Abstract
We consider the problem of migrating keys from TPM 1.2 to the backwards incompatible TPM 2.0. The major differences between the two versions introduce several challenges for deployed systems when support for TPM 2.0 is introduced. We show how TPM 2.0 support can be introduced while still maintaining the functionality specified by TPM 1.2, allowing a smoother transition to the newer version. Specifically, we propose a solution such that keys can be migrated from TPM 1.2 to TPM 2.0, while retaining behavior with regard to e.g. authorization, migration secrets, PCR values and CMK functionality. This is achieved by utilizing new functionality, such as policies, in TPM 2.0. The proposed solution is implemented and verified using TPM emulators to ensure correctness.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Chen, C., Raj, H., Saroiu, S., Wolman, A.: cTPM: a cloud TPM for cross-device trusted applications. In: 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14). USENIX Association, Seattle, WA, April 2014
Hell, M., Karlsson, L., Smeets, B., Mirosavljevic, J.: Using TPM secure storage in trusted high availability systems. In: Yung, M., Zhang, J., Yang, Z. (eds.) INTRUST 2015. LNCS, vol. 9565, pp. 243–258. Springer, Heidelberg (2016)
IBM: IBM’s software trusted platform module. http://ibmswtpm.sourceforge.net/
Infineon: Infineon Advances Trusted Computing with New OPTIGA™ TPM Family: Security Chips Serve Industrial/Embedded Environments and Support Next Generation TPM 2.0 Firmware. http://www.infineon.com/cms/en/about-infineon/press/press-releases/2013/INFCCS201309-062.html
Infineon: Infineon Expands its Trusted Computing Expertise to Mobile Devices: OPTIGA™ TPM 2.0 Chips Secure Microsoft Surface Pro 3 Tablet. http://www.infineon.com/cms/en/about-infineon/press/press-releases/2015/INFCCS201502-026.html
Microsoft: BitLocker Drive Encryption Overview. https://www.microsoft.com/en-us/download/details.aspx?id=29076
Microsoft: TSS.MSR v1.1 TPM2 simulator. http://research.microsoft.com/en-US/downloads/35116857-e544-4003-8e7b-584182dc6833/default.aspx
Microsoft: Understanding and Evaluating Virtual Smart Cards, July 2014
Nyman, T., Ekberg, J.E., Asokan, N.: Citizen electronic identities using TPM 2.0. In: Proceedings of the 4th International Workshop on Trustworthy Embedded Devices, TrustED 2014, pp. 37–48. ACM, New York (2014)
Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the 2009 Conference on Hot topics in Cloud Computing. USENIX Association (2009)
Sinha, A., Jia, L., England, P., Lorch, J.R.: Continuous tamper-proof logging using TPM 2.0. In: Holz, T., Ioannidis, S. (eds.) Trust 2014. LNCS, vol. 8564, pp. 19–36. Springer, Heidelberg (2014)
Srivastava, A., Raj, H., Giffin, J., England, P.: Trusted VM snapshots in untrusted cloud infrastructures. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 1–21. Springer, Heidelberg (2012)
Trusted Computing Group: Trusted Computing Platform Alliance (TCPA), Main Specification Version 1.1b, February 2002
Trusted Computing Group: Interoperability Specification for Backup and Migration Services, Specification Version: 1.0 Final, Revision 1.0, June 2005
Trusted Computing Group: TPM main specification, Version 1.2, Revision 116, March 2011
Trusted Computing Group: Trusted Platform Module Library Specification, Family “2.0”, Level 00, Revision 01.16, October 2014
Acknowledgments
The authors would like to thank the anonymous reviewers for their helpful and valuable comments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Karlsson, L., Hell, M. (2016). Enabling Key Migration Between Non-compatible TPM Versions. In: Franz, M., Papadimitratos, P. (eds) Trust and Trustworthy Computing. Trust 2016. Lecture Notes in Computer Science(), vol 9824. Springer, Cham. https://doi.org/10.1007/978-3-319-45572-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-45572-3_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45571-6
Online ISBN: 978-3-319-45572-3
eBook Packages: Computer ScienceComputer Science (R0)