A Formal Analysis of Authentication in the TPM

  • Stéphanie Delaune
  • Steve Kremer
  • Mark D. Ryan
  • Graham Steel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6561)


The Trusted Platform Module (TPM) is a hardware chip designed to enable computers to achieve a greater level of security than is possible in software alone. To this end, the TPM provides a way to store cryptographic keys and other sensitive data in its shielded memory. Through its API, one can use those keys to achieve some security goals. The TPM is a complex security component, whose specification consists of more than 700 pages.

We model a collection of four TPM commands, and we identify and formalise their security properties. Using the tool ProVerif, we rediscover some known attacks and some new variations on them. We propose modifications to the API and verify our properties for the modified API.


Security Protocol Security Property Trusted Platform Module User Process Security Goal 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proc. 28th Symposium on Principles of Programming Languages (POPL 2001), pp. 104–115. ACM Press, New York (2001)Google Scholar
  2. 2.
    Ables, K.: An attack on key delegation in the Trusted Platform Module (first semester mini-project in computer security). Master’s thesis, School of Computer Science, University of Birmingham (2009)Google Scholar
  3. 3.
    Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heám, P.C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Blanchet, B.: Automatic verification of correspondences for security protocols. Journal of Computer Security 17(4), 363–434 (2009)CrossRefGoogle Scholar
  5. 5.
    Bruschi, D., Cavallaro, L., Lanzi, A., Monga, M.: Replay attack in TCG specification and solution. In: Proc. 21st Annual Computer Security Applications Conference (ACSAC 2005), pp. 127–137. IEEE Computer Society, Los Alamitos (2005)Google Scholar
  6. 6.
    Chen, L., Ryan, M.: Attack, solution and verification for shared authorisation data in TCG TPM. In: Degano, P., Guttman, J.D. (eds.) FAST 2009. LNCS, vol. 5983, pp. 201–216. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  7. 7.
    Chen, L., Ryan, M.D.: Offline dictionary attack on TCG TPM weak authorisation data, and solution. In: Future of Trust in Computing, Vieweg & Teubner (2008)Google Scholar
  8. 8.
    Coker, G., Guttman, J., Loscocco, P., Herzog, A., Millen, J., O’Hanlon, B., Ramsdell, J., Segall, A., Sheehy, J., Sniffen, B.: Principles of remote attestation. International Journal of Information Security (2010) (to appear)Google Scholar
  9. 9.
    Datta, A., Franklin, J., Garg, D., Kaynar, D.: A logic of secure systems and its application to trusted computing. In: Proc. 30th IEEE Symposium on Security and Privacy (S&P 2009), pp. 221–236 (2009)Google Scholar
  10. 10.
    Fröschle, S., Steel, G.: Analysing PKCS#11 key management aPIs with unbounded fresh data. In: Degano, P., Viganò, L. (eds.) ARSPA-WITS 2009. LNCS, vol. 5511, pp. 92–106. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    Gasmi, Y., Sadeghi, A.-R., Stewin, P., Unger, M., Asokan, N.: Beyond secure channels. In: Scalable Trusted Computing (STC 2007), pp. 30–40 (November 2007)Google Scholar
  12. 12.
    Gürgens, S., Rudolph, C., Scheuermann, D., Atts, M., Plaga, R.: Security evaluation of scenarios based on the TCG’s TPM specification. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 438–453. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    ISO/IEC PAS DIS 11889: Information technology – Security techniques – Trusted Platform ModuleGoogle Scholar
  14. 14.
    Lin, A.H.: Automated Analysis of Security APIs. Master’s thesis, MIT (2005),
  15. 15.
    Sarmenta, L.: TPM/J developer’s guide. Massachussetts Institute of TechnologyGoogle Scholar
  16. 16.
    Trusted Computing Group. TPM Specification version 1.2. Parts 1–3, revision 103 (2007),

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Stéphanie Delaune
    • 1
  • Steve Kremer
    • 1
  • Mark D. Ryan
    • 2
  • Graham Steel
    • 1
  1. 1.LSV, ENS Cachan & CNRS & INRIASaclay Île-de-FranceFrance
  2. 2.School of Computer ScienceUniversity of BirminghamUK

Personalised recommendations