Trusted Platform Module

Components of a Trusted Platform Module complying with the TPM version 1.2 standard

Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, which is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices. TPM's technical specification was written by a computer industry consortium called Trusted Computing Group (TCG). International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) standardized the specification as ISO/IEC 11889 in 2009.[1]

TCG continues to revise the TPM specification. It published revision 116 of the version 1.2 of TPM specification on March 3, 2011,[2] while the draft revision 1.07 of the version 2.0 of TPM specification was published for public review on March 13, 2014 as a library specification that provides updates to the previously published main TPM specifications. Trusted Platform Module Library Specification Revision 01.16 was released in October 2014 as the latest TPM 2.0 release.[3]

Overview

Trusted Platform Module offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a random number generator.[4][5] It also includes capabilities such as remote attestation and sealed storage, as follows:

Software can use a Trusted Platform Module to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in as it is produced, it is capable of performing platform authentication.

Generally, pushing the security down to the hardware level in conjunction with software provides more protection than a software-only solution.[8] However even where a TPM is used, a key would still be vulnerable while a software application that has obtained it from TPM is using it to perform encryption/decryption operations, as has been illustrated in the case of a cold boot attack. This problem is eliminated if key(s) used in TPM are not accessible on a bus or to external programs and all encryption/decryption is done in TPM.

Uses

The United States Department of Defense (DoD) specifies that "new computer assets (e.g., server, desktop, laptop, thin client, tablet, smartphone, personal digital assistant, mobile phone) procured to support DoD will include a TPM version 1.2 or higher where required by DISA STIGs and where such technology is available." The TPM is anticipated to be used for device identification, authentication, encryption, measurement, and device integrity.[9]

An example of use is Intel's Trusted Execution Technology (TXT). Intel's TXT is used to create a "chain of trust", and to remotely attest that a computer has a specified hardware setup and is using specified software.[10]

Platform integrity

The primary scope of a TPM (in combination with other TCG implementations) is to assure the integrity of a platform. In this context "integrity" means "behave as intended", and a "platform" is generically any computer platform – not limited to PCs or a particular operating system: start the power-on boot process from a trusted condition and extend this trust until the operating system has fully booted and applications are running.

Together with UEFI, TPM forms a "root of trust": TPM contains several PCRs (Platform Configuration Registers) that allow a secure storage and reporting of security relevant metrics. These metrics can be used to detect changes to previous configurations and derive decisions how to proceed. Good examples can be found in Linux Unified Key Setup (LUKS),[11] and in Microsoft's BitLocker Drive Encryption and PrivateCore vCage memory encryption (see below).

Therefore, the BIOS and the operating system have the primary responsibility to utilize TPM in order to assure platform integrity. Only then can applications and users running on that platform rely on its security characteristics, such as secure I/O "what you see is what you get", uncompromised keyboard entries, memory and storage operations.

Disk encryption

Full disk encryption applications, such as SecureDoc, dm-crypt in modern Linux kernels, and BitLocker Drive Encryption in some versions of Microsoft Windows, can use this technology to protect the keys used to encrypt the computer's hard disks and provide integrity authentication for a trusted boot pathway (for example BIOS, boot sector, etc.) A number of third-party full-disk encryption products also support TPM.

Password protection

Access to keys, data or systems is often protected and requires authentication by presenting a password. If the authentication mechanism is implemented in software only, the access typically is prone to "dictionary attacks". Since TPM is implemented in a dedicated hardware module, a dictionary attack prevention mechanism was built in, which effectively protects against guessing or automated dictionary attacks, while still allowing the user a sufficient and reasonable number of tries. With this hardware based dictionary attack prevention, the user can opt for shorter or weaker passwords which are more memorable. Without this level of protection, only passwords with high complexity would provide sufficient protection.

Other uses and concerns

Almost any encryption-enabled application can, in theory, make use of a TPM, including:

Other uses exist, some of which give rise to privacy concerns. The "physical presence" feature of TPM addresses some of these concerns by requiring BIOS-level confirmation for operations such as activating, deactivating, clearing or changing ownership of TPM by someone who is physically present at the console of the machine.[13][14]

TPM implementations

Trusted Platform Module installed on a motherboard

Starting in 2006, many new laptop computers have been sold with a built-in Trusted Platform Module chip. In the future, this concept could be co-located on an existing motherboard chip in computers, or any other device where the TPM facilities could be employed, such as a cell phone. On a PC, either the LPC bus or the SPI bus is used to connect to the TPM.

Many manufacturers make TPMs. The Trusted Computing Group has certified TPMs manufactured by Infineon Technologies, Nuvoton, and STMicroelectronics.[15] The Trusted Computing Group has assigned TPM vendor IDs to Advanced Micro Devices, Atmel, Broadcom, IBM, Infineon, Intel, Lenovo, National Semiconductor, Nationz Technologies, Nuvoton, Qualcomm, Rockchip, Standard Microsystems Corporation, STMicroelectronics, Samsung, Sinosun, Texas Instruments, and Winbond.[16]

There are five different types of TPM 2.0 implementations: discrete TPMs (dTPM), integrated TPMs, firmware TPMs (fTPM), software TPMs, and virtual TPMs.[17][18] Discrete TPMs are chips that implement TPM functionality and nothing else, and are in their own semiconductor package.[17] These implement their functions in hardware to resist software bugs and implement tamper resistance.[18] They are therefore the most secure type of TPM.[18] Integrated TPMs are part of another chip that implements other functionalities.[17] While they use hardware that resists software bugs, they are not required to implement tamper resistance.[18] Intel has integrated TPMs in some of its chipsets.[17] Firmware TPMs are software-only solutions that run in a CPU's trusted execution environment.[18] Firmware TPMs are dependent on the trusted execution environments that they run within for security beyond what the normal execution environment provides.[18] Since these TPMs are entirely software solutions, these TPMs are vulnerable to software bugs within themselves.[18] AMD and Qualcomm have implemented firmware TPMs.[17] Software TPMs are software emulators of TPMs that run with no more protection than a regular program gets within an operating system.[18] They depend entirely on the environment that they run in, so they provide no more security than what can be provided by the normal execution environment, and they are vulnerable to their own software bugs.[18] They are useful for development purposes.[18] Virtual TPMs are provided by a hypervisor.[18] These are therefore reliant on the hypervisor for security beyond the execution environment provided to the software running inside the virtual machine and therefore provides a security level similar to a firmware TPM.[18]

TPM 1.2 vs TPM 2.0

While TPM 2.0 addresses many of the same use cases and has similar features, the details are different. TPM 2.0 is not backward compatible to TPM 1.2.[19]

TPM 1.2 TPM 2.0
Specification architecture The one-size-fits-all specification consists of three parts.[20] A complete specification consists of a platform-specific specification which references a common four-part TPM 2.0 library.[21][22] Platform-specific specifications define what parts of the library are mandatory, optional, or banned for that platform; and detail other requirements for that platform.[21] Platform-specific specifications include PC Client,[23] mobile,[24] and Automotive-Thin.[25]
Algorithms SHA-1 and RSA are required.[26] AES is optional.[26] Triple DES was once an optional algorithm in earlier versions of TPM 1.2,[27] but has been banned in TPM 1.2 version 94.[28] The MGF1 hash-based mask generation function that is defined in PKCS#1 is required.[26] The PC Client Platform TPM Profile (PTP) Specification requires SHA-1 and SHA-256 for hashes; RSA, ECC using the Barreto-Naehrig 256-bit curve, and ECC using the NIST P-256 curve for public-key cryptography and asymmetric digital signature generation and verification; HMAC for symmetric digital signature generation and verification; 128-bit AES for symmetric-key algorithm; and the MGF1 hash-based mask generation function that is defined in PKCS#1 are required by the TCG PC Client Platform TPM Profile (PTP) Specification.[29] Many other algorithms are also defined but are optional.[30]
Crypto Primitives A random number generator, a public-key cryptographic algorithm, a cryptographic hash function, a mask generation function, digital signature generation and verification, and Direct Anonymous Attestation are required.[26] Symmetric-key algorithms and exclusive or are optional.[26] Key generation is also required.[31] A random number generator, public-key cryptographic algorithms, cryptographic hash functions, symmetric-key algorithms, digital signature generation and verification, mask generation functions, exclusive or, and ECC-based Direct Anonymous Attestation using the Barreto-Naehrig 256-bit curve are required by the TCG PC Client Platform TPM Profile (PTP) Specification.[29] The TPM 2.0 common library specification also requires key generation and key derivation functions.[32]
Hierarchy One (storage) Three (platform, storage and endorsement)
Root Keys One (SRK RSA-2048) Multiple keys and algorithms per hierarchy
Authorization HMAC, PCR, locality, physical presence Password, HMAC, and policy (which covers HMAC, PCR, locality, and physical presence).
NV RAM Unstructured data Unstructured data, Counter, Bitmap, Extend

The TPM 2.0 policy authorization includes the 1.2 HMAC, locality, physical presence, and PCR. It adds authorization based on an asymmetric digital signature, indirection to another authorization secret, counters and time limits, NVRAM values, a particular command or command parameters, and physical presence. It permits the ANDing and ORing of these authorization primitives to construct complex authorization policies.[33]

Criticism

TCG has faced resistance to the deployment of this technology in some areas, where some authors see possible uses not specifically related to Trusted Computing, which may raise privacy concerns. The concerns include the abuse of remote validation of software (where the manufacturerand not the user who owns the computer systemdecides what software is allowed to run) and possible ways to follow actions taken by the user being recorded in a database, in a manner that is completely undetectable to the user.[34]

Another limitation raised by TrueCrypt developers is that a TPM cannot be relied upon for security, because if the attacker has physical or administrative access to a computer and you use it afterwards, the computer could have been modified by the attacker: e.g., a malicious component—such as a hardware keystroke logger—could have been used to capture the password or other sensitive information. Since the TPM does not prevent an attacker from maliciously modifying a computer, VeraCrypt (a successor to TrueCrypt) will not support TPM.[35]

The private endorsement key is fundamental to the security of the TPM circuit, and is never made available to the end-user. this private key must be known to the hardware chip manufacturer at manufacture time, otherwise they would not be able to burn the key into the circuit. There are no guarantees that this private key is not kept by the manufacturer or shared with government agencies. Anyone with access to the private endorsement key would be able to forge the chips identity and break some of the security that the chip provides. Thus, the security of the TPM relies entirely on the manufacturer and the authorities in the country where the hardware is produced.

Attacks

In 2010, Christopher Tarnovsky presented an attack against TPMs at Black Hat, where he claimed to be able to extract TPM secrets. He was able to do this after 6 months of work by inserting a probe and spying on an internal bus for the Infineon SLE 66 CL PC[36][37].

In 2015, as part of the Snowden revelations, it was revealed that in 2010 a US CIA team claimed at an internal conference to have carried out a differential power analysis attack against TPMs that was able to extract secrets[38][39].


Cryptosystems that store encryption keys directly in the TPM without blinding could be at particular risk to these types of attacks, as passwords and other factors would be meaningless if the attacks can extract encryption secrets[40].

Availability

Currently TPM is used by nearly all PC and notebook manufacturers, primarily offered on professional product lines.

TPM is implemented by several vendors:

There are also hybrid types; for example, TPM can be integrated into an Ethernet controller, thus eliminating the need for a separate motherboard component.[59][60]

See also

References

  1. "ISO/IEC 11889-1:2009". ISO.org. International Organization for Standardization. Retrieved 29 November 2013.
  2. "Trusted Platform Module (TPM) Specifications". Trusted Computing Group.
  3. "Trusted Platform Module Library". Trusted Computing Group.
  4. Alin Suciu, Tudor Carean. "Benchmarking the True Random Number Generator of TPM Chips". arXiv:1008.2223Freely accessible.
  5. TPM Main Specification Level 2 (PDF), Part 1 – Design Principles (Version 1.2, Revision 116 ed.), retrieved 2012-06-14, Our definition of the RNG allows implementation of a Pseudo Random Number Generator (PRNG) algorithm. However, on devices where a hardware source of entropy is available, a PRNG need not be implemented. This specification refers to both RNG and PRNG implementations as the RNG mechanism. There is no need to distinguish between the two at the TCG specification level.
  6. "tspi_data_bind(3) – Encrypts data blob" (Posix manual page). Trusted Computing Group. Retrieved 2009-10-27.
  7. TPM Main Specification Level 2 (PDF), Part 3 – Commands (Version 1.2, Revision 116 ed.), Trusted Computing Group, retrieved 2011-06-22
  8. "TPM – Trusted Platform Module". IBM. Archived from the original on 3 August 2016.
  9. Instruction 8500.01 (PDF). US Department of Defense. March 14, 2014. p. 43.
  10. Greene, James (2012). "Intel Trusted Execution Technology" (PDF) (white paper). Intel. Retrieved 2013-12-18.
  11. "LUKS support for storing keys in TPM NVRAM". github.com. 2013. Retrieved 2013-12-19.
  12. Autonomic and Trusted Computing: 4th International Conference (Google Books). ATC. 2007. Retrieved 2014-05-31.
  13. Pearson, Siani; Balacheff, Boris (2002). Trusted computing platforms: TCPA technology in context. Prentice Hall. ISBN 0-13-009220-7.
  14. "SetPhysicalPresenceRequest Method of the Win32_Tpm Class". Microsoft. Retrieved 2009-06-12.
  15. "TPM Certified Products List". Trusted Computing Group. Retrieved October 1, 2016.
  16. "TCG Vendor ID Registry" (PDF). September 23, 2015. Retrieved October 27, 2016.
  17. 1 2 3 4 5 Lich, Brian (October 26, 2016). "TPM Recommendations". Microsoft TechNet.
  18. 1 2 3 4 5 6 7 8 9 10 11 12 "Trusted Platform Module 2.0: A Brief Introduction" (PDF). October 13, 2016. Retrieved October 31, 2016.
  19. "Part 1: Architecture", Trusted Platform Module Library (PDF), Trusted Computing Group, 2014-10-30, retrieved 2016-10-27
  20. https://www.trustedcomputinggroup.org/tpm-main-specification/
  21. 1 2 Arthur, Will; Challener, David; Goldman, Kenneth (2015). A Practical Guide to TPM 2.0: Using the New Trusted Platform Module in the New Age of Security. New York City: Apress Media, LLC. p. 69. ISBN 978-1430265832.
  22. https://www.trustedcomputinggroup.org/tpm-library-specification/
  23. https://www.trustedcomputinggroup.org/pc-client-protection-profile-tpm-2-0/
  24. https://www.trustedcomputinggroup.org/tpm-2-0-mobile-reference-architecture-specification/
  25. "TCG TPM 2.0 Library Profile for Automotive-Thin". trustedcomputinggroup.org. March 1, 2015.
  26. 1 2 3 4 5 http://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-2-TPM-Structures_v1.2_rev116_01032011.pdf
  27. http://trustedcomputinggroup.org/wp-content/uploads/mainP2Struct_rev85.pdf
  28. http://trustedcomputinggroup.org/wp-content/uploads/TPM-main-1.2-Rev94-part-2.pdf
  29. 1 2 https://www.trustedcomputinggroup.org/wp-content/uploads/PC-Client-Specific-Platform-TPM-Profile-for-TPM-2-0-v43-150126.pdf
  30. https://www.trustedcomputinggroup.org/wp-content/uploads/TCG_Algorithm_Registry_Rev_1.22.pdf
  31. http://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-1-Design-Principles_v1.2_rev116_01032011.pdf
  32. https://www.trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.16.pdf
  33. "Section 23: Enhanced Authorization (EA) Commands", Trusted Platform Module Library; Part 3: Commands (PDF), Trusted Computing Group, 2014-03-13, retrieved 2014-09-02
  34. Stallman, Richard Matthew, "Can You Trust Your Computer", Project GNU, Philosophy, Free Software Foundation
  35. "FAQ". Retrieved 2015-01-04.
  36. "Black Hat: Researcher claims hack of processor used to secure Xbox 360, other products". 2012-01-30. Retrieved 2017-08-10.
  37. Szczys, Mike (2010-02-09). "TPM crytography cracked". HACKADAY. Archived from the original on 2010-02-12.
  38. Scahill, Jeremy ScahillJosh BegleyJeremy; Begley2015-03-10T07:35:43+00:00, Josh. "The CIA Campaign to Steal Apple’s Secrets". The Intercept. Retrieved 2017-08-10.
  39. "TPM Vulnerabilities to Power Analysis and An Exposed Exploit to Bitlocker - The Intercept". The Intercept. Retrieved 2017-08-10.
  40. "Can the NSA Break Microsoft's BitLocker? - Schneier on Security". www.schneier.com. Retrieved 2017-08-10.
  41. "ECU-4784". Corporate Website. Advantech. Retrieved 2016-07-25.
  42. Singh, Amit, "Trusted Computing for Mac OS X", OS X book.
  43. "Your Laptop Data Is Not Safe. So Fix It". PC World. 20 January 2009.
  44. 1 2 http://www.atmel.com/products/security-ics/embedded/
  45. http://www.atmel.com/Images/Atmel-8965-TPM-Part-No-Selection-Guide-ApplicationNote.pdf
  46. http://www.atmel.com/products/security-ics/embedded/?tab=tools
  47. "Chromebook security: browsing more securely". Chrome Blog. Google. Retrieved 2013-04-07.
  48. "Windows Hardware Certification Requirements". Microsoft.
  49. "Windows Hardware Certification Requirements for Client and Server Systems". Microsoft.
  50. "What's new in Hyper-V on Windows Server 2016". Microsoft.
  51. "TPM. Complete protection for peace of mind". Winpad 110W. MSI.
  52. "Oracle Solaris and Oracle SPARC T4 Servers— Engineered Together for Enterprise Cloud Deployments" (PDF). Oracle. Retrieved 2012-10-12.
  53. "tpmadm" (manpage). Oracle. Retrieved 2012-10-12.
  54. "T6: TrustZone Based Trusted Kernel". Retrieved 2015-01-12.
  55. Security and the Virtualization Layer, VMware.
  56. Enabling Intel TXT on Dell PowerEdge Servers with VMware ESXi, Dell.
  57. "XEN Virtual Trusted Platform Module (vTPM)". Retrieved 2015-09-28.
  58. "QEMU Features/TPM". qemu.org. 2012-06-07. Retrieved 2015-09-28.
  59. "Replacing Vulnerable Software with Secure Hardware: The Trusted Platform Module (TPM) and How to Use It in the Enterprise" (PDF). Trusted computing group. 2008. Retrieved 2014-06-07.
  60. "NetXtreme Gigabit Ethernet Controller with Integrated TPM1.2 for Desktops". Broadcom. 2009-05-06. Retrieved 2014-06-07.

Further reading

  1. TPM Main Specification (TPM 1.2 specifications), Trusted Computing Group .
  2. TPM 1.2 Protection Profile (Common Criteria Protection Profile), Trusted Computing Group .
  3. TPM Library Specification (TPM 2.0 specifications), Trusted Computing Group .
  4. PC Client Platform TPM Profile (PTP) Specification (Additional TPM 2.0 specifications as applied to TPMs for PC clients), Trusted Computing Group .
  5. PC Client Protection Profile for TPM 2.0 (Common Criteria Protection Profile for TPM 2.0 as applied to PC clients), Trusted Computing Group .
  6. Trusted Platform Module (TPM) (Work group web page and list of resources), Trusted Computing Group .
  7. "OLS: Linux and trusted computing", LWN .
  8. Trusted Platform Module (podcast), GRC, 24:30 .
  9. TPM Setup (for Mac OS X), Comet way .
  10. "The Security of the Trusted Platform Module (TPM): statement on Princeton Feb 26 paper" (PDF), Bulletin (press release), Trusted Computing Group, February 2008 .
  11. "Take Control of TCPA", Linux journal .
  12. TPM Reset Attack, Dartmouth .
  13. Trusted Platforms (white paper), Intel, IBM Corporation .
  14. Garrett, Matthew, A short introduction to TPMs, Dream width .
  15. Martin, Andrew, Trusted Infrastructure "101" (PDF), PSU .
  16. Using the TPM: Machine Authentication and Attestation (PDF), Intro to trusted computing, Open security training .
  17. A Root of Trust for Measurement: Mitigating the Lying Endpoint Problem of TNC (PDF), CH: HSR, 2011 .
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.