Symposium sur la sécurité des technologies de l'information et des communications

Conférence francophone sur le thème de la sécurité de l'information.
Elle a eu lieu à Rennes du 2 au 4 juin 2021.

Protecting SSH authentication with TPM 2.0Nicolas Iooss


Date : 04 June 2021 à 11:00 — 30 min.

For quite some time, desktop computers have been embedding a security chip. This chip, named Trusted Platform Module (TPM), provides many features including the ability to protect private keys used in public-key cryptography. Such keys can be used to authenticate users in network protocols such as Secure Shell (SSH).

Software stacks which enable using a TPM to secure the keys used in SSH have been available for several years. Yet their use for practical purposes is often documented only from a high-level perspective, which does not help answering questions such as: can the security properties of keys protected by a TPM be directly applied to SSH keys?

This is a non-trivial question as for example those properties do not apply for disk encryption with sealed keys. Therefore this presentation fills the documentation gap between the TPM specifications and the high-level documentations about using a TPM to use SSH keys. It does so by studying how SSH keys are stored when using tpm2-pkcs11 library on a Linux system.