1 / 7

Correction to Pseudo-Code in “Virtual Monotonic Counters and Count-Limited Objects” Paper

Correction to Pseudo-Code in “Virtual Monotonic Counters and Count-Limited Objects” Paper. Luis F. G. Sarmenta ( lfgs@mit.edu ) MIT Computer Science and A.I. Laboratory (CSAIL) June 26-27, 2007. Correction to Pseudo-code in ACM STC ’06 paper. Background

abby
Download Presentation

Correction to Pseudo-Code in “Virtual Monotonic Counters and Count-Limited Objects” Paper

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Correction to Pseudo-Codein“Virtual Monotonic Counters and Count-Limited Objects”Paper Luis F. G. Sarmenta (lfgs@mit.edu) MIT Computer Science and A.I. Laboratory (CSAIL) June 26-27, 2007

  2. Correction to Pseudo-code in ACM STC ’06 paper • Background • Pseudo-code published in ACM STC ’06 and MIT CSAIL TR-2006-64 papers has a bug in the code for the RESET operation • This problem and its solution were known to us at the time of writing, but errors were somehow introduced (and left unnoticed) while we were preparing the figures for the paper • These slides are excerpts from a presentation given last June 26-27, 2007 Virtual Monotonic Counters and Count-Limited Objects

  3. Bug in Pseudo-code for RESET operation • Problem • For the RESET operation, the code doesn’t check the inputted hashes against the trusted internal roothash • This allows owner to set the tree to whatever he wants to by resetting a subtree and setting everything else as he wants! • Correction • Remove the exception for the RESET operation (Step 6b) • Note that input “counter blob” for RESET operation is actually a different data structure containing • address of internal node corresponding to subtree to be reset • hash value at that node • How it works • If you lose the data for a leaf or a subtree, you can reset the PARENT subtree, assuming you still have the internal hash value of the parent node stored on disk • The catch: you will also lose the sibling subtree of the lost subtree, but, at least other subtrees are recoverable Virtual Monotonic Counters and Count-Limited Objects

  4. Published Pseudo-code Virtual Monotonic Counters and Count-Limited Objects

  5. Correction to Pseudo code Additionally,hts.curOrigHash = hash value taken from input counterBlob(which is in a special format) and the internal hash tree node value at that node. TPM owner authorization is required for RESET Virtual Monotonic Counters and Count-Limited Objects

  6. Suppose you lost the counter blob for c1101 and its hash h1101 Can’t just replace c1101 with a blank blob because we need the original h1101 to recreate the original roothash, so that TPM can verify the rest of the hash tree nodes against its internal stored value If we have the original value of h110 stored on disk, then we can provide that for verification, and then the TPM can reset that node (h110) to the appropriate known null value at that level Given h110, we can recreate the original rootHash, and also a new rootHash, assuming that h110 is nulled If computed rootHash matches stored stored rootHash, then update the rootHash Note that we have to reset the whole subtree under h110, so we also lose c1100 even if we still have it on disk The reason we can’t use the saved copy of c1100 even if we have it is because there is no way to verify that it is valid/up-to-date without knowing h1101 (which we lost) mode nonce newCounterBlob TPM_HASHTREE_EXEC_CERT signature Orig rootHash New rootHash How it works Hash Tree State (volatile) TPM chip aikHandle mode (TRUSTED) nonce Is Computed orig rootsame as stored root? newCounterBlob NVRAM curPosition rootHash curOrigHash curNewHash New rootHash ( aikHandle, RESET, nonce, TPM_ExecHashTree [address=110,hash=h110], [ h1100, h111, h10 ] ) rootHash h11 h10 h10 h10 h110 h111 h1100 h1100 h1100 h1101 c1000 c1001 c1010 c1011 c1100 c1101 c1110 c1111 Virtual Monotonic Counters and Count-Limited Objects

  7. Additional Notes on RESET • Note that once a subtree is RESET, all counters created under the subtree are invalidated, notrewound • Recall that virtual counter ID consists of address, and randomID • address is re-usable, but randomID is created at random by CREATE operation • If you reset an address, and then create a new counter at the same address, it will have a different counter ID from the previous counter at that address • Thus, you can’t rewind a counter using RESET • Note that resetting the top-level rootHash itself to null is a special case of the RESET operation • doesn’t require old rootHash, but invalidates the entire tree Virtual Monotonic Counters and Count-Limited Objects

More Related