A Plausibly-Deniable, Practical Trusted Platform Module Based Anti-Forensics Client-Server System

A Trusted Platform Module (TPM) contains a unique identity and provides a range of security functions. This paper demonstrates a novel approach of using a TPM-enabled computer in a client-server system to hinder forensic examination. The prime motivation for this is to highlight the implications of such TPM-based approach in digital forensics for law enforcement agents. The system allows for data confidentiality, plausible deniability, and hiding of traces that data containing incriminating information was present on the client. The server will attest the client before allowing it to submit or receive encrypted data, and encrypted data containing incriminating information can only be decrypted 1) by the encrypting client, and 2) if and only if the encrypting client´s platform configuration matches that during encryption. The client´s state can always be established via measurement results, and they cannot be tampered to fake attestation.