TPMScan: A wide-scale study of security-relevant properties of
TPM 2.0 chips

D 2024

TPMScan: A wide-scale study of security-relevant properties of TPM 2.0 chips

ŠVENDA, Petr, Antonín DUFKA, Milan BROŽ, Roman LACKO, Tomáš JAROŠ et. al.

Základní údaje

Originální název

TPMScan: A wide-scale study of security-relevant properties of TPM 2.0 chips

Autoři

ŠVENDA, Petr (203 Česká republika, garant, domácí), Antonín DUFKA (203 Česká republika, domácí), Milan BROŽ (203 Česká republika, domácí), Roman LACKO (703 Slovensko, domácí), Tomáš JAROŠ (703 Slovensko, domácí), Daniel ZAŤOVIČ (703 Slovensko) a Josef POSPISIL (203 Česká republika)

Vydání

Bochum, IACR Transactions on Cryptographic Hardware and Embedded Systems, od s. 714-734, 21 s. 2024

Nakladatel

Ruhr-University of Bochum

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

10200 1.2 Computer and information sciences

Stát vydavatele

Německo

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

elektronická verze "online"

Odkazy

URL

Organizační jednotka

Fakulta informatiky

ISSN

DOI

http://dx.doi.org/10.46586/tches.v2024.i2.714-734

Klíčová slova anglicky

TPM; common criteria; fips140; RSA; ECDSA;

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 22. 10. 2024 12:42, doc. RNDr. Petr Švenda, Ph.D.

Anotace

V originále

The Trusted Platform Module (TPM) is a widely deployed computer component that provides increased protection of key material during cryptographic operations, secure storage, and support for a secure boot with a remotely attestable state of the target machine. A systematic study of the TPM ecosystem, its cryptographic properties, and the orderliness of vulnerability mitigation is missing despite its pervasive deployment -- likely due to the black-box nature of the implementations. We collected metadata, RSA and ECC cryptographic keys, and performance characteristics from \numfws{} different TPM versions manufactured by \numvendors{} vendors, including recent Pluton-based iTPMs, to systematically analyze TPM implementations. Surprisingly, a high rate of changes with a detectable impact on generated secrets, the timing of cryptographic operations, and frequent off-chip generation of Endorsement Keys were observed. Our analysis of public artifacts for TPM-related products certified under Common Criteria (CC) and FIPS 140 showed relatively high popularity of TPMs but without explanation for these changes in cryptographic implementations. Despite TPMs being commonly certified to CC EAL4+, serious vulnerabilities like ROCA or TPM-Fail were discovered in the past. We found a range of additional unreported nonce leakages in ECDSA, ECSCHNORR, and ECDAA algorithms in dTPMs and fTPMs of three vendors. The most serious discovered leakage allows extraction of the private key of certain Intel's fTPM versions using only nine signatures with no need for any side-channel information, making the vulnerability retrospectively exploitable despite a subsequent firmware update. Unreported timing leakages were discovered in the implementations of ECC algorithms on multiple Nuvoton TPMs, and other previously reported leakages were confirmed. The analysis also unveiled incompleteness of vulnerability reporting and subsequent mitigation with missing clear information about the affected versions and inconsistent fixes.

Návaznosti

MUNI/A/1586/2023, interní kód MU

Název: Aplikovaný výzkum na FI: Forenzní aspekty kritických infrastruktur, aplikovaná kryptografie, kyberbezpečnostní cvičení, algoritmy plánování v logistice a pro zpracování dat z fyzikálních sensorů

Investor: Masarykova univerzita, Aplikovaný výzkum na FI: Forenzní aspekty kritických infrastruktur, aplikovaná kryptografie, kyberbezpečnostní cvičení, algoritmy plánování v logistice a pro zpracování dat z fyzikálních sensorů

MUNI/A/1608/2023, interní kód MU

Název: Zapojení studentů Fakulty informatiky do mezinárodní vědecké komunity 24

Investor: Masarykova univerzita, Zapojení studentů Fakulty informatiky do mezinárodní vědecké komunity 24

VJ02010010, projekt VaV

Název: Nástroje pro verifikaci bezpečnosti kryptografických zařízení s využitím AI (Akronym: AI-SecTools)

Investor: Ministerstvo vnitra ČR, Tools for AI-enhanced Security Verification of Cryptographic Devices

Citovat

ŠVENDA, Petr, Antonín DUFKA, Milan BROŽ, Roman LACKO, Tomáš JAROŠ, Daniel ZAŤOVIČ a Josef POSPISIL. TPMScan: A wide-scale study of security-relevant properties of TPM 2.0 chips. Online. In IACR Transactions on Cryptographic Hardware and Embedded Systems. Bochum: Ruhr-University of Bochum, 2024, s. 714-734. ISSN 2569-2925. Dostupné z: https://dx.doi.org/10.46586/tches.v2024.i2.714-734.

@inproceedings{2373701,
   author = {Švenda, Petr and Dufka, Antonín and Brož, Milan and Lacko, Roman and Jaroš, Tomáš and Zaťovič, Daniel and Pospisil, Josef},
   address = {Bochum},
   booktitle = {IACR Transactions on Cryptographic Hardware and Embedded Systems},
   doi = {http://dx.doi.org/10.46586/tches.v2024.i2.714-734},
   keywords = {TPM; common criteria; fips140; RSA; ECDSA;},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {Bochum},
   pages = {714-734},
   publisher = {Ruhr-University of Bochum},
   title = {TPMScan: A wide-scale study of security-relevant properties of TPM 2.0 chips},
   url = {https://tches.iacr.org/index.php/TCHES/article/view/11444},
   year = {2024}
}

TY  - JOUR
ID  - 2373701
AU  - Švenda, Petr - Dufka, Antonín - Brož, Milan - Lacko, Roman - Jaroš, Tomáš - Zaťovič, Daniel - Pospisil, Josef
PY  - 2024
TI  - TPMScan: A wide-scale study of security-relevant properties of TPM 2.0 chips
PB  - Ruhr-University of Bochum
CY  - Bochum
KW  - TPM
KW  - common criteria
KW  - fips140
KW  - RSA
KW  - ECDSA;
UR  - https://tches.iacr.org/index.php/TCHES/article/view/11444
N2  - The Trusted Platform Module (TPM) is a widely deployed computer component that provides increased protection of key material during cryptographic operations, secure storage, and support for a secure boot with a remotely attestable state of the target machine. A systematic study of the TPM ecosystem, its cryptographic properties, and the orderliness of vulnerability mitigation is missing despite its pervasive deployment -- likely due to the black-box nature of the implementations. We collected metadata, RSA and ECC cryptographic keys, and performance characteristics from \numfws{} different TPM versions manufactured by \numvendors{} vendors, including recent Pluton-based iTPMs, to systematically analyze TPM implementations. Surprisingly, a high rate of changes with a detectable impact on generated secrets, the timing of cryptographic operations, and frequent off-chip generation of Endorsement Keys were observed. Our analysis of public artifacts for TPM-related products certified under Common Criteria (CC) and FIPS 140 showed relatively high popularity of TPMs but without explanation for these changes in cryptographic implementations. Despite TPMs being commonly certified to CC EAL4+, serious vulnerabilities like ROCA or TPM-Fail were discovered in the past. We found a range of additional unreported nonce leakages in ECDSA, ECSCHNORR, and ECDAA algorithms in dTPMs and fTPMs of three vendors. The most serious discovered leakage allows extraction of the private key of certain Intel's fTPM versions using only nine signatures with no need for any side-channel information, making the vulnerability retrospectively exploitable despite a subsequent firmware update. Unreported timing leakages were discovered in the implementations of ECC algorithms on multiple Nuvoton TPMs, and other previously reported leakages were confirmed. The analysis also unveiled incompleteness of vulnerability reporting and subsequent mitigation with missing clear information about the affected versions and inconsistent fixes.
ER  -

ŠVENDA, Petr, Antonín DUFKA, Milan BROŽ, Roman LACKO, Tomáš JAROŠ, Daniel ZAŤOVIČ a Josef POSPISIL. TPMScan: A wide-scale study of security-relevant properties of TPM 2.0 chips. Online. In \textit{IACR Transactions on Cryptographic Hardware and Embedded Systems}. Bochum: Ruhr-University of Bochum, 2024, s.~714-734. ISSN~2569-2925. Dostupné z: https://dx.doi.org/10.46586/tches.v2024.i2.714-734.

Podrobný výpis o publikaci