Researchers Detail Two New Attacks on TPM Chips

TPM

Researchers Detail Two New Attacks on TPM Chips

TPM (Trusted Platform Module) is a computer chip (microcontroller) that can securely store artifacts used to authenticate the platform (your PC or laptop). These artifacts can include passwords, certificates, or encryption keys. A TPM can also be used to store platform measurements that help ensure that the platform remains trustworthy. Authentication (ensuring that the platform can prove that it is what it claims to be) and attestation (a process helping to prove that a platform is trustworthy and has not been breached) are necessary steps to ensure safer computing in all environments.

Trusted modules can be used in computing devices other than PCs, such as mobile phones or network equipment.

Some PC owners may need to apply motherboard firmware updates in the near future to address two attacks on TPM chips detailed earlier this month by four researchers from the National Security Research Institute of South Korea.

Both attacks target computers that come equipped with a Trusted Platform Module (TPM). TPMs are dedicated microcontrollers (chips, cryptoprocessors) and they are usually deployed on high-value computers, such as those used in enterprise or government networks, but they are also used on personal computers as well.

The role of a TPM chip is to ensure hardware authenticity. A TPM uses RSA encryption keys to authenticate the hardware components involved in a computer’s boot-up process, but also its normal functioning.

The way a TPM works and how the TPM authenticates components part of the boot-up chain is dictated by the TPM 2.0 specification released in 2013.

 

 

 

TPM

 

 

TPM flaws allow attackers to hide tampered boot components

 

Two weeks ago, four South Korean researchers detailed two attacks on TPM chips that can allow an attacker to tamper with the boot-up process. The attacks are possible thanks to power interrupts.

Modern computers do not feed power to all their components all the time and at the same time. They use special APIs to send power to a component only when it needs it to perform an operation, putting it in a suspended (sleep) state between use states.

TPM chips support ACPI (Advanced Configuration and Power Interface), one of the tools operating systems use to control and optimize power consumption in peripherals.

Researchers discovered two issues affecting the way TPMs enter and recover from these suspended power states, which allow an attacker to reset TPMs and then create a fake boot-up chain of trust for a targeted device.

 

 

TPM flaws allow attackers to hide tampered boot components

 

 

The first TPM attack

 

The first attack works against computers which use a TPM chip that uses a static root of trust for measurement (SRTM) system for the boot-up routine.

Researchers say this vulnerability is actually a design flaw in the TPM 2.0 specification itself. As nobody spotted the faulty logic until now, the flawed specification was implemented inside TPM components embedded with computers sold by the vast majority of PC vendors.

The attack scenario involves an attacker abusing power interrupts and TPM state restores to obtain valid hashes for components involved in the boot-up process, which the attacker then feeds back to the same SRTM-configured TPM, tricking it into thinking its running on non-tampered components.

During their experiments, researchers said they managed to tamper with TPMs embedded within computers sold by Intel, Dell, Gigabyte, and ASUS.

 

attack

 

 

The second TPM attack

 

The second TPM attack that the South Korean researchers devised affects TPM chips that use a dynamic root of trust for measurement (DRTM) system for the boot-up routine.

The good news is that this second attack is not as prevalent and wide-reaching as the first. Researchers said this only affects computers running on Intel’s Trusted execution Technology (TXT) for the boot-up routine.

The actual flaw resides in Trusted Boot (or tboot), an open-source library used by the Intel TXT technology.

 

Trusted execution Technology

 

 

Lookout for firmware updates

 

Users interested in rummaging through past or future firmware changelogs for the appropriate fixes can track the two vulnerabilities by their CVE numbers. The SRTM vulnerability has received the CVE-2018-6622 identifier, while the DRTM (tboot) flaw can be tracked under CVE-2017-16837.

The TPM attacks described in this article require physical access to a device, but this doesn’t make them less dangerous.

 

tboot

 

 

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Internet Of Things Training Hyderabad

Internet Of Things Training in Bhubaneswar

Internet Of Things Training in Bangalore

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Web Penetration Testing Company in Bangalore

Network Penetration Testing – NPT

Network Penetration Testing Service in Bangalore

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 

 

 

 


Show Buttons
Hide Buttons