Q: What is Trusted Platform Module (TPM) key attestation and what additional security value does it bring for the protection of private keys?
A: TPM key attestation can provide a higher level of protection for users’ private keys by protecting the private key (that is stored on disk, in the user’s profile) with a key that is stored on a trustworthy TPM. By default protection private keys are protected by a key that is derived from the user credentials. TPM key attestation also allows a Certification Authority (CA) to verify that a private key is actually protected by a TPM and more importantly that the TPM is trusted by the CA. A protection key that is stored on a TPM provides a higher level of security assurance because of the non-exportability, anti-hammering, and isolation features a TPM can provide for key storage. As such, TPM key attestation can prevent that a private key is exported to an unauthorized device and can bind a user’s private key identity to a device. It can provide a hardware-rooted user identity, instead of the default software-rooted user identity.
Microsoft supports the protection of a user private key by a TPM since Windows 8 (this is possible thanks to the new Microsoft Platform Crypto Provider Key Storage Provider (KSP)). The verification of the trustworthiness of the TPM (which is what TPM key attestation is really about) is only supported starting with Windows Server 2012 R2 and Windows 8.1.
TPM key attestation leverages a TPM’s Endorsement Key (EK) that is injected into the TPM when it is manufactured and that is unique to each TPM. The trust in the EK is based on the secure and tamper-proof storage of the EK in the TPM and on the fact that the EK’s certificate chains to the TPM manufacturer’s issuing CA. “Chains” meaning that the EK’s certificate can be cryptographically verified by using the certificate of the TPM manufacturer’s issuing CA.
To support the configuration of TPM key attestation Microsoft added a new “Key Attestation” tab in the properties of v4 certificate template. Remember that you can manage certificate templates from the Certificate Templates MMC snap-in. Also, on the CA level, in order to enable the configuration of what TPMs the CA can consider trustworthy, Microsoft added a set of new certificate containers (EKCA, EKROOT and EKPUB).
More detailed information on how to configure TPM key attestation can be found in this Microsoft Technet article: https://technet.microsoft.com/en-us/library/dn581921.aspx.
Jan De Clercq is a member of HP’s Technology Consulting IT Assurance Portfolio team. He focuses on cloud security, identity and access management, architecture for Microsoft-rooted IT infrastructures, and the security of Microsoft products. He's the author of Windows Server 2003 Security Infrastructures (Digital Press) and coauthor of Microsoft Windows Security Fundamentals (Digital Press) and Cloud Computing Protected: Security Assessment Handbook
(Recursive Press). You can reach him at [email protected]