The theory and practice in the evolution of trusted computing

Trusted computing (TC) is an emerging technology to enhance the security of various computing platforms by a dedicated secure chip (TPM/TCM), which is widely accepted by both the industrial and academic world. This paper attempts to sketch the evolution of TC from the view of our theoretical and engineering work. In theory, we focus on protocol design and security analysis. We have proposed the first ECDAA protocol scheme based on q-SDH assumption, which highlights a new way to design direct anonymous attestation scheme. In technical evolution, we discuss the key technologies of trust chain, trusted network connection and TC testing and evaluation. We break through several key technologies such as trusted boot, OS measurement and remote attestation, and implement a TC system from TPM/TCM to network. We also design and implement a testing and evaluation system of TC platform, which is the first one put into practical application in China. Finally, with the rapid development of cloud computing and mobile applications, TC is moving toward some new directions, such as the trust in cloud and mobile environments, new TPM standard, and flexible trust execution environment trust establishment method.

[1]  Carsten Rudolph,et al.  Security Evaluation of Scenarios Based on the TCG's TPM Specification , 2007, ESORICS.

[2]  Adrian Perrig,et al.  Bootstrapping Trust in Commodity Computers , 2010, 2010 IEEE Symposium on Security and Privacy.

[3]  Mark Ryan,et al.  Attack, Solution and Verification for Shared Authorisation Data in TCG TPM , 2009, Formal Aspects in Security and Trust.

[4]  Dengguo Feng,et al.  Type-Based Analysis of Protected Storage in the TPM , 2013, ICICS.

[5]  Feng Dengguo,et al.  Analyzing the trust chain of trusted virtualization platform based on the extended LS~2 , 2013 .

[6]  Alec Wolman,et al.  cTPM: A Cloud TPM for Cross-Device Trusted Applications , 2014, NSDI.

[7]  Ben Smyth,et al.  Formal analysis of privacy in Direct Anonymous Attestation schemes , 2015, Sci. Comput. Program..

[8]  Graham Steel,et al.  A Formal Analysis of Authentication in the TPM , 2010, Formal Aspects in Security and Trust.

[9]  Liqun Chen,et al.  On the Design and Implementation of an Efficient DAA Scheme , 2010, IACR Cryptol. ePrint Arch..

[10]  Jiangtao Li,et al.  Flexible and scalable digital signatures in TPM 2.0 , 2013, CCS.

[11]  Xiaofeng Chen,et al.  Direct Anonymous Attestation for Next Generation TPM , 2008, J. Comput..

[12]  Liqun Chen,et al.  A DAA Scheme Requiring Less TPM Resources , 2009, Inscrypt.

[13]  Paul Sangster,et al.  Network Endpoint Assessment (NEA): Overview and Requirements , 2008, RFC.

[14]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[15]  Liqun Chen,et al.  DAA: Fixing the pairing based protocols , 2009, IACR Cryptol. ePrint Arch..

[16]  Chen Xiao The Formal Analysis and Testing of Trusted Platform Module , 2009 .

[17]  Federated Tnc TCG Trusted Network Connect , 2009 .

[18]  Michael Backes,et al.  Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[19]  Dilsun Kirli Kaynar,et al.  A Logic of Secure Systems and its Application to Trusted Computing , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[20]  Amerson H Lin Automated Analysis of Security APIs , 2005 .

[21]  Aoying Zhou,et al.  A Survey on the Management of Uncertain Data: A Survey on the Management of Uncertain Data , 2009 .

[22]  Jiangtao Li,et al.  A Pairing-Based DAA Scheme Further Reducing TPM Resources , 2010, TRUST.

[23]  Graham Steel,et al.  Formal Analysis of Protocols Based on TPM State Registers , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[24]  Ge Wei,et al.  TEEM: A User-Oriented Trusted Mobile Device for Multi-platform Security Applications , 2013, TRUST.

[25]  Liqun Chen,et al.  Offline dictionary attack on TCG TPM weak authorisation data, and solution , 2009 .

[26]  Qin,et al.  Formal Analysis of Trusted Platform Module Commands for Compromising User Key , 2012 .

[27]  Jiangtao Li,et al.  A New Direct Anonymous Attestation Scheme from Bilinear Maps , 2008, TRUST.

[28]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[29]  Paul England,et al.  Para-Virtualized TPM Sharing , 2008, TRUST.

[30]  Dengguo Feng,et al.  DAA Protocol Analysis and Verification , 2011, INTRUST.

[31]  Mattia Monga,et al.  Replay attack in TCG specification and solution , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[32]  Ahmad-Reza Sadeghi,et al.  TCG inside?: a note on TPM specification compliance , 2006, STC '06.

[33]  Jiangtao Li,et al.  A Static Diffie-Hellman Attack on Several Direct Anonymous Attestation Schemes , 2012, INTRUST.

[34]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[35]  Jiangtao Li,et al.  Simplified security notions of direct anonymous attestation and a concrete scheme from pairings , 2009, International Journal of Information Security.

[36]  Stephen R. Tate,et al.  A Direct Anonymous Attestation Scheme for Embedded Devices , 2007, Public Key Cryptography.

[37]  Li Hao Research on Compliant Testing Method of Trusted Cryptography Module , 2009 .

[38]  Ge Wei,et al.  Mobile Trusted Agent (MTA): Build User-Based Trust for General-Purpose Computer Platform , 2013, NSS.

[39]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.