Platform Security Technologies That Use TPM 2.0

Arthur, Will; Challener, David; Goldman, Kenneth

doi:10.1007/978-1-4302-6584-9_22

Cited by 8 publications

(9 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To establish Root-of-Trust on such devices, software-based approaches rely on highly optimized protocol implementation and make certain adversarial assumptions. To address limited security protections of software-based RA schemes, hardware-based approaches rely on trusted computing architectures such as TPM [ 10 ], ARM TrustZone [ 11 ], Sancus [ 14 ]. Despite their strong security guarantees, the requirement for costly customized hardware that cannot be accommodated in small IoT platforms makes hardware-based protocols incompatible with many low-end devices.…”

Section: Related Workmentioning

confidence: 99%

“…Due to the lack of requirements for a specialized tampered-resistance hardware, software-based RA schemes are low-cost solutions in comparison with hardware-based RA. However, using a secure execution environment such as Trusted Platform Module (TPM) [ 10 ], ARM TrustZone [ 11 ], and Intel Software Guard Extensions (SGX) ( (accessed on 31 December 2020)), hardware-based RA provides high-security guarantees, that protects RA protocol execution from compromised software. Nevertheless, classic low-cost IoT devices do not support the requirements of hardware-based schemes for costly specialized hardware-protected modules.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things

Ankergård

Dushku

Dragoni

2021

Sensors

View full text Add to dashboard Cite

The Internet of Things (IoT) ecosystem comprises billions of heterogeneous Internet-connected devices which are revolutionizing many domains, such as healthcare, transportation, smart cities, to mention only a few. Along with the unprecedented new opportunities, the IoT revolution is creating an enormous attack surface for potential sophisticated cyber attacks. In this context, Remote Attestation (RA) has gained wide interest as an important security technique to remotely detect adversarial presence and assure the legitimate state of an IoT device. While many RA approaches proposed in the literature make different assumptions regarding the architecture of IoT devices and adversary capabilities, most typical RA schemes rely on minimal Root of Trust by leveraging hardware that guarantees code and memory isolation. However, the presence of a specialized hardware is not always a realistic assumption, for instance, in the context of legacy IoT devices and resource-constrained IoT devices. In this paper, we survey and analyze existing software-based RA schemes (i.e., RA schemes not relying on specialized hardware components) through the lens of IoT. In particular, we provide a comprehensive overview of their design characteristics and security capabilities, analyzing their advantages and disadvantages. Finally, we discuss the opportunities that these RA schemes bring in attesting legacy and resource-constrained IoT devices, along with open research issues.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things

Ankergård

Dushku

Dragoni

2021

Sensors

View full text Add to dashboard Cite

show abstract

“…Intel Software Guard Extensions (Intel SGX) can provide a trusted environment within an untrusted cloud platform to protect private data in a VM [19,20] . In addition, the Intel Trusted Execution Technique (Intel TXT) can dynamically protect the security of the Virtual Machine Monitor (VMM), i.e., the hypervisor [21] . Unfortunately, both of these techniques require the support of security hardware (e.g., CPU and Basic Input Output System (BIOS)), which makes them difficult to make use of in a virtualization environment.…”

Section: Related Workmentioning

confidence: 99%

Cloud virtual machine lifecycle security framework based on trusted computing

Jin

Wang

et al. 2019

Tinshhua Sci. Technol.

View full text Add to dashboard Cite

As a foundation component of cloud computing platforms, Virtual Machines (VMs) are confronted with numerous security threats. However, existing solutions tend to focus on solving threats in a specific state of the VM. In this paper, we propose a novel VM lifecycle security protection framework based on trusted computing to solve the security threats to VMs throughout their entire lifecycle. Specifically, a concept of the VM lifecycle is presented divided up by the different active conditions of the VM. Then, a trusted computing based security protection framework is developed, which can extend the trusted relationship from trusted platform module to the VM and protect the security and reliability of the VM throughout its lifecycle. The theoretical analysis shows that our proposed framework can provide comprehensive safety to VM in all of its states. Furthermore, experiment results demonstrate that the proposed framework is feasible and achieves a higher level of security compared with some state-of-the-art schemes.

show abstract

“…Figure 2 shows system architecture, as we can see, the eTPM is loaded on the privileged domain ‘Dom0’ through the SGX driver of the server, the eTPM and the client VM are bound by the identity seal key. The physical TPM [ 38 ] measures the underlying platform. The integrity of the eTPM instances themselves are verified by the CPU, and the eTPM instances measure and protect the user VMs.…”

Section: Enclave Tpm Schemementioning

confidence: 99%

eTPM: A Trusted Cloud Platform Enclave TPM Scheme Based on Intel SGX Technology

Sun

Zhang

et al. 2018

Sensors

View full text Add to dashboard Cite

Today cloud computing is widely used in various industries. While benefiting from the services provided by the cloud, users are also faced with some security issues, such as information leakage and data tampering. Utilizing trusted computing technology to enhance the security mechanism, defined as trusted cloud, has become a hot research topic in cloud security. Currently, virtual TPM (vTPM) is commonly used in a trusted cloud to protect the integrity of the cloud environment. However, the existing vTPM scheme lacks protections of vTPM itself at a runtime environment. This paper proposed a novel scheme, which designed a new trusted cloud platform security component, ‘enclave TPM (eTPM)’ to protect cloud and employed Intel SGX to enhance the security of eTPM. The eTPM is a software component that emulates TPM functions which build trust and security in cloud and runs in ‘enclave’, an isolation memory zone introduced by SGX. eTPM can ensure its security at runtime, and protect the integrity of Virtual Machines (VM) according to user-specific policies. Finally, a prototype for the eTPM scheme was implemented, and experiment manifested its effectiveness, security, and availability.

show abstract

Platform Security Technologies That Use TPM 2.0

Cited by 8 publications

References 0 publications

State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things

State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things

Cloud virtual machine lifecycle security framework based on trusted computing

eTPM: A Trusted Cloud Platform Enclave TPM Scheme Based on Intel SGX Technology

Contact Info

Product

Resources

About