How To Bind A TPM's Attestation Keys With Its Endorsement Key

A trusted platform module is identified by its endorsement key, while it uses an attestation key to provide attestation services, for example, signing a set of platform configuration registers, providing a timestamp or certifying another of its keys. This paper addresses the problem of how a certificate authority binds the endorsement and attestation keys together. This is necessary for the authority to be able to reliably certify the attestation key. This key binding also enables the authority to revoke the attestation key should the endorsement key be compromised. We study all of the existing solutions and show that they either do not solve the problem or cannot be implemented with a real trusted platform module (or both). We propose a new solution which addresses this problem. We develop a security model for our solution and provide a rigorous security proof under this model. We have also implemented the solution using a real trusted platform module, and our implementation results show that this solution is feasible and efficient.