On the provable security of TPM2.0 cryptography APIs

Trusted platform module (TPM), core of trusted computing technique, is one of the most prevalent security chips in the world. In 2013, Trusted Computing Group formally upgraded TPM specification to version 2.0, and introduced a comprehensive and powerful trusted computing technique architecture. However, the new specification is rather complex and thus error prone, which makes it necessary to evaluate TPM2.0's security. In this paper, we focus on cryptography subsystem of TPM2.0. We define the first computation model of TPM2.0 cryptography APIs, and prove their security in this strong model using game sequence and simulation. This proof provides high level confidence on security guarantee of TPM2.0 cryptography subsystem. We also carry out experiments on these APIs and compare them with previous version. The experiment shows that flexibility of TPM2.0 does not reduce its performance, meanwhile, real TPM2.0 product still needs to be improved.