Speaker Chen Chen
Affiliation ETH Zurich
Host Stefan Saroiu
Date recorded 1 April 2014
Current Trusted Platform Modules (TPMs) are ill-suited for cross-device scenarios in trusted mobile applications because they hinder the seamless sharing of data across multiple devices. In this talk, I will present cTPM, an extension of the TPM’s design that adds an additional root key to the TPM and shares that root key with the cloud. As a result, the cloud can create and share TPM-protected keys and data across multiple devices owned by one user. Further, the additional key lets the cTPM allocate cloud-backed remote storage so that each TPM can benefit from a trusted real-time clock and high performance, non-volatile storage.
I will show that cTPM is practical, versatile, and easily applicable to trusted mobile applications. This simple change to the TPM specification is viable because its fundamental concepts – a primary root key and offchip, NV storage – are already found in the current specification, TPM 2.0. By avoiding a clean-slate redesign, we sidestep the difficult challenge of re-verifying the security properties of a new TPM design. I will demonstrate cTPM’s versatility with two case studies: extending Pasture with additional functionality, and re-implementing TrInc without the need for extra hardware.
©2014 Microsoft Corporation. All rights reserved.