kTPM: 커널 수준 권한 분리를 통한 ARM 용 소프트웨어 TPM

Abstract

According to improved mobile usability and services, various security issues are occurred. To enhance security of mobile devices, Trusted Platform Modules (TPMs) are used. However, hardware TPMs have limitations in terms of low performance and limited resources. This limitations disturb to adopt TPM to provide security for various applications. In this thesis, we propose kTPM, a software TPM using kernel-level privilege separation for ARM platform. kTPM resolve limitations of hardware TPM chip such as low performance and limited small NV storage. Because of kTPM running on CPU that more powerful than hardware TPM chip, it can provides high performance. Also, kTPM support NV storage via eMMC with RPMB to more usability of TPM. kTPM using trusted cloud as secure source of trusted clock and entropy to support TPM features without additional hardware requirements or TPM speci cate modi cation. We implement and demonstrate the kTPM with the TPM 2.0 speci cation. We evaluate functionalities and performance of kTPM. The results show that kTPM can support most TPM 2.0 commands, and more faster than hardware TPMs.