University of Surrey

Test tubes in the lab Research in the ATI Dance Research

One TPM to bind them all: fixing TPM2.0 for provably secure anonymous attestation

Camenisch, J, Chen, Liqun, Drijvers, M, Lehmann, A, Novick, D and Urian, R (2017) One TPM to bind them all: fixing TPM2.0 for provably secure anonymous attestation In: 38th IEEE Symposium on Security and Privacy, 2017-05-22 - 2017-05-24, San Jose, CA.

[img]
Preview
Text
IEEEs&p2017.pdf - Accepted version Manuscript

Download (475kB) | Preview
[img]
Preview
Text (licence)
SRI_deposit_agreement.pdf
Available under License : See the attached licence file.

Download (33kB) | Preview

Abstract

The Trusted Platform Module (TPM) is an international standard for a security chip that can be used for the management of cryptographic keys and for remote attestation. The specification of the most recent TPM 2.0 interfaces for direct anonymous attestation unfortunately has a number of severe shortcomings. First of all, they do not allow for security proofs (indeed, the published proofs are incorrect). Second, they provide a Diffie-Hellman oracle w.r.t. the secret key of the TPM, weakening the security and preventing forward anonymity of attestations. Fixes to these problems have been proposed, but they create new issues: they enable a fraudulent TPM to encode information into an attestation signature, which could be used to break anonymity or to leak the secret key. Furthermore, all proposed ways to remove the Diffie-Hellman oracle either strongly limit the functionality of the TPM or would require significant changes to the TPM 2.0 interfaces. In this paper we provide a better specification of the TPM 2.0 interfaces that addresses these problems and requires only minimal changes to the current TPM 2.0 commands. We then show how to use the revised interfaces to build q-SDH- and LRSW-based anonymous attestation schemes, and prove their security. We finally discuss how to obtain other schemes addressing different use cases such as key-binding for U-Prove and e-cash.

Item Type: Conference or Workshop Item (Conference Paper)
Subjects : Computing Science
Divisions : Faculty of Engineering and Physical Sciences > Computing Science
Authors :
NameEmailORCID
Camenisch, JUNSPECIFIEDUNSPECIFIED
Chen, Liqunliqun.chen@surrey.ac.ukUNSPECIFIED
Drijvers, MUNSPECIFIEDUNSPECIFIED
Lehmann, AUNSPECIFIEDUNSPECIFIED
Novick, DUNSPECIFIEDUNSPECIFIED
Urian, RUNSPECIFIEDUNSPECIFIED
Date : May 2017
Copyright Disclaimer : © 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Contributors :
ContributionNameEmailORCID
UNSPECIFIEDIEEE, UNSPECIFIEDUNSPECIFIED
Depositing User : Symplectic Elements
Date Deposited : 04 Apr 2017 13:10
Last Modified : 19 Jul 2017 09:55
URI: http://epubs.surrey.ac.uk/id/eprint/813931

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year


Information about this web site

© The University of Surrey, Guildford, Surrey, GU2 7XH, United Kingdom.
+44 (0)1483 300800