Towards a New Framework for TPM Compliance Testing

Authors

  • Usama Tharwat Elhagari Faculty of Computing, Universiti Teknologi Malaysia, 81310 UTM Johor Bahru, Johor, Malaysia
  • Bharanidharan Shanmugam Advanced Informatics School, 81310 UTM Johor Bahru, Johor, Malaysia
  • Jamalul-lail Ab. Manan MIMOS Berhad, Malaysia

DOI:

https://doi.org/10.11113/jt.v73.4186

Keywords:

Trusted platform module, compliance testing, modelling, trusted computing, FSM, EFSM

Abstract

Trusted Computing Group (TCG) has proposed the Trusted Computing (TC) concept. Subsequently, TC becomes a common base for many new computing platforms, called Trusted Platform (TP) architecture (hardware and software) that, practically, has a built-in trusted hardware component mounted at the hardware layer and a corresponding trusted software component installed at the operating system level.  The trusted hardware component is called Trusted Platform Module (TPM) whose specification has been issued by TCG group and it is implemented by the industry as a tamper-resistant integrated circuit. In practice, the security of an IT TPM-enabled system relies on the correctness of its mounted TPM. Thus, TPM testing is urgently needed to assist in building confidence of the users on the security functionality provided by the TPM. This paper presents the state of the art of the modelling methods being used in the TPM compliance testing as well as it demonstrates some of the important attacks against TPM. Finally, the paper proposes new framework criteria for TPM Testing that aim at increasing the quality of TPM testing.  

References

Ahmad-Reza, S., et al. 2006. TCG Inside? A Note on TPM Specification Compliance. In Proceedings of the first ACM workshop on Scalable trusted computing. ACM: Alexandria, Virginia, USA.

Ruhr-University. Chair for System Security-TPM Compliance Test. 2006 [cited 2009 October 18]; Available from: http://www.trust.rub.de/home/current-projects/tpmct/.

Lee, D. and M. Yannakakis. 1996. Principles and Methods of Testing Finite State Machines-A Survey. Proceedings of the IEEE. 84(8): 1090–1123.

Zhan, J., et al. 2008. Research on Automated Testing of the Trusted Platform Model. Zhang Jia Jie, Hunan, China: Inst. of Elec. and Elec. Eng. Computer Society.

Zhang, H., et al. 2008. A Practical Solution to Trusted Computing Platform Testing. Wuhan, Hubei, China: Inst. of Elec. and Elec. Eng. Computer Society.

Bourhfir, C., et al. 1997. Automatic Executable Test Case Generation for Extended Finite State Machine Protocols. In Testing of Communicating Systems. Springer. 75–90.

Petrenko, A., S. Boroday, and R. Groz. 2004. Confirming Configurations in EFSM Testing. Software Engineering, IEEE Transactions on. 30(1): 29–42.

Bochmann, G. V. and J. Gecsei. 1977. A Unified Method for the Specification and Verification of Protocols. Proceedings of IFIP Congress 77. 229–234.

Li, H., H. Hu, and X.-F. Chen. 2009. Research on Compliant Testing Method of Trusted Cryptography Module. Jisuanji Xuebao/Chinese Journal of Computers. 32(4): 654–663.

Bernhard, K., Oslo. 2007. Improving the Security of Trusted Computing, in Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium. USENIX Association: Boston, MA.

Kursawe, K., D. Schellekens, and B. Preneel. 2005. Analyzing trusted platform communication, in In: ECRYPT Workshop, CRASH – CRyptographic Advances in Secure Hardware. 8.

Bruschi, D., et al. Replay attack in TCG specification and solution. 2005. Tucson, AZ, United states: IEEE Computer Society.

Xu, S., et al. 2009. Security Analysis of OIAP Implementation based on BAN Logic. In 1st International Conference on Multimedia Information Networking and Security, MINES 2009. Hubei.

Chen, L. and M. Ryan. 2009. Offline Dictionary Attack on TCG TPM Weak Authorisation Data, and Solution. In Future of Trust in Computing. 193-196.

Gürgens, S., et al. 2008. Security Evaluation of Scenarios Based on the TCG’s TPM Specification, in Computer Security–ESORICS 2007. 438–453.

Delaune, S., et al. 2011. A Formal Analysis of Authentication in the TPM. In Formal Aspects of Security and Trust. Springer. 111–125.

Fu, D., et al. 2013. Authentication of the Command TPM_CertifyKey in the Trusted Platform Module. TELKOMNIKA Indonesian Journal of Electrical Engineering. 11(2): 855–863.

Tarnovsky, C. 2010. Deconstructing A `Secure' Processor. In Black Hat Brie_ngs Federal. http://www.blackhat.com/presentations/bh-dc-10/Tarnovsky_Chris/BlackHat%-DC-2010-Tarnovsky-DASP-. February 2010.

Jackson, W. Black Hat: Engineer Cracks 'Secure' TPM Chip. 2010; Available from: http://redmondmag.com/articles/2010/02/03/black-hat-engineer-cracks-tpm-chip.aspx.

Chen, L., et al. 2009. Attacking the BitLocker Boot Process, in Trusted Computing. Springer Berlin / Heidelberg. 183–196.

Wojtczuk, R. and J. Rutkowska. 2009. Attacking Intel Trusted Execution Technology in,In Black Hat DC, http://invisiblethingslab.com/resources/bh09dc/Attacking%20Intel%20TXT%20-%20paper.pdf. 2009.

Li, H., D. Feng, and X. Chen. 2009. Compliant Testing Method of Trusted Cryptography Module [J]. Journal of Wuhan University (Natural Science Edition). 1: 008.

Xiao-Feng, C. 2009. The Formal Analysis and Testing of Trusted Platform Module. Chinese Journal of Computers. 32(4): 646–653.

Downloads

Published

2015-03-09

Issue

Vol. 73 No. 2: Special Issue on International Conference of Recent Trends in Information and Communication Technology (IRICT 2014)

Section

Science and Engineering

License

Copyright of articles that appear in Jurnal Teknologi belongs exclusively to Penerbit Universiti Teknologi Malaysia (Penerbit UTM Press). This copyright covers the rights to reproduce the article, including reprints, electronic reproductions, or any other reproductions of similar nature.

How to Cite

Towards a New Framework for TPM Compliance Testing. (2015). Jurnal Teknologi, 73(2). https://doi.org/10.11113/jt.v73.4186