Securing Shared Untrusted Storage by using TPM 1.2 Without Requiring a Trusted OS

We address the problem of using an untrusted server with a trusted platform module (TPM) to provide trusted storage for a large number of clients, where each client may own and use several different devices that may be offline at different times and may not be able to communicate with each other except through the untrusted server (over an untrusted network). The clients only trust the server’s TPM; the server’s BIOS, CPU, and OS are not assumed to be trusted. We show how the currently available TPM 1.2 technology can be used to implement tamper-evident storage, where clients are guaranteed to at least detect illegitimate modifications to their data (including replay attacks) whenever they wish to perform a critical operation that relies on the freshness and validity of the data. In particular, we introduce and analyze a log-based scheme in which the built-in monotonic counter of a TPM 1.2 chip is used to securely implement a large number of virtual monotonic counters, which can then be used to time-stamp data and provide tamper-evident storage. Tamper-tolerant storage, which guarantees that a client can continue to retrieve its original data even after a malicious attack, is provided by using data replication on top of the tamper-evident storage system. As a separate application of our log-based scheme, we also show how these virtual monotonic counters can be used to implement one-time certificates, which are certificates that can be spent at most once. One-time certificates can be used for one-time authentication and authorization, and can be useful in applications such as DRM, offline payments, and others. Finally, we implement these ideas using an actual PC with a TPM 1.2 chip and present preliminary performance results.