Using TPM Secure Storage in Trusted High Availability Systems
Författare
Redaktör
- Moti Yung
- Liehuang Zhu
- Yanjiang Yang
Summary, in English
We consider the problem of providing trusted computing
functionality in high availability systems. We consider the case where
data is required to be encrypted with a TPM protected key. For redundancy,
and to facilitate high availability, the same TPM key is stored in
multiple computational units, each one ready to take over if the main
unit breaks down. This requires the TPM key to be migratable. We show
how such systems can be realized using the secure storage of the TPM.
Hundreds of millions TPM 1.2 chips have been shipped but with the recent
introduction of TPM 2.0, more manufacturers are expected to start
shipping this newer TPM. Thus, a migration from TPM 1.2 to TPM 2.0
will likely be seen in the next few years. To address this issue, we also
provide an API that allows a smooth upgrade from TPM 1.2 to TPM
2.0 without having to redesign the communication protocol involving the
dierent entities. The API has been implemented for both TPM 1.2 and
TPM 2.0.
functionality in high availability systems. We consider the case where
data is required to be encrypted with a TPM protected key. For redundancy,
and to facilitate high availability, the same TPM key is stored in
multiple computational units, each one ready to take over if the main
unit breaks down. This requires the TPM key to be migratable. We show
how such systems can be realized using the secure storage of the TPM.
Hundreds of millions TPM 1.2 chips have been shipped but with the recent
introduction of TPM 2.0, more manufacturers are expected to start
shipping this newer TPM. Thus, a migration from TPM 1.2 to TPM 2.0
will likely be seen in the next few years. To address this issue, we also
provide an API that allows a smooth upgrade from TPM 1.2 to TPM
2.0 without having to redesign the communication protocol involving the
dierent entities. The API has been implemented for both TPM 1.2 and
TPM 2.0.
Avdelning/ar
Publiceringsår
2014
Språk
Engelska
Sidor
243-258
Publikation/Tidskrift/Serie
Lecture Notes in Computer Science
Volym
9473
Fulltext
- Available as PDF - 304 kB
- Download statistics
Dokumenttyp
Konferensbidrag
Förlag
Springer
Ämne
- Electrical Engineering, Electronic Engineering, Information Engineering
Nyckelord
- Trusted Computing
- TPM
- Migration
- Certiable Migration Key
- Secure Storage
Conference name
INTRUST 2014
Conference date
2014-12-16 - 2014-12-17
Conference place
Beijing, China
Status
Published
Forskningsgrupp
- Crypto and Security
ISBN/ISSN/Övrigt
- ISSN: 0302-9743
- ISBN: 978-3-319-27997-8
- ISBN: 978-3-319-27998-5