Hardware TPM Hacked 327
BiggerIsBetter writes "Christopher Tarnovsky has pulled off the 'near impossible' TPM hardware hack. We all knew it was only a matter of time; this is why you shouldn't entrust your data to proprietary solutions. From the article: 'The technique can also be used to tap text messages and email belonging to the user of a lost or stolen phone. Tarnovsky said he can't be sure, however, whether his attack would work on TPM chips made by companies other than Infineon. Infineon said it knew this type of attack was possible when it was testing its chips. But the company said independent tests determined that the hack would require such a high skill level that there was a limited chance of it affecting many users. ... The Trusted Computing Group, which sets standards on TPM chips, called the attack "exceedingly difficult to replicate in a real-world environment."'"
surprise surprise (Score:5, Insightful)
'near impossible'
Shouldn't that be 'near inevitable'?
Infineon said it knew this type of attack was possible when it was testing its chips.
Did they mention this in their marketing and when selling the TPM FUD to governments and companies?
"exceedingly difficult to replicate in a real-world environment."
Meaning only powerful criminal organizations, companies and governments can probably gather the
required resources and people with the expertise to pull it off? Out of 6.8 billion people, how
many have the resources to do this? 1000? 10,000? What about in 5 years?
At what point will they admit its flawed? Probably when TPM2 is fully patented and ready.
Re:surprise surprise (Score:4, Insightful)
'near impossible'. Shouldn't that be 'near inevitable'?
No. Consider a strongbox. The best strongboxes, or safes are rated to withstand X minutes of attacking with Y Tools, with the idea being that within those X minutes, the security guards or the police will have responded and arrested the guy patiently drilling holes in the wall. Even though safes have been successfully manipulated, drilled, pried, lanced, or detonated, manufacturers still design strongboxes to thwart burglars, changing locks, adding glass discs, experimenting with new alloys, new shapes, and so on. Inevitably, some thieves will figure out a way to thwart these safeguards, and design begins anew.
It's not as if the burglars have won, and a burglary safes are a quaint anachronism.
The TPM should give administrators time to disable credentials in the case of a stolen laptop. But "secret forever" was and probably shall ever remain a pipe dream.
Re:surprise surprise (Score:4, Interesting)
Right but outside the fire safes you get at home center most safes and strongboxes are designed such that they are difficult to remove from the site. They may be very heavy requiring equipment to move fastened from the inside etc etc. In the case of laptops and phones virtually any situation in which this sort of attack will be used is one where the units whereabouts are not know to the owner. Which makes it pretty hard to respond to. The big sell point on TPM was if your device goes missing its brick to whomever finds it; this sorta makes that untrue.
Yes you make your laptop useless to the typical thief but as far as corporate espionage, government records leaking etc etc; this makes TPM a pretty poor defense. Yes I realize its supposed to be one line of defense bu when things like the keys to your disk encryption are stored there those remaining lines are not much of a hurdle.
Re:surprise surprise (Score:5, Informative)
It. Can't. Be. Automated.
Re: (Score:2)
Re: (Score:3, Insightful)
No, you fucking fail. You're just too much a pussy to admit it, so you're trying to cover up your arrogant bullshit with this garbage. Kill yourself.
Re:surprise surprise (Score:5, Interesting)
You didn't even read the article, did you? This was a hardhack.
It also amuses me that TFS makes the point of blaming "proprietary" solutions. Exactly how would this attack have been prevented by using open source?
Re: (Score:2, Insightful)
Re:surprise surprise (Score:4, Insightful)
This is called "tamper resistance" and is a common technique used in physical security. People who use this stuff professionally know this is how it works and factor it accordingly. No one with any competence in the field assumes the perfect security of a system. ALL systems are vulnerable depending on the time, money and effort expended to compromise them. Tamper resistance has the sole purpose of driving those factors up.
See: Tamper Resistance [wikipedia.org]
Most of the people who have information valuable enough to warrant this type of time-effort-money expenditure aren't relying solely on TPM for their security. Things like multi-factor authentication and independent encryption come into play as well.
Security through risk (Score:3, Informative)
No matter how quick the method gets, having to work with hydrofluoric acid [wikipedia.org] with the target machine means it's a risky procedure, as in "do you like having bones in your fingers?". It's not something you can reduce to a script and rattle out. It's not going to scale well to multiple machines, either.
That in itself is an argument against obscuring this exploit, of course. No script kiddies were going to suddenly run out and apply this opportunistically, so the risk of releasing it is low to nonexistent. Frank
Re: (Score:3, Insightful)
The makers of the chip said that they knew of the problem. An open chip maker would also be aware of the problem, but they would make the problem known. This would allow people using the chip to determine of the pros outweigh the cons of the vulnerability .
Re:surprise surprise (Score:4, Insightful)
Re:surprise surprise (Score:5, Insightful)
Gah. This whole conversation is retarded.
Re: (Score:2)
Exactly how would this attack have been prevented by using open source?
It wouldn't. In fact, nothing can prevent that attack, because it's not theoretically possible to give someone a secret while keeping it from them.
Re:surprise surprise (Score:5, Insightful)
HEY TARNOVSKY (Score:3, Insightful)
Re:HEY TARNOVSKY (Score:5, Informative)
TPM is designed to detect changes to specific protected operating system files so that the owner knows that they haven't been tampered with. SuperDRM spy reports? :-O That's some might fine tinfoil you have there...
How well do you understand the Remote Attestation system? If you have any doubts about what I said I will gladly explain it to you, and cite the documentation to back it up if you like. I just need some clue how much of it you already understand and how technical (or non-technical) you want the explanation to be. I am a programmer and I have studied the entire 332 page technical specification for the TPM chip, and studied all of the other technical info I've been able to find. I have have an extensive and very technical understanding of the chip and how it operates with software, and I have a less detailed picture of the Trusted Computing infrastructure they are building around the chip.
Yes, the TPM is capable of telling the owner whether anything has been tampered with. But saying that is like saying telephones are an in-home intercom. Yes, two phones on the same line in you home do act like an intercom, but that wildly misses the designed functionality of telephones.
Remote Attestation is designed to be able to securely report to ANYONE exactly what is BIOS/Bootloader/OperatingSystem/other-software is running your computer. And when I say "securely report" what is on your computer, I mean that this report is specifically designed to be secure against the owner. You can control whether your computer answers requests for this Remote Attestation report, but you the owner are unable to control or alter the contents of this report. The TPM will not permit you to alter the contents of the report, and the TPM cryptographically signs the report it sends. An unsigned Attestation is invalid, and any attempt to modify the TPM's signed attestation invalidates it.
So when I called it a "SuperDRM spy report" perhaps I was overly casual and colorful with the language, but it was essentially correct. The TPM is designed to keep a secure log of your system - and this log is specifically kept secure against "tampering" by the owner, and the contents of this log are specifically intended to be sent REMOTELY - meaning to other people over the internet a and again the TPM cyrptographically secures this report against "tampering" by the computer owner. It's all logged and secured in a "Super DRM secure against the owner" manner, and it's the chips "spy" log of what it has watched on your computer You can look at it to verify that your system files haven't been tampered with, but it also enables other people to check that your system hasn't been "tampered with", and that specifically includes verifying that YOU have not "tampered" with anything.
And after validating what BIOS you have and that you haven't tampered with it, and after validating what operating system you have and that you haven't tampered with that, and after validating exactly what program you are running and that you haven't tampered with that, the chip enables that validated program to securely add anything and everything it wants as additional information in that Remote Attestation.
It's easiest to illustrate it with a DRM example, because that is precisely what it is tailored to. Say you want to watch Hollywood movies on your computer. You connect over the internet to the MPAA's movie servers. They ask for a Remote Attestation. They examine that Attestation to verify that you have an approved BIOS and that you haven't tampered with it, and that you have an approved operating system and that you haven't tampered with it, and that you have an approved video card and approved video drivers and that you haven't tampered with them. (And of course all along the way "approved" means software that won't violate their DRM.) And then the verify what program you are running right now - they check that you are running their own DRM-enforcing video player. And of course Remote Attestation is validating that
Re:surprise surprise (Score:5, Funny)
How about you do something crazy and carry on to the actual article (I know.. I forgot where I was)
You tell me how you're going to pack acid and rust remover into a downloadable tool and I'll worry.
Re: (Score:2)
Getting the cover off of the lock is the best way to find out how to pick it. Once you know how to pick it, you can do it even if the cover is on.
Re: (Score:2)
No. This isn't a software hack. It requires physical modification of the chip itself, every time. The chips are sealed in epoxy, so you'd have to get thru that with acid EVERY TIME. You aren't going to automate it with improved knowledge. RTFA.
Re: (Score:3, Informative)
The algorithms ARE known. It's just that dissolving the chip package in hydrofluoric acid and inserting logic probes into the chip itself is far easier than breaking those algorithms.
He used the attack to retrieve a specific key from a specific chip, not as a general algorithm or protocol attack on the TPM platform.
Re: (Score:3, Insightful)
And after he does it a second time and realizes, for example, the first half of the keys are identical or the odd and even bits fulfill a certain function, then a brute force software solution becomes trivial.
Re: (Score:2)
Bloke says the US is not ready for cyber war (Score:2)
When will they learn (Score:2, Insightful)
Re: (Score:2)
This paints faaaar too black and white a picture of security. Factoring the huge RSA key that you're using within the next few days is "next to impossible" (the first pair of large primes I try could be the ones) but that doesn't make it bad security. What you have to do is raise the bar high enough that your data/house/identity is adequately protected. Absolutes do not exist. That said, I'm not making a judgment on this particular hack or its difficulty, just that claiming that the ONLY good security i
Re: (Score:2)
Re: (Score:2)
No.. there is a difference between possible and theoretically possible.
I don't really call any hack that requires "physical access" to be a genuine danger.
If someone has physical access to your box you've got greater worries.
Re:When will they learn (Score:5, Insightful)
Yes, but remember that TPM is about keeping you our of your own computer, so those who would like to do so are worried about this.
Re: (Score:2)
Why is this modded troll? Wake up mods!
Re: (Score:2, Interesting)
Re:When will they learn (Score:4, Insightful)
[...] remember that TPM is about keeping you our of your own computer[...]
Um, no. TPMs are designed for three things: 1) establish a hardware root of trust for boot (i.e., make sure that you're actually booting your OS and not a rootkit first), 2) provide lightweight, secure and fast cryptographic operations (so you don't have to do something stupid like store a cryptographic key in plaintext on your HD), and 3) allow remote attestation of a computer's software stack (i.e., verifying the integrity of the OS and other pieces of software...very useful for distributed systems).
Yes, there are applications of TPMs for DRM, but that is a side effect and not a primary factor. Furthermore, in the case of general purpose computers (which does not include gaming platforms like the Xbox), the TPM best practices make it very clear that the TPM should only be activated with the user's explicit knowledge and consent. I.e., it is the owner of the hardware who decides if the TPM will be used, not the software vendors. Of course, hardware vendors are not obliged to follow the best practices, but that's not the fault of TCG.
Re: (Score:3, Interesting)
That's like denying the purpose of teflon coated bullets is penetrating kevlar vests.
It would be ludicrous in the extreme for someone to say teflon coated bullets are for deer hunting.
The primary design criteria for TPMs is to secure computers against their owners. The TPM technical specification explicitly refers to the owner as an attacker and mandates "security" against "attacks" from the owner. The overriding design criteria throughout the specification is denying the owner access to his own master key,
Re: (Score:3, Interesting)
No, you were right the first time.
Originally, TPM intended to let you know that your computer is working in the "trusted manner." Usually, the "trusted manner" would be defined either by the corporate IT department; or by a generic secure profile from Microsoft if you are a typical home user; or by yourself if you are a skilled programmer/systems administrator.
The DRM people saw this technology and said: "This will be the best DRM ever."
The practical problem is that you can only trust one of:
a) your ow
Re: (Score:2)
Re: (Score:2)
but how many people that use this are actually going to be targeted by criminals that are capable of this and not have greater worries? Probably zero..
Look at the procedure the guy went through. He'd not only need access, he'd need some time to sit down and get comfy with it. A spy ripping a chip out of your box in your server room and field stripping it is going to get noticed.
Re: (Score:2)
Re: (Score:2)
Except that almost the entire reason for a TPM chip it to secure against those with physical access. So you can't just declare that physical access invalidates it.
Re: (Score:2)
Re: (Score:2)
"Physical access" in the time of PDAs, smartphones and laptops? Hardly a challenge.
Also don't forget that security is often also a matter of trust. If something is trusted to be "secure", additional layers of security are often ignored because THIS cannot be the leak, so we needn't add more security. I wouldn't deem it impossible that sensitive data may be stored on a TPM protected device because it is "impossible" to break it open, something that would certainly not be permitted if the device was not trust
Re: (Score:2)
Every password, every encryption key can be brute-forced, given enough time.
No software is flawless.
No hardware is flawless.
Even the strongest bank vault inside the strongest nuclear bunker under the largest mountain defended by an immense army can be breached.
So in your world there is only place for bad security.
Luckily for the rest of us there is also something like "good enough" security that is so secure that breaking it is so expensive/hard that it becomes practically impossible.
Re: (Score:2)
Generally speaking "given enough time" to bruteforce a key should mean something like "a few orders of magnitude more time than the universe is expected to last before heat death". Not "6 months". Of course, he didn't bruteforce a key here, he comprimised a hardware device. Comparing the "imperfect" security of one with the other is a tad disingenuous.
The real problem here is these devices have been pushed as some sort of magic security bullet, without the companies pushing them being honest about the ac
Re: (Score:2)
Bullshit.
All security is breakable - given enough time and money. So all security is just a trade-off how much are you willing to spend and how much inconvenience can you take versus how serious an attack do you need to be secure against.
Is your house built with bank vault doors and walls and floor and ceiling? Does the door have a lock anyway?
Re: (Score:2)
...But I am guessing about every secret service in the world already knew how to do this attack.
What the hell would they need millions of dollars worth of human and electronic resources to crack TPM for when waterboarding supplies are less than ten bucks and you usually get an answer in less than 5 minutes?
Yeah, that may sound like a joke, but seriously, there are enough "old-school" tactics out there to gain access the old fashioned way. Not to mention the threat tactic of labeling you a "terrorist", and immediately qualify you for "throw-away-the-key" lockup.
Obligatory XKCD cartoon (Score:3, Insightful)
Security: http://xkcd.com/538/ [xkcd.com]
-dZ.
Re: (Score:2)
then it's perfectly safe for me to store data that's only worth $999 to the attacker under protection vulnerable to that attack.
I solved it by hanging a sign on my valuable data saying "This data is only worth $999". After all, it's not like an attacker knows whether it's my bank account information or my shopping list until after they've broken the security.
Re: (Score:2)
What worked for me was a sign at the door:
"I spent 200 bucks on my stereo, but 2000 on my burglar alarm. My neighbor did it the other way around. Be smart!"
Security only buys you time. (Score:2)
This one line changes things:
The new attack discovered by Christopher Tarnovsky is difficult to pull off, partly because it requires physical access to a computer.
You can't have a piece of hardware make your data safe forever. It only needs to be safe for as long as you use it.
Re: (Score:2)
Wrong. Real encryption with real key management can be either impossible (OTP) or effectively-impossible (AES) for someone to get around, even if they have physical access to your machine.
TPM is an attempt to make key management easy, but it comes at the cost of making circumvention really hard (rather than effectively impossible).
Re: (Score:2)
Of course, there are even easier methods [xkcd.com]
Nope, wrong... (Score:2)
Wrong. Real encryption with real key management can be either impossible (OTP) or effectively-impossible (AES) for someone to get around, even if they have physical access to your machin
You forget that humans are the weakest link. Torture the shit out of someone that knows the password, and you'll be home free.
Re: (Score:2)
Coercion is an out-of-scope problem for encryption, actually.
Yeah, this is going to be a major problem... (Score:4, Insightful)
If the attacker has this much physical access to your system/data then you've lost LONG before the TPM chip failed.
Re: (Score:3, Insightful)
If the attacker has this much physical access to your system/data then you've lost LONG before the TPM chip failed.
Yes, such as if the computer was stolen. I don't know much about TPM, but I would hazard a guess that one of the selling points would be to keep information secure even if the computer it is in gets stolen.
Am I getting old? (Score:2)
When I saw TPM, the first thing I thought of was the CP/M variant that came with the Epson QX-10.
Re: (Score:3, Funny)
Yes, it means you're getting old. On the plus side, your memory appears to be in great shape.
Re: (Score:2)
Yea, but unfortunately his short term memory is going.
He forgot the new cover sheet on his TPM report.
Re: (Score:2)
Re: (Score:2)
who are you? and where are my pants?
"high-skill" (Score:2)
"But the company said independent tests determined that the hack would require such a high skill level that there was a limited chance of it affecting many users."
You're kidding me, right?
Re:"high-skill" (Score:5, Insightful)
Not sure what you mean. But yes, this does require a high skill level - we don't know how many TMP chips this guy trashed before getting it to work on one, or what his success rate would be on the next one. If he gets a laptop full of Chinese secrets and is asked to crack the TPM chip, he might well fry it on the first attempt, and you don't get second attempts on this kind of thing. It's not the kind of exploit that can be scripted and downloaded by any kiddie.
Re: (Score:2)
Oh -- I know it's beyond script kiddies, but still, saying that such an exploit isn't to be worried about because it requires "high-skill" -- what really dedicated, evil cracker _isn't_ "high-skill?"
Re: (Score:2)
He knows where to look and can measure depth. now all he needs to do is map out where to drill and how deep, insert probe into hole and voila!
refining the hack to increase reliability is very easy once you have more information.
Does anyone know if this leads to a soft-hack (Score:2)
So he did this by access the information in the chips protected storage. Now that he has done this does it let us get at the set of possible keys or anything that would allow a software solution to defeating these things?
Re: (Score:2)
Given that the first step in the hack is removing the chip and dissolving its outer casing in acid, I'm guessing this isn't likely to admit a purely software exploit.
In other words, RTFA.
Re: (Score:3, Insightful)
Given that the first step in the hack is removing the chip and dissolving its outer casing in acid, I'm guessing this isn't likely to admit a purely software exploit.
In other words, RTFA.
What the GP was asking is that now that this has been broken once, does the data obtained from said break-in provide enough information to devise a software solution?
For instance, if the data obtained indicated that passwords always resolve to a relatively small subset of hashes, then brute force attacks would have a much faster time of it. But hey, way to play the RTFA card without understanding the question.
Re:Does anyone know if this leads to a soft-hack (Score:5, Insightful)
Actually, most likely the keys stored inside the chip's non-volatile memory are probably encrypted, just to prevent that sort of attack.
I worked with similar technology in a previous job. When Tarnovsky said "This chip is mean, man - it's like a ticking time bomb if you don't do something right,"
My guess is he wasn’t kidding. These sorts of chips have all sorts of counter measures to make this sort of attack difficult. The algorithms built into the circuits on the chip are designed to make eavesdropping hard. You can send different commands to the chip, and ask it to decode different amounts of data, but it will intentionally insert randomness into the time and number of operations to do the work to prevent you from gleaning information about what is going on inside the chip. I’m sure there are circuits that do nothing other than generate spurious electrical impulses so that trying to sense what the chip is doing remotely won’t work. The only way to even attempt an attack like this is to do what Tarnovsky did, and strip off the packaging. Assuming you didn’t just destroy it, even then you aren’t home free. I’m sure there are other safe guards built into the chips. Oh, did the voltage drop just now across that one circuit? That’s probably an attack – the chip just deleted the keys you were trying to recover and is now useless. Did that operation take too long because someone hooked up their own custom circuit in an attempt to decode what was going on? Yeah, that’s out too bye bye secret keys Interrupt the power to the key storage area for a nanosecond while you try to connect your probe? I’m sorry, you’re done. Did you just read out the data out of the protected storage out of sequence? Well, not only is that data encrypted (and therefore useless), the chip detected it, and intentionally burned out a small inaccessible fuse buried inside the chip and bricked itself. You’re done. Did you just inject an internal command with your probe that wasn't expected? Yep, you just blew another fuse. Go home.
You have to connect your probes in exactly the right place, in exactly the right way, and not disturb the electrical properties of the circuit you tapped into to prevent the chip from knowing that you are there and triggering a counter-measure.
I don’t know which counter measures the TPM modules from Infineon implement, but if they are current with the sort of technology out there, this hack was really really super damn hard.
Sure, with enough time, money, skill, patience, and physical access to the machine, anything can eventually be broken. The idea of the TPM was to make it expensive enough to hack that the average thief won’t bother. If you are relying on a TPM only to protect secrets on a mobile device (which can be stolen and then hacked by a well funded company or government) you either deserve what you got, or you’ve made way too many well funded and motivated enemies.
Re: (Score:3, Interesting)
My question:
Would a mass produced chip that is on a lot of business PC motherboards, and which is stated to have little to no physical resistance to attack have all this? TPMs are not that expensive, so I'm sure they would not have near the physical anti-tamper technology that a CAC, a smart cartd, an IBM crypto PCI card, much less a 3U HP HSM would have.
Maybe it's time to rethink "digital everything"... (Score:2)
Seriously... We're reading about how Chinese baddies are doing this and that to gain access to secrets and whatnot and it seems like every few weeks some previously unbreakable form of encryption has been compromised. Maybe it's time to greatly reduce our dependency on the digital world to secure trade and state secrets. I mean... Laptops and phones are lost/stolen all the time, why would anyone in their right mind trust transporting state secrets on a flippin' laptop??? We all know it happens and we all kn
Re: (Score:2)
Re: (Score:2)
Make sure to hand in your geek card on the way out.
Obligatory XKCD (Score:2)
http://xkcd.com/538/ [xkcd.com]
If the data is valuable enough to steal a computer and try to hack the TPM chip using acid and needles, then it's valuable enough to threaten the person with the password to divulge it.
Re: (Score:2)
> ...it's valuable enough to threaten the person with the password to divulge
> it.
That only works if you have both the computer and the person. Rubber hose cryptography is of little use if you have the laptop because a British cabinet member left it in a taxi.
Re: (Score:2)
A government employee? The password is 12345
Re: (Score:3, Insightful)
http://xkcd.com/538/ [xkcd.com]
If the data is valuable enough to steal a computer and try to hack the TPM chip using acid and needles, then it's valuable enough to threaten the person with the password to divulge it.
Do you think China would be willing to steal a laptop with US state secrets on it? Definitely. Would they be willing to kidnap and torture the military officer or NSA employee who knows the password? Not a chance – that's an act of war.
(And no one but a foreign government would put this much effort into retrieving data from a computer. Anything short of state secrets is not worth the effort.)
It does not matter how hard it was/is. (Score:2)
It does not matter how hard it was/is.
This message of success will assure that many other outfits will have a try at it for various reasons.
It's the proverbial ghost out of the bottle.
Solution is quite obvious (Score:4, Funny)
Since using technique involves reverse engineering the chip, this is a clear violation of the DMCA. So just find your local attorney and prosecute.
Problem solved. Nothing to see here move along. Thanks for playing. :)
Step 1 - decap the chip without killing it (Score:5, Insightful)
Decapping usually involves concentrated nitric and/or sulfuric acids. Temperature control is important. You want to carefully dissolve the plastic without destroying the lead frame and/or the bonding wires going from the lead frame to the die. You also want to complete this process without losing any fingers or your eyesight -- highly concentrated acids. Rinse carefully with deionized water and test to make sure the chip is still functional.
Now you can feed the chip to your electron beam probe, FIB mill, or just take pretty pictures.
Not the kind of thing you're going to do in your kitchen!
Re: (Score:3, Funny)
Not the kind of thing you're going to do in your kitchen!
What!? You obviously have never seen my kitchen. ;)
Unlimited physical access. (Score:2)
This required physical access to the device. If you have unlimited physical access to any device, digital or analog, you will eventually be able to crack it, assuming you have the available resources. The key is to keep the bad guys from getting access in the first place, which isn't always possible. Even the best security has numerous weak points, like the security guards that only make $40K a year, or people that leave their devices unattended in public places.
Probably best to store all critical inform
CHALLENGE TO TARNOVSKY (Score:4, Insightful)
I've been reading about this hack for days, but something seems fishy. Some of the earlier reports [computerworld.com] had him hacking the SLE 66 CL processor chip which is embedded in the TPM, not the TPM itself. This article also describes him as having to work with many copies of the chip to discover its secrets, but it has the chips being inexpensive ones from China. Problem is that Infineon is a German company and I don't think you can get Infineon TPMs cheaply from China. Putting this together, it's not clear to me that he has truly hacked an Infineon TPM. He may have hacked a similar chip and he assumes that the same attack would work on TPM.
However, there is a way for him to easily prove that he has done what he said. Every Infineon TPM comes with an RSA secret key embedded in it, called the Endorsement Key or EK. This key is designed to be kept secret and never revealed off-chip, not to the computer owner or anyone. And Infineon TPMs also come with an X.509 certificate on the public part of the EK (PUBEK), issued by Infineon. If Tarnovsky has really hacked an Infineon TPM and is able to extract keys, he should be able to extract and publish the private part of the EK (PRIVEK), along with the certificate by Infineon on that key. The mere publication of these two pieces of data (PRIVEK and Infineon-signed X.509 cert on PUBEK) will prove that his claim is true.
Re: (Score:3, Interesting)
I've seen this article in a few places (see also here [darkreading.com]) and discussed it with some colleagues (one of whom was a consultant on the design of the TPM). We had the same suspicions regarding whether or not it was an Infineon TPM or a clone.
Regarding the key question, I don't think he has actually been able to extract the endorsement key. I believe the attack is just about extracting keys generated and stored on the TPM. For instance, the CW article refers to the "licensing keys." My impression is that these
Wait a minute... (Score:3, Insightful)
Why don't you have him just sign something with that public key signature rather than divulging the private key to the world?
Perhaps a signed copy of the Gutenberg Press release of Aesop's fables???
The Eagle and the Arrow
An Eagle was soaring through the air when suddenly it heard
the whizz of an Arrow, and felt itself wounded to death. Slowly
it fluttered down to the earth, with its life-blood pouring out of
it. Looking down upon the Arrow with which it had been pierced,
it found that the shaft
Re:Wait a minute... (Score:4, Insightful)
Why don't you have him just sign something with that public key signature rather than divulging the private key to the world?
You're right, that's a better idea. He can sign something with the EK rather than publishing the private key. It accomplishes the same thing but maybe causes less disruption to the TPM world.
Once you have physical access to the machine... (Score:2)
ANY type of security will become crackable.
Re: (Score:2)
When I see "TPM hacked" only one thing comes to me (Score:3, Funny)
Re: (Score:3, Informative)
Others might not so I'll post this linky [wikipedia.org] and mention that it IS available on several torrent sites (and so is part 2).
Show them to your kids before they get to see the crap one that Lucas messed up.
Re: (Score:2)
http://en.wikipedia.org/wiki/Trusted_Platform_Module [wikipedia.org]
Re:tpm? (Score:5, Informative)
To encrypt something, you must have a 20-character password minimum to get 128-bit key strength. Nobody likes typing 20 characters, so TPM was invented. TPM stores your key on a separate chip. This chip only coughs up the key if you enter a short password to authenticate yourself to the chip.
The chip uses rate-limiting boot-delays to prevent brute-forcing of the password.
So they only way to get the key is to break the chip apart and look at the hardware somehow. The chips are usually encased in epoxy to make this hard to do. It's never been done before. Now it has... but it's still hard work.
TPM chips come on all business laptops these days, though few businesses make use of them. And they're still better than telling your users to memorize 20 char passwords (which they would just write down).
Re: (Score:2)
Taking the chip apart is hard. Paying off somebody with access to the design documents is easy.
Re: (Score:2)
What do you expect access to "design documents" will help with?
Re: (Score:2)
The hard part will always be taking the chip apart without destroying the data (or the ability to read the data).
Re: (Score:2)
Re: (Score:2)
The entropy of a 20-character passphrase is much less than the entropy of a 20-character random password, actually.
Re: (Score:3, Informative)
If you're going to use a passphrase then you'll need much more than 20 characters to get 128 bits of entropy:
Considering that the entropy of written English is less than 1.1 bits per character, pass phrases can be relatively weak. NIST has estimated that the 23 character pass phrase "IamtheCapitanofthePina4" contains a 45 bit-strength.... Using this guideline, to achieve the 80 bit-strength recommended for high security (non-military) by NIST, a passphrase would need to be 58 characters long, assuming a composition that includes uppercase and alphanumeric. (Wikipedia [wikipedia.org])
To get 128 bits of entropy would require about 20 words. I don't know about you, but to me it seems that 20 non-obvious words would be about as hard to remember as 20 random characters, while being much less convenient to type.
Re: (Score:2)
In essence, what he seems to have done is open the chip to extract the keys (or data that allowed computing the keys).
Re: (Score:2)
This is a hardware hack (see title).
In order to hack it, you need to do some stuff with your hands, you need the physical device. You can't hand this to a script kiddie and he'll be breaking into the NSA in no time.
I don't think its Infineon's responsibility for this "vulnerability" at all. You'd need to be someone within the same field as Christopher Tarnovsky, and someone with roughly as much knowledge. If you don't know who he is, look him up. He is pretty much at the top of his field.
This is like how yo
Re: (Score:3, Insightful)
And you'd think posters would try reading the article before sounding smarmy and dismissing the abilities of others. Funny that.
Given that the first step of the "attack" is physically dissolving the chip's outer packaging in an acid bath... I'm guessing this won't be showing up in script-kiddie toolchains any time soon.
Re: (Score:2)
Dang it!