Science China Information Sciences

, Volume 53, Issue 3, pp 454–464 | Cite as

A property-based attestation protocol for TCM

Research Papers

Abstract

This paper presents a property attestation protocol for the security chip TCM (trusted cryptographic module) via analyzing the problems of the current property attestation, which is built on the property attestation model with the online trust third party. In the protocol the prover utilizes the zero-knowledge proof by the attribute certificates, configuration commitment and TCM signature, and attests its configuration and status which are compliant with the declarative security property. The protocol is characterized by shorter signature length and lower computations. The security of the protocol is proved at the random oracle model. The protocol can help extend application and improve standard for security chip TCM, and it also has practical value and immediate significance.

Keywords

trust computing trust cryptographic module (TCM) property attestation signature of knowledge configuration commitment 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Trusted Computing Group. TPM Main Part 1, Design Principles Specification, Version 1.2 Revision 62[EB/OL]. [2003-10-2]. https://www.trustedcomputinggroup.org/home.
  2. 2.
    Trusted Computing Group. TCG Software Stack (TSS) Specification, Version 1.10[EB/OL]. [2003-8-20]. https://www.trusted-computinggroup.org.
  3. 3.
    Trusted Computing Group. TCG Glossary Specification, Revision 0.1[EB/OL]. [2004-7-22]. https://www.trustedcomputinggroup.org/home.
  4. 4.
    Sailer R, Zhang X L, Jaeger T, et al. Design and implementation of a TCG-based integrity measurement architecture. In: 13th Usenix Security Symposium. San Diego: USENIX Association, 2004. 16–16Google Scholar
  5. 5.
    Safford D, Zohar M. A Trusted Linux Clent (TLC). http://www.research.ibm.com/gsal/tcpa/tlc.pdf
  6. 6.
    Haldar V, Chandra D, Franz M. Semantic remote attestation: A virtual machine directed approach to trusted computing. In: Proceedings of USENIX Virtual Machine Research and Technology Symposium, Long Beach: California State University, 2004. 145–154Google Scholar
  7. 7.
    Seshadri A, Perrig A, Doorn L V, et al. SWATT: Software-based Attestation for embedded devices. In: Proceedings of the IEEE Security & Privacy Conference, Oakland: IEEE, 2004. 272–282CrossRefGoogle Scholar
  8. 8.
    Yoshihama S, Ebringer T, Nakamura M, et al. WS-Attestation: Efficient and fine-grained remote attestation on web services. In: Proceedings of International Conference on Web Services. Washington, DC: IEEE, 2005. 743–750CrossRefGoogle Scholar
  9. 9.
    Sadeghi A, Stüble C. Property-based attestation for computing platforms: caring about properties, not mechanisms. In: Proceedings of the 2004 Workshop on New Security Paradigms. Nova Scotia: ACM Press, 2004. 67–77Google Scholar
  10. 10.
    Poritz J, Schunter M, Herreweghen E V, et al. Property attestation—scalable and privacy-friendly security assessment of peer computers. IBM Research Report RZ 3548. 2004Google Scholar
  11. 11.
    Chen L Q, Landfermann R, Löhr H, et al. A protocol for property-based attestation. In: Proceedings of the first ACM workshop on Scalable trusted computing. New York: ACM Press, 2006. 7–16CrossRefGoogle Scholar
  12. 12.
    Chen L Q, Löhr H, Manulis M, et al. Property-based attestation without a trusted third party. In: Proceedings of the 11th International Conference on Information Security. LNCS, vol. 5222. Berlin: Springer-Verlag, 2008. 31–46Google Scholar
  13. 13.
    Kuehn U, Selhorst M, Stueble C. Realizing property-based attestation and sealing with commonly available hard- and software. In: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing. New York: ACM, 2007. 50–57CrossRefGoogle Scholar
  14. 14.
    China State Password Administration Committee. Functionality and Interface Specification of Cryptographic Supporting Platform for Trusted Computing, 2007. http://www.oscca.gov.cn
  15. 15.
    Camenisch J, Stadler M. Efficient group signature schemes for large groups. In: CAIP 1997. LNCS, vol. 1296. Heidelberg: Springer, 1997. 410–424Google Scholar
  16. 16.
    Boneh D, Franklin M. Identity-based encryption from the Weil pairing. In: Kilian J, ed. CRYPTO 2001. LNCS, vol. 2139. Heidelberg: Springer, 2001. 213–229CrossRefGoogle Scholar
  17. 17.
    Camenisch J, Lysyanskaya A. Signature schemes and anonymous credentials from bilinear maps. In: Franklin M, ed. CRYPTO 2004. LNCS, vol. 3152. Heidelberg: Springer, 2004. 56–72Google Scholar
  18. 18.
    Lysyanskaya A, Rivest R L, Sahai A, et al. Pseudonym systems. In: Heys H M, Adams C M, eds. SAC 1999. LNCS, vol. 1758. Heidelberg: Springer, 2000. 184–199Google Scholar
  19. 19.
    Pedersen T P. Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum J, ed. Advances in Cryptology-CRYPTO’ 91, LNCS, vol. 576. Berlin: Springer-Verlag, 1992. 129–140Google Scholar
  20. 20.
    Fiat A, Shamir A. How to prove ourself: Practical solution to identification and signature problems. In: Advances in Cryptology-Crypto’86. LNCS 263. London: Springer-Verlag, 1987. 186–199Google Scholar
  21. 21.
    Bellare M, Rogaway P. Random oracles are practical: A paradigm for designing efficient protocols. In: Proceedings of the 1st CCS. New York: ACM Press, 1993. 62–73Google Scholar
  22. 22.
    NTL: A Library for doing Number Theory[EB/OL]. http://www.shoup.net/ntl
  23. 23.
    The Pairing-Based Cryptography Library[EB/OL]. http://crypto.stanford.edu/pbc/times.html
  24. 24.
    Miyaji A, Nakabayashi M, Takano S. New explicit conditions of elliptic curve traces for FRreduction. IEICE Trans, 2002, E85-A: 481–484Google Scholar

Copyright information

© Science in China Press and Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  1. 1.State Key Laboratory of Information Security, Institute of SoftwareChinese Academy of ScienceBeijingChina
  2. 2.National Engineering Research Center of Information SecurityBeijingChina

Personalised recommendations