A. Sadeghi, M. Selhorst, Christian Stüble, C. Wachsmann, M. Winandy
{"title":"TCG里面吗?:关于TPM规范遵从性的说明","authors":"A. Sadeghi, M. Selhorst, Christian Stüble, C. Wachsmann, M. Winandy","doi":"10.1145/1179474.1179487","DOIUrl":null,"url":null,"abstract":"The Trusted Computing Group (TCG) has addressed a new generation of computing platforms employing both supplemental hardware and software with the primary goal to improve the security and the trustworthiness of future IT systems. The core component of the TCG proposal is the Trusted Platform Module (TPM) providing certain cryptographic functions. Many vendors currently equip their platforms with a TPM claiming to be TCG compliant. However, there is no feasible way for application developers and users of TPM-enabled systems to verify this compliance. In practice, manufacturers may exploit the flexibility that the specification itself provides, or they may deviate from it by inappropriate design that might lead to security vulnerabilities. Hence, it is crucial to have an independent means for testing the compliance as well as analyzing the security of different TPMs. In this paper, we aim at making the first steps towards fulfilling this requirement: We have developed a test strategy as well as a prototype test suite for TPM compliance testing. Although our test does not cover the complete TCG specification, our test results show that many TPM implementations do not meet the TCG specification and have bugs. Moreover, we discuss that non-compliance may have crucial impact on security, and point out the corresponding security problems in case of a widespread TPM.","PeriodicalId":401412,"journal":{"name":"Scalable Trusted Computing","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"83","resultStr":"{\"title\":\"TCG inside?: a note on TPM specification compliance\",\"authors\":\"A. Sadeghi, M. Selhorst, Christian Stüble, C. Wachsmann, M. Winandy\",\"doi\":\"10.1145/1179474.1179487\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Trusted Computing Group (TCG) has addressed a new generation of computing platforms employing both supplemental hardware and software with the primary goal to improve the security and the trustworthiness of future IT systems. The core component of the TCG proposal is the Trusted Platform Module (TPM) providing certain cryptographic functions. Many vendors currently equip their platforms with a TPM claiming to be TCG compliant. However, there is no feasible way for application developers and users of TPM-enabled systems to verify this compliance. In practice, manufacturers may exploit the flexibility that the specification itself provides, or they may deviate from it by inappropriate design that might lead to security vulnerabilities. Hence, it is crucial to have an independent means for testing the compliance as well as analyzing the security of different TPMs. In this paper, we aim at making the first steps towards fulfilling this requirement: We have developed a test strategy as well as a prototype test suite for TPM compliance testing. Although our test does not cover the complete TCG specification, our test results show that many TPM implementations do not meet the TCG specification and have bugs. Moreover, we discuss that non-compliance may have crucial impact on security, and point out the corresponding security problems in case of a widespread TPM.\",\"PeriodicalId\":401412,\"journal\":{\"name\":\"Scalable Trusted Computing\",\"volume\":\"9 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-11-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"83\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Scalable Trusted Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1179474.1179487\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Scalable Trusted Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1179474.1179487","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
TCG inside?: a note on TPM specification compliance
The Trusted Computing Group (TCG) has addressed a new generation of computing platforms employing both supplemental hardware and software with the primary goal to improve the security and the trustworthiness of future IT systems. The core component of the TCG proposal is the Trusted Platform Module (TPM) providing certain cryptographic functions. Many vendors currently equip their platforms with a TPM claiming to be TCG compliant. However, there is no feasible way for application developers and users of TPM-enabled systems to verify this compliance. In practice, manufacturers may exploit the flexibility that the specification itself provides, or they may deviate from it by inappropriate design that might lead to security vulnerabilities. Hence, it is crucial to have an independent means for testing the compliance as well as analyzing the security of different TPMs. In this paper, we aim at making the first steps towards fulfilling this requirement: We have developed a test strategy as well as a prototype test suite for TPM compliance testing. Although our test does not cover the complete TCG specification, our test results show that many TPM implementations do not meet the TCG specification and have bugs. Moreover, we discuss that non-compliance may have crucial impact on security, and point out the corresponding security problems in case of a widespread TPM.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
