Towards a programmable TPM

We explore a new model for trusted computing in which an existing fixed-function Trusted Platform Module (TPM) is coupled with user application code running on a programmable smart card. We will show that with appropriate coupling the resulting system approximates a “field-programmable TPM.” A true field-programmable TPM would provide higher levels of security for user-functions that would otherwise need to execute in host software. Our coupling architecture supports many (but not all) of the security requirements and applications scenarios that you would expect of a programmable TPM, but has the advantage that it can be deployed using existing technology.
This paper describes our TPM-smart card coupling architecture and the services that we have prototyped. The services include: (1) An implementation of count-limited objects in which keys can only be used a preset number of times. (2) More flexible versions of the TPM Unseal and Unbind primitives that allow sealing to groups of equivalent configurations. And (3) a version of Quote that uses alternative signature formats and cryptography available within smart cards but not in the TPM itself.
We also describe the limitations of the coupling architecture and how some of the limitations could be overcome with a true programmable TPM.