What is TPM?

(Technical explanation) - All, till week 4 (next week) Applications - Examples Dangers/Security - Major issue - Address (why dangerous?) - Comments (is it really dangerous? or just what people say) - Case study Future Trends - How it can be developed further - Any more improvements to be made? (links, videos, diagrams, basically everything..)

Timeline 1. Finish background (this document) by week 5. ⇒ Must have general idea ⇒ Teach each other what we know ⇒ discuss project structure 2. Consult prof on week 6 3. Week 6-9 Revise Outline, Complete report 15 pages, Report to be half done 4. Onwards: Do presentation Links http://researcher.watson.ibm.com/researcher/view_project.php?id=2850 http://habbob.com.br/Cryptographie%20et%20Steganographie/4.pdf http://informatik.uibk.ac.at/teaching/ws2009/esa/crypto_slides.pdf http://people.cs.uchicago.edu/~dinoj/smartcard/security.html http://www.cl.cam.ac.uk/~mkb23/research/Survey.pdf http://www.cl.cam.ac.uk/~mkb23/research/Attacks-on-Crypto-TS.pdf

TPM can be used with any major operating system and works best in conjunction with other security technologies such as firewall’s. Sinosun. The Trusted Computing Group is currently working on specifications for TPM chips for installation in peripheral s and external storage devices. The devices are currently being installed on desktops. potentially. operation based on a single 33 MHz clock ● Support for an external output signal on a General Purpose I/O (GPIO) pin ● Various security features such as over/under voltage detection.5 KB of general-purpose non-volatile memory ● EEPROM for storing upgradable firmware and user keys/data ● Cryptographic engine (up to 2048-bit RSA keys supported) ● Hashing engine (hardware-accelerated SHA-1) ● True Random Number Generator (TRNG) ● Tick counter with tamper detection ● Low Pin Count (LPC) bus interface. including Atmel. Errata Level 0 ● 16-bit microprocessor in 0. The TPM authenticates the computer in question rather than the user. Level 2. TPM chips are available from a number of vendors. email programs and other important applications. such as encryption keys. TPM could. digital certificate’s and password’s. To do so. antivirus software . from: http://whatis. be used on any type of computing device. laptops and tablet PCs by most major manufacturers. TPM stores information specific to the host system. TPM minimizes the risk that data on the computer will be compromised by physical theft or an attack by an external hacker . and memory encryption .22 μm CMOS technology ● 24 Platform Configuration Registers (PCRs) ● 10 key slots ● 1.What is TPM? A trusted platform module (TPM) is a specialized chip that can be installed on the motherboard of a personal computer for the purpose of hardware authentication . smart card s and biometric verification .techtarget. Hardware protection is inherently less vulnerable to software-based attacks and authentication processes are conducted through a secure subsystem. Broadcom.com/definition/trusted-platform-module-TPM Some important hardware details of the 9635 are as follows. ● Claims compliance with TCG TPM Main Specification Family 1. Infineon. reset filter. The device also enhances the security of Web browser’s. low frequency sensor.2. high frequency filter. STMicroelectronics and Winbond.

its a published specification. One example is the caesar cipher. Moreover. Trusted Platform Module (TPM) is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information. What are cryptographic keys (and how do they protect information)? MQ 2. It is not meant to aid in bulk encryption.. MQ1 . Okay. nobody can deduce the plaintext except the person whom the message is intended for.The TPM is not a cryptographic accelerator. the specification does not contain any cryptographic throughput requirements. So GEOFFREY becomes KISJJVIC Alright... that can somehow protect information.. (wikipedia) So. Cryptography involves changing something from plaintext to ciphertext. MQ 1. we must first understand what cryptography is in the first place. that helps. often called the "TPM chip" or "TPM Security Device". MQ1 What are cryptographic keys? To understand cryptographic keys. A becomes E. kinda.. What is a cryptoprocessor? MQ 3. To help us understand. where with a key of E(4). How do people encrypt messages? Using encryption algorithms. seems logical. What are the details of this specification? Sooooo. Lets go back to MQ1 What are cryptographic keys? .. and the general name of implementations of that specification. What that cryptoprocessor does. is store cryptographic keys.SQ(Sub question)1 What is the concept of cryptography? Lets recall what we learn from IST. B becomes F etc. we must first understand these three main points and address these three main questions (MQs). So. lets research on these individually. ie the information is encrpyted. But we don’t really understand. That specification details this thing called a cryptoprocessor. What is a good ciphertext? It must be one such that looking at the ciphertext.

if such a medium really existed. It is such that we can send these messages over to someone else. such that even if in the middle. without caring whether someone else sees the message. Now we can send messages via the internet. really? Something still dosnt seem right. Without the key. then what about the key used to decrypt the key? Encrypt that as well. the person cannot decrypt the message. before sending the message. that would be great. MQ1-SQ2 How do we give someone a key. okay. Only then we will know that the letters must be translated backwards 4 times. Okay. we encrypt the message. an unsecured medium. We could send via a secured medium. which sends messages to millions of people daily? Physically pass a key to each person? Nah thats not likely. And we’re done with MQ1!! Wait. Although different. But now we are saying. Maybe physically pass the person a slip of paper with the key. or something. Then we need the key to decrypt the key to decrypt the key to decrypt the message. and then send the key over to the person.So in the case of the above example of the caesar cipher. cryptographic keys are what encrypted message recipients need to convert the ciphertext back to plaintext. and the other unlocks or decrypts the ciphertext. or a thumbdrive. Lets remember the whole point why we encrypt messages in the first place. to get GEOFFREY. (Let’s assume that the encryption algorithm is something much more cheem than casesar cipher. Ie. if such a medium exists. How do we decrypt this word back to the original? We need to know the key. are we. But would that be practical for large businesses. Well. which is E(4). Also. Nah. if i want to send a message to someone. where the key cant be easily guessed just from looking at the ciphertext). without worrying about the key itself being stolen? The answer: Public key cryptography/Asymetric key cryptography! Public-key cryptography refers to a cryptographic system requiring two separate keys. that wont work. the two parts of the key pair are mathematically linked. we get KISJJVIC. i must first send the key to the person. someone intercepts and obtains the message. One key locks or encrypts the plaintext. we could simply send the plaintext messages themselves via this medium. no one can understand what the original message is saying. one of which is secret and one of which is public. there would be no need for cryptography at all! So how siah? Looks like we have to frame another sub question. So to summarize. Neither . See the problem? So what about the key then! How do we ensure the key we send to the person does not get intercepted? We could encrypt the key.

key can perform both functions by itself. while the private key must not be revealed to anyone not authorized to read the messages. the receiver of the . One key for encryption. And. So they stole a copy of the public key too! But wait. Jiaying sends Jieting the public key (encryption). The decryption key can only decrypt messages encrypted by the one encryption key it is linked with. Jieting sends the message to Jiaying. Using this method: Jiaying creates two keys. Along the way. one private (decryption). geoffrey and alvin cant read the message cuz they dont have the key. from what i understood.(Wikipedia) Okay. Why thats brilliant!!! So now. Jiaying decrypts the message using her private key when she receives it. so lets analyze this further. Jieting encrypts her message using the public key. suppose Jiaying wants to send a message to Jieting. The public key can only encrypt. one public (encrpytion). neither key can perform functions by itself. because she created it in her own PC. Now instead of one key. and now she sees the original message. That means. and never had to send it out! (Ok. it cant decrypt. The public key may be published without compromising security. Only Jiaying will ever have posession of the private(decryption) key. we need two keys. Geoffrey and Alvin steals a copy of the message! But. One key for decryption.

We now know what cryptographic keys are. Thats when we have to go into the specifications of RSA and DSS to see how they actually generate such key pairs.) Examples of such public key algorithms: > RSA (found in secure telephones. What is a cryptoprocessor? Ok. This is great. Since they are linked. Last words before we close MQ1: Well. What then.pdf Slide 15 > DSS. What does it do? Carry out cryptographic operations (basically encrypt and decrypt i suppose). (wikipedia) Lets leave the actual implementation of RSA and DSS for another day. embedded in a packaging with multiple physical security measures. TV set-top boxes. is so special about a cryptoprocessor? Lets again look at wikipedia. It is extremely difficult (or effectively impossible) for anyone to derive the private key. . they store cryptographic keys. A secure cryptoprocessor is a dedicated computer on a chip or microprocessor for carrying out cryptographic operations. a computer chip. the only thing we know about them is. But many things can store keys.ac. which give it a degree of tamper resistance. that counts as “storing cryptographic keys”.uibk. although more complex and versatile secure cryptoprocessors are widely deployed in systems such as Automated teller machines. I can also write the key on a piece of paper.encrypted message will be the one generating the key and sending the key for encrypting to the sender. based only on their knowledge of the public key. to deduce the private key. eliminating the need to protect the rest of the sub-system with physical security measures. military applications. Smartcards are probably the most widely deployed form of secure cryptoprocessor. But in order for public-private key pairs to only work for each other. this public private key thing is great. and go to MQ2. My computer can store a key if i generate it using the RSA algorithm. ethernet network cards and smartcards) http://informatik.at/teaching/ws2009/esa/crypto_slides. The purpose of a secure cryptoprocessor is to act as the keystone of a security sub-system. (wikipedia) So. MQ 2. lets try to put this in simple words A cryptoprocessor is basically. and how they can effectively protect information. they have to be mathematically linked. And the brilliant thing about these algorithms are as such: While it is not impossible to deduce a private key from a public key. it would technically be possible for someone who gets hold of the public key.

How is it secured and tamper-free then? . What the heck is a keystone exactly? A keystone is the wedge-shaped stone piece at the apex of a masonry vault or arch. which is the final piece placed during construction and locks all the stones into position.a cryptoprocessor can do many more things than store keys. But okay. Okay. and we dont have to protect everything else. without which the whole structure would collapse. such as a theory or an organization. it also has the ability to encrypt and decrypt stuff. seriously. how does it act as a keystone the security sub system where it is involved in? Now. allowing the arch to bear weight. lets just look at the chip to see what it looks like on a smart card: Ah. The term is used figuratively to refer to the central supporting element of a larger structure. suppose we assume that the cryptoprocessor is really that important.[3] Example: Trade is the keystone of modern civilization. So like in the case of a smartcard. such that we only need to protect this thing. In fact. What is it used for? To act as a keystone of a security sub-system. again. A keystone is something that supports and puts everything else in place. so a cryptoprocessor is a really great chip. -. it can store keys. that kinda helps but not really. We also know that its used in smart cards. Lets get back to topic What is it used for? To support and put everything else in a security sub-system in place. Looks like the original wikipedia line about TPM was misleading when it said a cryptographic processor just stores keys :/ Lets look at all the parts that dont really make sense: Ok. Why cant they use simple english.. what has cryptography got to do with smart cards? Why do smart cards need this chip? And in the case of a smart card.. But the one thing we know now . that looks familiar.It is packaged securely ie no one can grab it out.-. i suppose this means it is glued in such a way u cant really tamper with the chip in the card.

we now realize something. Otherwise. and decremented when we take tap our card at public transport. Just like earlier on when I talked about cryptography being used for sending encrypted messages. . and the card has to establish that the reader is a valid reader. We all know our EZ-link cards are all tagged to an EZ-link account that store value. the card now recognizes the reader as a valid reader. There has to be some form of information in the form of electrical signals exchanged between our card and the card readers. from someone else’s EZ-link card ID number. alright. Lets take a look at what’s written here: http://people.MQ2-SQ1 . the reader is the one that needs to verify the card.How and why are cryptoprocessors tamper-free? Lets deal with SQ1 first. the card’s cryptographic processor could generate a random number/string then send the number/string to the reader the reader would encrypt it using its own cryptographic processor and key.cs.uchicago. Smartcards send/receive messages too! And who do they send them to? Card readers. Once the card and reader has verifield each other. Let us think about what happens when we tap our EZ-link card when we take public transport. make a fake card from someone else’s EZ-link card ID. someone could just create a malicious reader that sends instructions to the card to increment its amount to 1 million and never have to pay a single cent for transport. this can be done by having the card and the reader share a common secret cryptographic key! so how it works is. Someone could also. But I’ve found a site :D. This value is somehow incremented when we top up our card. And that makes sense. they can now begin to send information/ commands to each other. now the process is repeated. then send it back the card would also have encrypted that random number/string. but this time.Why do smart cards need cryptoprocessors? MQ2-SQ2 . Let’s think about our EZ-link card. so now the card just compares if the ciphertext generated is the same as the one that the reader generates if yes there is a match. The card reader has to first establish that this card is a valid EZ-link card.edu/~dinoj/smartcard/ security. Why do smart cards need cryptoprocessors? You know what? It’s really hard to find any information from Google on this. the reader now the one that generates the random number and matches the returned encryption signal. How could this be done? Well if we follow the implementation described in the above site.html Ah. that makes sense now.

cam. (wikipedia) MQ3: What are the details of the TPM specification? . you need to encrypt the signal and send it back. So this is in fact. After the key is programmed into the chip. and cryptoprocessors to finally go on to TPM itself! We can close MQ2. and finally go to the actual gist of our project: MQ3. we now have an idea why it is so important that one cannot tamper with the cryptoprocessor. using some physical means like blowing it up whenever someone tries to probe.uk/~mkb23/research/Survey. You cant do this without the encryption key! So after thinking about smartcards. often called the "TPM chip" or "TPM Security Device". and MQ3 itself: Trusted Platform Module (TPM) is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information. We want to make sure that no one can probe the chip’s OS to extract the key. We dont want someone to be able to extract out the keys from the cryptoprocessor. we now understand why they need cryptoprocessors. is the access to the encryption keys it stores.cl. and the ways chip makers prevent these attacks: http://www.cl.Now I get what they mean when they were talking about all that cornerstone stuff! You see how important the cryptographic processor is? Someone can intercept the electronic signals such as information and commands sent between the cards and the readers. it has to be restricted in its access such that only the chip itself can use the key.ac. and think they can create another card that sends the same signals. you know what folks! We are now adequately educated about cryptography. cryptographic keys. But. it. and the general name of implementations of that specification. When the reader sends the random number to you.uk/~mkb23/research/Attacks-on-Crypto-TS.cam. because they do not know the keys encoded in the cards and readers.pdf http://www. Lets go on to SQ2 MQ2-SQ2 . and why they are so important.ac.pdf With that. Let us recall our wiki definition. What is the most important information stored in the cryptoprocessor? Its cryptographic key/keys. What we are exactly trying physically secure in the cryptoprocessor. etcetc. and this encrypted signal must be the same as the one the reader produces. The below few links really list down the common ways people can extract keys from chips.How and why are cryptoprocessors tamper-free? In fact from SQ1. which involves TPM directly. they will never be able to bypass the mutual verification stage! You get it? Let’s say you’re trying to create a fake card.

these keys are tied to specific platform measurements. If you have a TPM-equipped Macintosh computer. sometimes called the vault.com/support/docview. actually runs on the same hardware. Future one common use of TPM technology that we may see in the future in Windows. via add-on programs such as Silverlight.” These are the “public” keys that can be used to unlock secured files. This process is called “wrapping” or “binding. with no side effect on the normal working of Mac OS X. For example.) In this case.ibm.) ● Encrypt data such that it can only be decrypted on the physical machine (specifically. however. When you use it. to encrypt Sliverlight video and audio content on some devices. Apple: it is important to note that Apple does not use the TPM.com/home/windows-7-security-and-the-trusted-platform-module/ CLICK on this link >>>> http://www-01. In addition. employ the TPM for a much better guarantee regarding the identities involved. you can use the TPM for its intended purpose.osxbook. from: http://www. the state of things on the system. although often described as physically isolated from the rest of the computer. Microsoft is already using PlayReady. This vault. is digital rights management (DRM). and you have the right hardware and Windows 7 editions. TPM chips are already used in some consumer devices to restrict video playback. ● Encrypt data such that the process is additionally contingent upon one or more "measurements" (in simple terms. It would be easy to require its use on Windows PCs in conjunction with TPM hardware. You can look for this expansion in the next few years as TPM software and hardware goes more mainstream. as determined by hash values contained in one or more TPM Platform Configuration Registers. Windows 7 uses the TPM’s public key to unlock data that’s been encrypted data into a TC (trusted computing) space.) ● Sign data. better known to its enemies as digital restrictions management.com/book/bonus/chapter10/tpm/ http://itexpertvoice. through the physical TPM) it was encrypted on. In the meantime though if you really want to secure your data. Windows: Windows 7 uses the TPM to create cryptographic keys and to encrypt them so that they can be decrypted only by the TPM that created it.wss? uid=pos1R1003970&aid=1 .) Private keys can leave the chip after they have been "wrapped" (encrypted with a TPM-resident key. (Again. decryption will only succeed if the said measurements are identical to their values at encryption time. a separate memory area is set aside for use by the encryption routines and data. ● In protocols (such as SSL) that use key exchange. the private key cannot be stolen (nor can you yourself clone it. Therefore. without the private key ever leaving the chip.TPM Functions: The TPM is a very interesting and complex piece of hardware with many uses. TPM-enabled BitLocker is the way to go. you could use the TPM from within your own programs to: ● Create private/public key pairs such that the private key never leaves the TPM in clear form.

com/news/ 2240157874/Analysis-2012-Will-this-be-the-year-TPM-finally-comes-of-age’ .computerweekly.Seems like this article is talking about future trends: http://www.

Sign up to vote on this title
UsefulNot useful