TPM2.0 Key Migration-protocol Based on Duplication Authority
Author:
Affiliation:

Clc Number:

TP309

Fund Project:

National Natural Science Foundation of China (61373162); Key Research and Development Project of Science and Technology Bureau, Sichuan Province (2014GZ0007); Project of Sichuan Provincial Key Laboratory of Visual Computing and Virtual Reality (KJ201402)

  • Article
  • |
  • Figures
  • |
  • Metrics
  • |
  • Reference
  • |
  • Related
  • |
  • Cited by
  • |
  • Materials
  • |
  • Comments
    Abstract:

    International Standard "TPM-Rev-2.0-Part-1-Architecture-01.38" allows users to design a migration protocol based on the duplication interface which provides confidentiality, integrity, and authentication for key migration by innerwrap and outerwrap. However, the researchs have found that there are three problems, one is the lack of mutual authentication between the two parties of the interaction TPM, which results in the transfer of keys between adversaries and TPM. The other is that when the property of the duplication key encryptedDuplication=0 and the new parent key handle newParentHandle=TPM_RH_NULL, the duplication interface can not implement innerwrap and outerwrap, the migration key will be transmitted in clear text. The third is that how are the symmetric encryption key in innerwrap and the seed in outerwrap exchanged securely between the source TPM and the target TPM when the new parent key is a symmetric key. "TPM-Rev-2.0-Part-1-Architecture-01.38" did not give a specific solution. In order to solve the above problems, this study proposes a transfer protocol based on Duplication Authority which uses as the authentication and control center, and the protocol is divided into three phases:initialization phase, authentication and attribute acquisition phase, and control and execution phase. Duplication Authority determines the migration process by the migration key's duplication attributes and types, the key type and handle type of the new parent key. A combination of various compliance attributes was considered and a total of 12 migration processes were designed. Finally, the protocol was analyzed by security and experiments, the results show that the protocol is not only fully compliant with the "TPM-Rev-2.0-Part-1-Architecture-01.38" specification but also meets the requirements of integrity, confidentiality, and authenticity for key migration.

    Reference
    Related
    Cited by
Get Citation

谭良,宋敏.基于Duplication Authority的TPM2.0密钥迁移协议.软件学报,2019,30(8):2287-2313

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:May 25,2018
  • Revised:September 21,2018
  • Adopted:
  • Online: April 03,2019
  • Published:
You are the firstVisitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063