Advertisement

Programming Interfaces for the TPM

  • Ronald Toegl
  • Thomas Winkler
  • Mohammad Nauman
  • Theodore W. Hong
  • Johannes Winter
  • Michael Gissing
Chapter

Abstract

The paradigm of Trusted Computing promises a new approach to improve the security of embedded and mobile systems. The core functionality, based on a hardware component known as Trusted Platform Module (TPM), is widely available. However, integration and application in embedded systems remains limited at present, simply because of the extremely steep learning curve involved in using the programmer-facing interfaces. In this chapter, we describe the current state of the Trusted Computing Group’s software architecture and present previous approaches to improve usability. We report on a novel design of a high-level API for Trusted Computing for Java which has been optimized for ease-of-use and clear abstraction of Trusted Computing concepts. We derive requirements and design goals and outline the API design. Finally, we show the application and benchmarks in embedded systems. The result of this effort has been standardized as Java Specification Request 321.

Keywords

Virtual Machine Smart Card Application Program Interface Trusted Platform Module Trust Computing 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Ables, K.: An alleged attack on key delegation in the trusted platform module. MSc Advanced Computer Science First Semester Mini-Project, University of Birmingham (2009). http://www.computer-science.birmingham.ac.uk/~mdr/research/papers/pdf/09-ables-3.pdf. Website accessed 15 Nov 2012
  2. 2.
    Alam, M., Zhang, X., Nauman, M., Ali, T.: Behavioral attestation for web services (ba4ws). In: Proceedings of the 2008 ACM Workshop on Secure Web Services, Alexandria, pp. 21–28. ACM (2008). doi: 10.1145/1456492.1456496
  3. 3.
    Alsouri, S., Dagdelen, O., Katzenbeisser, S.: Group-based attestation: enhancing privacy and management in remote attestation. In: Acquisti, A., Smith, S., Sadeghi A.R. (eds.) Trust and Trustworthy Computing. Lecture Notes in Computer Science, vol. 6101, pp. 63–77. Springer, Berlin/Heidelberg (2010). http://dx.doi.org/10.1007/978-3-642-13869-0_5
  4. 4.
    Baldwin, A., Dalton, C., Shiu, S., Kostienko, K., Rajpoot, Q.: Providing secure services for a virtual infrastructure. SIGOPS Oper. Syst. Rev. 43(1), 44–51 (2009). doi: 10.1145/1496909.1496919 CrossRefGoogle Scholar
  5. 5.
    Bangerter, E., Djackov, M., Sadeghi, A.R.: A demonstrative ad hoc attestation system. In: Wu, T.C., Lei, C.L., Rijmen, V., Lee D.T. (eds.) Information Security. Lecture Notes in Computer Science, vol. 5222, pp. 17–30. Springer, Berlin/Heidelberg (2008). http://dx.doi.org/10.1007/978-3-540-85886-7_2
  6. 6.
    Bellare, M., Rogaway, P.: Optimal asymmetric encryption – how to encrypt with RSA. In: Santis A.D. (ed.) Eurocrypt 94 Proceedings, Perugia. Lecture Notes in Computer Science, vol. 950. Springer (1995). http://cseweb.ucsd.edu/~mihir/papers/oaep.html
  7. 7.
    Brett, A., Kuntze, N., Schmidt, A.: Trusted watermarks. In: IEEE International Symposium on Broadband Multimedia Systems and Broadcasting, 2009 (BMSB ’09), Bilbao, pp. 1–7 (2009)Google Scholar
  8. 8.
    Brett, A., Leicher, A.: Ethemba trusted host environment mainly based on attestation (2009). http://ethemba.novalyst.de/wordpress/wp-content/uploads/2009/11/ethemba1.pdf. Website accessed 15 Nov 2012
  9. 9.
    Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, Washington, DC, pp. 132–145. ACM (2004). doi:http://doi.acm.org/10.1145/1030083.1030103
  10. 10.
    Cabiddu, G., Cesena, E., Sassu, R., Vernizzi, D., Ramunno, G., Lioy, A.: The trusted platform agent. IEEE Softw. 28, 35–41 (2011). doi:http://doi.ieeecomputersociety.org/10.1109/MS.2010.160
  11. 11.
    Celesti, A., Salici, A., Villari, M., Puliafito, A.: A remote attestation approach for a secure virtual machine migration in federated cloud environments. In: 2011 First International Symposium on Network Cloud Computing and Applications (NCCA), Venice, pp. 99–106 (2011)Google Scholar
  12. 12.
    Challener, D., Yoder, K., Catherman, R., Safford, D., Doorn, L.V.: A Practical Guide to Trusted Computing, 1st edn. IBM Press, Upper Saddle River (2008). ISBN-13: 978-0132398428Google Scholar
  13. 13.
    Coppolino, L., Jäger, M., Kuntze, N., Rieke, R.: A trusted information agent for security information and event management. In: Proceedings of the Seventh International Conference on Systems, Saint Gilles (ICONS 2012). Think MInd (2012)Google Scholar
  14. 14.
    Dietrich, K.: Anonymous client authentication for transport layer security. In: De Decker, B., Schaumüller-Bichl I. (eds.) Communications and Multimedia Security. Lecture Notes in Computer Science, vol. 6109, pp. 268–280. Springer, Berlin/Heidelberg (2010). doi: 10.1007/978-3-642-13241-4_24 CrossRefGoogle Scholar
  15. 15.
    Dietrich, K., Pirker, M., Vejda, T., Toegl, R., Winkler, T., Lipp, P.: A practical approach for establishing trust relationships between remote platforms using trusted computing. In: Barthe, G., Fournet, C. (eds.) Trustworthy Global Computing. Lecture Notes in Computer Science, vol. 4912, pp. 156–168. Springer, Berlin/New York (2008)CrossRefGoogle Scholar
  16. 16.
    FABBRI, F.: Progetto e realizzazione di un protocollo di verifica dell’affidabilita’ di un terminale remoto (In Italian). Tesi di laurea specialistica, Università di Pisa (2007)Google Scholar
  17. 17.
    Gissing, M., Toegl, R., Pirker, M.: Management of integrity-enforced virtual applications. In: Lee, C., Seigneur, J.M., Park, J.J., Wagner, R.R. (eds.) Secure and Trust Computing, Data Management, and Applications. Communications in Computer and Information Science, vol. 187, pp. 138–145. Springer, Berlin/Heidelberg (2011). http://dx.doi.org/10.1007/978-3-642-22365-5_17
  18. 18.
    Global Industry Analysts Inc.: Embedded Systems: Market Research Report. http://marketpublishers.com/ (2013)
  19. 19.
    Gong, L., Mueller, M., Prafullch, H.: Going beyond the sandbox: an overview of the new security architecture in the java development kit 1.2. In: Proceedings of the USENIX Symposium on Internet Technologies and Systems, Monterey, pp. 103–112 (1997)Google Scholar
  20. 20.
    Google Inc.: Android OS. Available online at: http://www.android.com/ (2013)
  21. 21.
    Gosling, J., Joy, B., Steele, G., Bracha, G., Buckley, A.: The Java Language Specification Java SE 7 Edition. JSR 901 (2011). http://docs.oracle.com/javase/specs/index.html. Website accessed 2 Nov 2012
  22. 22.
    Hein, D.M., Toegl, R., Kraxberger, S.: An autonomous attestation token to secure mobile agents in disaster response. Secur. Commun. Netw. 3(5), 421–438 (2010). doi: 10.1002/sec.196. http://dx.doi.org/10.1002/sec.196
  23. 23.
    Hermanowski, M., Tews, E.: Tpm4java. Currently only available through http://web.archive.org/web/20090510093615/http://tpm4java.datenzone.de/trac (2009). Website accessed 6 Nov 2012
  24. 24.
    Huh, J.H.: Trustworthy logging for virtual organisations. Ph.D. thesis, University of Oxford (2009)Google Scholar
  25. 25.
    IBM Corp.: Trousers – an open-source TCG software stack implementation. http://trousers.sourceforge.net/. Website accessed 30 Oct 2012
  26. 26.
    ISO: ISO/IEC 9899:2011 Information technology – Programming languages – C. International Organization for Standardization, Geneva (2011). http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=57853
  27. 27.
    Jang, J., Nepal, S., Zic, J.: A trust enhanced email application using trusted computing. In: Symposia and Workshops on Ubiquitous, Autonomic and Trusted Computing, 2009 (UIC-ATC ’09), Maiden, pp. 502–507 (2009)Google Scholar
  28. 28.
    Java Community Process: JCP procedures overview. http://jcp.org/en/procedures/overview. For JSR 321, version 2.6 applied. Website accessed 12 Nov 2012
  29. 29.
    Jianhong, Y., Xinguang, P.: Protocol for dynamic component-property attestation in trusted computing. In: 2010 Second International Conference on Networks Security Wireless Communications and Trusted Computing (NSWCTC), Wuhan, vol. 2, pp. 369–372 (2010)Google Scholar
  30. 30.
    Jonsson, J., Kaliski, B.: Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1. RFC 3447 (Informational) (2003). http://www.ietf.org/rfc/rfc3447.txt
  31. 31.
    Khattak, Z., Sulaiman, S., Manan, J.: Security, trust and privacy (stp) framework for federated single sign-on environment. In: 2011 International Conference on Information Technology and Multimedia (ICIM), Kuala Lumpur, pp. 1–6 (2011)Google Scholar
  32. 32.
    Kinney, S.: Trusted Platform Module Basics: Using TPM in Embedded Systems, 1st edn. Newnes, Oxford (2006). ISBN 13:978-0-7506-7960-2Google Scholar
  33. 33.
    Korn, R., Kuntze, N., Repp, J.: Performance evaluation in trust enhanced decentralised content distribution networks. In: 2011 IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR), Naples, pp. 1–6 (2011)Google Scholar
  34. 34.
    Leach, P., Mealling, M., Salz, R.: A Universally Unique IDentifier (UUID) URN Namespace. RFC 4122 (Proposed Standard) (2005). http://www.ietf.org/rfc/rfc4122.txt
  35. 35.
    Lindholm, T., Yellin, F., Bracha, G., Buckley, A.: The Java Virtual Machine Specification Java SE 7 Edition. JSR 924 (2011). http://docs.oracle.com/javase/specs/index.html. Website accessed 2 Nov 2012
  36. 36.
    Lipp, P., Farmer, J., Bratko, D., Platzer, W., Sterbenz, A.: Sicherheit und Kryptographie in Java (In German). Addison-Wesley, München/Boston (2000). ISBN 3827315670Google Scholar
  37. 37.
    Lyle, J.: Trustworthy services through attestation. Ph.D. thesis, University of Oxford (2009)Google Scholar
  38. 38.
    Lyle, J., Martin, A.: On the feasibility of remote attestation for web services. In: Proceedings of the 2009 International Conference on Computational Science and Engineering, Vancouver, vol. 03, pp. 283–288. IEEE Computer Society (2009). doi: 10.1109/CSE.2009.213
  39. 39.
    Microsoft: TPM Base Services. Microsoft Developer Network. http://msdn.microsoft.com/en-us/library/aa446796(VS.85).aspx. Website accessed 30 Oct 2012.
  40. 40.
    Microsoft Developer Network: Overview of the.net framework. http://msdn.microsoft.com/en-us/library/zw4w595w.aspx. Website accessed 1 Nov 2012
  41. 41.
    NXP semiconductors: I2C-Bus Specification and User Manual (2012). Available online at: http://www.nxp.com/documents/user_manual/UM10204.pdf
  42. 42.
    Open_TC Consortium: The Open Trusted Computing Project (Open_TC) (2005–2009). Currently available only through http://web.archive.org/web/20110723233118/http://www.opentc.net/. Archived website accessed 30 Oct 2012.
  43. 43.
    Oracle: About Java (2012). http://www.java.com/en/about/. Website accessed 14 Nov 2012
  44. 44.
    Parno, B., Lorch, J., Douceur, J., Mickens, J., McCune, J.: Memoir: practical state continuity for protected modules. In: 2011 IEEE Symposium on Security and Privacy (SP), Berkeley, pp. 379–394 (2011)Google Scholar
  45. 45.
    Parno, B., McCune, J.M., Perrig, A.: Bootstrapping Trust in Modern Computers. Springer, New York (2011)CrossRefGoogle Scholar
  46. 46.
    Pirker, M., Toegl, R., Hein, D., Danner, P.: A PrivacyCA for anonymity and trust. In: Chen, L., Mitchell, C.J., Martin, A. (eds.) Proceedings of the 2nd International Conference on Trusted Computing (TRUST 2009), Oxford. Lecture Notes in Computer Science, vol. 5471, pp. 101–119. Springer, Berlin/Heidelberg (2009)Google Scholar
  47. 47.
    Pirker, M., Toegl, R., Winkler, T., Vejda, T.: Trusted computing for the JavaTMplatform (2009). http://trustedjava.sourceforge.net/. Website accessed 29 Jan 2013
  48. 48.
    Pirker, M., Winter, J., Toegl, R.: Lightweight distributed heterogeneous attested android clouds. In: Katzenbeisser, S., Weippl, E., Camp, L., Volkamer, M., Reiter, M., Zhang, X. (eds.) Trust and Trustworthy Computing. Lecture Notes in Computer Science, vol. 7344, pp. 122–141. Springer, Berlin/Heidelberg (2012). http://dx.doi.org/10.1007/978-3-642-30921-2_8.
  49. 49.
    Pozo, R., Miller, B.: SciMark 2.0(2000). http://math.nist.gov/scimark2/.
  50. 50.
    Ravi, S., Raghunathan, A., Kocher, P., Hattangady, S.: Security in embedded systems: design challenges. ACM Trans. Embed. Comput. Syst. 3(3), 461–491 (2004). doi: 10.1145/1015047.1015049 CrossRefGoogle Scholar
  51. 51.
    Reiter, A., Neubauer, G., Kapfenberger, M., Winter, J., Dietrich, K.: Seamless integration of trusted computing into standard cryptographic frameworks. In: Proceedings of the Second International Conference on Trusted Systems, Beijing, pp. 1–25. Springer (2011). doi: 10.1007/978-3-642-25283-9_1
  52. 52.
    RSA Laboratories: PKCS #11 v2.20: Cryptographic Token Interface Standard. RSA Security Inc. Public-Key Cryptography Standards (PKCS) (2004). ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf Website accessed 29 Jan 2013
  53. 53.
    Sarmenta, L., van Dijk, M., O’Donnell, C., Rhodes, J., Devadas, S.: Virtual monotonic counters and count-limited objects using a TPM without a trusted OS. In: Proceedings of the First ACM Workshop on Scalable Trusted Computing (STC ’06), Alexandria, 1-59593-548-7, pp. 27–42. ACM (2006). doi:http://doi.acm.org/10.1145/1179474.1179485
  54. 54.
    Sarmenta, L., Rhodes, J., Müller, T.: TPM/J Java-based API for the trusted platform module (2007). http://projects.csail.mit.edu/tc/tpmj/. Website accessed 30 Oct 2012
  55. 55.
    Schlüter, M.: Realisierung einer mobilen, vertrauenswürdigen GeschÃd’ftsplattform auf Basis von Trusted Computing zur gesicherten Datenerfassung (In German). Master’s thesis, Technischen Hochschule Mittelhessen (2012).Google Scholar
  56. 56.
    Schnepp, I., Panenka, S., Richard-Foy, M.: JSR321 feed-back from TECOM-FP7’s implementation. Technical report, Atego (2010). Review 2.1Google Scholar
  57. 57.
    Selhorst, M., Stueble, C., Teerkorn, F.: TSS Study. Study on behalf of the german federal office for information security (BSI), Sirrix AG security technologies (2008). http://www.sirrix.com/media/downloads/57653.pdf,download. Website accessed 1 Nov 2012.
  58. 58.
    Shim, R., Mainelli, T., O’Donnell, B., Chute, C., Pulskamp, F., Rau, S.: Worldwide interfaces and technologies embedded in PCs 2010–2014 forecast. Technical report, IDC (2010)Google Scholar
  59. 59.
    Strasser, M., Stamer, H.: A software-based trusted platform module emulator. In: Lipp, P., Sadeghi, A.R., Koch, K.M. (eds.) Trusted Computing – Challenges and Applications. Lecture Notes in Computer Science, vol. 4968, pp. 33–47. Springer, Berlin/Heidelberg (2008). http://dx.doi.org/10.1007/978-3-540-68979-9_3
  60. 60.
    Stueble, C., Zaerin, A.: μ TSS – a simplified trusted software stack. In: Proceedings of the 3rd International Conference on Trust and Trustworthy Computing (TRUST 2010), Berlin. Lecture Notes in Computer Science, vol. 6101. Springer (2010)Google Scholar
  61. 61.
    Stueble, C., Zaerin, A.: μ TSS – a simplified trusted software stack. Technical report, Sirrix AG (2010)Google Scholar
  62. 62.
    Stumpf, F., Tafreschi, O., Röder, P., Eckert, C.: A robust integrity reporting protocol for remote attestation. In: Proceedings of the Second Workshop on Advances in Trusted Computing (WATC’06 Fall), Tokyo, Japan (2006). http://www.research.ibm.com/trl/projects/watc/FredericStumpfPaper.pdf
  63. 63.
    Tanveer, T., Alam, M., Nauman, M.: Scalable remote attestation with privacy protection. In: Chen, L., Yung, M. (eds.) Trusted Systems. Lecture Notes in Computer Science, vol. 6163, pp. 73–87. Springer, Berlin/Heidelberg (2010). http://dx.doi.org/10.1007/978-3-642-14597-1_5
  64. 64.
    TECOM Consortium: Trusted Embedded Computing project (TECOM) (2008–2010). Currently available only through http://web.archive.org/web/20100625044259/http://www.tecom-project.eu/. Website accessed 9 Nov 2012
  65. 65.
    Petazzoni, T. Opdenacker, M.: Java in embedded linux systems (2009). http://free-electrons.com/doc/embedded_linux_java.pdf
  66. 66.
    Toegl, R.: Tagging the turtle: local attestation for kiosk computing. In: Park, J.H., Chen, H.H., Atiquzzaman, M., Lee, C., Kim, T.H., Yeo, S.S. (eds.) Advances in Information Security and Assurance. Lecture Notes in Computer Science, vol. 5576, pp. 60–69. Springer, Berlin/Heidelberg (2009). doi:http://dx.doi.org/10.1007/978-3-642-02617-1_7
  67. 67.
    Toegl, R., Hutter, M.: An approach to introducing locality in remote attestation using near field communications. J. Supercomput. 55(2), 207–227 (2011). doi: 10.1007/s11227-010-0407-1. http://dx.doi.org/10.1007/s11227-010-0407-1
  68. 68.
    Toegl, R., Lipp, P., Nisewanger, J., Rao, D.D., Winkler, T., Keil, W., Hong, T., Nauman, M., Gungoren, B., Graf, K.M.: JSR321 Trusted Computing API for Java. Java Community Process Specification Final Release http://jcp.org/en/jsr/detail?id=321 (2011). Java Specification Request # 321. Website accessed 31 Oct 2012
  69. 69.
    Toegl, R., Pirker, M.: An ongoing game of tetris: integrating trusted computing in java, block-by-block. In: Gawrock, D., Reimer, H., Sadeghi, A.R., Vishik, C. (eds.) Future of Trust in Computing, pp. 60–67. Vieweg+Teubner, Wiesbaden (2009). http://dx.doi.org/10.1007/978-3-8348-9324-6_7
  70. 70.
    Toegl, R., Pirker, M., Gissing, M.: acTvSM: a dynamic virtualization platform for enforcement of application integrity. In: Chen, L., Yung, M. (eds.) Trusted Systems. Lecture Notes in Computer Science, vol. 6802, pp. 326–345. Springer, Berlin/Heidelberg (2011). http://dx.doi.org/10.1007/978-3-642-25283-9_22
  71. 71.
    Toegl, R., Winkler, T., Nauman, M., Hong, T.W.: Specification and standardization of a java trusted computing api. Softw. Pract. Exp. 42(8), 945–965 (2012). http://dx.doi.org/10.1002/spe.1095
  72. 72.
    Toegl, R., Winkler, T., Pirker, M., Steurer, M., Stoegbuchner, R.: IAIK Java TCG Software Stack – jTSS API Tutorial (2011). http://trustedjava.sf.net. Website accessed 14 Nov 2012
  73. 73.
    Trusted Computing Group: TCG Software Stack (TSS) Specification Version 1.2 Level 1 Errata A (2007). http://www.trustedcomputinggroup.org/resources/tcg_software_stack_tss_specification. Website accessed 29 Jan 2013
  74. 74.
    Trusted Computing Group: TCG PC Client Specific TPM Interface Specification (TIS) specification version 1.21 revision 1.00 (2011). http://www.trustedcomputinggroup.org/resources/pc_client_work_group_pc_client_specific_tpm_interface_specification_tis. URL http://www.trustedcomputinggroup.org. Website accessed 29 Jan 2013
  75. 75.
    Trusted Computing Group: TCG TPM specification version 1.2 revision 116 (2011). http://www.trustedcomputinggroup.org/resources/tpm_main_specification. Website accessed 29 Jan 2013
  76. 76.
    Trusted Computing Group: Trusted Platform Module Library part 1: Architecture – Familiy “2.0” Level 00 Revision 00.96 (2013). http://www.trustedcomputinggroup.org/resources/tpm_main_specification. Website accessed 1 July 2013
  77. 77.
    UBM Tech: 2013 embedded market study (2013). http://e.ubmelectronics.com/2013EmbeddedStudy/index.html
  78. 78.
    W3C XML Protocol Working Group: SOAP Version 1.2 Part 1: Messaging Framework. W3C Recommendation, W3C (2007). http://www.w3.org/TR/soap12-part1/
  79. 79.
    Weiser, S., Tögl, R., Winter, J.: Measured firmware deployment for embedded microcontroller platforms. In: MeSeCCS Proceedings, Lisbon. SCITEPRESS (2014)Google Scholar
  80. 80.
    Winter, J., Dietrich, K.: A hijacker’s guide to communication interfaces of the trusted platform module. Comput. Math. Appl. 65(5), 748–761 (2013). http://www.sciencedirect.com/science/article/pii/S0898122112004634
  81. 81.
    Xingkui, W., Xinguang, P.: The trusted computing environment construction based on jtss. In: 2011 International Conference on Mechatronic Science, Electric Engineering and Computer (MEC), Jilin, pp. 2252–2256 (2011)Google Scholar
  82. 82.
    Xinguang, P., Wei, J.: Filter-based trusted remote attestation for web services. In: 2010 3rd IEEE International Conference on Computer Science and Information Technology (ICCSIT), Beijing, vol. 3, pp. 5–9 (2010). doi: 10.1109/ICCSIT.2010.5564906 Google Scholar
  83. 83.
    Yan, J., Peng, X.: Security strategy of DRM based on trusted computing. J. Comput. Inf. Syst. 9(7), 3226–3234 (2011)Google Scholar
  84. 84.
    Zic, J., Nepal, S.: Implementing a portable trusted environment. In: Gawrock, D., Reimer, H., Sadeghi, A.R., Vishik, C. (eds.) Future of Trust in Computing, pp. 17–29. Vieweg+Teubner, Wiesbaden (2009). http://dx.doi.org/10.1007/978-3-8348-9324-6_2

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Ronald Toegl
    • 1
  • Thomas Winkler
    • 2
  • Mohammad Nauman
    • 3
  • Theodore W. Hong
    • 4
  • Johannes Winter
    • 1
  • Michael Gissing
    • 1
  1. 1.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria
  2. 2.Pervasive Computing Group/Institute of Networked and Embedded Systems (NES)Alpen-Adria Universitaet KlagenfurtKlagenfurtAustria
  3. 3.Computer Science Research and Development UnitPeshawarPakistan
  4. 4.University of Cambridge Computer LaboratoryCambridgeUK

Personalised recommendations