Root-of-Trust Abstractions for Symbolic Analysis: Application to Attestation Protocols

A key component in building trusted computing services is a highly secure anchor that serves as a Root-of-Trust (RoT). There are several works that conduct formal analysis on the security of such commodity RoTs (or parts of it), and also a few ones devoted to verifying the trusted computing service as a whole. However, most of the existing schemes try to verify security without differentiating the internal cryptography mechanisms of the underlying hardware token from the client application cryptography. This approach limits, to some extent, the reasoning that can be made about the level of assurance of the overall system by automated reasoning tools. In this work, we present a methodology that enables the use of formal verification tools towards verifying complex protocols using trusted computing. The focus is on reasoning about the overall application security, provided from the integration of the RoT services, and how these can translate to larger systems when the underlying cryptographic engine is considered perfectly secure. Using the Tamarin prover, we demonstrate the feasibility of our approach by instantiating it for a TPM-based remote attestation service, which is one of the core security services needed in today’s increased attack landscape.

[1]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[2]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[3]  Dengguo Feng,et al.  Formal analysis of HMAC authorisation in the TPM2.0 specification , 2018, IET Inf. Secur..

[4]  Vincent Cheval,et al.  A Little More Conversation, a Little Less Action, a Lot More Satisfaction: Global States in ProVerif , 2018, 2018 IEEE 31st Computer Security Foundations Symposium (CSF).

[5]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[6]  Ralf Sasse,et al.  Formal Analysis and Implementation of a TPM 2.0-based Direct Anonymous Attestation Scheme , 2020, AsiaCCS.

[7]  James Greene Intel ® Trusted Execution Technology Hardware-based Technology for Enhancing Server Platform Security , 2013 .

[8]  Graham Steel,et al.  Formal Analysis of Protocols Based on TPM State Registers , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[9]  Dengguo Feng,et al.  Formal Analysis of Enhanced Authorization in the TPM 2.0 , 2015, AsiaCCS.

[10]  Robert Künnemann,et al.  Automated Analysis of Security Protocols with Global State , 2014, 2014 IEEE Symposium on Security and Privacy.

[11]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[12]  Ronald Perez,et al.  Linking remote attestation to secure tunnel endpoints , 2006, STC '06.

[13]  Will Arthur,et al.  A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security , 2015 .

[14]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[15]  Mario Werner,et al.  SGXIO: Generic Trusted I/O Path for Intel SGX , 2017, CODASPY.

[16]  Mark Ryan,et al.  StatVerif: Verification of Stateful Processes , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[17]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[18]  Mark Ryan,et al.  Attack, Solution and Verification for Shared Authorisation Data in TCG TPM , 2009, Formal Aspects in Security and Trust.

[19]  David A. Basin,et al.  The TAMARIN Prover for the Symbolic Analysis of Security Protocols , 2013, CAV.

[20]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[21]  Dengguo Feng,et al.  Formal Analysis of DAA-Related APIs in TPM 2.0 , 2015, NSS.

[22]  Kenneth A. Goldman,et al.  A Practical Guide to TPM 2.0 , 2015, Apress.

[23]  Zhou Hongwei,et al.  TSGX: Defeating SGX Side Channel Attack with Support of TPM , 2021, 2021 Asia-Pacific Conference on Communications Technology and Computer Science (ACCTCS).