Please wait a minute...
Shopping Cart Email List Chinese
Advanced Search Fig/Tab
Frontiers of Computer Science

ISSN 2095-2228

ISSN 2095-2236(Online)

CN 10-1014/TP

Postal Subscription Code 80-970

2018 Impact Factor: 1.129

Featured Articles  |  Most Downloaded  |  Most Reading
Online Submission Subscribe to Our RSS Content Feed
Front Comput Sci Chin    2011, Vol. 5 Issue (2) : 169-180    https://doi.org/10.1007/s11704-011-9180-4
RESEARCH ARTICLE
Design and implementation of a portable TPM scheme for general-purpose trusted computing based on EFI
Lei HAN1(), Jiqiang LIU2, Zhen HAN2, Xueye WEI1
1. School of Electronics and Information Engineering, Beijing Jiaotong University, Beijing 100044, China; 2. School of Computer and Information Technology, Beijing Jiaotong University, Beijing 100044, China
 Download: PDF(366 KB)   HTML
 Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks
Abstract

In today’s globalized digital world, network-based, mobile, and interactive collaborations have enabled work platforms of personal computers to cross multiple geographical boundaries. The new requirements of privacy-preservation, sensitive information sharing, portability, remote attestation, and robust security create new problems in system design and implementation. There are critical demands for highly secure work platforms and security enhancing mechanisms for ensuring privacy protection, component integrity, sealed storage, and remote attestation of platforms. Trusted computing is a promising technology for enhancing the security of a platform using a trusted platform module (TPM). TPM is a tamper-resistant microcontroller designed to provide robust security capabilities for computing platforms. It typically is affixed to the motherboard with a low pin count (LPC) bus. However, it limited in that TPM cannot be used directly in current common personal computers (PCs), and TPM is not flexible and portable enough to be used in different platforms because of its interface with the PC and its certificate and key structure. For these reasons, we propose a portable trusted platform module (PTPM) scheme to build a trusted platform for the common PC based on a single cryptographic chip with a universal serial bus (USB) interface and extensible firmware interface (EFI), by which platforms can get a similar degree of security protection in general-purpose systems. We show the structure of certificates and keys, which can bind to platforms via a PTPM and provide users with portability and flexibility in different platforms while still allowing the user and platform to be protected and attested. The implementation of prototype system is described in detail and the performance of the PTPM on cryptographic operations and time-costs of the system bootstrap are evaluated and analyzed. The results of experiments show that PTPM has high performances for supporting trusted computing and it can be used flexibly and portably by the user.
Keywords trusted computing      portable trusted platform module (PTPM)      extensible firmware interface (EFI)      keys      certificates     
Corresponding Author(s): HAN Lei,Email:hanlei316@126.com   
Issue Date: 05 June 2011
 Cite this article:   
Lei HAN,Zhen HAN,Xueye WEI, et al. Design and implementation of a portable TPM scheme for general-purpose trusted computing based on EFI[J]. Front Comput Sci Chin, 2011, 5(2): 169-180.
 URL:  
https://academic.hep.com.cn/fcs/EN/10.1007/s11704-011-9180-4
https://academic.hep.com.cn/fcs/EN/Y2011/V5/I2/169
Fig.1  Architecture of an EFI platform showing principle components for platform boot and OS boot
Fig.2  Platform and EFI OS booting sequence
Fig.3  Core hardware architecture of PTPM
Fig.4  Logical structure of integrity measurement
Fig.5  Mutual authentication
Fig.6  Relations of credentials between different platforms and a PTPM
Fig.7  Basic setup of keys inside PTPM
Fig.8  Relationship of keys between different platforms and the same PTPM
Fig.9  Hardware architecture of PTPM
PartitionCapacityVisibilityAuthority
Read-onlyAnyVisibleRead only
SecretAnyInvisiblePIN verification
Read-writeAnyVisiblePIN verification
Tab.1  Partition table of NAND-flash
Fig.10  Improved secure enhancement framework
Fig.11  Software architecture of PTPM
Fig.12  Main program flow
Fig.13  Flow of Commands process
Fig.14  Complete block diagram of the experimental system
Fig.15  Time-cost of generating RSA keys in different key-length
ECC (192-bit)
File for testWinlogon.exe(476KB)(windows XP)
Hash value(SHA1)92783351E2D341FA44A55EB4E23E0AFAD2118706
Key pairPrivate key:
e12cf90cc7e9fd7e56c7cde67edc9bdac
6308a8196475965
Public key:
e5cad3a08f2416659e6974dca61387E8
Fb3c570f98dcdc1953f32a922e30809fbdf0e757d54
5c6af3224e231e33068cb
Signature time/s0.053588531911373
Verification time/s0.102911204099655
Tab.2  Specific data in signature and verification by ECDSA
Fig.16  Average speed of encryption and decryption
1 Trusted Computing Group. TPM main part 1 design principles, specification version 1.2, revision94. March, 2006
2 Trusted Computing Platform Alliance. Trusted computing platform alliance (tcpa) main specification, version 1.1a (Republished as Trusted Computing Group (TCG) main specification, version 1.1b). 2001
3 Trusted Computing Group. TCG specification architecture overview, specification revision 1.4. August, 2007
4 TCG Best Practices Committee. Design, implementation and usage principles, version 2.0. December2005
5 Shen C X, Zhang H G, Feng D G. Survey of information security. Chinese Science , 2007, 37(2): 129-150 (in Chinese)
6 Intel. Low pin count (LPC) interface specification, revision 1.1. August2002
7 Trusted Computing Group. TCG PC client specific implementation specification for conventional BIOS version 1.20 final revision 1.00. July, 2005
8 Challener D, Yoder K, Catherman R, Safford D, Van Doorn L. A Practical Guide to Trusted Computing. Lebanon: IBM Press, 2008
9 Ren J C, Dai K, Wang Z Y. Trust-enhanced alteration scenario for universal computer. In: Proceedings of 11th Pacific Rim International Symposium on Dependable Computing . 2005, 275-280
10 Peng S H, Han Z. Enhancing PC security with U-Key. IEEE Security and Privacy , 2006, 4(5): 34-39
doi:10.1109/MSP.2006.118
11 Peng S H, Han Z. Trust of user using U-Key on trusted platform. In: Proceedings of 8th International Conference on Signal Processing . 2006, 3023-3026
doi:10.1109/ICOSP.2006.346076
12 Tang W M, Peng S H. Research on secure enhancement frame of general personal computer. Journal of Communication , 2008, 29(11A): 17-22 (in Chinese)
13 Tang W M, Peng S H. Design and implementation of UsbKey device driver based on extensible firmware interface. In: Proceedings of 9th International Conference on Signal Processing . 2008, 2833-2836
doi:10.1109/ICOSP.2008.4697737
14 Trusted Computing Group. TCG EFI platform specification version 1.20, final revision 1.0. June, 2006
15 Trusted Computing Group. TCG EFI protocol specification, version 1.20. June, 2006
16 Zhang R, Liu J Q, Peng S H. Research and implementation of trust transition based on EFI. Computer Applications , 2007, 27(9): 2174-2176 (in Chinese)
17 Zhang Y, Zhou C S. Research on trusted computing platform in EFI based on portable TPM. Computer Technology and Devolopment , 2010, 20(1): 167-171 (in Chinese)
18 Intel. Extensible firmware interface specification, version 1.10. December1, 2002
19 Trusted Computing Group. TPM main part 3 commands, specification version 1.2 level 2 revision. October, 2006
20 USB Implementers Forum. Universal serial bus mass storage class bulk-only transport (revision 1.0). 1999
21 Intel. Platform innovation framework for UEFI. http://www.intel.com/technology/framework/
[1] JIN Hai, YI Chuanjiang. CMM: Credential Migration Management system based on trusted computing in CGSP[J]. Front. Comput. Sci., 2007, 1(2): 200-207.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed