A formal analysis of Trusted Platform Module 2.0 hash-based message authentication code authorization under digital rights management scenario

Trusted Platform Module TPM is the "root of trust" of the whole trusted computing platform. The TPM's own security assurance is very important. This paper describes the TPM 2.0 hash-based message authentication code HMAC authorization scheme as a security protocol and makes a detail comparison of the TPM 2.0 authorization to the TPM 1.2 "Object-Independent Authorization Protocol" and the "Object-Specific Authorization Protocol." Then the authors use the typed pi calculus to describe the TPM 2.0 HMAC authorization and its security properties under the Digital Rights Management DRM scenario and use ProVerify to reason that the key handle manipulation attack for TPM 1.2 does not exist any more in TPM 2.0, because the access entity unique name has been linked to the HMAC value, but the vulnerability of key blob substitution still exists in TPM 2.0. Copyright © 2015 John Wiley & Sons, Ltd.

[1]  Emin Anarim,et al.  Security analysis of an ultra-lightweight RFID authentication protocol - SLMAP , 2012, Secur. Commun. Networks.

[2]  Cédric Fournet,et al.  Compiling Information-Flow Security to Minimal Trusted Computing Bases , 2011, ESOP.

[3]  Graham Steel,et al.  Formal Analysis of Protocols Based on TPM State Registers , 2011, 2011 IEEE 24th Computer Security Foundations Symposium.

[4]  Chen Xiao The Formal Analysis and Testing of Trusted Platform Module , 2009 .

[5]  Carsten Rudolph,et al.  Security Evaluation of Scenarios Based on the TCG's TPM Specification , 2007, ESORICS.

[6]  Graham Steel,et al.  A Formal Analysis of Authentication in the TPM , 2010, Formal Aspects in Security and Trust.

[7]  Dilsun Kirli Kaynar,et al.  A Logic of Secure Systems and its Application to Trusted Computing , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[8]  Amerson H Lin Automated Analysis of Security APIs , 2005 .

[9]  Liqun Chen,et al.  Offline dictionary attack on TCG TPM weak authorisation data, and solution , 2009 .

[10]  Xiao-Feng Chen The Formal Analysis and Testing of Trusted Platform Module: The Formal Analysis and Testing of Trusted Platform Module , 2009 .

[11]  Elsayed E. Hemayed,et al.  Using trusted computing in trusted mail transfer protocol , 2014, Secur. Commun. Networks.

[12]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[13]  Stefan Katzenbeisser,et al.  Revocation of TPM Keys , 2009, TRUST.

[14]  Wassim El-Hajj,et al.  The most recent SSL security attacks: origins, implementation, evaluation, and suggested countermeasures , 2012, Secur. Commun. Networks.

[15]  Mark Ryan,et al.  Attack, Solution and Verification for Shared Authorisation Data in TCG TPM , 2009, Formal Aspects in Security and Trust.

[16]  J. Ball,et al.  Revealed: How US and UK Spy Agencies Defeat Internet Privacy and Security , 2013 .

[17]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[18]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[19]  Feng Dengguo Security Analysis and Research on TPM Migratable Key , 2012 .

[20]  Mattia Monga,et al.  Replay attack in TCG specification and solution , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[21]  Elaine B. Barker,et al.  SP 800-56A. Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised) , 2007 .

[22]  Yan Fei An Improved Cryptology Mechanism of Trusted Computing Platform , 2009 .