Hans Niklas Jacob,Christian Werling,Robert Buhren,Jean-Pierre Seifert

DOI: https://doi.org/10.48550/arXiv.2304.14717

2023-04-28

Cryptography and Security

Abstract:Trusted Platform Modules constitute an integral building block of modern security features. Moreover, as Windows 11 made a TPM 2.0 mandatory, they are subject to an ever-increasing academic challenge. While discrete TPMs - as found in higher-end systems - have been susceptible to attacks on their exposed communication interface, more common firmware TPMs (fTPMs) are immune to this attack vector as they do not communicate with the CPU via an exposed bus. In this paper, we analyze a new class of attacks against fTPMs: Attacking their Trusted Execution Environment can lead to a full TPM state compromise. We experimentally verify this attack by compromising the AMD Secure Processor, which constitutes the TEE for AMD's fTPMs. In contrast to previous dTPM sniffing attacks, this vulnerability exposes the complete internal TPM state of the fTPM. It allows us to extract any cryptographic material stored or sealed by the fTPM regardless of authentication mechanisms such as Platform Configuration Register validation or passphrases with anti-hammering protection. First, we demonstrate the impact of our findings by - to the best of our knowledge - enabling the first attack against Full Disk Encryption solutions backed by an fTPM. Furthermore, we lay out how any application relying solely on the security properties of the TPM - like Bitlocker's TPM- only protector - can be defeated by an attacker with 2-3 hours of physical access to the target device. Lastly, we analyze the impact of our attack on FDE solutions protected by a TPM and PIN strategy. While a naive implementation also leaves the disk completely unprotected, we find that BitLocker's FDE implementation withholds some protection depending on the complexity of the used PIN. Our results show that when an fTPM's internal state is compromised, a TPM and PIN strategy for FDE is less secure than TPM-less protection with a reasonable passphrase.

Lei Han,Jiqiang Liu,Zhen Han,Xueye Wei

DOI: https://doi.org/10.1007/s11704-011-9180-4

2011-05-14

Frontiers of Computer Science in China

Abstract:In today’s globalized digital world, network-based, mobile, and interactive collaborations have enabled work platforms of personal computers to cross multiple geographical boundaries. The new requirements of privacy-preservation, sensitive information sharing, portability, remote attestation, and robust security create new problems in system design and implementation. There are critical demands for highly secure work platforms and security enhancing mechanisms for ensuring privacy protection, component integrity, sealed storage, and remote attestation of platforms. Trusted computing is a promising technology for enhancing the security of a platform using a trusted platform module (TPM). TPM is a tamper-resistant microcontroller designed to provide robust security capabilities for computing platforms. It typically is affixed to the motherboard with a low pin count (LPC) bus. However, it limited in that TPM cannot be used directly in current common personal computers (PCs), and TPM is not flexible and portable enough to be used in different platforms because of its interface with the PC and its certificate and key structure. For these reasons, we propose a portable trusted platform module (PTPM) scheme to build a trusted platform for the common PC based on a single cryptographic chip with a universal serial bus (USB) interface and extensible firmware interface (EFI), by which platforms can get a similar degree of security protection in general-purpose systems. We show the structure of certificates and keys, which can bind to platforms via a PTPM and provide users with portability and flexibility in different platforms while still allowing the user and platform to be protected and attested. The implementation of prototype system is described in detail and the performance of the PTPM on cryptographic operations and time-costs of the system bootstrap are evaluated and analyzed. The results of experiments show that PTPM has high performances for supporting trusted computing and it can be used flexibly and portably by the user.

Jianwei LIU,Dongxu CHENG,Yan LI

DOI: https://doi.org/10.3969/j.issn.1009-6868.2015.03.004

2015-01-01

Abstract:Aiming at the increasing growth of high security level business requirements for mobile terminal, a high security, trusted computing platform architecture for mobile terminal based on trusted platform module (TPM) trusted chip is proposed. Based on the analysis of expanded architecture for trusted function of a wide variety of current mobile terminals, a software and hardware integration scheme is given. In this scheme, the TPM chip plays a key role in the trusted link of mobile terminal. Furthermore, a prototype platform integrated TPM chip has been designed and used for principle verification of highly secure and trusted attribute of mobile <br> terminal. A key point analysis has been done for this trusted computing platform.

Martin Pirker,Robert Haas

DOI: https://doi.org/10.5220/0012466400003648

Abstract:: Trusted Computing and its Trusted Platform Module were introduced about 20 years ago. However, their impact is still limited, only a small number of applications use a TPM, only a few people know that their computer hosts one and what it can be used for. With the ongoing transition from now dominant Windows 10 to Windows 11, every common PC is required to have a TPM to run Windows 11. This short paper reflects on the current environment and state of support for TPMs. It investigates a selection of TPMs, their features, and surveyed the available software stacks to use them. It reports on the findings and the finer details discovered while using TPMs. Overall, this paper contributes to the ongoing discovery and learning about TPM v2, as it will be inevitably a part of our computing with PCs future.

Computer Science

Sami Alsouri,Thomas Feller,Sunil Malipatlolla,Stefan Katzenbeisser

DOI: https://doi.org/10.48550/arXiv.1308.1539

2013-08-07

Cryptography and Security

Abstract:Virtual Trusted Platform modules (TPMs) were proposed as a software-based alternative to the hardware-based TPMs to allow the use of their cryptographic functionalities in scenarios where multiple TPMs are required in a single platform, such as in virtualized environments. However, virtualizing TPMs, especially virutalizing the Platform Configuration Registers (PCRs), strikes against one of the core principles of Trusted Computing, namely the need for a hardware-based root of trust. In this paper we show how strength of hardware-based security can be gained in virtual PCRs by binding them to their corresponding hardware PCRs. We propose two approaches for such a binding. For this purpose, the first variant uses binary hash trees, whereas the other variant uses incremental hashing. In addition, we present an FPGA-based implementation of both variants and evaluate their performance.

Daniel Moghimi,Berk Sunar,Thomas Eisenbarth,Nadia Heninger

DOI: https://doi.org/10.48550/arXiv.1911.05673

2019-11-13

Cryptography and Security

Abstract:Trusted Platform Module (TPM) serves as a hardware-based root of trust that protects cryptographic keys from privileged system and physical adversaries. In this work, we perform a black-box timing analysis of TPM 2.0 devices deployed on commodity computers. Our analysis reveals that some of these devices feature secret-dependent execution times during signature generation based on elliptic curves. In particular, we discovered timing leakage on an Intel firmware-based TPM as well as a hardware TPM. We show how this information allows an attacker to apply lattice techniques to recover 256-bit private keys for ECDSA and ECSchnorr signatures. On Intel fTPM, our key recovery succeeds after about 1,300 observations and in less than two minutes. Similarly, we extract the private ECDSA key from a hardware TPM manufactured by STMicroelectronics, which is certified at Common Criteria (CC) EAL 4+, after fewer than 40,000 observations. We further highlight the impact of these vulnerabilities by demonstrating a remote attack against a StrongSwan IPsec VPN that uses a TPM to generate the digital signatures for authentication. In this attack, the remote client recovers the server's private authentication key by timing only 45,000 authentication handshakes via a network connection. The vulnerabilities we have uncovered emphasize the difficulty of correctly implementing known constant-time techniques, and show the importance of evolutionary testing and transparent evaluation of cryptographic implementations. Even certified devices that claim resistance against attacks require additional scrutiny by the community and industry, as we learn more about these attacks.

Huang Wei

2008-01-01

Abstract:The emergence of general security hardware provides operating system and electronic equipment with a hardware-based security protection,but there were few studies about using the hardware to provide system-level security protection directly.A multi-kernel structure SmartMK was proposed to support applications of different security levels and different types;based on the trusted platform module(TPM) and the new CPU security technology,the strong separation and secure communications mechanisms between multi-kernel were realized and the security of the operating system operating environment was achieved by the hardware and software together.A mandatory access control model was offered to the SmartMK reduce the complexity of access control.Performance testing and application of SmartMK showed that it can effectively strengthen the system security while guaranteeing the system's efficiency.

Wan LIU,Ming TAN,Xing-Shu CHEN

DOI: https://doi.org/10.3969/j.issn.1002-137X.2008.03.085

2008-01-01

Computer Science

Abstract:The main function of trusted computing is done by the trusted platform module.For the working of TPM is based on the OIAP and OSAP protocol,it is most important to ensure the secure working of the two protocols.This article does logic description and security analysis on the two protocols,then presents some ways to protect the two protocols from being attacked.

Dhiman Chakraborty,Michael Schwarz,Sven Bugiel

2023-06-06

Abstract:Platforms are nowadays typically equipped with tristed execution environments (TEES), such as Intel SGX and ARM TrustZone. However, recent microarchitectural attacks on TEEs repeatedly broke their confidentiality guarantees, including the leakage of long-term cryptographic secrets. These systems are typically also equipped with a cryptographic coprocessor, such as a TPM or Google Titan. These coprocessors offer a unique set of security features focused on safeguarding cryptographic secrets. Still, despite their simultaneous availability, the integration between these technologies is practically nonexistent, which prevents them from benefitting from each other's strengths. In this paper, we propose TALUS, a general design and a set of three main requirements for a secure symbiosis between TEEs and cryptographic coprocessors. We implement a proof-of-concept of TALUS based on Intel SGX and a hardware TPM. We show that with TALUS, the long-term secrets used in the SGX life cycle can be moved to the TPM. We demonstrate that our design is robust even in the presence of transient execution attacks, preventing an entire class of attacks due to the reduced attack surface on the shared hardware.

Cryptography and Security

CHEN Wen-zhi,HUANG Wei,XIE Cheng,HE Qin-ming

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.02.016

2009-01-01

Abstract:Virtualization was introduced to increase the security of embedded devices while avoiding the shortcomings caused by the hardware-based approach such as poor flexibility,high complexity and high production cost of equipments.Virtualization platform SmartVP offers a secure system environment by the software-based approach.SmartVP partitions the computing resources on the ARM processor into two parallel sets,one for standard real-time operating system T-Kernel and the other for general-purpose operating system Linux.The trusted computing base of SmartVP is constructed by protecting the code and data of the software on T-Kernel,as well as by implementing the fundamental security services and interfaces.Both performance benchmark and applications show that SmartVP improves the security of embedded devices and reduces the implementing risk together with developing time and cost.

Jianxiong Shao,Dengguo Feng,Yu Qin

DOI: https://doi.org/10.1007/978-3-319-02726-5_11

2013-01-01

Abstract:The Trusted Platform Module (TPM) is designed to enable trustworthy computation and communication over open networks. The TPM provides a way to store cryptographic keys and other sensitive values in its shielded memory and act as Root of Trust for Storage (RTS). The TPM interacts with applications via a predefined set of commands (an API). In this paper, we give an abstraction model for the TPM 2.0 specification concentrating on Protected Storage part. With identification and formalization of their secrecy properties, we devise a type system with asymmetric cryptographic primitives to statically enforce and prove their security.

Wenchang Shi

DOI: https://doi.org/10.1007/978-3-642-14597-1_1

2010-01-01

Abstract:Building trusted computing systems has been continuous endeavors for a long time. However, an increasing amount of trust problems remain unsolved in real-world applications. One of the most important reasons is that insufficient applicable software is available to handle the situation. Although the TCG tries to help building trusted software with TSS, the TSS essentially only states how to use a TPM but not what kind of software to build with the TPM. This paper proposes an answer to the latter question. With considerations to the Chinese counterpart of a TPM, i.e. a TPCM, the paper argues that a Trusted Software Base (TSB) is significant to build trusted applications. It defines a TSB as the totality of trust support mechanisms for system software on a computing platform, which monitors trustworthiness of software on the platform. The concept of TSB is presented and the approaches to designing it are discussed.

ZHANG Wei-Wei,SHI Wen-Chang

DOI: https://doi.org/10.3969/j.issn.1002-137X.2008.02.071

2008-01-01

Computer Science

Abstract:This paper proposes a method for utilizing the trusted computing technology to enhance the trust of file system,and designs and implements a prototype system CIVFS based on Linux.CIVFS combines two file protection measures:encryption and integrity verification.With the stackable file system technology,CIVFS is implemented in Linux kernel.CIVFS adds file encryption and integrity verification modules to the file system,and strengthens the security of system components and data with the functions of trusted computing and secure storage supplied by TPM chip.

Shi Wenchang

DOI: https://doi.org/10.1007/bf02831805

2006-01-01

Wuhan University Journal of Natural Sciences

Abstract:Trusted path is one of the crucial features that operating systems must provide for fundamental security support. In order to explore the possibility of implementing a trusted path mechanism with the support of trusted platform module (TPM) technologies, and to support TPM capabilities in operating systems, the paper extended the scope of the conventional trusted path to cover the situation in which a user communicates with software residing on a remote host. The paper combined the concept of operating system support for trusted path with that for TPM platforms, and proposed the architecture of an extended trusted path mechanism in operating system with considerations on TPM-capable platforms support. As part of the author's research in secure operating systems, the work of the paper was carried out with Linux as an experimental prototype system. The research result shows that TPM capabilities can strengthen extended trusted path mechanisms of operating systems.

Ahmad-Atamli Reineh,Giuseppe Petracca,Janne Uusilehto,Andrew Martin

DOI: https://doi.org/10.48550/arXiv.1606.02995

2016-06-09

Cryptography and Security

Abstract:The emergence of mobile applications to execute sensitive operations has brought a myriad of security threats to both enterprises and users. In order to benefit from the large potential in smartphones there is a need to manage the risks arising from threats, while maintaining an easy interface for the users. In this paper we investigate the use of Trusted Platform Model (TPM) 2.0 to develop a secure application for smartphones using Windows Phone 8.1. In particular, we suggest a framework based on remote attestation as a proxy to authenticate remote services, where the device is associated to the user and replaces the users credentials. In addition, we use the TPM 2.0 to enable secured information and data storage within the device itself. We present an implementation and performance evaluation of the suggested architecture that uses our novel attestation and authentication scheme and reveal the caveats of using software TPM in todays mobile devices.

LI Xiao-jiang,MEI Luan-fang,SHI Jun-fang,CHEN Juan

2010-01-01

Abstract:According to the nowadays security requirement faced by embedded terminal,a design of embedded trusted terminal system is proposed to resolve the security problem referring to TPM application for the common security computer and microkernel technology.On basis of the TCM(trusted cryptography module) this scheme realizes trusted Bootloader,trusted operating system,trusted application program and constructs a integrated trusted chain from bottom to top,which is used in many security areas.Based on these,an experimental prototype is provided as an example to demonstrate the steps of implementing the trusted setup,and the result influence of performance is analyzed.

Xiao-xiang JIAN,Hong GAO,Wen-huang LIU

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.36.022

2006-01-01

Abstract:According to the coming of the global information age,trusted computing improved from fault-tolerance computing,fault detection,redundancy backup technique to trusted computing software and hardware platforms.This article analyzes the limitation of current trusted computing platform based on integrated TPM,and discusses methods using portable TPM to solve current problems.A trusted computing model and its implementation is presented,which is based on the portable TPM.

Rui Chang,Liehui Jiang,Wenzhi Chen,Yaobin Xie,Zhongyong Lu

DOI: https://doi.org/10.23919/tst.2017.8030534

2017-01-01

Tsinghua Science & Technology

Abstract:The run-time security guarantee is a hotspot in current cyberspace security research, especially on embedded terminals, such as smart hardware as well as wearable and mobile devices. Typically, these devices use universal hardware and software to connect with public networks via the Internet, and are probably open to security threats from Trojan viruses and other malware. As a result, the security of sensitive personal data is threatened and economic interests in the industry are compromised. To address the run-time security problems efficiently, first, a TrustEnclave-based secure architecture is proposed, and the trusted execution environment is constructed by hardware isolation technology. Then the prototype system is implemented on real TrustZone-enabled hardware devices. Finally, both analytical and experimental evaluations are provided. The experimental results demonstrate the effectiveness and feasibility of the proposed security scheme.

Shuang Zhang,Xinyu Wan,Deqi Kong,Yangming Guo

DOI: https://doi.org/10.1109/dsa51864.2020.00043

2020-01-01

Abstract:With the application of virtualization and multi-core processor in embedded system, the computing capacity of embedded system has been improved comprehensively, but it is also faced with malicious attacks against virtualization technology. First, it was analyzed the security requirements of each layer of embedded virtualization computing platform. Aiming at the security requirements, it was proposed the security architecture of embedded virtualization computing platform based on trusted computing module. It was designed the hardware trusted root on the hardware layer, the virtualization trusted root on the virtual machine manager layer, trusted computing component and security function component on guest operation system layer. Based on the trusted roots, it was built the static extension of the trusted chain on the platform. This security architecture can improve the active security protection capability of embedded virtualization computing platform.

Liang TAN,Xun LUO,Ming-tian ZHOU

DOI: https://doi.org/10.3969/j.issn.1001-0548.2007.03.005

2007-01-01

Abstract:In this paper, the Trusted Authentication Gateway System (TAGS), based on Trusted Platform Model (TPM) of Trusted Computing Group (TCG), is presented, its design and principle are introduced, and deficiencies of TAGS are analyzed. Key and certification are resident in TPM on client platform, so verifier can decide that when a secure link between client and server could be established by TAGS.