Revocation of TPM Keys

  • Stefan Katzenbeisser
  • Klaus Kursawe
  • Frederic Stumpf
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5471)


A Trusted Platform Module (TPM) offers a number of basic security services which can be used to build complex trusted applications. One of the main functionalities of a TPM is the provision of a protected storage, including access management for cryptographic keys. To allow for scalability in spite of the resource constraints of the TPM, keys are not stored inside the TPM, but in encrypted form on external, untrusted storage. This has the consequence that the actual key storage is not under control of the TPM, and it is therefore not possible to revoke individual keys. In this paper we introduce two basic methods to implement key revocation without major changes to the TPM command set, and without inhibiting backwards compatibility with the current specification. Our methods introduce no overhead for normal operation, and a reasonable small effort for managing revocable keys.


Trusted Platform Module Command Input Hash Chain Trust Computing Group Direct Anonymous Attestation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Brickell, E.F., Camenisch, J., Chen, L.: Direct anonymous attestation. In: ACM Conference on Computer and Communications Security, pp. 132–145 (2004)Google Scholar
  2. 2.
    Kühn, U., Kursawe, K., Lucks, S., Sadeghi, A.-R., Stüble, C.: Secure data management in trusted computing. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 324–338. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Maheshwari, U., Vingralek, R., Shapiro, W.: How to build a trusted database system on untrusted storage. In: OSDI 2000 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation, Berkeley, CA, USA, p. 10. USENIX Association (2000)Google Scholar
  4. 4.
    Naor, M., Nissim, K.: Certificate revocation and certificate update. In: Proceedings of the 7th USENIX Security Symposium, pp. 217–228 (1998)Google Scholar
  5. 5.
    Sarmenta, L.F.G., van Dijk, M., O’Donnell, C.W., Rhodes, J., Devadas, S.: Virtual monotonic counters and count-limited objects using a tpm without a trusted os. In: STC 2006: Proceedings of the first ACM workshop on Scalable trusted computing, pp. 27–42. ACM, New York (2006)CrossRefGoogle Scholar
  6. 6.
    Trusted Computing Group. TCG TPM Specification Version 1.2 Revision 103, TPM Main Part 2 TPM Structures. Technical report, TCG (July 2007)Google Scholar
  7. 7.
    Trusted Computing Group. TCG TPM Specification Version 1.2 Revision 103, TPM Main Part 1 Design Principles. Technical report, TCG (July 2007)Google Scholar
  8. 8.
    Trusted Computing Group. TCG TPM Specification Version 1.2 Revision 103, TPM Main Part 3 Command. Technical report, TCG (July 2007)Google Scholar
  9. 9.
    Trusted Computing Group. Trusted Platform Module (TPM) specifications. Technical report (2008),
  10. 10.
    Xiao, Y., Rayi, V.K., Sun, B., Du, X., Hu, F., Galloway, M.: A survey of key management schemes in wireless sensor networks. Comput. Commun. 30(11-12), 2314–2341 (2007)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Stefan Katzenbeisser
    • 1
  • Klaus Kursawe
    • 2
  • Frederic Stumpf
    • 3
  1. 1.Security Engineering GroupTechnische Universität DarmstadtDarmstadtGermany
  2. 2.Information and System Security GroupPhilips Research EuropeEindhovenThe Netherlands
  3. 3.Research Group IT-SecurityTechnische Universität DarmstadtDarmstadtGermany

Personalised recommendations