Trusted Platform Module Vulnerabilities - Article Example

Trusted Platform Module Vulnerabilities al Affiliation: Trusted Platform Module Vulnerabilities Introduction The TPM, in an overview, is known to offer a protection space for key operations, provide a safe place for storing sensitive information and other critical security tasks, and report and stores integrity measurements. It is designed specifically to enhance platform security beyond the shield keys and software capabilities and other sensitive information from software-based attacks. This article is based from three perspectives that offer different views respectively. Varadharaja & Tupakula (2013) suggest for the cloud services a novel trust enhanced model that would help to prevent and direct cloud infrastructure based attacks using attestation techniques. The cloud service provider through the enhanced trust security model is enabled to certify certain security properties for example malicious traffic on the tenant virtual machines and services running on them. Attacks can be detected and minimized through these properties between the cloud tenants running virtual machines on the customers and infrastructure as well as increase the assurance of the tenant virtual machine transactions. If the tenant virtual machine has any variations on his behavior from the certified properties, the tenant virtual machine can be dynamically isolated by the model or on a fine granular basis the malicious services are terminated (Varadharaja & Tupakula, 2013). Winter & Dietrich (2012) analyze the interface of the TPMs to the hosting platforms. In their analysis they pointed out that although the TPM are considered tamper resistant, these modules and the rest of the trusted platform communication channel turns out to be comparatively insecure. They demonstrated by using the idea of an reset attack, such as start value, how the LPC Bus communication protocol can be actively manipulated with inexpensive and basic equipment. (Winter & Dietrich, 2012). Parno (2012) explains the trust issues in the use of a computer including the software and hardware where security devices like the Trusted Platform Module (TPM) provide connection between the software and hardware. Unfortunately since only binary language is spoke between these devices; it makes it impossible for them to offer assurance through cryptography, both are areas that human are quite bad at. He describes methods to enable users to extend their trust in one device to other devices or services for example in a USB device, users can verify the reports from secure hardware on their computer, then securely execute code on that computer. He proposes using devices preferred to know the security status and whether it is safe to use the device. For example, he suggests the use of Flicker ( shows the conflicting needs, such as side-channel attacks and code bloat, can be satisfied by constructing a secure execution environment on demand), which is a novel approach to this TPM security issue (Parno, 2012). Methodologies In A hijacker’s guide to communication interfaces of the trusted platform module, Winter & Dietriech (2013) use already provided information as a methodology to study TPM. They use publicly available open-source Linux kernel contributions information to analyze the existing TPM interface. To access the internal registers of the I2C TIS TPM, the authors use the IC device address and the TPM specific internal register address. However, the problem is that in the current world, there is no approved and publicly available TCG standard that can be used for TPMs with I2C. This is an aspect that limits the findings of this article (Winter & Dietriech, 2013). Varadharajan & Tupakula (2014) employ the attacker model as the methodology to study the vulnerabilities of TPM. The model uses the TPM attestation between the tenant virtual machine Attestation Provider (AP) and the customer Attestation Requestor (AR) before performing the transactions. To make it workable in the process of attestation, all hardware and software aspects in the trusted platform are measured using hash values when booting and measurements are stored securely in the prevention of modification. However, the problem with this attestation technique is it has the possibility of reducing the trust on property attestation process and cause a scenario where AR cannot ascertain AP truly satisfies the properties that are presented to it. This shows the vulnerability of TPM (Varadharajan & Tupakula, 2014) Parno (2012) uses techniques from secure multiparty computation, a protocol for verifiable computing to provide computational integrity for work done be an un-trusted party. The protocol provides an asymptotically optimal performance and needs a one-time preprocessing stage. In the methodology, O(|C|) is time, where C is the smallest known Boolean circuit computing F. For each work example, the client performs O(|m|) work to prepare an m-bit input, the worker performs O(|C|) work to compute the results, and the client performs O(|n|) work to verify the n-bit result. The result from the study shows arbitrary computations can be given to un-trusted workers, preserve the secrecy of the data, and efficiently verify the computations were done in the correct manner showing another vulnerability of TPM (Parno, 2012). Vulnerabilities of TPM These three approaches offer unique ways of addressing the security issues but they are not without their drawbacks, in that according to the approach proposed by Varadharaja & Tupakula’s (2013) trust enhanced cloud model. The main issue they singled out mostly included spoofing attacks that were generated mainly from the attacking source to the customer’s machines, the attacker is able to hide their identity by using a fake source address that does not represent the actual address of the packet while on the network. With this they can work around the (ACLs) network access control lists, that monitors source addressed host access and merging it with the TVM spoofed address (Varadharaja & Tupakula, 2013). Parno (2012) identifies Zero day attacks as TPM vulnerability, he explained that these are attacks that have no existing patches during attack and they are not previously known. He explains that the attacker has access to the security tools in the compromised tenant virtual machine, since the security tools are also implemented on the monitored host itself. Through the use of the TVM that is compromised, the attacker can generate attacks on the random hosts in the Internet or tenant customer machines. It is also possible to configure security tools and change logs in the tenant virtual machine to not detecting or reporting the attacks to the TVM-AM machine, since the attacker already has access to the security tools (Parno, 2012). Analysis of the vulnerabilities of the TPMs interface by Winter & Dietrich, article showed that reset attacks like on the private migrate keys affect the direct retrieval of TPM protected data. It makes it highly likely that the attack would be centralized on the TPM chip and the D-RTM implications that are used mechanisms that are used to counter this by closing the TPM reset attack (Lee-Thorp, 2010). A reset attack builds and installs a special purpose attacker device, which actively intercepts the communication between the platform’s main processor and the Trusted Platform Module (Winter & Dietrich, 2012). During the decryption and encryption operations, keys are also vulnerable. An example of this can be demonstrated by using a cold boot attack. Another problem for the TPM is found within its very complex key management since like in the case of the TPM, it would be necessary for the hard procedures in its daily system to support the reduction of tasks operations performed by a computer owner. His works on activities such as its application of patches on its system to lose or change the default state of a systems endpoint and integrate or authenticate a TPM management key with an encryption program that is much wider (Parno, 2012). Mitigations Varadharaja & Tupakula (2013) suggest filtering of any incoming packets that seem to originate from an IP address that was internal at your perimeter to address the issue. In addition, outgoing packets filtering that appear to come from any invalid IP address locally should also be implemented. In addition, to ensure that the TVM will not use spoofed traffic during the transaction process to send malicious traffic the first property becomes relevant. In this case, they explained that the TPrCA component namely the Tr_Ctrl would monitor all the TVM (AP) traffic and adequately be able to drop the spoofed source address traffic. The Tr_Str logs in the component that receives the traffic with correct source address and forwarded to the tenant customer AR. Hence, all the attacks from the AP to AR with spoofed source address would be blocked. Other solutions proposed also included; using runtime state validation mostly on ant virtual machines as a proactive prevention of malicious transactions. During transaction, using spoofed address from tenant virtual machine to customer machines to prevent attack traffic. Countering, malicious attacks and transactions with correct source address from tenant virtual machine to customer (Kakei, S et.al, 2012). Lastly, according to Parno, the secure code execution can be identified by verifying computing despite hardware and un-trusted software, which is about securely interacting with outsourced networks using Flicker and Yao’s Garbed Circuits. It would ideally help preventing physical access to the system by employing more encryption methods on mobile technology or using a defense-in-depth strategy is an obvious mitigation technique for processes like the cold boot operation. In addition, using an aftermarket external hard drive is also another remedy since it would be less likely to give out such great customer information or service and thus, a proper means of protecting sensitive client mobile data (Parno, 2012). Application interpretational issues The specifications as developed by the relevant trusted computing groups have faced resistance in some areas of this technologies deployment especially in academic circles where some issues, not specifically related to trust computing, have been thought to raise privacy concerns as foreseen by the authors. The abuse of remote validation of software is one these concerns where it is not the user but the manufacturer who owns the computer system. The manufacturer finds possible ways of following actions taken by the user that they record in a database and decides what software is allowed to run, in ways that are completely undetectable by the user. Another application interpretational issue is on the security systems like the DRM, which, as noted, is easily bypassed by many software programs. Even though its initial work is to prevent personal data from being decrypted, this flaw, in the operations, makes many clients distrust its implementation in the TPM platform and decryption systems. Its failure allows issues like infringement of copyrights since the system allows for inclusion of information such as decryption keys that can be used to access and decrypt client data, and this makes such software based schemes never be secure. This is because an attacker can be able to copy, directly decrypt, and extract the content or information, which bypasses the DRM system, imposed restrictions (Flick, 2004). References Flick, C. (2004).The Controversy over Trusted Computing. The University of Sydney. Retrieved from http://liedra.net/misc/Controversy_Over_Trusted_Computing.pdf Kakei, S., Mohri, M., Shiraishi, Y., & Noguchi, R. (2012). Offline time-stamping system: Its design and implementation. In Control System, Computing and Engineering (ICCSCE), 2012 IEEE International Conference on (pp. 404-409). IEEE. Retrieved from http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6487179&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D6487179 Lee-Thorp, A. (2010). Attestation in Trusted Computing: Challenges and Potential Solutions. Royal Holloway University of London, 31. Retrieved from http://digirep.rhul.ac.uk/file/49558ca0-a73b-9550-886b-214165f08563/1/RHUL-MA-2010-09.pdf Parno, B. (2012). Trust extension for commodity computers. Communications of the ACM, 55(6), 76-85. Retrieved from http://www.academia-research.com/filecache/instr/r/e/1041295_resource_1_trust_extension.pdf Varadharajan, V. & Tupakula, U. (2013). Counteracting security attacks in virtual machines in the cloud using property based attestation. Journal of Network and Computer Applications 40 (2014)31–45. Retrieved from http://www.academia-research.com/filecache/instr/r/e/1041295_resource_2_counteract_attacks.pdf Winter, J., & Dietrich, K. (2013). A hijacker’s guide to communication interfaces of the trusted platform module. Computers & Mathematics with Applications, 65(5), 748- 761. Retrieved from http://www.academia- research.com/filecache/instr/r/e/1041295_resource_3_hijackers_guide_to_comm_iface_tpm.pdf Read More