Towards a Verified Reference Implementation of a Trusted Platform Module

  • Aybek Mukhamedov
  • Andrew D. Gordon
  • Mark Ryan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7028)


We develop a reference implementation for a fragment of the API for a Trusted Platform Module. Our code is written in a functional language, suitable for verification with various tools, but is automatically translated to a subset of C, suitable for interoperability testing with production code, and for inclusion in a specification or standard for the API. One version of our code corresponds to the widely deployed TPM 1.2 specification, and is vulnerable to a recently discovered dictionary attack; verification of secrecy properties of this version fails producing an attack trace and highlights an ambiguity in the specification that has security implications. Another version of our code corresponds to a suggested amendment to the TPM 1.2 specification; verification of this version succeeds. From this case study we conclude that recent advances in tools for verifying implementation code for cryptographic APIs are reaching the point where it is viable to develop verified reference implementations. Moreover, the published code can be in a widely understood language like C, rather than one of the specialist formalisms aimed at modelling cryptographic protocols.


Shared Secret Security Protocol Trust Platform Module Symbolic Execution Reference Implementation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bruschi, D., Cavallaro, L., Lanzi, A., Monga, M.: Replay attack in TCG specification and solution. In: ACSAC 2005: Proceedings of the 21st Annual Computer Security Applications Conference, pp. 127–137. IEEE Computer Society, Washington, DC (2005)Google Scholar
  2. 2.
    Gürgens, S., Rudolph, C., Scheuermann, D., Atts, M., Plaga, R.: Security Evaluation of Scenarios Based on the TCG’s TPM Specification. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 438–453. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Lin, A.H.: Automated Analysis of Security APIs. Master’s thesis. MIT (2005),
  4. 4.
    Chen, L., Ryan, M.D.: Offline dictionary attack on TCG TPM weak authorisation data, and solution. In: Grawrock, D., Reimer, H., Sadeghi, A., Vishik, C. (eds.) Future of Trust in Computing. Vieweg & Teubner (2008)Google Scholar
  5. 5.
    Syme, D., Granicz, A., Cisternino, A.: Expert F#. Apress (2007)Google Scholar
  6. 6.
    Trusted Computing Group: TPM Specification version 1.2. Parts 1-3 (2007),
  7. 7.
    Bhargavan, K., Fournet, C., Gordon, A.D., Tse, S.: Verified interoperable implementations of security protocols. In: IEEE Computer Security Foundations Workshop, CSFW 2006, pp. 139–152 (2006)Google Scholar
  8. 8.
    Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. Journal of Logic and Algebraic Programming 75(1), 3–51 (2008)MathSciNetzbMATHCrossRefGoogle Scholar
  9. 9.
    Bond, M., Anderson, R.: API-level attacks on embedded systems. Computer 34(10), 67–75 (2001)CrossRefGoogle Scholar
  10. 10.
    Bond, M.: Understanding Security APIs. PhD thesis. University of Cambridge (2005)Google Scholar
  11. 11.
    Berkman, O., Ostrovsky, O.M.: The Unbearable Lightness of PIN Cracking. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 224–238. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    McCune, W.: OTTER 3.3 Reference Manual. Aragonne National Laboratory (2003)Google Scholar
  13. 13.
    Goldsmith, M.: FDR2 User’s Manual version 2.82. Formal Systems (Europe) Ltd. (2005)Google Scholar
  14. 14.
    Cortier, V., Keighren, G., Steel, G.: Automatic Analysis of the Security of XOR-Based Key Management Schemes. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 538–552. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
  16. 16.
    Delaune, S., Kremer, S., Steel, G.: Formal analysis of PKCS#11. In: CSF, pp. 331–344. IEEE Computer Society (2008)Google Scholar
  17. 17.
    ISO/IEC PAS DIS 11889: Information technology – Security techniques – Trusted platform moduleGoogle Scholar
  18. 18.
    Anderson, R.: Trusted Computing FAQ (2003),
  19. 19.
    ISO/IEC 9797-2: Information technology – Security techniques – Message authentication codes (MACs) – Part 2: Mechanisms using a dedicated hash-functionGoogle Scholar
  20. 20.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory IT-29(2), 198–208 (1983)MathSciNetCrossRefGoogle Scholar
  21. 21.
    Bhargavan, K., Fournet, C., Gordon, A.D., Swamy, N.: Verified implementations of the Information Card federated identity-management protocol. In: ASIACCS 2008 (2008)Google Scholar
  22. 22.
    Bhargavan, K., Fournet, C., Corin, R., Zalinescu, E.: Cryptographically verified implementations for TLS. In: CCS 2008 (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Aybek Mukhamedov
    • 1
    • 2
  • Andrew D. Gordon
    • 1
  • Mark Ryan
    • 2
  1. 1.Microsoft ResearchUSA
  2. 2.University of BirminghamUK

Personalised recommendations