Abstract
The paradigm of Trusted Computing promises a new approach to improve the security of embedded and mobile systems. The core functionality, based on a hardware component known as Trusted Platform Module (TPM), is widely available. However, integration and application in embedded systems remains limited at present, simply because of the extremely steep learning curve involved in using the programmer-facing interfaces. In this chapter, we describe the current state of the Trusted Computing Group’s software architecture and present previous approaches to improve usability. We report on a novel design of a high-level API for Trusted Computing for Java which has been optimized for ease-of-use and clear abstraction of Trusted Computing concepts. We derive requirements and design goals and outline the API design. Finally, we show the application and benchmarks in embedded systems. The result of this effort has been standardized as Java Specification Request 321.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
At the time of writing, the inclusion of TPMs in Mac OS X compatible platforms has been discontinued.
- 2.
The 256 MB version was used for benchmarking.
References
Ables, K.: An alleged attack on key delegation in the trusted platform module. MSc Advanced Computer Science First Semester Mini-Project, University of Birmingham (2009). http://www.computer-science.birmingham.ac.uk/~mdr/research/papers/pdf/09-ables-3.pdf. Website accessed 15 Nov 2012
Alam, M., Zhang, X., Nauman, M., Ali, T.: Behavioral attestation for web services (ba4ws). In: Proceedings of the 2008 ACM Workshop on Secure Web Services, Alexandria, pp. 21–28. ACM (2008). doi:10.1145/1456492.1456496
Alsouri, S., Dagdelen, O., Katzenbeisser, S.: Group-based attestation: enhancing privacy and management in remote attestation. In: Acquisti, A., Smith, S., Sadeghi A.R. (eds.) Trust and Trustworthy Computing. Lecture Notes in Computer Science, vol. 6101, pp. 63–77. Springer, Berlin/Heidelberg (2010). http://dx.doi.org/10.1007/978-3-642-13869-0_5
Baldwin, A., Dalton, C., Shiu, S., Kostienko, K., Rajpoot, Q.: Providing secure services for a virtual infrastructure. SIGOPS Oper. Syst. Rev. 43(1), 44–51 (2009). doi:10.1145/1496909.1496919
Bangerter, E., Djackov, M., Sadeghi, A.R.: A demonstrative ad hoc attestation system. In: Wu, T.C., Lei, C.L., Rijmen, V., Lee D.T. (eds.) Information Security. Lecture Notes in Computer Science, vol. 5222, pp. 17–30. Springer, Berlin/Heidelberg (2008). http://dx.doi.org/10.1007/978-3-540-85886-7_2
Bellare, M., Rogaway, P.: Optimal asymmetric encryption – how to encrypt with RSA. In: Santis A.D. (ed.) Eurocrypt 94 Proceedings, Perugia. Lecture Notes in Computer Science, vol. 950. Springer (1995). http://cseweb.ucsd.edu/~mihir/papers/oaep.html
Brett, A., Kuntze, N., Schmidt, A.: Trusted watermarks. In: IEEE International Symposium on Broadband Multimedia Systems and Broadcasting, 2009 (BMSB ’09), Bilbao, pp. 1–7 (2009)
Brett, A., Leicher, A.: Ethemba trusted host environment mainly based on attestation (2009). http://ethemba.novalyst.de/wordpress/wp-content/uploads/2009/11/ethemba1.pdf. Website accessed 15 Nov 2012
Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, Washington, DC, pp. 132–145. ACM (2004). doi:http://doi.acm.org/10.1145/1030083.1030103
Cabiddu, G., Cesena, E., Sassu, R., Vernizzi, D., Ramunno, G., Lioy, A.: The trusted platform agent. IEEE Softw. 28, 35–41 (2011). doi:http://doi.ieeecomputersociety.org/10.1109/MS.2010.160
Celesti, A., Salici, A., Villari, M., Puliafito, A.: A remote attestation approach for a secure virtual machine migration in federated cloud environments. In: 2011 First International Symposium on Network Cloud Computing and Applications (NCCA), Venice, pp. 99–106 (2011)
Challener, D., Yoder, K., Catherman, R., Safford, D., Doorn, L.V.: A Practical Guide to Trusted Computing, 1st edn. IBM Press, Upper Saddle River (2008). ISBN-13: 978-0132398428
Coppolino, L., Jäger, M., Kuntze, N., Rieke, R.: A trusted information agent for security information and event management. In: Proceedings of the Seventh International Conference on Systems, Saint Gilles (ICONS 2012). Think MInd (2012)
Dietrich, K.: Anonymous client authentication for transport layer security. In: De Decker, B., Schaumüller-Bichl I. (eds.) Communications and Multimedia Security. Lecture Notes in Computer Science, vol. 6109, pp. 268–280. Springer, Berlin/Heidelberg (2010). doi:10.1007/978-3-642-13241-4_24
Dietrich, K., Pirker, M., Vejda, T., Toegl, R., Winkler, T., Lipp, P.: A practical approach for establishing trust relationships between remote platforms using trusted computing. In: Barthe, G., Fournet, C. (eds.) Trustworthy Global Computing. Lecture Notes in Computer Science, vol. 4912, pp. 156–168. Springer, Berlin/New York (2008)
FABBRI, F.: Progetto e realizzazione di un protocollo di verifica dell’affidabilita’ di un terminale remoto (In Italian). Tesi di laurea specialistica, Università di Pisa (2007)
Gissing, M., Toegl, R., Pirker, M.: Management of integrity-enforced virtual applications. In: Lee, C., Seigneur, J.M., Park, J.J., Wagner, R.R. (eds.) Secure and Trust Computing, Data Management, and Applications. Communications in Computer and Information Science, vol. 187, pp. 138–145. Springer, Berlin/Heidelberg (2011). http://dx.doi.org/10.1007/978-3-642-22365-5_17
Global Industry Analysts Inc.: Embedded Systems: Market Research Report. http://marketpublishers.com/ (2013)
Gong, L., Mueller, M., Prafullch, H.: Going beyond the sandbox: an overview of the new security architecture in the java development kit 1.2. In: Proceedings of the USENIX Symposium on Internet Technologies and Systems, Monterey, pp. 103–112 (1997)
Google Inc.: Android OS. Available online at: http://www.android.com/ (2013)
Gosling, J., Joy, B., Steele, G., Bracha, G., Buckley, A.: The Java Language Specification Java SE 7 Edition. JSR 901 (2011). http://docs.oracle.com/javase/specs/index.html. Website accessed 2 Nov 2012
Hein, D.M., Toegl, R., Kraxberger, S.: An autonomous attestation token to secure mobile agents in disaster response. Secur. Commun. Netw. 3(5), 421–438 (2010). doi:10.1002/sec.196. http://dx.doi.org/10.1002/sec.196
Hermanowski, M., Tews, E.: Tpm4java. Currently only available through http://web.archive.org/web/20090510093615/http://tpm4java.datenzone.de/trac (2009). Website accessed 6 Nov 2012
Huh, J.H.: Trustworthy logging for virtual organisations. Ph.D. thesis, University of Oxford (2009)
IBM Corp.: Trousers – an open-source TCG software stack implementation. http://trousers.sourceforge.net/. Website accessed 30 Oct 2012
ISO: ISO/IEC 9899:2011 Information technology – Programming languages – C. International Organization for Standardization, Geneva (2011). http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=57853
Jang, J., Nepal, S., Zic, J.: A trust enhanced email application using trusted computing. In: Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing, 2009 (UIC-ATC ’09), Maiden, pp. 502–507 (2009)
Java Community Process: JCP procedures overview. http://jcp.org/en/procedures/overview. For JSR 321, version 2.6 applied. Website accessed 12 Nov 2012
Jianhong, Y., Xinguang, P.: Protocol for dynamic component-property attestation in trusted computing. In: 2010 Second International Conference on Networks Security Wireless Communications and Trusted Computing (NSWCTC), Wuhan, vol. 2, pp. 369–372 (2010)
Jonsson, J., Kaliski, B.: Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1. RFC 3447 (Informational) (2003). http://www.ietf.org/rfc/rfc3447.txt
Khattak, Z., Sulaiman, S., Manan, J.: Security, trust and privacy (stp) framework for federated single sign-on environment. In: 2011 International Conference on Information Technology and Multimedia (ICIM), Kuala Lumpur, pp. 1–6 (2011)
Kinney, S.: Trusted Platform Module Basics: Using TPM in Embedded Systems, 1st edn. Newnes, Oxford (2006). ISBN 13:978-0-7506-7960-2
Korn, R., Kuntze, N., Repp, J.: Performance evaluation in trust enhanced decentralised content distribution networks. In: 2011 IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR), Naples, pp. 1–6 (2011)
Leach, P., Mealling, M., Salz, R.: A Universally Unique IDentifier (UUID) URN Namespace. RFC 4122 (Proposed Standard) (2005). http://www.ietf.org/rfc/rfc4122.txt
Lindholm, T., Yellin, F., Bracha, G., Buckley, A.: The Java Virtual Machine Specification Java SE 7 Edition. JSR 924 (2011). http://docs.oracle.com/javase/specs/index.html. Website accessed 2 Nov 2012
Lipp, P., Farmer, J., Bratko, D., Platzer, W., Sterbenz, A.: Sicherheit und Kryptographie in Java (In German). Addison-Wesley, München/Boston (2000). ISBN 3827315670
Lyle, J.: Trustworthy services through attestation. Ph.D. thesis, University of Oxford (2009)
Lyle, J., Martin, A.: On the feasibility of remote attestation for web services. In: Proceedings of the 2009 International Conference on Computational Science and Engineering, Vancouver, vol. 03, pp. 283–288. IEEE Computer Society (2009). doi:10.1109/CSE.2009.213
Microsoft: TPM Base Services. Microsoft Developer Network. http://msdn.microsoft.com/en-us/library/aa446796(VS.85).aspx. Website accessed 30 Oct 2012.
Microsoft Developer Network: Overview of the.net framework. http://msdn.microsoft.com/en-us/library/zw4w595w.aspx. Website accessed 1 Nov 2012
NXP semiconductors: I2C-Bus Specification and User Manual (2012). Available online at: http://www.nxp.com/documents/user_manual/UM10204.pdf
Open_TC Consortium: The Open Trusted Computing Project (Open_TC) (2005–2009). Currently available only through http://web.archive.org/web/20110723233118/http://www.opentc.net/. Archived website accessed 30 Oct 2012.
Oracle: About Java (2012). http://www.java.com/en/about/. Website accessed 14 Nov 2012
Parno, B., Lorch, J., Douceur, J., Mickens, J., McCune, J.: Memoir: practical state continuity for protected modules. In: 2011 IEEE Symposium on Security and Privacy (SP), Berkeley, pp. 379–394 (2011)
Parno, B., McCune, J.M., Perrig, A.: Bootstrapping Trust in Modern Computers. Springer, New York (2011)
Pirker, M., Toegl, R., Hein, D., Danner, P.: A PrivacyCA for anonymity and trust. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Proceedings of the 2nd International Conference on Trusted Computing (TRUST 2009), Oxford. Lecture Notes in Computer Science, vol. 5471, pp. 101–119. Springer, Berlin/Heidelberg (2009)
Pirker, M., Toegl, R., Winkler, T., Vejda, T.: Trusted computing for the JavaTMplatform (2009). http://trustedjava.sourceforge.net/. Website accessed 29 Jan 2013
Pirker, M., Winter, J., Toegl, R.: Lightweight distributed heterogeneous attested android clouds. In: Katzenbeisser, S., Weippl, E., Camp, L., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust and Trustworthy Computing. Lecture Notes in Computer Science, vol. 7344, pp. 122–141. Springer, Berlin/Heidelberg (2012). http://dx.doi.org/10.1007/978-3-642-30921-2_8.
Pozo, R., Miller, B.: SciMark 2.0(2000). http://math.nist.gov/scimark2/.
Ravi, S., Raghunathan, A., Kocher, P., Hattangady, S.: Security in embedded systems: design challenges. ACM Trans. Embed. Comput. Syst. 3(3), 461–491 (2004). doi:10.1145/1015047.1015049
Reiter, A., Neubauer, G., Kapfenberger, M., Winter, J., Dietrich, K.: Seamless integration of trusted computing into standard cryptographic frameworks. In: Proceedings of the Second International Conference on Trusted Systems, Beijing, pp. 1–25. Springer (2011). doi:10.1007/978-3-642-25283-9_1
RSA Laboratories: PKCS #11 v2.20: Cryptographic Token Interface Standard. RSA Security Inc. Public-Key Cryptography Standards (PKCS) (2004). ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf Website accessed 29 Jan 2013
Sarmenta, L., van Dijk, M., O’Donnell, C., Rhodes, J., Devadas, S.: Virtual monotonic counters and count-limited objects using a TPM without a trusted OS. In: Proceedings of the First ACM Workshop on Scalable Trusted Computing (STC ’06), Alexandria, 1-59593-548-7, pp. 27–42. ACM (2006). doi:http://doi.acm.org/10.1145/1179474.1179485
Sarmenta, L., Rhodes, J., Müller, T.: TPM/J Java-based API for the trusted platform module (2007). http://projects.csail.mit.edu/tc/tpmj/. Website accessed 30 Oct 2012
Schlüter, M.: Realisierung einer mobilen, vertrauenswürdigen GeschÃd’ftsplattform auf Basis von Trusted Computing zur gesicherten Datenerfassung (In German). Master’s thesis, Technischen Hochschule Mittelhessen (2012).
Schnepp, I., Panenka, S., Richard-Foy, M.: JSR321 feed-back from TECOM-FP7’s implementation. Technical report, Atego (2010). Review 2.1
Selhorst, M., Stueble, C., Teerkorn, F.: TSS Study. Study on behalf of the german federal office for information security (BSI), Sirrix AG security technologies (2008). http://www.sirrix.com/media/downloads/57653.pdf,download. Website accessed 1 Nov 2012.
Shim, R., Mainelli, T., O’Donnell, B., Chute, C., Pulskamp, F., Rau, S.: Worldwide interfaces and technologies embedded in PCs 2010–2014 forecast. Technical report, IDC (2010)
Strasser, M., Stamer, H.: A software-based trusted platform module emulator. In: Lipp, P., Sadeghi, A.R., Koch, K.M. (eds.) Trusted Computing – Challenges and Applications. Lecture Notes in Computer Science, vol. 4968, pp. 33–47. Springer, Berlin/Heidelberg (2008). http://dx.doi.org/10.1007/978-3-540-68979-9_3
Stueble, C., Zaerin, A.: μ TSS – a simplified trusted software stack. In: Proceedings of the 3rd International Conference on Trust and Trustworthy Computing (TRUST 2010), Berlin. Lecture Notes in Computer Science, vol. 6101. Springer (2010)
Stueble, C., Zaerin, A.: μ TSS – a simplified trusted software stack. Technical report, Sirrix AG (2010)
Stumpf, F., Tafreschi, O., Röder, P., Eckert, C.: A robust integrity reporting protocol for remote attestation. In: Proceedings of the Second Workshop on Advances in Trusted Computing (WATC’06 Fall), Tokyo, Japan (2006). http://www.research.ibm.com/trl/projects/watc/FredericStumpfPaper.pdf
Tanveer, T., Alam, M., Nauman, M.: Scalable remote attestation with privacy protection. In: Chen, L., Yung, M. (eds.) Trusted Systems. Lecture Notes in Computer Science, vol. 6163, pp. 73–87. Springer, Berlin/Heidelberg (2010). http://dx.doi.org/10.1007/978-3-642-14597-1_5
TECOM Consortium: Trusted Embedded Computing project (TECOM) (2008–2010). Currently available only through http://web.archive.org/web/20100625044259/http://www.tecom-project.eu/. Website accessed 9 Nov 2012
Petazzoni, T. Opdenacker, M.: Java in embedded linux systems (2009). http://free-electrons.com/doc/embedded_linux_java.pdf
Toegl, R.: Tagging the turtle: local attestation for kiosk computing. In: Park, J.H., Chen, H.H., Atiquzzaman, M., Lee, C., Kim, T.H., Yeo, S.S. (eds.) Advances in Information Security and Assurance. Lecture Notes in Computer Science, vol. 5576, pp. 60–69. Springer, Berlin/Heidelberg (2009). doi:http://dx.doi.org/10.1007/978-3-642-02617-1_7
Toegl, R., Hutter, M.: An approach to introducing locality in remote attestation using near field communications. J. Supercomput. 55(2), 207–227 (2011). doi:10.1007/s11227-010-0407-1. http://dx.doi.org/10.1007/s11227-010-0407-1
Toegl, R., Lipp, P., Nisewanger, J., Rao, D.D., Winkler, T., Keil, W., Hong, T., Nauman, M., Gungoren, B., Graf, K.M.: JSR321 Trusted Computing API for Java. Java Community Process Specification Final Release http://jcp.org/en/jsr/detail?id=321 (2011). Java Specification Request # 321. Website accessed 31 Oct 2012
Toegl, R., Pirker, M.: An ongoing game of tetris: integrating trusted computing in java, block-by-block. In: Gawrock, D., Reimer, H., Sadeghi, A.R., Vishik, C. (eds.) Future of Trust in Computing, pp. 60–67. Vieweg+Teubner, Wiesbaden (2009). http://dx.doi.org/10.1007/978-3-8348-9324-6_7
Toegl, R., Pirker, M., Gissing, M.: acTvSM: a dynamic virtualization platform for enforcement of application integrity. In: Chen, L., Yung, M. (eds.) Trusted Systems. Lecture Notes in Computer Science, vol. 6802, pp. 326–345. Springer, Berlin/Heidelberg (2011). http://dx.doi.org/10.1007/978-3-642-25283-9_22
Toegl, R., Winkler, T., Nauman, M., Hong, T.W.: Specification and standardization of a java trusted computing api. Softw. Pract. Exp. 42(8), 945–965 (2012). http://dx.doi.org/10.1002/spe.1095
Toegl, R., Winkler, T., Pirker, M., Steurer, M., Stoegbuchner, R.: IAIK Java TCG Software Stack – jTSS API Tutorial (2011). http://trustedjava.sf.net. Website accessed 14 Nov 2012
Trusted Computing Group: TCG Software Stack (TSS) Specification Version 1.2 Level 1 Errata A (2007). http://www.trustedcomputinggroup.org/resources/tcg_software_stack_tss_specification. Website accessed 29 Jan 2013
Trusted Computing Group: TCG PC Client Specific TPM Interface Specification (TIS) specification version 1.21 revision 1.00 (2011). http://www.trustedcomputinggroup.org/resources/pc_client_work_group_pc_client_specific_tpm_interface_specification_tis. URL http://www.trustedcomputinggroup.org. Website accessed 29 Jan 2013
Trusted Computing Group: TCG TPM specification version 1.2 revision 116 (2011). http://www.trustedcomputinggroup.org/resources/tpm_main_specification. Website accessed 29 Jan 2013
Trusted Computing Group: Trusted Platform Module Library part 1: Architecture – Familiy “2.0” Level 00 Revision 00.96 (2013). http://www.trustedcomputinggroup.org/resources/tpm_main_specification. Website accessed 1 July 2013
UBM Tech: 2013 embedded market study (2013). http://e.ubmelectronics.com/2013EmbeddedStudy/index.html
W3C XML Protocol Working Group: SOAP Version 1.2 Part 1: Messaging Framework. W3C Recommendation, W3C (2007). http://www.w3.org/TR/soap12-part1/
Weiser, S., Tögl, R., Winter, J.: Measured firmware deployment for embedded microcontroller platforms. In: MeSeCCS Proceedings, Lisbon. SCITEPRESS (2014)
Winter, J., Dietrich, K.: A hijacker’s guide to communication interfaces of the trusted platform module. Comput. Math. Appl. 65(5), 748–761 (2013). http://www.sciencedirect.com/science/article/pii/S0898122112004634
Xingkui, W., Xinguang, P.: The trusted computing environment construction based on jtss. In: 2011 International Conference on Mechatronic Science, Electric Engineering and Computer (MEC), Jilin, pp. 2252–2256 (2011)
Xinguang, P., Wei, J.: Filter-based trusted remote attestation for web services. In: 2010 3rd IEEE International Conference on Computer Science and Information Technology (ICCSIT), Beijing, vol. 3, pp. 5–9 (2010). doi:10.1109/ICCSIT.2010.5564906
Yan, J., Peng, X.: Security strategy of DRM based on trusted computing. J. Comput. Inf. Syst. 9(7), 3226–3234 (2011)
Zic, J., Nepal, S.: Implementing a portable trusted environment. In: Gawrock, D., Reimer, H., Sadeghi, A.R., Vishik, C. (eds.) Future of Trust in Computing, pp. 17–29. Vieweg+Teubner, Wiesbaden (2009). http://dx.doi.org/10.1007/978-3-8348-9324-6_2
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Toegl, R., Winkler, T., Nauman, M., Hong, T.W., Winter, J., Gissing, M. (2015). Programming Interfaces for the TPM. In: Candaele, B., Soudris, D., Anagnostopoulos, I. (eds) Trusted Computing for Embedded Systems. Springer, Cham. https://doi.org/10.1007/978-3-319-09420-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-09420-5_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-09419-9
Online ISBN: 978-3-319-09420-5
eBook Packages: EngineeringEngineering (R0)