An adaptive system architecture for mitigating asymmetric cryptography weaknesses on TPMs

A Trusted Platform Module (TPM) is a microcontroller-based chip, which provides a hardware-based security to the user´s data, cryptographic keys, and other secrets. For this purpose, the TPM is equipped with hardwired cryptographic engines such as RSA, SHA-1, and HMAC that rely on correspondingly uncompromised cryptographic algorithms. For example, the RSA (asymmetric) engine on the TPM utilizes the RSA algorithm for encrypting and decrypting the user data as well as for signature generation and verification. Therefore, in case of a compromised RSA algorithm, not only the data protected by the TPM is lost but also the generated signatures become invalid. One possible solution to this problem is to replace (i.e., update) the RSA engine on the TPM with a new uncompromised asymmetric engine (e.g., ECC). However, the current TPMs are in general implemented as Application Specific Integrated Circuits (ASICs), thus they can not be modified after manufacture. Further, the update of an engine on the TPM leads to a loss of trust kept in the system before an update. Thus, in this contribution, we propose dedicated procedures for regaining the trust in the system after the RSA engine update utilizing the novel Sustainable Trusted Platform Module (STPM) architecture.