StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Trusted Platform Module Vulnerabilities - Article Example

Cite this document
Summary
This article "Trusted Platform Module Vulnerabilities" focuses on TPM, an overview, is known to offer a protection space for key operations, provide a safe place for storing sensitive information and other critical security tasks, and report and store integrity measurements. …
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER91.7% of users find it useful
Trusted Platform Module Vulnerabilities
Read Text Preview

Extract of sample "Trusted Platform Module Vulnerabilities"

Trusted Platform Module Vulnerabilities al Affiliation: Trusted Platform Module Vulnerabilities Introduction The TPM, in an overview, is known to offer a protection space for key operations, provide a safe place for storing sensitive information and other critical security tasks, and report and stores integrity measurements. It is designed specifically to enhance platform security beyond the shield keys and software capabilities and other sensitive information from software-based attacks. This article is based from three perspectives that offer different views respectively. Varadharaja & Tupakula (2013) suggest for the cloud services a novel trust enhanced model that would help to prevent and direct cloud infrastructure based attacks using attestation techniques. The cloud service provider through the enhanced trust security model is enabled to certify certain security properties for example malicious traffic on the tenant virtual machines and services running on them. Attacks can be detected and minimized through these properties between the cloud tenants running virtual machines on the customers and infrastructure as well as increase the assurance of the tenant virtual machine transactions. If the tenant virtual machine has any variations on his behavior from the certified properties, the tenant virtual machine can be dynamically isolated by the model or on a fine granular basis the malicious services are terminated (Varadharaja & Tupakula, 2013). Winter & Dietrich (2012) analyze the interface of the TPMs to the hosting platforms. In their analysis they pointed out that although the TPM are considered tamper resistant, these modules and the rest of the trusted platform communication channel turns out to be comparatively insecure. They demonstrated by using the idea of an reset attack, such as start value, how the LPC Bus communication protocol can be actively manipulated with inexpensive and basic equipment. (Winter & Dietrich, 2012). Parno (2012) explains the trust issues in the use of a computer including the software and hardware where security devices like the Trusted Platform Module (TPM) provide connection between the software and hardware. Unfortunately since only binary language is spoke between these devices; it makes it impossible for them to offer assurance through cryptography, both are areas that human are quite bad at. He describes methods to enable users to extend their trust in one device to other devices or services for example in a USB device, users can verify the reports from secure hardware on their computer, then securely execute code on that computer. He proposes using devices preferred to know the security status and whether it is safe to use the device. For example, he suggests the use of Flicker ( shows the conflicting needs, such as side-channel attacks and code bloat, can be satisfied by constructing a secure execution environment on demand), which is a novel approach to this TPM security issue (Parno, 2012). Methodologies In A hijacker’s guide to communication interfaces of the trusted platform module, Winter & Dietriech (2013) use already provided information as a methodology to study TPM. They use publicly available open-source Linux kernel contributions information to analyze the existing TPM interface. To access the internal registers of the I2C TIS TPM, the authors use the IC device address and the TPM specific internal register address. However, the problem is that in the current world, there is no approved and publicly available TCG standard that can be used for TPMs with I2C. This is an aspect that limits the findings of this article (Winter & Dietriech, 2013). Varadharajan & Tupakula (2014) employ the attacker model as the methodology to study the vulnerabilities of TPM. The model uses the TPM attestation between the tenant virtual machine Attestation Provider (AP) and the customer Attestation Requestor (AR) before performing the transactions. To make it workable in the process of attestation, all hardware and software aspects in the trusted platform are measured using hash values when booting and measurements are stored securely in the prevention of modification. However, the problem with this attestation technique is it has the possibility of reducing the trust on property attestation process and cause a scenario where AR cannot ascertain AP truly satisfies the properties that are presented to it. This shows the vulnerability of TPM (Varadharajan & Tupakula, 2014) Parno (2012) uses techniques from secure multiparty computation, a protocol for verifiable computing to provide computational integrity for work done be an un-trusted party. The protocol provides an asymptotically optimal performance and needs a one-time preprocessing stage. In the methodology, O(|C|) is time, where C is the smallest known Boolean circuit computing F. For each work example, the client performs O(|m|) work to prepare an m-bit input, the worker performs O(|C|) work to compute the results, and the client performs O(|n|) work to verify the n-bit result. The result from the study shows arbitrary computations can be given to un-trusted workers, preserve the secrecy of the data, and efficiently verify the computations were done in the correct manner showing another vulnerability of TPM (Parno, 2012). Vulnerabilities of TPM These three approaches offer unique ways of addressing the security issues but they are not without their drawbacks, in that according to the approach proposed by Varadharaja & Tupakula’s (2013) trust enhanced cloud model. The main issue they singled out mostly included spoofing attacks that were generated mainly from the attacking source to the customer’s machines, the attacker is able to hide their identity by using a fake source address that does not represent the actual address of the packet while on the network. With this they can work around the (ACLs) network access control lists, that monitors source addressed host access and merging it with the TVM spoofed address (Varadharaja & Tupakula, 2013). Parno (2012) identifies Zero day attacks as TPM vulnerability, he explained that these are attacks that have no existing patches during attack and they are not previously known. He explains that the attacker has access to the security tools in the compromised tenant virtual machine, since the security tools are also implemented on the monitored host itself. Through the use of the TVM that is compromised, the attacker can generate attacks on the random hosts in the Internet or tenant customer machines. It is also possible to configure security tools and change logs in the tenant virtual machine to not detecting or reporting the attacks to the TVM-AM machine, since the attacker already has access to the security tools (Parno, 2012). Analysis of the vulnerabilities of the TPMs interface by Winter & Dietrich, article showed that reset attacks like on the private migrate keys affect the direct retrieval of TPM protected data. It makes it highly likely that the attack would be centralized on the TPM chip and the D-RTM implications that are used mechanisms that are used to counter this by closing the TPM reset attack (Lee-Thorp, 2010). A reset attack builds and installs a special purpose attacker device, which actively intercepts the communication between the platform’s main processor and the Trusted Platform Module (Winter & Dietrich, 2012). During the decryption and encryption operations, keys are also vulnerable. An example of this can be demonstrated by using a cold boot attack. Another problem for the TPM is found within its very complex key management since like in the case of the TPM, it would be necessary for the hard procedures in its daily system to support the reduction of tasks operations performed by a computer owner. His works on activities such as its application of patches on its system to lose or change the default state of a systems endpoint and integrate or authenticate a TPM management key with an encryption program that is much wider (Parno, 2012). Mitigations Varadharaja & Tupakula (2013) suggest filtering of any incoming packets that seem to originate from an IP address that was internal at your perimeter to address the issue. In addition, outgoing packets filtering that appear to come from any invalid IP address locally should also be implemented. In addition, to ensure that the TVM will not use spoofed traffic during the transaction process to send malicious traffic the first property becomes relevant. In this case, they explained that the TPrCA component namely the Tr_Ctrl would monitor all the TVM (AP) traffic and adequately be able to drop the spoofed source address traffic. The Tr_Str logs in the component that receives the traffic with correct source address and forwarded to the tenant customer AR. Hence, all the attacks from the AP to AR with spoofed source address would be blocked. Other solutions proposed also included; using runtime state validation mostly on ant virtual machines as a proactive prevention of malicious transactions. During transaction, using spoofed address from tenant virtual machine to customer machines to prevent attack traffic. Countering, malicious attacks and transactions with correct source address from tenant virtual machine to customer (Kakei, S et.al, 2012). Lastly, according to Parno, the secure code execution can be identified by verifying computing despite hardware and un-trusted software, which is about securely interacting with outsourced networks using Flicker and Yao’s Garbed Circuits. It would ideally help preventing physical access to the system by employing more encryption methods on mobile technology or using a defense-in-depth strategy is an obvious mitigation technique for processes like the cold boot operation. In addition, using an aftermarket external hard drive is also another remedy since it would be less likely to give out such great customer information or service and thus, a proper means of protecting sensitive client mobile data (Parno, 2012). Application interpretational issues The specifications as developed by the relevant trusted computing groups have faced resistance in some areas of this technologies deployment especially in academic circles where some issues, not specifically related to trust computing, have been thought to raise privacy concerns as foreseen by the authors. The abuse of remote validation of software is one these concerns where it is not the user but the manufacturer who owns the computer system. The manufacturer finds possible ways of following actions taken by the user that they record in a database and decides what software is allowed to run, in ways that are completely undetectable by the user. Another application interpretational issue is on the security systems like the DRM, which, as noted, is easily bypassed by many software programs. Even though its initial work is to prevent personal data from being decrypted, this flaw, in the operations, makes many clients distrust its implementation in the TPM platform and decryption systems. Its failure allows issues like infringement of copyrights since the system allows for inclusion of information such as decryption keys that can be used to access and decrypt client data, and this makes such software based schemes never be secure. This is because an attacker can be able to copy, directly decrypt, and extract the content or information, which bypasses the DRM system, imposed restrictions (Flick, 2004). References Flick, C. (2004).The Controversy over Trusted Computing. The University of Sydney. Retrieved from http://liedra.net/misc/Controversy_Over_Trusted_Computing.pdf Kakei, S., Mohri, M., Shiraishi, Y., & Noguchi, R. (2012). Offline time-stamping system: Its design and implementation. In Control System, Computing and Engineering (ICCSCE), 2012 IEEE International Conference on (pp. 404-409). IEEE. Retrieved from http://ieeexplore.ieee.org/xpl/login.jsp?tp=&arnumber=6487179&url=http%3A%2F%2Fieeexplore.ieee.org%2Fxpls%2Fabs_all.jsp%3Farnumber%3D6487179 Lee-Thorp, A. (2010). Attestation in Trusted Computing: Challenges and Potential Solutions. Royal Holloway University of London, 31. Retrieved from http://digirep.rhul.ac.uk/file/49558ca0-a73b-9550-886b-214165f08563/1/RHUL-MA-2010-09.pdf Parno, B. (2012). Trust extension for commodity computers. Communications of the ACM, 55(6), 76-85. Retrieved from http://www.academia-research.com/filecache/instr/r/e/1041295_resource_1_trust_extension.pdf Varadharajan, V. & Tupakula, U. (2013). Counteracting security attacks in virtual machines in the cloud using property based attestation. Journal of Network and Computer Applications 40 (2014)31–45. Retrieved from http://www.academia-research.com/filecache/instr/r/e/1041295_resource_2_counteract_attacks.pdf Winter, J., & Dietrich, K. (2013). A hijacker’s guide to communication interfaces of the trusted platform module. Computers & Mathematics with Applications, 65(5), 748- 761. Retrieved from http://www.academia- research.com/filecache/instr/r/e/1041295_resource_3_hijackers_guide_to_comm_iface_tpm.pdf Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Trusted Platform Module Vulnerabilities Article Example | Topics and Well Written Essays - 1750 words, n.d.)
Trusted Platform Module Vulnerabilities Article Example | Topics and Well Written Essays - 1750 words. https://studentshare.org/information-technology/1816451-trusted-platform-module-vulnerabilities
(Trusted Platform Module Vulnerabilities Article Example | Topics and Well Written Essays - 1750 Words)
Trusted Platform Module Vulnerabilities Article Example | Topics and Well Written Essays - 1750 Words. https://studentshare.org/information-technology/1816451-trusted-platform-module-vulnerabilities.
“Trusted Platform Module Vulnerabilities Article Example | Topics and Well Written Essays - 1750 Words”. https://studentshare.org/information-technology/1816451-trusted-platform-module-vulnerabilities.
  • Cited: 0 times

CHECK THESE SAMPLES OF Trusted Platform Module Vulnerabilities

The Main Vulnerabilities Associated with IT/IS Security

This essay "The Main vulnerabilities Associated with IT/IS Security" is about trends associated with the developments in information technology is also responsible for the introduction of vulnerabilities within the information technology and information systems security.... This means that as more processes and procedures are carried out using IT/IS systems, we, as users lose our ability to deal with and possibly identify the vulnerabilities associated with these systems....
7 Pages (1750 words) Essay

Are Cloud Storage Solutions Irrelevant for a Large Organization of 1,500 Staff

The paper  "Are Cloud Storage Solutions Irrelevant for a Large Organization of 1,500 Staff?... summarizes cloud providers or Hosts can safeguard the firm's data in the Cloud storage options, without chances of hacking or data loss.... All user data can also be stored in an effective manner in the Cloud....
10 Pages (2500 words) Essay

UPMC/Highmark health plan platform App

Mobile health is understood as medical and public health practices that are facilitated by mobile devices, including, smartphones, tablets and other wireless devices.... This is a new area in the realm of telehealth.... It differs greatly from the conventional systems and practices on… Mobile health uses handsets and wireless healthcare devices that are less expensive, convenient to use, flexible, remotely upgradable and adherent to the lifestyles of patients....
2 Pages (500 words) Essay

The downside of trusted computing

Practically, trusted computing utilizes cryptography to aid in enforcing a chosen behavior ("Weighing the pros and cons of the Trusted Computing platform," n.... In this case, the maker and not the client who possesses the computer system make a decision on what software would be permitted to run ("Weighing the pros and cons of the Trusted Computing platform," n.... Second, makers of certain trusted computers as well as components may surreptitiously implement them wrongly ("Weighing the pros and cons of the Trusted Computing platform," n....
1 Pages (250 words) Essay

Trusted computing and TPM-enhanced software

However, there exist numerous flaws trusted platform module ENHANCED SOFTWARE al Affiliation TPM-enhanced software plays an important role in safeguarding sensitive information and data of major companies and institutions.... trusted platform module is not entirely competent in safeguarding computer systems from the associated threats in the modern world.... trusted platform module enhanced software entails securing the software part of a computer device, such as the generation of cryptographic keys....
2 Pages (500 words) Essay

DRM and trusted computing

This is DRM AND trusted COMPUTING The setup in which trusted computing when used to enforce DRM is vulnerable to man in the middle attacks (MitM) because of the ARP spoofing.... 128), trusted computing is vulnerable to MitM attack when used to enforce DRM if the attacker acts as a proxy between two communicating users.... n order to avoid the vulnerability of trusted computing to MitM attacks when enforcing DRM, it is advisable for communicating computers to use encrypted network connections....
1 Pages (250 words) Essay

SAP's Platform Strategy in 2006

This paper ''SAP's platform Strategy in 2006 '' tells that  customers come up with individual needs concerning ERP and other improvements due to which, a new strategy was introduced by SAP, which focused on alluring customers based on its products  NetWeaver that is a unique platform that is accommodating for the customers.... The company has fair opportunities to succeed based on their newly introduced technology of the NetWeaver platform....
5 Pages (1250 words) Case Study

The Power of Facebook as a Social Platform

… The paper "Analyze the Power of Facebook as a Social platform " is a good example of a case study on media.... nbsp;Since the introduction of the internet to the world of technology, there has been a transformation in communication such that social media is the leading platform for communication.... The paper "Analyze the Power of Facebook as a Social platform " is a good example of a case study on media.... ince the introduction of the internet to the world of technology, there has been a transformation in communication such that social media is the leading platform for communication....
6 Pages (1500 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us