This is the latest in a series of blog posts to address the list of '52 Things Every PhD Student Should Know To Do Cryptography':
a set of questions compiled to give PhD candidates a sense of what they
should know by the end of their first year.
Before examining the point of this
question (namely what the purpose and use of a TPM is) it's worth
trying to understand the problem a TPM is designed to overcome. The
problem is really one of trust. Trusting what? Well, primarily the
memory and software running on a computer. These things can be
directly accessed by the operating system and so secret information
(such as cryptographic keys) can be accessed by an attacker who has
access to the machine at the operating system level. If these keys
are being stored directly in memory and being accessed by software,
it could be fairly trivial for an attacker to read off the memory
location where the keys are being stored and then compromise
security.
One way around this problem is make
sure that keys are never stored directly in the computers memory
which can be accessed by software. Given that the keys are required
for secure applications they must at some point be presented in a
state that can be used by the software so how could this be possible?
Well, one way is to protect the secret keys stored in memory by
wrapping them using a key that the software does not have access to.
By having a separate piece of hardware for instance that has a key
burned into it and which is able to perform certain cryptographic
operations with that key. This piece of hardware could therefore be
employed by the software to do various things with this secret key
that is stored on the hardware to do things such as wrap keys to be
stored in memory, but never have access to this key directly.
This is essentially what a TPM does. A
TPM has an RSA key pair called the Storage Root Key (SRK). The
private part of this key is kept secret from everything and everyone.
Using this private key, other keys (that software uses) can be
wrapped (often called “binding”) using the SRK, protecting them
from disclosure. In addition to simply wrapping keys, TPMs can also
wrap keys and tie them to certain platform measurements. This type of
key can only be unwrapped when those platform measurements have the
same values that they had when the key was created. This process is
known as “sealing.” TPMs can also be used for cryptographic key
generation and perform other cryptographic tasks one of which is know
as remote attestation, which creates a hash key
summary of the hardware and software configuration allowing a third
party to verify that the software has not been changed.
The real point to understand here is
that by pushing security down to the hardware level and ensuring that
it is given over to a separate piece of hardware that has it's own
firmware and circuits that can't be altered from the outside, the
system is not exposed to software vulnerabilities and is therefore more trustworthy.
So what is the purpose of a TPM? To
overcome the problem of trusting (or rather not trusting) software to
be completely reliable.
What is the use of a TPM? We mentioned
a number of them. First of all was binding, which essentially wraps a
key using the private key of the SRK. The second was sealing which
also ties the wraped key to a particular platform measurements. And
thirdly we looked at remote attestation and noted that TPMs can also
be used for other cryptographic functions such as key generation.
No comments:
Post a Comment