Formal analysis of protocols based on TPM state registers

Proceedings - IEEE Computer Security Foundations Symposium

Volumn , Issue , 2011, Pages 66-80

  Delaune, Stéphanie ^a   Kremer, Steve ^a   Ryan, Mark D ^b   Steel, Graham ^a  

^a UNIVERSITÉ PARIS SACLAY   (France)

^b UNIVERSITY OF BIRMINGHAM   (United Kingdom)

Author keywords

formal verification; TPM

Indexed keywords

CRYPTOGRAPHY; LOGIC PROGRAMMING; NETWORK SECURITY;

ANALYSIS OF PROTOCOLS; CASE-STUDIES; DIGITAL ENVELOPE; EXTRACTION PROCESS; FORMAL ANALYSIS; HORN CLAUSE; MICROSOFT; PROVERIF; SECURITY PROTOCOLS; STATE-SPACE;

FORMAL VERIFICATION;

EID: 80052679988     PISSN: 19401434     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSF.2011.12     Document Type: Conference Paper

References (21)

1. "ISO/IEC PAS DIS 11889: Information technology - Security techniques - Trusted Platform Module."
2. Trusted Computing Group, "TPM Specification version 1.2. Parts 1-3, revision 103," http://www.trustedcomputinggroup.org/resources/tpm-main- specification, 2007.
3. S. Gürgens, C. Rudolph, D. Scheuermann, M. Atts, and R. Plaga, "Security evaluation of scenarios based on the TCG's TPM specification," in Proc. 12th European Symposium On Research In Computer Security (ESORICS'07), ser. LNCS, vol. 4734. Springer, 2007, pp. 438-453.
4. L. Chen and M. D. Ryan, "Offline dictionary attack on TCG TPM weak authorisation data, and solution," in Future of Trust in Computing, D. Grawrock, H. Reimer, A. Sadeghi, and C. Vishik, Eds. Vieweg & Teubner, 2008.
5. L. Chen and M. Ryan, "Attack, solution and verification for shared authorisation data in TCG TPM," in Proc. 6th International Workshop on Formal Aspects in Security and Trust (FAST'09), 2009, pp. 201-216.
6. M. Abadi and T. Wobber, "A logical account of NGSCB,"in 24th IFIP International Conference on Formal Techniques for Networked and Distributed Systems, ser. Lecture Notes in Computer Science, vol. 3235. Springer, 2004, pp. 1-12.
7. A. Datta, J. Franklin, D. Garg, and D. Kaynar, "A logic of secure systems and its application to trusted computing,"in Proc. 30th IEEE Symposium on Security and Privacy (S&P'09), May 2009, pp. 221-236.
8. C. Fournet and J. Planul, "Compiling information-flow security to minimal trusted computing bases," in Proc. 20th European Symposium on Programming (ESOP'11).
9. A. H. Lin, "Automated Analysis of Security APIs," Master's thesis, MIT, 2005, http://sdg.csail.mit.edu/pubs/theses/amerson-masters.pdf.
10. K. Ables, "An attack on key delegation in the Trusted Platform Module (first semester mini-project in computer security)," Master's thesis, School of Computer Science, University of Birmingham, 2009.
11. G. Coker, J. Guttman, P. Loscocco, A. Herzog, J. Millen, B. O'Hanlon, J. Ramsdell, A. Segall, J. Sheehy, and B. Sniffen, "Principles of remote attestation," International Journal of Information Security, vol. To Appear, 2010.
12. S. Delaune, S. Kremer, M. D. Ryan, and G. Steel, "A formal analysis of authentication in the TPM," in Proc. 7th International Workshop on Formal Aspects in Security and Trust (FAST'10), Pisa, Italy, 2010.
13. J. Herzog, "Applying protocol analysis to security device interfaces," IEEE Security & Privacy Magazine, vol. 4, no. 4, pp. 84-87, July-Aug 2006.
14. S. Mödersheim, "Abstraction by set-membership: verifying security protocols and web services with databases," in Proc. 17th ACM Conference on Computer and Communications Security (CCS'10). ACM, 2010, pp. 351-360.
15. J. D. Guttman, "Fair exchange in strand spaces," Journal of Automated Reasoning, 2011, to appear.
16. M. Arapinis, E. Ritter, and M. Ryan, "Verification of stateful processes in ProVerif," in Proc. of the 24th IEEE Computer Security Foundations Symposium (CSF'11). IEEE Computer Society Press, 2011.
17. C. Weidenbach, "Towards an automatic analysis of security protocols in first-order logic," in Proc. 16th International Conference on Automated Deduction (CADE'99), ser. LNCS, vol. 1632. Springer, 1999, pp. 314-328.
18. B. Blanchet, "An efficient cryptographic protocol verifier based on prolog rules," in Proc. of the 14th IEEE Computer Security Foundations Workshop (CSFW'01). Cape Breton, Nova Scotia, Canada: IEEE Computer Society Press, Jun. 2001, pp. 82-96.
19. "Bitlocker FAQ," http://technet.microsoft.com/en-us/library/ ee449438%28WS.10%29.aspx, 2011.
20. K. Ables and M. Ryan, "Escrowed data and the digital envelope,"in Trust and Trustworthy Computing (TRUST 2010), ser. LNCS, vol. 6101. Springer, 2010, pp. 246-256.
21. M. Abadi and C. Fournet, "Mobile values, new names, and secure communication," in Proc. 28th Symposium on Principles of Programming Languages (POPL'01), H. R. Nielson, Ed. London, UK: ACM Press, 2001, pp. 104-115.