Research Abstracts - 2007

We address the problem of using an untrusted server with a trusted platform module (TPM) to provide trusted storage for a large number of clients, where each client may own and use several different devices that may be offline at different times and may not be able to communicate with each other except through the untrusted server (over an untrusted network). The clients only trust the server's TPM; the server's BIOS, CPU, and OS are not assumed to be trusted. We show how the currently available TPM 1.2 technology [3] can be used to implement tamper-evident storage, where clients are guaranteed to at least detect illegitimate modifications to their data (including replay attacks) whenever they wish to perform a critical operation that relies on the freshness and validity of the data. In particular, we introduce and analyze a log-based scheme in which the built-in monotonic counter of a TPM 1.2 chip is used to securely implement a large number of virtual monotonic counters, which can then be used to time-stamp data and provide tamper-evident storage without relying on a trusted BIOS, CPU, or OS. Providing tamper-tolerant storage, which guarantees that a client can continue to retrieve its original data even after a malicious attack is provided by using data replication on top of the tamper-evident storage system.

The functionality provided by our techniques is highly relevant today as computing becomes increasingly mobile and pervasive. More and more users today regularly use several independent computing devices -- such as a desktop at home, a laptop while traveling, a mobile phone, and another desktop at work -- each of which may be offline or disconnected from the other devices at different times. If such a user wanted to make her data available to all her devices wherever she goes, one solution would be to employ a third party online storage service (such as Amazon S3 or others) to store her data. At present, however, most (if not all) such third party online storage services require a high level of trust in the service provider and its servers, including the software running on these servers, and the administrators of these servers. Our techniques significantly reduce this requirement by only requiring that the user trust in the TPM 1.2 chips on the storage servers, without needing to trust the servers' BIOS, CPU, OS, and administrators. Aside from giving the user more security when using mainstream online storage services, this new ability would also enable a user to potentially make use of machines owned by ordinary users, such as in a peer-to-peer network. As long as these other users' machines have a certified working TPM 1.2 chip, a user need not trust the owner of these machines, or the software running on these machines.

This work is funded by Quanta Computer as part of the Quanta/CSAIL T-Party project.

References:

[1] M. van Dijk, L.F.G. Sarmenta, C.W. O'Donnell and S. Devadas. Proof of Freshness: How to efficiently use on online single secure clock to secure shared untrusted memory. http://csg.lcs.mit.edu/pubs/memos/Memo-496/memo496.pdf, September 2006.

[2] L.F.G. Sarmenta, M. van Dijk, C.W. O'Donnell, J. Rhodes and S. Devadas. Virtual Monotonic Counters and Count-Limited Objects using a TPM without a Trusted OS. In Proceedings of The First ACM Workshop on Scalable Trusted Computing (STC'06)}, pp. 27--41, November 2006.

[3] Trusted Computing Group. TCG TPM Specification version 1.2, Revisions 62-94 (Design Principles, Structures of the TPM, and Commands). https://www.trustedcomputinggroup.org/specs/TPM/, 2003-2006.