Design and Implementation of the TPM User Authentication Model

The Trusted Computing Group (TCG) has introduced the Trusted Platform Module (TPM) as a solution to assure end users of their privacy and confidentiality. Although the TPM is designed to prevent software attacks, the TPM itself is vulnerable to physical attacks that could enable intruders to gain access to confidential data. In general, the TPM provides an ID and implements a password identification technique to prevent unauthorized users from gaining access to the TPM. The TPM user authentication is carried out by the TPM itself, which exposes the TPM to direct risk as highly skilled intruders can break the authentication line of defence and gain access to the TPM. The process of encrypting and decrypting information, especially when asymmetric algorithms are used, is viewed as a process that consumes time and resources, which decreases the speed of the computer. In order to solve the problems, a TPM User Authentication Model (TPM-UAM) that can provide the TPM with a higher level of security and resistance against physical attacks has been proposed as we proposed in our previous research paper (Alshar’e et al., 2014). The technique is based on biometric authentication to prove the identity of the users and to allow the process of authentication to happen at an independent platform using virtualization that will keep the TPM out of reach until a user is completely verified and approved. The TPM-UAM is able to provide a more satisfactory level of confidence for data and processes that can be rated as highly confidential and private. The model was successfully developed and tested and the results confirmed the model efficiency and ability to secure TPM and all functions have been confirmed to be working perfectly according to what they were designed for. This paper describes the design and implementation of TPM-UAM system based on the proposed authentication model, virtualization has been implemented to create authentication platform to prevent direct interaction with TPM and biometrics has been implemented to verify identities and supervise running TPM, the system testing results in confirming the system functionality and ability to secure and protect TPM.