Data Protection through the Integration of TPM and Cryptography

The growing number of cyber threats has made the protection of sensitive data critical. This work presents a solution integrating the Trusted Platform Module (TPM) with AES-CBC and RSA cryptography to mitigate threats like unauthorized key access and data tampering. The architecture uses the TPM as a hardware root of trust and implements a secure device authentication process using the TPM’s Endorsement Key (EK). To evaluate its practical viability, we conducted comparative experiments on multiple hardware configurations, measuring the performance impact of the TPM on encryption and decryption tasks for files up to 1GB. Our findings show a clear performance trade-off: TPM integration introduces a measurable overhead that is most significant on lower-end hardware and for smaller files. As file size increases, the relative performance penalty diminishes, though the absolute overhead grows. For instance, decryption operations consistently showed less performance variability than encryption. The results demonstrate that the solution effectively enhances security through hardware-based key isolation, and we conclude that the observed performance cost is a predictable and justifiable price for the robust protection offered against modern cyber threats.