• Title, Summary, Keyword: TPM(Trusted Platform Module)

Search Result 17, Processing Time 0.043 seconds

A Property-Based Data Sealing using the Weakest Precondition Concept (최소 전제조건 개념을 이용한 성질 기반 데이터 실링)

  • Park, Tae-Jin;Park, Jun-Cheol
    • Journal of Internet Computing and Services
    • /
    • v.9 no.6
    • /
    • pp.1-13
    • /
    • 2008
  • Trusted Computing is a hardware-based technology that aims to guarantee security for machines beyond their users' control by providing security on computing hardware and software. TPM(Trusted Platform Module), the trusted platform specified by the Trusted Computing Group, acts as the roots for the trusted data storage and the trusted reporting of platform configuration. Data sealing encrypts secret data with a key and the platform's configuration at the time of encryption. In contrast to the traditional data sealing based on binary hash values of the platform configuration, a new approach called property-based data sealing was recently suggested. In this paper, we propose and analyze a new property-based data sealing protocol using the weakest precondition concept by Dijkstra. The proposed protocol resolves the problem of system updates by allowing sealed data to be unsealed at any configuration providing the required property. It assumes practically implementable trusted third parties only and protects platform's privacy when communicating. We demonstrate the proposed protocol's operability with any TPM chip by implementing and running the protocol on a software TPM emulator by Strasser. The proposed scheme can be deployed in PDAs and smart phones over wireless mobile networks as well as desktop PCs.

  • PDF

Design of a Mobile DAA Model through Java Test Module for the DAA Protocol (DAA 자바 실험모듈 구현을 통한 모바일 DAA 모델 설계)

  • Yang, Seok-Hwan;Lee, Ki-Yeal;Chung, Mok-Dong
    • Journal of KIISE:Computing Practices and Letters
    • /
    • v.14 no.8
    • /
    • pp.773-777
    • /
    • 2008
  • Today's mobile devices have characteristic of random mobility in the heterogeneous networks. Thus they should have various kinds of security requirements. To satisfy these requirements, there are many researches on security and authentication for mobile devices. TCG(Trusted Computing Group) designed TPM(Trusted Platform Module) for providing privacy and authentication to users. Also TCG suggest a protocol, called DAA(Direct Anonymous Attestation) which uses zero knowledge proof theory. In this paper, we will implement DAA protocol using Java and show the efficiency and the problems in the DAA protocol. Finally, we will suggest an efficient mobile DAA model through Java test module for the DAA protocol.

Security and Privacy Mechanism using TCG/TPM to various WSN (다양한 무선네트워크 하에서 TCG/TPM을 이용한 정보보호 및 프라이버시 매커니즘)

  • Lee, Ki-Man;Cho, Nae-Hyun;Kwon, Hwan-Woo;Seo, Chang-Ho
    • Journal of the Korea Society of Computer and Information
    • /
    • v.13 no.5
    • /
    • pp.195-202
    • /
    • 2008
  • In this paper, To improve the effectiveness of security enforcement, the first contribution in this work is that we present a clustered heterogeneous WSN(Wareless Sensor Network) architecture, composed of not only resource constrained sensor nodes, but also a number of more powerful high-end devices acting as cluster heads. Compared to sensor nodes, a high-end cluster head has higher computation capability, larger storage, longer power supply, and longer radio transmission range, and it thus does not suffer from the resource scarceness problem as much as a sensor node does. A distinct feature of our heterogeneous architecture is that cluster heads are equipped with TC(trusted computing) technology, and in particular a TCG(Trusted Computing Group) compliant TPM (Trusted Platform Module) is embedded into each cluster head. According the TCG specifications, TPM is a tamper-resistant, self-contained secure coprocessor, capable of performing cryptographic functions. A TPM attached to a host establishes a trusted computing platform that provides sealed storage, and measures and reports the integrity state of the platform.

  • PDF

Trustworthy Mutual Attestation Protocol for Local True Single Sign-On System: Proof of Concept and Performance Evaluation

  • Khattak, Zubair Ahmad;Manan, Jamalul-Lail Ab;Sulaiman, Suziah
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.6 no.9
    • /
    • pp.2405-2423
    • /
    • 2012
  • In a traditional Single Sign-On (SSO) scheme, the user and the Service Providers (SPs) have given their trust to the Identity Provider (IdP) or Authentication Service Provider (ASP) for the authentication and correct assertion. However, we still need a better solution for the local/native true SSO to gain user confidence, whereby the trusted entity must play the role of the ASP between distinct SPs. This technical gap has been filled by Trusted Computing (TC), where the remote attestation approach introduced by the Trusted Computing Group (TCG) is to attest whether the remote platform integrity is indeed trusted or not. In this paper, we demonstrate a Trustworthy Mutual Attestation (TMutualA) protocol as a proof of concept implementation for a local true SSO using the Integrity Measurement Architecture (IMA) with the Trusted Platform Module (TPM). In our proposed protocol, firstly, the user and SP platform integrity are checked (i.e., hardware and software integrity state verification) before allowing access to a protected resource sited at the SP and releasing a user authentication token to the SP. We evaluated the performance of the proposed TMutualA protocol, in particular, the client and server attestation time and the round trip of the mutual attestation time.

모바일 플랫폼용 공통보안핵심 모듈 기술

  • Kim Moo-Seop;Shin Jin-A;Park Young-Soo;Jun Sung-Ik
    • Review of KIISC
    • /
    • v.16 no.3
    • /
    • pp.7-17
    • /
    • 2006
  • TCG(Trusted Computing Group)는 더욱 안전한 컴퓨팅 환경의 구현을 목적으로 설립된 업계 컨소시엄으로, 데이터의 신뢰성을 제공하기 위하여 TPM(Trusted Platform Module)으로 불리는 신뢰의 기본을 제공하는 핵심 하드웨어의 사용을 제안하고 있다. 최근 모바일 디바이스의 성능 향상에 따라 다양한 응용들의 지원이 가능해지고, 네트워크를 통한 소프트웨어의 업데이트 및 응용프로그램의 다운로드 등이 가능한 개방형 플랫폼으로의 변화에 따른 디지털 컨버젼스는 TMP(Trusted Mobile Platform)라는 새로운 모바일 플랫폼용 규격의 사용을 필요로 하고 있다. 본 고에서는 기존 컴퓨팅 환경과 모바일 플랫폼에 핵심 보안 모듈인 TPM 기술의 국내 외 기술의 동향과 핵심 요소들에 대한 기술적 개념들을 살펴본다.

Hardware Crypto-Core Based Authentication System (하드웨어 암호코어 기반 인증 시스템)

  • Yoo, Sang-Guun;Park, Keun-Young;Kim, Tae-Jun;Kim, Ju-Ho
    • Journal of the Institute of Electronics Engineers of Korea TC
    • /
    • v.46 no.1
    • /
    • pp.121-132
    • /
    • 2009
  • Default password protection used in operating systems have had many advances, but when the attacker has physical access to the server or gets root(administrator) privileges, the attacker can steal the password information(e.g. shadow file in Unix-like systems or SAM file in Windows), and using brute force and dictionary attacks can manage to obtain users' passwords. It is really difficult to obligate users to use complex passwords, so it is really common to find weak accounts to exploit. In this paper, we present a secure authentication scheme based on digital signatures and secure key storage that solves this problem, and explain the possible implementations using Trusted Platform Module(TPM). We also make a performance analysis of hardware and software TPMs inside implementations.

Vulnerability Analysis of Insider Attack on TPM Command Authorization Protocol and Its Countermeasure (TPM 명령어 인가 프로토콜에 대한 내부자 공격 취약점 분석 및 대응책)

  • Oh, Doo-Hwan;Choi, Doo-Sik;Kim, Ki-Hyun;Oh, Soo-Hyun;Ha, Jae-Cheol
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.12 no.3
    • /
    • pp.1356-1366
    • /
    • 2011
  • The TPM(Trusted Platform Module) is a hardware chip to support a trusted computing environment. A rightful user needs a command authorization process in order to use principal TPM commands. To get command authorization from TPM chip, the user should perform the OIAP(Object-Independent Authorization Protocol) or OSAP(Object-Specific Authorization Protocol). Recently, Chen and Ryan alerted the vulnerability of insider attack on TPM command authorization protocol in multi-user environment and presented a countermeasure protocol SKAP(Session Key Authorization Protocol). In this paper, we simulated the possibility of insider attack on OSAP authorization protocol in real PC environment adopted a TPM chip. Furthermore, we proposed a novel countermeasure to defeat this insider attack and improve SKAP's disadvantages such as change of command suructures and need of symmetric key encryption algorithm. Our proposed protocol can prevent from insider attack by modifying of only OSAP command structure and adding of RSA encryption on user and decryption on TPM.

Data Firewall: A TPM-based Security Framework for Protecting Data in Thick Client Mobile Environment

  • Park, Woo-Ram;Park, Chan-Ik
    • Journal of Computing Science and Engineering
    • /
    • v.5 no.4
    • /
    • pp.331-337
    • /
    • 2011
  • Recently, Virtual Desktop Infrastructure (VDI) has been widely adopted to ensure secure protection of enterprise data and provide users with a centrally managed execution environment. However, user experiences may be restricted due to the limited functionalities of thin clients in VDI. If thick client devices like laptops are used, then data leakage may be possible due to malicious software installed in thick client mobile devices. In this paper, we present Data Firewall, a security framework to manage and protect security-sensitive data in thick client mobile devices. Data Firewall consists of three components: Virtual Machine (VM) image management, client VM integrity attestation, and key management for Protected Storage. There are two types of execution VMs managed by Data Firewall: Normal VM and Secure VM. In Normal VM, a user can execute any applications installed in the laptop in the same manner as before. A user can access security-sensitive data only in the Secure VM, for which the integrity should be checked prior to access being granted. All the security-sensitive data are stored in the space called Protected Storage for which the access keys are managed by Data Firewall. Key management and exchange between client and server are handled via Trusted Platform Module (TPM) in the framework. We have analyzed the security characteristics and built a prototype to show the performance overhead of the proposed framework.

An Off-line Dictionary Attack on Command Authorization in TPM and its Countermeasure (TPM에서 명령어 인가에 대한 오프라인 사전 공격과 대응책)

  • Oh, Doo-Hwan;Choi, Doo-Sik;Kim, Ki-Hyun;Ha, Jae-Cheol
    • Journal of the Korea Academia-Industrial cooperation Society
    • /
    • v.12 no.4
    • /
    • pp.1876-1883
    • /
    • 2011
  • The TPM is a hardware chip for making a trusted environment on computing system. We previously need a command authorization process to use principal TPM commands. The command authorization is used to verify an user who knows a usage secret to TPM chip. Since the user uses a simple password to compute usage secret, an attacker can retrieve the password by evasdropping messages between user and TPM chip and applying off-line dictionary attack. In this paper, we simulate the off-line dictionary attack in real PC environment adopted a TPM chip and propose a novel countermeasure to defeat this attack. Our proposed method is very efficient due to its simplicity and adaptability without any modification of TPM command structures.

Analysis of Security Technology of Trusted Platform Modules (신뢰할 수 있는 플랫폼 모듈 (TPM; Trusted Platform Module) 연구의 암호기술 분석)

  • Moon, Sangook
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • /
    • pp.878-881
    • /
    • 2009
  • As for the technology developed for network security, there is little difference of design ability between the domestic and the foreign studies. Although the development of 2048 RSA processor has been undergone, the processing speed does not meet the requirement due to its long width. These days, an RSA processor architecture with higher speed comsuming less resource is necessary. As for the development of RNG (Random Number Generator), the technology trend is moving from PRNG (Pseudo Random Number Generator) to TRNG (True Random Number Generator), also requiring less area and high speed.

  • PDF