International Association for Cryptologic Research

Ph.D. Database

The aim of the IACR Ph.D. database is twofold. On the first hand, we want to offer an overview of Ph.D. already completed in the domain of cryptology. Where possible, this should also include a subject classification, an abstract, and access to the full text. On the second hand, it deals with Ph.D. subjects currently under investigation. This way, we provide a timely map of contemporary research in cryptology. All entries or changes need to be approved by an editor. You can contact them via phds (at) iacr.org.

Details

Dries Schellekens (#857)
Name Dries Schellekens
Topic of his/her doctorate. Design and Analysis of Trusted Computing Platforms
Category applications
Keywords trusted computing
Ph.D. Supervisor(s) Bart Preneel
Year of completion 2013
Abstract

This thesis deals with the analysis and design of trusted computing platforms. Trusted computing technology is a relatively new enabling technology to improve the trustworthiness of computing platforms. With minor changes to the boot process and the addition of a new hardware security component, called TPM (Trusted Platform Module), trusted computing platforms offer the possibility to verifiably report their integrity to external parties (i.e., remote attestation) and to bind information to a specific platform (i.e., sealed storage).

The first part of this thesis mainly focuses on the analysis of existing trusted computing platforms. We analyze the functionality provided by the specifications of the TCG (Trusted Computing Group) and purely software-based alternatives. Based on this analysis we present an improvement to a software-based attestation scheme: we propose to measure the execution time of a memory checksum function locally (with the time stamping functionality of the TPM) instead of remotely (over the network).

We also study the resilience of trusted computing platforms against hardware attacks. We describe how attacks on the communication interface of the TPM can circumvent the measured boot process. The feasibility of these attacks is investigated in practice. Additionally we explore which operations should be targeted with a side channel attack to extracts the secret keys of a TPM.

The second part of this thesis addresses some of the challenges to implement trusted computing technology on embedded and reconfigurable devices. One of the main problems when integrating a TPM into a system-on-chip design, is the lack of on-chip reprogrammable non volatile memory. We develop schemes to securely externalize the non-volatile storage of a TPM. One scheme relies a new security primitive, called a reconfigurable physical unclonable function, and another extends the security perimeter of the TPM to the external memory with a cryptographic protocol.

We propose a new architecture to reset the trust boundary to a much smaller scale, thus allowing for simpler and more flexible TPM implementations. The architecture has two distinctive features: the program code is stored outside the coprocessor and only gets loaded in RAM memory when needed, and the architecture is open by allowing to execute arbitrary programs in remotely verifiable manner.

Finally, we study how the TPM can be implemented securely on reconfigurable hardware. This type of implementation is beneficial because it allows for updates of the software as well as of the hardware of the TPM (e.g., the cryptographic coprocessor) in the field. We examine the implementation options on reconfigurable hardware that is currently available commercially. Next, we propose a novel architecture that can measure and report the integrity of configuration bitstreams.

Last Change 2013-01-09 01:12:59
To provide an update on this entry, please click .

Contact: phds (at) iacr.org

[ IACR home page ] [ IACR PhDs page ] © IACR