TPMkit: Breaking the Legend of Trusted Computing(TC [TPM]) and Vista (BitLocker) - Nitin Kumar & Vipin Kumar

[Vipin Kumar <listuser () nvlabs in>]

Dear all,
        We are working on TPMkit:Breaking the Legend of Trusted
Computing(TC [TPM]).We are almost in the final stages of breaking TPM.We
have success on Window's Vista Bit Locker, though the method is OS
independent.


we are planning for demonstrations at the Blackhat USA and HITB cons (if
they accept us).

Abstract and general info about presentation
---------------------------------------------------------------------------
 TPMkit: Breaking the Legend of Trusted Computing(TC [TPM]) and Vista
(BitLocker)
*********************************************************************************

"Trusted computing" means that the computer will consistently behave in
specific ways, and those behaviors will be enforced by hardware and
software. Trusted Computing is often seen as a possible enabler for
future versions of document protection (mandatory access control) and
copy protection (Digital Rights Management) - which are of value to
corporate and other users in many markets and which to critics, raises
concerns about undue censorship.It's also being used by software
vendors. (Source  http://en.wikipedia.org/wiki/Trusted_Computing)

           Trusted Computing includes the use of trusted Platform
Module(security processor(hardware chip)) which can be used to enforce
protections ( such as BitLocker in Microsoft's Windows Vista).TCG has
proposed a specification for Remote Attestation that allows a host to
remotely prove its hardware and software while protecting its
privacy.Trusted reporting is the key component for attestation of a
host’s configuration and is accomplished by exposing trusted
measurements.Remote Attestation is also used to Trusted Network
Connect.The TNC architecture enables network operators to enforce
policies regarding endpoint integrity at or after network connection.

           TCPA/TPM DRM is a technical term for a Trustworthy Computing
solution that limits what fair use consumers can use with the media they
own.More info on http://www.chillingeffects.org/weather.cgi?WeatherID=534

           Nearly 150 Million TPM devices have already been shipped and
this number is increasing day-by-day. ( Source:
https://www.trustedcomputinggroup.org/news/Industry_Data/Implementing_Trusted_Computing_RK.pdf)


           The TPM becomes the first step in the boot sequence, serving
as a secure foundation for the BIOS, the boot loader, the kernel, and
the rest of ,the operating system. Since the TPM performs this check
every time the PC boots,it provides a regular check for rootkit
infections. This means it will be easily apparent when a PC has been
tampered with. (Source:
https://www.trustedcomputinggroup.org/news/Industry_Data/Whitepaper_Rootkit_Strom_v3.pdf)

           The attack procedure (TPMkit) involves an attack on the TPM.
TPMkit lets you overcome technologies such as Vista's BitLocker.TPMkit
also bypasses remote attestation and thus, will allow to connect over
Trusted Network Connect(TNC)(although the system might not be in Trusted
state.).
           TPMkit bypasses the security checks mentioned (in the above
paragraphs) and thus, you will never know that you are using a
compromised or changed system.

           The demonstration will include a few live demonstrations.For
example, one demonstration will show how to login and access data on a
Windows Vista System( which has TPM + BitLocker enabled).


---------------------------------------------------------------------------



bye,
nitin , vipin
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave