ArticlePDF Available

Benchmarking the True Random Number Generator of TPM Chips


Abstract and Figures

A TPM (trusted platform module) is a chip present mostly on newer motherboards, and its primary function is to create, store and work with cryptographic keys. This dedicated chip can serve to authenticate other devices or to protect encryption keys used by various software applications. Among other features, it comes with a True Random Number Generator (TRNG) that can be used for cryptographic purposes. This random number generator consists of a state machine that mixes unpredictable data with the output of a one way hash function. According the specification it can be a good source of unpredictable random numbers even without having to require a genuine source of hardware entropy. However the specification recommends collecting entropy from any internal sources available such as clock jitter or thermal noise in the chip itself, a feature that was implemented by most manufacturers. This paper will benchmark the random number generator of several TPM chips from two perspectives: the quality of the random bit sequences generated, as well as the output bit rate.
Content may be subject to copyright.
A preview of the PDF is not available
... The TPM chip used in this work is Infineon OPTIGATM TPM 2.0 SLB9670 which is encapsulated in Iridium 9670 Evaluation Boards [38] and connected with the Sakura-X board via the SPI port. The high quality of random bit-sequences generated by the TRNG on the TPM chip has been proved by the NIST test in the previous work [39]. A software driver was written to provide the support for the integration. ...
... However, the shifting-based random number generator can only produce pseudo-random numbers. In contrast, we use the built-in TRNG on the TPM to produce true random numbers and the quality has been proved by the NIST test [39]. The use of true random numbers can enhance the strength of key update scheme. ...
Full-text available
Side-channel analysis is a non-invasive form of attack that reveals the secret key of the cryptographic circuit by analyzing the leaked physical information. The traditional brute-force and cryptanalysis attacks target the weakness in the encryption algorithm, whereas side-channel attacks use statistical models such as differential analysis and correlation analysis on the leaked information gained from the cryptographic device during the run-time. As a non-invasive and passive attack, the side-channel attack brings a lot of difficulties for detection and defense. In this work, we propose a key update scheme as a countermeasure for power and electromagnetic analysis-based attacks on the cryptographic device. The proposed countermeasure utilizes a secure coprocessor to provide secure key generation and storage in a trusted environment. The experimental results show that the proposed key update scheme can mitigate side-channel attacks significantly.
... Hence, the latest TPM 2.0 specification revision was released in October 2014 [8]. TPM provides functions for the secure generation of cryptographic keys and limits their use in addition to a random number generator [9] [10]. Moreover, it also includes capabilities such as remote attestation, binding, and sealed storage. ...
Storage cloud scheme, pushing data to the storage cloud poses much attention regarding data confidentiality. With encryption concept, data accessibility is limited because of encrypted data. To secure storage system with high access power is complicated due to dispersed storage environment. In this paper, we propose a hardware-based security scheme such that a secure dispersed storage system using erasure code is articulated. We designed a hardware-based security scheme with data encoding operations and migration capabilities. Using TPM (Trusted Platform Module), the data integrity and security is evaluated and achieved.
... Large number of those entropy sources doesn't depend on the user input and provides continues entropy including TPM random generator. An experimental research on several TPM chips showed that the entropy was not affected by the number of random bytes generated [23]. Although there are a lot of entropy sources in computer that can be utilized by RNG, the kernel of Linux shortens its entropy collection on limited sources, in compared to windows. ...
this paper, we explore and analyze the structure and functions of Random Number Generator (RNG) in Windows and Linux opreating systems. And compare the capabilities of their RNGs. It expected that this research would contribute to awareness of the quality and security of the random number generators implemented in Linux and Windows operating systems. It provides unbiased academic research in facilitating informed decision.
In cloud storage systems, data security management is becoming a serious matter. Big data and accessibility power is increasingly high, though the benefits are clear, such a service is also relinquishing users' physical possession of their outsourced data, which inevitably poses new security risks toward the correctness of the data in cloud. As a result, cloud storage security has become one of the driving components in Cloud Computing regarding to data manipulation trust on both hosting center and on-transit. This paper proposes a TPM-Based Security over Multi-Cloud Storage Architecture (MCSA) grounded on Erasure Codes to apply root of trust based on hardware authenticity. An erasure codes such as Reed-Solomon, is capable of assuring stability in storage costs with best practice to guarantee data accessibility failure recovery. A Multi-Cloud Control Node manages other Control Nodes evolved in the cloud; this work introduces TPM-Based Security functions per Control node in the architecture. This concept will resolve a number of storage security issues, hence Cloud Computing adoption.
* Clear, practical tutorial style text with real-world applications * First book on TPM for embedded designers * Provides a sound foundation on the TPM, helping designers take advantage of hardware security based on sound TCG standards * Covers all the TPM basics, discussing in detail the TPM Key Hierarchy and the Trusted Platform Module specification * Presents a methodology to enable designers and developers to successfully integrate the TPM into an embedded design and verify the TPM's operation on a specific platform * Includes an accompanying CD-ROM that contains the full source code, which can be customized and used in embedded designsan extremely useful tool and timesaver for embedded developers! · This sound foundation on the TPM provides clear, practical tutorials with detailed real-world application examples · The author is reknowned for training embedded systems developers to successfully implement the TPM worldwide · CD-ROM includes source code which can be customized for different embedded applications.
Use Trusted Computing to Make PCs Safer, More Secure, and More ReliableEvery year, computer security threats become more severe. Software alone can no longer adequately defend against them: what's needed is secure hardware. The Trusted Platform Module (TPM) makes that possible by providing a complete, open industry standard for implementing trusted computing hardware subsystems in PCs. Already available from virtually every leading PC manufacturer, TPM gives software professionals powerful new ways to protect their customers. Now, there's a start-to-finish guide for every software professional and security specialist who wants to utilize this breakthrough security technology.Authored by innovators who helped create TPM and implement its leading-edge products, this practical book covers all facets of TPM technology: what it can achieve, how it works, and how to write applications for it. The authors offer deep, real-world insights into both TPM and the Trusted Computing Group (TCG) Software Stack. Then, to demonstrate how TPM can solve many of today's most challenging security problems, they present four start-to-finish case studies, each with extensive C-based code examples.Coverage includes What services and capabilities are provided by TPMs TPM device drivers: solutions for code running in BIOS, TSS stacks for new operating systems, and memory-constrained environments Using TPM to enhance the security of a PC's boot sequence Key management, in depth: key creation, storage, loading, migration, use, symmetric keys, and much more Linking PKCS#11 and TSS stacks to support applications with middleware services What you need to know about TPM and privacy--including how to avoid privacy problems Moving from TSS 1.1 to the new TSS 1.2 standard TPM and TSS command references and a complete function library