diff --git a/thesis/02_concept.tex b/thesis/02_concept.tex index 80b157d..c289536 100644 --- a/thesis/02_concept.tex +++ b/thesis/02_concept.tex @@ -1,11 +1,90 @@ \chapter{Background}% \label{cha:background} -\ToDo{TPM beschreiben und chain of trust herleiten, } -In this Chapter we describe three main concepts which contribute the fundamentals for this thesis. -\emph{Trusted Boot} and the \emph{Integrity Measurement Architecture} (IMA) are two approaches to generate trust on a system from the hardware level up to the Operating System. +In this Chapter we describe four main concepts which will be combined in the concept of this thesis. +The TPM standard is used to introduce trust into the used host platforms. +\emph{Trusted Boot} and the \emph{Integrity Measurement Architecture} (IMA) are two approaches to extend trust from the TPM over the UEFI\,/\,BIOS up to the Operating System. The generated trust should then be provable by an external party---in our case the PIA---by using the protocol of \emph{Direct Anonymous Attestation} (DAA). -We describe the basic functionality of these three concepts in the following. + +\section*{Trusted Platform Module (TPM)}% +\label{sec:trusted_platform_module_tpm_} + +The \emph{Trusted Platform Module} (TPM) is a small coprocessor that introduces a variety of cryptographic features to the platform. +This module is part of a standard developed by the Trusted Computing Group (TCG), which current revision is 2.0\cite{tcg20}. + +The hardware itself is strongly defined by the standard and comes in the following flavors: +%TODO find source of that claim (TPM variants) +\begin{itemize} + \item \emph{Dedicated device.} The TPM chip is mounted on a small board with a connector. + The user can plug it into a compatible compute platform. This gives most control to the end user since it is easy to disable trusted computing or switch to another TPM. + \item \emph{Mounted device.} The dedicated chip is directly mounted on the target mainboard. Therefore any hardware modification is impossible. + However most PC platforms provide BIOS features to control the TPM. + \item \emph{Firmware TPM (fTPM).} This variant was introduced with the TPM2.0 Revision. + Firmware means in this context an extension of the CPU instruction set which provides the features of a TPM. + Both Intel and AMD provide this extension for their platforms for several years now. + When activating this feature on BIOS level, all features of Trusted Computing are available to the user. + \item \emph{TPM Simulator.} For testing reasons, it is possible to install a TPM simulator. It provides basically every feature of a TPM but cannot be used outside the operating system. Features like Trusted Boot or in hardware persisted keys are not available. +\end{itemize} +Even the dedicated devices are small microcontrollers that run the TPM features in software giving the manufacturer the possibility to update their TPMs in the field. +fTPMs will be updated with the Microcode updates of the CPU manufacturers. + +The combination of well constrained hardware and features, an interface for updates and well defined software interfaces make TPMs trustworthy and reliable. +When looking up the term \emph{TPM} in the Common Vulnerabilities and Exposures database, it returns 23 entries\footnote{\url{https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=tpm}, last accessed on 15.05.2021}. +Eight of them were filed before the new standard has been released. +Another seven entries refer to vulnerabilities in custom TPM implementations. +Six entries refer to the interaction between the TPM and the operating system, especially the TPM library and the shutdown\,/\,boot process. +The last two entries describe vulnerabilities in dedicated TPM chips, which are mentioned in further detail: +\begin{itemize} + \item \emph{CVE-2017-15361}: TPMs from Infineon used a weak algorithm for finding primes during the RSA key generation process. + This weakness made brute force attacks against keys of up to 2048 bits length feasible. + According to \cite{Nemec17}, 1048 bit keys required in the worst case scenario 3 CPU months and 2048 bit keys needed 100 CPU years. + Infineon was able to fix that vulnerability per firmware update for all affected TPMs. + \item \emph{CVE-2019-16863}: This vulnerability is also known as \emph{TPM fail} (\cite{moghimi20-tpmfail}) and shows how to get an Elliptic Curve private key via timing and lattice attacks. + The authors found TPMs from STMicorelectronics vulnerable, as well as Intel's fTPM implementation. + Infineon TPM show also some non-expected behaviour, but this could not be used for data exfiltration. + STMicro provided an update like Insineon did for the TPMs. + Intel's fTPM lives in the Management Engine, which requires a BIOS update from the mainboard manufacturer to solve the issue. +\end{itemize} + + +\subsubsection{Using the TPM} +\label{sssec:tpm-usage} +On top of the cryptographic hardware, the TCG provides several software interfaces for application developers: +\begin{itemize} + \item \emph{System API (SAPI).} The SAPI is a basic API where the developer has to handle the resources within the application. However this API provides the full set of features. + \item \emph{Enhanced System API (ESAPI).} While still providing a complete feature set, the ESAPI makes some resources transparent to the application like session handling. Consequently, this API layer is built on top of the SAPI. + \item \emph{Feature API (FAPI).} This API layer is again built on top of the ESAPI. It provides a simple to use API but the feature set is also reduced to common use cases. + Although the Interface was formally published from the beginning, an implementation is available since end of 2019. +\end{itemize} + +The reference implementation of these APIs is published at Github\cite{tpmsoftware20} and is still under development. +At the point of writing stable interfaces are available for C and C++, but other languages like Rust, Java, C\# and others will be served in the future. +The repository additionally provides the tpm2-tools toolset which provides the FAPI features to the command line. +Unfortunately, the command line parameters changed several times during the major releases of tpm2-tools\cite{pornkitprasan19-tpmtools}. + + + +\subsubsection{The Hardware} +\label{sssec:tpm-hardware} +The TCG achieved with the previous mentioned software layers independence of the underlying hardware. +Hence, TCG provided different flavors of of the TPM + + +TCG defined with the TPM2.0 standard a highly constrained hardware with a small feature set. +It is a passive device with some volatile and non-volatile memory, which provides hardware acceleration for a small number of crypto algorithms. +The standard allows to add some extra functionality to the device. +However the TPMs used in this project provided just the minimal set of algorithms and also the minimal amount of memory. + + +Since TCG published its documents, several IT security teams investigated concept and implementations of TPMs. + +\begin{itemize} + \item Hierarchies + \item Endorsement Key + \item Attestation Identity Key + \item Key management +\end{itemize} + \section{Trusted Boot}% \label{sec:trusted_boot} diff --git a/thesis/MAIN.pdf b/thesis/MAIN.pdf index a14c15b..ba0ebf1 100644 Binary files a/thesis/MAIN.pdf and b/thesis/MAIN.pdf differ diff --git a/thesis/literature.bib b/thesis/literature.bib index 5b36d6a..b8b9e75 100644 --- a/thesis/literature.bib +++ b/thesis/literature.bib @@ -307,3 +307,20 @@ url = {https://www.gnu.org/software/grub/manual/grub/html_node/Measured-Boot.html}, urldate = {2021-03-29}, } + +@inproceedings{Nemec17, + author = {Nemec, Matus and Sys, Marek and Svenda, Petr and Klinec, Dusan and Matyas, Vashek}, + title = {The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli}, + year = {2017}, + isbn = {9781450349468}, + publisher = {Association for Computing Machinery}, + address = {New York, NY, USA}, + url = {https://doi.org/10.1145/3133956.3133969}, + doi = {10.1145/3133956.3133969}, + booktitle = {Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security}, + pages = {1631–1648}, + numpages = {18}, + keywords = {smartcard, rsa, factorization, coppersmith's algorithm}, + location = {Dallas, Texas, USA}, + series = {CCS '17} +}