Correction to PseudoCode in Virtual Monotonic Counters and

  • Slides: 7
Download presentation
Correction to Pseudo-Code in “Virtual Monotonic Counters and Count-Limited Objects” Paper Luis F. G.

Correction to Pseudo-Code in “Virtual Monotonic Counters and Count-Limited Objects” Paper Luis F. G. Sarmenta (lfgs@mit. edu) MIT Computer Science and A. I. Laboratory (CSAIL) June 26 -27, 2007

Correction to Pseudo-code in ACM STC ’ 06 paper • Background – Pseudo-code published

Correction to Pseudo-code in ACM STC ’ 06 paper • Background – Pseudo-code published in ACM STC ’ 06 and MIT CSAIL TR-2006 -64 papers has a bug in the code for the RESET operation – This problem and its solution were known to us at the time of writing, but errors were somehow introduced (and left unnoticed) while we were preparing the figures for the paper – These slides are excerpts from a presentation given last June 2627, 2007 Virtual Monotonic Counters and Count-Limited Objects Luis F. G. Sarmenta, 4/12/2007 (slide 2)

Bug in Pseudo-code for RESET operation • Problem – For the RESET operation, the

Bug in Pseudo-code for RESET operation • Problem – For the RESET operation, the code doesn’t check the inputted hashes against the trusted internal roothash – This allows owner to set the tree to whatever he wants to by resetting a subtree and setting everything else as he wants! • Correction – Remove the exception for the RESET operation (Step 6 b) – Note that input “counter blob” for RESET operation is actually a different data structure containing * address of internal node corresponding to subtree to be reset * hash value at that node • How it works – If you lose the data for a leaf or a subtree, you can reset the PARENT subtree, assuming you still have the internal hash value of the parent node stored on disk – The catch: you will also lose the sibling subtree of the lost subtree, but, at least other subtrees are recoverable Virtual Monotonic Counters and Count-Limited Objects Luis F. G. Sarmenta, 4/12/2007 (slide 3)

Published Pseudo-code Virtual Monotonic Counters and Count-Limited Objects Luis F. G. Sarmenta, 4/12/2007 (slide

Published Pseudo-code Virtual Monotonic Counters and Count-Limited Objects Luis F. G. Sarmenta, 4/12/2007 (slide 4)

Correction to Pseudo code Additionally, hts. cur. Orig. Hash = hash value taken from

Correction to Pseudo code Additionally, hts. cur. Orig. Hash = hash value taken from input counter. Blob (which is in a special format) and the internal hash tree node value at that node. TPM owner authorization is required for RESET Virtual Monotonic Counters and Count-Limited Objects Luis F. G. Sarmenta, 4/12/2007 (slide 5)

How it works • Suppose you lost the counter blob for c 1101 and

How it works • Suppose you lost the counter blob for c 1101 and its hash h 1101 • Can’t just replace c 1101 with a blank blob because we need the original h 1101 to recreate the original roothash, so that TPM can verify the rest of the hash tree nodes against its internal stored value • • Hash Tree State TPM (volatile) aik. Handle chip mode nonce (TRUSTED) new. Counter. Blob NVRAM cur. Position cur. Orig. Hash root. Hash cur. New. Hash TPM_HASHTREE _EXEC_CERT mode nonce new. Counter. Blob signature Is Computed orig root same as stored root? New root. Hash Orig root. Hash If we have the original value of h 110 stored TPM_Exec. Hash. Tree ( aik. Handle, RESET, nonce, on disk, then we can provide that for [address=110, hash=h 110], [ h 1100, h 111, h 1 verification, and then the TPM can reset that node (h 110) to the appropriate known null value at that level root. Hash – Given h 110, we can recreate the original h 11 h 10 root. Hash, and also a new root. Hash, assuming that h 110 is nulled h 110 h 111 – If computed root. Hash matches stored root. Hash, then update the root. Hash Note that we have to reset the whole subtree under h 110, so we also lose c 1100 even if we still have it on disk – The reason we can’t use the saved copy of c 1100 even if we have it is because there is no way to verify that it is valid/up-to-date without knowing h 1101 (which we lost) Virtual Monotonic Counters and Count-Limited Objects h 1100 h 1101 c 1000 c 1001 c 1010 c 1011 c 1100 c 1101 c 1110 c 1111 Luis F. G. Sarmenta, 4/12/2007 (slide 6)

Additional Notes on RESET • Note that once a subtree is RESET, all counters

Additional Notes on RESET • Note that once a subtree is RESET, all counters created under the subtree are invalidated, not rewound – Recall that virtual counter ID consists of address, and random. ID – address is re-usable, but random. ID is created at random by CREATE operation – If you reset an address, and then create a new counter at the same address, it will have a different counter ID from the previous counter at that address – Thus, you can’t rewind a counter using RESET • Note that resetting the top-level root. Hash itself to null is a special case of the RESET operation – doesn’t require old root. Hash, but invalidates the entire tree Virtual Monotonic Counters and Count-Limited Objects Luis F. G. Sarmenta, 4/12/2007 (slide 7)

Correction to PseudoCode in Virtual Monotonic Counters andCorrection to PseudoCode in Virtual Monotonic Counters and
Pseudocode Ali Ridho Barakbah Pseudocode Pseudocode adalah bahasaPseudocode Ali Ridho Barakbah Pseudocode Pseudocode adalah bahasa
ALGORITMA Pseudocode Pseudocode 1 Pseudocode digunakan untuk menuliskanALGORITMA Pseudocode Pseudocode 1 Pseudocode digunakan untuk menuliskan
PSEUDOCODE PSEUDOCODE Pseudocode is a kind of structuredPSEUDOCODE PSEUDOCODE Pseudocode is a kind of structured
Pseudocode Contents Purpose of pseudocode VCAA pseudocode conventionsPseudocode Contents Purpose of pseudocode VCAA pseudocode conventions
Lecture Notes 12005 Pseudocode Pseudocode v Pseudocode standardLecture Notes 12005 Pseudocode Pseudocode v Pseudocode standard