Fine-Grained Refinement on TPM-Based Protocol Applications

Trusted Platform Module (TPM) is a coprocessor for detecting platform integrity and attesting the integrity to the remote entity. There are two obstacles in the application of TPM: minimizing trusted computing base (TCB) for reducing risk of flaws in TCB, for which a number of convincing solutions have been developed; formal guarantees on each level of TCB, where the formal methods on analyzing the application level have not been well addressed. To the best of our knowledge, there is no general formal framework for developing the TPM-based protocol applications, which not only guarantees the security but also makes it easier for design. In this paper, we make fine-grained refinement on TPM-based security protocols to illustrate our formal solution on the application level by using the Event-B language. First, we modify the classical Dolev-Yao attacker model, which assumes normal entity's compliance with the protocol even without TPM's protection. Thus, the classical security protocols are vulnerable in this modified attacker model. Second, we make stepwise refinement of the security protocol by refining the protocol events and adding security constraints. From the fifth refinement, we make a case study to illustrate the entire refinement and further formally prove the key agreement protocol from DAAODV, the TPM-based routing protocol, under the extended Dolev-Yao attacker model. The refinement provides another way of formal modeling the TPM-based security protocols and a more fine-grained model to satisfy with the rigorous security requirement of applying TPM. Finally, we prove all the proof obligations generated by Rodin, an Eclipse-based IDE for Event-B, to ensure the soundness of our proposal.

[1]  Christoph Sprenger,et al.  Developing security protocols by refinement , 2010, CCS '10.

[2]  N. H. Beebe on Software Tools for Technology Transfer ( STTT ) , 2005 .

[3]  Giampaolo Bella,et al.  Formal Correctness of Security Protocols (Information Security and Cryptography) , 2007 .

[4]  Hideki Imai,et al.  ON SEEKING SMART PUBLIC-KEY-DISTRIBUTION SYSTEMS. , 1986 .

[5]  Amerson H Lin Automated Analysis of Security APIs , 2005 .

[6]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[7]  Ahmad-Reza Sadeghi,et al.  Property-Based Attestation without a Trusted Third Party , 2008, ISC.

[8]  Michal Moskal,et al.  Verifying Implementations of Security Protocols by Refinement , 2012, VSTTE.

[9]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[10]  Michael Backes,et al.  Type-checking zero-knowledge , 2008, CCS.

[11]  Wenchao Huang,et al.  DAAODV: A Secure Ad Hoc Routing Protocol Based on Direct Anonymous Attestation , 2009, 2009 International Conference on Computational Science and Engineering.

[12]  David Grawrock Dynamics of a trusted platform: a building block approach , 2009 .

[13]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[14]  Graham Steel,et al.  Formal Analysis of Protocols Based on TPM State Registers , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[15]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[16]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[17]  Carsten Rudolph,et al.  Security Evaluation of Scenarios Based on the TCG's TPM Specification , 2007, ESORICS.

[18]  Michael Backes,et al.  Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[19]  Graham Steel,et al.  A Formal Analysis of Authentication in the TPM , 2010, Formal Aspects in Security and Trust.

[20]  Thai Son Hoang,et al.  Rodin: an open toolset for modelling and reasoning in Event-B , 2010, International Journal on Software Tools for Technology Transfer.

[21]  Adrian Perrig,et al.  Bootstrapping Trust in Commodity Computers , 2010, 2010 IEEE Symposium on Security and Privacy.

[22]  Jean-Raymond Abrial,et al.  Refinement, Decomposition, and Instantiation of Discrete Models: Application to Event-B , 2007, Fundam. Informaticae.

[23]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[24]  Colin Boyd,et al.  Automated Proofs for Diffie-Hellman-Based Key Exchanges , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[25]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[26]  Heiko Stamer,et al.  A Software-Based Trusted Platform Module Emulator , 2008, TRUST.

[27]  Jean-Raymond Abrial,et al.  Modeling in event-b - system and software engineering by Jean-Raymond Abrial , 2010, SOEN.

[28]  Michael K. Reiter,et al.  Minimal TCB Code Execution , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[29]  Adrian Perrig,et al.  TrustVisor: Efficient TCB Reduction and Attestation , 2010, 2010 IEEE Symposium on Security and Privacy.

[30]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[31]  Jonathan C. Herzog,et al.  The Diffie-Hellman key-agreement scheme in the strand-space model , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[32]  Robert H. Deng,et al.  Shifting Inference Control to User Side: Architecture and Protocol , 2010, IEEE Transactions on Dependable and Secure Computing.