Secure Time-Bound Data Protection Keys

The TPM 2.0 security chip on most recent mobile devices supports measurement-bound cryptographic keys. Despite the fact that effective data loss prevention (DLP) and digital rights management (DRM) depend on a hardware root of trust, and on the issuance of limited user credentials and content licenses, this feature of the TPM remains relatively untapped. We at JW Secure aim to change that.

To see this feature in action, download our TPM time-bound key command-line demonstration tool, TimedKey.exe. The tool will only run on a 32-bit Windows 8 system with TPM 2.0 capability (most devices prior to mid-2013 will be TPM 1.2 only). An example of such a device is the Acer Iconia W3.

It may also be necessary first to initialize the TPM. To do this, run the built-in Windows tool, tpminit.exe and follow its prompts. Then open a cmd.exe window to run timedkey.exe. You can follow the sample command flow below.

The first command demonstrates the command-line interface options. Most of the options have defaults.

C:\>TimedKey.exe
TimedKey.exe – JW Secure Demo: Policy bound hardware keys
CREATE   : -c:[1024, 2048] -k:KeyFile {-decrypt -sign -t:60 -p:PIN}
ENCRYPT  : -e:ClearText -k:KeyFile -o:CipherFile
DECRYPT  : -d:CipherFile -k:KeyFile {-p:PIN}
SIGN     : -s:Data -k:KeyFile -o:SignFile {-p:PIN}
VERIFY   : -v:Data -k:KeyFile -i:SignFile

The second command demonstrates the creation of a 2048-bit RSA key on the TPM, bound to a 60-second policy. In other words, this key can only be used on this TPM, and only for the next minute.

C:\>TimedKey.exe -c:
Create Key:
TPM2_StartAuthSession(Trial Session) = 0×00000000
TPM2_PolicyAuthValue = 0×00000000
TPM2_ReadClock = 0×00000000
TPM2_PolicyCounterTimer(Expiration time) = 0×00000000
TPM2_PolicyGetDigest(Expiration time) = 0×00000000
TPM2_FlushContext(Trial Session) = 0×00000000
TPM2_Create = 0×00000000
MarshalKey = 0×00000000
WriteFile(Key) = 0×00000000

Modulus[256] = …

The third command demonstrates the use of the above key to encrypt some sample data:

C:\>TimedKey.exe -e:
Encrypt Secret:
ReadFile(Key) = 0×00000000
BCryptOpenAlgorithmProvider = 0×00000000
TPM2B_PUBLIC_Unmarshal = 0×00000000
BCryptImportKeyPair = 0×00000000
BCryptEncrypt = 0×00000000
WriteFile(Blob) = 0×00000000

Cipher[256] = …

The fourth command demonstrates the use of the above key to decrypt the sample data. By default, this will succeed as long as the command is being executed within one minute of the creation of the key.

C:\>TimedKey.exe -d:
Decrypt Secret:
ReadFile(Key) = 0×00000000
ReadFile(Blob) = 0×00000000
TPM2B_PUBLIC_Unmarshal = 0×00000000
TPM2B_PUBLIC_Unmarshal = 0×00000000
TPM2_Load = 0×00000000
TPM2_StartAuthSession(TPM_SE_POLICY) = 0×00000000
TPM2_PolicyAuthValue = 0×00000000
TPM2B_OPERAND_Unmarshal = 0×00000000
UINT16_Unmarshal = 0×00000000
TPM_EO_Unmarshal = 0×00000000
TPM2_PolicyCounterTimer = 0×00000000
TPM2_RSA_Decrypt = 0×00000000
TPM2_FlushContext = 0×00000000

Secret[40] = MyMostSecretSecret!

Now, wait a minute before re-running the command above. As shown below, this results in a policy violation, and the TPM refuses to exercise the key as requested. This successfully demonstrates the enforcement of time-bound keys.

C:\>TimedKey.exe -d:
Decrypt Secret:
ReadFile(Key) = 0×00000000
ReadFile(Blob) = 0×00000000
TPM2B_PUBLIC_Unmarshal = 0×00000000
TPM2B_PUBLIC_Unmarshal = 0×00000000
TPM2_Load = 0×00000000
TPM2_StartAuthSession(TPM_SE_POLICY) = 0×00000000
TPM2_PolicyAuthValue = 0×00000000
TPM2B_OPERAND_Unmarshal = 0×00000000
UINT16_Unmarshal = 0×00000000
TPM_EO_Unmarshal = 0×00000000
TPM2_PolicyCounterTimer = 0×00000126
TPM2_RSA_Decrypt = 0x0000099d
TPM2_FlushContext = 0×00000000

Secret[0] =

To learn more about using time-bound keys and the TPM hardware root of trust, please contact JW Secure.

Leave a Reply