TPM basics

1. TRUSTED PLATFORM
MODULE
Basics
Rishi Kumar Shrivastava

2. TOPICS TO COVER
• TPM Genesis.
• Life Made Easy : Starring TPM
• TPM 2.0 – The Evolution
• Family of TPM 2.0
• TPM – The inside story : Architecture.
• Attacks history.
• Case Study
• How to enable TPM

3. TPM : The Genesis

4. LIFE MADE EASY : STARRING TPM
• DoD – Asked for all TPM based devices.
• Platform integrity - "integrity" means "behave as intended“ – e.g. -
PrivateCore vCage memory encryption
• Disk encryption - encrypt the computer's storage devices – e.g. Bit-Locker
• Password protection – Disables dictionary attacks at hardware and OS –
BIOS lock mechanism.
• Digital rights management
• Protection and enforcement of software licenses
• Prevention of cheating in online games
• How to enable TPM

5. TPM 2.0 – THE EVOLUTION
TPM 1.2
• SHA-1, RSA mandatory, AES – Optional.
• One hierarchy (storage)
• General crypto primitives are required.
• Authorization : HMAC, PCR, locality,
physical presence.
TPM 2.0
• SHA-1,SHA-256,ECC,RSA, HMAC, AES-
128.
• Three hierarchy(Platform, Storage,
Endorsement)
• All general Crypto primitives with ECC
based DAA is used. Also, Logging to
library needs key generation and key
derivation function.
• Auth : Password, HMAC and policy

6. FAMILY OF TPM 2.0
• Starting TPM 2.0
• Discrete TPMs – Dedicated Chip, Tamper resistant semiconductor
package, Most secure.
• Integrated TPMs – Part of another chip, avoids software bugs. Intel
• Firmware TPMs – Software only, uses CPU trusted execution
environment. Quite vulnerable. Qualcomm, AMD.
• Software TPMs – Software emulators, dependent on the OS
execution, Provide similar security like normal execution
environment. Similar attack vectors can be used like with OS.
• Virtual TPMs – Provided by hypervisor, hypervisors provide isolated
execution environment, For VMs they are as good as discrete TPMs.

7. TPM – THE INSIDE STORY : ARCHITECTURE.
keys, owner
authorization data
integrity measures signing keys
when in use
external
interaction
TPM control
symmetric keys,
nonces
encryption keys
hashes encrypt/decrypt
initialization

8. WHO SAYS TPM IS NOT VULNERABLE ?

9. WEAKNESS AND ATTACKS HISTORY
Weakness
• Linear Trust system.
• SMA
• OS level weakness (Software
TPMs, Firmware TPMs)
• Linear PCR trust
• Blind trust on signing
authority – Burn out attack
• Dictionary based attacks.
• Blob replay
Attacks history
“In 2010, Christopher Tarnovsky presented an
attack against TPMs at Black Hat, where he
claimed to be able to extract TPM secrets. He
was able to do this after 6 months of work by
inserting a probe and spying on an internal
bus for the Infineon SLE 66 CL PC”
“In 2015, as part of the Snowden revelations,
it was revealed that in 2010 a US CIA team
claimed at an internal conference to have
carried out a differential power analysis attack
against TPMs that was able to extract
secrets.”

10. CASE STUDY: TPM RESET ATTACK
Background of the attack :
-> TPM is a crypto based device.
-> Enables Trusted computing -> includes secure boot, Secure storage etc, Identity
management, etc.
-> PCRs are extensively used.
The Attack :
Tools Used :
1) Logic Analyzer
2) OpenXT
PCRs under threat :
• PCR0 – CRTM, BIOS code, and Host Platform Extensions
• PCR1 – Host Platform Configuration
• PCR2 – Option ROM Code
• PCR3 – Option ROM Configuration and Data
• PCR17 – DRTM and launch control policy
• PCR18 – Trusted OS start-up code (MLE)
• PCR19 – Trusted OS (for example OS configuration)

11. GENESIS AND EVOLVEMENT OF TPM
: BEHIND THE SCENES.
• TCG
• Intel
• IBM
• Apple
• HPE
• DELL
• Nuvoton
• Google
• Oracle
• Infenion
• Microsoft

12. Q&A

13. THANK YOU