A hijacker's guide to the LPC bus

Authors:
Johannes Winter;Kurt Dietrich
Affiliations:
Institute for Applied Information Processing and Communications, Graz University of Technology, Graz, Austria;Institute for Applied Information Processing and Communications, Graz University of Technology, Graz, Austria
Venue:
EuroPKI'11 Proceedings of the 8th European conference on Public Key Infrastructures, Services, and Applications
Year:
2011

Citing 7
Cited 4

Flicker: an execution infrastructure for tcb minimization

Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
OSLO: improving the security of trusted computing

SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Lest we remember: cold-boot attacks on encryption keys

Communications of the ACM - Security in the Browser
Dynamics of a Trusted Platform: A Building Block Approach

Dynamics of a Trusted Platform: A Building Block Approach
Introducing the trusted virtual environment module: a new mechanism for rooting trust in cloud computing

TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Dynamic enforcement of platform integrity

TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Attack, solution and verification for shared authorisation data in TCG TPM

FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust

Practical privacy preserving cloud resource-payment for constrained clients

PETS'12 Proceedings of the 12th international conference on Privacy Enhancing Technologies
Lightweight distributed heterogeneous attested android clouds

TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Risk analysis and software integrity protection for 4g network elements in ASMONIA

SAFECOMP'12 Proceedings of the 31st international conference on Computer Safety, Reliability, and Security
A hijacker's guide to communication interfaces of the trusted platform module

Computers & Mathematics with Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we analyze the communication mechanism of trusted platform modules via the low-pin-count bus. While the trusted platform module is considered to be tamper resistant, the communication channel between this module and the rest of the trusted platform turns out to be comparatively insecure. It has been shown that passive attacks can be mounted on the TPM and its bus communication with fairly inexpensive equipment, however, similar active attacks have not been reported, yet. We tackle this problem and show how the communication on the LPC bus can be actively manipulated with simple and inexpensive equipment. Moreover, we show how our manipulation can be used to circumvent the chain of trust provided by trusted platforms.