Waltzing the Bear, or: A Trusted Virtual Security Module

  • Ronald Toegl
  • Florian Reimair
  • Martin Pirker
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7868)


Cryptographic key material needs to be protected. Currently, this is achieved by either pure software based solutions or by more expensive dedicated hardware security modules. We present a practical architecture to project the security provided by the Trusted Platform Module and Intel Trusted eXecution Technology on a virtual security module.

Our approach uses commodity personal computer hardware to offer integrity protection and strong isolation to a security module which implements a compact security API that has been fully verified. Performance results suggest that our approach offers an attractive balance between speed, security and cost.


Trusted Computing Hardware Security Module Key Store API Verification 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    CryptoProvider of SIC Crypto Toolkit (February 23, 2011),
  2. 2.
    Advanced Micro Devices: AMD64 Virtualization: Secure Virtual Machine Architecture Reference Manual (May 2005)Google Scholar
  3. 3.
    Anderson, R., Bond, M., Clulow, J., Skorobogatov, S.: Cryptographic processors-a survey. Proceedings of the IEEE 94(2), 357–369 (2006), doi:10.1109/JPROC.2005.862423CrossRefGoogle Scholar
  4. 4.
    Armando, A., Compagna, L.: SAT-based model-checking for security protocols analysis. Int. J. Inf. Secur. 7(1), 3–32 (2008)CrossRefGoogle Scholar
  5. 5.
    Arnold, T.W., Doorn, L.P.V.: The IBM PCIXCC: a new cryptographic coprocessor for the IBM eServer. IBM J. Res. Dev. 48(3-4), 475–487 (2004)CrossRefGoogle Scholar
  6. 6.
    Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vTPM: virtualizing the trusted platform module. In: USENIX-SS 2006: Proceedings of the 15th Conference on USENIX Security Symposium, pp. 305–320 (2006)Google Scholar
  7. 7.
    Bortolozzo, M., Centenaro, M., Focardi, R., Steel, G.: Attacking and fixing PKCS#11 security tokens. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 260–269. ACM, Chicago (2010)CrossRefGoogle Scholar
  8. 8.
    Chen, L., Ryan, M.: Attack, solution and verification for shared authorisation data in TCG TPM. In: Degano, P., Guttman, J.D. (eds.) FAST 2009. LNCS, vol. 5983, pp. 201–216. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Coker, G., Guttman, J., Loscocco, P., Sheehy, J., Sniffen, B.: Attestation: Evidence and trust. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 1–18. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory (1981)Google Scholar
  11. 11.
    Dyer, J., Lindemann, M., Perez, R., Sailer, R., van Doorn, L., Smith, S.: Building the IBM 4758 secure coprocessor. Computer 34(10), 57–66 (2001)CrossRefGoogle Scholar
  12. 12.
    EMSCB Project Consortium: The European Multilaterally Secure Computing Base (EMSCB) project (2004),
  13. 13.
    Fröschle, S., Steel, G.: Analysing PKCS#11 key management aPIs with unbounded fresh data. In: Degano, P., Viganò, L. (eds.) ARSPA-WITS 2009. LNCS, vol. 5511, pp. 92–106. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  14. 14.
    Gajek, S., Löhr, H., Sadeghi, A.R., Winandy, M.: TruWallet: trustworthy and migratable wallet-based web authentication. In: Proceedings of the 2009 ACM Workshop on Scalable Trusted Computing, STC 2009, pp. 19–28. ACM, New York (2009), CrossRefGoogle Scholar
  15. 15.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: Proceedings of the 19th Symposium on Operating System Principles (SOSP 2003), pp. 193–206. ACM, New York (2003)Google Scholar
  16. 16.
    Gissing, M., Toegl, R., Pirker, M.: Secure and trust computing, data management, and applications (2011),
  17. 17.
    Grawrock, D.: Dynamics of a Trusted Platform: A Building Block Approach. Intel Press (February 2009) ISBN 978-1934053171Google Scholar
  18. 18.
    Gutmann, P.: An open-source cryptographic coprocessor. In: Proceedings of the 9th Conference on USENIX Security Symposium, vol. 9, p. 8. USENIX Association, Berkeley (2000)Google Scholar
  19. 19.
    Intel Corporation: Intel Trusted Execution Technology Software Development Guide (March 2011),
  20. 20.
    Kwan, P.C.S., Durfee, G.: Practical uses of virtual machines for protection of sensitive user data. In: Dawson, E., Wong, D.S. (eds.) ISPEC 2007. LNCS, vol. 4464, pp. 145–161. Springer, Heidelberg (2007), CrossRefGoogle Scholar
  21. 21.
    MacDonald, R., Smith, S., Marchesini, J., Wild, O.: Bear: An Open-Source Virtual Secure Coprocessor based on TCPA. Tech. Rep. TR2003-471, Dartmouth College (2003)Google Scholar
  22. 22.
    Marchesini, J., Smith, S., Wild, O., MacDonald, R.: Experimenting with TCPA/TCG Hardware, Or: How I Learned to Stop Worrying and Love The Bear. Tech. rep., Department of Computer Science/Dartmouth PKI Lab, Dartmouth College (2003)Google Scholar
  23. 23.
    McCune, J.M., Li, Y., Qu, N., Zhou, Z., Datta, A., Gligor, V., Perrig, A.: TrustVisor: Efficient TCB reduction and attestation. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2010)Google Scholar
  24. 24.
    McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: an execution infrastructure for TCB minimization. In: Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, pp. 315–328. ACM, Glasgow (2008)CrossRefGoogle Scholar
  25. 25.
    National Institute of Standards and Technology: Security requirements for cryptographic modules. FIPS PUB 140-3 (September 2009), draftGoogle Scholar
  26. 26.
    OpenTC Project Consortium: The Open Trusted Computing (OpenTC) project (2005-2009),
  27. 27.
    Pfitzmann, B., Riordan, J., Stueble, C., Waidner, M., Weber, A., Saarlandes, U.D.: The perseus system architecture (2001)Google Scholar
  28. 28.
    Reimair, F.: Trusted virtual Security Module. Master’s thesis, Graz University of Technology (January 2011)Google Scholar
  29. 29.
    RSA Laboratories: PKCS #11 v2.20: Cryptographic Token Interface Standard. RSA Security Inc. Public-Key Cryptography Standards (PKCS) (June 2004)Google Scholar
  30. 30.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 13th USENIX Security Symposium. USENIX Association, San Diego (2004)Google Scholar
  31. 31.
    Schiffman, J., Moyer, T., Shal, C., Jaeger, T., McDaniel, P.: Justifying integrity using a virtual machine verifier. In: ACSAC 2009: Proceedings of the 2009 Annual Computer Security Applications Conference, pp. 83–92. IEEE Computer Society, Washington, DC (2009)CrossRefGoogle Scholar
  32. 32.
    Shi, E., Perrig, A., Van Doorn, L.: Bind: a fine-grained attestation service for secure distributed systems. In: 2005 IEEE Symposium on Security and Privacy, pp. 154–168 (2005)Google Scholar
  33. 33.
    Singaravelu, L., Pu, C., Härtig, H., Helmuth, C.: Reducing TCB complexity for security-sensitive applications: three case studies. In: EuroSys 2006: Proceedings of the ACM SIGOPS/EuroSys European Conference on Computer Systems 2006, pp. 161–174. ACM, New York (2006)Google Scholar
  34. 34.
    Smith, S.W.: Trusted Computing Platforms: Design and Applications. Springer (2005)Google Scholar
  35. 35.
    Smith, S.W., Weingart, S.: Building a high-performance, programmable secure coprocessor. Comput. Netw. 31, 831–860 (1999)CrossRefGoogle Scholar
  36. 36.
    Toegl, R., Pirker, M., Gissing, M.: acTvSM: A dynamic virtualization platform for enforcement of application integrity. In: Chen, L., Yung, M. (eds.) INTRUST 2010. LNCS, vol. 6802, pp. 326–345. Springer, Heidelberg (2011), CrossRefGoogle Scholar
  37. 37.
    Trusted Computing Group: TCG TPM specification version 1.2 revision 103 (2007)Google Scholar
  38. 38.
    Tygar, J., Yee, B.: Dyad: A system for using physically secure coprocessors. In: Technological Strategies for the Protection of Intellectual Property in the Networked Multimedia Environment, pp. 121–152. Interactive Multimedia Association (1994)Google Scholar
  39. 39.
    Winter, J., Dietrich, K.: A hijacker’s guide to the LPC bus. In: Petkova-Nikova, S., Pashalidis, A., Pernul, G. (eds.) EuroPKI 2011. LNCS, vol. 7163, pp. 176–193. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  40. 40.
    Youn, P., Adida, B., Bond, M., Clulow, J., Herzog, J., Lin, A., Rivest, R.L., Anderson, R.: Robbing the bank with a theorem prover. Tech. rep., University of Cambridge (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Ronald Toegl
    • 1
  • Florian Reimair
    • 1
  • Martin Pirker
    • 1
  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria

Personalised recommendations