TPM2.0规范中HMAC授权的正式分析

J. Shao, Yu Qin, D. Feng
{"title":"TPM2.0规范中HMAC授权的正式分析","authors":"J. Shao, Yu Qin, D. Feng","doi":"10.1049/iet-ifs.2016.0005","DOIUrl":null,"url":null,"abstract":"The Trusted Platform Module (TPM) is a system component that provides a hardware-based approach to establish trust in a platform. The latest TPM2.0 specification was accepted as the ISO standard in 2015. It offers functionality for key management by storing keys into the TPM's protected storage. The access to the TPM-resident key object is protected by the session-based authorisation mechanism. This mechanism is keyed to the object's authorisation value known as authValue and the session-bound secret value known as sessionKey. The new authValue introduced into the TPM is protected by the sessionbased encryption mechanism, which is also keyed on the sessionKey. In the authors' study, they conduct a formal analysis of the TPM2.0 HMAC (hash message authentication code) authorisation mechanism used in the key management. They first use the stateful applied π calculus to formalise the session-based HMAC authorisation and encryption mechanisms in a model of TPM2.0 API commands. They propose a threat model to formalise the secrecy and authentication properties. Then they discuss several attacking scenarios in practice where the sessionKey could be disclosed. They also instantiate their threat model according to specific attacking scenarios. By using the SAPIC tool and the tamarin prover, they automatically give out the analysis results of their models.","PeriodicalId":13305,"journal":{"name":"IET Inf. Secur.","volume":"57 1","pages":"133-140"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Formal analysis of HMAC authorisation in the TPM2.0 specification\",\"authors\":\"J. Shao, Yu Qin, D. Feng\",\"doi\":\"10.1049/iet-ifs.2016.0005\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Trusted Platform Module (TPM) is a system component that provides a hardware-based approach to establish trust in a platform. The latest TPM2.0 specification was accepted as the ISO standard in 2015. It offers functionality for key management by storing keys into the TPM's protected storage. The access to the TPM-resident key object is protected by the session-based authorisation mechanism. This mechanism is keyed to the object's authorisation value known as authValue and the session-bound secret value known as sessionKey. The new authValue introduced into the TPM is protected by the sessionbased encryption mechanism, which is also keyed on the sessionKey. In the authors' study, they conduct a formal analysis of the TPM2.0 HMAC (hash message authentication code) authorisation mechanism used in the key management. They first use the stateful applied π calculus to formalise the session-based HMAC authorisation and encryption mechanisms in a model of TPM2.0 API commands. They propose a threat model to formalise the secrecy and authentication properties. Then they discuss several attacking scenarios in practice where the sessionKey could be disclosed. They also instantiate their threat model according to specific attacking scenarios. By using the SAPIC tool and the tamarin prover, they automatically give out the analysis results of their models.\",\"PeriodicalId\":13305,\"journal\":{\"name\":\"IET Inf. Secur.\",\"volume\":\"57 1\",\"pages\":\"133-140\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-11-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IET Inf. Secur.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1049/iet-ifs.2016.0005\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Inf. Secur.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1049/iet-ifs.2016.0005","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3

摘要

可信平台模块(Trusted Platform Module, TPM)是一个系统组件,它提供了一种基于硬件的方法来在平台中建立信任。最新的TPM2.0规范于2015年被接受为ISO标准。它通过将密钥存储到TPM受保护的存储中来提供密钥管理功能。对驻留tpm密钥对象的访问受到基于会话的授权机制的保护。该机制与对象的授权值authValue和会话绑定的秘密值sessionKey相关。引入到TPM中的新authValue受到基于会话的加密机制的保护,该机制也在sessionKey上进行密钥设置。在作者的研究中,他们对密钥管理中使用的TPM2.0 HMAC(哈希消息认证码)授权机制进行了正式分析。他们首先使用状态应用π演算在TPM2.0 API命令模型中形式化基于会话的HMAC授权和加密机制。他们提出了一个威胁模型来形式化保密和身份验证属性。然后,他们讨论了几个可能会泄露sessionKey的攻击场景。他们还根据特定的攻击场景实例化他们的威胁模型。利用SAPIC工具和绢毛猴证明器,自动给出了模型的分析结果。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Formal analysis of HMAC authorisation in the TPM2.0 specification
The Trusted Platform Module (TPM) is a system component that provides a hardware-based approach to establish trust in a platform. The latest TPM2.0 specification was accepted as the ISO standard in 2015. It offers functionality for key management by storing keys into the TPM's protected storage. The access to the TPM-resident key object is protected by the session-based authorisation mechanism. This mechanism is keyed to the object's authorisation value known as authValue and the session-bound secret value known as sessionKey. The new authValue introduced into the TPM is protected by the sessionbased encryption mechanism, which is also keyed on the sessionKey. In the authors' study, they conduct a formal analysis of the TPM2.0 HMAC (hash message authentication code) authorisation mechanism used in the key management. They first use the stateful applied π calculus to formalise the session-based HMAC authorisation and encryption mechanisms in a model of TPM2.0 API commands. They propose a threat model to formalise the secrecy and authentication properties. Then they discuss several attacking scenarios in practice where the sessionKey could be disclosed. They also instantiate their threat model according to specific attacking scenarios. By using the SAPIC tool and the tamarin prover, they automatically give out the analysis results of their models.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信