Advertisement

seTPM: Towards Flexible Trusted Computing on Mobile Devices Based on GlobalPlatform Secure Elements

  • Sergej Proskurin
  • Michael WeißEmail author
  • Georg Sigl
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9514)

Abstract

Insufficiently protected mobile devices present a ubiquitous threat. Due to severe hardware constraints, such as limited printed circuit board area, hardware-based security as proposed by the Trusted Computing Group is usually not part of mobile devices, yet. We present the design and implementation of seTPM, a secure element based TPM, utilizing Java Card technology. seTPM establishes trust in mobile devices by enabling Trusted Computing based integrity measurement services, such as IMA for Linux. Our prototype emulates TPM functionality on a GlobalPlatform secure element, which allows seamless integration into the Trusted Software Stack of Linux-based mobile operating systems like Android. With our work, we provide a solution to run Trusted Computing based security protocols while supplying a similar security level as provided by hardware TPM chips. In addition, due to the flexible design of the seTPM, we further increase the security level as we are able to selectively replace the outdated SHA-1 hash algorithm of TPM 1.2 specification by the present Keccak algorithm. Further, our architecture comprises hybrid support for the TPM 1.2 and TPM 2.0 specifications to simplify the transition towards the TPM 2.0 standard.

Keywords

Trust Computing Secure Element Hash Algorithm Trust Computing Group Remote Attestation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Trusted Computing Group: TCG specification architecture overview specification, Revision 1.4, August 2007Google Scholar
  2. 2.
    Challener, D., Yoder, K., Catherman, R., Safford, D., Van Doorn, L.: A Practical Guide to Trusted Computing. Pearson Education, Indianapolis (2007)Google Scholar
  3. 3.
    Arthur, W., Challener, D., Goldman, K.: A Practical Guide to TPM 2.0. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  4. 4.
    GlobalPlatform Inc.: TEE System Architecture - Public Release v1.0. GlobalPlatform Inc., California (2011)Google Scholar
  5. 5.
    ARM Security Technology - Building a Secure System using TrustZone Technology, Prd29-genc-009492c ed. ARM Limited, April 2009Google Scholar
  6. 6.
    Trusted Computing Group: TPM 2.0 Mobile Reference Architecture Family “2.0", Level 00 Revision 142, December 2014Google Scholar
  7. 7.
    Trusted Computing Group: TPM MOBILE with Trusted Execution Environment for Comprehensive Mobile Device Security (2012)Google Scholar
  8. 8.
    Trusted Computing Group: TCG Mobile Trusted Module Specification Version 1.0, Revision 6, June 2008Google Scholar
  9. 9.
    Strasser, M., Stamer, H.: A software-based trusted platform module emulator. In: Lipp, P., Sadeghi, A.-R., Koch, K.-M. (eds.) Trust 2008. LNCS, vol. 4968, pp. 33–47. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Oracle: Java Card Platform Specification 2.2.2Google Scholar
  11. 11.
    Sailer, R., Zhang, X., Jaeger, T., Van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: USENIX Security Symposium, vol. 13, pp. 223–238 (2004)Google Scholar
  12. 12.
    Trusted Computing Group: TPM Main Specification Level 2 Version 1.2, Revision 116, March 2011Google Scholar
  13. 13.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak specifications version 2 (2009)Google Scholar
  14. 14.
    Costan, V., Sarmenta, L.F.G., van Dijk, M., Devadas, S.: The trusted execution module: commodity general-purpose trusted computing. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 133–148. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Zhang, D., Han, Z., Yan, G.: A portable TPM based on USB key. In: Proceedings of the 17th ACM Conference on Computer, Communications Security, ser. CCS 2010, pp. 750–752. ACM, New York (2010)Google Scholar
  16. 16.
    Akram, R., Markantonakis, K., Mayes, K.: Trusted platform module for smart cards. In: 2014 6th International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–5, March 2014Google Scholar
  17. 17.
    Berger, S., Cáceres, R., Goldman, K.A., Perez, R., Sailer, R., van Doorn, L.: vtpm: virtualizing the trusted platform module. In: Proceedings of the 15th Conference on USENIX Security Symposium, ser. USENIX-SS 2006, vol. 15. USENIX Association, Berkeley (2006)Google Scholar
  18. 18.
    TrouSerS: The open-source TCG Software StackGoogle Scholar
  19. 19.
    Trusted Computing Group: TSS System Level API and TPM Command Transmission Interface Specification Family “2.0", Level 00 Revision 01.00, January 2015Google Scholar
  20. 20.
    ISO, Identification cards - Integrated circuit cards - Part 4: Organization, security and commands for interchange, International Organization for Standardization, Geneva, Switzerland, ISO/IEC 7816–4:2005. ISO (2005)Google Scholar
  21. 21.
    Trusted Computing Group: TPM Library Specification Family “2.0", Level 00, Revision 01.16 (2014)Google Scholar
  22. 22.
    Montgomery, M., Krishna, K.: Secure object sharing in java card. In: Proceedings of the USENIX Workshop on Smartcard Technology, ser. WOST 1999, p. 14. USENIXAssociation, Berkeley (1999)Google Scholar
  23. 23.
    Wang, X., Yin, Y.L., Yu, H.: Finding collisions in the full SHA-1. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 17–36. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  24. 24.
    SHA-3 standard: Permutation-based hash and extendable-outputfunctions, National Institute of Standards and Technology Std., Rev. DRAFT FIPS PUB 202, May 2014Google Scholar
  25. 25.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: Keccak, note on parameters and usage, February 2010Google Scholar
  26. 26.
    Trusted Computing Platform Alliance: TCPA Main Specification Version 1.1b, February 2002Google Scholar
  27. 27.
    Kauer, B.: Oslo: improving the security of trusted computing. In: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, ser. SS 2007, pp. 16: 1–16: 9. USENIX Association, Berkeley (2007)Google Scholar
  28. 28.
    Winter, J., Dietrich, K.: A Hijacker’s guide to the LPC bus. In: Petkova-Nikova, S., Pashalidis, A., Pernul, G. (eds.) EuroPKI 2011. LNCS, vol. 7163, pp. 176–193. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  29. 29.
    ARM: Designing with TrustZone\(^{\textregistered }\)- Hardware RequirementsGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Technische Universität MünchenMunichGermany
  2. 2.Fraunhofer Institut AISECGarchingGermany

Personalised recommendations