Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys.
Video Trusted Platform Module
History
Trusted Platform Module (TPM) was conceived by a computer industry consortium called Trusted Computing Group (TCG), and was standardized by International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) in 2009 as ISO/IEC 11889.
TCG continued to revise the TPM specifications. The last revised edition of TPM Main Specification Version 1.2 was published on March 3, 2011. It consisted of three parts, based on their purpose. For the second major version of TPM, however, TCG released TPM Library Specification 2.0, which builds upon the previously published TPM Main Specification. Its latest edition was released on September 29, 2016, with several errata with the latest one being dated on January 8, 2018.
Maps Trusted Platform Module
Overview
Trusted Platform Module provides
- A random number generator
- Facilities for the secure generation of cryptographic keys for limited uses.
- Remote attestation: Creates a nearly unforgeable hash key summary of the hardware and software configuration. The software in charge of hashing the configuration data determines the extent of the summary. This allows a third party to verify that the software has not been changed.
- Binding: Encrypts data using the TPM bind key, a unique RSA key descended from a storage key.
- Sealing: Similar to binding, but in addition, specifies the TPM state for the data to be decrypted (unsealed).
Computer programs can use a TPM to authenticate hardware devices, since each TPM chip has a unique and secret RSA key burned in as it is produced. Pushing the security down to the hardware level provides more protection than a software-only solution.
Uses
The United States Department of Defense (DoD) specifies that "new computer assets (e.g., server, desktop, laptop, thin client, tablet, smartphone, personal digital assistant, mobile phone) procured to support DoD will include a TPM version 1.2 or higher where required by DISA STIGs and where such technology is available." DoD anticipates that TPM is to be used for device identification, authentication, encryption, and device integrity verification.
Platform integrity
The primary scope of TPM is to assure the integrity of a platform. In this context, "integrity" means "behave as intended", and a "platform" is any computer device regardless of its operating system. It is to ensure that the boot process starts from a trusted combination of hardware and software, and continues until the operating system has fully booted and applications are running.
The responsibility of assuring said integrity using TPM is with the firmware and the operating system. For example, Unified Extensible Firmware Interface (UEFI) can use TPM to form a root of trust: The TPM contains several Platform Configuration Registers (PCRs) that allow secure storage and reporting of security relevant metrics. These metrics can be used to detect changes to previous configurations and decide how to proceed. Good examples can be found in Linux Unified Key Setup (LUKS), BitLocker and PrivateCore vCage memory encryption. (See below.)
An example of TPM use for platform integrity is the Trusted Execution Technology (TXT), which creates a chain of trust. It could remotely attest that a computer is using the specified hardware and software.
Disk encryption
Full disk encryption utilities, such as dm-crypt and BitLocker, can use this technology to protect the keys used to encrypt the computer's storage devices and provide integrity authentication for a trusted boot pathway that includes firmware and boot sector.
Password protection
Operating systems often require authentication (involving a password or other means) to protect keys, data or systems. If the authentication mechanism is implemented in software only, the access is prone to dictionary attacks. Since TPM is implemented in a dedicated hardware module, a dictionary attack prevention mechanism was built in, which effectively protects against guessing or automated dictionary attacks, while still allowing the user a sufficient and reasonable number of tries. Without this level of protection, only passwords with high complexity would provide sufficient protection.
Other uses and concerns
Any application can use a TPM chip for:
- Digital rights management
- Protection and enforcement of software licenses
- Prevention of cheating in online games
Other uses exist, some of which give rise to privacy concerns. The "physical presence" feature of TPM addresses some of these concerns by requiring BIOS-level confirmation for operations such as activating, deactivating, clearing or changing ownership of TPM by someone who is physically present at the console of the machine.
TPM implementations
Starting in 2006, many new laptops have been sold with a built-in TPM chip. In the future, this concept could be co-located on an existing motherboard chip in computers, or any other device where the TPM facilities could be employed, such as a cellphone. On a PC, either the LPC bus or the SPI bus is used to connect to the TPM chip.
TCG has certified TPM chips manufactured by Infineon Technologies, Nuvoton, and STMicroelectronics, having assigned TPM vendor IDs to Advanced Micro Devices, Atmel, Broadcom, IBM, Infineon, Intel, Lenovo, National Semiconductor, Nationz Technologies, Nuvoton, Qualcomm, Rockchip, Standard Microsystems Corporation, STMicroelectronics, Samsung, Sinosun, Texas Instruments, and Winbond.
There are five different types of TPM 2.0 implementations:
- Discrete TPMs are dedicated chips that implement TPM functionality in their own tamper resistant semiconductor package. They are theoretically the most secure type of TPM because the routines implemented in hardware should be more resistant to bugs versus routines implemented in software, and their packages are required to implement some tamper resistance.
- Integrated TPMs are part of another chip. While they use hardware that resists software bugs, they are not required to implement tamper resistance. Intel has integrated TPMs in some of its chipsets.
- Firmware TPMs are software-only solutions that run in a CPU's trusted execution environment. Since these TPMs are entirely software solutions that run in trusted execution environments, these TPMs are more likely to be vulnerable to software bugs. AMD, Intel and Qualcomm have implemented firmware TPMs.
- Software TPMs are software emulators of TPMs that run with no more protection than a regular program gets within an operating system. They depend entirely on the environment that they run in, so they provide no more security than what can be provided by the normal execution environment, and they are vulnerable to their own software bugs and attacks that are penetrating the normal execution environment. They are useful for development purposes.
- Virtual TPMs are provided by a hypervisor. Therefore, they rely on the hypervisor to provide them with an isolated execution environment that is hidden from the software running inside virtual machines to secure their code from the software in the virtual machines. They can provide a security level comparable to a firmware TPM.
TPM 1.2 vs TPM 2.0
While TPM 2.0 addresses many of the same use cases and has similar features, the details are different. TPM 2.0 is not backward compatible to TPM 1.2.
The TPM 2.0 policy authorization includes the 1.2 HMAC, locality, physical presence, and PCR. It adds authorization based on an asymmetric digital signature, indirection to another authorization secret, counters and time limits, NVRAM values, a particular command or command parameters, and physical presence. It permits the ANDing and ORing of these authorization primitives to construct complex authorization policies.
Criticism
TCG has faced resistance to the deployment of this technology in some areas, where some authors see possible uses not specifically related to Trusted Computing, which may raise privacy concerns. The concerns include the abuse of remote validation of software (where the manufacturer?--?and not the user who owns the computer system?--?decides what software is allowed to run) and possible ways to follow actions taken by the user being recorded in a database, in a manner that is completely undetectable to the user.
The TrueCrypt disk encryption utility, as well as its derivative VeraCrypt, do not support TPM. The original TrueCrypt developers were of the opinion that the exclusive purpose of the TPM is "to protect against attacks that require the attacker to have administrator privileges, or physical access to the computer". Thus, they argued that the attacker who has physical or administrative access to a computer can circumvent TPM, e.g., by installing a hardware keystroke logger to capture passwords (or other sensitive information), by resetting TPM, or by capturing memory contents and retrieving TPM-issued keys. The condemning text goes so far as to claim that TPM is entirely redundant. The VeraCrypt publisher has reproduced the original allegation with no changes other than replacing "TrueCrypt" with "VeraCrypt". The problem with this allegation is that it is true in the absence of TPM as well; TPM at least stops some physical tampering. On principle, after achieving either unrestricted physical access or administrative privileges, it is only a matter of time before other security measures in place are bypassed.
The private endorsement key is fundamental to the security of the TPM circuit, and is never made available to the end-user. This private key must be known to the hardware chip manufacturer at manufacture time, otherwise they would not be able to burn the key into the circuit. There are no guarantees that this private key is not kept by the manufacturer or shared with government agencies. Anyone with access to the private endorsement key would be able to forge the chip's identity and break some of the security that the chip provides. Thus, the security of the TPM relies entirely on the manufacturer and the authorities in the country where the hardware is produced.
Attacks
In 2010, Christopher Tarnovsky presented an attack against TPMs at Black Hat, where he claimed to be able to extract secrets from a single TPM. He was able to do this after 6 months of work by inserting a probe and spying on an internal bus for the Infineon SLE 66 CL PC.
In 2015, as part of the Snowden revelations, it was revealed that in 2010 a US CIA team claimed at an internal conference to have carried out a differential power analysis attack against TPMs that was able to extract secrets.
In October 2017, it was reported that a code library developed by Infineon, which had been in widespread use in its TPMs, allowed RSA private keys to be inferred from public keys. As a result, all systems depending upon the privacy of such keys were vulnerable to compromise, such as identity theft or spoofing.
Cryptosystems that store encryption keys directly in the TPM without blinding could be at particular risk to these types of attacks, as passwords and other factors would be meaningless if the attacks can extract encryption secrets.
Availability
Currently TPM is used by nearly all PC and notebook manufacturers, primarily offered on professional product lines.
TPM is implemented by several vendors:
- Advantech provides TPM on many of its products, especially its Gaming boards and Energy Automation Computers.
- In 2006, with the introduction of first Macintosh models with Intel processors, Apple started to ship Macs with TPM. Apple never provided an official driver, but there was a port under GPL available. Apple has not shipped a computer with TPM since 2006.
- Atmel manufactures TPM devices that it claims to be compliant to the Trusted Platform Module specification version 1.2 revision 116 and offered with several interfaces (LPC, SPI, and I2C), modes (FIPS 140-2 certified and standard mode), temperature grades (commercial and industrial), and packages (TSSOP and QFN). Atmel's TPMs support PCs and embedded devices. Atmel also provides TPM development kits to support integration of its TPM devices into various embedded designs.
- Google includes TPMs in Chromebooks as part of their security model.
- Infineon provides both TPM chips and TPM software, which is delivered as OEM versions with new computers, as well as separately by Infineon for products with TPM technology which complies to TCG standards. For example, Infineon licensed TPM management software to Broadcom Corp. in 2004.
- Microsoft operating systems Windows Vista and later use the chip in conjunction with the included disk encryption component named BitLocker. Microsoft had announced that from January 1, 2015 all computers will have to be equipped with a TPM 2.0 module in order to pass Windows 8.1 hardware certification. However, in a December 2014 review of the Windows Certification Program this was instead made an option requirement. However, TPM 2.0 is required for connected standby systems. Virtual machines running on Hyper-V can have their own virtual TPM module starting with Windows 10 1511 and Windows Server 2016.
- In 2011, Taiwanese manufacturer MSI launched its Windpad 110W tablet featuring an AMD CPU and Infineon Security Platform TPM, which ships with controlling software version 3.7. The chip is disabled by default but can be enabled with the included, pre-installed software.
- Nuvoton provides TPM devices implementing Trusted Computing Group (TCG) version 1.2 and 2.0 specifications for PC applications. Nuvoton also provides TPM devices implementing these specifications for embedded systems and IoT (Internet of Things) applications via I2C and SPI host interfaces. Nuvoton's TPM complies with Common Criteria (CC) with assurance level EAL 4 augmented, FIPS 140-2 level 1 and TCG Compliance requirements, all supported within a single device.
- Oracle ships TPMs in their recent X- and T-Series Systems such as T3 or T4 series of servers. Support is included in Solaris 11.
- PrivateCore vCage uses TPM chips in conjunction with Intel Trusted Execution Technology (TXT) to validate systems on bootup.
- In mobile devices security, there are some alternatives to TPM; for example, TrustKernel's T6 secure operating system simulates the functionality of TPM in mobile devices using the ARM TrustZone technology.
- VMware ESXi hypervisor has supported TPM since 4.x, and from 5.0 it is enabled by default.
- wolfSSL provides a TPM library, titled wolfTPM. wolfTPM is a portable TPM 2.0 library that provides all TPM 2.0 APIs in compliance with the TPM 2.0 specification; it uses the TPM Interface Specification (TIS) to communicate over Serial Peripheral Interface (SPI); it also includes wrappers for key generation, RSA encryption/decryption, ECC sign and verify, and ECDH.
- Xen hypervisor has support of virtualized TPMs. Each guest gets its own unique, emulated, software TPM.
- KVM, combined with QEMU, has support for virtualized TPMs. As of 2012, it supports passing through the physical TPM chip to a single dedicated guest. QEMU 2.11 released on December 2017 also provides emulated TPMs to guests.
There are also hybrid types; for example, TPM can be integrated into an Ethernet controller, thus eliminating the need for a separate motherboard component.
See also
- Hardware security
- Hardware security module
- Hengzhi chip
- Next-Generation Secure Computing Base
- Threat model
- Trusted Computing
- Unified Extensible Firmware Interface (UEFI)
References
Further reading
Source of article : Wikipedia
0 Comments