A User Protection Model for the Trusted Computing Environment

Information security presents a huge challenge for both individuals and organizations. The Trusted Computing Group (TCG) has introduced the Trusted Platform Module (TPM) as a solution to end-users to ensure their privacy and confidentiality. TPM has the role of being the root of trust for systems and users by providing protected storage that is accessible only within TPM and thus, protects computers against unwanted access. TPM is designed to prevent software attacks with minimal consideration being given toward physical attacks. Therefore, TPM focus on PIN password identification to control the physical presence of a user. The PIN Password method is not the ideal user verification method. Evil Maid is one of the attacking methods where a piece of code can be loaded and hidden in the boot loader before loading TPM. The code will then collects confidential information at the next boot and store it or send it to attackers via the network. In order to solve this problem, a number of solutions have been proposed. However, most of these solutions does not provide sufficient level of protection to TPM. In this study we introduce the TPM User Authentication Model (TPM-UAM) that could assist in protecting TPM against physical attack and thus increase the security of the computer system. The proposed model has been evaluated through a focus group discussion consisting of a number of experts. The expert panel has confirmed that the proposed model is sufficient to provide expected level of protection to the TPM and to assist in preventing physical attack against TPM.