FutureTPMFuture Proofing the Connected World:

A Quantum-Resistant Trusted Platform Module

FutureTPM will design an innovativeportfolio of high security QRalgorithms for security primitives,such as:

• Key Agreement• Encryption• Signature• Cryptographic Hashing• Message Authentication Code• Direct Anonymous Attestation

Mission

The FutureTPM project is aimed atdesigning and developing aQuantum-Resistant (QR) TrustedPlatform Module (TPM).

Contact Information

Web: https://futuretpm.eu/Email: coordination@futuretpm.euProject Coordinator: TechnikonScientific Lead: University of Surrey& Technical University of Denmark

Use Cases

Online Banking: to isolatethe e-payment process in amore protected context toprovide enhanced security

Main Goals

Secure QR CryptographicAlgorithms for the TPM

Activity Tracking: toincrease the trust of users ofcloud-based activity trackingservices

Device Management: toprotect keys on routers,mobile devices, and IoT

Standardisation

Planned outcomes include thedevelopment of standardisationproposals to push the state of theart in cryptography and the TPM.

Approach

This project has received funding from the EuropeanUnion’s Horizon 2020 research and innovationprogramme under grant agreement No 779391.

This will enable FutureTPM systemsto generate a secure root of trustfor a wide range of ICT services.

They will involve the technicalcommittees of relevant standardsbodies: ISO, IEC, ETSI and the TCG.

This will allow long-term security,privacy and operational assurancefor future ICT systems and services.

Implementation of Hardware,Software, and Virtual TPM

Run-Time Risk Assessmentand Vulnerability Analysis

Design Validation usingFormal Security Analysis

Network Device Management – Use Case Overview

Problem: Network device management solutions face trust-related issues:• Weak device identification• Device integrity not considered for management• Long lifetimes (10y+) make devices vulnerable to quantum computer attacks

Solution: Enhance device management with Trusted Computing:• Strong device identification (based on the QR TPM)• Frequent but lightweight remote attestation (trusted channels)• Network-wide routing policies based on trust state

Benefit: Increase the security of network infrastructure:• Only legitimate devices can access the network• Reduces the risk of leaks or tampering of user data• Shorter time to detect attacks acts as deterrent

3: routing policy =f(statistics, trust)

Router

Router

NMS

Router

Router

1: <- query status2: -> statistics4: <- modify routing table

1: <- query status2: -> statistics

1: <- query status2: -> statistics

1: <- query status2: -> statistics4: <- modify routing table

Trusted control channels

Fallback data path

Preferred data path

attacker

NetworkManager

systemd

mutable file

mutable filemutable file

malware

attacker

detection/protectionbarrier

Trusted Computing Base (TCB)

sshd

Telecom operatornetwork

1. Build and sign software

2. GenerateTPM key3. Request cert4. Retrieve image signature

Infrastructure management zone Device zone

7. Establish trusted TLS channel

Certificate Authority

NMS

Device (e.g. router)

6. Send certificate5. Verify &sign cert

Vendor premises

Comprehensive Integrity Verification (CIV)

• Relies on Trusted Computing and Integrity Measurement Architecture (IMA) to monitor device integrity

• Trusted channels with implicit remote attestation based on key usage• Covers risks coming from dynamic data and process interactions

• Aims at simple integration into products through TLS-based trusted channels

Current Progress

• Technical and Security Requirements and the Reference Architecture – complete• Design and development of set of QR cryptographic primitives to be

implemented in the various TPM environments – early release• TPM Security modeling, Risk assessment, Vulnerability analysis - early release

• 1st FutureTPM Workshop on Quantum-Resistant Crypto Algorithms, Oct 2018• 1st Workshop on Cyber-Security Arms Race (CYSARM) - cysarm.org, Nov 2019• Current deliverables and publications can be found on futuretpm.eu• CIV partial release available on github.com/euleros

Dissemination of Results