SECURING COMPUTER OPERATING SYSTEM USING
TRUSTED PLATFORM MODULE
Hak J. Kim
Hofstra University, Department of IT/QM, 134 Hofstra University, Hempstead, USA
Hak.J.Kim@hofstra.edu
ABSTRACT
Security is necessity in enterprise systems. Cyber attackers are constantly finding new vulnerabilities in every system types of enterprise. The
cost of unauthorized access to a large firm’s system can reach more than millions of dollars. The paper discusses security issues of a firm’s
computers and then presents the Trusted Platform Module as the foundation architecture of security in enterprise computers.
Key Words: Vulnerability, Security, Trusted Platform Module, Operating System
1. INTRODUCTION
2. TRUSTED COMPUTING INITIATIVE
Since the Internet has been a part of nearly every facet of
our lives, our world becomes increasingly more reliant on the
networked computers. According to ITU [1], the Internet usage
in 2011 was about seven billion people which are nearly one
third of world population. As the uses for the Internet expand,
so does the need for security. Security expends great effort on
authenticating users; for example, who a user is, what access
they should be permitted, and what authority they may exert.
However, instead of software-based authentication, more basic
and important responsibility is to authenticate hardware on
which information systems depend.
In July 2007, the Department of Defense (DoD) created
new policy that protects sensitive unclassified data-at-rest. The
new policy stated the following [4]:
The initial architecture of the Internet is not designed with
security in mind. Anonymity has many advantages and
disadvantages; however, one disadvantage is the ability of
those engaging in malicious behavior to be difficult deter. The
combination of anonymity with a vulnerable architectural
foundation contributes to putting all our productivity gained
from our on-line society at risk of malicious attack. The
Internet users often struggle to manage multiple passwords and
login information in computers. For solving this problem,
recently a new way of securing computer hardware is
introduced which is called Trusted Platform Module (TPM)
[2]. The TPM is a little chip of silicon that authenticates
computing devices themselves. It tries to simplify a computer’s
passwords and authentication mechanisms into a single sign-on
capability [3]. Over 150 million computers between 2006 and
2007 were reported as preinstalled by the manufacturer with
TPM chips.
In this paper, we present the concept of trusted computing
and explore the TPM with architecture, components, and
applications. We also discuss its issues and challenges.
“In anticipation of emerging encryption product
capabilities as well as requirements for device
authentication, DoD Components shall ensure all new
computer assets (i.e. server, desktop, laptop and PDA)
procured to support the DoD enterprise include a
Trusted Platform Module version 1.2 or higher where
such technology is available.” – James R. Clapper Jr.,
Director of National Intelligence.
This initiative is taken up by the Trusted Computing Group
(TCG) and their efforts to develop open specifications for
building blocks that enable secure computing (Dinesh, 2005).
The TCG creates a specification for an embeddable
microcontroller to provide a number of security services for
the benefit of its host platform. These specifications have now
been implemented by a number of IC vendors. While TPM
functionality is not tied to any specific type of platform, the
adoption by PC vendors has been extremely significant.
Nearly all of the world’s leading PC vendors have TPM chips
integrated in their PCs [5].
Trusted computing is being supported and pushed by many
information technology and communication sectors
throughout established entities. The standard or conventional
approach to trusted computing is to implement hardware and
software technologies, which include additional chips, termed
trusted platform module’s (TPM’s) (Aaraj, et. al., 2008). The
TPM performs as the foundation of trust for the system and
contains capabilities for securely storing and reporting
configuration statistics, as well as, cryptographic key
production (Aaraj, et. al., 2008). Giving the tremendous
benefits and accelerated popularity of this new technology it is
a natural step to apply these concepts and technologies
towards embedded systems, thus solidifying the platforms
security.
3. TRUSTED PLATFORM MODULE
3.1 What is TPM
As addressed in the above, the TPM is created by an
alliance of computing companies (TCG) to provide for the
availability of computers and to ensure data confidentiality
and integrity on computers and networks [6]. It is made up of
a microcontroller that enables encryption and stores
authentication devices.
The TPM is executed in the motherboard of personal
computers and notebooks and is supported by multiple
applications, such as BitLocker that runs on the Microsoft
Windows Operating System. It is used both in the private and
public sector. The TPM supports security within the computer
system with which it is paired and works with software,
hardware and firmware to prevent unauthorized access to a
computer. There are several vulnerabilities associated with
TPM that when exploited, decrease the integrity of the
program. Future versions of TPM promise enhanced
functionality and performance.
3.2 Architecture and Components
As shown in Figure 1, the architecture of TPM is comprised
of three high level groups: non-volatile memory, volatile
memory, and other functional units. Trust of these hardware
components, which is the foundation of TPM, is understood
based on the results noted in the Common Criteria review of
TPM [7].
Figure 1. Architecture of TPM
The TPM’s cryptographic functional unit contains random
number generator (RNG), Hash-based message authentication
code (HMAC), SHA-1 Hash, RSA Key Generation and RSA
Encryption/Decryption. The RNG utilizes SHA-1 hash and a
HMAC calculator in order to generate good random numbers
for the process and key generation on the TPM chip. SHA-1
hashing is ideal for small segments of data as large data sets
would introduce performance concerns. The CFU can generate
a key length up to 2048 bit RSA keys on the chip using values
produced by RNG. The RSA components perform encryption,
decryption and signatures [8].
Non-volatile memory contains an endorsement key, a
storage root key, and an owner authentication key. The
endorsement key is a randomly generated, unique RSA public
and private key pair measuring 2048 bytes. Due to its sensitive
nature, the endorsement key can be deactivated by the
purchaser or user of TPM hardware. The storage root key is
also a 2048 bit RSA key pair containing both a private and
public key and it store in the chip. Unlike the endorsement
key, the hardware manufacture does not store any data on the
storage key, as it’s populated upon taking ownership of the
hardware. Its purpose is to provide an encrypted wrapper
around private keys which are stored outside of the TPM. The
owner authentication key a secret value up to 160 bytes which
is created by the owner upon taking ownership of a TPM
enabled device and is used when authenticating sensitive
requests initiated by the hardware owner.
Volatile memory contains RSA key slots, platform
configuration register, key handles, and authentication service
handlers. The RSA key slot, labeled 0-9, is a temporary
storage which is earmarked for additional key pairs as they are
exported and imported into memory. Platform Configuration
Registers are used to store hashes of the software boot chain in
a secure fashion. They are null prior to initialization, 160 bytes
in size and labeled 0-15; registers 0-7 are used for TPM use
whereas registers 8-15 are reserved for operating system and
application usage. [9]. There are two types of handles in
volatile memory. Key handles distribute unique names to each
loaded key so that any commends can call on the key by using
its unique name. Once a loaded key is no longer in use, Key
handles clear that key from memory. Authorization session
handles identify authorization state data across many
commands.
Although physically stored outside of the TPM, Attestation
Identify keys (AIK) are a vital part of the TPM. They are
generated and managed by the TPM for the purpose of privacy
protection, platform authentication and collusion prevention.
To that end, TPMs have many AIK keys active at any given
time. When the TPM is required to authenticate itself to a
verifier, a second RSA key is generated, which is the AIK.
Next, the AIK’s public key is sent to the Privacy CA, which
then authenticates the AIK public key with the TPM’s
Endorsement key. Next, the Privacy CA checks if the EK is
on their list; if so, then a certificate is issued on the TPM’s
presented AIK. Conversely, a certificate is not issued if the
EK is not found. Finally, the TPM forwards the newly
received certificate to the verifier and authenticates itself with
the AIK. This is referred to as remote attestation as a remote
platform requests proof of the current platform’s configuration
[7].
The Opt-In component also resides outside of the physical
TPM and it is responsible for ensuring that state of each TPM
component is in the state specified by the end user, per
Trusted Computing Group’s policy. Upon ordering TPMenabled hardware, the customer may select to have certain
TPM components disabled, deactivated or fully enabled when
initially taking ownership of the hardware. This is
accomplished by Opt-In’s logic, which can be updated on-thefly as needed after the owner takes possession of the device if
they wish to modify the state of a previously configured TMP
option. Last, but certainly not least, the Secure Program
Execution Engine initializes the TPM,
takes hash
measurements and runs program code.
4. APPLICATIONS OF TPM
TPM can be used for many security applications within the
realm of computer and network technologies.
4.1 BitLocker
Data protection has become an information security issue
for all types of industries such as government, healthcare and
private sector organizations. One reason data protection is a
primary security focus is because of regulatory compliances
such as the Sarbanes Oxley and Gramm-Leach-Bliley Act.
Microsoft’s BitLocker provides full disk encryption by
utilizing TPM for authorization and decryption of hard drives.
Yhe BitLocker application with TPM is less susceptible to
cryptographic key spoofing attacks and can detect malicious
activity if the keys are being tampered with without proper
authorization [2].
4.2 Self-encrypting Drives (SEDs)
Organizations are starting to use self-encrypting drives
(SEDs) in order to provide the security of full encrypted
drives, but with more security capabilities. One of these
capabilities includes the IT department being able to manage
these drives via remote deactivation if a drive is lost or stolen.
SEDs are also capable of performing a phone home function
before any sensitive data can be decrypted for viewing by the
end user. Organizations that utilize SEDs give their IT
department much more access control management of
company owned data, thus gaining more effective data
protection. The capabilities of SEDs utilize TPM’s hardware
based authentication for these controls because TPM can
defend against unauthorized software configurations from
accessing the master keys for decryption, which is a limitation
of software based encryption.
4.3 Device Identity
Another application that takes advantage of TPM’s
capabilities is device identity for network access. As of now,
one of the most secure ways to control device access is to
utilize restrictions based on MAC addresses. This security
technique has been defeated. It can provide a solution for
device identity because it stores the private keys and
credentials on a physical chip which makes it much less
susceptible than software based encryption techniques. This
lessens the chances of spoofing the device identity. The usage
of TPM for accurate device identity can provide a much
needed method for authenticating devices to sensitive
networks. Government agencies can leverage the TPM
capabilities today because as stated above, most enterprise
level computers and laptops already have this chip integrated.
4.4 Chain of Trust
One of the main goals of information security is identity
verification of services, protocols, systems, and users etc.
System administrators rely on the best evidence possible for
the trust relationship to begin. Once a certain degree of trust is
established, then access is provided to information system
resources. As of now, many organizations utilize credentials
such as username and password for this evidence. Because of
TPM’s hardware based security capabilities, the TPM can
overcome many of these trust issues. The TPM can be used to
initiate or provide enough reliable evidence in order to create a
chain of trust because of its reliable hardware based security
techniques which include secure credentials, secure storing of
cryptographic keys and the ability to utilize cryptographic
hashes for identity verification. There are different types of
chain of trust that can be accomplished by TPM.
4.5 Virtualization
Virtualization has been a key element of information
technology, but it comes to raise the issues of security risks.
For overcoming these risks, the TPM is introduced. Perez et al
[10] successfully implemented by building its virtual
instances. They integrated TPM software into hypervisor
environment to make TPM functions available in virtual
machines. Although the virtualization of TPM is
accomplished, a few difficulties are uncovered. For example,
certificates for securing virtualization can be hard to virtual
TPM’s instances because the chain of trust is broken when
these virtual instances are stopped or changed to create
abnormal configuration. And when virtualized TPM instances
are migrated, the chain of trust also can be broken.
5. ISSUES AND CHALLENGES
Although the TPM has an advantage of preventing unwanted
modifications to files on its system, there are still downsides to
using software like BitLocker. The physical presence feature
of the TPM addresses may cause privacy concerns by
requiring that a human sitting at the computer authorize
changes to the configuration of the TPM, so that these changes
cannot be performed silently and unnoticed by software [11].
TPM physical presence operations do not require the
authorization of the TPM owner but simply require additional
steps to help protect against unauthorized changes to the TPM.
Computers that support TPM physical presence makes it
mandatory for the physical presence of a user or administrator
for any action desired action such as activating or deactivating
an account [12]. This makes it possible for a user who has no
right to the computer in the first place make changes the
system if logged in.
In addition, managing a TPM computer can become
complicated if standard practices are not followed. In order to
modify TPM restrictions, administrators must provide a
password. The password tolerance level is set to only a few
tries, which means it is imperative that the password be
properly retained for future use. Additionally, depending on
how the TPM is configured, administrators will need to adjust
TPM settings to authorize new OS, application, or hardware
changes on each machine. This could significantly delay
network-wide upgrades that could be required for policy
compliance.
6. FUTURE OF TPM
The TPM can provide many capabilities and use within
computer and network security areas. Recently with the
release of Microsoft’s Windows 8 operating system, the TPM
seems to have a chance to be in the mainstream of information
security. Microsoft, a member of the Trusted Computing
Group, has provided its new operating system which needs to
utilize the embedded TPM security chip. The adoption of
TPM in Windows 8 provides advanced malware detection and
modern authentication for network access and encryption.
Windows 8 will also provide built in support for SEDs which
provide data-at-rest capabilities. The capabilities are plentiful
with an OS that natively supports the TPM. Most of the TPM
applications mentioned in the above can be utilized with
Microsoft’s new OS.
The TPM’s abundant capabilities and enhancements will
drive further research and development. The future of TPM
seems to have a solid foundation and development. The TPM
can be used for user identification as a defense from identity
theft. A two form of factor authentication is proposed to utilize
the TPM for protecting against identity theft. This proposal
includes the use of electronic ID’s (eID), which allows a
computer user to initiate a chain of trust utilizing a card
reader. The main advantage of this identification method is
that a user can have multiple authenticated logins to systems
where as other two form factor authentication only allows
logins from one system.
With the advancement of remote and telecommuting
computing, device identification, authentication and access
control are an important factor to properly secure. The TPM
uses to create a home network that utilizes a form of public
key infrastructure. This infrastructure would consist of
hardware, software and cryptographic keys to build a secure
home network domain. This type of advanced home network
can work with ISP’s in order to create the chain of trust in
order to mitigate risks and threats within information
technology. This type of advanced home network will be
made possible with TPM security capabilities such as malware
detection, secure key management for authentication, device
and user identity verification.
Anyway, with strong vendor adoption and expanding
research, the potential of TPM is tremendous. Continued
development of TPM is essential to ensuring integrity,
accessibility, confidentiality, and privacy among networks and
information sharing platforms into the future.
7. CONCLUSIONS
The TPM is necessary to provide more secure systems in
the Internet. This small chip provides strong protection against
malicious attacks. Business, Government and private sector
expect their systems and information to be safe by the TPM.
This is a strong motivation for putting the TPM chip in
computers and other systems.
Employing the TPM is benefit to make more secure
computing environment. Many IT software and hardware
vendors contribute to create the foundation of the TPM which
includes various trusted components, such as symmetric and
asymmetric key transfers and storage, SHA-1 hashing, RSA
cryptography, and a plethora of underlying protocols. The
collective efforts of each component forms the implied trust
offered by TPM, not to mention full disk encryption, platform
attestation and password protection. The latest revision,
version 1.2 or ISO/ISE standard 11889, can be found in
products offered by leading hardware vendors, such as
Hewlett Packard, Lenovo, Intel and Toshiba.
Although the TPM provides strong security in computer
hardware and software, it does not completely preclude from
vulnerabilities. The TPM provides integrity and
confidentiality, but privacy has been a major concern as
consumers raise an eyebrow regarding hardware vendors’
ability to directly control software installations via the TPM’s
remote attestation process. This is one of the reasons that the
TPM is mostly utilized in enterprise computing, but not yet
taken off in the consumer market.
In summary, the TPM is similar to any other network
security mechanism, such as firewalls and IDPS, to provide a
single layer of security, but also the TPM can be used a multifaceted approach including mechanisms employed in
hardware as well as in software, policy and policy application.
REFERENCES
1.
ITU. 2011. ICT Facts and Figures. http://www.itu.int/en/ITUD/Statistics/Documents/facts/ICTFactsFigures2011.pdf.
2.
Fisher, D., McCune, J., and Andrews, A. (2011). Trust and Trusted
Computing Platforms. Technical Note (CMU/SEI-2011-TN-005).
Software Engineering Institute. Carnegie Mellon University.
3.
Trusted Computing Group. (2011). TPM Main Part 1 Design Principles.
Revision 116.
4.
Grimes, J. G. 2007 DoD Memorandum: Encryption of Sensitive
Unclassified Data at Rest on Mobile Computing Devices and Removable
Storage Media, Article 4.
5.
Galita, P. 2012. The Trusted Platform Module: Benefits for Data-at-Rest
Encryption. White Paper. WinMagic Data Security.
6.
Bajikar, S. 2002. Trusted platform module (TPM) based security on
notebook PCs. white paper.
7.
Brickell, E., Camenisch, J., and Chen, L. 2004. Direct Anonymous
Attestation. Proceedings of the 11th ACM Conference on Computer and
Communications Security. 132-145.
8.
Safford, D., and Zohar, M. 2005. Trusted computing and open source.
Information Security Technical Report, 10(2), 74-82
9.
Schellekens, D., Wyseur, B., and Preneel, B. 2008. Remote attestation
on legacy operating systems with trusted platform modules. Electronic
Notes in Theoretical Computer Science. 197(1), 59-72.
10. Perez, R., Sailer, R., and van Doorn, L. 2006. vTPM: virtualizing the
trusted platform module. In Proc. 15th Conf. on USENIX Security
Symposium. 305-320.
11. Pearson, S. and Balacheff, B (2002). Trusted computing platforms:
TCPA technology in context. Prentice Hall.
12. Microsoft. 2011. SetPhysicalPresenceRequest Method of the
Win32_Tpm Class. Retrieved from http://msdn.microsoft.com/enus/library/aa376478%28VS.85%29.aspx.