Security researcher Christopher Tarnovsky has shown a labor-intensive way to crack Trusted Platform Module chips widely used in government and enterprise.
At the Black Hat DC Conference 2010 security researcher Christopher Tarnovsky of FlyLogic Engineering has demonstrated a way to defeat the Trusted Platform Module chips widely used to secure data in computers, identity cards, gaming systems like the Xbox 360, cable set-top boxes, and other electronics. TPM modules are widely used in enterprise, health care, government, and military applications to protect data through encryption, particularly on portable devices that might be easily lost or stolen. Although Tarnovsky’s process is labor intensive and requires both specialized equipment and a significant period of physic access to the device to be cracked, his step-by-step instructions do outline how to get data out of a TPM-protected system, including encryption keys and manufacturing information that could be used to create pre-cracked counterfeit chips.
Tarnovsky used a highly detailed (and time consuming) process of analyzing the Infineon SLE 66 CL PE chip using an electron microscope to identity the core of the chip and create a “bridge map” that enabled him to bypass the chip’s integrated tamper-prevention measures using tiny needles to tap the system’s data bus. This was after soaking the chips in acids and rust removers to remove the chip’s shells and delicate mesh wiring. The process took Tarnovsky about nine months, but once it was done he had access to not only any data on the computer, but to critical information that could be used to create counterfeit chips.
Tarnovsky has said he believes similar exploits are possible with chips other than the Infineon units he attacked, but has not tried them yet. He went through a large number of Infineon TPM chips and needles—and a lot of electron microscope time—but believes subsequent cracks would be faster now that a process has been established. Tarnovsky said he reported his results to both Infineon and the Trusted Platform Module standards organization, but hasn’t heard back from anyone.
TPM advocates have never claimed the chips are magically immune to a sophisticated, long-term hardware based attack, and Tarnovsky repeatedly admitted the Infineon chip he attacked was very difficult to crack thanks to all the traps engineers had set to prevent just that sort of tampering. Although Tarnovsky’s process isn’t widely practical in the real world, it does crack open the lid on data that was widely believed to be well-protected. And in an age where industrial espionage and cyberattacks are becoming commonplace, we’re sure someone somewhere is looking very carefully at TPM modules.
Showing 2 comments
RSSEarlier this week, an engineer presented findings at the Black Hat Conference purportedly showing how a Trusted Platform Module (TPM) could be physically compromised and the unencrypted code inside accessed. This work is interesting in concept, and actually validates the intended functionality and security model of the TPM. The TPM was designed as a low-cost cryptographic chip for mass market devices to provide protection against software attacks and many hardware attacks. The project presented at Black Hat validates that it would take a skilled researcher many months using expensive equipment to physically hack a single TPM. This would be exceedingly difficult to replicate in a real-world environment.
Turning on and using the TPM chip is one of the single most cost-effective steps for ensuring robust security in the PC. The TPM enables trusted online computing and prevents software-based attacks—the predominant security threat impacting the security industry. At the same time, the TPM also provides a tamper-resistant means to physical security of the PC itself, and has always been billed as such. The Trusted Computing Group has never claimed that a physical attack—given enough time, specialized equipment, know-how and money—was impossible. No form of security can ever be held to that standard. However, as a tamper-resistant, general purpose encryption device for mass manufacturing, TPMs do protect against software and most hardware attacks even when a physical PC is lost or stolen, particularly when a layered security approach is deployed as with industry best practices.
This attack, unlike a software attack, requires the physical possession of the PC. Few individuals in a real-world setting could replicate this hack. In contrast, stealing keys in the operating system should a PC not have a TPM in place, is as easy as downloading readily-available shareware capable of capturing the keys or certificates. The TPM, as designed, offers a robust defense against shareware, as well as more complex software-based attacks. In addition, breaking a single TPM in this manner grants access to one machine – a one-time hack that would need to be physically replicated for every machine, offering no further advantage in accessing the rest of the 300 million TPM chips on PCs around the world. These findings have little bearing on the level of security that customers who are utilizing their TPM chips should expect.
http://www.wave.com/news/press_archive/10/10020...