Skip to main content
SpringerLink
Log in

The theory and practice in the evolution of trusted computing

  • Review
  • Computer Science & Technology
  • Published:
Chinese Science Bulletin

Abstract

Trusted computing (TC) is an emerging technology to enhance the security of various computing platforms by a dedicated secure chip (TPM/TCM), which is widely accepted by both the industrial and academic world. This paper attempts to sketch the evolution of TC from the view of our theoretical and engineering work. In theory, we focus on protocol design and security analysis. We have proposed the first ECDAA protocol scheme based on q-SDH assumption, which highlights a new way to design direct anonymous attestation scheme. In technical evolution, we discuss the key technologies of trust chain, trusted network connection and TC testing and evaluation. We break through several key technologies such as trusted boot, OS measurement and remote attestation, and implement a TC system from TPM/TCM to network. We also design and implement a testing and evaluation system of TC platform, which is the first one put into practical application in China. Finally, with the rapid development of cloud computing and mobile applications, TC is moving toward some new directions, such as the trust in cloud and mobile environments, new TPM standard, and flexible trust execution environment trust establishment method.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

References

  1. Common Criteria Project Sponsoring Organisation (1999) Common criteria for information technology security evaluation. ISO/IEC international stan 15408 ver 2.1. Common Criteria Project Sponsoring Organisation, Genevese

  2. Avizienis A, Laprie J-C, Randell B et al (2004) Basic concepts and taxonomy of dependable and secure computing. IEEE Trans Dependable Secur 1:11–33

    Article  Google Scholar 

  3. Trusted Computing Group (2003) TCG specification architecture overview, ver 1.2. https://www.trustedcomputinggroup.org

  4. Feng D (2013) Trusted computing—theory and practise. Beijing Tsinghua University Press, Beijing (in Chinese)

    Google Scholar 

  5. China National Information Security Standardization Technology Committee (2013) Functionality and interface specification of cryptographic support platform for trusted computing. GB/T 29829-2013 (in Chinese)

  6. Chen L, Li J (2013) Flexible and scalable digital signatures in TPM 2.0. In: Proceedings of the 2013 ACM SIGSAC conference on computer and communications security (ACM-CCS), pp 37–48

  7. Brickell E, Camenisch J, Chen L (2004) Direct anonymous attestation. In: Proceedings of the 11th ACM conference on computer and communications security, pp 132–145

  8. Ge H, Tate SR (2007) A direct anonymous attestation scheme for embedded devices. In: Proceedings of the 10th international conference on practice and theory in public-key cryptography, pp 16–30

  9. Brickell E, Chen L, Li J (2008) A new direct anonymous attestation scheme from bilinear maps. In: Lipp P, Sadeghi AR, Koch KM (eds) Trusted computing—challenges and applications, Springer, Berlin, pp 166–178

  10. Brickell E, Chen L, Li J (2009) Simplified security notions of direct anonymous attestation and a concrete scheme from pairings. Int J Inf Secur 8:315–330

    Article  Google Scholar 

  11. Chen L, Morrissey P, Smart NP (2009) DAA: fixing the pairing based protocols. IACR Cryptol ePrint Arch 2009:198

    Google Scholar 

  12. Chen L, Page D, Smart NP (2010) On the design and implementation of an efficient DAA scheme. In: Proceedings of the 9th IFIP WG 8.8/11.2 international conference on smart card research and advanced application, pp 223–237

  13. Chen X, Feng D (2008) Direct anonymous attestation for next generation TPM. J Comput 3:8

    Google Scholar 

  14. Chen L (2010) A DAA scheme requiring less TPM resources. In: Proceedings of the 5th international conference on information security and cryptology, pp 350–365

  15. Brickell E, Li J (2010) A pairing-based DAA scheme further reducing TPM resources. In: Proceedings of the 3rd international conference on trust and trustworthy computing, pp 181–195

  16. Lin AH (2005) Automated analysis of security APIs. Master Thesis, Massachusetts Institute of Technology

  17. Gurgens S, Rudolph C, Scheuermann D et al (2007) Security evaluation of scenarios based on the TCG’s TPM specification. In: Proceedings of 12th European symposium on research in computer security (ESORICS), pp 438–453

  18. Delaune S, Kremer S, Ryan MD et al (2011) A formal analysis of authentication in the TPM. In: Proceedings of 7th international workshop on formal aspects of security and trust (FAST), pp 111–125

  19. Bruschi D, Cavallaro L, Lanzi A (2005) Replay attack in TCG specification and solution. In: Proceedings of 21st annual computer security applications conference (ACSAC), pp 127–137

  20. Chen L, Ryan M (2008) Offline dictionary attack on TCG TPM weak authorisation data. In: Proceedings of the first international conference future of trust in computing, pp 193–196

  21. Chen L, Ryan M (2010) Attack, solution and verification for shared authorisation data in TCG TPM. In: Proceedings of 6th international workshop on formal aspects of security and trust (FAST), pp 201–216

  22. Backes M, Maffei M, Unruh D (2008) Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In: Proceedings of the 2008 IEEE symposium on security and privacy, pp 202–215

  23. Smyth B, Ryan MD, Chen L (2012) Formal analysis of privacy in direct anonymous attestation schemes. IACR Cryptol ePrint Arch 2012:650

    Google Scholar 

  24. Brickell E, Chen L, Li J (2012) A static diffie-hellman attack on several direct anonymous attestation schemes. In: Mitchell CJ, Tomlinson A (eds) Trusted systems. Springer, Berlin, pp 95–111

  25. Datta A, Franklin J, Garg D et al (2009) A logic of secure systems and its application to trusted computing. In: Proceedings of the 2009 30th IEEE symposium on security and privacy, pp 221–236

  26. Delaune S, Kremer S, Ryan M et al (2010) Formal analysis of protocols based on TPM state registers. In: Proceedings of the 2011 IEEE 24th computer security foundations symposium, pp 66–80

  27. Qin Y, Zhao S, Zhang Q (2012) Formal analysis of trusted platform module commands for compromising user key. China Commun 9:91–102

    Google Scholar 

  28. Chang D, Feng D, Qin Y et al (2012) Analyzing the trust chain of trusted virtualization platform based on the extended LS^2. J Commun 2013:31–41

    Google Scholar 

  29. Qin Y, Chu X, Feng D et al (2012) DAA protocol analysis and verification. In: Chen LQ, Yung M , Zhu LH (eds) Trusted systems. Springer, Berlin, pp 338–350

  30. Shao J, Feng D, Qin Y (2013) Type-based analysis of protected storage in the TPM. In: Proceedings of the 15th international conference on information and communications security, pp 135–150

  31. State Cryptography Administration Office (2012) Trusted computing—interface specification of trusted cryptography module. GM/T 0012-2012 (in Chinese)

  32. China National Information Security Standardization Technology Committee (2012) Trusted computing—trusted cryptography module interface compliance. GM/T 0013-2012 (in Chinese)

  33. China National Information Security Standardization Technology Committee (2013) Trusted computing specification—motherboard function and interface of trusted platform. GB/T 29827-2013 (in Chinese)

  34. Parno B, McCune J M, Perrig A (2010) Bootstrapping trust in commodity computers. In: Proceedings of the 2010 IEEE symposium on security and privacy (S&P), pp 414–429

  35. Berger S, Cceres R, Goldman K A et al (2006) vTPM: virtualizing the trusted platform module. In: Proceedings of the 15th conference on USENIX security symposium (Security), pp 305–320

  36. England P, Loeser J (2008) Para-virtualized TPM sharing. In: Proceedings of the first international conference on trusted computing and trust in information technologies, pp 119–132

  37. Goldman KA, Berger S (2008) TPM main part 3—IBM commands. http://domino.research.ibm.com/

  38. TCG Mobile Phone Working Group (2010) TCG mobile trusted module specification. ver 1.0, revision 7.02

  39. Feng W, Feng D, Wei G et al (2013) TEEM: a user-oriented trusted mobile device for multi-platform security applications. In: Proceedings of the 6th international conference on trust and trustworthy computing (Trust), pp 133–141

  40. Feng W, Qin Y, Feng D et al (2013) Mobile trusted agent (MTA): build user-based trust for general-purpose computer platform. In: Proceedings of 7th international conference on network and system security (NSS), pp 307–320

  41. ARM Limited (2009) ARM security technology: building a secure system using trustzone technology. ARM technical white paper

  42. Chen C, Raj H, Saroiu S et al (2014) cTPM: a cloud TPM for cross-device trusted applications. In: Proceedings of the 11th USENIX conference on networked systems design and implementation, pp 187–201

  43. TCG Trusted Network Connect (2009) TNC architecture for interoperability, ver 1.4, revision 4. http://www.trustedcomputinggroup.org/developers/trusted_network_connect.specification

  44. China National Information Security Standardization Technology Committee (2013) Trusted computing specification—trusted connect architecture. GB/T 29828-2013 (in Chinese)

  45. Cisco. Home of network cisco admission control. http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gt_nac.html

  46. Microsoft. Home of microsoft network access protection. http://technet.microsoft.com/en-us/network/bb545879.aspx

  47. Sangster P, Khosravi H, Mani M et al (2008) Network endpoint assessment (NEA): overview and requirements, RFC 5209

  48. Sadeghi AR, Selhorst M, Stble C et al (2006) TCG inside? A note on TPM specification compliance. In: Proceedings of the first ACM workshop on scalable trusted computing, pp 47–56

  49. Chen X (2009) The formal analysis and testing of trusted platform module. Chin J Comput 32:27–34 (in Chinese)

    Google Scholar 

  50. Li H, Hu H, Chen X (2009) Research on compliant testing method of trusted cryptography module. Chin J Comput 32:1–10 (in Chinese)

    Article  Google Scholar 

Download references

Acknowledgments

The work was supported by the National Basic Research Program of China (2013CB338003) and the National Natural Science Foundation of China (91118006 and 61202414).

Author information

Authors and Affiliations

  1. Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing, 100190, China

    Dengguo Feng, Yu Qin, Wei Feng & Jianxiong Shao

  2. State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing, 100190, China

    Dengguo Feng

Authors
  1. Dengguo Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yu Qin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wei Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jianxiong Shao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dengguo Feng.

Additional information

SPECIAL TOPIC: Network and Information Security

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Feng, D., Qin, Y., Feng, W. et al. The theory and practice in the evolution of trusted computing. Chin. Sci. Bull. 59, 4173–4189 (2014). https://doi.org/10.1007/s11434-014-0578-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11434-014-0578-x

Keywords

Search

Navigation