Saturday, October 19, 2019

TPM components, TPM keys Research Paper Example | Topics and Well Written Essays - 1000 words

TPM components, TPM keys - Research Paper Example Attestation on the other hand is a verification process of the computer’s trustworthiness and determining if it has been breached or not. Other devices such as network equipment and mobile phones can be computed using TPMs (Trusted Computing Group, 2012). In summary, the TPM has four main functions which include platform monitoring, secure storage, encryption operations and authentication services (Hewitt, 2006). Operations on sensitive data can only take place in special locations, called shielded locations, which must be incorporated in the TPM. It should be impossible for user programs to access these locations. Protected capabilities are the set of commands which one can use to access the shielded locations. This set of commands protect the shielded locations and report integrity measurements at the same time. The TPM has several major components which are illustrated in the following diagram. TPM COMPONENTS The SecureI/O component It is a control component that manages th e TPM’s information flow to the outside and also controls and routes internal signals (Hewitt, p.3). The I/O encodes and decodes the information passing over the internal and external buses (Gunupudi, p.11). The Cryptographic Co-Processor This is a major subdivision of the TPM containing various cryptographic engines. The RSA key generator, RSA encryption/decryption and SHA-1 engine must be included in its functionality (Microsoft 2012). Other asymmetric algorithms such as DSA or elliptic curve, are allowed by the specification. The strength of 2048 bit RSA key should be the threshold of all storage and identity keys as this is enough to offer sufficient protection from malicious access. Digital signatures and encryptions are made using the RSA algorithm. If RSA encryption is not used when a signing is done within the TPM, it stands the risk of being rejected by other TPM devices. The engine must support key sizes ranging from 512,768, 1024 and 2048 bits. The minimum recommen ded size is 2048 bits. The specified public exponent of RSA is (2raised to 16 +1). The SHA-1 engine requires 160-bit keys and provides the primary hash algorithm used by the TPM. The implementations of the HMAC engine are dictated in RFC 2104. It involves turning a keyless hash function in to a keyed hash by incorporating a cryptographic key. This will allow the chip to detect proof of knowledge of Auth Data and also ensure that authorized incoming requests have not been tampered with (Hewitt, p.4). The TPM also uses the symmetric encryption algorithm internally because they cannot have user-accessible interfaces. They are used in encrypting internal data that was fed in to the TPM from an outside source and encrypting authentication exchanges. Other algorithms such as AES are allowed by the specification depending on the sufficiency preference of the implementer (Hewitt, p.5). The Key Generator It’s a protected capability function that manages the generation of keys and nonc e (Gunupudi, p.12). The keys generated are used for encryption.The specification of the key generator is not strict. It however emphasizes that data that has existed in a non-protected location as a key should not be used. The specification also requires that all nonces be from the TPM’s Random Number Generator (Hewitt, p.5). The Random Number Generator It’s the source of entropy in the TPM (Gunupudi, p.12). It consists of a post-processor with a hashing

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.