Attacking a Trusted Computing Platform
نویسندگان
چکیده
We describe a flaw which we individuated in the Object-Independent Authorization Protocol (OIAP), an authorization protocol which represents one of the building blocks of the Trusted Platform Module (TPM), the core of the Trusted Computing Platform (TP) as devised by the Trusted Computing Group (TCG) standards. In particular we show that the protocol fails to protect messages exchanges against straight replay attacks. Using such a flaw an attacker could compromise the correct behavior of a TP, thus undermining its main property namely trust. A proposed solution, which requires the modification of the OIAP authorization protocol in order to provide “real” protection against replay attack, has been devised and described as well.
منابع مشابه
Attacking the BitLocker Boot Process
We discuss five attack strategies against BitLocker, which target the way BitLocker is using the TPM sealing mechanism. BitLocker is a disk encryption feature included in some versions of Microsoft Windows. It represents a state-of-the-art design, enhanced with TPM support for improved security. We show that, under certain assumptions, a dedicated attacker can circumvent the protection and brea...
متن کاملA User Protection Model for the Trusted Computing Environment
Information security presents a huge challenge for both individuals and organizations. The Trusted Computing Group (TCG) has introduced the Trusted Platform Module (TPM) as a solution to end-users to ensure their privacy and confidentiality. TPM has the role of being the root of trust for systems and users by providing protected storage that is accessible only within TPM and thus, protects comp...
متن کاملIntegrating the Trusted Computing Platform into the Security of Cloud Computing System
Cloud computing has become one of the fastest growing fields in computer science. As the new computing service pattern of cloud computing develops rapidly, the security problem of cloud computing has become a hot research topic. Before the user passes important data or computing task to the cloud, the user of the cloud may want to verify the trusted status of the platform which actually carries...
متن کاملConstruction of Trusted Computing Platform Based on Android System
With the widespread use of Android mobile phones, the problems of security of phone become increasingly prominent. The Java technology architecture for trusted computing is a trend to solve the above problems. Through the analysis of the current Java platform trusted computing architecture and the security of Android operating system, the trusted platform architecture based on Android and Java ...
متن کاملAn Anonymous Authentication Scheme for Trusted Computing Platform
The Trusted Computing Platform is the industrial initiative to implement computer security. However, privacy protection is a critical problem that must be solved in Trusted Computing Platform. In this paper, we propose a simple and efficient method to implement anonymous authentication in such setting. The new scheme is proved to be secure under the strong RSA assumption and decisional Diffie-H...
متن کامل