Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
OSLO: improving the security of trusted computing
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Lest we remember: cold-boot attacks on encryption keys
Communications of the ACM - Security in the Browser
Dynamics of a Trusted Platform: A Building Block Approach
Dynamics of a Trusted Platform: A Building Block Approach
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Dynamic enforcement of platform integrity
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Attack, solution and verification for shared authorisation data in TCG TPM
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
A hijacker's guide to the LPC bus
EuroPKI'11 Proceedings of the 8th European conference on Public Key Infrastructures, Services, and Applications
Hi-index | 0.09 |
In this paper, we analyze the communication of trusted platform modules and their interface to the hosting platforms. While trusted platform modules are considered to be tamper resistant, the communication channel between these modules and the rest of the trusted platform turns out to be comparatively insecure. It has been shown that passive attacks can be mounted against TPMs and their bus communication with fairly inexpensive equipment, however, similar active attacks have not been reported, yet. We pursue the idea of an active attack and show how the communication protocol of the LPC bus can be actively manipulated with basic and inexpensive equipment. Moreover, we show how our manipulations can be used to circumvent the security mechanisms, e.g. the chain of trust, provided by modern trusted platforms. In addition, we demonstrate how the proposed attack can be extended to manipulate communication buses on embedded systems.