Offline dictionary attack on TCG TPM weak authorisation data, and solution
نویسندگان
چکیده
The Trusted Platform Module (TPM) is a hardware chip designed to enable PCs achieve greater security. Proof of possession of values known as authData is required by user processes in order to use TPM keys. We show that in certain circumstances dictionary attacks can be performed offline on authdata. In this way, an attacker can circumvent some crucial operations of the TPM, and impersonate the TPM owner to the TPM, or the TPM to its owner. For example, he can unbind data or migrate keys without possessing the required authorisation data, or fake the creation of TPM keys. This means that any application that relies on the TPM may be vulnerable to attack. We propose a new solution and some modifications to the TPM specification to prevent the offline attacks, and we also provide the way to integrate these modifications into the TPM command architecture with minimal change. With our solution, the user can use a password-type of weak secret as their authData, and the TPM system will be still safe.
منابع مشابه
Attack, Solution and Verification for Shared Authorisation Data in TCG TPM
The Trusted Platform Module (TPM) is a hardware chip designed to enable computers to achieve greater security. Proof of possession of authorisation values known as authdata is required by user processes in order to use TPM keys. If a group of users are to be authorised to use a key, then the authdata for the key may be shared among them. We show that sharing authdata between users allows a TPM ...
متن کاملA Formal Analysis of Authentication in the TPM
The Trusted Platform Module (TPM) is a hardware chip designed to enable commodity computers to achieve greater levels of security than is possible in software alone. To this end, the TPM provides a way to store cryptographic keys and other sensitive data in its shielded memory. Through its API, one can use those keys to achieve some security goals. There are 300 million TPMs currently in existe...
متن کاملSecurity of the Enhanced TCG Privacy-CA Solution
The privacy-CA solution (PCAS) designed by the Trusted Computing Group (TCG) was specified in TCG Trusted Platform Module (TPM) Specification Version 1.2 in 2003 and allows a TPM to obtain from a certification authority (CA) certificates on short term keys. The PCAS protocol is a lighter alternative to the Direct Anonymous Attestation (DAA) scheme for anonymous platform authentication. The firs...
متن کاملTPM as a Middleware for Enterprise Data Security
Cloud Computing is one of the emerging technologies in Computer Science. Cloud provides various types of services to us. In the Private Cloud Computing the major concern is to securing data/files and also providing privacy. Storage as a Service is generally seen as a good alternative for a small or mid-sized business that lacks the capital budget and/or technical personnel to implement and main...
متن کاملA User Protection Model for the Trusted Computing Environment
Information security presents a huge challenge for both individuals and organizations. The Trusted Computing Group (TCG) has introduced the Trusted Platform Module (TPM) as a solution to end-users to ensure their privacy and confidentiality. TPM has the role of being the root of trust for systems and users by providing protected storage that is accessible only within TPM and thus, protects comp...
متن کامل