Remote Timing Attacks on TPMs, AKA TPM-Fail

Presented at Black Hat USA 2020 Virtual, Aug. 6, 2020, 1:30 p.m. (40 minutes).

Trusted Platform Module (TPM) serves as a hardware-based root of trust that protects cryptographic keys from privileged systems and physical adversaries. These devices are generally based on a cryptographic coprocessor such as Arm SecurCore and can be found on various computing platforms such as smartphones and industrial systems. In this talk, we first discuss our work on black-box timing analysis of TPM 2.0 devices deployed on commodity computers. Our analysis reveals that some of these devices feature secret-dependent execution times. We show how this information allows an attacker to apply lattice-based techniques to recover 256-bit private keys for signatures based on elliptic curves. As a result, we can even extract private keys from a hardware TPM manufactured by STMicroelectronics, which is certified at Common Criteria (CC) EAL 4+.

We further highlight the impact of these vulnerabilities by presenting a remote attack against a StrongSwan IPsec VPN that uses a TPM to generate the digital signatures for authentication. In this attack, the remote client recovers the server's private authentication key by timing only authentication handshakes.

These vulnerabilities we have uncovered emphasize the difficulty of correctly implementing known constant-time techniques and show the importance of evolutionary testing and transparent evaluation of cryptographic implementations. Even certified devices that claim resistance against attacks require additional scrutiny by the community and industry, as we learn more about these attacks. As a solution, we finally present a novel technique based on Dynamic Instrumentation and Mutual Information Analysis to efficiently locate and quantify memory-based and control-flow based leakages in software. We develop a software framework named MicroWalk for side-channel analysis of binaries, which can be extended to support new classes of leakage. We show that automatic testing using our tool would have discovered these issues during the development.


Presenters:

  • Daniel Moghimi - PhD Candidate, Worcester Polytechnic Institute
    Daniel Moghimi is a PhD candidate in the Department of Electrical and Computer Engineering at Worcester Polytechnic Institute (WPI). He received his Master of Science degree from the Department of Computer Science at WPI in 2017. His research interests are in the area of computer security with special focus on side channels and microarchitectural attacks. He has published in toptier academic conferences including papers in Usenix Security, ACM CCS, IEEE S&P. Some of his notable publications including Spoiler, ZombieLoad and TPMFail have been featured in the news articles by Forbes, Wired and The Register. In his free time, he enjoys reverse engineering, finding vulnerabilities, and being involved with various sports and outdoor activities.

Links:

Similar Presentations: