|
Title:
|
Virtual Monotonic Counters and Count-Limited Objects using a TPM without a Trusted OS (Extended Version) |
|
Author:
|
Sarmenta, Luis F. G.; van Dijk, Marten; O'Donnell, Charles W.; Rhodes, Jonathan; Devadas, Srinivas |
|
Other Contributors:
|
Computation Structures |
|
Advisor:
|
Srini Devadas |
|
Issue Date:
|
2006-09-11 |
|
Abstract:
|
A trusted monotonic counter is a valuable primitive thatenables a wide variety of highly scalable offlineand decentralized applications that would otherwise be prone to replay attacks, including offline payment, e-wallets, virtual trusted storage, and digital rights management (DRM).In this paper, we show how one can implement a very large number of virtual monotonic counters on an untrusted machine with a Trusted Platform Module (TPM) or similar device, without relying on a trusted OS. We first present a log-based scheme that can be implemented with the current version of the TPM (1.2) and used incertain applications.We then show how the addition of a few simple features tothe TPM makes it possible to implement a hash-tree-based schemethat not only offers improved performance and scalability compared to the log-based scheme, but also makes it possible to implement count-limited objects (or ``clobs'' for short) -- i.e., encrypted keys, data, and other objectsthat can only be used when an associated virtual monotonic counter is within a certain range.Such count-limited objects include n-time use keys, n-out-of-m data blobs,n-copy migratable objects, and other variants, which have many potential uses in digital rights management (DRM), digital cash, digital voting, itinerant computing,and other application areas. |
|
URI:
|
http://hdl.handle.net/1721.1/33966
|
|
Other Identifiers:
|
MIT-CSAIL-TR-2006-064 |
|
Citation:
|
A shorter version of this paper will appear in the 1st ACM CCS Workshop on Scalable Trusted Computing (STC'06). |
|
Series/Report no.:
|
Massachusetts Institute of Technology Computer Science and Artificial Intelligence Laboratory |
|
Keywords:
|
trusted storage, key delegation, stored-value, e-wallet, smartcard, memory integrity checking, certified execution |
