The increasing adoption of the Trusted Platform Module (TPM) as a standard component in commodity PCs, mobile devices, and servers, offers exciting new possibilities in secure scalable and distributed computing. This project aims to drive the evolution of future TPMs by investigating new applications of TPMs, and by proposing new features that can be added to future versions of the TPM to enable an even wider variety of useful applications.
This project begins by exploring what new applications are possible with the current generation of TPM (TPM 1.2) -- without requiring that the Central Processing Unit (CPU), Operating System (OS), or other components of the hardware be trusted. Shrinking the required trusted computing base to only the TPM itself improves security, and allows more users to immediately and more easily benefit from TPMs. A particular idea being studied is that of implementing ""virtual monotonic counters"", and in turn using these to enable many applications, including secure virtual storage on untrusted servers, and one-time-use digital certificates for authentication, access, or delegation applications.
Going beyond existing TPMs, this project proposes built-in TPM support for ""count-limited objects"", which can have many forms and applications, such as count-limited keys for personal digital sharing and permissions management, and count-limited tokens for offline personal electronic commerce and trade.
Finally, this project proposes and details the evolution of the TPM into a Trusted Execution Module (TEM). Unlike a TPM which can only accept a small set of instructions (mainly for cryptographic operations), a TEM can accept and count-limit encrypted packets of arbitrary instructions. A TEM enables many new applications, including generalized count-limited cryptography, and secure mobile agents with offline clients.
