Abstract
Trusted computing (TC) is an emerging technology to enhance the security of various computing platforms by a dedicated secure chip (TPM/TCM), which is widely accepted by both the industrial and academic world. This paper attempts to sketch the evolution of TC from the view of our theoretical and engineering work. In theory, we focus on protocol design and security analysis. We have proposed the first ECDAA protocol scheme based on q-SDH assumption, which highlights a new way to design direct anonymous attestation scheme. In technical evolution, we discuss the key technologies of trust chain, trusted network connection and TC testing and evaluation. We break through several key technologies such as trusted boot, OS measurement and remote attestation, and implement a TC system from TPM/TCM to network. We also design and implement a testing and evaluation system of TC platform, which is the first one put into practical application in China. Finally, with the rapid development of cloud computing and mobile applications, TC is moving toward some new directions, such as the trust in cloud and mobile environments, new TPM standard, and flexible trust execution environment trust establishment method.
Similar content being viewed by others
References
Common Criteria Project Sponsoring Organisation (1999) Common criteria for information technology security evaluation. ISO/IEC international stan 15408 ver 2.1. Common Criteria Project Sponsoring Organisation, Genevese
Avizienis A, Laprie J-C, Randell B et al (2004) Basic concepts and taxonomy of dependable and secure computing. IEEE Trans Dependable Secur 1:11–33
Trusted Computing Group (2003) TCG specification architecture overview, ver 1.2. https://www.trustedcomputinggroup.org
Feng D (2013) Trusted computing—theory and practise. Beijing Tsinghua University Press, Beijing (in Chinese)
China National Information Security Standardization Technology Committee (2013) Functionality and interface specification of cryptographic support platform for trusted computing. GB/T 29829-2013 (in Chinese)
Chen L, Li J (2013) Flexible and scalable digital signatures in TPM 2.0. In: Proceedings of the 2013 ACM SIGSAC conference on computer and communications security (ACM-CCS), pp 37–48
Brickell E, Camenisch J, Chen L (2004) Direct anonymous attestation. In: Proceedings of the 11th ACM conference on computer and communications security, pp 132–145
Ge H, Tate SR (2007) A direct anonymous attestation scheme for embedded devices. In: Proceedings of the 10th international conference on practice and theory in public-key cryptography, pp 16–30
Brickell E, Chen L, Li J (2008) A new direct anonymous attestation scheme from bilinear maps. In: Lipp P, Sadeghi AR, Koch KM (eds) Trusted computing—challenges and applications, Springer, Berlin, pp 166–178
Brickell E, Chen L, Li J (2009) Simplified security notions of direct anonymous attestation and a concrete scheme from pairings. Int J Inf Secur 8:315–330
Chen L, Morrissey P, Smart NP (2009) DAA: fixing the pairing based protocols. IACR Cryptol ePrint Arch 2009:198
Chen L, Page D, Smart NP (2010) On the design and implementation of an efficient DAA scheme. In: Proceedings of the 9th IFIP WG 8.8/11.2 international conference on smart card research and advanced application, pp 223–237
Chen X, Feng D (2008) Direct anonymous attestation for next generation TPM. J Comput 3:8
Chen L (2010) A DAA scheme requiring less TPM resources. In: Proceedings of the 5th international conference on information security and cryptology, pp 350–365
Brickell E, Li J (2010) A pairing-based DAA scheme further reducing TPM resources. In: Proceedings of the 3rd international conference on trust and trustworthy computing, pp 181–195
Lin AH (2005) Automated analysis of security APIs. Master Thesis, Massachusetts Institute of Technology
Gurgens S, Rudolph C, Scheuermann D et al (2007) Security evaluation of scenarios based on the TCG’s TPM specification. In: Proceedings of 12th European symposium on research in computer security (ESORICS), pp 438–453
Delaune S, Kremer S, Ryan MD et al (2011) A formal analysis of authentication in the TPM. In: Proceedings of 7th international workshop on formal aspects of security and trust (FAST), pp 111–125
Bruschi D, Cavallaro L, Lanzi A (2005) Replay attack in TCG specification and solution. In: Proceedings of 21st annual computer security applications conference (ACSAC), pp 127–137
Chen L, Ryan M (2008) Offline dictionary attack on TCG TPM weak authorisation data. In: Proceedings of the first international conference future of trust in computing, pp 193–196
Chen L, Ryan M (2010) Attack, solution and verification for shared authorisation data in TCG TPM. In: Proceedings of 6th international workshop on formal aspects of security and trust (FAST), pp 201–216
Backes M, Maffei M, Unruh D (2008) Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In: Proceedings of the 2008 IEEE symposium on security and privacy, pp 202–215
Smyth B, Ryan MD, Chen L (2012) Formal analysis of privacy in direct anonymous attestation schemes. IACR Cryptol ePrint Arch 2012:650
Brickell E, Chen L, Li J (2012) A static diffie-hellman attack on several direct anonymous attestation schemes. In: Mitchell CJ, Tomlinson A (eds) Trusted systems. Springer, Berlin, pp 95–111
Datta A, Franklin J, Garg D et al (2009) A logic of secure systems and its application to trusted computing. In: Proceedings of the 2009 30th IEEE symposium on security and privacy, pp 221–236
Delaune S, Kremer S, Ryan M et al (2010) Formal analysis of protocols based on TPM state registers. In: Proceedings of the 2011 IEEE 24th computer security foundations symposium, pp 66–80
Qin Y, Zhao S, Zhang Q (2012) Formal analysis of trusted platform module commands for compromising user key. China Commun 9:91–102
Chang D, Feng D, Qin Y et al (2012) Analyzing the trust chain of trusted virtualization platform based on the extended LS^2. J Commun 2013:31–41
Qin Y, Chu X, Feng D et al (2012) DAA protocol analysis and verification. In: Chen LQ, Yung M , Zhu LH (eds) Trusted systems. Springer, Berlin, pp 338–350
Shao J, Feng D, Qin Y (2013) Type-based analysis of protected storage in the TPM. In: Proceedings of the 15th international conference on information and communications security, pp 135–150
State Cryptography Administration Office (2012) Trusted computing—interface specification of trusted cryptography module. GM/T 0012-2012 (in Chinese)
China National Information Security Standardization Technology Committee (2012) Trusted computing—trusted cryptography module interface compliance. GM/T 0013-2012 (in Chinese)
China National Information Security Standardization Technology Committee (2013) Trusted computing specification—motherboard function and interface of trusted platform. GB/T 29827-2013 (in Chinese)
Parno B, McCune J M, Perrig A (2010) Bootstrapping trust in commodity computers. In: Proceedings of the 2010 IEEE symposium on security and privacy (S&P), pp 414–429
Berger S, Cceres R, Goldman K A et al (2006) vTPM: virtualizing the trusted platform module. In: Proceedings of the 15th conference on USENIX security symposium (Security), pp 305–320
England P, Loeser J (2008) Para-virtualized TPM sharing. In: Proceedings of the first international conference on trusted computing and trust in information technologies, pp 119–132
Goldman KA, Berger S (2008) TPM main part 3—IBM commands. http://domino.research.ibm.com/
TCG Mobile Phone Working Group (2010) TCG mobile trusted module specification. ver 1.0, revision 7.02
Feng W, Feng D, Wei G et al (2013) TEEM: a user-oriented trusted mobile device for multi-platform security applications. In: Proceedings of the 6th international conference on trust and trustworthy computing (Trust), pp 133–141
Feng W, Qin Y, Feng D et al (2013) Mobile trusted agent (MTA): build user-based trust for general-purpose computer platform. In: Proceedings of 7th international conference on network and system security (NSS), pp 307–320
ARM Limited (2009) ARM security technology: building a secure system using trustzone technology. ARM technical white paper
Chen C, Raj H, Saroiu S et al (2014) cTPM: a cloud TPM for cross-device trusted applications. In: Proceedings of the 11th USENIX conference on networked systems design and implementation, pp 187–201
TCG Trusted Network Connect (2009) TNC architecture for interoperability, ver 1.4, revision 4. http://www.trustedcomputinggroup.org/developers/trusted_network_connect.specification
China National Information Security Standardization Technology Committee (2013) Trusted computing specification—trusted connect architecture. GB/T 29828-2013 (in Chinese)
Cisco. Home of network cisco admission control. http://www.cisco.com/en/US/docs/ios/12_3t/12_3t8/feature/guide/gt_nac.html
Microsoft. Home of microsoft network access protection. http://technet.microsoft.com/en-us/network/bb545879.aspx
Sangster P, Khosravi H, Mani M et al (2008) Network endpoint assessment (NEA): overview and requirements, RFC 5209
Sadeghi AR, Selhorst M, Stble C et al (2006) TCG inside? A note on TPM specification compliance. In: Proceedings of the first ACM workshop on scalable trusted computing, pp 47–56
Chen X (2009) The formal analysis and testing of trusted platform module. Chin J Comput 32:27–34 (in Chinese)
Li H, Hu H, Chen X (2009) Research on compliant testing method of trusted cryptography module. Chin J Comput 32:1–10 (in Chinese)
Acknowledgments
The work was supported by the National Basic Research Program of China (2013CB338003) and the National Natural Science Foundation of China (91118006 and 61202414).
Author information
Authors and Affiliations
Corresponding author
Additional information
SPECIAL TOPIC: Network and Information Security
About this article
Cite this article
Feng, D., Qin, Y., Feng, W. et al. The theory and practice in the evolution of trusted computing. Chin. Sci. Bull. 59, 4173–4189 (2014). https://doi.org/10.1007/s11434-014-0578-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11434-014-0578-x