Security Basics mailing list archives

Re: Hard disk Encryption

From: Alexander Klimov <alserkli () inbox ru>
Date: Tue, 17 Apr 2007 11:21:13 +0300 (IDT)

On Mon, 16 Apr 2007, Ali, Saqib wrote:

Since TPM does not have enough processing power to decrypt
the raw data, the key (used to decrypt the data) has to be
transmitted outside of the TPM.


Not really. IBM's TPM chip can handle bulk data decryption and
encryption easily.


We were talking about "a properly implemented system" that uses
TPM and not some particular chip. According the Trusted
Computing Group [1]:

    The TPM is not a cryptographic accelerator.

But this question is actually irrelevant, because an attacker
does not actually wants the key, they want the data from the
disk (just replace below "key" with "data from disk").

Due to the first assumption, the CPU can be emulated by an
attacker so that external entities cannot distinguish it
from the "normal" CPU; due to the second assumption, after
such an emulation the attacker may have exactly the same
secret key.


This is a extremely hypothetical scenario, and I am not even
sure if it will work.


If one does not have enough experience to figure out whether the
presented attack is feasible, it is reasonable to pay attention
to what persons ``skilled in the art'' say. Apparently they
completely agree that TPM-based disk encryption cannot withstand
hardware attacks [2]:

    ... vulnerability to hardware-based attacks seems
    fundamental for systems without user actions on boot. The
    cryptographic keys used to protect the confidential data
    must be available to the laptop during a normal boot, and
    can therefore be recovered by a hardware attack.

Has somebody proved that such a attack is possible?


Search for ``TPM'' together with the name of a forensic vendor.
If the tools are not yet available, I guess they will be
available very soon.


[1] TPM Main Part 1, Design Principles, Specification Version 1.2
<http://www.trustedcomputinggroup.org/specs/TPM/tpmwg-mainrev62_Part1_Design_Principles.pdf>

[2] Niels Ferguson, ``AES-CBC + Elephant diffuser. A Disk
Encryption Algorithm for Windows Vista''
<http://download.microsoft.com/download/0/2/3/0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/BitLockerCipher200608.pdf>

-- 
Regards,
ASK

Current thread:

Re: Re: Hard disk Encryption Balaji Prasad (Apr 12)
- Re: Re: Hard disk Encryption Ali, Saqib (Apr 12)
- Re: Re: Hard disk Encryption Alexander Klimov (Apr 15)
  - Re: Re: Hard disk Encryption Ali, Saqib (Apr 16)
    - Re: Hard disk Encryption Alexander Klimov (Apr 16)
    - Re: Hard disk Encryption Ali, Saqib (Apr 16)
    - Re: Hard disk Encryption Alexander Klimov (Apr 17)
    - Re: Hard disk Encryption Ali, Saqib (Apr 17)
    - Re: Hard disk Encryption Alexander Klimov (Apr 18)
    - Re: Hard disk Encryption Ali, Saqib (Apr 19)
    - Re: Hard disk Encryption Alexander Klimov (Apr 24)