Enabling Key Migration Between Non-compatible TPM Versions

Karlsson, Linus; Hell, Martin

doi:10.1007/978-3-319-45572-3_6

Enabling Key Migration Between Non-compatible TPM Versions

Linus Karlsson¹⁵ &
Martin Hell¹⁵

Conference paper
First Online: 21 August 2016

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9824))

Abstract

We consider the problem of migrating keys from TPM 1.2 to the backwards incompatible TPM 2.0. The major differences between the two versions introduce several challenges for deployed systems when support for TPM 2.0 is introduced. We show how TPM 2.0 support can be introduced while still maintaining the functionality specified by TPM 1.2, allowing a smoother transition to the newer version. Specifically, we propose a solution such that keys can be migrated from TPM 1.2 to TPM 2.0, while retaining behavior with regard to e.g. authorization, migration secrets, PCR values and CMK functionality. This is achieved by utilizing new functionality, such as policies, in TPM 2.0. The proposed solution is implemented and verified using TPM emulators to ensure correctness.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

Chen, C., Raj, H., Saroiu, S., Wolman, A.: cTPM: a cloud TPM for cross-device trusted applications. In: 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14). USENIX Association, Seattle, WA, April 2014
Google Scholar
Hell, M., Karlsson, L., Smeets, B., Mirosavljevic, J.: Using TPM secure storage in trusted high availability systems. In: Yung, M., Zhang, J., Yang, Z. (eds.) INTRUST 2015. LNCS, vol. 9565, pp. 243–258. Springer, Heidelberg (2016)
Google Scholar
IBM: IBM’s software trusted platform module. http://ibmswtpm.sourceforge.net/
Infineon: Infineon Advances Trusted Computing with New OPTIGA™ TPM Family: Security Chips Serve Industrial/Embedded Environments and Support Next Generation TPM 2.0 Firmware. http://www.infineon.com/cms/en/about-infineon/press/press-releases/2013/INFCCS201309-062.html
Infineon: Infineon Expands its Trusted Computing Expertise to Mobile Devices: OPTIGA™ TPM 2.0 Chips Secure Microsoft Surface Pro 3 Tablet. http://www.infineon.com/cms/en/about-infineon/press/press-releases/2015/INFCCS201502-026.html
Microsoft: BitLocker Drive Encryption Overview. https://www.microsoft.com/en-us/download/details.aspx?id=29076
Microsoft: TSS.MSR v1.1 TPM2 simulator. http://research.microsoft.com/en-US/downloads/35116857-e544-4003-8e7b-584182dc6833/default.aspx
Microsoft: Understanding and Evaluating Virtual Smart Cards, July 2014
Google Scholar
Nyman, T., Ekberg, J.E., Asokan, N.: Citizen electronic identities using TPM 2.0. In: Proceedings of the 4th International Workshop on Trustworthy Embedded Devices, TrustED 2014, pp. 37–48. ACM, New York (2014)
Google Scholar
Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the 2009 Conference on Hot topics in Cloud Computing. USENIX Association (2009)
Google Scholar
Sinha, A., Jia, L., England, P., Lorch, J.R.: Continuous tamper-proof logging using TPM 2.0. In: Holz, T., Ioannidis, S. (eds.) Trust 2014. LNCS, vol. 8564, pp. 19–36. Springer, Heidelberg (2014)
Google Scholar
Srivastava, A., Raj, H., Giffin, J., England, P.: Trusted VM snapshots in untrusted cloud infrastructures. In: Balzarotti, D., Stolfo, S.J., Cova, M. (eds.) RAID 2012. LNCS, vol. 7462, pp. 1–21. Springer, Heidelberg (2012)
Chapter Google Scholar
Trusted Computing Group: Trusted Computing Platform Alliance (TCPA), Main Specification Version 1.1b, February 2002
Google Scholar
Trusted Computing Group: Interoperability Specification for Backup and Migration Services, Specification Version: 1.0 Final, Revision 1.0, June 2005
Google Scholar
Trusted Computing Group: TPM main specification, Version 1.2, Revision 116, March 2011
Google Scholar
Trusted Computing Group: Trusted Platform Module Library Specification, Family “2.0”, Level 00, Revision 01.16, October 2014
Google Scholar

Download references

Acknowledgments

The authors would like to thank the anonymous reviewers for their helpful and valuable comments.

Author information

Authors and Affiliations

Department of Electrical and Information Technology, Lund University, P.O. Box 118, 221 00, Lund, Sweden
Linus Karlsson & Martin Hell

Authors

Linus Karlsson
View author publications
You can also search for this author in PubMed Google Scholar
Martin Hell
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Linus Karlsson .

Editor information

Editors and Affiliations

University of California , Irvine, USA
Michael Franz
Royal Institute of Technology , Stockholm, Sweden
Panos Papadimitratos

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Karlsson, L., Hell, M. (2016). Enabling Key Migration Between Non-compatible TPM Versions. In: Franz, M., Papadimitratos, P. (eds) Trust and Trustworthy Computing. Trust 2016. Lecture Notes in Computer Science(), vol 9824. Springer, Cham. https://doi.org/10.1007/978-3-319-45572-3_6

Download citation

DOI: https://doi.org/10.1007/978-3-319-45572-3_6
Published: 21 August 2016
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-45571-6
Online ISBN: 978-3-319-45572-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics