TPM External Key Management Solution Based on Merkle Patricia Tree
Key management is one of the most critical functions of Trusted Platform Module(TPM).However,due to the limited internal storage of TPM,a large number of sub-keys need to be stored in external space.Effective protection of these external keys can ensure the security of the system.Unfortunately,there are limitations in the traditional TPM specification.It cannot revoke an invalid key individually and can only revoke all keys at once,making external key management complicated.In order to solve this problem,we introduce Merkle Patricia Tree(MPT).In this scheme,the MPT root node is securely stored within TPM,while the remaining nodes are stored externally.When adding or revoking keys,the MPT dynamically adds or deletes branches.When verifying keys,its trie properties are used to generate a proof path from the root node to the leaf node corresponding to the key,thereby establishing an efficient external key management system for TPM.We implement a prototype system using the TPM chip Z32H330TC on a Raspberry Pi 4B board.Ex-periments demonstrate that the external key management scheme based on MPT is more efficient than existing schemes in adding,revoking,and verifying keys,and significantly reduces external storage space usage.
key managementtrusted platform moduleMerkle Patricia Treeexistence proofkey hash value
万方数据
维普
