Wave Systems’ Response to the Presentation at the Black Hat Conference Concerning TPMs

Earlier this week, an engineer presented findings at the Black Hat Conference purportedly showing how a Trusted Platform Module (TPM) could be physically compromised and the unencrypted code inside accessed. This work is interesting in concept, and actually validates the intended functionality and security model of the TPM. The TPM was designed as a low-cost cryptographic chip for mass market devices to provide protection against software attacks and many hardware attacks. The project presented at Black Hat validates that it would take a skilled researcher many months using expensive equipment to physically hack a single TPM. This would be exceedingly difficult to replicate in a real-world environment.

Turning on and using the TPM chip is one of the single most cost-effective steps for ensuring robust security in the PC. The TPM enables trusted online computing and prevents software-based attacks—the predominant security threat impacting the security industry. At the same time, the TPM also provides a tamper-resistant means to physical security of the PC itself, and has always been billed as such. The Trusted Computing Group has never claimed that a physical attack—given enough time, specialized equipment, know-how and money—was impossible. No form of security can ever be held to that standard. However, as a tamper-resistant, general purpose encryption device for mass manufacturing, TPMs do protect against software and most hardware attacks even when a physical PC is lost or stolen, particularly when a layered security approach is deployed as with industry best practices.

This attack, unlike a software attack, requires the physical possession of the PC. Few individuals in a real-world setting could replicate this hack. In contrast, stealing keys in the operating system should a PC not have a TPM in place, is as easy as downloading readily-available shareware capable of capturing the keys or certificates. The TPM, as designed, offers a robust defense against shareware, as well as more complex software-based attacks. In addition, breaking a single TPM in this manner grants access to one machine – a one-time hack that would need to be physically replicated for every machine, offering no further advantage in accessing the rest of the 300 million TPM chips on PCs around the world. These findings have little bearing on the level of security that customers who are utilizing their TPM chips should expect.

http://www.wave.com/news/press_archive/10/100209_Response.asp

the news a few years ago about a university team who discovered a flaw in the common Unix crypto system. The newspaper headlines read "Hacks discovered a weakness in systems security that may compromise your blah blah..".

Well, I've read the research paper and what they discovered was, after gaining a mandatory physical access to the computer board itself, that after running some extensive statistical analysis on the PRNG subsystem they could figure out that the actual 128 bit encryption is in actuality "just" a 110+ bit strong or so.
Big deal for pointy head researchers, but not to users. Instead of many millions of year to brute force the system, it may take only a few thousands of year - and only if you gain physical access to the circuits...

Like you need to use an electron microscope to do the hack... That you have to take layer upon layer of the actual chip off of the chip to gain access to where the hack can be done.

It is a little more complex than that, and quite a bit alienating too.

February 9th, 2010 by amanfrommars

“It’s sort of doing the impossible,” Moss said. “This is a lock on Pandora’s box. And now that he’s pried open the lock, it’s like, ooh, where does it lead you?”

Oh, that is surely very obvious ……. GOD Territory.

And you may like to consider that in Virtualised Field AIResearch of Advanced IntelAIgent Design using Super Sub Atomic Analytical Algorithm/Laser Light Speed Sound Processing is the new attack discovered by Christopher Tarnovsky very easily pulled off as a New Overall Command and Assured Remote Control Feature with QuITe Alien HyperRadioProActive Facilities and Novel Core Source Faculty …… CyberIntelAIgent Drive…….. because it requires only virtual access* to the World Wide Web and Networks InterNetworking with Global Operating Devices ……..which are all manner of computers and communications devices. …. “The new attack discovered by Christopher Tarnovsky is difficult to pull off, partly because it requires physical access to a computer.”

And Man is a Programmable Device, Immaculately Suited and Provisioned for Servering Mutually Beneficial Climactic Wishes with Perfect XSSXXXXual Desire. The Madness which is in Control of Man is that Intelligence is Stuck in the Delivery of War and Oppression rather than Freedom for Peace.

* It is a misdirect to believe that ONLY virtual access is required, for that can be easily provided by Technology and Industry with Hardware and Programming, for whenever inside the Sticky Sweet Shop, one has to know how to make ITs Confectionery, the Real Thing.

amanfromMars 1:13 AM

http://abcnews.go.com/Technology/wireStory?id=9780148

http://amanfrommars.baywords.com/2010/02/09/100209/

I doubt if anyone will ever be "ready for cyber war". Not in a measurably free society with a moderately useful network, anyway. It's just too complex.

Maybe they should consider trying some cyber diplomacy.

And there we were all assuming that the TPM was uncrackable.

Anyway, the US will never be ready for a "cyber war". Heck, I wouldnt even trust them to manage cyber sex.