Secure Operations on Tree-Formed Verification Data

Andreas U. Schmidt; Andreas Leicher; Yogendra Shah; Inhyok Cha

arXiv:1008.3253·cs.CR·August 20, 2010·1 cites

Secure Operations on Tree-Formed Verification Data

Andreas U. Schmidt, Andreas Leicher, Yogendra Shah, Inhyok Cha

PDF

Open Access

TL;DR

This paper introduces secure operations for tree-structured verification data in TPMs, enabling verification, updates, and attestation of inner nodes and subtrees, enhancing platform security and integrity assurance.

Contribution

It extends TPM functionality to support secure operations on tree-formed verification data, allowing inner node updates and subtree attestation for improved platform security.

Findings

01

Enables verification and update of inner nodes in SMLs

02

Supports attestation of subtree properties

03

Enhances platform integrity verification

Abstract

We define secure operations with tree-formed, protected verification data registers. Functionality is conceptually added to Trusted Platform Modules (TPMs) to handle Platform Configuration Registers (PCRs) which represent roots of hash trees protecting the integrity of tree-formed Stored Measurement Logs (SMLs). This enables verification and update of an inner node of an SML and even attestation to its value with the same security level as for ordinary PCRs. As an important application, it is shown how certification of SML subtrees enables attestation of platform properties.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsDistributed systems and fault tolerance · Security and Verification in Computing · Access Control and Trust