Towards a Programmable TPM

  • Paul England
  • Talha Tariq
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5471)


We explore a new model for trusted computing in which an existing fixed-function Trusted Platform Module (TPM) is coupled with user application code running on a programmable smart card. We will show that with appropriate coupling the resulting system approximates a “field-programmable TPM.” A true field-programmable TPM would provide higher levels of security for user-functions that would otherwise need to execute in host software. Our coupling architecture supports many (but not all) of the security requirements and applications scenarios that you would expect of a programmable TPM, but has the advantage that it can be deployed using existing technology.

This paper describes our TPM-smart card coupling architecture and the services that we have prototyped. The services include: (1) An implementation of count-limited objects in which keys can only be used a preset number of times. (2) More flexible versions of the TPM Unseal and Unbind primitives that allow sealing to groups of equivalent configurations. And (3) a version of Quote that uses alternative signature formats and cryptography available within smart cards but not in the TPM itself.

We also describe the limitations of the coupling architecture and how some of the limitations could be overcome with a true programmable TPM.


Trusted Platforms Trusted Platform Module Smart Cards Secure Execution 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Trusted Computing Group TPM Specification Version 1.2 Revision 103 (2007),
  2. 2.
    England, P., Peinado, M.: Authenticated operation of open computing devices. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 346–361. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  3. 3.
    Sparks, E.R.: A Security Assesment of Trusted Platform Modules. Dartmouth College, Technical Report. TR2007-597Google Scholar
  4. 4.
    Halderman, J.A., et al.: Lest We Remember: Cold Boot Attacks on Encryption Keys. In: Proc. 2008 USENIX Security Symposium (2008)Google Scholar
  5. 5.
    Bruschi, D., et al.: Attacking a Trusted Computing Platform. Improving the Security of the TCG Specification. Technical Report. Università degli Studi di Milano. Milan (2005)Google Scholar
  6. 6.
    England, P.: Practical Techniques for Operating System Attestation. Proceedings of Trust (2008)Google Scholar
  7. 7.
    Costan, V., et al.: The Trusted Execution Module: Commodity General-Purpose Trusted Computing. In: Eighth Smart Card Research and Advanced Application ConferenceGoogle Scholar
  8. 8.
    Offline dictionary attack on TCG TPM weak authorisation data, and solution. In: Chen, L., Ryan, M.D., Grawrock, D., Reimer, H., Sadeghi, A., Vishik, C. (eds.): Future of Trust in Computing, Vieweg & Teubner, 2008 (2008)Google Scholar
  9. 9.
    Sarmenta, L.F., et al.: Virtual Monotonic Counters and Count-Limited Objects using a TPM without a Trusted OS (Extended Version), Mit Technical Report MIT-CSAIL-TR-2006-064 (2006)Google Scholar
  10. 10.
    George, P.: User Authentication with Smart Cards in Trusted Computing. In: Arabnia, H.R., Aissi, S., Mun, Y. (eds.) Security and Management, SAM 2004, pp. 25–31. CSREA Press, Las Vegas (2004)Google Scholar
  11. 11.
    Balacheff, B., et al.: A trusted process to digitally sign a document. In: Proceedings of the 2001 workshop on New security paradigms. pp. 79–86 (2001) 1-58113-457-6Google Scholar
  12. 12.
    Giraud, J.-L., Rousseau, L.: Trust Relations in a Digital Signature System Based on a Smart Card. In: Proceedings of 23rd National Information Systems Security Conference, BaltimoreGoogle Scholar
  13. 13.
    Costan, V.: The Trusted Execution Module Commodity General-Purpose Trusted Computing. In: The Eighth Smart Card Research and Advanced Application ConferenceGoogle Scholar
  14. 14.
    Grawrock, D.: The Intel Safer Computing Initiative: Building Blocks for Trusted Computing, 1st edn. Intel Press (2006) 0976483262Google Scholar
  15. 15.
    Kauer, B.: OSLO: Improving the Security of Trusted Computing. In: Proceedings of the 16th Usenix Security Symposium (2001)Google Scholar
  16. 16.
    McCune, J.M., et al.: Flicker: An Execution Infrastructure for TCB Minimization. In: Proceedings of the ACM European Conference on Computer Systems (EuroSys 2008) held in Glasgow (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Paul England
    • 1
  • Talha Tariq
    • 1
  1. 1.Microsoft CorporationRedmondUSA

Personalised recommendations