Article

Hardware-rooted trust for secure key management and transient trust

Authors:

Jeffrey S. Dwoskin,

Ruby B. LeeAuthors Info & Claims

CCS '07: Proceedings of the 14th ACM conference on Computer and communications security

Pages 389 - 400

https://doi.org/10.1145/1315245.1315294

Published: 28 October 2007 Publication History

Get Access

Abstract

We propose minimalist new hardware additions to a microprocessor chip that protect cryptographic keys in portable computing devices which are used in the field but owned by a central authority. Our authority-mode architecture has trust rooted in two critical secrets: a Device Root Key and a Storage Root Hash, initialized in the device by the trusted authority. Our architecture protects trusted software, bound to the device, which can use the root secrets to protect other sensitive information for many different usage scenarios. We describe a detailed usage scenario for crisis response, where first responders are given transient access to third-party sensitive information which can be securely accessed during a crisis and reliably revoked after the crisis is over.

We leverage the Concealed Execution Mode of our earlier user-mode SP (Secret-Protecting) architecture to protect trusted code and its execution [1]. We call our new architecture authority-mode SP since it shares the same architectural lineage and the goal of minimalist hardware roots of trust. However, we completely change the key management hardware and software to enable new remote trust mechanisms that user-mode SP cannot support. In our new architecture, trust is built on top of the shared root key which binds together the secrets, policy and trusted software on the device. As a result, the authority-mode SP architecture can be used to provide significant new functionality including transient access to secrets with reliable revocation mechanisms, controlled transitive support for policy-controlled secrets belonging to different organizations, and remote attestation and secure communications with the authority.

References

[1]

R. Lee, P. Kwan, J. P. McGregor, J. Dwoskin, Z. Wang. "Architecture for Protecting Critical Secrets in Microprocessors," Proceedings of the 32nd International Symposium on Computer Architecture (ISCA 2005), pp. 2--13, June 2005.

Digital Library

Google Scholar

[2]

IETF Network Working Group. "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)," Request for Comments: 4279. http://www.ietf.org/rfc/rfc4279.txt

Google Scholar

[3]

R. C. Merkle. "Protocols for public key cryptography," IEEE Symposium on Security and Privacy, pp.122--134, 1980.

Google Scholar

[4]

Trusted Computing Group. "Trusted Platform Module (TPM) Specifications," April 2006. https://www.trustedcomputinggroup.org/specs/TPM

Google Scholar

[5]

National Institute of Standards and Technology, "Advanced Encryption Standard," Federal Information Processing Standards Publication, FIPS Pub 197, Nov. 2001.

Google Scholar

[6]

Intel, "LaGrande Technology Architectural Overview," http://www.intel.com/technology/security/, September 2003.

Google Scholar

[7]

National Institute of Standards and Technology. "The Keyed-Hash Message Authentication Code (HMAC)," Federal Information Processing Standards Publication, FIPS Pub 198. http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf

Google Scholar

[8]

"ITU-T Recommendation X.509, The Directory: Authentication Framework", Int'l Telecomm. Union, Geneva, 2000; ISO/IEC 9594-8.

Google Scholar

[9]

D. Lie, C. Thekkath, M. Mitchell, P. Lincoln, D. Boneh, J. Mitchell, and M. Horowitz. "Architectural Support for Copy and Tamper Resistant Software," Proc. of the 9th Int'l Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS-IX)., pp. 168--177, 2000.

Digital Library

Google Scholar

[10]

G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. "AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing," Proc. of the 17th Int'l Conf. on Supercomputing (ICS), 2003.

Digital Library

Google Scholar

[11]

R. M. Best, "Preventing Software Piracy with Crypto-Microprocessors," Proc. of IEEE Spring COMPCON Š80, pp. 466--469, 1980.

Google Scholar

[12]

T. Gilmont, J. D. Legat, and J. J. Quisquater "An Architecture of Security Management Unit for Safe Hosting of Multiple Agents," Proc. of the Int'l Workshop on Intelligent Communications and Multimedia Terminals, pp. 79--82, Nov 1998.

Google Scholar

[13]

D. Kirovski, M. Drinic, and M. Potkonjak. "Enabling Trusted Software Integrity," Proc. of the 10th Int'l Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS-X), October 2002.

Digital Library

Google Scholar

[14]

"SecureCore for Trustworthy Commodity Computing and Communications," collaborative project by Princeton University, Naval Postgraduate School and University of Southern California. Project home-page at http://palms.ee.princeton.edu/securecore/

Google Scholar

Cited By

View all

Zhang Y(2023)Analysis of OSPU security effect and data assembly verification under semi-network OS architectureInternational Journal of Information Security10.1007/s10207-023-00702-122:5(1497-1509)Online publication date: 18-May-2023
https://doi.org/10.1007/s10207-023-00702-1
Chakraborty AMondal ASrivastava ALi Z(2020)Hardware-assisted intellectual property protection of deep learning modelsProceedings of the 57th ACM/EDAC/IEEE Design Automation Conference10.5555/3437539.3437711(1-6)Online publication date: 20-Jul-2020
https://dl.acm.org/doi/10.5555/3437539.3437711
Chakraborty AMondai ASrivastava A(2020)Hardware-Assisted Intellectual Property Protection of Deep Learning Models2020 57th ACM/IEEE Design Automation Conference (DAC)10.1109/DAC18072.2020.9218651(1-6)Online publication date: Jul-2020
https://doi.org/10.1109/DAC18072.2020.9218651
Show More Cited By

Index Terms

Hardware-rooted trust for secure key management and transient trust

Recommendations

Securing the Dissemination of Emergency Response Data with an Integrated Hardware-Software Architecture
Trust '09: Proceedings of the 2nd International Conference on Trusted Computing

During many crises, access to sensitive emergency-support information is required to save lives and property. For example, for effective evacuations first responders need the names and addresses of non-ambulatory residents. Yet, currently, access to ...
Benevolence trust: a key determinant of user continuance use of online social networks

Online social networking (OSN) has attracted increased attention and growing membership in recent years. In this paper, we propose and test an extended and unified theory of acceptance and use of technology (UTAUT) model, including the additional areas ...
Secure ad hoc trust initialization and key management in wireless body area networks

The body area network (BAN) is a key enabling technology in e-healthcare. An important security issue is to establish initial trust relationships among the BAN devices before they are actually deployed and generate necessary shared secret keys to ...

Comments

Information & Contributors

Information

Published In

CCS '07: Proceedings of the 14th ACM conference on Computer and communications security

October 2007

628 pages

ISBN:9781595937032

DOI:10.1145/1315245

General Chair:
Peng Ning
NC State University, USA
,
Program Chairs:
Sabrina De Capitani di Vimercati
University of Milan, Italy
,
Paul Syverson
Naval Research Laboratory, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 October 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

CCS07

Sponsor:

CCS07: 14th ACM Conference on Computer and Communications Security 2007

November 2 - October 31, 2007

Virginia, Alexandria, USA

Acceptance Rates

CCS '07 Paper Acceptance Rate 55 of 302 submissions, 18%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

45
Total Citations
View Citations
1,036
Total Downloads

Downloads (Last 12 months)31
Downloads (Last 6 weeks)6

Reflects downloads up to 05 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Zhang Y(2023)Analysis of OSPU security effect and data assembly verification under semi-network OS architectureInternational Journal of Information Security10.1007/s10207-023-00702-122:5(1497-1509)Online publication date: 18-May-2023
https://doi.org/10.1007/s10207-023-00702-1
Chakraborty AMondal ASrivastava ALi Z(2020)Hardware-assisted intellectual property protection of deep learning modelsProceedings of the 57th ACM/EDAC/IEEE Design Automation Conference10.5555/3437539.3437711(1-6)Online publication date: 20-Jul-2020
https://dl.acm.org/doi/10.5555/3437539.3437711
Chakraborty AMondai ASrivastava A(2020)Hardware-Assisted Intellectual Property Protection of Deep Learning Models2020 57th ACM/IEEE Design Automation Conference (DAC)10.1109/DAC18072.2020.9218651(1-6)Online publication date: Jul-2020
https://doi.org/10.1109/DAC18072.2020.9218651
Szefer J(2018)Principles of Secure Processor Architecture DesignSynthesis Lectures on Computer Architecture10.2200/S00864ED1V01Y201807CAC04513:3(1-173)Online publication date: 18-Oct-2018
https://doi.org/10.2200/S00864ED1V01Y201807CAC045
Evtyushkin DElwell JOzsoy MPonomarev DGhazaleh NRiley R(2018)Flexible Hardware-Managed Isolated Execution: Architecture, Software Support and ApplicationsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2016.259628715:3(437-451)Online publication date: 1-May-2018
https://doi.org/10.1109/TDSC.2016.2596287
Xu LLee JKim SZheng QXu SSuh TRo WShi W(2018)Architectural Protection of Application Privacy against Software and Physical Attacks in Untrusted Cloud EnvironmentIEEE Transactions on Cloud Computing10.1109/TCC.2015.25117286:2(478-491)Online publication date: 1-Apr-2018
https://doi.org/10.1109/TCC.2015.2511728
Li QSandhu RZhang XXu M(2017)Mandatory Content Access Control for Privacy Protection in Information Centric NetworksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2015.249404914:5(494-506)Online publication date: 1-Sep-2017
https://dl.acm.org/doi/10.1109/TDSC.2015.2494049
Elwell JRiley RAbu-Ghazaleh NPonomarev DCervesato I(2015)Rethinking Memory Permissions for Protection Against Cross-Layer AttacksACM Transactions on Architecture and Code Optimization10.1145/284262112:4(1-27)Online publication date: 8-Dec-2015
https://dl.acm.org/doi/10.1145/2842621
Liu YZhou TChen KChen HXia YRay ILi NKruegel C(2015)Thwarting Memory Disclosure with Efficient Hypervisor-enforced Intra-domain IsolationProceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security10.1145/2810103.2813690(1607-1619)Online publication date: 12-Oct-2015
https://dl.acm.org/doi/10.1145/2810103.2813690
Pasquier TPowles J(2015)Expressing and Enforcing Location Requirements in the Cloud Using Information Flow ControlProceedings of the 2015 IEEE International Conference on Cloud Engineering10.1109/IC2E.2015.71(410-415)Online publication date: 9-Mar-2015
https://dl.acm.org/doi/10.1109/IC2E.2015.71
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Securing the Dissemination of Emergency Response Data with an Integrated Hardware-Software Architecture

Benevolence trust: a key determinant of user continuance use of online social networks

Secure ad hoc trust initialization and key management in wireless body area networks