A User Centric Security Model for Tamper-Resistant Devices

2.3 Candidates for User Centric Tamper-Resistant Device
environment (e.g. TPM [18] and MTM [19]), b) only provide execution protection (e.g.
AEGIS), c) have limited application execution without user control (i.e. TEE), d) have
limited scalability regarding the support for dierent application and platform scenarios,
e) do not provide dynamic trust validation and assurance [56] and require an implicit
trust, f) do not require third party (security) evaluation, and g) do not provide user
ownership/control (e.g. smart cards [32]). We discuss these technologies individually below
and analyse their suitability for the UCTD architecture in table 2.1.
2.3.1 Trusted Platform Module
The Trusted Computing Group (TCG) [36] started an initiative for providing a tamperresistant
device referred as the Trusted Platform Module (TPM) [18]. The mission statement
of the TCG commits it to providing authentication, data protection, network security,
and disaster recovery services [36]. A Trusted Platform Module (TPM) will measure the
integrity matrixes referred to as Platform Conguration Registers (PCRs) that are securely
sealed with cryptographic keys. If the TPM nds any discrepancies in the future
integrity-measurements then it will ag the problem. A TPM does not decide whether this
discrepancy is authorised by the user or whether it is due to a malicious entity.
A TPM is a tamper-resistant device with a low footprint that is utilised as a root of
trust to support the trusted computing platform. The concept of trust as dened by the
Trusted Computing Group (TCG) is the evaluation of platform results as expected by the
requesting entity [36]. A TPM is not concerned with whether the evaluated state is secure
or not as long as the evaluation result is trusted by the requesting hall. Therefore, we can
say that a TPM is specically designed (or restricted) to be a trusted component, which
will be physically bound (soldered) to a platform. The fundamental function of a TPM is
to provide secure, trusted, and tamper-resistant root of (trusted) measurements on which
the integrity measurement of the rest of the platform is dependent. A TPM is typically
under the control of the platform user, and it has a secure and reliable software/hardware
platform. However, it is not a general-purpose execution environment in which an arbitrary
code can be executed and neither is it portable, unless a smart card is used to behave like
a TPM [57][59]. In this chapter, we treat TPM and MTM together even though there are
subtle dierences between them.
2.3.2 AEGIS
AEGIS is a single-chip secure processor that is designed to build trusted systems and is
secure against physical and software attacks [20]. Therefore, we can consider AEGIS as
a processor with a limited memory that stores processor identication information along
37