A Cloud TPM for Cross-Device Trusted Applications

Speaker  Chen Chen

Affiliation  ETH Zurich

Host  Stefan Saroiu

Duration  00:38:43

Date recorded  1 April 2014

Current Trusted Platform Modules (TPMs) are ill-suited for cross-device scenarios in trusted mobile applications because they hinder the seamless sharing of data across multiple devices. In this talk, I will present cTPM, an extension of the TPM’s design that adds an additional root key to the TPM and shares that root key with the cloud. As a result, the cloud can create and share TPM-protected keys and data across multiple devices owned by one user. Further, the additional key lets the cTPM allocate cloud-backed remote storage so that each TPM can benefit from a trusted real-time clock and high performance, non-volatile storage.

I will show that cTPM is practical, versatile, and easily applicable to trusted mobile applications. This simple change to the TPM specification is viable because its fundamental concepts – a primary root key and offchip, NV storage – are already found in the current specification, TPM 2.0. By avoiding a clean-slate redesign, we sidestep the difficult challenge of re-verifying the security properties of a new TPM design. I will demonstrate cTPM’s versatility with two case studies: extending Pasture with additional functionality, and re-implementing TrInc without the need for extra hardware.

©2014 Microsoft Corporation. All rights reserved.
> A Cloud TPM for Cross-Device Trusted Applications