TY - GEN
T1 - Hardware-rooted trust for secure key management and transient trust
AU - Dwoskin, Jeffrey S.
AU - Lee, Ruby B.
PY - 2007
Y1 - 2007
N2 - We propose minimalist new hardware additions to a micro- processor chip that protect cryptographic keys in portable computing devices which are used in the eld but owned by a central authority. Our authority-mode architecture has trust rooted in two critical secrets: a Device Root Key and a Storage Root Hash, initialized in the device by the trusted authority. Our architecture protects trusted software, bound to the device, which can use the root secrets to protect other sensitive information for many dierent usage scenarios. We describe a detailed usage scenario for crisis response, where rst responders are given transient access to third-party sen- sitive information which can be securely accessed during a crisis and reliably revoked after the crisis is over. We leverage the Concealed Execution Mode of our ear- lier user-mode SP (Secret-Protecting) architecture to pro- tect trusted code and its execution [1]. We call our new ar- chitecture authority-mode SP since it shares the same archi- tectural lineage and the goal of minimalist hardware roots of trust. However, we completely change the key management hardware and software to enable new remote trust mecha- nisms that user-mode SP cannot support. In our new archi- tecture, trust is built on top of the shared root key which binds together the secrets, policy and trusted software on the device. As a result, the authority-mode SP architecture can be used to provide signicant new functionality including transient access to secrets with reliable revocation mecha- nisms, controlled transitive support for policy-controlled se- crets belonging to dierent organizations, and remote attes- tation and secure communications with the authority.
AB - We propose minimalist new hardware additions to a micro- processor chip that protect cryptographic keys in portable computing devices which are used in the eld but owned by a central authority. Our authority-mode architecture has trust rooted in two critical secrets: a Device Root Key and a Storage Root Hash, initialized in the device by the trusted authority. Our architecture protects trusted software, bound to the device, which can use the root secrets to protect other sensitive information for many dierent usage scenarios. We describe a detailed usage scenario for crisis response, where rst responders are given transient access to third-party sen- sitive information which can be securely accessed during a crisis and reliably revoked after the crisis is over. We leverage the Concealed Execution Mode of our ear- lier user-mode SP (Secret-Protecting) architecture to pro- tect trusted code and its execution [1]. We call our new ar- chitecture authority-mode SP since it shares the same archi- tectural lineage and the goal of minimalist hardware roots of trust. However, we completely change the key management hardware and software to enable new remote trust mecha- nisms that user-mode SP cannot support. In our new archi- tecture, trust is built on top of the shared root key which binds together the secrets, policy and trusted software on the device. As a result, the authority-mode SP architecture can be used to provide signicant new functionality including transient access to secrets with reliable revocation mecha- nisms, controlled transitive support for policy-controlled se- crets belonging to dierent organizations, and remote attes- tation and secure communications with the authority.
KW - Emergency response
KW - Hard-ware policy enforcement
KW - Key management
KW - Secret protection (SP)
KW - Secure processors
KW - Transient trust
UR - http://www.scopus.com/inward/record.url?scp=42549167254&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=42549167254&partnerID=8YFLogxK
U2 - 10.1145/1315245.1315294
DO - 10.1145/1315245.1315294
M3 - Conference contribution
AN - SCOPUS:42549167254
SN - 9781595937032
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 389
EP - 400
BT - CCS'07 - Proceedings of the 14th ACM Conference on Computer and Communications Security
T2 - 14th ACM Conference on Computer and Communications Security, CCS'07
Y2 - 29 October 2007 through 2 November 2007
ER -