Finally, I Can Sleep Tonight: Catching Sleep Mode Vulnerabilities of the TPM with the Napper

Presented at Black Hat Asia 2019, March 28, 2019, 2:15 p.m. (60 minutes).

Trusted Platform Module (TPM) is a tamper-resistant device and designed to provide hardware-based security functions. A TPM chip has a random number generator, non-volatile storage, encryption/decryption modules, and Platform Configuration Registers (PCRs), which can be utilized for various security applications such as BitLocker, DM-Crypt, Trusted Boot (tboot), and Open Cloud Integrity Technology (Open CIT).

TPM has been widely deployed in commodity devices to provide a strong foundation for building trusted platforms, especially in devices used in enterprise and government systems. Because TPM is the critical point in the trusted platform, many researchers have tried to find vulnerabilities in the TPM and concluded that it is hard to break it without physical access. However, this is not true anymore.

In this talk, we present two vulnerabilities, CVE-2017-16837 and CVE-2018-6622. The vulnerabilities we found can subvert the TPM with Advanced Configuration and Power Interface (ACPI). ACPI in PCs, laptops, and servers provide six sleeping states (S0-S5) for reducing power consumption. When the system enters the sleeping state, CPU, device, and RAM are powered off. Since the system powers the components off including security devices, the system should reinitialize them while waking up and this could be the attack surface. We found vulnerabilities on this attack surface without physical access.

To mitigate the vulnerabilities, we also present countermeasures and a new tool, "Napper," to check the vulnerabilities of the TPM. Napper is a bootable USB device based-on Linux, and it has a custom kernel and a vulnerability checking software. When you boot a system with the Napper, it makes your system to take a nap to check the vulnerabilities and to report the result to you.


Presenters:

  • Jun-Hyeok Park - Senior Security Researcher, National Security Research Institute of South Korea
    Jun-Hyeok Park is a senior security researcher at National Security Research Institute of South Korea. He has more than 10 years' experience in embedded system development. He also has a special interest in in firmware & IOT security. He was a speaker and an author at Black Hat Asia.
  • Seunghun Han - Senior Security Researcher, National Security Research Institute of South Korea
    Seunghun Han is a Hypervisor and an Operating System Security Researcher at National Security Research Institute of South Korea and before that was a Firmware Engineer at Samsung Electronics. He is an expert in the hypervisor and had his own hypervisor, Shadow-box. He also had several CVEs on Linux kernel and BIOS/UEFI firmware, and he contributed patches to various system and security software. He was a speaker and an author at USENIX Security, Black Hat Asia, HITBSecConf, beVX, and KIMCHICON. He also authored the books, "64-bit multi-core OS principles and structure, volume 1 (ISBN-13: 978-8979148367) and volume 2 (ISBN-13: 978-8979148374)".

Links:

Similar Presentations: