Cryptographic Concepts
Hash (digest) extends
Concept
X <- hash(original X||Y)
X is extended with the value of Y
Hash extends cannot be set to a chosen value.
Due to the properties of hash functions.
Use in TPM.
To implement PCRs (Platform Configuration Registers).
To create audit logs.
To create policies relatively to the TPM authentication.
Tickets
Data structure that contains an HMAC computed over some data.
Tickets are “signed” using an HMAC.
Computed with a key that only the TPM knows.
Tickets are information that the TPM can recognize latter as produced by itself.
Without having to store it.
Symmetric ciphers
Confidentiality of private TPM data. Using keys that only the TPM knows.
Confidentiality of communications. Using keys agreed with peers.
Ad hoc encryptions/decryptions. Using keys provided by requesters
Modes
Block modes: ECB, CBC. Data needs to be multiple of block size -> Padding.
Stream modes: CFB, OFB, CTR. To be used when data is not block aligned.
Integrated integrity control.
HMAC-based Encrypt-then-MAC.
HMACs computed with nonces for replay prevention.
Endorsement keys (EKs)
Key pairs that identify TPM devices.
They are certified by the TPM manufacturer.
Their X.509 certificate can highlight the TPM device features.
These keys can be used to certify other TPM keys.
Produced by the TPM.
Those certificates do not use X.509.
Last updated