Advertisement

Using TPM Secure Storage in Trusted High Availability Systems

  • Martin Hell
  • Linus Karlsson
  • Ben Smeets
  • Jelena Mirosavljevic
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9473)

Abstract

We consider the problem of providing trusted computing functionality in high availability systems. We consider the case where data is required to be encrypted with a TPM protected key. For redundancy, and to facilitate high availability, the same TPM key is stored in multiple computational units, each one ready to take over if the main unit breaks down. This requires the TPM key to be migratable. We show how such systems can be realized using the secure storage of the TPM. Hundreds of millions TPM 1.2 chips have been shipped but with the recent introduction of TPM 2.0, more manufacturers are expected to start shipping this newer TPM. Thus, a migration from TPM 1.2 to TPM 2.0 will likely be seen in the next few years. To address this issue, we also provide an API that allows a smooth upgrade from TPM 1.2 to TPM 2.0 without having to redesign the communication protocol involving the different entities. The API has been implemented for both TPM 1.2 and TPM 2.0.

Keywords

Trusted computing TPM Migration Certifiable migration key Secure storage 

Notes

Acknowledgments

The authors would like to thank the anonymous reviewers for their valuable comments.

References

  1. 1.
    Aslam, M., Gehrmann, C., Bjorkman, M.: Security and trust preserving VM migrations in public clouds. In: Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 869–876, June 2012Google Scholar
  2. 2.
    Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: Virtualizing the trusted platform module. In: Proceedings of the 15th Conference on USENIX Security Symposium, USENIX-SS 2006, vol. 15. USENIX Association, Berkeley (2006). http://dl.acm.org/citation.cfm?id=1267336.1267357
  3. 3.
    England, P., Loeser, J.: Para-virtualized TPM sharing. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 119–132. Springer, Heidelberg (2008). http://dx.doi.org/10.1007/978-3-540-68979-9_9 CrossRefGoogle Scholar
  4. 4.
    Gu, L., Ding, X., Deng, R.H., Xie, B., Mei, H.: Remote attestation on program execution. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, STC 2008, pp. 11–20. ACM, New York (2008). http://doi.acm.org/10.1145/1456455.1456458
  5. 5.
    Guette, G., Bryce, C.: Using TPMs to secure vehicular ad-hoc networks (VANETs). In: Onieva, J.A., Sauveron, D., Chaumette, S., Gollmann, D., Markantonakis, K. (eds.) WISTP 2008. LNCS, vol. 5019, pp. 106–116. Springer, Heidelberg (2008)Google Scholar
  6. 6.
    Hutter, M., Toegl, R.: A trusted platform module for near field communication. In: 2010 Fifth International Conference on Systems and Networks Communications (ICSNC), pp. 136–141 (2010)Google Scholar
  7. 7.
    IBM: IBM’s software trusted platform module. http://ibmswtpm.sourceforge.net/
  8. 8.
    Kang, D.W., Jun, S.I., Lee, I.Y.: A study on migration scheme for a mobile trusted module. In: 11th International Conference on Advanced Communication Technology, 2009, ICACT 2009, vol. 3, pp. 1672–1677 (2009)Google Scholar
  9. 9.
    Microsoft: The TPM software stack from Microsoft research. https://tpm2lib.codeplex.com/
  10. 10.
  11. 11.
    Mubarak, M., Manan, J., Yahya, S.: Mutual attestation using TPM for trusted RFID protocol. In: Network Applications Protocols and Services (NETAPPS), pp. 153–158 (2010)Google Scholar
  12. 12.
    Nauman, M., Khan, S., Zhang, X., Seifert, J.-P.: Beyond kernel-level integrity measurement: enabling remote attestation for the android platform. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) TRUST 2010. LNCS, vol. 6101, pp. 1–15. Springer, Heidelberg (2010). http://dx.doi.org/10.1007/978-3-642-13869-0_1 CrossRefGoogle Scholar
  13. 13.
    Sadeghi, A.-R., Stüble, C., Winandy, M.: Property-based TPM virtualization. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 1–16. Springer, Heidelberg (2008). http://dx.doi.org/10.1007/978-3-540-85886-7_1 CrossRefGoogle Scholar
  14. 14.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th Conference on USENIX Security Symposium, SSYM 2004, vol. 13, p. 16. USENIX Association, Berkeley (2004). http://dl.acm.org/citation.cfm?id=1251375.1251391
  15. 15.
    Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the 2009 conference on Hot topics in cloud computing. USENIX Association (2009)Google Scholar
  16. 16.
    Trusted Computing Group: TPM main specification, Version 1.2, Revision 116, March 2011Google Scholar
  17. 17.
    Trusted Computing Group: Trusted Platform Module Library Specification, Family “2.0”, Level 00, Revision 01.07, March 2014Google Scholar
  18. 18.
    Wagan, A., Mughal, B., Hasbullah, H.: VANET security framework for trusted grouping using TPM hardware. In: Communication Software and Networks, 2010, ICCSN 2010, pp. 309–312 (2010)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Martin Hell
    • 1
  • Linus Karlsson
    • 1
  • Ben Smeets
    • 2
  • Jelena Mirosavljevic
    • 1
  1. 1.Department of Electrical and Information TechnologyLund UniversityLundSweden
  2. 2.Ericsson Research, SecurityLundSweden

Personalised recommendations