Visible to the public Virtual TPM Dynamic Trust Extension Suitable for Frequent Migrations

TitleVirtual TPM Dynamic Trust Extension Suitable for Frequent Migrations
Publication TypeConference Paper
Year of Publication2016
AuthorsYu, F., Chen, L., Zhang, H.
Conference Name2016 IEEE Trustcom/BigDataSE/ISPA
Keywordsattestation data, authentication, authentication server, authorisation, composability, Computers, Elliptic curve cryptography, frequent migrations, Heuristic algorithms, identity key certificate, IK certificate, performance measurements, physical TPM, pTPM, pubcrawl, public key cryptography, Real-time Systems, Resiliency, Servers, time token, Trust Extension, Trusted Computing, Trusted Platform Module (TPM), trusted platform modules, virtual machines, virtual TPM dynamic trust extension, virtual trusted platform module, virtual Trusted Platform Module (vTPM), vTPM DTE

This paper has presented an approach of vTPM (virtual Trusted Platform Module) Dynamic Trust Extension (DTE) to satisfy the requirements of frequent migrations. With DTE, vTPM is a delegation of the capability of signing attestation data from the underlying pTPM (physical TPM), with one valid time token issued by an Authentication Server (AS). DTE maintains a strong association between vTPM and its underlying pTPM, and has clear distinguishability between vTPM and pTPM because of the different security strength of the two types of TPM. In DTE, there is no need for vTPM to re-acquire Identity Key (IK) certificate(s) after migration, and pTPM can have a trust revocation in real time. Furthermore, DTE can provide forward security. Seen from the performance measurements of its prototype, DTE is feasible.

Citation Keyyu_virtual_2016