Skip to main content

Attack, Solution and Verification for Shared Authorisation Data in TCG TPM

  • Conference paper
Formal Aspects in Security and Trust (FAST 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5983))

Included in the following conference series:


The Trusted Platform Module (TPM) is a hardware chip designed to enable computers to achieve greater security. Proof of possession of authorisation values known as authdata is required by user processes in order to use TPM keys. If a group of users are to be authorised to use a key, then the authdata for the key may be shared among them. We show that sharing authdata between users allows a TPM impersonation attack, which enables an attacker to completely usurp the secure storage of the TPM. The TPM has a notion of encrypted transport session, but it does not fully solve the problem we identify.

We propose a new authorisation protocol for the TPM, which we call Session Key Authorisation Protocol (SKAP). It generalises and replaces the existing authorisation protocols (OIAP and OSAP). It allows authdata to be shared without the possibility of the impersonation attack, and it solves some other problems associated with OIAP and OSAP. We analyse the old and the new protocols using ProVerif. Authentication and secrecy properties (which fail for the old protocols) are proved to hold of SKAP.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others


  1. ISO/IEC 11770-4: Information technology – Security techniques – Key management – Part 4: Mechanisms based on weak secrets

    Google Scholar 

  2. ISO/IEC 18033-2: Information technology – Security techniques – Encryption algorithms – Part 2: Asymmetric ciphers

    Google Scholar 

  3. ISO/IEC 18033-3: Information technology – Security techniques – Encryption algorithms – Part 3: Block ciphers

    Google Scholar 

  4. ISO/IEC 19772: Information technology – Security techniques – Authenticated encryption

    Google Scholar 

  5. ISO/IEC 9797-2: Information technology – Security techniques – Message authentication codes (MACs) – Part 2: Mechanisms using a dedicated hash-function

    Google Scholar 

  6. ISO/IEC, P.D.: 11889: Information technology – Security techniques – Trusted platform module

    Google Scholar 

  7. Ables, K.: An attack on key delegation in the trusted platform module (first semester mini-project in computer security). Master’s thesis, School of Computer Science, University of Birmingham (2009)

    Google Scholar 

  8. Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: Schneider, S. (ed.) 14th IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, Canada, June 2001, pp. 82–96. IEEE Computer Society Press, Los Alamitos (2001)

    Chapter  Google Scholar 

  9. Blanchet, B.: ProVerif: Automatic Cryptographic Protocol Verifier User Manual (2008)

    Google Scholar 

  10. Bruschi, D., Cavallaro, L., Lanzi, A., Monga, M.: Replay attack in TCG specification and solution. In: ACSAC 2005: Proceedings of the 21st Annual Computer Security Applications Conference, pp. 127–137. IEEE Computer Society, Los Alamitos (2005)

    Chapter  Google Scholar 

  11. Chen, L., Ryan, M.D.: Offline dictionary attack on TCG TPM weak authorisation data, and solution. In: Grawrock, D., Reimer, H., Sadeghi, A., Vishik, C. (eds.) Future of Trust in Computing. Vieweg & Teubner (2008)

    Google Scholar 

  12. Gürgens, S., Rudolph, C., Scheuermann, D., Atts, M., Plaga, R.: Security evaluation of scenarios based on the TCG’s TPM specification. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 438–453. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  13. Lin, A.H.: Automated Analysis of Security APIs. Master’s thesis, MIT (2005),

  14. Trusted Computing Group. TPM Specification version 1.2. Parts 1–3 (2007),

Download references

Author information

Authors and Affiliations


Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chen, L., Ryan, M. (2010). Attack, Solution and Verification for Shared Authorisation Data in TCG TPM. In: Degano, P., Guttman, J.D. (eds) Formal Aspects in Security and Trust. FAST 2009. Lecture Notes in Computer Science, vol 5983. Springer, Berlin, Heidelberg.

Download citation

  • DOI:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-12458-7

  • Online ISBN: 978-3-642-12459-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics