Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.

TPM-FAIL Security Flaws Impact Modern Devices With Intel CPUs

posted by janrinok on Saturday November 16 2019, @04:56AM   Printer-friendly
from the time-to-start-again dept.

upstart writes:

Submitted via IRC for soylent_fuschia

TPM-FAIL Security Flaws Impact Modern Devices With Intel CPUs

Researchers discovered two new vulnerabilities known as TPM-FAIL in Intel firmware-based TPM (fTPM) and STMicroelectronics' TPM chips that could be used by hackers to steal their targets' cryptographic keys.

TPM (short for Trusted Platform Module) is a chip used as a root of trust for a device's OS that can store highly sensitive data such as security keys, protecting them from malicious tools such as implanted rootkits or malware dropped by a threat actor.

TPMs can also be firmware-based solutions (fTPM) that run on separate 32-bit microcontrollers inside a CPU, as is the case of Intel processors starting with the Haswell generation (2013).

The two vulnerabilities allow hackers to circumvent this security shield and steal the data stored within a TPM. Once they have their hands on your signing keys, the attackers can forge digital signatures that can be used to tamper with the operating systems or to bypass authentication on the compromised machine.

The TPM-FAIL side-channel attacks demonstrated by the researchers take advantage of a "leakage of the length of the nonce, which can easily be exploited using a lattice attack."

Timing leakage issues affect both Intel's firmware-based TPM (fTPM) and STMicroelectronics' TPM chip, with both platforms exhibiting flawed cryptographic signature generation with secret-dependent execution times.

While the sensitive information should never leave the TPM, the hackers are able to recover 256-bit private keys for ECDSA and ECSchnorr signatures from elliptic curves-based digital signature schemes as the research team from the Worcester Polytechnic Institute, the University of Lübeck, and the University of California, San Diego further discovered.

[...] More information on these vulnerabilities is available in the TPM-FAIL: TPM meets Timing and Lattice Attacks technical paper.

The team behind TPM-FAIL will also present the research at the Real World Crypto 2020, New York (January 8-10, 2020) and the 29th USENIX Security Symposium, Boston (August 12-14, 2020).

Original Submission

 
This discussion has been archived. No new comments can be posted.
TPM-FAIL Security Flaws Impact Modern Devices With Intel CPUs | Log In/Create an Account | Top | 4 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Saturday November 16 2019, @06:50PM

    by Anonymous Coward on Saturday November 16 2019, @06:50PM (#921036)

    manipulate TPM response packets in order to trigger parsing bugs in the host-side TPM drivers

    but TPM-FAIL is not TPM control like with the Genie hardware interposer, and so it won't lead directly to kernel compromise via kernelside bugs in TPM processing. FAIL leaks keys.

    If FAIL gave execute-area write, and not just read...but it doesn't