wiretapping the tpm
TRANSCRIPT
Johannes Winter
Institut for Applied Information Processing and Communications
1
ETISS 2009 TPM Lab – Wiretapping demo
Wiretapping the TPM
Johannes Winter <[email protected]>
Johannes Winter
Institut for Applied Information Processing and Communications
2
ETISS 2009 TPM Lab – Wiretapping demo
Outline
▪ Motivation
▪ Integration of the TPM in PC platforms
▪ Demo
Johannes Winter
Institut for Applied Information Processing and Communications
3
ETISS 2009 TPM Lab – Wiretapping demo
Motivation
▪ Examples of simple TPM hardware attacks▫ “TPM Reset Attack”
▪ Pecularity of PC platform reset (active low PCI reset line)
▫ “Analyzing TPM communication” (Kursawe, Schellekins, Prenel)
▪ Detailed analysis of TPM 1.1 communication
▪ Unencrypted communication between the TPM and the Southbridge/CPU
▪ Authors used professional Lab equipment (Logic Analyzer, …)
▪ We will try a variant of the attack by Kursawe et al.
Johannes Winter
Institut for Applied Information Processing and Communications
4
ETISS 2009 TPM Lab – Wiretapping demo
What can an adversary learn by wiretapping?
▪ Our test platform has a version 1.1 TPM▫ Normally, communication to and from the TPM is unencrypted …
▫ … e.g. decrypted plaintext of sealed blob (TPM_Unseal)
▪ Current version 1.2 TPMs provide countermeasures▫ e.g. Transport sessions, enhanced TPM_Unseal command
▫ Chicken-Egg Problem: Where to store the secret needed to protect the secret?
Johannes Winter
Institut for Applied Information Processing and Communications
5
ETISS 2009 TPM Lab – Wiretapping demo
Integration of the TPM in the PC platform
▪ External TPM▫ Interface to the CPU via the
Low-Pin-Count (LPC) bus on the PC's southbridge (ICH).
▫ The TPM shares the LPC bus with other peripherals (Flash BIOS, Super I/O)
▫ Recent Intel southbridges come with an integrated TPM
[Image taken from “Intel 965 Express Chipset Family Datasheet”]
Johannes Winter
Institut for Applied Information Processing and Communications
6
ETISS 2009 TPM Lab – Wiretapping demo
Integration of the TPM in the PC platform
Johannes Winter
Institut for Applied Information Processing and Communications
7
ETISS 2009 TPM Lab – Wiretapping demo
LPC bus fundamentals
Johannes Winter
Institut for Applied Information Processing and Communications
8
ETISS 2009 TPM Lab – Wiretapping demo
LPC bus fundamentals
▪ Bi-directional low-bandwidth Low-Pin-Count Bus▫ Originally invented as replacement for ISA
▪ Minimum Configuration▫ Clock Line (LCLK)
▫ Frame Marker (LFRAME#)
▫ Four bi-directional data lines (LAD[0], LAD[1], LAD[2], LAD[3])
▪ Optional support for interrupts, DMA and bus-mastering▫ Interrupts require one additional SERIRQ# line
▪ The TPM is a passive component by design▫ No DMA or busmaster capabilites
Johannes Winter
Institut for Applied Information Processing and Communications
9
ETISS 2009 TPM Lab – Wiretapping demo
A Low-Cost LPC bus sniffer
Spartan 3E FPGA (S3E100)
SPI Interface
Input FIFO5bit x 16
Output FIFO16bit x 4096
LPC ProtocolAnalyzer
CaptureFilter
Packetserialization
FX2 SlaveFIFO interface
CypressFX2 CPU
(8051) Slave FIFO
GPIOPins
LPC CaptureFrontend
USB2.0Host PC
Target PC
LPC probes
Johannes Winter
Institut for Applied Information Processing and Communications
10
ETISS 2009 TPM Lab – Wiretapping demo
Ad arma!
Johannes Winter
Institut for Applied Information Processing and Communications
11
ETISS 2009 TPM Lab – Wiretapping demo
Thank you for your attention!