Future of Trust in Computing pp 171-177
User-Friendly and Secure TPM-based Hard Disk Key Management
Today, computing platforms contain sensitive data of enterprises and private users. However, simple hard disk encryption solutions are not sufficient: swap areas and hibernation features still allow data leakage; the usage of authentication mechanisms based on passphrases, USB sticks, or other security tokens is cumbersome and of limited security benefit; finally, the encrypted data needs to be bound to the computing platform and/or the system software to prevent data leakage due to reboots and software manipulations.
We describe work-in-progress towards using Trusted-Computing technology for hard disk encryption and secure hibernation, allowing to detect integrity breaches of system software. The design of the TPM-based key management scheme considers requirements of both business scenarios and private users to guarantee availability of the encrypted data.
The main advantage of our solution is that it protects data at rest while providing a very high degree of user-friendliness: In one setting the system does not require any more user interaction than a completely unprotected system.
Unable to display preview. Download preview PDF.
- Arbaugh, William A.; Farber, David J.; Smith, Jonathan M.: A Secure and Reliable Bootstrap Architecture. Proc. IEEE Symposium on Security and Privacy, 1997, pages 65—71.Google Scholar
- Kühn, Ulrich; Kursawe, Klaus; Lucks, Stefan; Sadeghi, Ahmad-Reza; Stüble, Christian: Secure Data Management in Trusted Computing. In: J. R. Rao, B. Sunar (eds.): Cryptographic Hardware and Embedded Systems - CHES 2005. Volume 3659 of Lecture Notes in Computer Science, Springer-Verlag, 2005, pp. 324—338.Google Scholar
- Microsoft Corporation. Secure startup - full volume encryption: Technical overview. Technical Report, April 2005.Google Scholar
- Menezes, Alfred J.; van Oorschot, Paul C; Vanstone, Scott A: Handbook of Applied Cryptography. CRC Press, 1996.Google Scholar
- Tux On Ice. http://www.tuxonice.net