Design and implementation of a portable TPM scheme for general-purpose trusted computing based on EFI

In today’s globalized digital world, network-based, mobile, and interactive collaborations have enabled work platforms of personal computers to cross multiple geographical boundaries. The new requirements of privacy-preservation, sensitive information sharing, portability, remote attestation, and robust security create new problems in system design and implementation. There are critical demands for highly secure work platforms and security enhancing mechanisms for ensuring privacy protection, component integrity, sealed storage, and remote attestation of platforms. Trusted computing is a promising technology for enhancing the security of a platform using a trusted platform module (TPM). TPM is a tamper-resistant microcontroller designed to provide robust security capabilities for computing platforms. It typically is affixed to the motherboard with a low pin count (LPC) bus. However, it limited in that TPM cannot be used directly in current common personal computers (PCs), and TPM is not flexible and portable enough to be used in different platforms because of its interface with the PC and its certificate and key structure. For these reasons, we propose a portable trusted platform module (PTPM) scheme to build a trusted platform for the common PC based on a single cryptographic chip with a universal serial bus (USB) interface and extensible firmware interface (EFI), by which platforms can get a similar degree of security protection in general-purpose systems. We show the structure of certificates and keys, which can bind to platforms via a PTPM and provide users with portability and flexibility in different platforms while still allowing the user and platform to be protected and attested. The implementation of prototype system is described in detail and the performance of the PTPM on cryptographic operations and time-costs of the system bootstrap are evaluated and analyzed. The results of experiments show that PTPM has high performances for supporting trusted computing and it can be used flexibly and portably by the user.

[1]  Zhen Han,et al.  Design and implementation of UsbKey device driver based on Extensible Firmware Interface , 2008, 2008 9th International Conference on Signal Processing.

[2]  Zhou Chang-sheng Research on Trusted Computing Platform in EFI Based on Portable TPM , 2010 .

[3]  Han Zhen,et al.  Enhancing PC Security with a U-Key , 2006, IEEE Security & Privacy.

[4]  Peng Shuang-he Research and implementation of trust transition based on EFI , 2007 .

[5]  Zhen Han,et al.  Trust of User Using U-Key on Trusted Platform , 2006, 2006 8th international Conference on Signal Processing.

[6]  Barbara Gengler Reports: Trusted Computing Platform Alliance , 2001 .

[7]  Leendert van Doorn,et al.  A Practical Guide to Trusted Computing , 2007 .

[8]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[9]  Sheng-Yuan Wang,et al.  Survey of Information Security Risk Assessment , 2010, 2010 International Conference on Electrical and Control Engineering.

[10]  Zhiying Wang,et al.  Trust-enhanced alteration scenario for universal computer , 2005, 11th Pacific Rim International Symposium on Dependable Computing (PRDC'05).