in particular, the Trusted Platform Module (TPM) can be used to implement that secure method.
Reiner Sailer - One of the best experts on this subject based on the ideXlab platform.
-
vtpm virtualizing the Trusted Platform Module
USENIX Security Symposium, 2006Co-Authors: Stefan Berger, Kenneth Alan Goldman, Ronald Perez, Ramón Cáceres, Reiner Sailer, Leendert Van DoornAbstract:We present the design and implementation of a system that enables Trusted computing for an unlimited number of virtual machines on a single hardware Platform. To this end, we virtualized the Trusted Platform Module (TPM). As a result, the TPM's secure storage and cryptographic functions are available to operating systems and applications running in virtual machines. Our new facility supports higher-level services for establishing trust in virtualized environments, for example remote attestation of software integrity. We implemented the full TPM specification in software and added functions to create and destroy virtual TPM instances. We integrated our software TPM into a hypervisor environment to make TPM functions available to virtual machines. Our virtual TPM supports suspend and resume operations, as well as migration of a virtual TPM instance with its respective virtual machine across Platforms. We present four designs for certificate chains to link the virtual TPM to a hardware TPM, with security vs. efficiency trade-offs based on threat models. Finally, we demonstrate a working system by layering an existing integrity measurement application on top of our virtual TPM facility.
-
Design and Implementation of a TCG-based Integrity Measurement Architecture
USENIX Security Symposium, 2004Co-Authors: Reiner Sailer, Trent Jaeger, Xiaolan Zhang, Leendert Van DoornAbstract:We present the design and implementation of a secure integrity measurement system for Linux. All executable con- tent that is loaded onto the Linux system is measured before execution and these measurements are protected by the Trusted Platform Module (TPM) that is part of the Trusted Computing Group (TCG) standards. Our system is the first to extend the TCG trust measurement concepts to dynamic executable content from the BIOS all the way up into the application layer. In effect, we show that many of the Microsoft NGSCB guarantees can be obtained on today’s hardware and today’s software and that these guarantees do not require a new CPU mode or operating system but merely depend on the availability of an independent Trusted entity, a TPM for example. We apply our trust measurement architecture to a web server application where we show how our system can detect undesirable invocations, such as rootkit programs, and that our measurement architecture is practical in terms of the number of measurements taken and the performance impact of making them.
