Dailydave mailing list archives
Re: CSI 2008 Redux
From: Matthijs Koot <matthijs () koot biz>
Date: Wed, 26 Nov 2008 13:52:24 +0100
Hi RB, RB wrote:
Leaving the trust issue alone, I find it entirely regrettable that so many seem to have blindly swallowed the "Right to Read" hype and simply assume TPM chips are evil insilicate. I detest DRM & Big Brother as much as your garden-variety Libertarian, but while trying to solve the very difficult physical presence security problem a couple of years ago, I decided to try to examine them for what they are. Needless to say, I was surprised: although TPM chips certainly could provide the building blocks to do what we all fear, they're generally quite benign, more analogous to an integrated smartcard than an evil overlord's rootkit.
You mention that you were looking at TPM "while trying to solve the (...) physical presence security problem". Although you didn't claim that TPMs provide any solution there, I'd like to emphasize (for other readers) that according to the TCG-specs, TPM is not designed to protect itself against non-"simple" hardware attacks: "The commands that the trusted process sends to the TPM are the normal TPM commands with a modifier that indicates that the trusted process initiated the command. The TPM accepts the command as coming from the trusted process merely due to the fact that the modifier is set. The TPM itself is not responsible how the signal is asserted; only that it honors the assertions. The TPM cannot verify the validity of the modifier. (...) The assumption is that to spoof the modifier to the TPM requires more than just a simple hardware attack but would require expertise and possibly special hardware." (source: page 86 of the "Design Principles", TCG TPM Specification Version 1.2 Revision 103) So 1) being able to manipulate the (locality) modifier is bad, and 2) TPM only provides modest protection against attacker's with physical access. The TCG-people confirm this: TPM is intended to protect against software-based threats (which it may not do very effectively, as Joanna's post suggested, as long as integrity checks can only be done at boot/load-time).
association. It is _just_ a [presumed] secure cryptography facility that supports a wide variety of functionality.
Although you didn't claim the opposite, it may be useful to mention that the TPM does not directly expose an interface to its encryption capabilities: TPM does not (yet?) give us general-purpose hardware-accelerated encryption. I'm not sure about hashing and signing. Btw, it is interesting to see TPM being discussed so gentle and reasonable on this list. Perhaps everyone's anticipating TPM to become a new fun target for pentesting :) The book "A Practical Guide to Trusted Computing" (David Challener et al., 2008) makes a nice read. Regards, Matthijs _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- CSI 2008 Redux Dave Aitel (Nov 22)
- Re: CSI 2008 Redux RB (Nov 23)
- Re: CSI 2008 Redux Matthijs Koot (Nov 26)
- Re: CSI 2008 Redux RB (Nov 27)
- Re: CSI 2008 Redux Bruce Ediger (Nov 27)
- Re: CSI 2008 Redux RB (Nov 28)
- Re: CSI 2008 Redux Matthijs Koot (Nov 26)
- Re: CSI 2008 Redux RB (Nov 23)
- Re: CSI 2008 Redux Joanna Rutkowska (Nov 23)
- Re: CSI 2008 Redux Alexander Sotirov (Nov 24)