Usability and Security of Trusted Platform Module (TPM) Library APIs

Simple item page
dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.authorRao, Siddharth Prakashen_US
dc.contributor.authorLimonta, Gabrielaen_US
dc.contributor.authorLindqvist, Janneen_US
dc.contributor.departmentDepartment of Computer Scienceen
dc.contributor.groupauthorComputer Science Professorsen
dc.contributor.groupauthorHelsinki-Aalto Institute for Cybersecurity (HAIC)en
dc.contributor.groupauthorProfessorship Lindqvist Janneen
dc.contributor.groupauthorHelsinki Institute for Information Technology (HIIT)en
dc.contributor.organizationNokia Bell Labs Finlanden_US
dc.date.accessioned2023-02-01T09:11:33Z
dc.date.available2023-02-01T09:11:33Z
dc.date.issued2022en_US
dc.descriptionFunding Information: We thank our anonymous reviewers for their insightful reviews and feedback that helped us improve the paper. We also thank our participants, without whom this study would not have been possible. We are grateful to Yoan Miche from Nokia Bell Labs for his support and discussions throughout this research project.
dc.description.abstractTrusted Platform Modules (TPMs) provide a hardwarebased root of trust and secure storage and help verify their host's integrity. Software developers can interact with a TPM and utilize its functionalities using standardized APIs that various libraries have implemented. We present a qualitative study (n=9) involving task analysis and cognitive interviews that uncovered several usability and security issues with tpm2-tools, one of the widely used TPM library APIs. Towards this end, we implemented a study environment that we will release as open source to support further studies. Our results support two major conclusions: 1) tpm2-tools APIs, as designed, are not designed to be developer-friendly, and 2) One of the major causes for these usability issues is in the TPM specifications. Since other libraries also mirror the specifications and provide no significant usability improvements, our results are likely to indicate similar issues with all current TPM library APIs. We provide recommendations for improving the TPM library APIs documentation and software, and we highlight the need for HCI experts to review TPM specifications to preemptively address usability pitfalls.en
dc.description.versionPeer revieweden
dc.format.extent20
dc.format.mimetypeapplication/pdfen_US
dc.identifier.citationRao, S P, Limonta, G & Lindqvist, J 2022, Usability and Security of Trusted Platform Module (TPM) Library APIs. in Proceedings of the 18th Symposium on Usable Privacy and Security, SOUPS 2022. USENIX -The Advanced Computing Systems Association, pp. 213-232, Symposium on Usable Privacy and Security, Boston, Massachusetts, United States, 07/08/2022.en
dc.identifier.isbn978-1-939133-30-4
dc.identifier.otherPURE UUID: 819a444c-3831-4dc0-8f68-f48bb99866d8en_US
dc.identifier.otherPURE ITEMURL: https://research.aalto.fi/en/publications/819a444c-3831-4dc0-8f68-f48bb99866d8en_US
dc.identifier.otherPURE LINK: http://www.scopus.com/inward/record.url?scp=85140880377&partnerID=8YFLogxK
dc.identifier.otherPURE LINK: https://www.usenix.org/conference/soups2022/technical-sessionsen_US
dc.identifier.otherPURE FILEURL: https://research.aalto.fi/files/99438474/Usability_and_Security_of_Trusted_Platform_Module_TPM_Library_APIs.pdfen_US
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/119548
dc.identifier.urnURN:NBN:fi:aalto-202302011898
dc.language.isoenen
dc.relation.ispartofSymposium on Usable Privacy and Securityen
dc.relation.ispartofseriesProceedings of the 18th Symposium on Usable Privacy and Security, SOUPS 2022en
dc.relation.ispartofseriespp. 213-232en
dc.rightsopenAccessen
dc.titleUsability and Security of Trusted Platform Module (TPM) Library APIsen
dc.typeA4 Artikkeli konferenssijulkaisussafi
dc.type.versionpublishedVersion

Files

Collections

[article-cris] Perustieteiden korkeakoulu / SCI