Trusted platform module copy
- 1. TRUSTED PLATFORM MODULE Basics Rishi Kumar Shrivastava
- 2. TOPICS TO COVER • TPM Genesis. • Life Made Easy : Starring TPM • TPM 2.0 – The Evolution • Family of TPM 2.0 • TPM – The inside story : Architecture. • Attacks history. • Case Study • How to enable TPM
- 3. TPM : The Genesis
- 4. LIFE MADE EASY : STARRING TPM • DoD – Asked for all TPM based devices. • Platform integrity - "integrity" means "behave as intended“ – e.g. - PrivateCore vCage memory encryption • Disk encryption - encrypt the computer's storage devices – e.g. Bit-Locker • Password protection – Disables dictionary attacks at hardware and OS – BIOS lock mechanism. • Digital rights management • Protection and enforcement of software licenses • Prevention of cheating in online games • How to enable TPM
- 5. TPM 2.0 – THE EVOLUTION TPM 1.2 • SHA-1, RSA mandatory, AES – Optional. • One hierarchy (storage) • General crypto primitives are required. • Authorization : HMAC, PCR, locality, physical presence. TPM 2.0 • SHA-1,SHA-256,ECC,RSA, HMAC, AES- 128. • Three hierarchy(Platform, Storage, Endorsement) • All general Crypto primitives with ECC based DAA is used. Also, Logging to library needs key generation and key derivation function. • Auth : Password, HMAC and policy
- 6. FAMILY OF TPM 2.0 • Starting TPM 2.0 • Discrete TPMs – Dedicated Chip, Tamper resistant semiconductor package, Most secure. • Integrated TPMs – Part of another chip, avoids software bugs. Intel • Firmware TPMs – Software only, uses CPU trusted execution environment. Quite vulnerable. Qualcomm, AMD. • Software TPMs – Software emulators, dependent on the OS execution, Provide similar security like normal execution environment. Similar attack vectors can be used like with OS. • Virtual TPMs – Provided by hypervisor, hypervisors provide isolated execution environment, For VMs they are as good as discrete TPMs.
- 7. TPM – THE INSIDE STORY : ARCHITECTURE. keys, owner authorization data integrity measures signing keys when in use external interaction TPM control symmetric keys, nonces encryption keys hashes encrypt/decrypt initialization
- 8. WHO SAYS TPM IS NOT VULNERABLE ?
- 9. WEAKNESS AND ATTACKS HISTORY Weakness • Linear Trust system. • SMA • OS level weakness (Software TPMs, Firmware TPMs) • Linear PCR trust • Blind trust on signing authority – Burn out attack • Dictionary based attacks. • Blob replay Attacks history “In 2010, Christopher Tarnovsky presented an attack against TPMs at Black Hat, where he claimed to be able to extract TPM secrets. He was able to do this after 6 months of work by inserting a probe and spying on an internal bus for the Infineon SLE 66 CL PC” “In 2015, as part of the Snowden revelations, it was revealed that in 2010 a US CIA team claimed at an internal conference to have carried out a differential power analysis attack against TPMs that was able to extract secrets.”
- 10. CASE STUDY: TPM RESET ATTACK Background of the attack : -> TPM is a crypto based device. -> Enables Trusted computing -> includes secure boot, Secure storage etc, Identity management, etc. -> PCRs are extensively used. The Attack : Tools Used : 1) Logic Analyzer 2) OpenXT PCRs under threat : • PCR0 – CRTM, BIOS code, and Host Platform Extensions • PCR1 – Host Platform Configuration • PCR2 – Option ROM Code • PCR3 – Option ROM Configuration and Data • PCR17 – DRTM and launch control policy • PCR18 – Trusted OS start-up code (MLE) • PCR19 – Trusted OS (for example OS configuration)
- 11. GENESIS AND EVOLVEMENT OF TPM : BEHIND THE SCENES. • TCG • Intel • IBM • Apple • HPE • DELL • Nuvoton • Google • Oracle • Infenion • Microsoft
- 12. Q&A
- 13. THANK YOU
Editor's Notes
- #4: Talk about why TPM was needed in a layman terms. People trying to fake identity. 1990s, Change in internet, Change in personal computers, Development and need of servers, Talk about DoD – US Department of defense
- #5: Trusted Execution Technology (TXT), which creates a chain of trust. It could remotely attest that a computer is using the specified hardware and software encrypt the computer's storage devices and provide integrity authentication for a trusted boot pathway that includes firmware and boot sector. The "physical presence" feature of TPM addresses some of these concerns by requiring BIOS-level confirmation for operations such as activating, deactivating, clearing or changing ownership of TPM by someone who is physically present at the console of the machine
- #6: Client, Servers, Mobile hypervisors etc direct anonymous attestation (DAA) —. DAA - and a method of delegating key authorization and administrative (owner-authorized) functions mandatory, optional, or banned and detail other requirements for that SHA-1,SHA-256 – hash, HMAC – symmetric digital generation and verification. HMAC - Hash-based message authentication code - is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key
- #11: PCR - Platform Configuration Register. - The TPM can cryptographically sign these PCRs and send them to a remote party. This party can then verify that the platform equipped with that TPM has been booted up and measured in that specific manner - TPM may not allow a platform in a different state than it was when the key was created to have access to the key. - At initialization, all PCRs are filled with 20 NULL bytes (0x00). Normally only the BIOS sees them in this state. The BIOS will then take some measurement, and Extend() it into a specified PCR.