A New Hierarchical Key AuthData Management Scheme for Trusted Platform

The purpose of TPM authorization mechanism is to authenticate the owner of a TPM or to authorize the use of an instance of a TPM capability. The TPM treats knowledge of the AuthData as complete proof of ownership of the entity. The main specification defines an authorized user must provide the parent key AuthData before loading its child key and provide the child key AuthData before using it. All users had to manage more and more AuthData values with the rapid increasing of keys. We have designed and analyzed a new hierarchical key AuthData management Scheme for trusted platform. In our scheme, each authorized user just needs to keep one single AuthData, and the computational requirement for generating or deriving an AuthData is just at the level of modular exponentiation and hash operation. Moreover, the lower level AuthData values can be easily derived from higher level AuthData along the same chain, but it is infeasible reversely. Even if more lower level AuthData values can´t be colluded to calculate the higher level AuthData. The result of performance evaluation and security analysis demonstrates that our proposed method is feasible and security.